You are designing an AWS Direct Connect solution into your VPC. You need to consider requirements for the customer router to terminate the Direct Connect link at the Direct Connect location.
Which three factors that must be supported should you consider when choosing the customer router? (Select three.)

1. A. 802.1q trunking
2. B. 802.1ax or 802.3ad link aggregation
3. C. OSPF
4. D. BGP
5. E. single-mode optical fiber connectivity
6. F. 1-Gbps copper connectivity

Correct Answer: ADE
https://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html#overview_requirements

An application runs on a fleet of Amazon EC2 instances in a VPC. All instances can reach one another using private IP addresses. The application owner has a new requirement that the domain name received via DHCP should be different for a particular set of instances that are currently in one particular subnet.
What changes should be made to meet this requirement while continuing to support the existing application requirements?

1. A. Modify the existing DHCP option set and specify the different domain name for the specified subnet.
2. B. Create a new DHCP option set with the different domain name, associate it with the specified subnet, and re-launch the Amazon EC2 instances.
3. C. Create a new subnet, configure the DHCP option set with the different domain name, and re-launch the required instances there.
4. D. Create a new peered VPC, configure the DHCP option set with the different domain name, and re-launch the required instances there.

Correct Answer: D
https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html

A company has an AWS Direct Connect connection between its on-premises data center and Amazon VPC. An application running on an Amazon EC2 instance in the VPC needs to access confidential data stored in the on-premises data center with consistent performance For compliance purposes, data encryption is required.
What should the network engineer do to meet these requirements?

1. A. Configure a public virtual interface on the Direct Connect connectio
2. B. Set up an AWS Site-to-Site VPN between the customer gateway and the virtual private gateway in the VPC.
3. C. Configure a private virtual interface on the Direct Connect connectio
4. D. Set up an AWS Site-to-Site VPN between the customer gateway and the virtual private gateway in the VPC.
5. E. Configure an internet gateway in the VPC Set up a software VPN between the customer gateway and an EC2 instance in the VPC.
6. F. Configure an internet gateway in the VPC Set up an AWS Site-to-Site VPN between the customer gateway and the virtual private gateway in the VPC.

Correct Answer: D

A company uses multiple AWS accounts within AWS Organizations and has services deployed in a single AWS Region. The instances in a private subnet occasionally download patches from the internet through a NAT gateway The company recently migrated from VPC peering to AWS Transit Gateway The cumulative traffic through deployed NAT gateways Is less than 1Gbps The NAT gateway hourly charge contributes to most of the NAT gateway costs across all linked accounts.
What should the company do to reduce NAT gateway hourly costs?

1. A. Deploy and use NAT gateways in the same Availability Zone as the heavy-traffic resources.
2. B. Move to a centralized NAT gateway architecture with NAT gateways deployed in an egress VPC Use VPC peering to send traffic through the centralized NAT gateways.
3. C. Use VPC endpoints to send traffic to AWS services in the same Region.
4. D. Move to a centralized NAT gateway architecture with NAT gateways deployed in an egress VPC Use AWS Transit Gateway to send traffic through the centralized NAT gateways.

Correct Answer: B

Your company maintains an Amazon Route 53 private hosted zone. DNS resolution is restricted to a single, pre-existing VPC. For a new application deployment, you create an additional VPC in the same AWS account. Both this new VPC and your on-premises DNS infrastructure must resolve records in the existing private hosted zone.
Which two activities are required to enable DNS resolution both within the new VPC and from the on-premises infrastructure? (Select two.)

1. A. Update the DHCP options set for the new VPC with the Route 53 nameserver IP addresses.
2. B. Update the Route 53 private hosted zone’s VPC associations to include the new VPC.
3. C. Launch Amazon EC2-based DNS proxies in the new VP
4. D. Specify the proxies as forwarders in the on-premises DNS.
5. E. Update the on-premises DNS to include forwarders to the Route 53 nameserver IP addresses.
6. F. Launch Amazon EC2-based DNS proxies in the new VP
7. G. Specify the proxies in the DHCP options set.

Correct Answer: BD