A multinational organization has applications deployed in three different AWS regions. These applications must securely communicate with each other by VPN. According to the organization’s security team, the VPN must meet the following requirements: AES 128-bit encryption SHA-1 hashing User access via SSL VPN PFS using DH Group 2 Ability to maintain/rotate keys and passwords Certificate -based authentication Questions and Answers PDF 5/82 Which solution should you recommend so that the organization meets the requirements?
Refer to the image. You have three VPCs: A, B, and C. VPCs A and C are both peered with VPC B. The IP address ranges are as follows: VPC A: 10.0.0.0/16 VPC B: 192.168.0.0/16 VPC C: 10.0.0.0/16 Instance i-1 in VPC A has the IP address 10.0.0.10. Instance i-2 in VPC C has the IP address 10.0.0.10. Questions and Answers PDF 6/82 Instances i-3 and i-4 in VPC B have the IP addresses 192.168.1.10 and 192.168.1.20, respectively, i-3 and i-4 are in the subnet 192.168.1.0/24. i-3 must be able to communicate with i-1 i-4 must be able to communicate with i-2 i-3 and i-4 are able to communicate with i-1, but not with i-2. Which two steps will fix this problem? (Select two.)
A legacy, on-premises web application cannot be load balances effectively. There are both planned and unplanned events that cause usage spikes to millions of concurrent users. The existing infrastructure cannot handle the usage spikes. The CIO has mandated that the application be moved to the cloud to avoid further disruptions, with the additional requirement that source IP addresses be unaltered to support network traffic -monitoring needs. Which of the following designs will meet these requirements?
Questions and Answers PDF 7/82 An organization processes consumer information submitted through its website. The organization’s security policy requires that personally identifiable information (PII) elements are specifically encrypted at all times and as soon as feasi ble when received. The front -end Amazon EC2 instances should not have access to decrypted PII. A single service within the production VPC must decrypt the PII by leveraging an iAM role. Which combination of services will support these requirement? (Select two.)
A Lambda function needs to access the private address of an Amazon ElastiCache cluster in a VPC. The Lambda function also needs to write messages to Amazon SQS. The Lambda function has been configured to run in a subnet in the VPC. Which of the following actions meet the requirements? (Select two.)
Your organization’s corporate website must be available on www.acme.com and acme.com. How should you configure Amazon Route 53 to meet this requirement?
