Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS Solutions Architect > AWS Sample Questions > Flashcards

AWS Sample Questions Flashcards

1
Q

A company is storing an access key (access key ID and secret access key) in a text file on a custom AMI. The company uses the access key to access DynamoDB tables from instances created from the AMI. The security team has mandated a more secure solution.

Which solution will meet the security team’s mandate?

A. Put the access key in an S3 bucket, and retrieve the access key on boot from the instance.
B. Pass the access key to the instances through instance user data.
C. Obtain the access key from a key server launched in a private subnet.
D. Create an IAM role with permissions to access the table, and launch all instances with the new role.

A

D – IAM roles for EC2 instances allow applications running on the instance to access AWS resources
without having to create and store any access keys. Any solution involving the creation of an access key then introduces the complexity of managing that secret.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A company is developing a highly available web application using stateless web servers. Which
services are suitable for storing session state data? (Select TWO.)

A. CloudWatch
B. DynamoDB
C. Elastic Load Balancing
D. ElastiCache
E. Storage Gateway
A

B, D – Both DynamoDB and ElastiCache provide high performance storage of key-value pairs. CloudWatch and ELB are not storage services. Storage Gateway is a storage service, but it is a hybrid storage service that enables on-premises applications to use cloud storage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Company salespeople upload their sales figures daily. A Solutions Architect needs a durable storage solution for these documents that also protects against users accidentally deleting important documents.

Which action will protect against unintended user actions?

A. Store data in an EBS volume and create snapshots once a week.
B. Store data in an S3 bucket and enable versioning.
C. Store data in two S3 buckets in different AWS regions.
D. Store data on EC2 instance storage.

A

B – If a versioned object is deleted, then it can still be recovered by retrieving the final version. Response
A would lose any changes committed since the previous snapshot. Storing the data in 2 S3 buckets would provide slightly more protection, but a user could still delete the object from both buckets. EC2 instance storage is ephemeral and should never be used for data requiring durability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

An application requires a highly available relational database with an initial storage capacity of 8 TB.
The database will grow by 8 GB every day. To support expected traffic, at least eight read replicas will be required to handle database reads.

Which option will meet these requirements?

A. DynamoDB
B. Amazon S3
C. Amazon Aurora
D. Amazon Redshift

A

C – Amazon Aurora is a relational database that will automatically scale to accommodate data growth. Amazon Redshift does not support read replicas and will not automatically scale. DynamoDB is a NoSQL service, not a relational database. Amazon S3 is object storage, not a relational database.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A Solutions Architect is designing a critical business application with a relational database that runs on an EC2 instance. It requires a single EBS volume that can support up to 16,000 IOPS.

Which Amazon EBS volume type can meet the performance requirements of this application?

A. EBS Provisioned IOPS SSD
B. EBS Throughput Optimized HDD
C. EBS General Purpose SSD
D. EBS Cold HDD

A

A – EBS Provisioned IOPS SSD provides sustained performance for mission-critical low-latency workloads. EBS General Purpose SSD can provide bursts of performance up to 3,000 IOPS and have a maximum baseline performance of 10,000 IOPS for volume sizes greater than 3.3 TB. The 2 HDD options are lower cost, high throughput volumes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A web application allows customers to upload orders to an S3 bucket. The resulting Amazon S3 events trigger a Lambda function that inserts a message to an SQS queue. A single EC2 instance reads messages from the queue, processes them, and stores them in an DynamoDB table partitioned by unique order ID. Next month traffic is expected to increase by a factor of 10 and a Solutions Architect is reviewing the architecture for possible scaling problems.

Which component is MOST likely to need re-architecting to be able to scale to accommodate the new traffic?

A. Lambda function
B. SQS queue
C. EC2 instance
D. DynamoDB table

A

C – A single EC2 instance will not scale and is a single point of failure in the architecture. A much better solution would be to have EC2 instances in an Auto Scaling group across 2 availability zones read messages from the queue. The other responses are all managed services that can be configured to scale or will scale automatically.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

An application saves the logs to an S3 bucket. A user wants to keep the logs for one month for troubleshooting purposes, and then purge the logs.

What feature will enable this?

A. Adding a bucket policy on the S3 bucket.
B. Configuring lifecycle configuration rules on the S3 bucket.
C. Creating an IAM policy for the S3 bucket.
D. Enabling CORS on the S3 bucket.

A

B – Lifecycle configuration allows lifecycle management of objects in a bucket. The configuration is a set of one or more rules, where each rule defines an action for Amazon S3 to apply to a group of objects. Bucket policies and IAM define access to objects in an S3 bucket. CORS enables clients in one domain to interact with resources in a different domain.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

An application running on EC2 instances processes sensitive information stored on Amazon S3. The
information is accessed over the Internet. The security team is concerned that the Internet connectivity to Amazon S3 is a security risk.

Which solution will resolve the security concern?

A. Access the data through an Internet Gateway.
B. Access the data through a VPN connection.
C. Access the data through a NAT Gateway.
D. Access the data through a VPC endpoint for Amazon S3.

A

D – VPC endpoints for Amazon S3 provide secure connections to S3 buckets that do not require a
gateway or NAT instances. NAT Gateways and Internet Gateways still route traffic over the Internet to the public endpoint for Amazon S3. There is no way to connect to Amazon S3 via VPN.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

An organization is building an Amazon Redshift cluster in their shared services VPC. The cluster will host sensitive data.

How can the organization control which networks can access the cluster?

A. Run the cluster in a different VPC and connect through VPC peering.
B. Create a database user inside the Amazon Redshift cluster only for users on the network.
C. Define a cluster security group for the cluster that allows access from the allowed networks.
D. Only allow access to networks that connect with the shared services network via VPN.

A

C – A security group can grant access to traffic from the allowed networks via the CIDR range for each network. VPC peering and VPN are connectivity services and cannot control traffic for security. Amazon Redshift user accounts address authentication and authorization at the user level and have no control over network traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A Solutions Architect is designing an online shopping application running in a VPC on EC2 instances
behind an ELB Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The application tier must read and write data to a customer managed database cluster. There should be no access to the database from the Internet, but the cluster must be able to obtain software patches from the Internet.

Which VPC design meets these requirements?

A. Public subnets for both the application tier and the database cluster
B. Public subnets for the application tier, and private subnets for the database cluster
C. Public subnets for the application tier and NAT Gateway, and private subnets for the database cluster
D. Public subnets for the application tier, and private subnets for the database cluster and NAT Gateway

A

C – The online application must be in public subnets to allow access from clients’ browsers. The database
cluster must be in private subnets to meet the requirement that there be no access from the Internet. A NAT Gateway is required to give the database cluster the ability to download patches from the Internet. NAT Gateways must be deployed in public subnets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

You have five CloudFormation templates; each template is for a different application architecture. This architecture varies between your blog apps and your gaming apps. What determines the cost of using the CloudFormation templates?

A. The time it takes to build the architecture with Cloud Formation
B. Cloud Formation does not have any additional cost but you are charged for the underlying resources it builds.
C. 0.10$ per template per month
D. 0.1$ per template per month

A

B. Cloud Formation does not have any additional cost but you are charged for the underlying resources it builds.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following correctly applies to changing the DB subnet group of your DB instance?

A. An existing DB Subnet group can be updated to add more subnets for existing Availability Zones.
B. An existing DB group cannot be updated to add more subnets for new Availability Zones.
C. Removing subnets from an existing DB subnet group can cause unavailability.
D. Updating an existing DB subnet group of a deployed DB instance is not currently allowed.
E. Explicitly changing the DB Subnet group of a deployed DB instance is not currently allowed.

A

A. An existing DB Subnet group can be updated to add more subnets for existing Availability Zones.

C. Removing subnets from an existing DB subnet group can cause unavailability.

D. Updating an existing DB subnet group of a deployed DB instance is not currently allowed.

E. Explicitly changing the DB Subnet group of a deployed DB instance is not currently allowed.

An existing DB subnet group can be updated to add more subnets, either for existing Availability Zones, or for new Availability Zones added since the creation of the DB instance. Removing subnets from an existing DB subnet group can cause unavailability for instances.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

If you want to use an SSL protocol but do not want to terminate the connection on your load balancer, you can use a __________ protocol for connection from the client to your load balancer.

A. HTTP
B. TSL
C. HTTPS
D. TCP

A

D. TCP

If you want to use an SSL protocol but do not want to terminate the connection on your load balancer, you can use a TCP protocol for connection from the client to your load balancer. Use the SSL protocol for connection from the load balancer to your back-end application, and install certificates on all the back-end instances handling requests.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

You are building an automated transcription service in which “Amazon EC2 worker” instances process an uploaded audio file and generate a text file. You must store both of these files in the same durable storage until the text file is retrieved, but you do not know what the storage capacity requirements are. Which storage option is both cost-efficient and scalable?

A. Multiple Amazon EBS volume with snapshots
B. A single Amazon Glacier Vault
C. A single Amazon S3 bucket
D. Multiple instance stores

A

C. A single Amazon S3 bucket

Amazon S3 provides a cost effective, durable, and scalable storage option. It provides the developers the same highly scalable, reliable, fast, inexpensive data storage infrastructure that Amazon uses to run its own global network of websites.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following should be referred to if you want to map Amazon Elastic Block Store to an Amazon EC2 instance for AWS CloudFormation resources?

A. The logical IDs of the instance
B. Reference the logical IDs of both the block stores and the instance
C. Reference the physical IDs of the instance
D. Reference the physical IDs of the both the block stores and the instance

A

B. Reference the logical IDs of both the block stores and the instance

As part of the CloudFormation template, you need to build the JSON with all the required attributes. You need to refer the logical IDs of both the block stores and the instances in the resource section and configure according to your requirement. Whatever information you had provided on the console, you will have to simulate and provide the same attributes in the resource section per JSON format.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

In the event of a planned or an unplanned outage of your primary DB instance, Amazon RDS automatically switches to a standby replica in another Availability Zone if you have enabled_________.

A. More than one read replica
B. More than one write replica
C. Multiple Availability Zones
D. Multi Region Deployment

A

C. Multiple Availability Zones

In the event of a planned or unplanned outage of your primary DB instance, Amazon RDS automatically switches to a standby replica in another Availability Zone if you have enabled multi-Availability Zones.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which of the following approaches provides the lowest cost for Amazon elastic block store snapshots while giving you the ability to fully restore data?

A. Maintain two snapshots: the original snapshot and the latest incremental snapshot.
B. Maintain a volume snapshot; subsequent snapshots will overwrite one another.
C. Maintain a single snapshot; the latest snapshot is both incremental and complete.
D. Maintain the most current snapshot; archive the original and increment to Amazon Glacier.

A

A. Maintain two snapshots: the original snapshot and the latest incremental snapshot.

After writing data to an EBS volume, you can periodically create a snapshot of the volume to use as a baseline for new volumes or for data backup. If you make periodic snapshots of a volume, the snapshots are incremental which means only the blocks on the device that have changed after your last snapshot are saved in the new snapshot. Even though snapshots are saved incrementally, the snapshot deletion process is designed such that you need to retain only the most recent snapshot in order to restore the volume.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

You try to connect via SSH to a newly created Amazon EC2 instance and get one of the following error messages: ‘Network error: connection timed out” or “Error connecting to [instance], reason :-> Connection timed out: connect,’ you have confirmed that the network and security group rules are configured correctly and the instance is passing status checks. What steps should you take to identify the source of the behavior? (Select all that apply).

A. Verify that the private key file corresponds to the Amazon EC2 key pair assigned at launch.
B. Verify that your IAM user policy has permission to launch Amazon EC2 instances.
C. Verify that you are connecting with the appropriate username for your AMI.
D. Verify that the Amazon EC2 instance was launched with the proper IAM role.
E. Verify that your federation trust to AWS has been established.

A

A. Verify that the private key file corresponds to the Amazon EC2 key pair assigned at launch.

C. Verify that you are connecting with the appropriate username for your AMI.

D. Verify that the Amazon EC2 instance was launched with the proper IAM role.

For any EC2 instance, you need the correct key pair and the user account to log into the instance. Without these even AWS support team cannot access that instance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

In a VPC network, access control lists (ACLs) act as a firewall for associated subnets, controlling both inbound and outbound traffic at the __________ level.

A. Full VPC
B. Customer Gateway
C. EC2 instance
D. Subnet

A

D. Subnet

Amazon VPC provides two features that you can use to increase security for your VPC: security groups and ACL. Security groups act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the subnet level.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

You try to enable lifecycle policies on one of the S3 buckets created by you, but you are not able to do so on that particular bucket. What could be the reason?

A. Bucket is corrupted.
B. Versioning is not enabled on that bucket.
C. Bucket type is not correct.
D. Versioning is enabled on the bucket.

A

B. Versioning is not enabled on that bucket.

You can manage an object’s lifecycle by enabling lifecycle policies, which define how Amazon S3 manages objects during their lifetime. You need to enable bucket versioning to manage S3 lifecycle policies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

For Dynamodb, which of the following statements are correct? (Select all that apply).

A. By using proxy, it is not possible for a developer to achieve item level access control.
B. By using FGAC, it is possible for a developer to achieve item level access control.
C. By using Per-Client Embedded Token, it is possible for a developer to achieve item level access control.
D. By using secret key, it is possible for a developer to achieve item level access control.

A

A. By using proxy, it is not possible for a developer to achieve item level access control.
B. By using FGAC, it is possible for a developer to achieve item level access control.
C. By using Per-Client Embedded Token, it is possible for a developer to achieve item level access control.

Fine Grained Access Control (FGAC) gives a DynamoDB table owner a high degree of control over data in the table. Specifically, the table owner can indicate who (caller) can access which items or attributes of the table and perform what actions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Each EC2 instance has a default network interface that is assigned a primary private IP address on your Amazon VPC network. What is the name given to the additional network interfaces that can be created and attached to any Amazon EC2 instance in your VPC?

A. Elastic IP
B. Elastic Network Interface
C. AWS Elastic Interface
D. AWS Network ACL

A

B. Elastic Network Interface

An Elastic Network Interface (ENI) is a virtual network interface that you can attach to an instance in a VPC. An ENI can include a primary private IP address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

___________ is a task coordinator and state management service for cloud applications.

A. Amazon SWF
B. Amazon SNS
C. Amazon SQS
D. Amazon SES

A

A. Amazon SWF

Amazon Simple Workflow (Amazon SWF) is a task coordinator and state management service for cloud applications. With Amazon SWF, you can stop writing complex codes or invest in state machinery and business logic that makes your applications unique.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Which of the following IP address mechanisms are supported by ELB?

A. IPv4
B. IPv5
C. IPv6
D. IPv3

A

A. IPv4

C. IPv6

ELB supports both IPv4 and IPv6. IPv4 is the most widely used form of address. But with the boom of the Internet and connected devices IPv4 is running out of IP addresses; IPv6 is slowly replacing it as it has more IP addresses available.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

A ___________ is a physical device or software application on your side of the VPN connection.

A. Customer gateway
B. Gateway level
C. Gateway table
D. Virtual private gateway

A

A. Customer gateway

When you create a VPN connection, the VPN tunnel comes up when traffic is generated from your side of the VPN connection. The virtual private gateway is not the initiator; your customer gateway initiates the tunnels.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

You are currently hosting multiple applications in a VPC and have logged numerous port scans coming in from a specific IP address block. Your security team has requested that all access to the offending IP address block be denied for the next 24 hours. Which of the following is the best method to quickly and temporarily deny access to the specified IP address block?

A. Create an AD policy to modify Windows Firewall settings on all hosts in the VPC to deny access to the IP address block.
B. Modify the Network ACLs (NACLs) associated with all public subnets in the VPC to deny access from the IP address block.
C. Modify the Windows Firewall settings on all Amazon Machine Images (AMIs) which your organization uses in that VPC to deny access from the IP address block.

A

B. Modify the Network ACLs (NACLs) associated with all public subnets in the VPC to deny access from the IP address block.

AWS has implemented security layers at every level. As per OSI layers, you can restrict access at network level using NACL rules at VPC and below subnet levels. You can configure NACL rules to allow and deny the traffic. After crossing the network layer, if you still want to configure at the instance or resource level, you can configure it using security groups. Per the above context, you need to do it at the network level for a specific period and roll back the changes. You can do this at the network layer by altering allow/deny NACL rules.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Which ELB component is responsible for monitoring the Load Balancers?

A. Controller service
B. Load Balancer
C. Auto Scaling
D. Load Manager

A

A. Controller service

Elastic Load Balancing (ELB) consists of two components: the load balancers and the controller service. The load balancers monitor the traffic and handle requests that come in through the Internet. The controller service monitors the load balancers, adding and removing load balancers as needed and verifying that the load balancers are functioning properly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

An application hosted at the EC2 instances receives HTTP requests through the ELB. Each request has an X-Forwarded-For request header, having three IP addresses. Which of the following IP address will be a part of this header?

A. IP address of ELB
B. IP address of Forward Request
C. IP address of client
D. IP address of CloudWatch

A

C. IP address of client

The X-Forwarded-For request header helps you identify the IP address of a client when you use HTTP/HTTPS load balancer. Because load balancers intercept traffic between clients and servers, your server access logs contain only the IP address of the load balancer. Elastic Load Balancing stores the IP address of the client in the X-Forwarded-For request header and passes the header along to your server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

You have launched an instance in EC2-Classic and you want to make some change to the security group rule. How will these changes be effective?

A. Security group rules cannot be changed.
B. Changes are automatically applied to all instances that are associated with the security group.
C. Changes will be effective after rebooting the instances in that security group.
D. Changes will be effective after 24-hours.

A

B. Changes are automatically applied to all instances that are associated with the security group.

If you’re using EC2-Classic, you must use security groups created specifically for EC2-Classic. When you launch an instance in EC2-Classic, you must specify a security group in the same region as the instance. If you make any changes, they will be automatically applied to all instances that are associated with the security group.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

You have an application running on Amazon Web Services. The application has 4 EC2 instances in Availability Zone us-east-1c. You’re using Elastic Load Balancer to load balance traffic across your four instances. What changes would you make to create a fault tolerant architecture?

A. Create EBS backups to ensure data is not lost.
B. Move all four instances to a different Availability Zone.
C. Move two instances to another Availability Zone.
D. Use CloudWatch to distribute the load evenly.

A

C. Move two instances to another Availability Zone.

Elastic Load Balancer automatically distributes incoming application traffic across multiple Amazon Elastic Compute Cloud (Amazon EC2) instances. You can set up an elastic load balancer to load balance incoming application traffic across Amazon EC2 instances in a single Availability Zone or multiple Availability Zones. Elastic Load Balancing enables you to achieve greater fault tolerance in your applications and it also seamlessly provides the amount of load balancing capacity that is needed in response to incoming application traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

The load balancer does not distribute traffic across ________.

A. One Availability Zone
B. Domains
C. Availability Zones within a region
D. Regions

A

D. Regions

You can set up your Elastic Load Balancing to distribute incoming requests across EC2 instances in a single Availability Zone or multiple Availability Zones within a region. Your load balancer does not distribute traffic across regions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

In context of CloudFormation, which of the following information do you get from the AWS CloudFormation list-stacks Command?

A. A list of any of the stacks you have created.
B. A list of any of the stacks you have created or have deleted up to 90 days ago.
C. A list of any of the stacks that have been created or deleted up to 60 days ago.
D. A 90 days history list of all your activity on stacks.

A

B. A list of any of the stacks you have created or have deleted up to 90 days ago.

The AWS CloudFormation list-stacks command enables you to get a list of any of the stacks you have created (even those which have been deleted up to 90 days). You can use an option to filter results by stack status, such as CREATE_COMPLETE and DELETE_COMPLETE. The AWS CloudFormation list-stacks command returns summary information about any of the running or deleted stacks, including the name, stack identifier, template, and status.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

When you use the wizard in the console to create a VPC with a gateway, the wizard automatically __________ to use the gateway.

A. Updates the route tables
B. Updates the IP tables
C. Updates the protocol tables
D. Updates the IP tables and the protocol tables

A

A. Updates the route tables

When you use the wizard in the console to create a VPC with a gateway, the wizard automatically updates the route tables to use the gateway. If you’re using the command line tools or the API to set up your VPC, then you have to update the route tables yourself.

34
Q

You’ve created production architecture on AWS. It consists of one load balancer, one route53 domain, two Amazon S3 buckets, Auto Scaling policy, and Amazon CloudFront for content delivery. Your manager asks you to duplicate this architecture by using a JSON based template. Which of the following AWS service would you use to achieve this?

A. Amazon DynamoDB
B. Amazon Simple DB
C. Amazon CloudFormation
D. Amazon Bootstrap

A

C. Amazon CloudFormation

AWS CloudFormation gives developers and system administrators an easy way to create and manage a collection of related AWS resources; provisioning and updating them in an orderly and predictable fashion.

35
Q

You have configured a website www.abc.com and hosted it on WebLogic Server and you are using ELB with the EC2 instances for load balance. Which of the following would you configure to ensure that the EC2 instances accept requests only from ELB?

A. Configure the security group of EC2, which allows access to the ELB source security group.
B. Configure the EC2 instance so that it only listens on the ELB port.
C. Configure the security group of EC2, which allows access only to the ELB listener.
D. Open the port for an ELB static IP in the EC2 security group.

A

A. Configure the security group of EC2, which allows access to the ELB source security group.

A security group acts as a firewall that controls the traffic allowed into a group of instances. When you launch an Amazon EC2 instance, you can assign it to one or more security groups. For each security group, you can add rules that govern the allowed inbound traffic to instances in the group. By configuring the security group of EC2 you can ensure that the EC2 instances accept requests only from ELB.

36
Q

What does a ‘Domain” refer to in Amazon SWF?

A. Set of predefined fixed IP addresses
B. A Security group in which internal tasks can communicate with each other
C. A collection of related Workflows
D. A collection of related topics

A

C. A collection of related Workflows

Domains provide a way of scoping Amazon SWF resources within your AWS account. All the components of a workflow, such as the workflow type and activity types, must be specified in a domain. It is possible to have more than one workflow in a domain; however, workflows in different domains cannot interact with each other.

37
Q

A customer has a website which is accessible over the Internet and he wants to secure the communication and decides to implement HTTPS instead of HTTP. He has configured EC2 instance behind an ELB. Where should you configure the SSL certificate?

A. Not possible in AWS
B. SSL certificate will be installed at ELB and the listener port should be changed from 80 to 443 to allow the traffic to reach EC2
C. SSL certificate will be installed at EC2 and listener port should be changed from 80 to 443
D. SSL certificate will be installed at EC2 and listener port can remain at 443

A

B. SSL certificate will be installed at ELB and the listener port should be changed from 80 to 443 to allow the traffic to reach EC2

If you secure the communication, you will configure SSL certificates to allow HTTPS secure communication. You can configure and install SSL certificate on ELB in order to enable HTTPS traffic.

38
Q

You have created a custom configured Amazon instance using Linux, containing all your software and applications. If you want to use the same setup again, what is the best way to do it?

A. Create a backup copy of the EBS service
B. Create a backup of the EC2 instances only
C. Create a snapshot of the AMI only
D. Create an EBS Image (AMI)

A

D. Create an EBS Image (AMI)

The Amazon Linux AMI is a supported and maintained Linux image provided by Amazon Web services for use on Amazon Elastic Compute Cloud (Amazon EC2). It is designed to provide a stable, secure, and high performance execution environment for applications running on Amazon EC2. It also includes packages that enable easy integration with AWS, including launch configuration tools and many popular AWS libraries and tools.

39
Q

With regards to VPC, what is the default maximum number of virtual private gateways allowed per region?

A. 10
B. 15
C. 5
D. 1

A

C. 5

The default number of VPCs per region is 5. This limit can be increased upon request. The default number of subnets per VPC is 200. This limit can be increased upon request. The default number of Internet gateways per region is 5 and you can create as many internet gateways as your VPCs per region limit. Only one Internet gateway can be attached to a VPC at time.

40
Q

Elasticity is a fundamental property of the cloud. Which of the following best describes elasticity?

A. The power to scale computing resources up and down easily with minimal friction
B. Ability to create services without having to administer resources
C. Process by which scripts notify you of resource so you can fix them manually.
D. Power to scale computing resources up easily but not scale down.

A

A. The power to scale computing resources up and down easily with minimal friction

Elasticity can best be described as the power to scale computing resources up and down easily with minimal friction. Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides resizable compute capacity in the cloud. It is designed to make web-scale computing easier for developers.

41
Q

With regards to RDS, the standby should be in the same ______________ as the primary instance.

A. Availability Zone
B. Region
C. VPC
D. Subnet

A

B. Region

Your standby is automatically provisioned in a different Availability Zone of the same Region as your primary DB instance.

42
Q

AWS Identity and Access Management is available through which of the following interfaces?

A. AWS Management Console
B. Command line interface (CLI)
C. IAM QUERY API
D. Elastic Load Balancer
E. Cloud Formation
A

A. AWS Management Console
B. Command line interface (CLI)
C. IAM QUERY API

43
Q

Scalability is a fundamental property of a good AWS system. Which of the following best describes scalability on AWS?

A. Scalability is the concept of planning ahead for what maximum resources will be required and building your infrastructure based on that capacity plan.
B. The law of diminishing returns will apply to resources as they are increased with workload.
C. Increasing resources result in a proportional increase in performance.
D. Scalability is not a fundamental property of the cloud.

A

C. Increasing resources result in a proportional increase in performance.

Auto Scaling allows you to scale your Amazon EC2 capacity up or down automatically according to conditions you define. With Auto Scaling, you can ensure that the number of Amazon EC2 instances you’re using increases seamlessly during demand spikes to maintain performance.

44
Q

In CloudFront, if you add a CNAME for www.abc.com to your distribution, you also need to create (or update) a CNAME record with your DNS service to route queries for ___________.

A. www.abc.comto d111111abcdef8.cloudfront.com
B. d111111abcdef8.cloudfront.com to www.abc.com
C. www.abc.com to d111111abcdef8.cloudfront.net
D. d111111abcdef8.cloudfront.net to www.abc.com

A

C. www.abc.com to d111111abcdef8.cloudfront.net

You can specify one or more domain names that you want to use for URLs for objects instead of the domain name that CloudFront assigns when you create your distribution.

45
Q

Your manager has asked you to build a MongoDB replica set in the Cloud. Amazon Web Services does not provide a MongoDB service. How would you go about setting up the MongoDB replica set?

A. You have to build it on another data center.
B. Request AWS to add a Mongodb service.
C. Build the replica set using EC2 instances and manage the Mongodb instances yourself.
D. It is not possible to do it.

A

C. Build the replica set using EC2 instances and manage the Mongodb instances yourself.

MongoDB runs well on Amazon EC2. To deploy MongoDB on EC2 you can either set up a new instance manually or deploy a pre-configured AMI from the AWS Marketplace.

46
Q

Your company has an application that requires access to a NoSQL database. Your IT departments have no desire to manage the NoSQL servers. Which Amazon service provides a fully managed and highly available NoSQL service?

A. Elastic Map Reduce
B. Amazon RDS
C. Simple DB
D. DynamoDB

A

D. DynamoDB

DynamoDB is a fast, fully managed NoSQL database service that makes it simple and cost-effective to store and retrieve any amount of data, and serve any level of request traffic. Its guaranteed throughput and single-digit millisecond latency make it a great fit for gaming, advertising technology, mobile, and many other applications.

47
Q

How many requests per second can Amazon CloudFront handle?

A. 10,000
B. 100
C. 1000
D. 500

A

A. 10,000

48
Q

When you need to use CloudFront to distribute your content you need to create a distribution. You also need to specify the configuration settings. Which of the following configuration settings would you specify?

A. You can configure the environment variables.
B. You can specify the number of files that you can serve per distribution.
C. You can specify whether you want the files to be available to everyone or you want to restrict access to selected users.
D. You can specify your origin Amazon S3 bucket or HTTP server.

A

D. You can specify your origin Amazon S3 bucket or HTTP server.

When you want to use CloudFront to distribute your content, you create a distribution and specify configuration settings such as: Your origin, which is the Amazon S3 bucket or HTTP server from which CloudFront gets the files that it distributes. You can specify any combination of up to 10 Amazon S3 buckets and/or HTTP servers as your origins.

49
Q

You currently operate a web application in the AWS US-East region. The application runs on an auto-scaled layer of EC2 instances and an RDS Multi-AZ database. Your IT security compliance officer has tasked you to develop a reliable and durable logging solution to track changes made to your EC2, IAM, and RDS resources. The solution must ensure the integrity and confidentiality of your log data. Which of these solutions would you recommend?

A. Create a new Cloud Trail with one new S3 bucket to store the logs and with the global services option selected. Use IAM roles S3 bucket policies and Multi Factor Authentication (MFA) delete on the S3 bucket that stores your logs.
B. Create a new Cloud Trail with one new S3 bucket to store the logs. Configure SNS to send log file delivery notifications to your management system. Use IAM roles and S3 bucket policies on the S3 bucket that stores your logs.
C. Create a new Cloud Trail with an existing S3 bucket to store the logs and with the global services option selected. Use S3 ACLs and Multi Factor Authentication (MFA) delete on the S3 bucket that stores your logs.
D. Create three new Cloud trails with three new S3 buckets to store the logs-one for the AWS management console, one for AWS SDKs ,and one for command line tools. Use IAM roles and S3 bucket policies on the S3 buckets that store your logs.

A

A. Create a new Cloud Trail with one new S3 bucket to store the logs and with the global services option selected. Use IAM roles S3 bucket policies and Multi Factor Authentication (MFA) delete on the S3 bucket that stores your logs.

As Cloud Trail will be stored in S3, to avoid any delete you should enable IAM Role as well as MFA. If you decide to use an existing bucket, when you turn on Cloud Trail for a new region, you might receive the error that there is a problem with the bucket policy. CloudTrail allows you to track changes made to your EC2, IAM, and RDS resources.

50
Q

Which of the following metrics can have a CloudWatch Alarm?

A. RRS lost object
B. EC2 instance status Check Failed
C. EC2 CPU utilization
D .Auto Scaling group CPU utilization

A

B. EC2 instance status Check Failed
C. EC2 CPU utilization
D .Auto Scaling group CPU utilization

Amazon CloudWatch provides monitoring for AWS cloud resources and the applications customers run on AWS. Developers and system administrators can use it to collect and track metrics, gain insight, and react immediately to keep their applications and businesses running smoothly. Amazon CloudWatch monitors AWS resources such as Amazon EC2 and Amazon RDS DB instances, and can also monitor custom metrics generated by a customer’s applications and services.

51
Q

Which of the following payment options are associated with Reserved Instances?

A. Partial Upfront
B. No Upfront
C. Annual Upfront
D. All Upfront

A

A. Partial Upfront
B. No Upfront
D. All Upfront

Amazon EC2 Reserved Instances allow you to reserve Amazon EC2 computing capacity for 1 or 3 years, in exchange for a significant discount (up to 75%) compared to On-Demand instance pricing. You can choose between three payment options: All Upfront, Partial Upfront, and No Upfront. If you choose the Partial or No Upfront payment option, the remaining balance will be due in monthly increments over the term.

52
Q

You have a website www.abc.com which is used quite frequently. Therefore, you decide to use 50 EC2 instances, with two availability zones in two regions, each with 25 instances. However, while starting the servers, you are able to start only 20 servers and then the requests start failing. Why?

A. There is a limit of 20 EC2 instances in each region; you can request to increase the limit.
B. There is a limit of 20 EC2 instances in each availability zone, you can request to increase the limit.
C. You might have exhausted the free space available and need to select paid version of storage.
D. You cannot have more than one availability zone in a region.

A

A. There is a limit of 20 EC2 instances in each region; you can request to increase the limit.

Unless otherwise noted, there is a limit per region. You are limited to: running up to 20 on-demand instances, purchasing 20 reserved instances, and requesting 5 spot instances per region. New AWS accounts may start with limits that are lower than the limits described here. Certain instance types are further limited per region.

53
Q

www.picsee.com website has millions of photos and also thumbnails for each photo. Thumbnails can easily be reproduced from the actual photo. However, a thumbnail takes less space than actual photo. Which of the following is the best solution to store thumbnails?

A. S3
B. Reduced Redundancy Storage
C. DynamoDB
D. ElasticCache
E. Amazon Glacier
A

B. Reduced Redundancy Storage

Reduced Redundancy Storage(RRS) is an Amazon S3 storage option that enables customers to reduce their costs by storing noncritical, reproducible data at lower levels of redundancy that Amazon S3’s standard storage. It provides a cost effective, highly available solution for distributing or sharing content that is durably stored elsewhere, or for storing thumbnails, transcoded media, or the processed data that can be easily reproduced. The RRS option stores objects on multiple devices across multiple facilities, providing 400 times the durability of a typical disk drive, but does not replicate objects as many times as a standard Amazon S3 storage.

54
Q

You want your Hadoop job to be triggered based on the event notification of a file upload action. Which of the following components can help you implement this in AWS?

A. S3
B. SQS
C. SNS
D. EC2
E. IAM
A

A. S3
B. SQS
C. SNS

Amazon S3 can send event notifications when objects are uploaded to Amazon S3. Amazon S3 event notifications can be delivered using Amazon SQS or Amazon SNS, or sent directly to AWS Lambda, enabling you to trigger workflows, alerts, or other processing.

55
Q

www.dropbag.com is a website where you have file sharing and storing services like Google Drive and Google Dropbox. During the sync up from desktop you accidently deleted an important file. Which of the simple storage service will help you retrieve the deleted file?

A. Versioning in S3
B. Secured signed URLs for S3 data access
C. Don’t allow delete objects from S3 (only soft delete is permitted)
D. S3 Reduced Redundancy Storage.

A

A. Versioning in S3

Amazon S3 provides further protection with versioning capability. You can use versioning to preserve, retrieve, and restore every version of every object stored in your Amazon S3 bucket. This allows you to easily recover from both unintended user actions and application failures. By default, requests will retrieve the most recently written version.

56
Q

www.picnic.com is a photo and video hosting website and they have millions of users. Which of the following is a good solution for storing big data object, by reducing costs, scaling to meet demand, and increasing the speed of innovation?

A. AWS S3
B. AWS RDS
C. AWS Glaciers
D. AWS Redshift

A

A. AWS S3

Whether you’re storing multimedia files such as photos and videos or pharmaceutical files, or financial data Amazon S3 can be used as your big data object store. Amazon Web services offers a comprehensive portfolio of services to help you manage big data by reducing costs, scaling to meet demand, and increasing the speed of innovation.

57
Q

The Customer Experience manager comes to see you about some odd behaviors with the ticketing system: messages presented to the support team are not arriving in the order in which they were generated. You know that this is due to the way that the underlying SQS standard queue service is being used to manage messages. Which of the following are correct explanations? [Select 2]

A. SQS has been set up to prioritize messages in the queue based on keywords.
B. The staff are probably using the provided admin tools to amend the priority in the SQS queue based on their experience and insights about the issues.
C. If an agent abandons a message or takes a break before finishing with a message, it will be offered in the queue again, in order to ensure that no message is lost, a message will persist in the SQS queue until it is processed successfully.
D. SQS uses multiple hosts, and each host holds only a portion of all the messages. When a staff member call for their next message, the consumer process does not see all the hosts or all the messages. As such. messages were not necessarily delivered in the order in which they were generated.
E. As the SQS service get busy, some of the hosts will automatically swap from FIFO to LIFO to provide better workload balance and clearance rate.

A

C and D. With a Standard queue, delivery is “at-least-once”, and FIFO delivery is not guaranteed. If FIFO delivery is required, A FIFO queue should be used.

58
Q

With SAML-enabled single sign-on, ________. [Select 2]

A. After the client browser posts the SAML assertion, AWS sends the sign-in URL as a redirect, and the client browser is redirected to the console.
B. The portal first verifies the user’s identity in your organization, then generates a SAML authentication response.
C. The client browser is immediately directed to the AWS Console.
D. The portal acknowledges a SAML authentication response, then verifies the user’s identity in your organization.

A

A and B. To see the process by which federated users are granted access to the AWS console, please follow the link, below.

59
Q

Which of the below are factors that have helped make public cloud so powerful? [Select 2]

A. Traditional methods that are used for on-premise infrastructure work just as well in the cloud.
B. Not having to deal with the collateral damage of failed experiments.
C. The ability to try out new ideas and experiment without an upfront commitment.

A

B and C. Public cloud allows organisations to try out new ideas, new approaches and experiment with little upfront commitment. If it doesn’t work out, organisations have the ability to terminate the resources and stop paying for them.

60
Q

You work for a genomics company that is developing a cure for motor neuron disease by using advanced gene therapies. As a part of their research, they take extremely large data sets (usually in the terabytes) and analyze these data sets using Elastic Map Reduce. In order to keep costs low, they run the analysis for only a few hours in the early hours of the morning, using spot instances for the task nodes. The core nodes are on-demand instances. Lately however the EMR jobs have been failing. This is due to spot instances being unexpectedly terminated. Which of the following remedies would both keep costs manageable and mitigate the issues caused by terminated spot instances? [Select 2]

A. Increase the bid price for the core nodes.
B. Change the task nodes to on-demand instances
C. Increase the bid price for the task nodes so that you have a greater threshold before the task nodes are terminated.
D. Change the core nodes to spot instances and lower the spot price.

A

B and C. You should consider either increasing the bid price for the task nodes so that your nodes are not terminated or even converting the task nodes to on demand instances so as to ensure they are not prematurely terminated.

61
Q

A single m4.medium NAT instance inside a VPC supports a company of 100 people. This NAT instance allows individual EC2 instances in private subnets to communicate out to the internet without being directly accessible via the internet. As the company has grown over the last year, they are finding that the additional traffic through the NAT instance is causing serious performance degradation. What might you do to solve this problem?

A. Increase the class size of the NAT instance from an m4.medium to an m4.xLarge.
B. Use an Elastic Load Balancer and forward traffic out through this ELB. The ELB will automatically scale on-demand as traffic increases.
C. Attach an additional IGW to your VPC.
D. Instead of using a NAT, use Direct Connect to route all traffic through your VPC and back out to the internet.
A

A.

62
Q

Which of the following are a part of AWS’ Network and Content Delivery services? [Select 2]

A. RDS
B. VPC
C. CloudFront
D. EC2

A

B and C. VPC allows you to provision a logically isolated section of the AWS where you can launch AWS resources in a virtual network. Cloudfront is a fast, highly secure and programmable content delivery network (CDN). EC2 provides compute resources while RDS is Amazon’s Relational Database System.

63
Q

In AWS Route 53, which of the following are true? [Select 2]

A. Alias Records can point at any resources in AWS, but only within the same account.
B. Alias Records provide Route53-specific extension of DNS functionality.
C. Route53 allows you to create a CNAME record at the top node of a DNS namespace (zone apex)
D. Route53 allows you to create a CNAME record at the top node of a DNS namespace (zone apex).
E. Alias Records can point at any resource with a Canonical Name
F. A CNAME record assigns an Alias name to an IP address.

A

B and D. Alias Records have special functions that are not present in other DNS servers. Their main function is to provide special functionality and integration into AWS services. Unlike CNAME records, they can also be used at the Zone Apex, where CNAME records cannot. Alias Records can also point to AWS Resources that are hosted in other accounts by manually entering the ARN.

64
Q

You have been asked by your employer to create an identical copy of your production environment in another Region for disaster recovery purposes. In the list below, which AWS resources would you NOT need to recreate, because they are available universally across the console? [Select 2]

A. Identity Access Management Roles
B. Elastic Load Balancers
C. EC2 Key Pairs
D. Security Groups
E. Route53
A

A and E. EC2 Key Pairs, Security Groups, and ELBs are region-specific.

65
Q

When it comes to Security Groups within a custom VPC, which of the following statements are correct? [Select 2]

A. Security Groups are stateless.
B. Updates to security groups are not applied immediately, however they are applied within the hour in which they are made.
C. Security Groups are stateful.
D. Updates to Security Groups are applied immediately.

A

C and D. Security Groups are stateful and updates are applied immediately.

66
Q

Which of the below are storage services in AWS? [Select 2]

A. S3
B. EFS
C. EC2
D. VPC

A

A and B. S3 and EFS both provide the ability to store files in the cloud. EC2 provides compute, and is often augmented with other storage services. VPC is a networking service.

67
Q

Choose the features of Consolidated Billing. [Select 3]

A. A single bill is issued containing the charges for all AWS Accounts.
B. Multiple standalone accounts are combined and may reduce your overall bill.
C. Charging is based per VPC.
D. Account charges can be tracked individually.

A

A, B and D. Consolidated Billing is a feature of AWS Organisations. Once enabled and configured, you will receive a bill containing the costs and charges for all of the AWS accounts within the Organisation. Although each of the individual AWS accounts are combined into a single bill, they can still be tracked individually and the cost data can be downloaded in a separate file. Using Consolidated Billing may ultimately reduce the amount you pay, as you may qualify for Volume Discounts. There is no charge for using Consolidated Billing.

68
Q

You have been engaged as a consultant by a company that generates utility bills and publishes them online. PDF images are generated, then stored on a high-performance RDS instance. Customarily, invoices are viewed by customers once per month. Recently, the number of customers has increased threefold, and the wait-time necessary to view invoices has increased unacceptably. The CTO is unwilling to alter the codebase more than necessary this quarter, but needs to return performance to an acceptable level before the end-of-the-month print run. Which of the following solutions would you feel comfortable proposing to the CTO and GM? [Select 2]

A. Move the images to S3 to reduce Database IO.
B. Use CloudFront to accelerate presentation of the PDF images.
C. Move the metadata to a DynamoDB solution, permitting real-time scaling of Read IOPS to match demand.
D. Create RDS Read-Replicas and additional Web/App instances across all the available AZs.
E. Evaluate the risks and benefits associated with an RDS instance upgrade.
F. Install an ElastiCache cluster in front of the RDS installation.

A

D and E. Caching content is not always effective. Sometimes, optimal solutions cannot be achieved; so you need to figure out the next best way to keep the show going.

69
Q

You run a meme creation website that stores the original images in S3 and each meme’s metadata in DynamoDB. You need to decide upon a low-cost storage option for the memes, themselves. If a meme object is unavailable or lost, a Lambda function will automatically recreate it but at a $10 licensing cost per creation. Which storage solution should you use to store the memes in the most cost-effective way?

A. S3 OneZone - IA
B. S3 - IA
C. Glacier
D. S3 - RRS
E. S3
A

B. The Question describes a situation where low cost OneZone-IA would be perfect. However it also says that there is a high licence cost with each meme generation. The storage savings between IA and OneZone-IA are about $0.0025 this is small compared to the $10 for licensing. Therefore you may well be better to pay for full S3-IA.

70
Q

You work for a large software company in Seattle. They have their production environment provisioned on AWS inside a custom VPC. The VPC contains both a public and private subnet. The company tests their applications on custom EC2 instances inside a private subnet. There are approximately 500 instances, and they communicate to the outside world via a proxy server. At 3am every night, the EC2 instances pull down OS updates, which are usually 150MB or so. They then apply these updates and reboot: if the software has not downloaded within half an hour, then the update will attempt to download the following day. You notice that a number of EC2 instances are continually failing to download the updates in the allotted time. Which of the following answers might explain this failure? [Select 2]

A. The proxy server is on an inadequately sized EC2 instance and does not have sufficient network throughput to handle all updates simultaneously. You should increase the instance size or type of the EC2 instance for the proxy server.
B. The proxy server has only one elastic IP address added to it. To increase network throughput, you should add additional elastic IP addresses.
C. Your proxy server is blacklisting the address from which the updates are being downloaded, resulting in failed downloads.
D. The proxy server is in a private subnet and uses a NAT instance to connect to the internet. However, this instance is too small to handle the required network traffic. You should re-provision the NAT solution so that it’s able to handle the throughput.
E. The proxy server has an inadequately sized EBS volume attached to it. The network buffer is stored on the EBS volume, and it is running out of disk space when trying to buffer the 500 simultaneous connections. You should provision an EBS volume with provisioned IOPS.

A

A and D. Network throughput is the obvious bottleneck. You are not told in this question whether the proxy server is in a public or private subnet. If it is in a public subnet, the proxy server instance size itself may not be large enough to cope with the current network throughput. If the proxy server is in a private subnet, then it must be using a NAT instance or NAT gateway to communicate out to the internet. If it is a NAT instance, this may also be inadequately provisioned in terms of size. You should therefore increase the size of the proxy server and/or the NAT solution.

71
Q

You’re building out a single-region application in us-west-2. However, disaster recovery is a strong consideration, and you need to build the application so that if us-west-2 becomes unavailable, you can fail-over to us-west-1. Your application relies exclusively on pre-built AMI’s. In order to share those AMI’s with the region you’re using as a backup, which process would you follow?

A. Copy the AMI from us-west-2, manually apply launch permissions, user defined tags, and Amazon S3 bucket permissions of the default AMI to the new instance, and launch the instance.
B. Copy the AMI from us-west-2 to us-west-1 and launch as is.
C. Nothing, AMIs are specific to an account, and they can be used anywhere.
D. Create a new instance in us-west-1, making certain the instance in the failover region shares a security group with the instance in the default region.

A

A. AWS does not copy launch permissions, user-defined tags, or Amazon S3 bucket permissions from the source AMI to the new AMI.

72
Q

Which of the following are valid S3 data encryption options? [Select 4]

A. SSE-KMS
B. Server Side Encryption SSE-S3
C. Open SSL
D. SSE - C
E. A client library such as Amazon S3 Encryption Client.
A

A, B, D, and E. The valid ways of encrypting data on S3 are Server Side Encryption (SSE)-S3, SSE-C, SSE-KMS or a client library such as Amazon S3 Encryption Client.

73
Q

What is the maximum response time for a Business Level ‘production down’ Support Case?

A. 1 Day
B. 1 Hour
C. 15 Minutes
D. 12 Hours

A

B.

74
Q

When editing permissions (policies and ACLs), to whom does the concept of the “Owner” refer?

A. The Owner is the IAM user who created the object via the GUI, CLI, or API.
B. The “Owner” refers to the identity and email address used to create the AWS account.
C. The Owner is IAM Role used to create the object via th GUI, CLI, or API.
D. There is no special concept of “Owner:” in AWS.

A

B. The Owner concept comes into play especially when setting or locking down access to various objects.

75
Q

You work for a large media organization who has traditionally stored all their media on large SAN arrays. After evaluating AWS, they have decided to move their storage to the cloud. Staff will store their personal data on S3, and will have to use their Active Directory credentials in order to authenticate. These items will be stored in a single S3 bucket, and each staff member will have their own folder within that bucket named after their employee ID. Which of the following steps should you take in order to help set this up? [Select 3]

A. Create an IAM Role.
B. Create either a federation proxy or identity provider.
C. Create an IAM user for each member of staff and use their existing active directory password for the account.
D. Tag each folder with the staff
E. Use AWS security token service to create temporary tokens.

A

A, B, and E. You cannot tag individual folders within an S3 bucket. If you create an individual user for each staff member, there will be no way to keep their active directory credentials synched when they change their password. You should either create a federation proxy or identity provider and then use AWS security token service to create temporary tokens. You will then need to create the appropriate IAM role for which the users will assume when writing to the S3 bucket.

76
Q

You cannot tag individual folders within an S3 bucket. If you create an individual user for each staff member, there will be no way to keep their active directory credentials synched when they change their password. You should either create a federation proxy or identity provider and then use AWS security token service to create temporary tokens. You will then need to create the appropriate IAM role for which the users will assume when writing to the S3 bucket.

A. You should configure an AWS Direct Connect link between the VPC and the site with the on-premise solution.
B. You should configure your Elastic Load Balancer to act as a reverse proxy so that the EC2 instance can communicate back to the on-premise data center.
C. You should configure the VPC subnet in which the application sits so that it does not have an IP address range that conflicts with that of the on-premise VLAN in which the back end services sit.
D. You should attach an Elastic IP address to the VPC so that it will be able to communicate with the on-premise site.
E. You should ensure the VPC has an internet gateway attached to it. That way, you can establish a site to site VPN with the on-premise environment.

A

A, C, and E. You need to ensure that your application in your custom VPC can communicate back to the on-premise data center. You can do this by either using a site to site VPN or Direct Connect. It will be using an internal IP address range, so you must make sure that your internal IP addresses do not overlap.

77
Q

Your company provides an online image recognition service and uses SQS to decouple system components. Your EC2 instances poll the image queue as often as possible to keep end-to-end throughput as high as possible, but you realize that all this polling is resulting in both a large number of CPU cycles and skyrocketing costs. How can you reduce cost without compromising service?

A. Enable long polling by setting the ReceiveMessageWaitTimeSeconds to a number > 0.
B. Enable short polling by setting the ReceiveMessageWaitTimeSeconds to a number > 0.
C. Enable long polling by setting the ReceiveMessageWaitTimeMinutes to a number > 0.
D. Enable short polling by setting the ReceiveMessageWaitTimeMinutes to a number > 0.

A

A. SQS long polling doesnt return a response until a message arrives in the queue, reducing your overall cost over time. Short polling WILL return empty responses.

78
Q

Which of the following database technologies are supported by RDS. [Select 3]

A. DynamoDB
B. MariaDB
C. Aurora
D. Oracle
E. DB2
A

B,C, and D. RDS supports the MariaDB, PostgreSQL, MySQL, SQL Server, Oracle, and Aurora database engines.

79
Q

Which of the following are valid Route 53 routing policies? [Select 3]

A. Multitarget Answer
B. Shortest First
C. Simple
D. Latency
E. Complex
F. Weighted
A

C, D, and F. Route 53 has the following routing policies - Simple, Weighted, Latency, Failover, Multivalue answer, Geoproximity. and Geolocation.

80
Q

Which of the following data formats does Amazon Athena support? [Select 3]

A. Apache ORC
B. JSON
C. Apache Parquet
D.XML

A

A,B, and C. Amazon Athena is an interactive query service that makes it easy to analyse data in Amazon S3, using standard SQL commands. It will work with a number of data formats including “JSON”, “Apache Parquet”, “Apache ORC” amongst others, but “XML” is not a format that is supported.

81
Q

At the monthly product meeting, one of the Product Owners proposes an idea to address an immediate shortcoming of the product system: storing a copy of the customer price schedule in the customer record in the database. You know that you can store large text or binary objects in DynamoDB. You give a tentative OK to do a Minimal Viable Product test, but stipulate that it must comply with the size limitation on the Attribute Name & Value. Which is the correct limitation?

A. The Name must not exceed 64 KB and the Value must not exceed 400 KB.
B. The combined Value and Name must not exceed 255 KB.
C. The Name must not exceed 64 KB and the Value must not exceed 500 KB.
D. The Name must not exceed 64 KB and the Value must not exceed 255 KB.
E. The combined Value and Name must not exceed 400 KB.
F. The combined Value and Name must not exceed 500 KB.

A

E. DynamoDB allows for the storage of large text and binary objects, but there is a limit of 400 KB.

AWS Solutions Architect (16 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions