AWS SA Cert Q&A

Question 1

A client application requires operating system privileges on a relational database server. What’s an appropriate configuration for a highly available database architecture?

Answer 1

Amazon EC2 instances in a replication configuration utilizing two different Availability zones

Question 2

You have been tasked with choosing a datastore to persist GPS coordinates for a new app. The service needs consistent, single-digit-millisecond latency at any scale. Which AWS service meets your requirements?

Answer 2

Amazon DynamoDB

Question 3

Your company IT policy prohibits employees from handling application credentials. Any credentials must be rotated at least monthly. You plan to deploy a new application on Amazon EC2 instances in an Auto Scaling group within a VPC. The application must access objects within an Amazon S3 bucket. The application will leverage an Amazon SDK. Which approach meets these requirements?

Answer 3

Launch the Amazon EC2 instances with an IAM role that has access privileges to the amazon S3 bucket

Question 4

A company has configured and peered two VPCs: VPC-1 and VPC-2. VPC-1 contains only private subnets, and VPC-2 CONTAINS only public subnets. The company uses a single AWS Direct Connect connection and private virtual interface to connect their on premises network with VPC-1. Which two methods increases the fault tolerance of the connection to VPC-1?

Answer 4

Establish a hardware VPN over the Internet between VPC-1 and the on-premises network

Establish a new AWS Direct Connect connection and a private virtual interface IN the same AWS region as VPC-1

Question 5

Which of the following requires a custom CloudWatch metric to monitor?

Answer 5

Memory Utilization of an EC2 instance

Question 6

An application on an Amazon EC2 instance routinely stops responding to requests and requires a reboot to recover. The application logs are already exported into Amazon CloudWatch, and you notice that the problem consistently follows the appearance of a specific message in the log. The application team is working to address the bug, but has not provided a date for the fix. What work around can you implement to automate recovery of the instance until the fix is deployed?

Answer 6

Create an Amazon CloudWatch alarm on an Amazon CloudWatch Logs filter for that message; based on that alarm, trigger an Amazon CloudWatch action to reboot the instance

Question 7

When creation of an EBS snapshot is initiated, but not completed, the EBS volume

Answer 7

Can be used while the snapshot is in progress

Question 8

Your company’s IT policies mandate that all critical data must be duplicated in two physical locations at least 200 miles apart. Which storage option meets this requirement?

Answer 8

One Amazon S3 bucket

Question 9

You are designing a high performance computing (HPC) cluster. You will lauch 20 Amazon EC2 r3.2xlarge instances into a placement group. You need the highest packet-per-second performance and lowest latency for your application. Which configuration should you use?

Answer 9

Assign a minimum of two elastic network interfaces per Amazon EC2 Instance

OR

Enable enhanced networking on all the Amazon EC2 instances

Question 10

Which services can invoke AWS Lambda functions (2)?

Answer 10

Amazon SNS

Amazon DynamoDB

Question 11

Which of the following does AWS own under the shared security responsibility mode (select 3)?

Answer 11

Physical security of AWS data centers and facilities

Patching of Amazon Elastic Compute Cloud hypervisors

Decommissioning storage devices at end of life

Question 12

Your organization needs to ingest a big data stream into their data lake on Amazon S3. The data may stream in at a rate of hundreds of megabytes per second.
What AWS service will accomplish the goal with the least amount of management?

Answer 12

Amazon Kinesis Firehose

Question 13

You have a distributed application that periodically processes large volumes of data across multiple Amazon EC2 instances. The application is designed to recover gracefully from Amazon EC2 instance failures. You are required to accomplish this task in the most cost-effective way. Which of the following will meet your requirements?

Answer 13

Spot Instances

Question 14

Your Amazon RDS MySQL DB instance runs on the largest available instance type. The DB instance runs at near capacity for CPU and network bandwidth. You expect traffic to increase and are looking for ways you can continue to scale your database.
Which strategies allow you to continue to scale and take on more traffic (select 2)?

Answer 14

Create an Amazon ElastiCache cluster:configure the app to retrieve frequently accessed data and queries from the cache

Create a read replica of the master database in another Availability Zone :configure the app to send read-only calls to the replica

Question 15

Which of the following are characteristics of a reserved instance? (select 3)

Answer 15

It CAN BE USED to lower Total Cost of Ownership (TCO) of a system

It is specific to an Instance Type

It CAN BE applied to instances launched by Auto Scaling

Question 16

Which security functions are based on AWS STS? (Select 2)

Answer 16

Granting cross-account access with IAM roles

Authenticating IAM user by using access keys

Question 17

You are trying to use SSH to connect from your laptop an Amazon EC2 instance over the Internet. You cannot establish a connection. Why?

Answer 17

The network ACL is set to deny all outbound TCP traffic to your laptop IP address

Question 18

Your company has separate AWS account for development and production. Each developer is assigned an IAM user in the development account. Developers occasionally need to access the production account to roll out changes to that environment. How do they do this if your company does not allow the creation of IAM users in the production account?

Answer 18

Create an IAM role in the production account. Allow IAM users in the development account to assume the role

Question 19

Which of the following are characteristics of Amazon VPC subnets? (select 2)

Answer 19

Each subnet maps to a single Availability Zone

By default all subnets can route between each other,whether they are private or public

Question 20

A customer is leveraging Amazon Simple Storage Service in eu-west-1 to store static content for a web-based property. The customer is storing objects using the Standard Storage class. Where are the customer’s objects replicated?

Answer 20

Multiple facilities in eu-west-1

Question 21

You have been asked to design a fault-tolerant and scalable web application across three Availability zones. The presentation logic will reside on web servers behind an ELB classic Load Balancer, and the application logic will reside on a set of app servers behind a second load balancer.
How should you use Auto Scaling groups?

Answer 21

Deploy two auto scaling groups: one for the web servers in all availability zones and one for the app servers in all availability zones

Question 22

You are launching an application in an Auto Scaling group. To store the user session state, you need a structured storage service with durability and low latency. Which service meets your needs?

Answer 22

Amazon elasticache

Question 23

You have an application running on an Amazon ec2 instance that uploads 4-gb video objects to amazon s3. Video uploads are taking longer than expected, resulting in poor application performance.
Which action can help improve the upload performance?

Answer 23

Use amazon s3 multi-part upload

Question 24

After creating a new IAM user which of the following must be done before they can successfully make API calls?

Answer 24

Create a set of access keys for the user

Question 25

You’ve been tasked with choosing a datastore to persist GPS coordinates for a new app. The service needs consistent, single-digit-millisecond latency at any scale. In order to support future growth, the datastore must also support cross-region replication. Which AWS service meets your requirements?

Answer 25

Amazon dynamodb

Question 26

Your company runs an application that generates several thousand 1-gb reports a month. Approximately 10% of these reports will be accessed once during the first 30 days and must be available on demand. After 30 days, reports are no longer accessed as a part of normal business processes but must be retained for compliance reasons. Which architecture would meets these requirements with the lowest cost?

Answer 26

Upload the reports to amazon s3 standard storage class.Set a lifecycle configuration on the bucket to transition the reports to Amazon Glacier after 30 days OR Upload the reports to amazon s3 standard-infrequent access storage class.Set a lifecycle configuration on the bucket to transition the reports to Amazon glacier after 30 days

Question 27

You are designing a scalable web application with stateless web servers. Which service or feature is well suited to store user session information?

Answer 27

Amazon dynamodb

Question 28

A company has a workflow that uploads video files from their data center to AWS for transcoding. They use Amazon EC2 worker instances that pull transcoding jobs from SQS. Why is SQS an appropriate service for this scenario?

Answer 28

SQS decouples the transcoding task from the upload

Question 29

Which of the following services natively encrypts data at rest within an AWS region? (select 2)

Answer 29

AWS storage gateway Amazon glacier

Question 30

Per the AWS Acceptable Use Policy, penetration testing of EC2 instances:

Answer 30

May be performed by the customer on their own instances with prior authorization from AWS

Question 31

You have a CloudFront distribution configured with the following path patterns: a) static1/* -> an s3 bucket in us-east-1 b) * -> an ELB in us-east-1 c) static2/* -> an S3 bucket in us-west-2 When users request objects that start with ‘static2/’. they are receiving 404 response codes.. What might be the problem?

Answer 31

The ‘*’path pattern must appear after the ‘static2/*’ path.

Question 32

You are running a mobile media application and are considering API Gateway for the client entry point. What benefits would this provide? (Select TWO)

Answer 32

Intrusion prevention Throttling traffic

Question 33

You have been asked to architect a life system for user’s home directories. The solution must be accessible simultaneously to individuals across an organization. Users and groups must have permissions defined at the file or directory level. What AWS service can meet all of these requirements?

Answer 33

Amazon EFS

Question 34

Your Auto Scaling group is configured to launch one new Amazon EC2 instance if the overall CPU load exceeds 65% over a five-minute interval. Occasionally, the Auto Scaling group launches a second Amazon EC2 instance before the first is operational. The second instance is not required and introduces needless compute costs. How can you prevent the Auto Scaling group from lauching the second instance?

Answer 34

Add a scaling-specific cooldown period to the scaling policy

Question 35

You’re building an API backend available at services.your company.com. The API is implemented with API Gateway and Lambda. You successfully tested the API curl. You implemented javaScript to call the API from a webpage on your corporate website www.yourcompany.com . When you access that page in your browser, you get the following error: “The same origin policy disallows reading the remote resource” How can you allow your corporate webpages to invoke the API ?

Answer 35

Enable CORS in the API Gateway

Question 36

You have a Cassandra cluster running in private subnets in an Amazon VPC. A new application in a different Amazon VPC needs access to the database. How can the new application access the database?

Answer 36

Set up a VPC peering connection between the two Amazon VPCs

Question 37

A company is preparing to give AWS Management Console access to developers. Company policy mandates identity federation and role-based access control. Roles are currently assigned using groups in the corporate Active Directory. What combination of the following will give developers access to the AWS console? (Select TWO)

Answer 37

AWS Directory Service AD Connector AWS Identity and Access Management roles

Question 38

A client application requires operating system privileges on relational database server. What is an appropriate configuration for a highly available database architecture?

Answer 38

Amazon EC2 instances in a replication configuration utilizing two different Availability Zones

Question 39

You need to pass a custom script to new Amazon Linux instances created in your Auto Scaling group. Which feature allows you to accomplish this?

Answer 39

User data

Question 40

An Auto-Scaling group spans 3 AZs and currently has 4 running EC2 instances. When Auto Scaling needs to terminate an EC2 instance, by default AutoScaling will: (Select 2)

Answer 40

Terminate an instance in the AZ which currently has 2 running EC2 instances Send an SNS notification if configured to do so

Question 41

Which of the following notification endpoints or clients are supported by Amazon Simple Notification Service? (select two)

Answer 41

Email Simple Network Management Protocol

Question 42

Your application currently stores data on an unencrypted EBS volume. A new security policy mandates that all data must be encrypted at rest How can you encrypt the data?

Answer 42

Create a snapshot of the volume.Make an encrypted copy of the snapshot.Create a new volume from the new snapshot.Replace the volume

Question 43

You are running a web application with four Amazon EC2 instances across two Availability Zones. The instances are in an Auto Scaling group behind an ELB Classic Load Balancer. A scaling event adds one instance to the group. After the event, you notice that, although all instances are serving traffic, some instances are serving more traffic than others. Which of the following could be the problem?

Answer 43

Cross-zone load balancing is not configured on the ELB Classic Load Balancer

Question 44

Which of the following are true regarding encrypted Amazon Elastic Block Store(EBS) volumes? (Select 2)

Answer 44

Supported on all Amazon EBS volume types Snapshots are automatically encrypted

Question 45

Your security team requires each Amazon ECS task to have an IAM policy that limits the task’s privileges to only those required for its use of AWS services. How can you achieve this?

Answer 45

Use IAM roles for Amazon ECS tasks to associate a specific IAM role with each ECS task definition

Question 46

You have created an API powered by API gateway and AWS Lambda. Because of a new feature release, you expect traffic volume on your API to increase 10-fold Which configuration should you use?

Answer 46

Use one Lambda function with API Gateway as the trigger.AWS Lambda will allocate capacity to match the rate of incoming events OR Use one Lambda function with API Gateway as the trigger.Increase the amount of memory configured for the Lambda function

Question 47

You bid $0.22 for an Amazon EC2 Spot Instance when the market price was $0.20. For 90 minutes, the market price remained at $0.20. Then the market price changed to $0.25, and your instance was terminated by AWS. What was your cost of running the instance for the entire duration?

Answer 47

$0.22

Question 48

A company is building software on AWS that requires access to various AWS services. Which configuration should be used to ensure that AWS credentials (i.e,Access Key ID/Secret Access Key combination) are not compromised?

Answer 48

Assign an IAM role to the Amazon EC2 instance

Question 49

Your application provides data transformation services. Files containing data to be transformed are first uploaded to Amazon S3 and then transformed by a fleet of spot EC2 instances. File submitted by your premium customers must be transformed with the highest priority. How should you implement such a system?

Answer 49

Use two SQS queues, one for high priority messages, the other for default priority. Transformation instances first poll the high priority queue; if there is no message, they poll the default priority queue

Question 50

You have been asked to design a NAT solution for your company ‘s VPC-based web application. Traffic from the private subnets varies throughout the day from 500Mbps to spikes of 7 Gbps. What is the most cost-effective and scalable solution?

Answer 50

Create a NAT gateway in a public subnet and route all private subnet Internet traffic through the NAT gateway

Question 51

A customer’s security team requires the logging of all network access attempts to Amazon EC2 instances in their production VPC on AWS. Which configuration will meet the security team’s requirement?

Answer 51

Enable VPC Flow Logs for the production VPC

Question 52

Which AWS services are valid origins for an Amazon CloudFront distribution? (Select 2)

Answer 52

ELB Classic Load Balancer Amazon S3

Question 53

You are running a Customer Relationship Management application and want to minimize costs. You need 400GB of disk space and 1000 IOPS, but occasionally up to 2000 IOPS Which EBS volume types should you choose?

Answer 53

General Purpose SSD

Question 54

A company is designing a hybrid IT architecture and requires a private connection between an on-premises data center and their virtual private cloud (VPC). Which of the following would enable the company to achieve this? (Select 2)

Answer 54

AWS Direct Connect VPN connection