A company is connecting to a VPC over an AWS Direct Connect using a private VIF, and a dynamic VPN connection as a backup. The company's Reliability
Engineering team has been running failover and resiliency tests on the network and the existing VPC by simulating an outage situation on the Direct Connect connection. During the resiliency tests, traffic failed to switch over to the backup VPN connection.
How can this failure be troubleshot?

A. Ensure that Bidirectional Forwarding Detection is enabled on the Direct Connect connection

B. Confirm that the same routes are being advertised over both the VPN and Direct Connect.

C. Reconfigure the Direct Connect session from static routes to Border Gateway Protocol (BGP) peering.

D. Configure a virtual private gateway for the VPN and another virtual private gateway for Direct Connect.

You have been asked to monitor traffic flows on your Amazon EC2 instance. You will be performing deep packet inspection, looking for atypical patterns.
Which tool will enable you to look at this data?

A. Wireshark

B. VPC Flow Logs

C. AWS CLI

D. CloudWatch Logs

You have 3 VPCs that need to be able to pass traffic. In what two ways can you achieve this? (Choose two.)

A. Peer each VPC to every other VPC to create a full mesh peering.

B. Peer them, VPC peering allows transitive peering as of December 2017.

C. Call AWS to enable transitive peering.

D. Create VPNs between them and adjust the routing tables accordingly.

Which service is used by default to store the CloudTrail log files?

A. Elastic Block Store (EBS)

B. Redshift

C. Simple Storage Service (S3)

D. Glacier

To directly manage your CloudTrail security layer, you can use ____ for your CloudTrail log files

A. SSE-S3

B. SCE-KMS

C. SCE-S3

D. SSE-KMS

A Systems Administrator is designing a hybrid DNS solution with spilt-view. The apex-domain `example.com` should be served through name servers across multiple top-level domains (TLDs). The name server for subdomain `dev.example.com` should reside on-premises. The administrator has decided to use Amazon
Route 53 to achieve this scenario.
What procedurals steps must be taken to implement the solution?

A. Use a Route 53 public hosted zone for example.com and a private hosted zone for dev.example.com

B. Use a Route 53 public and private hosted zone for example.com, and perform subdomain delegation for dev.example.com

C. Use a Route 53 public hosted zone for example.com, and perform subdomain delegation for dev.example.com

D. Use a Route 53 private hosted zone for example.com, and perform subdomain delegation for dev.example.com

Which two choices can serve as a directory service for WorkSpaces? (Choose two.)

A. Simple AD

B. Enhanced AD

C. Direct Connection

D. AWS Microsoft AD

You wish to access all European regions using your Direct Connect connection. How should you accomplish this?

A. Peer VPCs in the different regions and connect DX to one of the regions to communicate with the other.

B. Use a DX Gateway.

C. Find the prefix list for the other region and add it to your route table.

D. One DX connection will connect you to all regions.

You can use the ____ command of the AWS Config service CLI to see the compliance state of each of your rules.

A. get-compliance-details-by-resource

B. describe-compliance-by-config-rule

C. get-compliance-details-by-config-rule

D. describe-compliance-by-resource

A company has an AWS Direct Connect connection between its on-premises data center and Amazon VPC. An application running on an Amazon EC2 instance in the VPC needs to access confidential data stored in the on-premises data center with consistent performance. For compliance purposes, data encryption is required.
What should the network engineer do to meet these requirements?

A. Configure a public virtual interface on the Direct Connect connection. Set up an AWS Site-to-Site VPN between the customer gateway and the virtual private gateway in the VPC.

B. Configure a private virtual interface on the Direct Connect connection. Set up an AWS Site-to-Site VPN between the customer gateway and the virtual private gateway in the VPC.

C. Configure an internet gateway in the VPC. Set up a software VPN between the customer gateway and an EC2 instance in the VPC.

D. Configure an internet gateway in the VPC. Set up an AWS Site-to-Site VPN between the customer gateway and the virtual private gateway in the VPC.

An AWS Config rule can be set to be evaluated if a certain set of resources undergoes a configuration change. The set of resources to which the rule applies can be restricted by the rule's ____, which can include a combination of a resource type and a resource ID, for example.

A. trigger

B. domain

C. manifest

D. scope

A company has applications running in a single AWS Region and its on-premises data center in a hybrid mode. The company has a 1 Gbps AWS Direct Connect connection from the data center to AWS that is 65% utilized. The company has an AWS Enterprise Support plan.
The company is planning to deploy a new critical application on AWS that will connect with existing applications running in the data center. The application SLA requires a minimum of 99.9% network uptime between the data center and AWS.
What is the MOST cost-effective way to meet this SLA requirement?

A. Create a second virtual interface (VIF) on the existing Direct Connect connection, and terminate this VIF in the existing VPC. Use BGP for load balancing between the VIFs in active/active mode.

B. Purchase an additional 1 Gbps Direct Connect connection from AWS in a different cross-connect location terminated in the associated Region. Provision a new virtual interface (VIF) to the existing VPC, and use BGP for load balancing.

C. Set up two new hosted Direct Connect connections of 500 Mbps each through an AWS Direct Connect partner. Provision two virtual interfaces (VIFs) to the existing VPC on both Direct Connect connections, and use BGP for load balancing. Terminate the existing 1 Gbps Direct Connect connection.

D. Purchase an additional 1 Gbps Direct Connect connection from AWS in the existing cross-connect location. Ask AWS to terminate this new connection in a different router. Provision two virtual interfaces (VIFs) to the same VPC on both Direct Connect connections, and use BGP for load balancing.

By default, all AWS accounts are limited to ____ EIPs, because public (IPv4) Internet addresses are a scarce public resource.

A. 5

B. 8

C. 6

D. 2

A company's application runs in a VPC and stores sensitive data in Amazon S3. The application's Amazon EC2 instances are located in a private subnet with a
NAT gateway deployed in a public subnet to provide access to Amazon S3. The S3 bucket is located in the same AWS Region as the EC2 instances. The company wants to ensure that this bucket can be accessed only from the VPC where the application resides.
Which changes should a network engineer make to the architecture to meet these requirements?

A. Delete the existing S3 bucket and create a new S3 bucket inside the VPC in the private subnet. Configure the S3 security group to allow only the application instances to access the bucket.

B. Deploy an S3 VPC endpoint in the VPC where the application resides. Configure an S3 bucket policy with a condition to allow access only from the VPC endpoint.

C. Configure an S3 bucket policy, and use an IP address condition to restrict access to the bucket. Allow access only from the VPC CIDR range, and deny all other IP address ranges.

D. Create a new IAM role for the EC2 instances that provides access to the S3 bucket, and assign the role to the application instances. Configure an S3 bucket policy to allow access only from the role.

You have a hybrid environment in which your VPC queries your on-premises DNS server for up resources in your environment. The EC2 instances in your VPC are unable to resolve on-premises resources.
What are two possible reasons for this problem? (Choose two.)

A. Your NACL is blocking UDP port 53 outbound

B. Your security group is blocking port 53 inbound

C. Your NACL is blocking TCP port 53 outbound.

D. Your on-premises firewall is blocking port 443

Your company has two DX locations. You need to configure one link as passive. What should you configure in your router to set that link as the passive link.

A. Set a higher MED.

B. Configure AS_PATH Prepending on the link.

C. Advertise a network with a higher CIDR.

D. Call your service provider and have the ASN changed for that link.

Your company needs to leverage Amazon Simple Storage Solution (S3) for backup and archiving. According to company policy, data should not flow on the public
Internet even if data is encrypted. You have set up two S3 buckets in us-east-1 and us-west-2. Your company data center is located on the West Coast of the
United States. The design must be cost-effective and enable minimal latency.
Which design should you set up?

A. An AWS Direct Connect connection to us-east-1 and a Direct Connect connection to us-west-2.

B. An AWS Direct Connect connection to us-east-1.

C. An AWS Direct Connect connection to us-west-2.

D. An AWS Direct Connect connection to us-west-2 and a VPN connection to us-east-1.

You have a DX connection and a VPN connection as backup for your 10.0.0.0/16 network. You just received a letter indicating that the colocation provider hosting the DX connection will be undergoing maintenance soon. It is critical that you do not experience any downtime or latency during this period.
What is the best course of action?

A. Configure the VPN as a static VPN instead of dynamic.

B. Configure AS_PATH Prepending on the DX connection to make it the less preferred path.

C. Advertise 10.0.0.0/9 and 10.128.0.0/9 over your VPN connection.

D. None of the above.

You have a hybrid infrastructure and you have configured your own DNS server on an EC2 instance in your 10.1.3.0/24 subnet. This subnet resides on the VPC
10.1.0.0/16. You need your data center to be able to resolve Route 53 queries in your private hosted zone. What do you need to do to accomplish this?

A. Disable the source/destination check flag for the DNS instance.

B. Configure your DNS server to forward queries for the private hosted zone to 10.1.3.2.

C. Configure your DNS server to forward queries for the private hosted zone to 10.1.0.2.

D. Configure the VPC DHCP option set in the VPC to point to the EC2 DNS server.

An organization has ordered a new AWS Direct Connect connection. The AWS Management Console reports that the connection is available and BGP status is up. However, the networking team is not able to reach instances in the VPC using ping on the organization's private IP address.
What could cause this connectivity issue? (Choose two.)

A. The VGW is not advertising the correct CIDR range back on-premises.

B. The instance security group does not allow ICMP traffic.

C. A public virtual interface must be configured for Amazon EC2 connectivity.

D. The on-premises router is not advertising the correct CIDR range to AWS.

E. There is a misconfiguration of the bi-directional forwarding detection.

You received reports from clients in another time zone that they experienced an outage of your website several hours before you arrived at work. What two AWS services could prove crucial in figuring out what happened? (Choose two.)

A. AWS Support

B. CloudTrail

C. CloudWatch

D. Flow Logs

Which service would you use to see CPU usage?

A. CloudTrail

B. Config

C. CloudWatch

D. None of the above

You need to find the subnet, the security group and the VPC that your instance is associated with. You only have access to the terminal of an instance with an admin role attached.
What is the first part of the command you would use?

A. aws ec2 describe-network-acl

B. aws ec2 describe-instances

C. aws vpc describe-all

D. aws ec2 describe-security-groups

Considering the rules of IPv4 subnetting, how many subnets and hosts per subnet are possible given the following network 192.168.130.130/28? (in this question ignore the fact that AWS reserves 5 IP addresses)

A. 8 subnets and 30 hosts per subnet

B. 16 subnets and 14 hosts per subnet

C. 32 subnets and 30 hosts per subnet

D. 8 subnets and 14 hosts per subnet

To connect to public AWS products such as Amazon EC2 and Amazon S3 through the AWS Direct Link, which step is NOT required?

A. Provide public IP address (/31) for each Border Gateway Protocol (BGP) session.

B. Allocate a Private IP address to your network in 172.x.x.x range.

C. Provide the public routes that you will advertise over Border Gateway Protocol (BGP).

D. Provide a public Autonomous System Number (ASN) that you own or a private one to identify your network on the Internet.

You would like to ensure that all Amazon S3 buckets going forward, current and newly created ones, have logging enabled. What type of trigger(s) should you use?

A. only a periodic trigger

B. only a configuration change trigger

C. both configuration change and periodic triggers

D. only a transitioning trigger

To determine whether a log file was modified, deleted, or unchanged after CloudTrail delivered it, you can use ____.

A. trusted signers

B. optimistic locking

C. integrity validation

D. root credentialing

An AWS account owner has setup multiple IAM users. One of these IAM users, named John, has CloudWatch access, but no access to EC2 services. John has setup an alarm action which stops EC2 instances when their CPU utilization is below the threshold limit. When an EC2 instance's CPU Utilization rate drops below the threshold John has set, what will happen and why?

A. Nothing will happen. John cannot set an alarm on EC2 since he does not have the permission.

B. CloudWatch will stop the instance when the action is executed

C. Nothing will happen because it is not possible to stop the instance using the CloudWatch alarm

D. Nothing will happen. John can setup the action, but it will not be executed because he does not have EC2 access through IAM policies.

From the following options, select the answer that correctly describes the implementation of the HTTP protocol

A. By definition, HTTP is a connection-less oriented protocol and therefore utilises TCP

B. By definition, HTTP is a connection orientated protocol and therefore utilises TCP

C. By definition, HTTP is a connection-less oriented protocol and therefore utilises UDP

D. By definition, HTTP can be configured to be either connection or connection-less oriented ג€” by specifying the appropriate HTTP header.

An organization launched an IPv6-only web portal to support IPv6-native mobile clients. Front-end instances launch in an Amazon VPC associated with an appropriate IPv6 CIDR. The VPC IPv4 CIDR is fully utilized. A single subnet exists in each of two Availability Zones with appropriately configured IPv6 CIDR associations. Auto Scaling is properly configured, and no Elastic Load Balancing is used.
Customers say the service is unavailable during peak load times. The network engineer attempts to launch an instance manually and receives the following message: `There are not enough free addresses in subnet `˜subnet-12345678' to satisfy the requested number of instances.`
What action will resolve the availability problem?

A. Create a new subnet using a VPC secondary IPv6 CIDR, and associate an IPv6 CIDR. Include the new subnet in the Auto Scaling group.

B. Create a new subnet using a VPC secondary IPv4 CIDR, and associate an IPv6 CIDR. Include the new subnet in the Auto Scaling group.

C. Resize the IPv6 CIDR on each of the existing subnets. Modify the Auto Scaling group maximum number of instances.

D. Add a secondary IPv4 CIDR to the Amazon VPC. Assign secondary IPv4 address space to each of the existing subnets.

Your company needs an inexpensive solution to host their AD data in the cloud. They do not need all of the features of AD but do need to be able to use it with
WorkSpaces. What is the best solution?

A. AD Connector

B. Hosted Microsoft AD

C. Simple AD

D. Deploy an AD server on an M3.large instance

An organization has multiple applications running in VPCs across multiple AWS accounts. The network engineer has deployed a central VPC with a pair of software VPN instances that run IPSec tunnels with dynamic routing to VGWs of all application VPCs. This central VPC is connected to on-premises resources via a Direct Connect connection using a private VIF.
What additional configuration is required to enable the applications in VPCs to communicate with each other and access on-premises resources?

A. Configure each application VPC with a static route entry pointing the on-premises CIDR block to the software VPN instances.

B. Configure the central VPC with a static route entry pointing the on-premises CIDR block to local VGWs.

C. Advertise all application VPC CIDR blocks to on-premises resources via the VGW in the central VPC.

D. Configure IPSec tunnels from the on-premises router into the software VPN instances with dynamic routing.

You have several VPCs that are peered. Each VPC has several routes to different subnets. Over the years, your company has acquired many companies. You find that traffic destined for one VPC ends up going to another.
What is the best way to remedy this?

A. Move the route table entry for the proper VPC higher in the list.

B. Adjust your routes so the proper VPC has a higher CIDR.

C. Move the route table entry for the proper VPC lower in the list.

D. Adjust your routes so the proper VPC has a lower CIDR.

You can use the ____ command of the AWS Config service CLI to see the compliance state for each AWS resource of a specific type.

A. describe-compliance-by-resource

B. get-compliance-details-by-config-rule

C. describe-compliance-by-config-rule

D. get-compliance-details-by-resource

A Network Engineer has enabled VPC Flow Logs to troubleshoot an ICMP reachability issue for an echo reply from an Amazon EC2 instance. The flow logs reveal an ACCEPT record for the request from the client to the EC2 instance, and a REJECT record for the response from the EC2 instance to the client.
What is the MOST likely reason for there to be a REJECT record?

A. The security group is denying inbound ICMP.

B. The network ACL is denying inbound ICMP.

C. The security group is denying outbound ICMP.

D. The network ACL is denying outbound ICMP.

You ping an Amazon Elastic Compute Cloud (EC2) instance from an on-premises server. VPC Flow Logs record the following:
2 123456789010 eni-1235b8ca 10.123.234.78 172.11.22.33 0 0 1 8 672 1432917027
1432917142 ACCEPT OK
2 123456789010 eni-1235b8ca 172.11.22.33 10.123.234.78 0 0 1 4 336 1432917027
1432917082 ACCEPT OK
2 123456789010 eni-1235b8ca 172.11.22.33 10.123.234.78 0 0 1 4 336 1432917094
1432917142 REJECT OK
Why are ICMP responses not received by the on-premises system?

A. The inbound network access control list is blocking the traffic

B. The outbound network access control list is blocking the traffic

C. The inbound security group is blocking the traffic.

D. The outbound security group is blocking the traffic.

Imagine you are using AWS Direct Connect with just one connection from your router to the AWS Direct Connect router. If your connection becomes unavailable, the communication with AWS cloud is lost. What is the best method to prevent this from happening?

A. AWS Direct Connect neither provides BGP nor provides the failover.

B. AWS Direct Connect recommends to have the same configuration set up in a multi AZ zone to prevent such loss in connections.

C. AWS Direct Connect recommends that you request and configure two dedicated connections to AWS either using BGP Multipath (Active/Active) connection or the failover (Active/Passive) connection.

D. AWS Direct connect does not have a provision to prevent the situation but when you design the system, it is recommended to request a back-up instance to which the traffic can be re-routed.

A company has recently established an AWS Direct Connect connection from its on-premises data center to AWS. A Network Engineer has blocked all traffic destined for Amazon S3 over the company's gateway to the internet from its on-premises firewall. S3 traffic should only traverse the Direct Connect connection.
Currently, no one in the on-premises data center can access Amazon S3.
Which solution will resolve this connectivity issue?

A. Configure a private virtual interface on the Direct Connect connection. Update the on-premises routing tables to choose Direct Connect as the preferred next hop for traffic destined for Amazon S3.

B. Establish an S3 VPC endpoint for the company’s Amazon VPC. Configure a private virtual interface on the Direct Connect connection. Update the on-premises routing tables to choose Direct Connect as the preferred next hop.

C. Configure a public virtual interface on the Direct Connect connection. Update the on-premises routing tables to choose Direct Connect as the preferred next hop for traffic destined for Amazon S3.

D. Configure a public virtual interface on the Direct Connect connection. Establish an AWS managed VPN over the connection. Update the on-premises routing tables to choose the VPN connection as the preferred next hop.

You need to find the MTU used by another instance, but tracepath is not working. You know the instance you are trying to tracepath has open security group and
NACL rules. Which protocol do you need to allow to access your instance to remedy this?

A. Protocol 6: TCP

B. Protocol 47: GRE

C. Protocol 17: UDP

D. Protocol 1: ICMP

A company has a VPC in the us-west-1 Region and another VPC in the ap-southeast-2 Region. Network engineers set up an AWS Direct Connect connection from their data center to the us-east-1 Region. They create a private virtual interface (VIF) that references a Direct Connect gateway, which is then connected to virtual private gateways in both VPCs. When the setup is complete, the engineers cannot access resources in us-west-1 from ap-southeast-2.
What should the network engineers do to resolve this issue?

A. Add the subnet range for the VPCs in us-west-1 and ap-southeast-2 to the route tables for both VPCs. Add the Direct Connect gateway as a target.

B. Configure the Direct Connect gateway to route traffic between the VPCs in ap-southeast-2 and us-west-2.

C. Establish a VPC peering connection between the VPCs in ap-southeast-2 and us-west-2. Add the subnet ranges to the routing tables.

D. Create static routes in each VPC that point to the destination VPC with the virtual private gateway as the route target.

All IP addresses within a 10.0.0.0/16 VPC are fully utilized with application servers across two Availability Zones. The application servers need to send frequent
UDP probes to a single central authentication server on the Internet to confirm that it is running up-to-date packages. The network is designed for application servers to use a single NAT gateway for internal access. Testing reveals that a few of the servers are unable to communicate with the authentication server.
What is the reason for this failure?

A. The NAT gateway does not support UDP traffic.

B. The authentication server is not accepting traffic.

C. The NAT gateway cannot allocate more ports.

D. The NAT gateway is launched in a private subnet.

A Network Engineer needs to be automatically notified when a certain TCP port is accessed on a fleet of Amazon EC2 instances running in an Amazon VPC.
Which of the following is the MOST reliable solution?

A. Create an inbound rule in the VPC’s network ACL that matches the TCP port. Create an Amazon CloudWatch alarm on the NetworkPackets metric for the ACL that uses Amazon SNS to notify the Administrator when the metric is greater than zero.

B. Install intrusion detection software on each Amazon EC2 instance and configure it to use the AWS CLI to notify the Administrator with Amazon SNS each time the TCP port is accessed.

C. Create VPC Flow Logs that write to Amazon CloudWatch Logs, with a metric filter matching connections on the required port. Create a CloudWatch alarm on the resulting metric that uses Amazon SNS to notify the Administrator when the metric is greater than zero.

D. Install intrusion detection software on each Amazon EC2 instance and configure it to use the AWS CLI to publish to a custom Amazon CloudWatch metric each time the TCP port is accessed. Create a CloudWatch alarm on the resulting metric that uses Amazon SNS to notify the Administrator when the metric is greater than zero.

A company uses a single connection to the internet when connecting its on-premises location to AWS. It has selected an AWS Partner Network (APN) Partner to provide a point-to-point circuit for its first-ever 10 Gbps AWS Direct Connect connection.
What steps must be taken to order the cross-connect at the Direct Connect location?

A. Obtain the LOA/CFA from the APN Partner when ordering connectivity. Upload it to the AWS Management Console when creating a new Direct Connect connection. AWS will ensure that the cross-connect is installed.

B. Obtain the LOA/CFA from the AWS Management Console when ordering the Direct Connect connection. Provide it to the APN Partner when ordering connectivity. The Direct Connect partner will ensure that the cross-connect is installed.

C. Obtain one LOA/CFA each from the AWS Management Console and the APN Partner. Provide both to the Facility Operator of the Direct Connect location. The facility operator will ensure that the cross-connect is installed.

D. Identify the APN Partner in the AWS Management Console when creating the Direct Connect connection. Provide the resulting Connection ID to the APN Partner, who will ensure that the cross-connect is installed.

AWS Config flags a resource as ____ if a resource violates any conditions of an AWS Config rule that it evaluates on the resource in question.

A. corrupted

B. noncompliant

C. invalid

D. misconfigured

What are two reasons that could cause an HTTP health check to fail? (Choose two.)

A. Security group blocking port 80 to the instance

B. HTTP server not running

C. No Internet Gateway

D. NACL blocking port 443 to the instance

Your organization leverages an IP Address Management (IPAM) product to manage IP address distribution. The IPAM exposes an API. Development teams use
CloudFormation to provision approved reference architectures. At deployment time, IP addresses must be allocated to the VPC. When the VPC is deleted, the
IPAM must reclaim the VPC's IP allocation.
Which method allows for efficient, automated integration of the IPAM with CloudFormation?

A. AWS CloudFormation parameters using the ג€Ref::ג€ intrinsic function

B. AWS CloudFormation custom resource using an AWS Lambda invocation.

C. CloudFormation::OpsWorks::Stack with custom Chef configuration.

D. AWS CloudFormation parameters using the ג€Fn::FindInMapג€ intrinsic function.

You work for an international corporation that uses AWS. Due to regulations, you are now required to route the US and China to two different websites. You set up the records and now no other countries can access your site.
Why is this?

A. You forgot to set a default geolocation record.

B. You probably broke your DNS.

C. You must have a geolocation in place for every country.

D. Geolocation features are only available in CloudFront.

An organization is using a VPC endpoint for Amazon S3. When the security group rules for a set of instances were initially configured, access was restricted to allow traffic only to the IP addresses of the Amazon S3 API endpoints in the region from the published JSON file. The application was working properly, but now is logging a growing number of timeouts when connecting with Amazon S3. No internet gateway is configured for the VPC.
Which solution will fix the connectivity failures with the LEAST amount of effort?

A. Create a Lambda function to update the security group based on AmazonIPSpaceChanged notifications.

B. Update the VPC routing to direct Amazon S3 prefix-list traffic to the VPC endpoint using the route table APIs.

C. Update the application server’s outbound security group to use the prefix-list for Amazon S3 in the same region.

D. Create an additional VPC endpoint for Amazon S3 in the same route table to scale the concurrent connections to Amazon S3.

An AWS CloudTrail log file provides the identity and source IP address of the API caller, and a time of the API call, request parameters, and ____.

A. response elements

B. event selectors

C. port alarms

D. destination buckets

Your organization uses a VPN to connect to your VPC but must upgrade to a 1-G AWS Direct Connect connection for stability and performance. Your telecommunications provider has provisioned the circuit from your data center to an AWS Direct Connect facility and needs information on how to cross-connect
(e.g., which rack/port to connect).
What is the AWS-recommended procedure for providing this information?

A. Create a support ticket. Provide your AWS account number and telecommunications company’s name and where you need the Direct Connect connection to terminate.

B. Create a new connection through your AWS Management Console and wait for an email from AWS with information.

C. Ask your telecommunications provider to contact AWS through an AWS Partner Channel. Provide your AWS account number.

D. Contact an AWS Account Manager and provide your AWS account number, telecommunications company’s name, and where you need the Direct Connect connection to terminate.