What might be happening?

You are implementing a URL whitelisting system for a company that wants to restrict outbound
HTTP/S connections to specific domains from their EC2-hosted applications.
You deploy a single EC2 instance running proxy software and configure it to accept traffic from all
subnets and EC2 instances in the VPC.
You configure the proxy to only pass through traffic to domains that you define in its whitelist
configuration.
You have a nightly maintenance window of 10 minutes where all instances fetch new software
updates. Each update is about 200MB in size and there are 500 instances in the VPC that
routinely fetch updates. After a few days you notice that some machines are falling to
successfully download some, but not all, of their updates within the maintenance window.
The download URLs used for these updates are correctly listed in the proxy’s whitelist
configuration and you are able to access them manually using a web browser on the instances.
What might be happening? Choose 2 answers

You are implementing a URL whitelisting system for a company that wants to restrict outbound
HTTP/S connections to specific domains from their EC2-hosted applications.
You deploy a single EC2 instance running proxy software and configure it to accept traffic from all
subnets and EC2 instances in the VPC.
You configure the proxy to only pass through traffic to domains that you define in its whitelist
configuration.
You have a nightly maintenance window of 10 minutes where all instances fetch new software
updates. Each update is about 200MB in size and there are 500 instances in the VPC that
routinely fetch updates. After a few days you notice that some machines are falling to
successfully download some, but not all, of their updates within the maintenance window.
The download URLs used for these updates are correctly listed in the proxy’s whitelist
configuration and you are able to access them manually using a web browser on the instances.
What might be happening? Choose 2 answers

A.
You are running the proxy on an undersized EC2 instance type so network throughput is not
sufficient for all instances to download their updates in time

B.
You are running the proxy on a sufficiently-sized EC2 instance in a private subnet and its network
throughput is being throttled by a NAT running on an undersized EC2 instance

C.
The route table for the subnets containing the affected EC2 instances is not configured to direct
network traffic for the software update locations to the proxy

D.
You have not allocated enough storage to the EC2 instance running the proxy so the network
buffer is filling up, causing some requests to fail

E.
You are running the proxy in a public subnet but have not allocated enough EIPs to support the
needed network throughput through the Internet Gateway (IGW)

Explanation:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-ec2-config.html



Leave a Reply 4

Your email address will not be published. Required fields are marked *


Luyong

Luyong

I think A and B are correct! For D, storage is not the key but the bandwith, I think it is wrong answer.

Sumit Kumar

Sumit Kumar

affluently sized instance

Unnat

Unnat

Ans A & B

D is incorrect because updates are not getting stored at the proxy server.

Alttab

Alttab

What’s the purpose of a proxy? To cache things. This means that if only a few clients have problems with the content, outbound network bottleneck is out of the picture, same goes for storage (it is allready stored in the disk cache of the proxy).
This excludes B D and E

A is a no-brainer and one of the answers for sure.
C could theoretically be the problem, but why do they fail all the sudden?

This is a bad question.