Networking & content delivery

A company wants to distribute incoming HTTP/HTTPS traffic across multiple EC2 instances and route requests based on URL path. Which load balancer should be used?

• A Network Load Balancer
• B Application Load Balancer ✓
• C Gateway Load Balancer
• D Classic Load Balancer

Answer: The Application Load Balancer operates at Layer 7 and supports content-based routing such as path-based and host-based rules, making it ideal for HTTP/HTTPS traffic.

A solutions architect must allow EC2 instances in a private subnet to download software updates from the internet without allowing inbound connections from the internet. What should be used?

• A An internet gateway attached to the private subnet
• B A NAT gateway in a public subnet ✓
• C A VPC peering connection
• D An egress-only internet gateway for IPv4

Answer: A NAT gateway in a public subnet lets instances in private subnets initiate outbound internet connections (such as updates) while blocking unsolicited inbound traffic.

A solutions architect wants to restrict access to an S3 bucket so it can only be reached from within a VPC, without traversing the public internet. What should be configured?

• A A NAT gateway
• B A VPC gateway endpoint for S3 ✓
• C An internet gateway
• D A Direct Connect link

Answer: A VPC gateway endpoint for S3 enables private connectivity between the VPC and S3 over the AWS network, avoiding the public internet and improving security.

A solutions architect needs to provide a private, dedicated, consistent network connection between an on-premises data center and AWS. Which service should be used?

• A Site-to-Site VPN
• B AWS Direct Connect ✓
• C VPC peering
• D AWS Transit Gateway

Answer: AWS Direct Connect establishes a dedicated private network connection between on-premises and AWS, providing consistent, low-latency bandwidth that does not traverse the public internet.

A company needs to route a fixed percentage of traffic to two different application versions for testing. Which Route 53 routing policy supports this?

• A Failover routing
• B Weighted routing ✓
• C Geolocation routing
• D Simple routing

Answer: Weighted routing in Route 53 distributes traffic across multiple resources based on assigned weights, enabling controlled testing such as splitting traffic by percentage.

A static website is hosted in an S3 bucket. The company wants to serve it over HTTPS with a custom domain and low latency. Which service should be added?

• A An Application Load Balancer
• B Amazon CloudFront with an ACM certificate ✓
• C A NAT gateway
• D AWS Global Accelerator

Answer: Amazon CloudFront can serve content from S3 over HTTPS using an ACM certificate with a custom domain, while caching at edge locations for low latency.