Chapter 2 - Networking: VPC, ELB, API Gateway, AWS App Mesh, Direct Connect, Private Link, Global Accelerator, Transit Gateway, VPN Flashcards

Question

You have a web server running on 5 EC2 instances in one subnet of your VPC. You add another EC2 instance to the subnet having same security group. After adding the new instance you made changes to the security group. How long will it take for the changes to take effect? 1. Immediately only for newest one instance and after 5 minutes for existing 5 instances. 2. Immediately for all six instances. 3. Immediately only for existing 5 instance and after 5 minutes for new instance. 4. After 5 minutes for all the six instances.

Answer 1

1. Immediately only for newest one instance and after 5 minutes for existing 5 instances. 2. **Immediately for all six instances.** 3. Immediately only for existing 5 instance and after 5 minutes for new instance. 4. After 5 minutes for all the six instances.

Answer 2

1. Network ACLs is stateful: Return traffic is automatically allowed, regardless of any rules. 2. **SG is stateful: Return traffic is automatically allowed, regardless of any rules.** 3. **Network ACLs is stateless: Return traffic must be explicitly allowed by rules** 4. SG is stateless: Return traffic must be explicitly allowed by rules

Answer 3

1. One 2. Three 3. **Five** 4. Two

Answer 4

1. **Instances associated with a security group can't talk to each other unless you add rules allowing it in the security group.** 2. Instances associated with same security group can't talk to each other. 3. Instances have to be in the same subnet to talk with each other. 4. Instances associated with a security group can't talk to each other unless you add rules allowing it in the network ACLs.

Answer 5

1. **It allows all inbound and outbound IPv4 traffic.** 2. It doesn’t Allow inbound but allows all outbound traffic. 3. It doesn’t allow outbound but allows all inbound. 4. It denies all inbound and outbound traffic until you add rules.

Answer 6

1. It allows all inbound and outbound IPv4 traffic. 2. It doesn’t allow inbound but allows all outbound traffic. 3. It doesn’t allow outbound but allows all inbound. 4. **It denies all inbound and outbound traffic until you add rules**.

Answer 7

1. **Each subnet in your VPC must be associated with a network ACL.** 2. It is optional to associate a subnet with network ACL. 3. **If you don't explicitly associate a subnet with a network ACL, the subnet is automatically associated with the default network ACL.** 4. Each subnet in your VPC must be associated with a custom security group and custom network ACL.

Answer 8

1. multiple 2. Five 3. Two 4. **One**

Answer 9

1. **multiple** 2. Five 3. Two 4. One

Answer 10

1. Network ACLs evaluate all rules before deciding whether to allow traffic. 2. **SG evaluate all rules before deciding whether to allow traffic.** 3. **Network ACLs process rules in number order when deciding whether to allow traffic.** 4. SG process rules in number order when deciding whether to allow traffic.

Answer 11

1. 2 subnets 2. **4 subnets** 3. 1 subnets 4. 6 subnets

Answer 12

1. **Simplifies the security of data shared with cloud-based applications by eliminating the exposure of data to the public Internet.** 2. **Provides private connectivity between VPCs, AWS services, and on-premises applications, securely on the Amazon network.** 3. Makes it easy to connect services across different accounts and VPCs to significantly simplify the network architecture. 4. Improves the performance of EC2 instances. 5. **To use AWS PrivateLink, create an interface VPC endpoint for a service outside of your VPC. This creates an elastic network interface in your subnet with a private IP address that serves as an entry point for traffic destined to the service.**

Answer 13

1. **Rules are evaluated starting with the lowest numbered rule.** 2. Rules are evaluated starting with the highest numbered rule 3. As soon as a rule matches traffic, it is applied regardless of any lower-numbered rule that may contradict it. 4. **As soon as a rule matches traffic, it is applied regardless of any higher-numbered rule that may contradict it.**

Answer 14

1. You have the flexibility to add a rule with highest number to specify deny unmatched traffic both for inbound and outbound. 2. **Each network ACL also includes a rule whose rule number is an asterisk. This rule ensures that if a packet doesn't match any of the other numbered rules, it's denied. You can't modify or remove this rule.** 3. You have the flexibility to add a rule with lowest number to specify deny unmatched traffic both for inbound and outbound. 4. If a traffic doesn’t match any rule it is implicit ALLOW.

Answer 15

1. **Maintain regulatory compliance. Preventing personally identifiable information (PII) from traversing the Internet helps maintain compliance with regulations such as HIPAA or PCI.** 2. Advanced security features, such as security groups and network access control lists, to enable inbound and outbound filtering at the instance level and subnet level. 3. Fault tolerance by providing dual communication channel between on premise data center and AWS resources. 4. **Securely access SaaS applications. With AWS PrivateLink, you can connect your VPCs to AWS services and SaaS applications in a secure and scalable manner.** 5. **Easily migrate services from on-premises locations to the AWS cloud. On-premises applications can connect to service endpoints in Amazon VPC over AWS Direct Connect or AWS VPN. Service endpoints will direct the traffic to AWS services over AWS PrivateLink, while keeping the network traffic within the AWS network.**

Answer 16

1. Rule 110 will be directly matched and inbound packet will be allowed. 2. **First the lower number rule 100 will be evaluated and then next 110 will be evaluated which matches.** 3. All the six rule will be evaluated at once and packet match with a rule will be done. 4. Rules will be evaluated in descending order i.e. 140, 130, 120, 110 till the match.

Answer 17

1. It doesn't match any of the rules, therefor an error ‘rule not defined’ will be thrown. 2. It doesn't match any of the rules, therefor it is implicit ALLOW. 3. **It doesn't match any of the rules, and the \* rule ultimately denies the packet.** 4. None of the above.

Answer 18

1. **Inbound rule 140 allows inbound IPv4 traffic from the Internet for ephemeral port range to cover the different types of clients that might initiate traffic to public-facing instances in your VPC.** 2. **Outbound rule 120 allows outbound IPv4 responses to clients on the Internet (for example, serving web pages to people visiting the web servers in the subnet).** 3. Inbound rule 140 with a wide port range is to ensure that at least one rule matches for incoming packet. 4. Outbound rule with a wide port range 120 is to ensure that at least one rule matches.

Answer 19

1. AWS Cloudtrail 2. AWS Cloudwatch 3. **AWS Flowlogs** 4. AWS WAF

Answer 20

1. **VPC** 2. **Subnet** 3. **Network interface** 4. Security Group

Answer 21

1. A REJECT record for the response ping because the security group denied for outgoing ICMP. 2. There will not be any log as outgoing is denied by both security group and network ACL. 3. **An ACCEPT record for the originating ping that was allowed by both the network ACL and the security group, and therefore was allowed to reach your instance.** 4. **A REJECT record for the response ping that the network ACL denied.**

Answer 22

1. A REJECT record for the response ping because the security group denied for outgoing ICMP. 2. There will not be any log as outgoing is denied by security group. 3. **An ACCEPT record for the originating ping that was allowed by both the network ACL and the security group, and therefore was allowed to reach your instance.** 4. **An ACCEPT record for the response ping.**

Answer 23

1. **A REJECT record for the response ping because the security group denied for incoming ICMP.** 2. A REJECT record for the response ping because the security group denied for outgoing ICMP. 3. There will not be any log as incoming and outgoing is denied by security group. 4. None of the above

Answer 24

1. **A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses.** 2. Instances in Master VPC can communicate with Secondary VPC as if they are within the same network. 3. **Instances in either VPC can communicate with each other as if they are within the same network.** 4. **You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account.**

Answer 25

1. The VPCs has to be in same region. 2. **The VPCs can be in different regions.** 3. **Traffic always stays on the global AWS backbone, and never traverses the public internet.** 4. **AWS uses the existing infrastructure of a VPC to create a VPC peering connection; it is neither a gateway nor a VPN connection, and does not rely on a separate piece of physical hardware.**

Answer 26

1. There is no single point of failure for communication or a bandwidth bottleneck. 2. A VPC peering connection helps you to facilitate the transfer of data or create a file sharing network. 3. Provides a simple and cost-effective way to share resources between regions or replicate data for geographic redundancy. 4. Never traverses the public internet, which reduces threats, such as common exploits, and DDoS attacks. 5. **All of the above.**

Answer 27

1. **The owner of the requester VPC sends a request to the owner of the accepter VPC to create the VPC peering connection. The owner of the accepter VPC accepts the VPC peering connection request to activate the VPC peering connection.** 2. **To enable the flow of traffic between the VPCs using private IP addresses, the owner of each VPC in the VPC peering connection must manually add a route to one or more of their VPC route tables that points to the IP address range of the other VPC (the peer VPC).** 3. **If required, update the security group rules that are associated with your instance to ensure that traffic to and from the peer VPC is not restricted.** 4. There is no need to update the security group rules that are associated with your instance to ensure that traffic to and from the peer VPC is not restricted.

Answer 28

1. Transitive peering relationships is supported. 2. **A VPC peering connection is a one to one relationship between two VPCs.** 3. **A VPC can peer with multiple VPCs in one to many relationships.** 4. **Transitive peering relationships are not supported.**

Answer 29

1. SSH and HTTP traffic from 0.0.0.0/0. 2. SSH and HTTP traffic from 204.0.223.0/24. 3. **SSH traffic from 204.0.223.0/24 and HTTP traffic from 0.0.0.0/0.** 4. No traffic can reach your instance.

Answer 30

1. **SSH and HTTP traffic from 0.0.0.0/0**. 2. SSH and HTTP traffic from 204.0.223.0/24. 3. SSH traffic from 204.0.223.0/24 and HTTP traffic from 0.0.0.0/0. 4. No traffic can reach your instance.

Answer 31

1. **Each subnet must be associated with a route table, which controls the routing for the subnet.** 2. **A subnet can only be associated with one route table at a time, but you can associate multiple subnets with the same route table.** 3. Each subnet must be associated with multiple route table, which collectively controls the routing for the subnet. 4. A subnet can be associated with multiple route table at a time, but you can associate multiple subnets with the same route table.

Answer 32

1. You can delete the main route table. 2. **Your VPC automatically comes with a main route table that you can modify.** 3. **You cannot delete the main route table, but you can replace the main route table with a custom table that you've created.** 4. You have to create main route table explicitly when you create VPC.

Answer 33

1. Attach an internet gateway to your VPC. 2. Ensure that your subnet's route table points to the internet gateway. 3. Ensure that instances in your subnet have a globally unique IP address (public IPv4 address, Elastic IP address, or IPv6 address). 4. Ensure that your network access control and security group rules allow the relevant traffic to flow to and from your instance. 5. **All of the above**

Answer 34

1. **An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the internet.** 2. **An internet gateway perform network address translation (NAT) for instances that have been assigned public IPv4 addresses.** 3. An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and corporate VPN. 4. An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between VPC endpoints and AWS resources.

Answer 35

1. Internet Gateway 2. **Egress-Only Internet Gateways** 3. NAT Gateway 4. NAT Instance

Answer 36

1. Internet Gateway 2. Egress-Only Internet Gateways 3. **NAT Gateway** 4. **NAT Instance**

Answer 37

1. **An egress-only Internet gateway is stateful.** 2. An egress-only Internet gateway is stateless. 3. **An egress-only Internet gateway forwards traffic from the instances in the subnet to the Internet or other AWS services, and then sends the response back to the instances.** 4. An egress-only Internet gateway forwards traffic from the instances in the subnet to the Internet or other AWS services, and but doesn’t sends the response back to the instances.

Answer 38

1. **A bastion host is a server whose purpose is to provide access to a private subnet from an external network, such as the Internet.** 2. **Bastion hosts are instances that are in public subnet and are typically accessed using SSH or RDP.** 3. **It can acts as a ‘hop’ or ‘bridge’ server, allowing you to use SSH or RDP to log in to other instances in private subnet in your VPC.** 4. Bastion host is a server to install firewall to protect your private subnet.

Answer 39

1. **A B** 2. A C 3. **B C**

Answer 40

1. **A B** 2. A C 3. **B C**

Answer 41

1. **Traffic is dropped when the VPC web server instance tries to connect with host in 10.0.37.0/24.** 2. Traffic is dropped when the VPC web server instance tries to connect with host in 10.1.38.0/24. 3. **Traffic will flow between VPC instance and host instance in 10.1.38.0/24**. 4. Traffic will flow between VPC instance and host instance in 10.0.37.0/24.

Answer 42

1. **Set up web servers in a public subnet and the database servers in a private subnet.** 2. **The DB instances in the private subnet can access the Internet by using a network address translation (NAT) gateway that resides in the public subnet.** 3. **Security Group attached with DB Instance should only allow read or write database requests from the web servers by configuring source as web server’s security group.** 4. The DB instances in the private subnet can access the Internet by using a web server EC2 instance that resides in the public subnet.

Answer 43

1. **A public IP address is assigned from Amazon's pool of public IP addresses; it's not associated with your account.** 2. **When a public IP address is disassociated from your instance, it's released back into the pool, and is no longer available for you to use.** 3. **You cannot manually associate or disassociate a public IP address.** 4. The assigned IP addresses are persistent.

Answer 44

1. It is not possible to connect to a DB instance deployed within a VPC. 2. **Use a bastion host, set up in a public subnet with an EC2 instance that acts as a SSH Bastion. This public subnet must have an internet gateway and routing rules that allow traffic to be directed via the SSH host, which must then forward requests to the private IP address of your RDS DB instance.** 3. **Use public connectivity, create your DB Instances with the Publicly Accessible option set to yes. With Publicly Accessible active, your DB Instances within a VPC will be fully accessible outside your VPC by default.** 4. **Set up a VPN Gateway that extends your corporate network into your VPC, and allows access to the RDS DB instance in that VPC.**

Answer 45

1. **Inside a VPC, they can Route their traffic through a network address translation (NAT) gateway or a NAT instance to access the internet.** 2. It is not possible. 3. **For Amazon VPCs with a Site-to-Site VPN connection or Direct Connect connection, instances can route their Internet traffic down the virtual private gateway to your existing datacenter.** 4. Inside a VPC, they can Route their traffic through Internet Gateway to access the internet.

Answer 46

1. **You can use a NAT device to enable instances in a private subnet to connect to the internet (for example, for software updates) or other AWS services, but prevent the internet from initiating connections with the instances.** 2. **A NAT device forwards traffic from the instances in the private subnet to the internet or other AWS services, and then sends the response back to the instances.** 3. **When traffic goes to the internet, the source IPv4 address is replaced with the NAT device’s address and similarly, when the response traffic goes to those instances, the NAT device translates the address back to those instances’ private IPv4 addresses.** 4. NAT devices are supported for both IP4 and IPv6 traffic.

Answer 47

1. NAT Private Gateway 2. NAT Internet Gateway 3. **NAT gateway** 4. **NAT instance**

Answer 48

1. Type and size: NAT Gateway: Choose a suitable instance type and size, according to your predicted workload. NAT instances: Uniform offering; you don’t need to decide on the type or size. 2. **Bandwidth = NAT gateways: Can scale up to 45 Gbps. NAT instances: Depends on the bandwidth of the instance type.** 3. **Maintenance= NAT gateways: Managed by AWS.NAT instances: Managed by you.** 4. **Performance=NAT gateways: Software is optimized for handling NAT traffic. NAT instances: A generic Amazon Linux AMI that's configured to perform NAT.**

Answer 49

1. **The NAT gateway is not ready to serve traffic.** 2. **Your route tables are not configured correctly.** 3. You should place the instance in a public subnet. 4. **Your security groups or network ACLs are blocking inbound or outbound traffic.** 5. **You're using an unsupported protocol.**

Answer 50

1. Your source instance should be in public subnet to access internet. 2. Your NAT instance should also be in the private subnet. 3. **You should disable source/destination check in the NAT instance.** 4. All of the above

Answer 51

1. **NAT Instance** 2. NAT Gateway 3. Transit Gateway 4. Bastion Instance

Answer 52

1. **Set up web servers in a public subnet and the database servers in a private subnet.** 2. **The DB instances in the private subnet can access the Internet by using a network address translation (NAT) instance that resides in the public subnet.** 3. **Security Group attached with DB Instance should only allow read or write database requests from the web servers by configuring source as web server’s security group.** 4. The DB instances in the private subnet can access the Internet by using a web server EC2 instance that resides in the public subnet. 5. **Security Group attached with NAT Instance should allow internet access from DB server in private subnet and route response back to it**.

Answer 53

1. **Any Internet-bound traffic must first traverse the virtual private gateway to corporate network, where the traffic is then subject to firewall and corporate security policies.** 2. **If the instances send any AWS-bound traffic, the requests must go over the virtual private gateway to corporate network and then egress to the Internet before reaching AWS.** 3. Instances can send any AWS-bound traffic flow directly without going to corporate network. 4. Any Internet-bound traffic can flow through the internet gateway.

Answer 54

1. **Attach an internet gateway to your VPC.** 2. Attach a Transit Gateway or VPN Gateway to your VPC. 3. **Ensure that your subnet's route table points to the internet gateway.** 4. **Ensure that instances in your subnet have a globally unique IP address (public IPv4 address, Elastic IP address, or IPv6 address).** 5. **Ensure that your network access control and security group rules allow the relevant traffic to flow to and from your instance.**

Answer 55

1. Increase the number of NAT instances and change its instance type to one having more bandwidth. 2. **Use NAT gateway instead of NAT instance**. 3. Place NAT instance in the private subnet to increase network performance. 4. Change the maintenance window of private subnet instances so as not to overlap with one another.

Answer 56

1. S3, Lambda, EC2, RDS 2. **IP Address Range , Subnet,** 3. **Internet Gateway, NAT Gateway, Virtual private gateway, Egress-only Internet Gateway** 4. Direct connect, Cloudfront and Route53 5. **Peering Connection, VPC Endpoints**

Answer 57

1. **Default limit for number of VPC per region per account is 5** 2. **IP address range of VPC is between maximum of /16 and minimum of /28 netmask** 3. Default limit for number of VPC per account is 5 4. IP address range of VPC is between a minimum of /16 and maximum of /28 netmask

Answer 58

1. An internal subnet is for connection only from your corporate VPN. 2. **A subnet is a range of IP addresses in your VPC.** 3. **Public subnet is for resources that must be connected to the internet.** 4. **Private is subnet for resources that won't be connected to the internet.**

Answer 59

1. Create a rule in security group attached to web server instance to block the ip address. 2. **Create a rule in Network Access Control attached to web server instance to deny access to ip address.** 3. Move the web servers instance from public subnet to private subnet. 4. Create a rule to block the ip address in the internet gateway.

Answer 60

1. **Add a route pointing to Finance department VPC CIDR block in the route table that's associated with HR department subnets.** 2. **Add a route pointing to HR department VPC CIDR block in the route table that's associated with Finance department subnets.** 3. No need to add any entry in the Finance department subnet route tables. 4. No need to add any entry in the HR department subnet route tables.

Answer 61

1. It is not possible 2. Egress only Internet Gateway 3. Transit Gateway 4. **VPC Endpoints**

Answer 62

1. **Interface endpoints** 2. Internet endpoints 3. Gateway endpoints 4. **Service endpoints**

Answer 63

1. **Amazon S3** 2. **DynamoDB** 3. Amazon RDS 4. Amazon EBS

Answer 64

1. Two peer configuration. A-B and B-C peer configuration needs to be done. A-C transitive peering configuration will be automatically done. 2. **Three peer configuration. A-B, B-C and C-A.** 3. Two peer configuration. A-C and B-C peer configuration needs to be done. A-B transitive peering configuration will be automatically done. 4. None of the above.

Answer 65

1. 7 2. 14 3. **21** 4. 28

Answer 66

1. **You cannot use VPC A to extend the peering relationship to exist between VPC B and the corporate network.** 2. **Traffic from the corporate network can’t directly access VPC B by using the VPN connection to VPC A.** 3. You can use VPC A to extend the peering relationship to exist between VPC B and the corporate network. 4. Traffic from the corporate network can directly access VPC B by using the VPN connection to VPC A.

Answer 67

1. **Amazon API Gateway, Elastic Load Balancing, Amazon Kinesis Data Firehose, Amazon Kinesis Data Streams** 2. **Amazon SNS, Amazon SQS, AWS Storage Gateway** 3. Amazon S3, DynamoDB, Amazon RDS 4. **AWS CloudFormation, AWS CloudTrail, AWS CodeBuild, AWS CodeCommit, AWS CodePipeline**

Answer 68

1. You can use VPC A to extend the peering relationship to exist between VPC B and the internet. 2. **You cannot use VPC A to extend the peering relationship to exist between VPC B and the internet.** 3. **Traffic from the internet can’t directly access VPC B by using the internet gateway connection to VPC A.** 4. Traffic from the internet can directly access VPC B by using the internet gateway connection to VPC A

Answer 69

1. You can use VPC A to extend the peering relationship to exist between VPC B and the internet through NAT device. 2. **You cannot use VPC A to extend the peering relationship to exist between VPC B and the internet through NAT device.** 3. **Traffic from the internet can’t directly access VPC B by using the NAT device connection to VPC A.** 4. Traffic from the internet can directly access VPC B by using the NAT device connection to VPC A.

Answer 70

1. **VPC B can't directly access Amazon S3 using the VPC endpoint connection to VPC A**. 2. VPC B can directly access Amazon S3 using the VPC endpoint connection to VPC A. 3. Traffic from the Amazon S3 can directly flow to VPC B by using connection to VPC A. 4. **Traffic from the Amazon S3 cannot directly flow to VPC B by using connection to VPC A.**

Answer 71

1. There is no alternate way as instance in private subnet can access internet over NAT gateway only. 2. **Use VPC Gateway Endpoint which supports Amazon S3.** 3. Use Amazon S3 Gateway. 4. Use Customer Gateway

Answer 72

1. The traffic will not flow from VPC A to VPC B in the route table as 172.31.0.0/16 overlaps with 0.0.0.0/0 and 0.0.0.0/0 is mapped to internet gateway routing. 2. **Any traffic from the VPC A subnet that's destined for the 172.31.0.0/16 IP address range will flow through the peering connection.** 3. **Any traffic destined for a target within the VPC A (10.0.0.0/16) is covered by the Local route, and therefore is routed within the VPC.** 4. **Any traffic in VPC A other than Local and Peer VPC will flow through internet gateway.**

Answer 73

1. There is no alternate way as instance in private subnet can access internet over NAT gateway only. 2. Use Amazon DynamoDB Gateway. 3. Use Customer Gateway 4. **Use VPC Gateway Endpoint which supports Amazon DynamoDB.**

Answer 74

1. Delete one VPC and move all the resources to another VPC. 2. **Establish VPC peering connection between two VPCs.** 3. Modify IAM policies in the two VPCs to enable access. 4. This is possible only when the two VPCs are in the same corporate AWS account.

Answer 75

1. Delete all VPCs and move the resources to one VPC. 2. **Establish VPC peering connection between VPCs.** 3. Modify IAM policies in the VPCs to enable access. 4. This is possible only when the VPCs are in the same corporate AWS account.

Answer 76

1. Direct Connect 2. **Virtual Private Gateway** 3. **AWS Transit Gateway** 4. **Customer Gateway**

Answer 77

1. Direct Connect 2. **Virtual Private Gateway** 3. AWS Transit Gateway 4. Customer Gateway

Answer 78

1. Direct Connect 2. Virtual Private Gateway 3. AWS Transit Gateway 4. **Customer Gateway**

Answer 79

1. Direct Connect 2. Virtual Private Gateway 3. **AWS Transit Gateway** 4. Customer Gateway

Answer 80

1. PPTP 2. L2F 3. L2TP 4. **IPSec**

Answer 81

1. 1 2. **2** 3. 3 4. 4

Answer 82

1. AWS Direct Connect 2. AWS Site to Site VPN 3. AWS VPN Gateway 4. **AWS Transit Gateway**

Answer 83

1. Create a filter and alarm in the CloudTrail. 2. Enable flow logs for your VPC and publish data directly to Cloudtrail logs, then in the CloudTrail select your VPC flow log group to create a metric filter and alarm to notify you through email. 3. Create a filter and alarm in the CloudWatch. 4. **Enable flow logs for your VPC and publish data directly to CloudWatch logs, then in the CloudWatch select your VPC flow log group to create a metric filter and alarm to notify you through email.**

Answer 84

1. **Use Egress only internet gateway** 2. Use NAT Gateway 3. Use NAT Instance 4. Use Internet Gateway

Answer 85

1. **Security Group** 2. **Network ACL** 3. **Route Table** 4. Subnet

Answer 86

1. **High Availability** 2. **Health Checks** 3. **Security layer** 4. High Server Performance

Answer 87

1. **Application Load Balancers** 2. Database Load Balancers 3. **Network Load Balancers** 4. **Classic Load Balancers**

Answer 88

1. **HTTP, HTTPS** 2. TCP, UDP, TLS 3. TCP, SSL/TLS, HTTP, HTTPS 4. HTTP, HTTPS, TCP

Answer 89

1. HTTP, HTTPS 2. **TCP, UDP, TLS** 3. TCP, SSL/TLS, HTTP, HTTPS 4. HTTP, HTTPS, TCP

Answer 90

1. HTTP, HTTPS 2. TCP, UDP, TLS 3. **TCP, SSL/TLS, HTTP, HTTPS** 4. HTTP, HTTPS, TCP

Answer 91

1. **Application Load Balancers** 2. Database Load Balancers 3. Network Load Balancers 4. Classic Load Balancers

Answer 92

1. Application Load Balancers 2. Network Load Balancers 3. **Classic Load Balancers** 4. Database Load Balancers

Answer 93

1. Network Load Balancers 2. Classic Load Balancers 3. Database Load Balancers 4. **Application Load Balancers**

Answer 94

1. **Network Load Balancers** 2. Classic Load Balancers 3. Database Load Balancers 4. Application Load Balancers

Answer 95

1. When disabled, each load balancer node distributes traffic across the registered targets in all enabled Availability Zones. 2. **When enabled, each load balancer node distributes traffic across the registered targets in all enabled Availability Zones.** 3. **When disabled, each load balancer node distributes traffic across the registered targets in its Availability Zone only.** 4. When enabled, each load balancer node distributes traffic across the registered targets in its Availability Zone only.

Answer 96

1. Each of the 2 targets in Availability Zone A receives 50% of the traffic and each of the 8 targets in Availability Zone B receives 12.5% of the traffic. 2. **Each of the 10 targets receives 10% of the traffic.** 3. Each of the 2 targets in Availability Zone A receives 25% of the traffic and each of the 8 targets in Availability Zone B receives 6.25% of the traffic. 4. None of the above

Answer 97

1. **Load Balancer** 2. **Listener** 3. **Target Group** 4. Firewall

Answer 98

1. **The nodes of an Internet-facing load balancer have public IP addresses.** 2. **The DNS name of an Internet-facing load balancer is publicly resolvable to the public IP addresses of the nodes.** 3. The DNS name of an Internet-facing load balancer is publicly resolvable to the private IP addresses of the nodes. 4. **Internet-facing load balancers can route requests from clients over the Internet.**

Answer 99

1. Each of the 2 targets in Availability Zone A receives 50% of the traffic and each of the 8 targets in Availability Zone B receives 12.5% of the traffic. 2. Each of the 10 targets receives 10% of the traffic. 3. **Each of the 2 targets in Availability Zone A receives 25% of the traffic and each of the 8 targets in Availability Zone B receives 6.25% of the traffic**. 4. None of the above

Answer 100

1. Internal -facing load balancers can route requests from clients over the Internet. 2. **The nodes of an internal load balancer have only private IP addresses.** 3. **The DNS name of an internal load balancer is publicly resolvable to the private IP addresses of the nodes.** 4. **Internal load balancers can only route requests from clients with access to the VPC for the load balancer.**

Answer 101

1. If need is to load balance HTTP requests, use Application Load Balancer. 2. For network/transport protocols (layer4 – TCP, UDP) load balancing, and for extreme performance/low latency applications, use Network Load Balancer. 3. If your application is built within the EC2 Classic network then you should use Classic Load Balancer. 4. **All of the above**.

Answer 102

1. Internet-facing route requests to your targets using public IP addresses and internal load balancers route requests to your targets using private IP addresses. 2. **Internet-facing and internal load balancers route requests to your targets using private IP addresses.** 3. **Targets do not need public IP addresses to receive requests from an internal or an Internet-facing load balancer.** 4. Targets need public IP addresses to receive requests from an internal or an Internet-facing load balancer.

Answer 103

1. **Create an internal load balancer and register the database servers with it.** 2. **Create an Internet-facing load balancer and register the web servers with it.** 3. Create an Internet-facing load balancer and register the database servers with it. 4. The database servers receive requests from the Internet facing load balancer.

Answer 104

1. Support for path-based routing 2. Support for host-based routing 3. Support for routing based on fields in the request, such as standard and custom HTTP headers and methods, query parameters, and source IP addresses. 4. **All of the above**

Answer 105

1. You must specify one public subnet from at least one Availability Zones. 2. You can specify any number of public subnet per Availability Zone. 3. **You can specify only one public subnet per Availability Zone.** 4. **You must specify one public subnet from at least two Availability Zones.**

Answer 106

1. **Instance** 2. **IP** 3. SQS Queue 4. **Lambda Function**

Answer 107

1. The targets in that Availability Zone will not remain registered with the load balancer. 2. **The targets in that Availability Zone will remain registered with the load balancer.** 3. **The load balancer will not route requests to the targets.** 4. The load balancer will keep routing requests to target as they are still part of the target group attached to load balancer.

Answer 108

1. **You must add one or more listeners.** 2. You must add one listener. 3. **A listener is a process that checks for connection requests, using the protocol and port that you configure.** 4. **The rules that you define for a listener determine how the load balancer routes requests to the targets in one or more target groups.**

Answer 109

1. **Protocols : HTTP, HTTPS** 2. **Ports : 1-65535** 3. Protocols: TCP, UDP 4. Protocols : HTTP, HTTPS, TCP, UDP

Answer 110

1. Application Load Balancers doesn’t provide native support for WebSockets. 2. You cannot use WebSockets with both HTTP and HTTPS listeners. 3. **Application Load Balancers provide native support for WebSockets.** 4. **You can use WebSockets with both HTTP and HTTPS listeners.**

Answer 111

1. **Route requests to one or more registered targets.** 2. Route requests to one or more registered listeners. 3. Route requests to one or more registered targets in a specific subnet. 4. Route requests to one or more registered targets in a specific availability zone.

Answer 112

1. Any publicly routable IP addresses. 2. **Any subnets of the VPC for the target group.** 3. **10.0.0.0/8 (RFC 1918), 100.64.0.0/10 (RFC 6598)** 4. **172.16.0.0/12 (RFC 1918), 192.168.0.0/16 (RFC 1918)**

Answer 113

1. Have to programmatically handle at web api level to give stateful experience. 2. **Enable sticky session attribute of the target group attached to load balancer.** 3. Load balancer doesn’t support stateful session management. 4. Client should send its own generated session cookie each time with information about the target instance.

Answer 114

1. Programmatically keep sending requests to the same instance till session completes. 2. Enable sticky sessions. 3. **Enable connection draining.** 4. All of the above.

Answer 115

1. **Through health checks** 2. Through connection draining checks 3. Through Session checks 4. Targets ping their status to load balancer

Answer 116

1. **Each load balancer node routes requests only to the healthy targets in the enabled Availability Zones for the load balancer.** 2. After your target is registered, it must pass at least two consecutive health check to be considered healthy. 3. **After your target is registered, it must pass one health check to be considered healthy.** 4. **Health checks do not support WebSockets.**

Answer 117

1. **Each listener has a default rule, and you can optionally define additional rules.** 2. **Each rule consists of a priority, one or more actions, and one or more conditions.** 3. **Rules are evaluated in priority order, from the lowest value to the highest value. The default rule is evaluated last**. 4. Rules are evaluated in priority order, from the lowest value to the highest value. The default rule is evaluated first.

Answer 118

1. To have the ability to manage load between micro services and general requests. 2. To have better availability and fault tolerance of your application instances. 3. To balance load across application which are in containers 4. **All of the above**

Answer 119

1. Security group of the instance may not be allowing traffic from load balancer. 2. Network access control list (ACL) of the new instance’s subnet may not be allowing traffic. 3. Availability zone AZ-C may not be enabled for the load balancer. 4. The health check ping path may not be existing in the instance. 5. **All of the above.**

Answer 120

1. Load balancer is attached to a public subnet. 2. **Load balancer is attached to a private subnet.** 3. **The security group for the load balancer must allow inbound traffic from the clients and outbound traffic to the clients on the listener ports.** 4. **Network ACLs for the load balancer subnets must allow inbound traffic from the clients and outbound traffic to the clients on the listener ports.**

Answer 121

1. **If there is at least one healthy target in a target group, the load balancer routes requests only to the healthy targets.** 2. Load balancer will never send request to unhealthy targets. 3. **If a target group contains only unhealthy targets, the load balancer routes requests to the unhealthy targets.** 4. Load balancer will always send request to targets in a target group irrespective of health status.

Answer 122

1. Application Load Balancers 2. Classic Load Balancers 3. Database Load Balancers 4. **Network Load Balancers**

Answer 123

1. Ability to handle volatile workloads and scale to millions of requests per second. 2. Support for static IP addresses for the load balancer. You can also assign one Elastic IP address per subnet enabled for the load balancer. 3. Support for routing requests to multiple applications on a single EC2 instance. 4. Support for containerized applications. 5. **All of the above.**

Answer 124

1. **Protocols: TCP, TLS, UDP, TCP\_UDP** 2. **Ports: 1-65535** 3. Protocols: HTTP, HTTPS 4. Protocols: HTTP, HTTPS, TCP, UDP

Answer 125

1. **Instance** 2. **IP Address** 3. Lambda function 4. SQS Queue

Answer 126

1. Enable Proxy Protocol and get the client IP addresses from the Proxy Protocol header. 2. **You don’t need to do anything the source IP addresses of the clients are preserved and provided to your applications.** 3. Enable sticky sessions in the load balancer. 4. Send the ip address through client cookie.

Answer 127

1. **Enable Proxy Protocol and get the client IP addresses from the Proxy Protocol header.** 2. You don’t need to do anything the source IP addresses of the clients are preserved and provided to your applications. 3. Enable sticky sessions in the load balancer. 4. Send the ip address through client cookie.

Answer 128

1. **Use a Subject Alternative Name (SAN) certificate to validate multiple domains behind the load balancer, including wildcard domains, with AWS Certificate Manager (ACM).** 2. **Use an Application Load Balancer (ALB), which supports multiple SSL certificates and smart certificate selection using Server Name Indication (SNI).** 3. It is not possible. 4. Use a Classic Load Balancer, which supports multiple SSL certificates and smart certificate selection using Server Name Indication (SNI).

Answer 129

1. **ELB Security Group Inbound Setting: Protocol = TCP, Port for 80(HTTP) and 443(HTTPS), Source IP =0.0.0.0/0 (all IPv4 addresses)** 2. **ELB Security Group Outbound Setting: Protocol = TCP, Port for 80(HTTP) and 443(HTTPS), Destination IP = The ID of the instance security group** 3. **Instance Security Group Inbound Setting: Protocol = TCP, Port for 80(HTTP) and 443(HTTPS), Source IP = The ID of the ELB security group** 4. Instance Security Group Outbound Setting: Protocol = TCP, Port for 80(HTTP) and 443(HTTPS), Destination IP = The ID of the ELB security group

Answer 130

1. ELB Security Group Inbound Setting: Protocol = TCP, Port for 80(HTTP) and 443(HTTPS), Source IP =0.0.0.0/0 (all IPv4 addresses) 2. **ELB Security Group Inbound Setting: Protocol = TCP, Port for 80(HTTP) and 443(HTTPS), Source IP = the IPv4 CIDR block of the VPC** 3. **ELB Security Group Outbound Setting: Protocol = TCP, Port for 80(HTTP) and 443(HTTPS), Destination IP = The ID of the instance security group** 4. **Instance Security Group Inbound Setting: Protocol = TCP, Port for 80(HTTP) and 443(HTTPS), Source IP = The ID of the ELB security group** 5. Instance Security Group Outbound Setting: Protocol = TCP, Port for 80(HTTP) and 443(HTTPS), Destination IP = The ID of the ELB security group

Answer 131

1. Application load balancer 2. **Network load balancer** 3. Classic load balancer 4. None of the above

Answer 132

1. authenticate-cognito 2. authenticate-oidc 3. **SSL** 4. fixed-response 5. forward 6. redirect

Answer 133

1. host-header 2. http-request-method 3. http-header 4. **geo-location** 5. path-pattern 6. query-string 7. source-ip

Answer 134

1. 1 2. **2** 3. 3 4. 4

Answer 135

1. Shut down all the instances for a period of time when you are doing upgrade or replacing instances. 2. **Enable Connection draining on ELBs.** 3. Wait for the instance to have zero user connection and then stop the instance for maintenance. 4. Abruptly stop the instance even when they have user connection as they can reconnect to another healthy instance on next try.

Answer 136

1. ALB works with only two AZs 2. Auto scaling works with only two AZs 3. **Third AZ is not added to the ALB** 4. None of the above

Answer 137

1. **Inbound : Source=0.0.0.0/0, Port Range = listener port** 2. No need to configure outbound rule 3. **Outbound : Destination=instance security group, Port Range=instance listener port** 4. **Outbound : Destination=instance security group, Port Range= health check port**

Answer 138

1. **Inbound : Source= VPC CIDR, Port Range = listener port** 2. No need to configure outbound rule 3. **Outbound : Destination=instance security group, Port Range=instance listener port** 4. **Outbound : Destination=instance security group, Port Range= health check port**

Answer 139

1. Amazon Inspector 2. Amazon Guard Duty 3. Amazon Cognito 4. **AWS WAF**

Answer 140

1. Application load balancer 2. **Network load balancer** 3. Classic load balancer 4. None of the above

Answer 141

1. **Application load balancer** 2. Network load balancer 3. **Classic load balancer** 4. None of the above

Answer 142

1. Configure Route53 simple routing policy to distribute traffic evenly across all instances. 2. Configure Route53 weighted routing policy to distribute traffic evenly across all instances. 3. No need to do anything Route53 will distribute traffic evenly across all instances. 4. **Enable cross zone load balancing in the ALB configuration.**

Answer 143

1. It is not possible to use Application Load Balancer for on premise instances as target. 2. **Provision Direct Connect or VPN between on premise and AWS VPC. Use IP addresses based target groups in ALB.** 3. **Register all the resources (AWS and on-premises) to the same target group and associate the target group with a load balancer.** 4. **You can use DNS based weighted load balancing across AWS and on-premises resources using two load balancers i.e. one load balancer for AWS and other for on-premises resources.**

Answer 144

1. The total number of concurrent TCP connections active from clients to the load balancer and from the load balancer to targets. 2. The total number of bytes processed by the load balancer over IPv4 and IPv6. 3. The number of targets that are considered healthy and unhealthy. 4. **All of the above.**

Answer 145

1. Cloudwatch 2. **Access logs** 3. Request Tracing 4. Cloudtrail logs

Answer 146

1. Access logs 2. **VPC Flow Logs** 3. CloudTrail logs 4. CloudWatch metrics

Answer 147

1. **Access logs** 2. VPC Flow Logs 3. CloudTrail logs 4. CloudWatch metrics

Answer 148

1. Access logs 2. VPC Flow Logs 3. **CloudTrail** 4. CloudWatch

Answer 149

1. AWS Transit Gateway 2. AWS VPN 3. **AWS Direct Connect** 4. AWS Storage Gateway

Answer 150

1. **It is a network service that provides an alternative to using the Internet to connect customer's on premise sites to AWS.** 2. Enable access to your remote network from your VPC by creating an AWS Site-to-Site VPN (Site-to-Site VPN) connection 3. **Data that would have previously been transported over the Internet can now be delivered through a private network connection between AWS and your datacenter or corporate network.** 4. **It can reduce costs, increase bandwidth, and provide a more consistent network experience than Internet-based connections.**

Answer 151

1. **Appropriate provisioning and right sizing** 2. **Using appropriate purchasing options to meet use case** 3. Using EC2 and VPC for deploying workloads 4. **Geographic location selection** 5. **Using managed services and optimizing data transfer**

Answer 152

1. AWS RDS 2. AWS VPN 3. **AWS Direct Connect** 4. **Amazon CloudFront content delivery network (CDN)**

Answer 153

1. Increase the bandwidth with your Internet service provider. 2. Create VPN connection with AWS resources. 3. **Use AWS Direct Connect to connect with AWS resources.** 4. Use AWS Transit Gateway to connect with AWS resources.

Answer 154

1. **Applications that use real-time data feeds from on-premise.** 2. **Hybrid environments that satisfy regulatory requirements requiring the use of private connectivity.** 3. **Transferring large data sets over the Internet from on-premise data centers.** 4. Applications that can work solely on cloud and doesn’t need integration with on-premise.

Answer 155

1. AWS DirectConnect 2. AWS Privatelink 3. AWS VPN 4. **AWS Transit Gateway**

Answer 156

1. **11** 2. 12 3. 14 4. 16

Answer 157

1. 10.0.0.0/28 2. **10.0.0.0/27** 3. 10.0.0.0/29 4. 10.0.0.0/30

Answer 158

1. **AWS Direct Connect** 2. **AWS VPN** 3. AWS Transit Gateway 4. AWS Privatelink

Answer 159

1. Associate your internet-facing load balancer with private subnet of your instances. 2. It is not possible to connect internet-facing load balancer with private subnet of your instances. 3. Create a public subnet with NAT gateway. Map the public subnet to load balancer and NAT gateway to private instances. 4. **Create public subnets in the same Availability Zones as the private subnets that are used by your private instances. Then associate these public subnets to the internet-facing load balancer.**

Answer 160

1. Total 4. Across Two AZs, each with two private subnets. 2. **Total 6. Across Two AZs, each having one public subnet and two private subnets.** 3. Total 6. One AZ, having two public subnet and four private subnets. 4. Total 5. One AZ, having one public subnet and four private subnets.

Answer 161

1. **It supports 256 IP addresses.** 2. **You can break this CIDR block into two subnets, each supporting 128 IP addresses. One subnet uses CIDR block 10.0.0.0/25 (for addresses 10.0.0.0 - 10.0.0.127) and the other uses CIDR block 10.0.0.128/25 (for addresses 10.0.0.128 - 10.0.0.255).** 3. **The first four IP addresses and the last IP address in each subnet CIDR block are not available for you to use, and cannot be assigned to an instance.** 4. The first IP addresses and the last four IP address in each subnet CIDR block are not available for you to use, and cannot be assigned to an instance.

Answer 162

1. You need to add rule in their security group to allow RDP traffic as ping command is a type of RDP traffic. 2. You need to add rule in their security group to allow SSH traffic as ping command is a type of SSH traffic. 3. **You need to add rule in their security group to allow ICMP traffic as ping command is a type of ICMP traffic.** 4. The instances may not have public IP address.

Answer 163

1. Replace your application load balancer with network load balancer and configure path based routing in your application load balancer to route request to different target group of instances. 2. Replace your application load balancer with network load balancer and configure host based routing in your application load balancer to route request to different target group of instances. 3. **Configure path based routing in your application load balancer to route request to different target group of instances.** 4. Configure host based routing in your application load balancer to route request to different target group of instances.

Answer 164

1. Replace your application load balancer with network load balancer and configure path based routing in your application load balancer to route request to different target group of instances. 2. Replace your application load balancer with network load balancer and configure host based routing in your application load balancer to route request to different target group of instances. 3. Configure path based routing in your application load balancer to route request to different target group of instances. 4. **Configure host based routing in your application load balancer to route request to different target group of instances.**

Answer 165

1. **Use a single Application Load Balancer to route requests to all the services for your application.** 2. Use a single Classic Load Balancer to route requests to all the services for your application. 3. **Register an EC2 instance with a target group, you can register it multiple times; for each service, register the instance using the port for the service.** 4. You have to deploy each microservice in a separate instance as you can attach an instance only once to a target group.

Answer 166

1. **TRUE** 2. FALSE

Answer 167

1. Availability Zone 2. **Local Zone** 3. Outpost 4. Region

Answer 168

1. **Provision a NAT gateway in a public subnet of each AZ and configure the routing to ensure that web server uses the NAT gateway in their respective AZ.** 2. Provision a NAT gateway in in a public subnet of one AZ and configure the routing to ensure that web server in all three AZ uses the NAT gateway. 3. Provision a NAT gateway in a private subnet of each AZ and configure the routing to ensure that web server uses the NAT gateway in their respective AZ. 4. Provision a NAT gateway in in a private subnet of one AZ and configure the routing to ensure that web server in all three AZ uses the NAT gateway.

Answer 169

1. Private virtual interface 2. Public virtual interface 3. Transit virtual interface 4. **VPC virtual interface**

Answer 170

1. For a private virtual interface, ensure that your VPC route tables have prefixes pointing to the virtual customer gateway to which your private virtual interface is connected. 2. **Ensure that you are advertising a route for your on-premises network prefix over the BGP session.** 3. **For a private virtual interface, ensure that your VPC security groups and network ACLs allow inbound and outbound traffic for your on-premises network prefix.** 4. **For a private virtual interface, ensure that your VPC route tables have prefixes pointing to the virtual private gateway to which your private virtual interface is connected.**

Answer 171

1. AWS PrivateLink 2. **AWS Direct Connect** 3. **AWS Managed VPN** 4. **AWS Transit Gateway or Transit VPC**

Answer 172

1. **For Application Load Balancers and Classic Load Balancers with HTTP/HTTPS listeners, you must use X-Forwarded-For headers** 2. For Application Load Balancers with TCP/SSL listeners, you must enable Proxy Protocol support on the Classic Load Balancer and the target application. 3. **For Classic Load Balancers with TCP/SSL listeners, you must enable Proxy Protocol support on the Classic Load Balancer and the target application.** 4. **For Network Load Balancers, you can register your targets by instance ID to capture client IP addresses without additional web server configuration.**

Answer 173

1. Using VPC endpoints 2. It is not possible to Peer VPCs across regions. 3. Using Corporate Network Backbone 4. **Using Inter-region VPC Peering**

Answer 174

1. **It is a physical location around the world which has cluster of data centers.** 2. Each region maps to one data center at a geographic location. 3. Each AWS Region is an extension of an AWS Local Zone where you can run your latency sensitive applications using AWS services. 4. **Each AWS Region consists of multiple, isolated, and physically separate AZ's within a geographic area.**

Answer 175

1. AWS Local Zones place compute, storage, database, and other select AWS services closer to end-users. 2. With AWS Local Zones, you can easily run highly-demanding applications that require single-digit millisecond latencies. 3. Each AWS Local Zone location is an extension of an AWS Region where you can run your latency sensitive applications using AWS services 4. **Each Local Zone maps to an AZ in a region.**

Answer 176

1. **An Availability Zone (AZ) is one discrete data centers with redundant power, networking, and connectivity in an AWS Region.** 2. All AZ’s in an AWS Region are interconnected with high-bandwidth, low-latency networking, over fully redundant, dedicated metro fiber providing high-throughput, low-latency networking between AZ’s. 3. **Traffic between AZ’s is not encrypted.** 4. AZ’s give customers the ability to operate production applications and databases that are more highly available, fault tolerant, and scalable than would be possible from a single data center.

Answer 177

1. **After you create the Auto Scaling group, attach your existing load balancer to it.** 2. **Your Auto Scaling group region and Availability Zones not necessarily has to be same as the load balancer.** 3. You have to create a new load balancer to attach to the Auto Scaling group. 4. Create your Auto Scaling group in the same region and Availability Zone as your load balancer. 5. **Create an Auto Scaling group that launches copies of instances you’ve already configured, or create a launch configuration that uses an Amazon Machine Image (AMI) instead.**

Answer 178

1. CloudFront 2. Route53 3. Application Load Balancer 4. **Global Accelerator**

Answer 179

1. Load Balancer, DNS Hosted Zone 2. **Static IP addresses, Accelerator** 3. **DNS name, Listener** 4. **Endpoint group, Endpoint**

Answer 180

1. **For applications, such as gaming, media, mobile applications, and financial applications, which need very low latency for a great user experience.** 2. **Useful for IoT, retail, media, automotive and healthcare use cases in which client applications cannot be updated frequently.** 3. Speed up the delivery of your static content (e.g., images, style sheets, JavaScript, etc.) to viewers across the globe. 4. Private connectivity between VPCs, AWS services, and on-premises applications, securely on the Amazon network.

Answer 181

1. Global Accelerator improves performance for both cacheable content (such as images and videos) and dynamic content (such as API acceleration and dynamic site delivery). 2. **CloudFront improves performance for both cacheable content (such as images and videos) and dynamic content (such as API acceleration and dynamic site delivery).** 3. **Global Accelerator improves performance for a wide range of applications over TCP or UDP by proxying packets at the edge to applications running in one or more AWS Regions.** 4. CloudFront improves performance for a wide range of applications over TCP or UDP by proxying packets at the edge to applications running in one or more AWS Regions.

Answer 182

1. **Change the traffic dial to limit the traffic for one or more endpoint groups.** 2. Change the traffic dial to limit the traffic for endpoints in a group. 3. Specify weights to change the proportion of traffic to the endpoint group. 4. **Specify weights to change the proportion of traffic to the endpoints in a group.**

Answer 183

1. **First 25 requests are directed to the endpoint group in us-west-2 and 25 are directed to the endpoint group in us-east-1.** 2. **The next 25 requests from the East Coast are served by us-west-2, and the next 25 requests from the West Coast are served by us-east-1.** 3. First 50 request are served by us-west-2 and next 50 requests are served by us-east-1. 4. First 50 request are served by us-east-1 and next 50 requests are served by us-west-2.

Answer 184

1. Global Accelerator does not support client IP address preservation when you use an internal Application Load Balancer or an EC2 instance. 2. **When you use an internet-facing Application Load Balancer as an endpoint with Global Accelerator, you can choose to preserve the source IP address of the original client for packets that arrive at the load balancer by enabling client IP address preservation.** 3. **When you use an internal Application Load Balancer or an EC2 instance with Global Accelerator, the endpoint always has client IP address preservation enabled.** 4. **Global Accelerator does not support client IP address preservation for Network Load Balancer and Elastic IP address endpoints.**