Which three statements are correct about VPC flow logs? (Choose three.)
Instance Metadata Traffic:
VPC flow logs do not capture traffic to and from the link-local address 169.254.169.254, which is used for accessing instance metadata (Option A).
DHCP Traffic:
DHCP traffic is not captured by VPC flow logs. This is because DHCP relies on broadcast and multicast traffic, which is excluded from flow logs (Option B).
Security Monitoring:
VPC flow logs can be used as a security tool to monitor the traffic that is reaching the instances. By analyzing the flow logs, administrators can detect suspicious activities and troubleshoot connectivity issues (Option D).
Other Considerations:
Option C is incorrect because flow logs do capture traffic to the reserved IP address of the default VPC router.
Option E is incorrect as VPC flow logs do not provide real-time log streams but rather capture data at intervals and deliver them to CloudWatch or S3.
An organization has the requirement to connect a data VPC to the on-premises infrastructure of a branch office in a hybrid cloud environment. The connectivity needs the higher bandwidth but the organization does not want to use multiple connections between sites.
Which AWS solution meets the requirement?
Understanding the Requirement:
The organization needs to connect a data VPC to the on-premises infrastructure with high bandwidth.
The solution should avoid multiple connections between sites.
Transit Gateway Connect:
Transit Gateway Connect is designed to integrate with SD-WAN networks and provides scalable bandwidth using GRE tunnels.
It simplifies hybrid cloud connectivity by allowing high bandwidth connections without the need for multiple physical connections.
Benefits of Transit Gateway Connect:
Supports scalable bandwidth through GRE tunnels.
Facilitates seamless integration with on-premises and cloud environments.
Reduces complexity by avoiding the need for multiple VPN connections.
Comparison with Other Options:
Option A (Transit VPC with IPSec) is not preferred due to complexity and potential limitations in bandwidth scalability.
Option B (Internet Gateway) is not suitable for private, high-bandwidth connections.
Option C (Transit Gateway multicast) does not address the requirement for high bandwidth in a hybrid cloud setup.
AWS Transit Gateway Documentation: AWS Transit Gateway Connect
Refer to the exhibit.
Traffic is initiated from the EC2 instance and is destined for the internet.
Which traffic flow is correct?
Understanding the Architecture:
The architecture includes an EC2 instance in a private subnet, a Gateway Load Balancer Endpoint (GWLBe), a NAT Gateway (NAT GW), and an Internet Gateway (IGW).
Route Tables and Routing:
The private route table for the subnet containing the EC2 instance has a route pointing to the GWLBe for internet-bound traffic.
The public route table for the subnet containing the NAT Gateway has routes to the IGW.
Traffic Flow Analysis:
Traffic initiated from the EC2 instance destined for the internet will first be routed to the GWLBe as per the private route table.
The GWLBe will forward the traffic to the NAT Gateway.
The NAT Gateway will then route the traffic to the IGW, which finally sends the traffic to the internet.
Comparison with Other Options:
Option A suggests direct routing to the NAT GW from the EC2 instance, which is incorrect.
Option B incorrectly states there is no route to the internet in the private route table.
Option D suggests direct routing from GWLBe to the internet, which is not the case.
Refer to the exhibit.
An organization deployed the application servers in the AWS VPC that connects to the corporate data center using Transit Gateway Connect. Demand for the applications has grown and the connection requires more bandwidth.
What is required to achieve higher bandwidth?
Understanding Transit Gateway Connect:
Transit Gateway Connect is a feature of AWS Transit Gateway that simplifies the integration of SD-WAN networks with AWS. It uses Generic Routing Encapsulation (GRE) tunnels to facilitate this connection.
GRE Tunnels and Bandwidth:
GRE tunnels can dynamically scale to meet increasing bandwidth demands. They allow multiple tunnels between the same endpoints, which can aggregate bandwidth without requiring additional configuration.
Scaling Bandwidth with GRE:
The GRE protocol used by Transit Gateway Connect can support high bandwidth requirements by spreading traffic across multiple tunnels. As demand grows, additional tunnels can be automatically used to handle the increased traffic load.
Comparison with Other Options:
Option A suggests using public IP addresses, which is not relevant to bandwidth scaling.
Option B is incorrect because bandwidth can be increased through GRE scaling.
Option D suggests adding a Transit VPC, which is unnecessary for increasing bandwidth when using Transit Gateway Connect.
A customer has implemented GWLB between the partner and application VPCs. FortiGate appliances are deployed in the partner VPC with multiple AZs to inspect traffic transparently.
Which two things will happen to application traffic based on the GWLB deployment? (Choose two.)
Understanding Gateway Load Balancer (GWLB):
GWLB is designed to distribute traffic across multiple appliances for both inbound and outbound traffic, providing scalability and high availability.
Traffic Load Balancing:
GWLB can send traffic to multiple FortiGate appliances for load balancing purposes, ensuring efficient use of resources (Option A).
Stateful Processing:
For stateful processing, GWLB ensures that traffic flows (both inbound and outbound) for a given connection are directed to the same FortiGate appliance. This maintains session integrity (Option B).
Preservation and Hashing of Traffic:
Options C and D are incorrect as they suggest incorrect behavior regarding traffic content preservation and hashing for data integrity, which are not primary functions of GWLB.
AWS Gateway Load Balancer Documentation: AWS Gateway Load Balancer
FortiGate Integration with GWLB: Fortinet Documentation
