⬆️ Amazon Web Services Certified (AWS Certified) Solutions Architect Associate (SAA-C03) Practice Tests Exams Questions & Answers
❣️ Please support us by purchasing this course on Udemy in an interactive version with the discounted link. If you're working for a company, you could most probably easily claim this expense during preparation for your exam. For us, it's to be, or not to be, in the game.
🛍️ Alternatively, you can buy the PDF with those questions on Etsy.
✨ This course is unlike any Amazon Web Services Certified (AWS Certified) Solutions Architect Associate (SAA-C03) course you will find online.
✋ Join a live online community and a course taught by industry experts and pass the Amazon Web Services Certified (AWS Certified) Solutions Architect Associate (SAA-C03) confidently. We aim to build an ecosystem of Information Technology (IT) certifications and online courses in cooperation with the technology industry. We believe it will give our students 100% confidence in the pacing market in an open-source environment. We are just at the beginning of our way, so it's even better for you to join now!
- Always happy to answer your questions on Udemy's Q&A's and outside :)
- Failed? Please submit a screenshot of your exam result and request a refund (via our upcoming platform, not possible on Udemy); we'll always accept it.
- Learn about topics, such as:
- Access Control;
- Amazon CloudFront;
- Amazon CloudWatch;
- Amazon DynamoDB;
- Amazon Elastic Block Store (Amazon EBS);
- Amazon Elastic Compute Cloud (Amazon EC2);
- Amazon Elastic MapReduce (Amazon EMR);
- Amazon Redshift;
- Amazon Relational Database Service (Amazon RDS);
- Amazon Resource Names (ARN);
- Amazon Route 53;
- Amazon Simple Storage Service (Amazon S3);
- Amazon Simple Queue Service (Amazon SQS);
- Authentication & Authorization;
- Availability Zones;
- AWS CloudFormation;
- AWS CloudTrail;
- AWS CodeCommit;
- AWS CodeDeploy;
- AWS Direct Connect;
- AWS Identity and Access Management (AWS IAM);
- AWS Key Management Service (AWS KMS);
- AWS Storage Gateway;
- Cloud Concepts;
- Compliancy, Governance, Identity & Privacy;
- Elastic IP (EIP);
- Inbound Data Traffic & Outbound Data Traffic;
- Input/Output operations Per Second (IOPS)
- Public & Private Cloud;
- Service Level Agreement (SLA);
- Software as a Service (SaaS);
- Virtual Private Clouds (VPC);
- Much More!
- Questions are similar to the actual exam, without duplications (like in other courses ;-)).
- The Practice Tests Exams simulate the actual exam's content, timing, and percentage required to pass the exam.
- This course is not an Amazon Web Services Certified (AWS Certified) Solutions Architect Associate (SAA-C03) Exam Dump. Some people use brain dumps or exam dumps, but that's absurd, which we don't practice.
- 650 unique questions.
v1.0.0: August 11, 2023.
- Launch of the course.
v1.0.1: November 8, 2023.
- Fix all remaining typos with support of automated proofreading software.
v1.0.2: January 18, 2024.
- Fix 1 wrong answer.
v1.0.3: February 21, 2024.
- Improve 1 question & fix its wrong answer.
We are so thankful for every contribution, which makes sure we can deliver top-notch content. Whenever you find a missing resource, broken link in a Table of Contents, the wrong answer, please submit an issue. Even better would be a Pull Request (PR).
- 👨🎓 Students preparing for the Amazon Web Services Certified (AWS Certified) Solutions Architect Associate (SAA-C03) Exam;
- 👨🎓 Amazon Web Services (AWS) Engineers;
- 👨🎓 Azure Engineers;
- 👨🎓 Cloud Architects;
- 👨🎓 Cloud Engineers;
- 👨🎓 DevOps Engineers;
- 👨🎓 Enterprise Architects;
- 👨🎓 Google Cloud Platform (GCP) Engineers;
- 👨🎓 Infrastructure Engineers;
- 👨🎓 Lead Engineers;
- 👨🎓 Product Architects;
- 👨🎓 Security Engineers;
- 👨🎓 Site Reliability Engineers;
- 👨🎓 Software Developers/Engineers;
- 👨🎓 Solution Architects;
- 👨🎓 Team Leaders.
- 🤩 Excitement to learn!
- 0️⃣ Prior knowledge is required;
- ✅ You can pass the Amazon Web Services Certified (AWS Certified) Solutions Architect Associate (SAA-C03) Exam solely based on our Practice Tests Exams.
- Object lifecycle and service access logging.
- Object versioning and Multi-factor authentication.
- Access controls and server-side encryption.
- Website hosting and Amazon S3 policies.
- One second.
- Five seconds.
- One minute.
- Three minutes.
- Five minutes.
A user has launched an EC2 instance. The instance got terminated as soon as it was launched. Which of the below mentioned options is not a possible reason for this?
- The user account has reached the maximum volume limit.
- The AMI is missing. It is the required part.
- The snapshot is corrupt.
- The user account has reached the maximum EC2 instance limit.
Your website is serving on-demand training videos to your workforce. Videos are uploaded monthly in high resolution MP4 format. Your workforce is distributed globally often on the move and using company-provided tablets that require the HTTP Live Streaming (HLS) protocol to watch a video. Your company has no video transcoding expertise and it required you may need to pay for a consultant. How do you implement the most cost-efficient architecture without compromising high availability and quality of video delivery'?
- A video transcoding pipeline running on EC2 using SQS to distribute tasks and Auto Scaling to adjust the number of nodes depending on the length of the queue. EBS volumes to host videos and EBS snapshots to incrementally backup original files after a few days. CloudFront to serve HLS transcoded videos from EC2.
- Elastic Transcoder to transcode original high-resolution MP4 videos to HL.
- EBS volumes to host videos and EBS snapshots to incrementally backup original files after a few days. CloudFront to serve HLS transcoded videos from EC2.
- Elastic Transcoder to transcode original high-resolution MP4 videos to HL.
- Amazon S3 to host videos with Lifecycle Management to archive original files to Glacier after a few days. CloudFront to serve HLStranscoded videos from S3.
- A video transcoding pipeline running on EC2 using SQS to distribute tasks and Auto Scaling to adjust the number of nodes depending on the length of the queue. S3 to host videos with Lifecycle Management to archive all files to Glacier after a few days. CloudFront to serve HLS transcoded videos from Glacier.
You are designing an intrusion detection prevention (IDS/IPS) solution for a customer web application in a single VPC. You are considering the options for implementing IOS IPS protection for traffic coming from the Internet. Which of the following options would you consider? (Choose 2 answers)
- Implement IDS/IPS agents on each Instance running in VPC.
- Configure an instance in each subnet to switch its network interface card to promiscuous mode and analyze network traffic.
- Implement Elastic Load Balancing with SSL listeners in front of the web applications.
- Implement a reverse proxy layer in front of web servers and configure IDS/ IPS agents on each reverse proxy server.
- Amazon S3 provides read-after-write consistency for any type of PUT or DELETE.
- Consistency is not guaranteed for any type of PUT or DELETE.
- A successful response to a PUT request only occurs when a complete object is saved.
- Partially saved objects are immediately readable with a GET after an overwrite PU.
- S3 provides eventual consistency for overwrite PUTS and DELETE.
How can the domain's zone apex, for example, 'myzoneapexdomain.com', be pointed towards an Elastic Load Balancer?
- By using an Amazon Route 53 Alias record.
- By using an AAAA record.
- By using an Amazon Route 53 CNAME record.
- By using an A record.
- If you have batch-oriented workloads.
- If you use production online transaction processing (OLTP) workloads.
- If you have workloads that are not sensitive to consistent performance.
Your department creates regular analytics reports from your company's log files All log data is collected in Amazon S3 and processed by daily Amazon Elastic MapReduce (EMR) jobs that generate daily PDF reports and aggregated tables in CSV format for an Amazon Redshift data warehouse. Which of the following alternatives will lower costs without compromising average performance of the system or data integrity for the raw data?
- Use reduced redundancy storage (RRS) for all data in S3. Use a combination of Spot Instances and Reserved Instances for Amazon EMR jobs. Use Reserved Instances for Amazon Redshift.
- Use reduced redundancy storage (RRS) for PDF and .csv data in S3. Add Spot Instances to EMR jobs. Use Spot Instances for Amazon Redshift.
- Use reduced redundancy storage (RRS) for PDF and .csv data in Amazon S3. Add Spot Instances to Amazon EMR jobs. Use Reserved Instances for Amazon Redshift.
- Use reduced redundancy storage (RRS) for all data in Amazon S3. Add Spot Instances to Amazon EMR jobs. Use Reserved Instances for Amazon Redshift.
Because of the extensibility limitations of striped storage attached to Windows Server, Amazon RDS does not currently support increasing storage on a [...] DB Instance.
- SQL Server.
- MySQL.
- Oracle.
In regards to IAM you can edit user properties later, but you cannot use the console to change the [...].
- user name.
- password.
- default group.
- Yes, EC2 Container Service supports any container service you need.
- Yes, EC2 Container Service also supports Microsoft container service.
- No, Docker is the only container platform supported by EC2 Container Service presently.
- Yes, EC2 Container Service supports Microsoft container service and Openstack.
Content and Media Server is the latest requirement that you need to meet for a client. The client has been very specific about his requirements such as low latency, high availability, durability, and access control. Potentially there will be millions of views on this server and because of 'spiky' usage patterns, operations teams will need to provision static hardware, network, and management resources to support the maximum expected need. The Customer base will be initially low but is expected to grow and become more geographically distributed. Which of the following would be a good solution for content distribution?
- Amazon S3 as both the origin server and for caching.
- AWS Storage Gateway as the origin server and Amazon EC2 for caching.
- AWS CloudFront as both the origin server and for caching.
- Amazon S3 as the origin server and Amazon CloudFront for caching.
- None of these.
- Amazon AppStream store.
- Amazon SNS store.
- Amazon Instance Store.
- Only if the tag 'VPC_Change_Group' is true.
- Yes. You can.
- No. You cannot.
- Only if the tag 'VPC Change Group' is true.
- Elastic IP Address.
- Class B IP Address.
- Class A IP Address.
- Dynamic IP Address.
- HTTP or HTTPS.
- TCP/IP.
- HTTP.
- HTTPS.
Which of the following services natively encrypts data at rest within an AWS region? (Choose 2 answers)
- AWS Storage Gateway.
- Amazon DynamoDB.
- Amazon CloudFront.
- Amazon Glacier.
- Amazon Simple Queue Service.
- A web server running in your infrastructure.
- Amazon S3.
- Amazon Glacier.
- A web server running on Amazon EC2 instances.
- possible for EBS volumes.
- reserved for the root device.
- recommended for EBS volumes.
- recommended for instance store volumes.
How can I change the security group membership for interfaces owned by other AWS, such as Elastic Load Balancing?
- By using the service specific console or APICLI commands.
- None of these.
- Using Amazon EC2 API/CLI.
- Using all these methods.
You have created a Route 53 latency record set from your domain to a machine in Northern Virginia and a similar record to a machine in Sydney. When a user located in US visits your domain he will be routed to
- Northern Virginia.
- Sydney.
- Both, Northern Virginia and Sydney.
- Depends on the Weighted Resource Record Sets.
In the context of MySQL, version numbers are organized as MySQL version = X.Y.Z. What does X denote here?
- Release level.
- Minor version.
- Version number.
- Major version.
- Distribution Type.
- Data Transfer Out.
- Dedicated IP SSL Certificates.
- Requests.
Just when you thought you knew every possible storage option on AWS you hear someone mention Reduced Redundancy Storage (RRS) within Amazon S3. What is the ideal scenario to use Reduced Redundancy Storage (RRS)?
- Huge volumes of data.
- Sensitive data.
- Non-critical or reproducible data.
- Critical data.
$ aws sqs receive-message –queue-url https://queue.amazonaws.com/546419318123/Test
- 3.
- 4.
- 2.
- 1.
When running my DB Instance as a Multi-AZ deployment, can I use the standby for read or write operations?
- Yes.
- Only with MSSQL based RDS.
- Only for Oracle RDS instances.
- No.
- Under DB INSTANCE DETAILS.
- Under REVI EW.
- Under MANAGEMENT OPTIONS.
- Under ENGINE SELECTION.
- 20 Gigabit.
- 10 Gigabit.
- Very High but variable.
- 5 Gigabit.
In Amazon EC2, if your EBS volume stays in the detaching state, you can force the detachment by clicking [...].
- Force Detach.
- Detach Instance.
- AttachVolume.
- AttachInstance.
- A predictable and scalable MySQL database.
- A fast and reliable PL/SQL database cluster.
- A standalone Cassandra database, managed by Amazon Web Services.
- A fast, highly scalable managed NoSQL database service.
Security groups act like a firewall at the instance level, whereas [...] are an additional layer of security that act at the subnet level.
- DB Security Groups.
- VPC Security Groups.
- network ACLs.
You have been asked to tighten up the password policies in your organization after a serious security breach, so you need to consider every possible security measure. Which of the following is not an account password policy for IAM Users that can be set?
- Force IAM users to contact an account administrator when the user has allowed his or her password to expire.
- A minimum password length.
- Force IAM users to contact an account administrator when the user has entered his password incorrectly.
- Prevent IAM users from reusing previous passwords.
- is not currently.
- is as of 2013.
- is planned to be in 2014.
- will never be.
- A scalable storage appliance on top of Amazon Web Services.
- An application container on top of Amazon Web Services.
- A service by this name doesn't exist.
- A scalable cluster of EC2 instances.
You need to quickly set up an email-sending service because a client needs to start using it in the next hour. Amazon Simple Email Service (Amazon SES) seems to be the logical choice but there are several options available to set it up. Which of the following options to set up SES would best meet the needs of the client?
- Amazon SES console.
- AWS CloudFormation.
- SMTP Interface.
- AWS Elastic Beanstalk.
A user is observing the EC2 CPU utilization metric on CloudWatch. The user has observed some interesting patterns while filtering over the 1 week period for a particular hour. The user wants to zoom that data point to a more granular period. How can the user do that easily with CloudWatch?
- The user can zoom a particular period by selecting that period with the mouse and then releasing the mouse.
- The user can zoom a particular period by specifying the aggregation data for that period.
- The user can zoom a particular period by double clicking on that period with the mouse.
- The user can zoom a particular period by specifying the period in the Time Range.
A company is running a batch analysis every hour on their main transactional DB. running on an RDS MySQL instance to populate their central Data Warehouse running on Redshift During the execution of the batch their transactional applications are very slow When the batch completes they need to update the top management dashboard with the new data The dashboard is produced by another system running on-premises that is currently started when a manually-sent email notifies that an update is required The on-premises system cannot be modified because is managed by another team. How would you optimize this scenario to solve performance issues and automate the process as much as possible? How would you optimize this scenario to solve performance issues and automate the process as much as possible?
- Replace RDS with Redshift for the batch analysis and SNS to notify the on-premises system to update the dashboard.
- Replace ROS with Redshift for the oaten analysis and SQS to send a message to the on-premises system to update the dashboard.
- Create an RDS Read Replica for the batch analysis and SNS to notify me on-premises system to update the dashboard.
- Create an RDS Read Replica for the batch analysis and SQS to send a message to the on-premises system to update the dashboard.
You are configuring a new VPC for one of your clients for a cloud migration project, and only a public VPN will be in place. After you created your VPC, you created a new subnet, a new internet gateway, and attached your internet gateway to your VPC. When you launched your first instance into your VPC, you realized that you aren't able to connect to the instance, even if it is configured with an elastic IP. What should be done to access the instance?
- A route should be created as 0.0.0.0/0 and your internet gateway as target.
- Attach another ENI to the instance and connect via new EN.
- A NAT instance should be created and all traffic should be forwarded to NAT instance.
- A NACL should be created that allows all outbound traffic.
You have been asked to build a database warehouse using Amazon Redshift. You know a little about it, including that it is a SQL data warehouse solution, and uses industry standard ODBC and JDBCconnections and PostgreSQL drivers. However you are not sure about what sort of storage it uses for database tables. What sort of storage does Amazon Redshift use for database tables?
- InnoDB Tables.
- NDB data storage.
- Columnar data storage.
- NDB CLUSTER Storage.
A user has attached 1 EBS volume to a VPC instance. The user wants to achieve the best fault tolerance of data possible. Which of the below mentioned options can help achieve fault tolerance?
- Attach one more volume with RAID 1 configuration.
- Attach one more volume with RAID 0 configuration.
- Connect multiple volumes and stripe them with RAI.
- Use the EBS volume as a root device.
- Set an S3 ACL on the bucket or the object.
- Create a CloudFront distribution for the bucket.
- Set an S3 bucket policy.
- Enable IAM Identity Federation.
- Use S3 Virtual l Hosting.
You are in the process of creating a Route 53 DNS failover to direct traffic to two EC2 zones. Obviously, if one fails, you would like Route 53 to direct traffic to the other region. Each region has an ELB with some instances being distributed. What is the best way for you to configure the Route 53 health check?
- Route 53 doesn't support ELB with an internal health check.You need to create your own Route 53 health check of the ELB.
- Route 53 natively supports ELB with an internal health check. Turn 'Evaluate target health' off and 'Associate with Health Check' on and R53 will use the ELB's internal health check.
- Route 53 doesn't support ELB with an internal health check. You need to associate your resource record set for the ELB with your own health check.
- Route 53 natively supports ELB with an internal health check. Turn 'Evaluate target health' on and 'Associate with Health Check' off and R53 will use the ELB's internal health check.
- 5GB.
- 1TB.
- 2TB.
- 500GB.
A user is planning a highly available application deployment with EC2. Which of the below mentioned options will not help to achieve HA?
- Elastic IP address.
- PIOPS.
- AMI.
- Availability Zones.
- Prevents /dev/sdc from creating the instance.
- Prevents /dev/sdc from deleting the instance.
- Set the value of /dev/sdc to 'zero'.
- Prevents /dev/sdc from attaching to the instance.
- You don't need to specify the resource identifier while terminating a resource.
- You can terminate, stop, or delete a resource based solely on its tags.
- You can't terminate, stop, or delete a resource based solely on its tags.
- You don't need to specify the resource identifier while stopping a resource.
You are deploying an application to collect votes for a very popular television show. Millions of users will submit votes using mobile devices. The votes must be collected into a durable, scalable, and highly available data store for real-time public tabulation. Which service should you use?
- Amazon DynamoDB.
- Amazon Redshift.
- Amazon Kinesis.
- Amazon Simple Queue Service.
- Only for Cluster Compute instances.
- Yes for all instance types.
- Only for M3 instance types.
- No.
A [...] for a VPC is a collection of subnets (typically private) that you may want to designate for your backend RDS DB Instances.
- DB Subnet Set.
- RDS Subnet Group.
- DB Subnet Group.
- DB Subnet Collection.
An instance is launched into a VPC subnet with the network ACL configured to al low all inbound traffic and deny all outbound traffic. The instance's security group is configured to allow SSH from any IPaddress and deny all outbound traffic. What changes need to be made to allow SSH access to the instance?
- The out bound security group needs to be modified to allow out bound traffic.
- The outbound network ACL needs to be modified to allow outbound traffic.
- Nothing, it can be accessed from any IP address using SS.
- Both the outbound security group and outbound network ACL need to be modified to allow outbound traffic.
You can modify the backup retention period; valid values are 0 (for no backup retention) to a maximum of [...] days.
- 45.
- 35.
- 15.
- 5.
To serve Web traffic for a popular product your chief financial officer and IT director have purchased 10 ml large heavy utilization Reserved Instances (RIs) evenly spread across two Availability Zones: Route 53 is used to deliver the traffic to an Elastic Load Balancer (ELB). After several months, the product grows even more popular and you need additional capacity As a result, your company purchases two C3.2xlarge medium utilization RIs You register the two c3 2xlarge instances with your ELB and quickly find that the ml large instances are at 100% of capacity and the c3 2xlarge instances have significant capacity that's unused Which option is the most cost effective and uses EC2 capacity most effectively?
- Use a separate ELB for each instance type and distribute load to ELBs with Route 53 weighted round robin.
- Configure Autoscaning group and Launch Configuration with ELB to add up to 10 more on-demand ml large instances when triggered by Cloudwatch shut off c3 2xlarge instances.
- Route traffic to EC2 ml large and c3 2xlarge instances directly using Route 53 latency based routing and health checks shut off ELB.
- Configure ELB with two c3 2xiarge Instances and use on-demand Autoscaling group for up to two additional c3.2xlarge instances Shut on mi .large instances.
An existing application stores sensitive information on a non-boot Amazon EBS data volume attached to an Amazon Elastic Compute Cloud instance. Which of the following approaches would protect the sensitive data on an Amazon EBS volume?
- Upload your customer keys to AWS CloudHS.
- Associate the Amazon EBS volume with AWS CloudHS.
- Re-mount the Amazon EBS volume.
- Create and mount a new, encrypted Amazon EBS volume. Move the data to the new volume. Delete the old Amazon EBS volume.
- Unmount the EBS volume. Toggle the encryption attribute to True. Re-mount the Amazon EBS volume.
- Snapshot the current Amazon EBS volume. Restore the snapshot to a new, encrypted Amazon EBS volume. Mount the Amazon EBS volume.
A user has launched one EC2 instance in the US West region. The user wants to access the RDS instance launched in the US East region from that EC2 instance. How can the user configure the access for that EC2 instance?
- Configure the IP range of the US West region instance as the ingress security rule of RDS.
- It is not possible to access RDS of the US East region from the US West region.
- Open the security group of the US West region in the RDS security group's ingress rule.
- Create an IAM role which has access to RDS and launch an instance in the US West region with it.
You have been asked to build AWS infrastructure for disaster recovery for your local applications and within that you should use an AWS Storage Gateway as part of the solution. Which of the following best describes the function of an AWS Storage Gateway?
- Accelerates transferring large amounts of data between the AWS cloud and portable storage devices .
- A web service that speeds up distribution of your static and dynamic web content.
- Connects an on-premises software appliance with cloud-based storage to provide seamless and secure integration between your on-premises IT environment and AWS's storage infrastructure.
- Is a storage service optimized for infrequently used data, or 'cold data'.
While creating an Amazon RDS DB, your first task is to set up a DB [...] that controls which IP address or EC2 instance can access your DB Instance.
- security token pool.
- security token.
- security pool.
- security group.
You need to import several hundred megabytes of data from a local Oracle database to an Amazon RDS DB instance. What does AWS recommend you use to accomplish this?
- Oracle export/import utilities.
- Oracle SQL Developer.
- Oracle Data Pump.
- DBMS_FILE_TRANSFER.
In the context of AWS support, why must an EC2 instance be unreachable for 20 minutes rather than allowing customers to open tickets immediately?
- Because most reachability issues are resolved by automated processes in less than 20 minutes.
- Because all EC2 instances are unreachable for 20 minutes every day when AWS does routine maintenance.
- Because all EC2 instances are unreachable for 20 minutes when first launched.
- Because of all the reasons listed here.
HTTP Query-based requests are HTTP requests that use the HTTP verb GET or POST and a Query parameter named [...].
- Action.
- Value.
- Reset.
- Retrieve.
A friend tells you he is being charged $100 a month to host his WordPress website, and you tell him you can move it to AWS for him and he will only pay a fraction of that, which makes him very happy. He then tells you he is being charged $50 a month for the domain, which is registered with the same people that set it up, and he asks if it's possible to move that to AWS as well. You tell him you aren't sure, but will look into it. Which of the following statements is true in regards to transferring domain names to AWS?
- You can't transfer existing domains to AW.
- You can transfer existing domains into Amazon Route 53's management.
- You can transfer existing domains via AWS Direct Connect.
- You can transfer existing domains via AWS Import/Export.
- ec2-deploy-snapshot.
- ec2-fresh-snapshot.
- ec2-create-snapshot.
- ec2-new-snapshot.
All Amazon EC2 instances are assigned two IP addresses at launch, out of which one can only be reached from within the Amazon EC2 network?
- Multiple IP address.
- Public IP address.
- Private IP address.
- Elastic IP Address.
When an EC2 instance that is backed by an S3-based AMI is terminated, what happens to the data on the root volume?
- Data is automatically saved as an EBS snapshot.
- Data is automatically saved as an EBS volume.
- Data is unavailable until the instance is restarted.
- Data is automatically deleted.
You've created your first load balancer and have registered your EC2 instances with the load balancer. Elastic Load Balancing routinely performs health checks on all the registered EC2 instances and automatically distributes all incoming requests to the DNS name of your load balancer across your registered, healthy EC2 instances. By default, the load balancer uses the [...] protocol for checking the health of your instances.
- HTTPS.
- HTTP.
- ICMP.
- IPv6.
Amazon Elastic Load Balancing is used to manage traffic on a fleet of Amazon EC2 instances, distributing traffic to instances across all Availability Zones within a region. Elastic Load Balancing has all the advantages of an on-premises load balancer, plus several security benefits. Which of the following is not an advantage of ELB over an on-premise load balancer?
- ELB uses a four-tier, key-based architecture for encryption.
- ELB offers clients a single point of contact, and can also serve as the first line of defense against attacks on your network.
- ELB takes over the encryption and decryption work from the Amazon EC2 instances and manages it centrally on the load balancer.
- ELB supports end-to-end traffic encryption using TLS (previously SSL) on those networks that use secure HTTP (HTTPS) connections.
A web company is looking to implement an external payment service into their highly available application deployed in a VPC Their application EC2 instances are behind a public lacing ELB Auto scaling is used to add additional instances as traffic increases under normal load the application runs 2 instances in the Auto Scaling group but at peak it can scale 3x in size. The application instances need to communicate with the payment service over the Internet which requires whitelisting of all public IP addresses used to communicate with it. A maximum of 4 whitelisting IP addresses are allowed at a time and can be added through an API. How should they architect their solution?
- Route payment requests through two NAT instances setup for High Availability and whitelist the Elastic IP addresses attached to the MAT instances.
- Whitelist the VPC Internet Gateway Public IP and route payment requests through the Internet Gateway.
- Whitelist the ELB IP addresses and route payment requests from the Application servers through the EL.
- Automatically assign public IP addresses to the application instances in the Auto Scaling group and run a script on boot that adds each instances public IP address to the payment validation whitelist AP.
You are using Amazon SES as an email solution but are unsure of what its limitations are. Which statement below is correct in regards to that?
- New Amazon SES users who have received production access can send up to 1,000 emails per 24-hour period, at a maximum rate of 10 emails per second.
- Every Amazon SES sender has a the same set of sending limits.
- Sending limits are based on messages rather than on recipients.
- Every Amazon SES sender has a unique set of sending limits.
Your company is getting ready to do a major public announcement of a social media site on AWS. The website is running on EC2 instances deployed across multiple Availability Zones with a Multi-AZ RDS MySQL Extra Large DB Instance. The site performs a high number of small reads and writes per second and relies on an eventual consistency model. After comprehensive tests you discover that there is read contention on RDS MySQL. Which are the best approaches to meet these requirements? (Choose 2 answers)
- Deploy ElasticCache in-memory cache running in each Availability Zone.
- Implement sharding to distribute load to multiple RDS MySQL instances.
- Increase the RDS MySQL Instance size and Implement provisioned IOPS.
- Add an RDS MySQL read replica in each Availability Zone.
- A security group in which only tasks inside can communicate with each other.
- A special type of worker.
- A collection of related Workflows.
- The DNS record for the Amazon SWF service.
The SQL Server [...] feature is an efficient means of copying data from a source database to your DB Instance. It writes the data that you specify to a data file, such as an ASCII file.
- bulk copy.
- group copy.
- dual copy.
- mass copy.
Any person or application that interacts with AWS requires security credentials. AWS uses these credentials to identify who is making the call and whether to allow the requested access. You have just set up a VPC network for a client and you are now thinking about the best way to secure this network. You set up a security group called vpcsecuritygroup. Which following statement is true in respect to the initial settings that will be applied to this security group if you choose to use the default settings for this group?
- Allow all inbound traffic and allow no outbound traffic.
- Allow no inbound traffic and allow all outbound traffic.
- Allow inbound traffic on port 80 only and allow all outbound traffic.
- Allow all inbound traffic and allow all outbound traffic.
- Amazon S3.
- Amazon Glacier.
- Amazon CloudFront.
- Amazon EBS.
You are trying to launch an EC2 instance, however the instance seems to go into a terminated status immediately. What would probably not be a reason that this is happening?
- The AMI is missing a required part.
- The snapshot is corrupt.
- You need to create storage in EBS first.
- You've reached your volume limit.
A company is building software on AWS that requires access to various AWS services. Which configuration should be used to ensure mat AWS credentials (i.e., Access Key ID/Secret Access Key combination) are not compromised?
- Enable Multi-Factor Authentication for your AWS root account.
- Assign an IAM role to the Amazon EC2 instance.
- Store the AWS Access Key ID/Secret Access Key combination in software comments.
- Assign an IAM user to the Amazon EC2 Instance.
- Yes.
- No.
- Only EC2-optimized EBS volumes.
- Only in read mode.
You need to measure the performance of your EBS volumes as they seem to be under performing. You have come up with a measurement of 1,024 KB I/O but your colleague tells you that EBS volume performance is measured in IOPS. How many IOPS is equal to 1,024 KB I/O?
- 16.
- 256.
- 8.
- 4.
Your company produces customer commissioned one-of-a-kind skiing helmets combining nigh fashion with custom technical enhancements Customers can show off their Individuality on the ski slopes and have access to head-up-displays. GPS rear-view cams and any other technical innovation they wish to embed in the helmet. The current manufacturing process is data rich and complex including assessments to ensure that the custom electronics and materials used to assemble the helmets are to the highest standards Assessments are a mixture of human and automated assessments you need to add a new set of assessment to model the failure modes of the custom electronics using GPUs with CUDA, across a cluster of servers with low latency networking. What architecture would allow you to automate the existing process using a hybrid approach and ensure that the architecture can support the evolution of processes over time?
- Use AWS Data Pipeline to manage movement of data & meta-data and assessments Use an autoscaling group of G2 instances in a placement group.
- Use Amazon Simple Workflow (SWF) to manages assessments, movement of data & meta-data Use an auto-scaling group of G2 instances in a placement group.
- Use Amazon Simple Workflow (SWF) to manages assessments movement of data & meta-data Use an auto-scaling group of C3 instances with SR-IOV (Single Root 1/0 Virtualization).
- Use AWS data Pipeline to manage movement of data & meta-data and assessments use autoscaling group of C3 with SR-IOV (Single Root 1/0 virtualization).
You are designing Internet connectivity for your VPC. The Web servers must be available on the Internet. The application must have a highly available architecture. Which alternatives should you consider? (Choose 2 answers)
- Configure a NAT instance in your VPC Create a default route via the NAT instance and associate it with all subnets Configure a DNS A record that points to the NAT instance public IP address.
- Configure a CloudFront distribution and configure the origin to point to the private IP addresses of your Web servers Configure a Route 53 CNAME record to your CloudFront distribution.
- Place all your web servers behind EL8 Configure a Route 53 CNAME to point to the ELB DNS name.
- Assign EIPs to all web servers. Configure a Route 53 record set with all EIPs. With health checks and DNS failover.
- Configure ELB with an EIP Place all your Web servers behind ELB Configure a Route 53 A record that points to the EIP.
You need to configure an Amazon S3 bucket to serve static assets for your public-facing web application. Which methods ensure that all objects uploaded to the bucket are set to public read? (Choose 2 answers)
- Set permissions on the object to public read during upload.
- Configure the bucket ACL to set all objects to public read.
- Configure the bucket policy to set all objects to public read.
- Use AWS Identity and Access Management roles to set the bucket to public read.
- Amazon S3 objects default to public read, so no action is needed.
A major customer has asked you to set up his AWS infrastructure so that it will be easy to recover in the case of a disaster of some sort. Which of the following is important when thinking about being able to quickly launch resources in AWS to ensure business continuity in case of a disaster?
- Create and maintain AMIs of key servers where fast recovery is required.
- Regularly run your servers, test them, and apply any software updates and configuration changes.
- All items listed here are important when thinking about disaster recovery.
- Ensure that you have all supporting custom software packages available in AW.
You are developing a new mobile application and are considering storing user preferences in AWS.2w This would provide a more uniform cross-device experience to users using multiple mobile devices to access the application. The preference data for each user is estimated to be SOKB in size Additionally 5 million customers are expected to use the application on a regular basis. The solution needs to be cost-effective, highly available, scalable and secure, how would you design a solution to meet the above requirements?
- Setup an RDS MySQL instance in 2 Availability Zones to store the user preference data. Deploy a public facing application on a server in front of the database to manage security and access credentials.
- Setup a DynamoDB table with an item for each user having the necessary attributes to hold the user preferences. The mobile application will query the user preferences directly from the DynamoDB table. Utilize ST.
- Web Identity Federation, and DynamoDB Fine Grained Access Control to authenticate and authorize access.
- Setup an RDS MySQL instance with multiple read replicas in 2 Availability Zones to store the user preference data. The mobile application will query the user preferences from the read replicas. Leverage the MySQL user management and access privilege system to manage security and access credentials.
- Store the user preference data in S3 Setup a DynamoDB table with an item for each user and an item attribute pointing to the user' S3 object. The mobile application will retrieve the S3 URL from DynamoDB and then access the S3 object directly utilize STS, Web identity Federation, and S3 ACLs to authenticate and authorize access.
In the Amazon RDS which uses the SQL Server engine, what is the maximum size for a Microsoft SQL Server DB Instance with SQL Server Express edition?
- 10GB per DB.
- 100GB per DB.
- 2TB per DB.
- 1TB per DB.
You have deployed a web application targeting a global audience across multiple AWS Regions under the domain name.example.com. You decide to use Route 53 Latency-Based Routing to serve web requests to users from the region closest to the user. To provide business continuity in the event of server downtime you configure weighted record sets associated with two web servers in separate Availability Zones per region. Dunning a DR test you notice that when you disable all web servers in one of the regions Route 53 does not automatically direct all users to the other region. What could be happening? (Choose 2 answers)
- Latency resource record sets cannot be used in combination with weighted resource record sets.
- You did not setup an HTTP health check tor one or more of the weighted resource record sets associated with me disabled web servers.
- The value of the weight associated with the latency alias resource record set in the region with the disabled servers is higher than the weight for the other region.
- One of the two working web servers in the other region did not pass its HTTP health check.
- You did not set 'Evaluate Target Health' to 'Yes' on the latency alias resource record set associated with example com in the region where you disabled the servers.
Amazon EBS provides the ability to create backups of any Amazon EC2 volume into what is known as [...].
- snapshots.
- images.
- instance backups.
- mirrors.
You've been hired to enhance the overall security posture for a very large e-commerce site They have a well architected multi-tier application running in a VPC that uses ELBs in front of both the web and the app tier with static assets served directly from S3 They are using a combination of RDS and DynamoOB for their dynamic data and then archiving nightly into S3 for further processing with EMR They are concerned because they found questionable log entries and suspect someone is attempting to gain unauthorized access. Which approach provides a cost effective scalable mitigation to this kind of attack?
- Recommend that they lease space at a DirectConnect partner location and establish a lG DirectConnect connection to their vPC they would then establish Internet connectivity into their space, filter the traffic in hardware Web Application Firewall (WAF). And then pass the traffic through the DirectConnect connection into their application running in their VPC,
- Add previously identified hostile source IPs as an explicit INBOUND DENY NACL to the web tier sub net.
- Add a WAF tier by creating a new ELB and an AutoScaling group of EC2 Instances running a host based WAF They would redirect Route 53 to resolve to the new WAF tier ELB The WAF tier wouldthier pass the traffic to the current web tier The web tier Security Groups would be updated to only allow traffic from the WAF tier Security Group
- Remove all but TLS 1 2 from the web tier ELB and enable Advanced Protocol Filtering This will enable the ELB itself to perform WAF functionality.
You are designing the network infrastructure for an application server in Amazon VPC Users will access all the application instances from the Internet as well as from an on-premises network The on-premises network is connected to your VPC over an AWS Direct Connect link. How would you design routing to meet the above requirements?
- Configure a single routing Table with a default route via the Internet gateway Propagate a default route via BGP on the AWS Direct Connect customer router. Associate the routing table with all VPCsubnets.
- Configure a single routing table with a default route via the internet gateway Propagate specific routes for the on-premises networks via BGP on the AWS Direct Connect customer router Associatethe routing table with all VPC subnets.
- Configure a single routing table with two default routes: one to the internet via an Internet gateway the other to the on-premises network via the VPN gateway use this routing table across all subnets in your VPC.
- Configure two routing tables one that has a default route via the Internet gateway and another that has a default route via the VPN gateway Associate both routing tables with each VPC subnet.
You have multiple VPN connections and want to provide secure communication between sites using the AWS VPN CloudHub. Which statement is the most accurate in describing what you must do to set this up correctly?
- Create a virtual private gateway with multiple customer gateways, each with unique Border Gateway Protocol (BGP) Autonomous System Numbers (ASNs).
- Create a virtual private gateway with multiple customer gateways, each with a unique set of keys.
- Create a virtual public gateway with multiple customer gateways, each with a unique Private subnet.
- Create a virtual private gateway with multiple customer gateways, each with unique subnet id.
A user is aware that a huge download is occurring on his instance. He has already set the Auto Scaling policy to increase the instance count when the network I/O increases beyond a certain limit. How can the user ensure that this temporary event does not result in scaling?
- The network I/O are not affected during data download.
- The policy cannot be set on the network I/O.
- There is no way the user can stop scaling as it is already configured.
- Suspend scaling.
The Amazon EC2 web service can be accessed using the [...] web services messaging protocol. This interface is described by a Web Services Description Language (WSDL) document.
- SOAP.
- DCOM.
- CORBA.
- XML-RPC.
Which of the following are true regarding encrypted Amazon Elastic Block Store (EBS) volumes? (Choose 2 answers)
- Supported on all Amazon EBS volume types.
- Snapshots are automatically encrypted.
- Available to all instance types.
- Existing volumes can be encrypted.
- Shared volumes can be encrypted.
- Only for Oracle RDS instances.
- Yes.
- No.
- Only in VPC.
- MakeSnapShot.
- FreshSnapshot.
- DeploySnapshot.
- CreateSnapshot.
A customer needs to capture all client connection information from their load balancer every five minutes. The company wants to use this data for analyzing traffic patterns and troubleshooting their applications. Which of the following options meets the customer requirements?
- Enable AWS CloudTrail for the load balancer.
- Enable access logs on the load balancer.
- Install the Amazon CloudWatch Logs agent on the load balancer.
- Enable Amazon CloudWatch metrics on the load balancer.
- Only for Oracle RDS types.
- Yes.
- Only if configured at launch.
- No.
If I want my instance to run on a single-tenant hardware, which value do I have to set the instance's tenancy attribute to?
- Dedicated.
- Isolated.
- One.
- Reserved.
- Only in GovCloud.
- Only for S3 not EC2.
- Yes.
- No.
A user wants to increase the durability and availability of the EBS volume. Which of the below mentioned actions should he perform?
- Take regular snapshots.
- Create an AM.
- Create EBS with higher capacity.
- Access EBS regularly.
- Regional Data Server.
- Relational Database Service.
- Nothing.
- Regional Database Service.
You have been asked to set up monitoring of your network and you have decided that Cloudwatch would be the best service to use. Amazon CloudWatch monitors your Amazon Web Services (AWS) resources and the applications you run on AWS in real-time. You can use CloudWatch to collect and track metrics, which are the variables you want to measure for your resources and applications. Which of the following items listed can AWS Cloudwatch monitor?
- Log files your applications generate.
- All of the items listed on this page.
- System-wide visibility into resource utilization, application performance, and operational health.
- Custom metrics generated by your applications and services.
- 1,000 write capacity units.
- 100,000 write capacity units.
- Dynamic DB is designed to scale without limits, but if you go beyond 10,000 you have to contact AWS first.
- 10,000 write capacity units.
- Yes, they do but only if they are detached from the instance.
- No, you cannot attach EBS volumes to an instance.
- No, they are dependent.
- Yes, they do.
- None of these.
- A list of users that can access Amazon EC2 instances.
- An Access Control List (ACL) for AWS resources.
- A firewall for inbound traffic, built-in around every Amazon EC2 instance.
You need to set up a high level of security for an Amazon Relational Database Service (RDS) you have just built in order to protect the confidential information stored in it. What are all the possible security groups that RDS uses?
- DB security groups, VPC security groups, and EC2 security groups.
- DB security groups only.
- EC2 security groups only.
- VPC security groups, and EC2 security groups.
In the 'Detailed' monitoring data available for your Amazon EBS volumes, Provisioned IOPS volumes automatically send [...] minute metrics to Amazon CloudWatch.
- 3.
- 1.
- 5.
- 2.
You are looking at ways to improve some existing infrastructure as it seems a lot of engineering resources are being taken up with basic management and monitoring tasks and the costs seem to be excessive. You are thinking of deploying Amazon ElasticCache to help. Which of the following statements is true in regards to ElasticCache?
- You can improve load and response times to user actions and queries however the cost associated with scaling web applications will be more.
- You can't improve load and response times to user actions and queries but you can reduce the cost associated with scaling web applications.
- You can improve load and response times to user actions and queries however the cost associated with scaling web applications will remain the same.
- You can improve load and response times to user actions and queries and also reduce the cost associated with scaling web applications.
A customer needs corporate IT governance and cost oversight of all AWS resources consumed by its divisions. The divisions want to maintain administrative control of the discrete AWS resources they consume and keep those resources separate from the resources of other divisions. Which of the following options, when used together will support the autonomy/control of divisions while enabling corporate IT to maintain governance and cost oversight? (Choose 2 answers)
- Use AWS Consolidated Billing and disable AWS root account access for the child accounts.
- Enable IAM cross-account access for all corporate IT administrators in each child account.
- Create separate VPCs for each division within the corporate IT AWS account.
- Use AWS Consolidated Billing to link the divisions' accounts to a parent corporate account.
- Write all child AWS CloudTrail and Amazon CloudWatch logs to each child account's Amazon S3 'Log' bucket.
After creating a new IAM user which of the following must be done before they can successfully make API calls?
- Add a password to the user.
- Enable Multi-Factor Authentication for the user.
- Assign a Password Policy to the user.
- Create a set of Access Keys for the user.
A friend wants you to set up a small BitTorrent storage area for him on Amazon S3. You tell him it is highly unlikely that AWS would allow such a thing in their infrastructure. However you decide to investigate. Which of the following statements best describes using BitTorrent with Amazon S3?
- Amazon S3 does not support the BitTorrent protocol because it is used for pirated software.
- You can use the BitTorrent protocol but only for objects that are less than 100 GB in size.
- You can use the BitTorrent protocol but you need to ask AWS for specific permissions first.
- You can use the BitTorrent protocol but only for objects that are less than 5 GB in size.
IAM's Policy Evaluation Logic always starts with a default [...] for every request, except for those that use the AWS account's root security credentials?
- Permit.
- Deny.
- Cancel.
You have been given a scope to deploy some AWS infrastructure for a large organization. The requirements are that you will have a lot of EC2 instances but may need to add more when the average utilization of your Amazon EC2 fleet is high and conversely remove them when CPU utilization is low. Which AWS services would be best to use to accomplish this?
- Auto Scaling, Amazon CloudWatch and AWS Elastic Beanstalk.
- Auto Scaling, Amazon CloudWatch and Elastic Load Balancing.
- Amazon CloudFront, Amazon CloudWatch and Elastic Load Balancing.
- AWS Elastic Beanstalk, Amazon CloudWatch and Elastic Load Balancing.
- It starts when the Status column for your distribution changes from Creating to Deployed.
- It starts as soon as you click the create instance option on the main EC2 console.
- It starts when your instance reaches 720 instance hours.
- It starts when Amazon EC2 initiates the boot sequence of an AMI instance.
A user is storing a large number of objects on AWS S3. The user wants to implement the search functionality among the objects. How can the user achieve this?
- Use the indexing feature of S3.
- Tag the objects with the metadata to search on that.
- Use the query functionality of S3.
- Make your own DB system which stores the S3 metadata for the search functionality.
A corporate web application is deployed within an Amazon Virtual Private Cloud (VPC) and is connected to the corporate data center via an IPsec VPN. The application must authenticate against the on-premises LDAP server. After authentication, each logged-in user can only access an Amazon Simple Storage Space (S3) keyspace specific to that user. Which two approaches can satisfy these objectives? (Choose 2 answers)
- Develop an identity broker that authenticates against IAM security Token service to assume a Lam role in order to get temporary AWS security credentials The application calls the identity broker toget AWS temporary security credentials with access to the appropriate S3 bucket.
- The application authenticates against LDAP and retrieves the name of an IAM role associated with the user. The application then ca lls the IAM Security Token Service to assume that IAM role The application can use the temporary credentials to access the appropriate S3 bucket.
- Develop an identity broker that authenticates against LDAP and then calls IAM Security To ken Service to get IAM federated user credentials The application calls the identity broker to get IAMfederated user credentials with access to the appropriate S3 bucket.
- The application authenticates against LDAP the application then calls the AWS identity and Access Management (IAM) Security service to log in to IAM using the LDAP credentials the application can use the IAM temporary credentials to access the appropriate S3 bucket.
- The application authenticates against IAM Security Token Service using the LDAP credentials the application uses those temporary AWS security credentials to access the appropriate S3 bucket.
- Yes always.
- No.
- Yes but only if they are using two factor authentication.
- Yes but only in VPC.
- It is not defined.
- Yes.
- It does support in-place non-atomic updates.
- Yes, but each Reserved Instance is associated with a specific Region that cannot be changed.
- Yes, only in US-West-2.
- Yes, only in US-East-1.
- No.
You want to establish a dedicated network connection from your premises to AWS in order to save money by transferring data directly to AWS rather than through your internet service provider. You are sure there must be some other benefits beyond cost savings. Which of the following statements would be the best choice to put your client's mind at rest?
- Different instances running on the same physical machine are isolated from each other via a 256-bit Advanced Encryption Standard (AES-256).
- Different instances running on the same physical machine are isolated from each other via the Xen hypervisor and via a 256-bit Advanced Encryption Standard (AES-256).
- Different instances running on the same physical machine are isolated from each other via the Xen hypervisor.
- Different instances running on the same physical machine are isolated from each other via IAM permissions.
- Yes, You can.
- No. You cannot.
You have launched an Amazon Elastic Compute Cloud (EC2) instance into a public subnet with a primary private I P address assigned, an internet gateway is attached to the VPC, and the public route table is configured to send all Internet-based traffic to the Internet gateway. The instance security group is set to allow all outbound traffic but cannot access the internet. Why is the Internet unreachable from this instance?
- The instance does not have a public IP address.
- The internet gateway security group must allow all outbound traffic.
- The instance security group must allow all inbound traffic.
- The instance 'Source/Destination check' property must be enabled.
Which of the following statements best describes the differences between Elastic Beanstalk and CloudFormation?
- Elastic Beanstalk uses Elastic load balancing and CloudFormation doesn't.
- CloudFormation is faster in deploying applications than Elastic Beanstalk.
- Elastic Beanstalk is faster in deploying applications than CloudFormation.
- CloudFormation is much more powerful than Elastic Beanstalk, because you can actually design and script custom resources.
It is advised that you watch the Amazon CloudWatch [...] metric (available via the AWS Management Console or Amazon Cloud Watch APIs) carefully and recreate the Read Replica should it fall behind due to replication errors.
- Write Lag.
- Read Replica.
- Replica Lag.
- Single Replica.
Your application provides data transformation services. Files containing data to be transformed are first uploaded to Amazon S3 and then transformed by a fleet of spot EC2 instances. Fi les submitted by your premium customers must be transformed with the highest priority. How should you implement such a system?
- Use a DynamoDB table with an attribute defining the priority level. Transformation instances will scan the table for tasks, sorting the results by priority level.
- Use Route 53 latency based-routing to send high priority tasks to the closest transformation instances.
- Use two SQS queues, one for high priority messages, the other for default priority. Transformation instances first poll the high priority queue; if there is no message, they poll the default priority queue.
- Use a single SQS queue. Each message contains the priority level. Transformation instances poll high-priority messages first.
True or False: When you view the block device mapping for your instance, you can see only the EBS volumes, not the instance store volumes.
- Depends on the instance type.
- False.
- Depends on whether you use API call.
- True.
- Yes, AWS CloudFormation supports Amazon EC2 tagging.
- No, CloudFormation doesn't support any tagging.
- No, it doesn't support Amazon EC2 tagging.
- It depends if the Amazon EC2 tagging has been defined in the template.
If I modify a DB Instance or the DB parameter group associated with the instance, should I reboot the instance for the changes to take effect?
- Yes.
- No.
If you are using Amazon RDS Provisioned IOPS storage with MySQL and Oracle database engines, you can scale the throughput of your database Instance by specifying the IOPS rate from [...].
- 1,000 to 100,000.
- 100 to 1,000.
- 10,000 to 100,000.
- 1,000 to 10,000.
To specify a resource in a policy statement, in Amazon EC2, can you use its Amazon Resource Name (ARN)?
- Yes, you can.
- No, you can't because EC2 is not related to AR
- No, you can't because you can't specify a particular Amazon EC2 resource in an IAM policy.
- Yes, you can but only for the resources that are not affected by the action.
An enterprise wants to use a third-party SaaS application. The SaaS application needs to have access to issue several API commands to discover Amazon EC2 resources running within the enterprise's account The enterprise has internal security policies that require any outside access to their environment must conform to the principles of least privilege and there must be controls in place to ensure that the credentials used by the 5aa5 vendor cannot be used by any other third party. Which of the following would meet all of these conditions?
- From the AWS Management Console, navigate to the Security Credentials page and retrieve the access and secret key for your account.
- Create an IAM user within the enterprise account assign a user policy to the IAM user that allows only the actions required by the SaaS application create a new access and secret key for the user and provide these credentials to the 5aa5 provider.
- Create an IAM role for cross-account access allows the SaaS provider's account to assume the role and assign it a policy that allows only the actions required by the SaaS application.
- Create an IAM role for EC2 instances, assign it a policy that allows only the actions required tor the Saas application to work, provide the role ARM to the SaaS provider to use when launching their application instances.
By default what are ENIs that are automatically created and attached to instances using the EC2 console set to do when the attached instance terminates?
- Remain as is.
- Terminate.
- Hibernate.
- Pause.
In EC2, what happens to the data in an instance store if an instance reboots (either intentionally or unintentionally)?
- Data is deleted from the instance store for security reasons.
- Data persists in the instance store.
- Data is partially present in the instance store.
- Data in the instance store will be lost.
You are designing a social media site and are considering how to mitigate distributed denial-of service (DDoS) attacks. Which of the below are viable mitigation techniques? (Choose 3 answers)
- Add multiple elastic network interfaces (ENis) to each EC2 instance to increase the network bandwidth.
- Use dedicated instances to ensure that each instance has the maximum performance possible.
- Use an Amazon CloudFront distribution for both static and dynamic content.
- Use an Elastic Load Balancer with auto scaling groups at the web. App and Amazon Relational Database Service (RDS) tiers.
- Add alert Amazon CloudWatch to look for high Network in and CPU utilization.
- Create processes and capabilities to quickly add and remove rules to the instance OS firewall.
In Amazon CloudFront, if you use Amazon EC2 instances and other custom origins with CloudFront, it is recommended to [...].
- not use Elastic Load Balancing.
- restrict Internet communication to private instances while allowing outgoing traffic.
- enable access key rotation for CloudWatch metrics.
- specify the URL of the load balancer for the domain name of your origin server.
Which of the following statements is true regarding attaching network interfaces to your instances in your VPC?
- You can attach 5 ENIs per instance type.
- You can attach as many ENIs as you want.
- The number of ENIs you can attach varies by instance type.
- You can attach 100 ENIs total regardless of instance type.
- For security reasons.
- Hardware restrictions.
- Public (IPV4) internet addresses are a scarce resource.
- There are only 5 network interfaces per instance.
- Yes.
- No.
You have an application running on an Amazon Elastic Compute Cloud instance, that uploads 5 GB video objects to Amazon Simple Storage Service (S3). Video uploads are taking longer than expected, resulting in poor application performance. Which method will help improve performance of your application?
- Enable enhanced networking.
- Use Amazon S3 multipart upload.
- Leveraging Amazon CloudFront, use the HTTP POST method to reduce latency.
- Use Amazon Elastic Block Store Provisioned IOPs and use an Amazon EBS-optimized instance.
You have been given a scope to set up an AWS Media Sharing Framework for a new start up photo sharing company similar to flickr. The first thing that comes to mind about this is that it will obviously need a huge amount of persistent data storage for this framework. Which of the following storage options would be appropriate for persistent storage?
- Amazon Glacier or Amazon S3.
- Amazon Glacier or AWS Import/Export.
- AWS Import/Export or Amazon CloudFront.
- Amazon EBS volumes or Amazon S3.
You need a persistent and durable storage to trace call activity of an IVR (Interactive Voice Response) system. Call duration is mostly in the 2-3 minutes timeframe. Each traced call can be either active or terminated. An external application needs to know each minute the list of currently active calls, which are usually a few calls/second. Put once per month there is a periodic peak up to 1000 calls/second for a few hours. The system is open 24/7 and any downtime should be avoided. Historical data is periodically archived to files. Cost saving is a priority for this project. What database implementation would better fit this scenario, keeping costs as low as possible?
- Use RDS Multi-AZ with two tables, one for 'Active calls' and one for 'Terminated calls'. in this way the 'Active calls' table is always small and effective to access.
- Use DynamoDB with a 'Calls' table and a Global Secondary Index on a 'lsActive' attribute that is present for active calls only in this way the Global Secondary index is sparse and more effective.
- Use DynamoDB with a 'Calls' table and a Global secondary index on a 'State' attribute that can equal to 'active' or 'terminated' in this way the Global Secondary index can be used for all Items in the table.
- Use RDS Multi-AZ with a 'CALLS' table and an Indexed 'STATE* field that can be equal to 'ACTIVE' or 'TERMINATED' in this way the SOL query Is optimized by the use of the Index.
If you have chosen Multi-AZ deployment, in the event of a planned or unplanned outage of your primary DB Instance, Amazon RDS automatically switches to the standby replica. The automatic failover mechanism simply changes the record of the main DB Instance to point to the standby DB Instance.
- DNAME.
- CNAME.
- TXT.
- MX.
- 2 Elastic IP addresses.
- A private IP address and an Elastic IP address.
- A public IP address and an Elastic IP address.
- A private IP address and a public IP address.
You need to pass a custom script to new Amazon Linux instances created in your Auto Scaling group. Which feature allows you to accomplish this?
- User data.
- EC2Config service.
- IAM roles.
- AWS Config.
A customer wants to track access to their Amazon Simple Storage Service (S3) buckets and also use this information for their internal security and access audits. Which of the following will meet the Customer requirement?
- Enable AWS CloudTrail to audit all Amazon S3 bucket access.
- Enable server access logging for all required Amazon S3 buckets.
- Enable the Requester Pays option to track access via AWS Billing.
- Enable Amazon S3 event notifications for Put and Post.
- Public DNS name.
- Internal DNS name.
- External DNS name.
- Global DNS name.
An AWS customer is deploying an application mat is composed of an AutoScaling group of EC2 Instances. The customers security policy requires that every outbound connection from these instances to any other service within the customers Virtual Private Cloud must be authenticated using a unique x 509 certificate that contains the specific instance-id. In addition an x 509 certificates must Designed by the customer's Key management service in order to be trusted for authentication. Which of the following configurations will support these requirements?
- Configure an IAM Role that grants access to an Amazon S3 object containing a signed certificate and configure me Auto Scaling group to launch instances with this role Have the instances bootstrap get the certificate from Amazon S3 upon first boot.
- Embed a certificate into the Amazon Machine Image that is used by the Auto Scaling group Have the launched instances generate a certificate signature request with the instance's assigned instance- id to the Key management service for signature.
- Configure the Auto Scaling group to send an SNS notification of the launch of a new instance to the trusted key management service. Have the Key management service generate a signed certificate and send it directly to the newly launched instance.
- Configure the launched instances to generate a new certificate upon first boot Have the Key management service poll the AutoScaling group for associated instances and send new instances a certificate signature (hat contains the specific instance-id.
A company is storing data on Amazon Simple Storage Service (S3). The company’s security policy mandates that data is encrypted at rest. Which of the following methods can achieve this? (Choose 3 answers)
- Use Amazon S3 server-side encryption with AWS Key Management Service managed keys.
- Use Amazon S3 server-side encryption with customer-provided keys.
- Use Amazon S3 server-side encryption with EC2 key pair.
- Use Amazon S3 bucket policies to restrict access to the data at rest.
- Encrypt the data on the client-side before ingesting to Amazon S3 using their own master key.
- Use SSL to encrypt the data while in transit to Amazon S3.
- your EC2 instance is in a running state.
- the instance exits from Amazon S3 console.
- your instance still exits the EC2 console.
- EC2 instances stop.
- Use the IAM based single sign between the AWS resources and the organization application.
- Use the IAM role and assign it to the instance.
- Since the application is hosted on EC2, it does not need credentials to access S3.
- Use the 509 certificates instead of the access and the secret access keys.
In Amazon EC2 Container Service components, what is the name of a logical grouping of container instances on which you can place tasks?
- A cluster.
- A container instance.
- A container.
- A task definition.
You are looking to migrate your Development (Dev) and Test environments to AWS. You have decided to use separate AWS accounts to host each environment. You plan to link each accounts bill to a Master AWS account using Consolidated Billing. To make sure you Keep within budget you would like to implement a way for administrators in the Master account to have access to stop, delete and/or terminate resources in both the Dev and Test accounts. Identify which option will allow you to achieve this goal.
- Create IAM users in the Master account with full Admin permissions. Create cross-account roles in the Dev and Test accounts that grant the Master account access to the resources in the account by inheriting permissions from the Master account.
- Create IAM users and a cross-account role in the Master account that grants full Admin permissions to the Dev and Test accounts.
- Create IAM users in the Master account Create cross-account roles in the Dev and Test accounts that have full Admin permissions and grant the Master.
- Link the accounts using Consolidated Billing. This will give IAM users in the Master account access to resources in the Dev and Test accounts.
- Running.
- Working.
- Progressing.
- Pending.
A customer is running a multi-tier web application farm in a virtual private cloud (VPC) that is not connected to their corporate network. They are connecting to the VPC over the Internet to manage all of their Amazon EC2 instances running in both the public and private subnets. They have only authorized the bastion-security-group with Microsoft Remote Desktop Protocol (RDP) access to the application instance security groups, but the company wants to further limit administrative access to all of the instances in the VPC. Which of the following Bastion deployment scenarios will meet this requirement?
- Deploy a Windows Bastion host on the corporate network that has RDP access to all instances in the VP.
- Deploy a Windows Bastion host with an Elastic IP address in the public subnet and allow SSH access to the bastion from anywhere.
- Deploy a Windows Bastion host with an Elastic IP address in the private subnet, and restrict RDP access to the bastion from only the corporate public IP addresses.
- Deploy a Windows Bastion host with an auto-assigned Public IP address in the public subnet, and allow RDP access to the bastion from only the corporate public IP addresses.
True or False: Common points of failures like generators and cooling equipment are shared across Availability Zones.
- True.
- False.
A company is building a voting system for a popular TV show, viewers win watch the performances then visit the show's website to vote for their favorite performer. It is expected that in a short period of time after the show has finished the site will receive millions of visitors. The visitors will first login to the site using their Amazon.com credentials and then submit their vote. After the voting is completed the page will display the vote totals. The company needs to build the site such that can handle the rapid influx of traffic while maintaining good performance but also wants to keep costs to a minimum. Which of the design patterns below should they use?
- Use CloudFront and an Elastic Load balancer in front of an auto-scaled set of web servers, the web servers will first can the Login With Amazon service to authenticate the user then process the users vote and store the result into a multi-AZ Relational Database Service instance.
- Use CloudFront and the static website hosting feature of S3 with the Javascript SDK to call the Login With Amazon service to authenticate the user, use IAM Roles to gain permissions to a DynamoDB table to store the users vote.
- Use CloudFront and an Elastic Load Balancer in front of an auto-scaled set of web servers, the web servers will first call the Login with Amazon service to authenticate the user, the web servers will process the users vote and store the result into a DynamoDB table using IAM Roles for EC2 instances to gain permissions to the DynamoDB table.
- Use CloudFront and an Elastic Load Balancer in front of an auto-scaled set of web servers, the web servers will first call the Login. With Amazon service to authenticate the user, the web servers win process the users vote and store the result into an SQS queue using IAM Roles for EC2 Instances to gain permissions to the SQS queue. A set of application servers will then retrieve the items from the queue and store the result into a DynamoDB table.
You are designing a photo sharing mobile app the application will store all pictures in a single Amazon S3 bucket. Users will upload pictures from their mobile device directly to Amazon S3 and will be able to view and download their own pictures directly from Amazon S3. You want to configure security to handle potentially millions of users in the most secure manner possible. What should your server-side application do when a new user registers on the photo sharing mobile application?
- Create a set of long-term credentials using AWS Security Token Service with appropriate permissions Store these credentials in the mobile app and use them to access Amazon S3.
- Record the user's Information in Amazon RDS and create a role in IAM with appropriate permissions. When the user uses their mobile app create temporary credentials using the AWS Security Token Service 'Assume Role' function Store these credentials in the mobile app's memory and use them to access Amazon S3 Generate new credentials the next time the user runs the mobile app.
- Record the user's Information in Amazon DynamoDB.
- When the user uses their mobile app create temporary credentials using AWS Security Token Service with appropriate permissions Store these credentials in the mobile app's memory and use them to access Amazon S3 Generate new credentials the next time the user runs the mobile app.
- Create IAM user. Assign appropriate permissions to the IAM user Generate an access key and secret key for the IAM user, store them in the mobile app and use these credentials to access Amazon S3.
- Create an IAM user. Update the bucket policy with appropriate permissions for the IAM user Generate an access Key and secret Key for the IAM user, store them in the mobile app and use these credentials to access Amazon S3.
- Yes for all users.
- Yes for all users except root.
- No.
- Yes unless special permission granted.
- eu-west-1.
- us-east-1.
- us-east-2.
- ap-southeast-1.
Your company hosts a social media site supporting users in multiple countries. You have been asked to provide a highly available design tor the application that leverages multiple regions tor the most recently accessed content and latency sensitive portions of the wet) site The most latency sensitive component of the application involves reading user preferences to support web site personalization and ad selection. In addition to running your application in multiple regions, which option will support this application's requirements?
- Serve user content from S3. CloudFront and use Route 53 latency-based routing between ELBs in each region Retrieve user preferences from a local DynamoDB table in each region and leverage SQS to capture changes to user preferences with 505 workers for propagating updates to each table.
- Use the 53 Copy API to copy recently accessed content to multiple regions and serve user content from S3. CloudFront with dynamic content and an ELB in each region Retrieve user preferences from an ElasticCache cluster in each region and leverage SNS notifications to propagate user preference changes to a worker node in each region.
- Use the 53 Copy API to copy recently accessed content to multiple regions and serve user content from S3 CloudFront and Route 53 latency-based routing Between ELBs in each region Retrieve user preferences from a DynamoDB table and leverage SQS to capture changes to user preferences with 505 workers for propagating DynamoDB updates.
- Serve user content from S3. CloudFront with dynamic content, and an ELB in each region Retrieve user preferences from an ElastiCache cluster in each region and leverage Simple Workflow (SWF) to manage the propagation of user preferences from a centralized OB to each ElastiCache cluster.
- policy.
- permission.
- role.
- resource.
A company wants to implement their website in a virtual private cloud (VPC). The web tier will use an Auto Scaling group across multiple Availability Zones (AZs). The database will use Multi-AZ RDSMySQL and should not be publicly accessible. What is the minimum number of subnets that need to be configured in the VPC?
- 1.
- 2.
- 3.
- 4.
- Yes for all users except root.
- No.
- Yes unless special permission granted.
- Yes for all users.
- True.
- False.
- Amazon EBS-backed instances can be stopped and restarted.
- Instance-store backed instances can be stopped and restarted.
- Auto scaling requires using Amazon EBS-backed instances.
- Virtual Private Cloud requires EBS backed instances.
A major customer has asked you to set up his AWS infrastructure so that it will be easy to recover in the case of a disaster of some sort. Which of the following statements is true of Amazon EC2 security groups?
- Create and maintain AMIs of key servers where fast recovery is required.
- Regularly run your servers, test them, and apply any software updates and configuration changes.
- Ensure that you have all supporting custom software packages available in AW.
- All items listed here are important when thinking about disaster recovery.
- After you launch an instance in EC2-Classic, you can't change its security groups.
- After you launch an instance in EC2-Classic, you can change its security groups only once.
- After you launch an instance in EC2-Classic, you can only add rules to a security group.
- After you launch an instance in EC2-Classic, you cannot add or remove rules from a security group.
To view information about an Amazon EBS volume, open the Amazon EC2 console at https://console.aws.amazon.com/ec2/, click in the Navigation panel.
- EBS.
- Describe.
- Details.
- Volumes.
True or False: Provisioned IOPS Costs - you are charged for the IOPS and storage whether or not you use them in a given month.
- True.
- False.
You have an EC2 Security Group with several running EC2 instances. You change the Security Group rules to allow inbound traffic on a new port and protocol, and launch several new instances in the same Security Group. The new rules apply:
- Immediately to all instances in the security group.
- Immediately to the new instances only.
- Immediately to the new instances, but old instances must be stopped and restarted before the new rules apply.
- To all instances, but it may take several minutes for old instances to see the changes.
- An edge location is referred to the network configured within a Zone or Region.
- An edge location is an AWS Region.
- An edge location is the location of the data center used for Amazon CloudFront.
- An edge location is a Zone within an AWS Region.
If I want to run a database in an Amazon instance, which is the most recommended Amazon storage option?
- Amazon Instance Storage.
- Amazon EBS.
- You can't run a database inside an Amazon instance.
- Amazon S3.
A customer is leveraging Amazon Simple Storage Service in eu-west-1 to store static content for a web-based property. The customer is storing objects using the Standard Storage class. Where are the customers objects replicated?
- A single facility in eu-west-1 and a single facility in eu-central-1.
- A single facility in eu-west-1 and a single facility in us-east-1.
- Multiple facilities in eu-west-1.
- A single facility in eu-west-1.
You have set up an S3 bucket with a number of images in it and you have decided that you want anybody to be able to access these images, even anonymous users. To accomplish this you create a bucket policy. You will need to use an Amazon S3 bucket policy that specifies a [...] in the principal element, which means anyone can access the bucket.
- hash tag (#).
- anonymous user.
- wildcard (*).
- S3 user.
You try to connect via SSH to a newly created Amazon EC2 instance and get one of the following error messages: 'Network error: Connection timed out' or 'Error connecting to [instance], reason: -> Connection timed out: connect,' You have confirmed that the network and security group rules are configured correctly and the instance is passing status checks. What steps should you take to identify the source of the behavior? (Choose 2 answers)
- Verify that the private key file corresponds to the Amazon EC2 key pair assigned at launch.
- Verify that your IAM user policy has permission to launch Amazon EC2 instances.
- Verify that you are connecting with the appropriate user name for your AMI.
- Verify that the Amazon EC2 Instance was launched with the proper IAM role.
- Verify that your federation trust to AWS has been established.
An Auto-Scaling group spans 3 AZs and currently has 4 running EC2 instances. When Auto Scaling needs to terminate an EC2 instance by default, AutoScaling will: (Choose 2 answers)
- Allow at least five minutes for Windows/Linux shutdown scripts to complete, before terminating the instance.
- Terminate the instance with the least active network connections. If multiple instances meet this criterion, one will be randomly selected.
- Send an SNS notification, if configured to do so.
- Terminate an instance in the AZ which currently has 2 running EC2 instances.
- Randomly select one of the 3 AZs, and then terminate an instance in that A.
A photo-sharing service stores pictures in Amazon Simple Storage Service (S3) and allows application sign-in using an OpenID Connect-compatible identity provider. Which AWS Security Token Service approach to temporary access should you use for the Amazon S3 operations?
- SAML-based Identity Federation.
- Cross-Account Access.
- AWS Identity and Access Management roles.
- Web Identity Federation.
- 512 Unicode characters.
- 64 Unicode characters.
- 256 Unicode characters.
- 128 Unicode characters.
Does Amazon RDS allow direct host access via Telnet, Secure Shell (SSH), or Windows Remote Desktop Connection?
- Yes.
- No.
A user wants to achieve High Availability with PostgreSQL DB. Which of the below mentioned functionalities helps achieve HA?
- Multi-AZ.
- Read Replica.
- Multi region.
- PostgreSQL does not support HA.
- Yes, they are allowed but only for selected regions.
- No, they are never allowed.
- Yes, they are allowed without any permission.
- Yes, they are allowed but only with approval.
You are building a system to distribute confidential documents to employees. Using CloudFront, what method could be used to serve content that is stored in S3, but not publically accessible from S3 directly?
- Add the CloudFront account security group 'amazon-cf/amazon-cf-sg' to the appropriate S3 bucket policy.
- Create a S3 bucket policy that lists the CloudFront distribution ID as the Principal and the target bucket as the Amazon Resource Name (ARN).
- Create an Identity and Access Management (IAM) User for CloudFront and grant access to the objects in your S3 bucket to that IAM User.
- Create an Origin Access Identity (OAI) for CloudFront and grant access to the objects in your S3 bucket to that OA.
You require the ability to analyze a large amount of data, which is stored on Amazon S3 using Amazon Elastic MapReduce. You are using the cc2 8x large Instance type, whose CPUs are mostly idle during processing. Which of the below would be the most cost efficient way to reduce the runtime of the job?
- Create more smaller flies on Amazon S3.
- Add additional cc2 8x large instances by introducing a task group.
- Use smaller instances that have higher aggregate 1/0 performance.
- Create fewer, larger fi les on Amazon S3.
What is the name of licensing model in which I can use your existing Oracle Database licenses to run Oracle deployments on Amazon RDS?
- Bring Your Own License.
- Role Bases License.
- Enterprise License.
- License Included.
Which of the following statements are true about Amazon Route 53 resource records? (Choose 2 answers)
- An Alias record can map one DNS name to another Amazon Route 53 DNS name.
- A CNAME record can be created for your zone apex.
- An Amazon Route 53 CNAME record can point to any DNS record hosted anywhere.
- TIL can be set for an Alias record in Amazon Route 53.
- An Amazon Route 53 Alias record can point to any DNS record hosted anywhere.
Do you need to shutdown your EC2 instance when you create a snapshot of EBS volumes that serve as root devices?
- No, you only need to shutdown an instance before deleting it.
- Yes.
- No, the snapshot would turn off your instance automatically.
- No.
- Yes.
- Only in certain regions.
- Only in VPC.
- No.
- customized deployments.
- AppStream customizations.
- log events.
- Multi-AZ deployments.
True or False: Amazon EC2 has no Amazon Resource Names (ARNs) because you can't specify a particular Amazon EC2 resource in an IAM policy.
- True.
- False.
A major client who has been spending a lot of money on his internet service provider asks you to set up an AWS Direct Connection to try and save him some money. You know he needs high-speed connectivity. Which connection port speeds are available on AWS Direct Connect?
- 500Mbps and 1Gbps.
- 1Gbps and 10Gbps.
- 100Mbps and 1Gbps.
- 1Gbps.
What will be the state of the alarm at the end of 90 minutes, if the CPU utilization is constant at 80%?
- ALERT.
- ALARM.
- OK.
- INSUFFICIENT_DATA.
A 3-tier e-commerce web application is current deployed on-premises and will be migrated to AWS for greater scalability and elasticity The web server currently shares read-only data using a network distributed file system The app server tier uses a clustering mechanism for discovery and shared session state that depends on I P multicast The database tier uses shared-storage clustering to provide database fail over capability, and uses several read slaves for scaling Data on all servers and the distributed file system directory is backed up weekly to off-site tapes. Which AWS storage and database architecture meets the requirements of the application?
- Web servers: store read-only data in S3, and copy from S3 to root volume at boot time. App servers: share state using a combination of DynamoDB and IP unicast. Database: use RDS with multi-AZdeployment and one or more read replicas. Backup: web servers, app servers, and database backed up weekly to Glacier using snapshots.
- Web servers: store read-only data in an EC2 NFS server, mount to each web server at boot time. App servers: share state using a combination of DynamoDB and IP multicast. Database: use RDS with multi-AZ deployment and one or more Read Replicas. Backup: web and app servers backed up weekly via AMIs, database backed up via DB snapshots.
- Web servers: store read-only data in S3, and copy from S3 to root volume at boot time. App servers: share state using a combination of DynamoDB and IP unicast. Database: use RDS with multi-AZ deployment and one or more Read Replicas. Backup: web and app servers backed up weekly via AMIs, database backed up via DB snapshots.
- Web servers: store read-only data in S3, and copy from S3 to root volume at boot time. App servers: share state using a combination of DynamoDB and IP unicast. Database: use RDS with multi-AZdeployment. Backup: web and app servers backed up weekly via AMIs, database backed up via DB snapshots.
- Basic, Developer, Business, Enterprise.
- Basic, Startup, Business, Enterprise.
- Free, Bronze, Silver, Gold.
- All support is free.
- 10.
- 15.
- 2.
- 20.
In the most recent company meeting, your CEO focused on the fact that everyone in the organization needs to make sure that all of the infrastructure that is built is truly scalable. Which of the following statements is incorrect in reference to scalable architecture?
- A scalable service is capable of handling heterogeneity.
- A scalable service is resilient.
- A scalable architecture won't be cost effective as it grows.
- Increasing resources results in a proportional increase in performance.
- Simple Storage Solution.
- Storage Storage Storage (triple redundancy Storage).
- Storage Server Solution.
- Simple Storage Service.
A company needs to monitor the read and write IOPs metrics for their AWS MySQL RDS instance and send real-time alerts to their operations team. Which AWS services can accomplish this? (Choose 2 answers)
- Amazon Simple Email Service.
- Amazon CloudWatch.
- Amazon Simple Queue Service.
- Amazon Route 53.
- Amazon Simple Notification Service.
A user has configured ELB with two EBS backed EC2 instances. The user is trying to understand the DNS access and IP support for ELB. Which of the below mentioned statements may not help the user understand the IP mechanism supported by ELB?
- The client can connect over IPV4 or IPV6 using Dualstack.
- Communication between the load balancer and back-end instances is always through IPV4.
- ELB DNS supports both IPV4 and IPV6.
- The ELB supports either IPV4 or IPV6 but not both.
- An AWS developer who is an expert in Amazon RDS using both the Oracle and SQL Server DB engines.
- A graphical Java tool distributed without cost by Oracle.
- It is a variant of the SQL Server Management Studio designed by Microsoft to support Oracle DBMS functionalities.
- A different DBMS released by Microsoft free of cost.
- security groups and multi-factor authentication.
- security groups and 2-Factor authentication.
- security groups and biometric authentication.
- security groups and network ACLs.
What is the type of monitoring data (for Amazon EBS volumes) which is available automatically in 5- minute periods at no charge called?
- Basic.
- Primary.
- Detailed.
- Local.
A user comes to you and wants access to Amazon CloudWatch but only wants to monitor a specific LoadBalancer. Is it possible to give him access to a specific set of instances or a specific LoadBalancer?
- No because you can't use IAM to control access to CloudWatch data for specific resources.
- Yes. You can use IAM to control access to CloudWatch data for specific resources.
- No because you need to be Sysadmin to access CloudWatch data.
- Yes. Any user can see all CloudWatch data and needs no access rights.
Which Amazon Elastic Compute Cloud feature can you query from within the instance to access instance properties?
- Instance user data.
- Resource tags.
- Instance metadata.
- Amazon Machine Image.
Making your snapshot public shares all snapshot data with everyone. Can the snapshots with AWS Market place product codes be made public?
- Yes.
- No.
- AWS Access Control Service (ACS).
- AWS Identity and Access Management (IAM).
You have launched an EC2 instance with four (4) 500 GB EBS Provisioned IOPS volumes attached. The EC2 instance is EBS-Optimized and supports 500 Mbps throughput between EC2 and EBS. The four EBS volumes are configured as a single RAID 0 device, and each Provisioned IOPS volume is provisioned with 4,000IOPS (4,000 16KB reads or writes), for a total of 16,000 random IOPS on the instance. The EC2 instance initially delivers the expected 16,000 IOPS random read and write performance. Sometime later, in order to increase the total random I/O performance of the instance, you add an additional two 500 GB EBS Provisioned IOPS volumes to the RAID. Each volume is provisioned to 4,000 IOPs like the original four, for a total of 24,000 IOPS on the EC2 instance. Monitoring shows that the EC2 instance CPU utilization increased from 50% to 70%, but the total random IOPS measured at the instance level does not increase at all. What is the problem and a valid solution?
- Larger storage volumes support higher Provisioned IOPS rates; increase the provisioned volume storage of each of the 6 EBS volumes to 1TB.
- The EBS-Optimized throughput limits the total IOPS that can be utilized; use an EBS Optimized instance that provides larger throughput. Mo
- Small block sizes cause performance degradation, limiting the I/O throughput; configure the instance device driver and filesystem to use 64KB blocks to increase throughput.
- The standard EBS Instance root volume limits the total IOPS rate; change the instance root volume to also be a 500GB 4,000 Provisioned IOPS volume.
- RAID 0 only scales linearly to about 4 devices; use RAID 0 with 4 EBS Provisioned IOPS volumes, but increase each Provisioned IOPS EBS volume to 6,000 IOPS.
A user has configured a website and launched it using the Apache web server on port 80. The user is using ELB with the EC2 instances for Load Balancing. What should the user do to ensure that the EC2 instances accept requests only from ELB?
- Configure the security group of EC2, which allows access to the ELB source security group.
- Configure the EC2 instance so that it only listens on the ELB port.
- Open the port for an ELB static IP in the EC2 security group.
- Configure the security group of EC2, which allows access only to the ELB listener.
You're trying to delete an SSL certificate from the IAM certificate store, and you're getting the message 'Certificate: <certificate< span=''>-id> is being used by CloudFront.' Which of the following statements is probably the reason why you are getting this error?
- Before you can delete an SSL certificate, you need to either rotate SSL certificates or revert from using a custom SSL certificate to using the default CloudFront certificate.
- You can't delete SSL certificates. You need to request it from AW.
- Before you can delete an SSL certificate, you need to set up the appropriate access level in IAM. Before you can delete an SSL certificate you need to set up https on your server.
- Before you can delete an SSL certificate you need to set up https on your server.
- A security group that has port 22 (for SSH) or port 3389 (for RDP) open to your network.
- A security group that has no ports open to your network.
- A security group that has only port 3389 (for RDP) open to your network.
- A security group that has only port 22 (for SSH) open to your network.
- Configure an instance with monitoring software and the elastic network interface (ENI) set to promiscuous mode packet sniffing to see an traffic across the VPC. Configure servers running in the VPC using the host-based 'route' commands to send all traffic through the platform to a scalable virtualized IDS/IP.
- Create a second VPC and route all traffic from the primary application VPC through the second VPC where the scalable virtualized IDS/IPS platform resides.
- Configure servers running in the VPC using the host-based 'route' commands to send all traffic through the platform to a scalable virtualized IDS/IP.
- Configure each host with an agent that collects all network traffic and sends that traffic to the IDS/IPS platform for inspection.
- Remove public read access and use signed URLs with expiry dates.
- Use CloudFront distributions for static content.
- Block the IPs of the offending websites in Security Groups.
- Store photos on an EBS volume of the web server.
- Frequent snapshots provide a higher level of data durability and they will not degrade the performance of your application while the snapshot is in progress.
- General Purpose (SSD) and Provisioned IOPS (SSD) volumes have a throughput limit of 128 MB/s per volume.
- There is a relationship between the maximum performance of your EBS volumes, the amount of I/O you are driving to them, and the amount of time it takes for each transaction to complete.
- There is a 5 to 50 percent reduction in IOPS when you first access each block of data on a newly created or restored EBS volume.
- from the next billing cycle.
- after 30 minutes.
- immediately.
- after 24 hours.
- regional.
- based on Availability Zone.
- global.
You log in to IAM on your AWS console and notice the following message. 'Delete your root access keys.' Why do you think IAM is requesting this?
- Because the root access keys will expire as soon as you log out.
- Because the root access keys expire after 1 week.
- Because the root access keys are the same for all users.
- Because they provide unrestricted access to your AWS resources.
What is the minimum charge for the data transferred between Amazon RDS and Amazon EC2 Instances in the same Availability Zone?
- USD 0.10 per GB.
- No charge. It is free.
- USD 0.02 per GB
- USD 0.01 per GB.
- In DynamoDB there is no need to grant access.
- Depended to the type of access.
- Yes.
- No.
The common use cases for DynamoDB Fine-Grained Access Control (FGAC) are cases in which the end user wants [...].
- to change the hash keys of the table directly.
- to check if an IAM policy requires the hash keys of the tables directly.
- to read or modify any code commit key of the table directly, without a middle-tier service.
- to read or modify the table directly, without a middle-tier service.
- Allow all inbound traffic and Allow no outbound traffic.
- Al low no inbound traffic and Al low no outbound traffic.
- Al low no inbound traffic and Al low all outbound traffic.
- Allow all inbound traffic and Allow all outbound traffic.
- INSUFFICIENT_DATA.
- ALARM.
- OK.
- STATUS_CHECK_FAILED.
[...] let you categorize your EC2 resources in different ways, for example, by purpose, owner, or environment.
- wildcards.
- pointers.
- tags.
- special filters.
Which of the below mentioned options is not available when an instance is launched by Auto Scaling with EC2 Classic?
- Public IP.
- Elastic IP.
- Private DNS.
- Private IP.
You have a lot of data stored in the AWS Storage Gateway and your manager has come to you asking about how the billing is calculated, specifically the Virtual Tape Shelf usage. What would be a correct response to this?
- You are billed for the virtual tape data you store in Amazon Glacier and are billed for the size of the virtual tape.
- You are billed for the virtual tape data you store in Amazon Glacier and billed for the portion of virtual tape capacity that you use, not for the size of the virtual tape.
- You are billed for the virtual tape data you store in Amazon S3 and billed for the portion of virtual tape capacity that you use, not for the size of the virtual tape.
- You are billed for the virtual tape data you store in Amazon S3 and are billed for the size of the virtual tape.
True or False: The new DB Instance that is created when you promote a Read Replica retains the backup window period.
- True.
- False.
- Amazon SNS.
- Amazon SES.
- Amazon SQS.
- Amazon FPS.
You are tasked with setting up a Linux bastion host for access to Amazon EC2 instances running in your VPC. Only clients connecting from the corporate external public IP address 72.34.51.100 should have SSH access to the host. Which option will meet the customer requirement?
- Security Group Inbound Rule: Protocol – TC.
- Port Range- 22, Source 72.34.51. 100/32.
- Security Group Inbound Rule: Protocol – UDP, Port Range- 22, Source 72.34.51.100/32.
- Network ACL Inbound Rule: Protocol – UDP, Port Range- 22, Source 72.34.51.100/32.
- Network ACL Inbound Rule: Protocol – TCP, Port Range-22, Source 72.34.51.100/0.
- Attach the volume to an instance using EC2's SSL interface.
- Write the data randomly instead of sequentially.
- Encrypt the volume using the S3 server-side encryption service.
- Create an IAM policy that restricts read and write access to the volume.
- Use an encrypted file system on top of the EBS volume.
- Only for VPC based instances.
- Yes.
- No.
- Yes but only in certain cases.
- Yes.
- No.
Which services allow the customer to retain full administrative privileges of the underlying EC2 instances? (Choose 2 answers)
- Amazon Relational Database Service.
- Amazon Elastic MapReduce.
- Amazon ElastiCache.
- Amazon DynamoDB.
- AWS Elastic Beanstalk.
- REVIEW.
- DB INSTANCE DETAILS.
- MANAGEMENT OPTIONS.
- ADDITIONAL CONFIGURATION.
You are responsible for a legacy web application whose server environment is approaching end of life. You would like to migrate this application to AWS as quickly as possible, since the application environment currently has the following limitations. The VM's single 10GB VMDK is almost full Me virtual network interface still uses the 10Mbps driver, which leaves your 100Mbps WAN connection completely underutilized. It is currently running on a highly customized. Windows VM within a VMware environment: You do not have me installation media. This is a mission critical application with an RTO (Recovery Time Objective) of 8 hours. RPO (Recovery Point Objective) of 1 hour. How could you best migrate this application to AWS while meeting your business continuity requirements?
- Use the EC2 VM Import Connector for vCenter to import the VM into EC2.
- Use Import/Export to import the VM as an ESS snapshot and attach to EC2.
- Use S3 to create a backup of the VM and restore the data into EC2.
- Use me ec2-bundle-instance API to Import an Image of the VM into EC2.
You are setting up some EBS volumes for a customer who has requested a setup which includes a RAID (redundant array of inexpensive disks). AWS has some recommendations for RAID setups. Which RAID setup is not recommended for Amazon EBS?
- RAID 5 only.
- RAID 5 and RAID 6.
- RAID 1 only.
- RAID 1 and RAID 6.
Much of your company's data does not need to be accessed often, and can take several hours for retrieval time, so it's stored on Amazon Glacier. However someone within your organization has expressed concerns that his data is more sensitive than the other data, and is wondering whether the high level of encryption that he knows is on S3 is also used on the much cheaper Glacier service. Which of the following statements would be most applicable in regards to this concern?
- There is no encryption on Amazon Glacier, that's why it is cheaper.
- Amazon Glacier automatically encrypts the data using AES-128 a lesser encryption method than Amazon S3 but you can change it to AES-256 if you are willing to pay more.
- Amazon Glacier automatically encrypts the data using AES-256, the same as Amazon S3.
- Amazon Glacier automatically encrypts the data using AES-128 a lesser encryption method than Amazon S3.
- Only Oracle based RDS.
- No.
- Only with MSSQL based RDS.
- Yes for all RDS instances.
To ensure failover capabilities, consider using a [...] for incoming traffic on a network interface.
- primary public IP.
- secondary private IP.
- secondary public IP.
- add on secondary IP.
By default, EBS volumes that are created and attached to an instance at launch are deleted when that instance is terminated. You can modify this behavior by changing the value of the flag [...] to false when you launch the instance.
- Delete On Termination.
- Remove On Deletion.
- Remove On Termination.
- Terminate On Deletion.
- AWS Simple Queue Service.
- AWS Simple Notification Service.
- AWS Simple Workflow Service.
- AWS Simple Email Service.
- Amazon EMR customers can choose to send data to Amazon S3 using the HTTPS protocol for secure transmission.
- Amazon S3 provides authentication mechanisms to ensure that stored data is secured against unauthorized access.
- Every packet sent in the AWS network uses Internet Protocol Security (IPsec).
- Customers may encrypt the input data before they upload it to Amazon S3.
- always.
- in some circumstances.
- never.
Is it possible to get a history of all EC2 API calls made on your account for security analysis and operational troubleshooting purposes?
- Yes, by default, the history of your API calls is logged.
- Yes, you should turn on the CloudTrail in the AWS console.
- No, you can only get a history of VPC API calls.
- No, you cannot store history of EC2 API calls on Amazon.
- Security, fault tolerance, high availability, and connectivity.
- Security, access control, high availability, and performance.
- Performance, cost optimization, security, and fault tolerance.
- Performance, cost optimization, access control, and connectivity.
An AWS customer runs a public blogging website. The site users upload two million blog entries a month. The average blog entry size is 200 KB. The access rate to blog entries drops to negligible 6 months after publication and users rarely access a blog entry 1 year after publication. Additionally, blog entries have a high update rate during the first 3 months following publication, this drops to no updates after 6 months. The customer wants to use CloudFront to improve his user's load times. Which of the following recommendations would you make to the customer?
- Duplicate entries into two different buckets and create two separate CloudFront distributions where S3 access is restricted only to CloudFront identity.
- Create a CloudFront distribution with 'US' Europe price class for US/ Europe users and a different CloudFront distribution with Al l Edge Locations' for the remaining users.
- Create a CloudFront distribution with S3 access restricted only to the CloudFront identity and partition the blog entry's location in S3 according to the month it was uploaded to be used withCloudFront behaviors.
- Create a CloudFronl distribution with Restrict Viewer Access Forward Query string set to true and minimum TTL of 0.
Your supervisor has asked you to build a simple file synchronization service for your department. He doesn't want to spend too much money and he wants to be notified of any changes to files by email. What do you think would be the best Amazon service to use for the email solution?
- Amazon SES.
- Amazon CloudSearch.
- Amazon SWF.
- Amazon AppStream.
- They don't exist. The Amazon EC2 AMI tools, instead, are used to manage permissions.
- Command-line tools to the Amazon EC2 web service.
- They are a set of graphical tools to manage EC2 instances.
- They don't exist. The Amazon API tools are a client interface to Amazon Web Services.
Your customer wishes to deploy an enterprise application to AWS which will consist of several web servers, several application servers and a small (50GB) Oracle database information is stored, both in the database and the file systems of the various servers. The backup system must support database recovery whole server and whole disk restores, and individual file restores with a recovery time of no more than two hours. They have chosen to use RDS Oracle as the database. Which backup architecture will meet these requirements?
- Backup RDS using automated daily DB backups Backup the EC2 instances using AMIs and supplement with file-level backup to S3 using traditional enterprise backup software to provide file level restore.
- Backup RDS using a Multi-AZ Deployment Backup the EC2 instances using Amis, and supplement by copying file system data to S3 to provide file-level restore.
- Backup RDS using automated daily DB backups Backup the EC2 instances using EBS snapshots and supplement with file-level backups to Amazon Glacier using traditional enterprise backup software to provide file-level restore.
- Backup RDS database to S3 using Oracle RMAN Backup the EC2 instances using Amis, and supplement with EBS snapshots for individual volume restore.
You are architecting a highly-scalable and reliable web application which will have a huge amount of content. You have decided to use Cloudfront as you know it will speed up distribution of your static and dynamic web content and know that Amazon CloudFront integrates with Amazon CloudWatch metrics so that you can monitor your web application. Because you live in Sydney you have chosen the the Asia Pacific (Sydney) region in the AWS console. However you have set up this up but no CloudFront metrics seem to be appearing in the CloudWatch console. What is the most likely reason from the possible choices below for this?
- Metrics for CloudWatch are available only when you choose the same region as the application you are monitoring.
- You need to pay for CloudWatch for it to become active.
- Metrics for CloudWatch are available only when you choose the US East (Virginia).
- Metrics for CloudWatch are not available for the Asia Pacific region as yet.
- Yes.
- No.
- desk.cpl.
- mstsc.
Which of the following cannot be used in Amazon EC2 to control who has access to specific Amazon EC2 instances?
- Security Groups.
- IAM System.
- SSH keys.
- Windows passwords.
What is the charge for the data transfer incurred in replicating data between your primary and standby?
- Same as the standard data transfer charge.
- Double the standard data transfer charge.
- No charge. It is free.
- Half of the standard data transfer charge.
You have a load balancer configured for VPC, and all back-end Amazon EC2 instances are in service. However, your web browser times out when connecting to the load balancer's DNS name. Which options are probable causes of this behavior? (Choose 2 answers)
- The load balancer was not configured to use a public subnet with an Internet gateway configured.
- The Amazon EC2 instances do not have a dynamically allocated private IP address.
- The security groups or network ACLs are not property configured for web traffic.
- The load balancer is not configured in a private subnet with a NAT instance.
- The VPC does not have a VGW configured.
- Amazon Resource Number.
- Amazon Resource Nametag.
- Amazon Resource Name.
- Amazon Resource Namespace.
- BYOL and Enterprise License.
- BYOL and License Included.
- Enterprise License and License Included.
- Role based License and License Included.
- Security Group and ACL (Access Control List) settings.
- Decommissioning storage devices.
- Patch management on the EC2 instance's operating system.
- Life-cycle management of IAM credentials.
- Controlling physical access to compute resources.
- Encryption of EBS (Elastic Block Storage) volumes.
You have a web application running on six Amazon EC2 instances, consuming about 45% of resources on each instance. You are using auto-scaling to make sure that six instances are running at all times. The number of requests this application processes is consistent and does not experience spikes. The application is critical to your business and you want high availability at all times. You want the load to be distributed evenly between all instances. You also want to use the same Amazon Machine Image (AMI) for all instances. Which of the following architectural choices should you make?
- Deploy 6 EC2 instances in one Availability Zone and use Amazon Elastic Load Balancer.
- Deploy 3 EC2 instances in one region and 3 in another region and use Amazon Elastic Load Balancer.
- Deploy 3 EC2 instances in one Availability Zone and 3 in another Availability Zone and use Amazon Elastic Load Balancer.
- Deploy 2 EC2 instances in three regions and use Amazon Elastic Load Balancer.
An ERP application is deployed across multiple AZs in a single region. in the event of failure, the Recovery Time Objective (RTO) must be less than 3 hours, and the Recovery Point Objective (RPO) must be 15 minutes the customer realizes that data corruption occurred roughly 1.5 hours ago. What DR strategy could be used to achieve this RTO and RPO in the event of this kind of failure?
- Take hourly DB backups to S3, with transaction logs stored in S3 every 5 minutes.
- Use synchronous database master-slave replication between two Availability Zones.
- Take hourly DB backups to EC2 Instance store volumes with transaction logs stored in S3 every 5 minutes.
- Take 15 minute DB backups stored in Glacier with transaction logs stored in S3 every 5 minutes.
You have been setting up an Amazon Virtual Private Cloud (Amazon VPC) for your company, including setting up subnets. Security is a concern, and you are not sure which is the best security practice for securing subnets in your VPC. Which statement below is correct in describing the protection of AWS resources in each subnet?
- You can use multiple layers of security, including security groups and network access control lists (ACL).
- You can only use access control lists (ACL).
- You don't need any security in subnets.
- You can use multiple layers of security, including security groups, network access control lists (ACL) and CloudHS.
Amazon EC2 provides a repository of public data sets that can be seamlessly integrated into AWS cloud-based applications. What is the monthly charge for using the public data sets?
- A 1 time charge of 10$ for all the datasets.
- 1$ per dataset per month.
- 10$ per month for all the datasets.
- There is no charge for using the public data sets.
[...] embodies the 'share-nothing' architecture and essentially involves breaking a large database into several smaller databases. Common ways to split a database include: 1. Splitting tables that are not joined in the same query onto different hosts or 2. Duplicating a table across multiple hosts and then using a hashing algorithm to determine which host receives a given update.
- $harding.
- Fai lure recovery.
- Federation.
- DOL operations.
After deploying a new website for a client on AWS, he asks if you can set it up so that if it fails it can be automatically redirected to a backup website that he has stored on a dedicated server elsewhere. You are wondering whether Amazon Route 53 can do this. Which statement below is correct in regards to Amazon Route 53?
- Amazon Route 53 can't help detect an outage. You need to use another service.
- Amazon Route 53 can help detect an outage of your website and redirect your end users to alternate locations.
- Amazon Route 53 can help detect an outage of your website but can't redirect your end users to alternate locations.
- Amazon Route 53 can't help detect an outage of your website, but can redirect your end users to alternate locations.
Your company plans to host a large donation website on Amazon Web Services (AWS). You anticipate a large and undetermined amount of traffic that will create many database writes. To be certain that you do not drop any writes to a database hosted on AWS. Which service should you use?
- Amazon RDS with provisioned IOPS up to the anticipated peak write throughput.
- Amazon Simple Queue Service (SOS) for capturing the writes and draining the queue to write to the database.
- Amazon ElastiCache to store the writes until the writes are committed to the database.
- Amazon DynamoDB with provisioned write throughput up to the anticipated peak write throughput.
You have set up an Auto Scaling group. The cool down period for the Auto Scaling group is 7 minutes. The first instance is launched after 3 minutes, while the second instance is launched after 4 minutes. How many minutes after the first instance is launched will Auto Scaling accept another scaling activity request?
- 11 minutes.
- 7 minutes.
- 10 minutes.
- 14 minutes.
You are migrating a legacy client-server application to AWS. The application responds to a specific DNS domain (e.g. <www.example.com>) and has a 2-tier architecture, with multiple application servers and a database server. Remote clients use TCP to connect to the application servers. The application servers need to know the IP address of the clients in order to function properly and are currently taking that information from the TCP socket. A Multi-AZ RDS MySQL instance will be used for the database. During the migration you can change the application code, but you have to file a change request. How would you implement the architecture on AWS in order to maximize scalability and high availability?
- File a change request to implement Alias Resource support in the application. Use Route 53 Alias Resource Record to distribute load on two application servers in different AZs.
- File a change request to implement Latency Based Routing support in the application. Use Route 53 with Latency Based Routing enabled to distribute load on two application servers in different AZs.
- File a change request to implement Cross-Zone support in the application. Use an ELB with a TCP Listener and Cross-Zone Load Balancing enabled, two application servers in different AZs.
- File a change request to implement Proxy Protocol support in the application. Use an ELB with a TCP Listener and Proxy Protocol enabled to distribute load on two application servers in different AZs.
- Yes.
- No.
- Only in VPC.
Your system recently experienced down time during the troubleshooting process. You found that a new administrator mistakenly terminated several production EC2 instances. Which of the following strategies will help prevent a similar situation in the future? The administrator still must be able to: Launch, start stop, and terminate development resources. Launch and start production instances.
- Create an IAM user, which is not allowed to terminate instances by leveraging production EC2 termination protection.
- Leverage resource based tagging along with an IAM user, which can prevent specific users from terminating production EC2 resources.
- Leverage EC2 termination protection and multi-factor authentication, which together require users to authenticate before terminating EC2 instances.
- Create an IAM user and apply an IAM role which prevents users from terminating production EC2 instances.
You have just set up a large site for a client which involved a huge database which you set up with Amazon RDS to run as a Multi-AZ deployment. You now start to worry about what will happen if the database instance fails. Which statement best describes how this database will function if there is a database failure?
- Updates to your DB Instance are synchronously replicated across Availability Zones to the standby in order to keep both in sync and protect your latest database updates against DB Instance failure.
- Your database will not resume operation without manual administrative intervention.
- Updates to your DB Instance are asynchronously replicated across Availability Zones to the standby in order to keep both in sync and protect your latest database updates against DB Instance failure.
- Updates to your DB Instance are synchronously replicated across S3 to the standby in order to keep both in sync and protect your latest database updates against DB Instance failure.
Your company has an on-premises multi-tier PHP web application, which recently experienced downtime due to a large burst in web traffic due to a company announcement Over the coming days, you are expecting similar announcements to drive similar unpredictable bursts, and are looking to find ways to quickly improve your infrastructures ability to handle unexpected increases in traffic. The application currently consists of 2 tiers a web tier which consists of a load balancer and several Linux Apache web servers as well as a database tier which hosts a Linux server hosting a MySQLdatabase. Which scenario below will provide full site functionality, while helping to improve the ability of your application in the short timeframe required?
- Failover environment: Create an S3 bucket and configure it for website hosting. Migrate your DNS to Route 53 using zone file import, and leverage Route 53 DNS failover to failover to the S3 hosted website.
- Hybrid environment: Create an AMI, which can be used to launch web servers in EC2. Create an Auto Scaling group, which uses the AMI to scale the web tier based on incoming traffic. LeverageElastic Load Balancing to balance traffic between on-premises web servers and those hosted in AWS.
- Offload traffic from on-premises environment: Setup a CloudFront distribution, and configure CloudFront to cache objects from a custom origin. Choose to customize your object cache behavior, and select a TIL that objects should exist in cache.
- Migrate to AWS: Use VM Import/Export to quickly convert an on-premises web server to an AMI.
- Create an Auto Scaling group, which uses the imported AMI to scale the web tier based on incoming traffic. Create an RDS read replica and setup replication between the RDS instance and on-premises MySQL server to migrate the database.
- Paying account and Linked account.
- Parent account and Child account.
- Main account and Sub account.
- Main account and Secondary account.
You have a periodic Image analysis application that gets some files in Input analyzes them and tor each file writes some data in output to a ten file the number of files in input per day is high and concentrated in a few hours of the day. Currently you have a server on EC2 with a large EBS volume that hosts the input data and the results it takes almost 20 hours per day to complete the process What services could be used to reduce the elaboration time and improve the availability of the solution?
- Amazon S3 to store 1/0 files. SQS to distribute elaboration commands to a group of hosts working in parallel. Auto scaling to dynamically size the group of hosts depending on the length of the SQS queue.
- EBS with Provisioned IOPS (PIOPS) to store 1/0 files. SNS to distribute elaboration commands to a group of hosts working in parallel Auto Scaling to dynamically size the group of hosts depending on the number of SNS notifications.
- Amazon S3 to store 1/0 files, SNS to distribute evaporation commands to a group of hosts working in parallel. Auto scaling to dynamically size the group of hosts depending on the number of SNS notifications.
- EBS with Provisioned IOPS (PIOPS) to store 1/0 files SOS to distribute elaboration commands to a group of hosts working in parallel Auto Scaling to dynamically size the group ot hosts depending on the length of the SQS queue.
While controlling access to Amazon EC2 resources, which of the following acts as a firewall that controls the traffic allowed to reach one or more instances?
- A security group.
- An instance type.
- A storage cluster.
- An object.
- http://254.169.169.254/latest/.
- http://169.169.254.254/latest/.
- http://127.0.0.1/latest/.
- http://169.254.169.254/latest/.
While using the EC2 GET requests as URLs, the [...] is the URL that serves as the entry point for the web service.
- token.
- endpoint.
- action.
- None of these.
A user is planning to launch a scalable web application. Which of the below mentioned options will not affect the latency of the application?
- Region.
- Provisioned IOPS.
- Availability Zone.
- Instance size.
Your firm has uploaded a large amount of aerial image data to S3 in the past, in your on-premises environment, you used a dedicated group of servers to oaten process this data and used Rabbit MQAnopen source messaging system to get job information to the servers. Once processed the data would go to tape and be shipped offsite. Your manager told you to stay with the current design, and leverage AWS archival storage and messaging services to minimize cost. Which is correct?
- Use SQS for passing job messages use Cloud Watch alarms to terminate EC2 worker instances when they become idle. Once data is processed, change the storage class of the S3 objects to Reduced Redundancy Storage.
- Setup Auto-Scaled workers triggered by queue depth that use spot instances to process messages in SOS Once data is processed,
- Change the storage class of the S3 objects to Reduced Redundancy Storage. Setup Auto-Scaled workers triggered by queue depth that use spot instances to process messages in SQS Once data is processed, change the storage class of the S3 objects to Glacier.
- Use SNS to pass job messages use Cloud Watch alarms to terminate spot worker instances when they become idle. Once data is processed, change the storage class of the S3 object to Glacier.
A user has launched 10 EC2 instances inside a placement group. Which of the below mentioned statements is true with respect to the placement group?
- All instances must be in the same AZ.
- All instances can be across multiple regions.
- The placement group cannot have more than 5 instances.
- All instances must be in the same region.
A user has created a CloudFormation stack. The stack creates AWS services, such as EC2 instances, ELB, AutoScaling, and RDS. While creating the stack it created EC2, ELB and AutoScaling but failed to create RDS. What will CloudFormation do in this scenario?
- Rollback all the changes and terminate all the created services.
- It will wait for the user's input about the error and correct the mistake after the input.
- CloudFormation can never throw an error after launching a few services since it verifies all the steps before launching.
- It will warn the user about the error and ask the user to manually create RDS.
You have been asked to design the storage layer for an application. The application requires disk performance of at least 100,000 IOPS. In addition, the storage layer must be able to survive the loss of an individual disk, EC2 instance, or Availability Zone without any data loss. The volume you provide must have a capacity of at least 3 TB. Which of the following designs will meet these objectives?
- Instantiate a c3.8xlarge instance in us-east-1. Provision 4x1TB EBS volumes, attach them to the instance, and configure them as a single RAID 5 volume. Ensure that EBS snapshots are performed every 15 minutes.
- Instantiate a c3.8xlarge instance in us-east-1. Provision 3xlTB EBS volumes, attach them to the Instance, and configure them as a single RAID 0 volume. Ensure that EBS snapshots are performed every 15 minutes.
- Instantiate an i2.8xlarge instance in us-east-1a. Create a RAID 0 volume using the four 800GB SSD ephemeral disks provided with the instance. Provision 3x1TB EBS volumes, attach them to the instance, and configure them as a second RAID 0 volume. Configure synchronous, block-level replication from the ephemeral-backed volume to the EBS-backed volume.
- Instantiate a c3.8xlarge instance in us-east-1. Provision an AWS Storage Gateway and configure it for 3 TB of storage and 100,000 IOPS. Attach the volume to the instance.
- Instantiate an i2.8xlarge instance in us-east-1a. Create a RAID 0 volume using the four 800GB SSD ephemeral disks provided with the instance. Configure synchronous, block-level replication to an identically configured instance in us-east-1b.
A company is preparing to give AWS Management Console access to developers Company policy mandates identity federation and role-based access control. Roles are currently assigned using groups in the corporate Active Directory. What combination of the following will give developers access to the AWS console? (Choose 2 answers)
- AWS Directory Service AD Connector.
- AWS Directory Service Simple AD.
- AWS Identity and Access Management groups.
- AWS identity and Access Management roles.
- AWS identity and Access Management users.
Your startup wants to implement an order fulfillment process for selling a personalized gadget that needs an average of 3-4 days to produce with some orders taking up to 6 months you expect 10orders per day on your first day. 1000 orders per day after 6 months and 10,000 orders after 12 months. Orders coming in are checked for consistency men dispatched to your manufacturing plant for production quality control packaging shipment and payment processing If the product does not meet the quality standards at any stage of the process employees may force the process to repeat a step Customers are notified via email about order status and any critical issues with their orders such as payment failure. Your case architecture includes AWS Elastic Beanstalk for your website with an RDS MySQL instance for customer data and orders. How can you implement the order fulfillment process while making sure that the emails are delivered reliably?
- Add a business process management application to your Elastic Beanstalk app servers and re-use the ROS database for tracking order status use one of the Elastic Beanstalk instances to send emails to customers.
- Use SWF with an Auto Scaling group of activity workers and a decider instance in another Auto Scaling group with min/max=l Use the decider instance to send emails to customers.
- Use SWF with an Auto Scaling group of activity workers and a decider instance in another Auto Scaling group with min/max=l use SES to send emails to customers.
- Use an SQS queue to manage all process tasks Use an Auto Scaling group of EC2 Instances that poll the tasks and execute them. Use SES to send emails to customers.
- user.
- AWS Account.
- group.
- role.
A user is accessing an EC2 instance on the SSH port for IP 10.20.30.40. Which one is a secure way to configure that the instance can be accessed only from this IP?
- In the security group, open port 22 for IP 10.20.30.40.
- In the security group, open port 22 for IP 10.20.30.40/32.
- In the security group, open port 22 for IP 10.20.30.40/24.
- In the security group, open port 22 for IP 10.20.30.40/0.
Read Replicas require a transactional storage engine and are only supported for the [...] storage engine.
- OracleISAM.
- MSSQLDB.
- InnoDB.
- MyISAM.
- You mean Amazon 'Iceberg': it's a low-cost storage service.
- A security tool that allows to 'freeze' an EBS volume and perform computer forensics on it.
- A low-cost storage service that provides secure and durable storage for data archiving and backup.
- It's a security tool that allows to 'freeze' an EC2 instance and perform computer forensics on it.
You have a content management system running on an Amazon EC2 instance that is approaching 100% CPU utilization. Which option will reduce load on the Amazon EC2 instance?
- Create a load balancer, and register the Amazon EC2 instance with it.
- Create a CloudFront distribution, and configure the Amazon EC2 instance as the origin.
- Create an Auto Scaling group from the instance using the Create AutoScaling Group action.
- Create a launch configuration from the instance using the Create launch Configuration action.
- Only in certain regions.
- Only in VPC.
- Yes.
- No.
When controlling access to Amazon EC2 resources, each Amazon EBS Snapshot has a [...] attribute that controls which AWS accounts can use the snapshot.
- createVolumePermission.
- LaunchPermission.
- SharePermission.
- RequestPermission.
You have decided to change the instance type for instances running in your application tier that is using Auto Scaling. In which area below would you change the instance type definition?
- Auto Scaling policy.
- Auto Scaling group.
- Auto Scaling tags.
- Auto Scaling launch configuration.
- The launch configuration can be created only using the Query APIs.
- Auto Scaling automatically creates a launch configuration directly from an EC2 instance.
- A user should manually create a launch configuration before creating an Auto Scaling group.
- The launch configuration should be created manually from the AWS CL.
Your company has multiple IT departments, each with their own VPC. Some VPCs are located within the same AWS account, and others in a different AWS account. You want to peer together all VPCs to enable the IT departments to have full access to each others' resources. There are certain limitations placed on VPC peering. Which of the following statements is incorrect in relation to VPC peering?
- Private DNS values cannot be resolved between instances in peered VPCs.
- You can have up to 3 VPC peering connections between the same two VPCs at the same time.
- You cannot create a VPC peering connection between VPCs in different regions.
- You have a limit on the number active and pending VPC peering connections that you can have per VP.
A gaming company comes to you and asks you to build them infrastructure for their site. They are not sure how big they will be as with all start ups they have limited money and big ideas. What they do tell you is that if the game becomes successful, like one of their previous games, it may rapidly grow to millions of users and generate tens (or even hundreds) of thousands of writes and reads per second. After considering all of this, you decide that they need a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. Which of the following databases do you think would best fit their needs?
- Amazon DynamoDB.
- Amazon Redshift.
- Any non-relational database.
- Amazon SimpleDB.
- security group.
- ACL.
- IAM.
- private IP Addresses.
Your manager has just given you access to multiple VPN connections that someone else has recently set up between all your company's offices. She needs you to make sure that the communication between the VPNs is secure. Which of the following services would be best for providing a low-cost hub-and-spoke model for primary or backup connectivity between these remote offices?
- Amazon CloudFront.
- AWS Direct Connect.
- AWS CloudHSM.
- AWS VPN CloudHub.
You need to create a management network using network interfaces for a virtual private cloud (VPC) network. Which of the following statements is incorrect pertaining to Best Practices for ConfiguringNetwork Interfaces.
- You can detach secondary (ethN) network interfaces when the instance is running or stopped. However, you can't detach the primary (eth0) interface.
- Launching an instance with multiple network interfaces automatically configures interfaces, private IP addresses, and route tables on the operating system of the instance.
- You can attach a network interface in one subnet to an instance in another subnet in the same VPC, however, both the network interface and the instance must reside in the same Availability Zone.
- Attaching another network interface to an instance is a valid method to increase or double the network bandwidth to or from the dual-homed instance.
A user has launched 10 EC2 instances inside a placement group. Which of the following statements is true in regards to what ability launching your instances into a VPC instead of EC2-Classic gives you?
- All of the things listed here.
- Change security group membership for your instances while they're running.
- Assign static private IP addresses to your instances that persist across starts and stops.
- Define network interfaces, and attach one or more network interfaces to your instances.
In the HQ region you run an hourly batch process reading data from every region to compute cross regional reports that are sent by email to all offices this batch process must be completed as fast as possible to quickly optimize logistics how do you build the database architecture in order to meet the requirements'?
- For each regional deployment, use RDS MySQL with a master in the region and a read replica in the HQ region.
- For each regional deployment, use MySQL on EC2 with a master in the region and send hourly EBS snapshots to the HQ region.
- For each regional deployment, use RDS MySQL with a master in the region and send hourly RDS snapshots to the HQ region.
- For each regional deployment, use MySQL on EC2 with a master in the region and use S3 to copy data files hourly to the HQ region.
- Use Direct Connect to connect all regional MySQL deployments to the HQ region and reduce network latency for the batch process.
What is the average IOPS that the user will get for most of the year as per EC2 SLA if the instance is attached to the EBS optimized instance?
- 950.
- 990.
- 1000.
- 900.
You are working with a customer who has 10 TB of archival data that they want to migrate to Amazon Glacier. The customer has a 1-Mbps connection to the Internet. Which service or feature provides the fastest method of getting the data into Amazon Glacier?
- Amazon Glacier multipart upload.
- AWS Storage Gateway.
- VM Import/Export.
- AWS Import/Export.
Your manager has asked you to set up a public subnet with instances that can send and receive internet traffic, and a private subnet that can't receive traffic directly from the internet, but can initiate traffic to the internet (and receive responses) through a NAT instance in the public subnet. Hence, the following 3 rules need to be allowed: Inbound SSH traffic. Web servers in the public subnet to read and write to MS SQL servers in the private subnet. Inbound RDP traffic from the Microsoft Terminal Services gateway in the public private subnet. What are the respective ports that need to be opened for this?
- Ports 22, 1433, 3389.
- Ports 21, 1433, 3389.
- Ports 25, 1433, 3389.
- Ports 22, 1343, 3999.
An EC2 instance is connected to an ENI (Elastic Network Interface) in one subnet. What happens to the data on an instance if the instance reboots (intentionally or unintentionally)?
- Data will be lost.
- Data persists.
- Key pairs.
- Elastic IP addresses.
- Placement groups.
- Amazon EBS snapshots.
Without [...] you must either create multiple AWS accounts-each with its own billing and subscriptions to AWS products-or your employees must share the security credentials of a single AWS account.
- Amazon RDS.
- Amazon Glacier.
- Amazon EMR.
- Amazon IAM.
An EC2 instance is connected to an ENI (Elastic Network Interface) in one subnet. What happens when you attach an ENI of a different subnet to this EC2 instance?
- The EC2 instance follows the rules of the older subnet.
- The EC2 instance follows the rules of both the subnets.
- Not possible, cannot be connected to 2 ENIs.
- The EC2 instance follows the rules of the newer subnet.
You have deployed a three-tier web application in a VPC with a CIDR block of 10.0.0.0/28. You initially deploy two web servers, two application servers, two database servers and one NAT instance tor a total of seven EC2 instances. The web, application and database servers are deployed across two Availability Zones (AZs). You also deploy an ELB in front of the two web servers, and use Route 53 for DNS Web. Raffle gradually increases in the first few days following the deployment, so you attempt to double the number of instances in each tier of the application to handle the new load unfortunately some of these new instances fail to launch.Which of the following could be the root caused? (Choose 2 answers)
- AWS reserves the first and the last private IP address in each subnet's CIDR block so you do not have enough addresses left to launch all of the new EC2 instances.
- The Internet Gateway (IGW) of your VPC has scaled-up, adding more instances to handle the traffic spike, reducing the number of available private IP addresses for new instance launches.
- The ELB has scaled-up, adding more instances to handle the traffic spike, reducing the number of available private IP addresses for new instance launches.
- AWS reserves one IP address in each subnet's CIDR block for Route 53 so you do not have enough addresses left to launch all of the new EC2 instances.
- AWS reserves the first four and the last IP address in each subnet's CIDR block so you do not have enough addresses left to launch all of the new EC2 instances.
- You change storage type from standard to PIOPS, and Apply Immediately is set to true.
- You change the DB instance class, and Apply Immediately is set to false.
- You change a static parameter in a DB parameter group.
- You change the backup retention period for a DB instance from 0 to a nonzero value or from a nonzero value to 0, and Apply Immediately is set to false.
- Asynchronously.
- Synchronously.
You are tasked with moving a legacy application from a virtual machine running Inside your datacenter to an Amazon VPC Unfortunately this app requires access to a number of on-premises services and no one who configured the app still works for your company. Even worse there's no documentation for it. What will allow the application running inside the VPC to reach back and access its internal dependencies without being reconfigured? (Choose 3 answers)
- An AWS Direct Connect link between the VPC and the network housing the internal services.
- An Internet Gateway to allow a VPN connection.
- An Elastic IP address on the VPC instance.
- An IP address space that does not conflict with the one on-premises.
- Entries in Amazon Route 53 that allow the Instance to resolve its dependencies' IP addresses.
- A VM Import of the current virtual machine.
A company needs to deploy services to an AWS region which they have not previously used. The company currently has an AWS identity and Access Management (IAM) role for the Amazon EC2 instances, which permits the instance to have access to Amazon DynamoDB. The company wants their EC2 instances in the new region to have the same privileges. How should the company achieve this?
- Create a new IAM role and associated policies within the new region.
- Assign the existing IAM role to the Amazon EC2 instances in the new region.
- Copy the IAM role and associated policies to the new region and attach it to the instances.
- Create an Amazon Machine Image (AMI) of the instance and copy it to the desired region using the AMI Copy feature.
If you want to launch Amazon Elastic Compute Cloud (EC2) instances and assign each instance a predetermined private IP address you should:
- Launch the instance from a private Amazon Machine Image (AMI).
- Assign a group of sequential Elastic IP address to the instances.
- Launch the instances in the Amazon Virtual Private Cloud (VPC).
- Launch the instances in a Placement Group.
- Use standard EC2 instances since each instance gets a private Domain Name Service (DNS) already.
When automatic failover occurs, Amazon RDS will emit a DB Instance event to inform you that automatic failover occurred. You can use the [...] to return information about events related to your DB Instance.
- FetchFailure.
- DescriveFailure.
- DescribeEvents.
- FetchEvents.
You have a Business support plan with AWS. One of your EC2 instances is running Microsoft Windows Server 2008 R2 and you are having problems with the software. Can you receive support from AWS for this software?
- Yes.
- No, AWS does not support any third-party software.
- No, Microsoft Windows Server 2008 R2 is not supported.
- No, you need to be on the enterprise support plan.
A newspaper organization has a on-premises application which allows the public to search its back catalogue and retrieve individual newspaper pages via a website written in Java They have scanned the old newspapers into JPEGs (approx 17TB) and used Optical Character Recognition (OCR) to populate a commercial search product. The hosting platform and software are now end of life and the organization wants to migrate Its archive to AWS and produce a cost efficient architecture and still be designed for availability and durability. Which is the most appropriate?
- Use S3 with reduced redundancy to store and serve the scanned files, install the commercial search application on EC2 Instances and configure with auto-scaling and an Elastic Load Balancer.
- Model the environment using CloudFormation use an EC2 instance running Apache webserver and an open source search application, stripe multiple standard EB5 volumes together to store the JPEGs and search index.
- Use S3 with standard redundancy to store and serve the scanned files, use Cloud5earch for query processing, and use Elastic Beanstalk to host the website across multiple Availability Zones.
- Use a single-AZ RD5 My5QL instance to store the search index 33d the JPEG images use an EC2 instance to serve the website and translate user queries into 5Q
- Use a CloudFront download distribution to serve the JPEGs to the end users and Install the current commercial search product, along with a Java Container Tor the website on EC2 instances and use Route 53 with DNS round-robin.
- 1.
- 50.
- 20.
- 10.
In Amazon EC2, while sharing an Amazon EBS snapshot, can the snapshots with AWS Marketplace product codes be public?
- Yes, but only for US-based providers.
- Yes, they can be public.
- No, they cannot be made public.
- Yes, they are automatically made public by the system.
A company has an AWS account that contains three VPCs (Dev, Test, and Prod) in the same region. Test is peered to both Prod and Dev. All VPCs have non-overlapping CIDR blocks. The company wants to push minor code releases from Dev to Prod to speed up time to market. Which of the following options helps the company accomplish this?
- Create a new peering connection Between Prod and Dev along with appropriate routes.
- Create a new entry to Prod in the Dev route table using the peering connection as the target.
- Attach a second gateway to Dev. Add a new entry in the Prod route table identifying the gateway as the target.
- The VPCs have non-overlapping Cl DR blocks in the same account. The route tables contain local routes for all VPCs.
The [...] service is targeted at organizations with multiple users or systems that use AWS products such as Amazon EC2, Amazon SimpleDB, and the AWS Management Console.
- Amazon RDS.
- AWS Integrity Management.
- AWS Identity and Access Management.
- Amazon EMR.
You have just been given a scope for a new client who has an enormous amount of data (petabytes) that he constantly needs analysed. Currently he is paying a huge amount of money for a data warehousing company to do this for him and is wondering if AWS can provide a cheaper solution. Do you think AWS has a solution for this?
- Yes. Amazon SimpleDB.
- No. Not presently.
- Yes. Amazon Redshift.
- Yes. Your choice of relational AMIs on Amazon EC2 and EBS.
You have set up an Elastic Load Balancer (ELB) with the usual default settings, which route each request independently to the application instance with the smallest load. However, someone has asked you to bind a user's session to a specific application instance so as to ensure that all requests coming from the user during the session will be sent to the same application instance. AWS has a feature to do this. What is it called?
- Connection draining.
- Proxy protocol.
- Tagging.
- Sticky session.
You have written a CloudFormation template that creates 1 Elastic Load Balancer fronting 2 EC2 Instances. Which section of the template should you edit so that the DNS of the load balancer is returned upon creation of the stack?
- Resources.
- Outputs.
- Parameters.
- Mappings.
AWS CloudFormation is a service that helps you model and set up your Amazon Web Services resources so that you can spend less time managing those resources and more time focusing on your applications that run in AWS. You create a template that describes all the AWS resources that you want (like Amazon EC2 instances or Amazon RDS DB instances), and AWS CloudFormation takes care of provisioning and configuring those resources for you. What formatting is required for this template?
- JSON-formatted document.
- CSS-formatted document.
- XML-formatted document.
- HTML-formatted document.
A user has created an application which will be hosted on EC2. The application makes calls to DynamoDB to fetch certain data. The application is using the DynamoDB SDK to connect with from theEC2 instance. Which of the below mentioned statements is true with respect to the best practice for security in this scenario?
- The user should create an IAM user with DynamoDB access and use its credentials within the application to connect with DynamoDB.
- The user should attach an IAM role with DynamoDB access to the EC2 instance.
- The user should create an IAM role, which has EC2 access so that it will allow deploying the application.
- The user should create an IAM user with DynamoDB and EC2 access. Attach the user with the application so that it does not use the root account credentials.
After setting up an EC2 security group with a cluster of 20 EC2 instances, you find an error in the security group settings. You quickly make changes to the security group settings. When will the changes to the settings be effective?
- The settings will be effective immediately for all the instances in the security group.
- The settings will be effective only when all the instances are restarted.
- The settings will be effective for all the instances only after 30 minutes.
- The settings will be effective only for the new instances added to the security group.
- Yes, if configured with the Launch Config.
- Yes, always.
- Yes, if configured with the Auto Scaling group.
- No.
Which Amazon storage do you think is the best for my database-style applications that frequently encounter many random reads and writes across the dataset?
- None of these.
- Amazon Instance Storage.
- Any of these.
- Amazon EBS.
In the Amazon RDS Oracle DB engine, the Database Diagnostic Pack and the Database Tuning Pack are only available with [...].
- Oracle Standard Edition.
- Oracle Express Edition.
- Oracle Enterprise Edition.
- None of these.
- Only for Oracle RDS types.
- Yes.
- Only if configured at launch.
- No.
An administrator is using Amazon CloudFormation to deploy a three tier web application that consists of a web tier and application tier that will utilize Amazon DynamoDB for storage when creating theCloudFormation template which of the following would allow the application instance access to the DynamoDB tables without exposing API credentials?
- Create an Identity and Access Management Role that has the required permissions to read and write from the required DynamoDB table and associate the Role to the application instances by referencing an instance profile.
- Use the Parameter section in the Cloud Formation template to nave the user input Access and Secret Keys from an already created IAM user that has me permissions required to read and write from the required DynamoDB table.
- Create an Identity and Access Management Role that has the required permissions to read and write from the required DynamoDB table and reference the Role in the instance profile property of the application instance.
- Create an identity and Access Management user in the CloudFormation template that has permissions to read and write from the required DynamoDB table, use the GetAtt function to retrieve the Access and secret keys and pass them to the application instance through user-data.
In an experiment, if the minimum size for an Auto Scaling group is 1 instance, which of the following statements holds true when you terminate the running instance?
- Auto Scaling must launch a new instance to replace it.
- Auto Scaling will raise an alarm and send a notification to the user for action.
- Auto Scaling must configure the schedule activity that terminates the instance after 5 days.
- Auto Scaling will terminate the experiment.
- True.
- False.
Amazon S3 doesn't automatically give a user who creates [...] permission to perform other actions on that bucket or object.
- a file.
- a bucket or object.
- a bucket or file.
- a object or file.
A company wants to review the security requirements of Glacier. Which of the below mentioned statements is true with respect to the AWS Glacier data security?
- All data stored on Glacier is protected with AES-256 serverside encryption.
- All data stored on Glacier is protected with AES-128 serverside encryption.
- The user can set the serverside encryption flag to encrypt the data stored on Glacier.
- The data stored on Glacier is not encrypted by default.
- Elastic Block Storage.
- Elastic Business Server.
- Elastic Blade Server.
- Elastic Block Store.
You have a distributed application that periodically processes large volumes of data across multiple Amazon EC2 Instances. The application is designed to recover gracefully from Amazon EC2 instance failures. You are required to accomplish this task in the most cost-effective way. Which of the following will meet your requirements?
- Spot Instances.
- Reserved instances.
- Dedicated instances.
- On-Demand instances.
- Simple Web Flow.
- Simple Work Flow.
- Simple Wireless Forms.
- Simple Web Form.
Can you specify the security group that you created for a VPC when you launch an instance in EC2-Classic?
- No, you can specify the security group created for EC2-Classic when you launch a VPC instance.
- Yes.
- No.
- No, you can specify the security group created for EC2-Classic to a non-VPC based instance only.
- Establish a hardware VPN over the internet between VPC-2 and the on-premises network.
- Establish a hardware VPN over the internet between VPC-1 and the on-premises network.
- Establish a new AWS Direct Connect connection and private virtual interface in the same region as VPC-2.
- Establish a new AWS Direct Connect connection and private virtual interface in a different AWS region than VPC-1.
- Establish a new AWS Direct Connect connection and private virtual interface in the same AWS region as VPC-1.
- Lower the scale up trigger of your Auto Scaling group to 30% so it scales more aggressively.
- Add an Amazon ElastiCache caching layer to your application for storing sessions and frequent DB queries.
- Configure Amazon CloudFront dynamic content support to enable caching of re-usable content from your site.
- Switch Amazon RDS database to the high memory extra large Instance type.
- Set up a second installation in another region, and use the Amazon Route 53 latency-based routing feature to select the right region.
Typically, you want your application to check whether a request generated an error before you spend any time processing results. The easiest way to find out if an error occurred is to look for an [...] node in the response from the Amazon RDS API.
- incorrect.
- error.
Through which of the following interfaces is AWS Identity and Access Management available? A. AWS Management Console. B. Command line interface (CLI). C. IAM Query API. D. Existing libraries.
- Only through Command line interface (CLI).
- A, B and C.
- A and C.
- All of the above.
- block map.
- storage block.
- mapping device.
- block device.
You have just finished setting up an advertisement server in which one of the obvious choices for a service was Amazon Elastic MapReduce( EMR) and are now troubleshooting some weird cluster states that you are seeing. Which of the below is not an Amazon EMR cluster state?
- STARTING.
- STOPPED.
- RUNNING.
- WAITING.
A US-based company is expanding their web presence into Europe. The company wants to extend their AWS infrastructure from Northern Virginia (us-east-1) into the Dublin (eu-west-1) region. Which of the following options would enable an equivalent experience for users on both continents?
- Use a public-facing load balancer per region to load-balance web traffic, and enable HTTP health checks.
- Use a public-facing load balancer per region to load-balance web traffic, and enable sticky sessions.
- Use Amazon Route 53, and apply a geolocation routing policy to distribute traffic across both regions.
- Use Amazon Route 53, and apply a weighted routing policy to distribute traffic across both regions.
You are building infrastructure for a data warehousing solution and an extra request has come through that there will be a lot of business reporting queries running all the time and you are not sure if your current DB instance will be able to handle it. What would be the best solution for this?
- DB Parameter Groups.
- Read Replicas.
- Multi-AZ DB Instance deployment.
- Database Snapshots.
One of the criteria for a new deployment is that the customer wants to use AWS Storage Gateway. However you are not sure whether you should use gateway-cached volumes or gateway-stored volumes or even what the differences are. Which statement below best describes those differences?
- Gateway-cached lets you store your data in Amazon Simple Storage Service (Amazon S3) and retain a copy of frequently accessed data subsets locally. Gateway-stored enables you to configure your on-premises gateway to store all your data locally and then asynchronously back up point-in-time snapshots of this data to Amazon S3.
- Gateway-cached is free whilst gateway-stored is not.
- Gateway-cached is up to 10 times faster than gateway-stored.
- Gateway-stored lets you store your data in Amazon Simple Storage Service (Amazon S3) and retain a copy of frequently accessed data subsets locally. Gateway-cached enables you to configure your on-premises gateway to store all your data locally and then asynchronously back up point-in-time snapshots of this data to Amazon S3.
- Define maintenance period for database engines.
- Launch Amazon RDS instances in a subnet.
- Create, describe, modify, and delete DB instances.
- Control what IP addresses or EC2 instances can connect to your databases on a DB instance.
- Forever.
- 12 Months upon signup.
- 1 Month upon signup.
- 6 Months upon signup.
After you recommend Amazon Redshift to a client as an alternative solution to paying data warehouses to analyze his data, your client asks you to explain why you are recommending Redshift. Which of the following would be a reasonable response to his request?
- It has high performance at scale as data and query complexity grows.
- It prevents reporting and analytic processing from interfering with the performance of OLTP workloads.
- You don't have the administrative burden of running your own data warehouse and dealing with setup, durability, monitoring, scaling, and patching.
- All answers listed are a reasonable response to his question.
You can seamlessly join an EC2 instance to your directory domain. What connectivity do you need to be able to connect remotely to this instance?
- You must have IP connectivity to the instance from the network you are connecting from.
- You must have the correct encryption keys to connect to the instance remotely.
- You must have enough bandwidth to connect to the instance.
- You must use MFA authentication to be able to connect to the instance remotely.
- Only increment, since decrement are inherently impossible with DynamoDB's data model.
- No, neither increment nor decrement operations.
- Yes, both increment and decrement operations.
- Only decrement, since increment are inherently impossible with DynamoDB's data model.
You nave multiple Amazon EC2 instances running in a cluster across multiple Availability Zones within the same region. What combination of the following should be used to ensure the highest network performance (packets per second), lowest latency, and lowest jitter? (Choose 3 answers)
- Amazon EC2 placement groups.
- Enhanced networking.
- Amazon PV AMI.
- Amazon HVM AMI.
- Amazon Linux.
- Amazon VPC.
If an Amazon EBS volume is the root device of an instance, can I detach it without stopping the instance?
- Yes but only if Windows instance.
- Yes.
- No.
- Yes but only if a Linux instance.
True or False: When you add a rule to a DB security group, you do not need to specify port number or protocol.
- Depends on the ROMS used.
- True.
- False.
- Create a copy of the EBS volume (not a snapshot).
- Store a snapshot of the volume.
- Download the content to an EC2 instance
- Back up the data in to a physical disk.
An accountant asks you to design a small VPC network for him and, due to the nature of his business, just needs something where the workload on the network will be low, and dynamic data will be accessed infrequently. Being an accountant, low cost is also a major factor. Which EBS volume type would best suit his requirements?
- Magnetic.
- Any, as they all perform the same and cost the same.
- General Purpose (SSD).
- Magnetic or Provisioned IOPS (SSD).
Uur company currently has a 2-tier web application running in an on-premises data center. You have experienced several infrastructure failures in the past two months resulting in significant financial losses. Your CIO is strongly agreeing to move the application to AWS. While working on achieving buy-in from the other company executives, he asks you to develop a disaster recovery plan to help improve Business continuity in the short term. He specifies a target Recovery Time Objective (RTO) of 4 hours and a Recovery Point Objective (RPO) of 1 hour or less. He also asks you to implement the solution within 2 weeks. Your database is 200GB in size and you have a 20Mbps Internet connection. How would you do this while minimizing costs?
- Create an EBS backed private AMI which includes a fresh install of your application. Develop a CloudFormation template which includes your AMI and the required EC2, AutoScaling, and ELBresources to support deploying the application across Multiple- Availability-Zones. Asynchronously replicate transactions from your on-premises database to a database instance in AWS across a secure VPN connection.
- Deploy your application on EC2 instances within an Auto Scaling group across multiple availability zones. Asynchronously replicate transactions from your on-premises database to a database instance in AWS across a secure VPN connection.
- Create an EBS backed private AMI which includes a fresh install of your application. Setup a script in your data center to backup the local database every 1 hour and to encrypt and copy the resulting file to an S3 bucket using multi-part upload.
- Install your application on a compute-optimized EC2 instance capable of supporting the application's average load. Synchronously replicate transactions from your on-premises database to a database instance in AWS across a secure Direct Connect connection.
A customer implemented AWS Storage Gateway with a gateway-cached volume at their main office. An event takes the link between the main and branch office offline. Which methods will enable the branch office to access their data? (Choose 3 answers)
- Use a HTTPS GET to the Amazon S3 bucket where the files are located.
- Restore by implementing a lifecycle policy on the Amazon S3 bucket.
- Make an Amazon Glacier Restore API ca ll to load the files into another Amazon S3 bucket within four to six hours.
- Launch a new AWS Storage Gateway instance AMI in Amazon EC2, and restore from a gateway snapshot.
- Create an Amazon EBS volume from a gateway snapshot, and mount it to an Amazon EC2 instance.
- Launch an AWS Storage Gateway virtual iSCSI device at the branch office, and restore from a gateway snapshot.
Your customer is willing to consolidate their log streams (access logs application logs security logs etc.) in one single system. Once consolidated, the customer wants to analyze these logs in real time based on heuristics. From time to time, the customer needs to validate heuristics, which requires going back to data samples extracted from the last 12 hours. What is the best approach to meet your customer's requirements?
- Send all the log events to Amazon SQS, setup an Auto Scaling group of EC2 servers to consume the logs and apply the heuristics.
- Send all the log events to Amazon Kinesis develop a client process to apply heuristics on the logs.
- Configure Amazon Cloud Trail to receive custom logs, use EMR to apply heuristics the logs.
- Setup an Auto Scaling group of EC2 syslogd servers, store the logs on S3 use EMR to apply heuristics on the logs.
- No.
- Only for EC2 not S3.
- Yes.
- Only for S3 not EC.
You are configuring your company's application to use Auto Scaling and need to move user state information. Which of the following AWS services provides a shared data store with durability and lowlatency?
- AWS ElastiCache Memcached.
- Amazon Simple Storage Service.
- Amazon EC2 instance storage.
- Amazon DynamoDB.
Your company previously configured a heavily used, dynamically routed VPN connection between your on-premises data center and AWS. You recently provisioned a DirectConnect connection and would like to start using the new connection. After configuring DirectConnect settings in the AWS Console, which of the following options win provide the most seamless transition for your users?
- Delete your existing VPN connection to avoid routing loops configure your DirectConnect router with the appropriate settings and verity network traffic is leveraging DirectConnect.
- Configure your DirectConnect router with a higher 8GP priority man your VPN router, verify network traffic is leveraging Directconnect and then delete your existing VPN connection.
- Update your VPC route tables to point to the DirectConnect connection configure your DirectConnect router with the appropriate settings verify network traffic is leveraging DirectConnect and then delete the VPN connection.
- Configure your DirectConnect router, update your VPC route tables to point to the DirectConnect connection, configure your VPN connection with a higher BGP pointy. And verify network traffic is leveraging the DirectConnect connection.
If I modify a DB Instance or the DB parameter group associated with the instance, should I reboot the instance for the changes to take effect?
- Yes.
- No.
After setting up several database instances in Amazon Relational Database Service (Amazon RDS) you decide that you need to track the performance and health of your databases. How can you do this?
- Subscribe to Amazon RDS events to be notified when changes occur with a DB instance, DB snapshot, DB parameter group, or DB security group.
- Use the free Amazon CloudWatch service to monitor the performance and health of a DB instance.
- All of the items listed will track the performance and health of a database.
- View, download, or watch database log files using the Amazon RDS console or Amazon RDS APIs. You can also query some database log files that are loaded into database tables.
You deployed your company website using Elastic Beanstalk and you enabled log file rotation to S3. An Elastic MapReduce job is periodically analyzing the logs on S3 to build a usage dashboard that you share with your CIO. You recently improved overall performance of the website using CloudFront for dynamic content delivery and your website as the origin. After this architectural change, the usage dashboard shows that the traffic on your website dropped by an order of magnitude. How do you fix your usage dashboard?
- Enable CloudFront to deliver access logs to S3 and use them as input of the Elastic MapReduce job.
- Turn on Cloud Trail and use trail log tiles on S3 as input of the Elastic MapReduce job.
- Change your log collection process to use Cloud Watch ELB metrics as input of the Elastic Map Reduce job.
- Use Elastic Beanstalk 'Rebuild Environment' option to update log delivery to the Elastic Map Reduce job.
- Use Elastic Beanstalk 'Restart App server(s)' option to update log delivery to the Elastic Map Reduce job.
A customer has a 10 GB AWS Direct Connect connection to an AWS region where they have a web application hosted on Amazon Elastic Computer Cloud (EC2). The application has dependencies on an on-premises mainframe database that uses a BASE (Basic Available. Sort stale Eventual consistency) rather than an ACID (Atomicity. Consistency isolation. Durability) consistency model. The application is exhibiting undesirable behavior because the database is not able to handle the volume of writes. How can you reduce the load on your on-premises database resources in the most cost-effective way?
- Use an Amazon Elastic MapReduce (EMR) S3DistCp as a synchronization mechanism between the on-premises database and a Hadoop cluster on AWS.
- Modify the application to write to an Amazon SQS queue and develop a worker process to flush the queue to the on-premises database.
- Modify the application to use DynamoDB to feed an EMR cluster which uses a map function to write to the on-premises database.
- Provision an RDS read-replica database on AWS to handle the writes and synchronize the two databases using Data Pipeline.
You are very concerned about security on your network because you have multiple programmers testing APIs and SDKs and you have no idea what is happening. You think CloudTrail may help but are not sure what it does. Which of the following statements best describes the AWS service CloudTrail?
- With AWS CloudTrail you can get a history of AWS API calls and related events for your account.
- With AWS CloudTrail you can get a history of IAM users for your account.
- With AWS CloudTrail you can get a history of S3 logfiles for your account.
- With AWS CloudTrail you can get a history of CloudFormation JSON scripts used for your account.
- partial permissions.
- full permissions.
- no permissions.
Amazon S3 allows you to set per-file permissions to grant read and/or write access. However you have decided that you want an entire bucket with 100 files already in it to be accessible to the public. You don't want to go through 100 files individually and set permissions. What would be the best way to do this?
- Move the bucket to a new region.
- Add a bucket policy to the bucket.
- Move the files to a new bucket.
- Use Amazon EBS instead of S3.
You are designing an SSUTLS solution that requires HTTPS clients to be authenticated by the Web server using client certificate authentication. The solution must be resilient. Which of the following options would you consider for configuring the web server infrastructure? (Choose 2 answers)
- Configure ELB with TCP listeners on TCP/4d3. And place the Web servers behind it.
- Configure your Web servers with EIPS Place the Web servers in a Route 53 Record Set and configure health checks against all Web servers.
- Configure ELB with HTTPS listeners, and place the Web servers behind it.
- Configure your web servers as the origins for a CloudFront distribution. Use custom SSL certificates on your CloudFront distribution.
- Storing BLOB data.
- Managing web sessions.
- Storing JSON documents.
- Storing metadata for Amazon S3 objects.
- Running relational joins and complex updates.
- Storing large amounts of infrequently accessed data.
You have been asked to set up a database in AWS that will require frequent and granular updates. You know that you will require a reasonable amount of storage space but are not sure of the best option. What is the recommended storage option when you run a database on an instance with the above criteria?
- Amazon S3.
- Amazon EBS.
- AWS Storage Gateway.
- Amazon Glacier.
An application hosted at the EC2 instance receives an HTTP request from ELB. The same request has an X-Forwarded-For header, which has three IP addresses. Which system's IP will be a part of this header?
- Previous Request IP address.
- Client IP address.
- All of the answers listed here.
- Load Balancer IP address.
An organization has developed a mobile application which allows end users to capture a photo on their mobile device, and store it inside an application. The application internally uploads the data to AWS S3. The organization wants each user to be able to directly upload data to S3 using their Google ID. How will the mobile app allow this?
- Use the AWS Web identity federation for mobile applications, and use it to generate temporary security credentials for each user.
- It is not possible to connect to AWS S3 with a Google I
- Create an IAM user every time a user registers with their Google ID and use IAM to upload files to S3.
- Create a bucket policy with a condition which allows everyone to upload if the login ID has a Google part to it.
- 40.
- 20.
- 50.
- 10.
You need to set up a security certificate for a client's e-commerce website as it will use the HTTPS protocol. Which of the below AWS services do you need to access to manage your SSL server certificate?
- AWS Directory Service.
- AWS Identity & Access Management.
- AWS CloudFormation.
- Amazon Route 53.
After setting up a Virtual Private Cloud (VPC) network, a more experienced cloud engineer suggests that to achieve low network latency and high network throughput you should look into setting up a placement group. You know nothing about this, but begin to do some research about it and are especially curious about its limitations. Which of the below statements is wrong in describing the limitations of a placement group?
- Although launching multiple instance types into a placement group is possible, this reduces the likelihood that the required capacity will be available for your launch to succeed.
- A placement group can span multiple Availability Zones.
- You can't move an existing instance into a placement group.
- A placement group can span peered VPCs.
True or False: When you perform a restore operation to a point in time or from a DB Snapshot, a new DB Instance is created with a new endpoint.
- True.
- False.
- Less redundancy for a lower cost.
- It doesn't exist in Amazon S3, but in Amazon EBS.
- It allows you to destroy any copy of your files outside a specific jurisdiction.
- It doesn't exist at all.
You are setting up your first Amazon Virtual Private Cloud (Amazon VPC) so you decide to use the VPC wizard in the AWS console to help make it easier for you. Which of the following statements is correct regarding instances that you launch into a default subnet via the VPC wizard?
- Instances that you launch into a default subnet receive a public IP address and 10 private IP addresses.
- Instances that you launch into a default subnet receive both a public IP address and a private IP address.
- Instances that you launch into a default subnet don't receive any ip addresses and you need to define them manually.
- Instances that you launch into a default subnet receive a public IP address and 5 private IP addresses.
For which of the following use cases are Simple Workflow Service (SWF) and Amazon EC2 an appropriate solution? (Choose 2 answers)
- Using as an endpoint to collect thousands of data points per hour from a distributed fleet of sensors.
- Managing a multi-step and multi-decision checkout process of an e-commerce website.
- Orchestrating the execution of distributed and auditable business processes.
- Using as an SNS (Simple Notification Service) endpoint to trigger execution of video transcoding jobs.
- Using as a distributed session store for your web application.
- General purpose T2.
- General purpose M3.
- Compute-optimized C4.
- Compute-optimized C3.
- Storage-optimized 12.
True or False: Without IAM, you cannot control the tasks a particular user or system can do and what AWS resources they might use.
- True.
- False.
- Elastic Linux Box.
- Encrypted Linux Box.
- Encrypted Load Balancing.
- Elastic Load Balancing.
A read only news reporting site with a combined web and application tier and a database tier that receives large and unpredictable traffic demands must be able to respond to these traffic fluctuations automatically. What AWS services should be used meet these requirements?
- Stateless instances for the web and application tier synchronized using Elasticache Memcached in an autoscaimg group monitored with CloudWatch. And RDSwith read replicas.
- Stateful instances for the web and application tier in an autoscaling group monitored with CloudWatch and RDS with read replicas.
- Stateful instances for the web and application tier in an autoscaling group monitored with CloudWatch and multi-AZ RDS.
- Stateless instances for the web and application tier synchronized using ElastiCache Memcached in an autoscaling group monitored with CloudWatch and multi-AZ RDS.
- Key pairs are used only for Amazon SDKs.
- Key pairs are used only for Amazon EC2 and Amazon CloudFront.
- Key pairs are used only for Elastic Load Balancing and AWS IA.
- Key pairs are used for all Amazon services.
- A service by this name doesn't exist. Perhaps you mean Amazon CloudCache.
- A virtual server with a huge amount of memory.
- A managed In-memory cache service.
- An Amazon EC2 instance with the Memcached software already pre-installed.
- Resource-based and Product-based.
- Product-based and Service-based.
- Service-based.
- User-based and Resource-based.
In AWS CloudHSM, in addition to the AWS recommendation that you use two or more HSM appliances in a high-availability configuration to prevent the loss of keys and data, you can also perform a remote backup/restore of a Luna SA partition if you have purchased a:
- Luna Restore HS.
- Luna Backup HS.
- Luna HS.
- Luna SA HS.
An organization has a statutory requirement to protect the data at rest for the S3 objects. Which of the below mentioned options need not be enabled by the organization to achieve data security?
- MFA delete for S3 objects.
- Client side encryption.
- Bucket versioning.
- Data replication.
Your company is in the process of developing a next generation pet collar that collects biometric information to assist families with promoting healthy lifestyles for their pets Each collar will push 30kb of biometric data in JSON format every 2 seconds to a collection platform that will process and analyze the data providing health trending information back to the pet owners and veterinarians via a web portal Management has tasked you to architect the collection platform ensuring the following requirements are met. Provide the ability for real-time analytics of the inbound biometric data. Ensure processing of the biometric data is highly durable. Elastic and parallel. The results of the analytic processing should be persisted for data mining. Which architecture outlined below win meet the initial requirements for the collection platform?
- Utilize S3 to collect the inbound sensor data analyze the data from S3 with a daily scheduled Data Pipeline and save the results to a Redshift Cluster.
- Utilize Amazon Kinesis to collect the inbound sensor data, analyze the data with Kinesis clients and save the results to a Red shift cluster using EMR.
- Utilize SQS to collect the inbound sensor data analyze the data from SQS with Amazon Kinesis and save the results to a Microsoft SQL Server RDS instance.
- Utilize EMR to collect the inbound sensor data, analyze the data from EUR with Amazon Kinesis and save me results to Dynamo DB.
Which of the following approaches provides the lowest cost for Amazon Elastic Block Store snapshots while giving you the ability to fully restore data?
- Maintain two snapshots: the original snapshot and the latest incremental snapshot.
- Maintain a volume snapshot; subsequent snapshots will overwrite one another
- Maintain a single snapshot the latest snapshot is both Incremental and complete.
- Maintain the most current snapshot, archive the original and incremental to Amazon Glacier.
You have a video transcoding application running on Amazon EC2. Each instance pol ls a queue to find out which video should be transcoded, and then runs a transcoding process. If this process is interrupted, the video will be transcoded by another instance based on the queuing system. You have a large backlog of videos which need to be transcoded and would like to reduce this backlog by adding more instances. You will need these instances only until the backlog is reduced. Which type of Amazon EC2 instances should you use to reduce the backlog in the most cost efficient way?
- Reserved instances.
- Spot instances.
- Dedicated instances.
- On-demand instances.
- It allows to integrate on-premises IT environments with Cloud Storage.
- A direct encrypted connection to Amazon S3.
- It's a backup solution that provides an on-premises Cloud storage.
- It provides an encrypted SSL endpoint for backups in the Cloud.
You have recently joined a startup company building sensors to measure street noise and air quality in urban areas. The company has been running a pilot deployment of around 100 sensors for 3 months each sensor uploads 1KB of sensor data every minute to a backend hosted on AWS. During the pilot, you measured a peak or 10 IOPS on the database, and you stored an average of 3GB of sensor data per month in the database. The current deployment consists of a load-balanced auto scaled Ingestion layer using EC2 instances and a PostgreSQL RDS database with 500GB standard storage. The pilot is considered a success and your CEO has managed to get the attention or some potential investors. The business plan requires a deployment of at least lOOK sensors which needs to be supported by the backend. You also need to store sensor data for at least two years to be able to compare year over year Improvements. To secure funding, you have to make sure that the platform meets these requirements and leaves room for further scaling. Which setup win meet the requirements?
- Add an SQS queue to the ingestion layer to buffer writes to the RDS instance.
- Ingest data into a DynamoDB table and move old data to a Redshift cluster.
- Replace the RDS instance with a 6 node Redshift cluster with 96TB of storage.
- Keep the current architecture but upgrade RDS storage to 3TB and lOK provisioned IOPS.
After a major security breach your manager has requested a report of all users and their credentials in AWS. You discover that in IAM you can generate and download a credential report that lists all users in your account and the status of their various credentials, including passwords, access keys, MFA devices, and signing certificates. Which following statement is incorrect in regards to the use of credential reports?
- Credential reports are downloaded XML files.
- You can get a credential report using the AWS Management Console, the AWS CLI, or the IAM API.
- You can use the report to audit the effects of credential lifecycle requirements, such as password rotation.
- You can generate a credential report as often as once every four hours.
- 30 minutes.
- 1 hour.
- 12 hours.
- 10 minutes.
- May be performed by AWS, and will be performed by AWS upon customer request.
- May be performed by AWS, and is periodically performed by AWS.
- Are expressly prohibited under all circumstances.
- May be performed by the customer on their own instances with prior authorization from AWS.
- May be performed by the customer on their own instances, only if performed from EC2 instances.
- Exadata Database Machine, Optimized Storage Management, Flashback Technology, and Data Warehousing.
- Instances, Amazon Machine Images (AMIs), Key Pairs, Amazon EBS Volumes, Firewall, Elastic IP address, Tags, and Virtual Private Clouds (VPCs).
- Real Application Clusters (RAC), Elasticache Machine Images (EMIs), Data Warehousing, Flashback Technology, Dynamic IP address.
- Exadata Database Machine, Real Application Clusters (RAC), Data Guard, Table and Index Partitioning, and Data Pump Compression.
True or False: If you add a tag that has the same key as an existing tag on a DB Instance, the new value overwrites the old value.
- True.
- False.
You decide that you need to create a number of Auto Scaling groups to try and save some money as you have noticed that at certain times most of your EC2 instances are not being used. By default, what is the maximum number of Auto Scaling groups that AWS will allow you to create?
- 12.
- Unlimited.
- 20.
- 2.
After moving an E-Commerce website for a client from a dedicated server to AWS you have also set up auto scaling to perform health checks on the instances in your group and replace instances that fail these checks. Your client has come to you with his own health check system that he wants you to use as it has proved to be very useful prior to his site running on AWS. What do you think would be an appropriate response to this given all that you know about auto scaling?
- It is not possible to implement your own health check system. You need to use AWSs health check system.
- It is not possible to implement your own health check system due to compatibility issues.
- It is possible to implement your own health check system and then send the instance's health information directly from your system to Cloud Watch.
- It is possible to implement your own health check system and then send the instance's health information directly from your system to Cloud Watch but only in the US East (Virginia) region.
You've been brought in as solutions architect to assist an enterprise customer with their migration of an e-commerce platform to Amazon Virtual Private Cloud (VPC) The previous architect has already deployed a 3-tier VPC, The configuration is as follows. VPC: vpc-2f8bc447. IGW: igw-2d8bc445. NACL: ad-208bc448. 5ubnets and Route Tables: Web servers: subnet-258bc44d. Application servers: subnet-248bc44c. Database servers: subnet-9189c6f9. Route Tables: rrb-218bc449, rtb-238bc44b. Associations: subnet-258bc44d: rtb-218bc449, subnet-248bc44c: rtb-238bc44b, subnet-9189c6f9: rtb-238bc44b. You are now ready to begin deploying EC2 instances into the VPC Web servers must have direct access to the internet Application and database servers cannot have direct access to the internet. Which configuration below will allow you the ability to remotely administer your application and database servers, as well as allow these servers to retrieve updates from the Internet?
- Create a bastion and NAT instance in subnet-258bc44d, and add a route from rtb- 238bc44b to the NAT instance.
- Add a route from rtb-238bc44b to igw-2d8bc445 and add a bastion and NAT instance within subnet-248bc44c.
- Create a bastion and NAT instance in subnet-248bc44c, and add a route from rtb- 238bc44b to subnet-258bc44d.
- Create a bastion and NAT instance in subnet-258bc44d, add a route from rtb-238bc44b to lgw- 2d8bc445, and a new NACL that allows access between subnet-258bc44d and subnet -248bc44c.
After deciding that EMR will be useful in analysing vast amounts of data for a gaming website that you are architecting you have just deployed an Amazon EMR Cluster and wish to monitor the cluster performance. Which of the following tools cannot be used to monitor the cluster performance?
- Kinesis.
- Ganglia.
- CloudWatch Metrics.
- Hadoop Web Interfaces.
A/An [...] is the concept of allowing (or disallowing) an entity such as a user, group, or role some type of access to one or more resources.
- user.
- AWS Account.
- resource.
- permission.
You are running a successful multitier web application on AWS and your marketing department has asked you to add a reporting tier to the application. The reporting tier will aggregate and publish status reports every 30 minutes from user-generated information that is being stored in your web application s database. You are currently running a Multi-AZ RDS MySQL instance for the database tier. You also have implemented Elasticache as a database caching layer between the application tier and database tier. Please select the answer that will allow you to successful ly implement the reporting tier with as little impact as possible to your database.
- Continually send transaction logs from your master database to an S3 bucket and generate the reports off the S3 bucket using S3 byte range requests.
- Generate the reports by querying the synchronously replicated standby RDS MySQL instance maintained through Multi-AZ.
- Launch a RDS Read Replica connected to your Multi-AZ master database and generate reports by querying the Read Replica.
- Generate the reports by querying the ElastiCache database caching tier.
- Only via API.
- Only via Console.
- Yes.
- No.
- 3306.
- 443.
- 80.
- 1158.
In the 'Detailed ' monitoring data available for your Amazon EBS volumes, Provisioned IOPS volumes automatically send [...] minute metrics to Amazon CloudWatch.
- 5.
- 2.
- 1.
- 3.
A user has deployed an application on his private cloud. The user is using his own monitoring tool. He wants to configure it so that whenever there is an error, the monitoring tool will notify him via SMS. Which of the below mentioned AWS services will help in this scenario?
- AWS SES.
- AWS SNS.
- None because the user infrastructure is in the private cloud.
- AWS SMS.
- A global Content Delivery Network.
- None of these.
- A scalable Domain Name System.
- An SSH endpoint for Amazon EC2.
The AWS CloudHSM service defines a resource known as a high-availability (HA) [...], which is a virtual partition that represents a group of partitions, typically distributed between several physical HSMs for high-availability.
- proxy group.
- partition group.
- functional group.
- relational group.
- per second used in the hour.
- per minute used.
- by combining partial segments into full hours.
- as full hours.
- 5.
- 20.
- 50.
- 10.
True or False: When using IAM to control access to your RDS resources, the key names that can be used are case sensitive. For example, aws: CurrentTime is NOT equivalent to AWS: currenttime.
- True.
- False.
You need to create a JSON-formatted text file for AWS CloudFormation. This is your first template and the only thing you know is that the templates include several major sections but there is only one that is required for it to work. What is the only section required?
- Mappings.
- Outputs.
- Resources.
- Conditions.
A user wants to use an EBS-backed Amazon EC2 instance for a temporary job. Based on the input data, the job is most likely to finish within a week. Which of the following steps should be followed to terminate the instance automatically once the job is finished?
- Configure the EC2 instance with a stop instance to terminate it.
- Configure the EC2 instance with ELB to terminate the instance when it remains idle.
- Configure the Cloud Watch alarm on the instance that should perform the termination action once the instance is idle.
- Configure the Auto Scaling schedule activity that terminates the instance after 7 days.