Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS Study Deck - SAA > Practice Exam - 2 > Flashcards

Practice Exam - 2 Flashcards

1
Q

Which EBS RAID configuration you will use when I/O performance is more important than fault tolerance; for example, as in a heavily used database (where data replication is already set up separately)?

  1. RAID 0
  2. RAID 1
  3. RAID 5
  4. RAID 6
A
  1. RAID 0
  2. RAID 1
  3. RAID 5
  4. RAID 6
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the reasons to enable cross region replication on your S3 buckets?

  1. Comply with compliance requirements
  2. Minimize latency
  3. Increase operational efficiency
  4. Maintain object copies under different ownership
  5. All of the above
A
  1. Comply with compliance requirements
  2. Minimize latency
  3. Increase operational efficiency
  4. Maintain object copies under different ownership
  5. All of the above
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

You purchased a t2.medium default tenancy Amazon Linux/Unix Reserved Instance in the US East (N. Virginia) region and you have two running t2.small instances in your account in that Region.

How will the reserved instance billing benefit applied?

  1. You will not get any benefit as you don’t have running instance type matching to reserved instance type bought.
  2. You will get benefit applied to usage of only one running t2.small.
  3. You will get benefit applied to usage of both running t2.small
  4. You will get benefit applied to 75% usage of both running t2.small
A
  1. You will not get any benefit as you don’t have running instance type matching to reserved instance type bought.
  2. You will get benefit applied to usage of only one running t2.small.
  3. You will get benefit applied to usage of both running t2.small
  4. You will get benefit applied to 75% usage of both running t2.small
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You are the solution architect for a media company which is planning to migrate on-premise applications to AWS. You are analyzing the workflows like video editing, studio production, broadcast processing, sound design, and rendering which uses an existing shared storage to process large files. Which Amazon service you will use that provides a:

  • strong data consistency model with high throughput
  • scale on demand to petabytes without disrupting applications
  • growing and shrinking automatically as you add and remove files
  • shared file access which can cut the time it takes to perform these jobs
  • ability to consolidate multiple local file repositories into a single location accessible by application deployed on multiple EC2 instances
  1. Amazon EFS
  2. Amazon EBS
  3. Amazon S3
  4. Amazon RDS
A
  1. Amazon EFS
  2. Amazon EBS
  3. Amazon S3
  4. Amazon RDS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Your company has an intranet application for employees to fill up their weekly timesheet. Usage pattern analysis depicts a surge in traffic on Friday evening and Wednesday evening from 4-6 pm. Which auto scaling policy would you use to add and remove instances?

  1. Schedule based auto scaling policy
  2. Demand based auto scaling policy
  3. Maintain current instance levels at all times
  4. Manual Scaling by specifying change in the max, min and desired capacity
A
  1. Schedule based auto scaling policy
  2. Demand based auto scaling policy
  3. Maintain current instance levels at all times
  4. Manual Scaling by specifying change in the max, min and desired capacity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are two ways that you can customize how AWS Global Accelerator sends traffic to your endpoints?

  1. Change the traffic dial to limit the traffic for one or more endpoint groups.
  2. Change the traffic dial to limit the traffic for endpoints in a group.
  3. Specify weights to change the proportion of traffic to the endpoint group.
  4. Specify weights to change the proportion of traffic to the endpoints in a group.
A
  1. Change the traffic dial to limit the traffic for one or more endpoint groups.
  2. Change the traffic dial to limit the traffic for endpoints in a group.
  3. Specify weights to change the proportion of traffic to the endpoint group.
  4. Specify weights to change the proportion of traffic to the endpoints in a group.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Your online gaming application gets steady traffic apart from first three days of month when you run promotion giving discounts and bonus points to gamers. During those three days the traffic triples because of new users joining and existing users playing more. Currently you have six instances on which your application runs. What is the cost effective way to plan your instances to handle this periodic traffic surge?

  1. Run 6 on demand instances then add 12 more on-demand only for first three days of the month
  2. Run 6 on demand instances then add 12 more as spot instances
  3. Use 18 reserved instances i.e. three time the normal demand all the time
  4. Run 6 reserved instance and then add 12 on demand instances for three days every month.
A
  1. Run 6 on demand instances then add 12 more on-demand only for first three days of the month
  2. Run 6 on demand instances then add 12 more as spot instances
  3. Use 18 reserved instances i.e. three time the normal demand all the time
  4. Run 6 reserved instance and then add 12 on demand instances for three days every month.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Select the features of Elastic Fabric Adapter (EFA)? Choose 3.

  1. Brings the scalability, flexibility, and elasticity of cloud to tightly-coupled High Performance Computing (HPC) applications and machine learning applications.
  2. Tightly-coupled HPC applications have access to lower and more consistent latency and higher throughput than traditional TCP channels, enabling them to scale better.
  3. Provide all ENA devices functionalities plus a new OS bypass hardware interface that allows user-space applications to communicate directly with the hardware-provided reliable transport functionality.
  4. EFA and ENA are same.
A
  1. Brings the scalability, flexibility, and elasticity of cloud to tightly-coupled High Performance Computing (HPC) applications and machine learning applications.
  2. Tightly-coupled HPC applications have access to lower and more consistent latency and higher throughput than traditional TCP channels, enabling them to scale better.
  3. Provide all ENA devices functionalities plus a new OS bypass hardware interface that allows user-space applications to communicate directly with the hardware-provided reliable transport functionality.
  4. EFA and ENA are same.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following are correct statements as when should you use Amazon FSx Windows File Servers vs. Amazon EFS vs. Amazon FSx for Lustre? Choose 3.

  1. For Windows-based applications, Amazon FSx provides fully managed Windows file servers with features and performance optimized for “lift-and-shift” business-critical application workloads including home directories (user shares), media workflows, and ERP applications via SMB protocol.
  2. If you have Linux-based applications, Amazon EFS is a cloud-native fully managed file system that provides simple, scalable, elastic file storage accessible from Linux instances via the NFS protocol.
  3. For compute-intensive and fast processing workloads, like high performance computing (HPC), machine learning, EDA, and media processing, Amazon FSx for Lustre, provides a file system that’s optimized for performance, with input and output stored on Amazon S3.
  4. If you have Windows-based applications, Amazon EFS is a cloud-native fully managed file system that provides simple, scalable, elastic file storage accessible from EC2 windows instances via the NFS protocol
A
  1. For Windows-based applications, Amazon FSx provides fully managed Windows file servers with features and performance optimized for “lift-and-shift” business-critical application workloads including home directories (user shares), media workflows, and ERP applications via SMB protocol.
  2. If you have Linux-based applications, Amazon EFS is a cloud-native fully managed file system that provides simple, scalable, elastic file storage accessible from Linux instances via the NFS protocol.
  3. For compute-intensive and fast processing workloads, like high performance computing (HPC), machine learning, EDA, and media processing, Amazon FSx for Lustre, provides a file system that’s optimized for performance, with input and output stored on Amazon S3.
  4. If you have Windows-based applications, Amazon EFS is a cloud-native fully managed file system that provides simple, scalable, elastic file storage accessible from EC2 windows instances via the NFS protocol
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You need to prevent users in specific countries from accessing your content stored in S3 and distributed through CloudFront. How can you achieve this?

  1. Use the S3 geo restriction feature.
  2. Use the CloudFront geo restriction feature.
  3. Use the CloudFront ip restriction feature.
  4. You cannot restrict the access based on countries.
A
  1. Use the S3 geo restriction feature.
  2. Use the CloudFront geo restriction feature.
  3. Use the CloudFront ip restriction feature.
  4. You cannot restrict the access based on countries.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

You have launched a new instance for a test environment using Amazon Linux 2, with a public DNS name that is reachable from the internet. You plan to use this server to deploy a dynamic PHP application that reads and writes information to a database. You did following procedures to install an Apache web server with PHP and MariaDB (a community-developed fork of MySQL) support on your Amazon Linux 2 instance (sometimes called a LAMP web server or LAMP stack).

  • Update the distribution software packages.
  • Installed the necessary web server, php, and mariadb packages.
  • Start httpd service and turned on via systemctl.
  • Add ec2-user to the apache group.
  • The appropriate ownership and file permissions are set for the web directory and the files contained within it. A simple web page is created to test the web server and PHP engine.

How can you automate the above steps when you launch instances for QA, Integration and production environment?

  1. Convert the tasks into a shell script and a set of cloud-init directives that executes when the instance launches using instance meta data.
  2. Convert the tasks into a shell script and a set of cloud-init directives that executes when the instance launches using user data.
  3. Convert the tasks into a shell script and a set of cloud-init directives that executes when the instance launches using AWS Config.
  4. Convert the tasks into a shell script and a set of cloud-init directives that executes when the instance launches using AWS CloudFormation.
A
  1. Convert the tasks into a shell script and a set of cloud-init directives that executes when the instance launches using instance meta data.
  2. Convert the tasks into a shell script and a set of cloud-init directives that executes when the instance launches using user data.
  3. Convert the tasks into a shell script and a set of cloud-init directives that executes when the instance launches using AWS Config.
  4. Convert the tasks into a shell script and a set of cloud-init directives that executes when the instance launches using AWS CloudFormation.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the main characteristics of two SSD based EBS volume? Choose 2.

  1. General purpose SSD volume balances price and performance for a wide variety of workloads
  2. Provisioned IOPS SSD is highest-performance SSD volume for mission-critical low-latency or high-throughput workloads
  3. Provisioned IOPS SSD volume balances price and performance for a wide variety of workloads
  4. General purpose is highest-performance SSD volume for mission-critical low-latency or high-throughput workloads
A
  1. General purpose SSD volume balances price and performance for a wide variety of workloads
  2. Provisioned IOPS SSD is highest-performance SSD volume for mission-critical low-latency or high-throughput workloads
  3. Provisioned IOPS SSD volume balances price and performance for a wide variety of workloads
  4. General purpose is highest-performance SSD volume for mission-critical low-latency or high-throughput workloads
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

You are the solution architect of a financial services company. You are planning to use Amazon SQS while designing a distributed trading application. Key functional requirements pertaining to message queue are: processing of the messages in a sequential order, message should be processed only once and there should not be duplicate messages in the queue. How will you ensure the above requirements? Choose 3 options.

  1. Use SQS Standard Queues.
  2. Use SQS FIFO queues.
  3. Use SWF FIFO.
  4. Enable content-based deduplication.
  5. Explicitly provide the message deduplication ID (or view the sequence number) for the message.
A
  1. Use SQS Standard Queues.
  2. Use SQS FIFO queues.
  3. Use SWF FIFO.
  4. Enable content-based deduplication.
  5. Explicitly provide the message deduplication ID (or view the sequence number) for the message.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

You have a blog site that is only used for a few minutes several times per day. You want to design the application on Serverless architecture so that you consume resources on usage basis. You also don’t want to compromise on scalability and performance. Which AWS services you will use? Choose 2

  1. Lambda
  2. Aurora Serverless
  3. S3
  4. RDS MySQL
A
  1. Lambda
  2. Aurora Serverless
  3. S3
  4. RDS MySQL
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Agrim uses S3 to store all his personal photos. He has a bucket name “personalgallery” in us-east-1 region. After he came back from a vacation in Alaska, he uploads all camera snaps in his laptop desktop folder “alaskaphotos”. The photos have file name photo1.jpg, photo2.jpg etc. He logs into his AWS account and opens the S3 console. He then drags the desktop folder “alaskaphotos” inside the “personalgallery” bucket to upload files. Which of the following is correct? Choose 2.

  1. All the snap files photo1.jpg, photo2.jpg etc. will be visible in the S3 console inside the main bucket folder “personalgallery”
  2. All the snap files photo1.jpg, photo2.jpg etc. will be visible in the S3 console inside another folder “alaskaphotos” under the main bucket folder “personalgallery”
  3. The key name of the photos files will be “photo1.jpg” “photo2.jpg” etc.
  4. The key name of the photos files will be “/alaskaphotos/photo1.jpg” “/alaskaphotos/photo2.jpg” etc.
A
  1. All the snap files photo1.jpg, photo2.jpg etc. will be visible in the S3 console inside the main bucket folder “personalgallery”
  2. All the snap files photo1.jpg, photo2.jpg etc. will be visible in the S3 console inside another folder “alaskaphotos” under the main bucket folder “personalgallery”
  3. The key name of the photos files will be “photo1.jpg” “photo2.jpg” etc.
  4. The key name of the photos files will be “/alaskaphotos/photo1.jpg” “/alaskaphotos/photo2.jpg” etc.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What protection AWS Shield provide?

  1. Block common attack patterns, such as SQL injection or cross-site scripting
  2. Protection against Distributed Denial of Service (DDoS) attacks
  3. Protection against In-Transit data spoofing
  4. Protection against EC2 hacking
  5. Protection against encryption key loss
A
  1. Block common attack patterns, such as SQL injection or cross-site scripting
  2. Protection against Distributed Denial of Service (DDoS) attacks
  3. Protection against In-Transit data spoofing
  4. Protection against EC2 hacking
  5. Protection against encryption key loss
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Your web application is hosted on EC2 instances inside a VPC. You are writing a shell scrip which will run in the instance based on following instance attributes: VPC id, Subnet id, private ip address, public ip address, security groups, public hostname. How will your script get this information?

  1. Using cURL to get instance meta data information from http://169.254.169.254/latest/user-data/
  2. Using Cloudtrail
  3. Using cURL to get instance meta data information from http://169.254.169.254/latest/meta-data/
  4. Using CloudWatch
A
  1. Using cURL to get instance meta data information from http://169.254.169.254/latest/user-data/
  2. Using Cloudtrail
  3. Using cURL to get instance meta data information from http://169.254.169.254/latest/meta-data/
  4. Using CloudWatch
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

How can you encrypt your Amazon RDS DB instances and snapshots at rest? Choose 2.

  1. No configuration required as Amazon RDS always encrypts the data at rest.
  2. You can encrypt data in RDS DB instance but cannot encrypt snapshots.
  3. Enabling the encryption option for your Amazon RDS DB instances while creation.
  4. While database creation supply the AWS KMS key identifier for your encryption key otherwise Amazon RDS uses your default encryption key for your new DB instance.
A
  1. No configuration required as Amazon RDS always encrypts the data at rest.
  2. You can encrypt data in RDS DB instance but cannot encrypt snapshots.
  3. Enabling the encryption option for your Amazon RDS DB instances while creation.
  4. While database creation supply the AWS KMS key identifier for your encryption key otherwise Amazon RDS uses your default encryption key for your new DB instance.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

John hosts his personal blog website as static website on S3. The bucket name he uses to store his website files is ‘west-bucket’ in ‘us-west-2’ region. The photos are uploaded under the main bucket folder using the S3 console. What is the url of john’s static website?

  1. A. http:// s3-us-west-2.amazonaws.com/ west-bucket
  2. B. http://west-bucket.s3-us-west-2.amazonaws.com/
  3. C. http://west-bucket.s3-website-us-west-2.amazonaws.com/
  4. D. http:// s3-website-us-west-2.amazonaws.com/west-bucket
A
  1. A. http:// s3-us-west-2.amazonaws.com/ west-bucket
  2. B. http://west-bucket.s3-us-west-2.amazonaws.com/
  3. C. http://west-bucket.s3-website-us-west-2.amazonaws.com/
  4. D. http:// s3-website-us-west-2.amazonaws.com/west-bucket
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Your solution architect has configured following scaling policy in the auto scaling group for your web server instances: Scaling policy to keep the average aggregate CPU utilization of your Auto Scaling group at 40 percent. Scaling policy to keep the request count per target of your Elastic Load Balancing target group at 1000 for your Auto Scaling group. Which type of dynamic scaling policy is this?

  1. Cloudwatch Scaling
  2. Target tracking scaling
  3. Step scaling
  4. Simple scaling
A
  1. Cloudwatch Scaling
  2. Target tracking scaling
  3. Step scaling
  4. Simple scaling
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What are the two types of Enhanced Networking Types?

  1. AMD 82599 Virtual Function (VF) interface
  2. Elastic Network Adapter (ENA)
  3. Intel 82599 Virtual Function (VF) interface
  4. Elastic Network Interface (ENI)
A
  1. AMD 82599 Virtual Function (VF) interface
  2. Elastic Network Adapter (ENA)
  3. Intel 82599 Virtual Function (VF) interface
  4. Elastic Network Interface (ENI)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

You are a solution architect for a global steel manufacturing company having plants across the globe. Recently an analytical and reporting application was launched in us-west region which involves each manufacturing plant uploading their weekly production data across the globe to a S3 bucket in us-west-1 region. The size of weekly production data file ranges from gigabytes to petabytes. After the first week of release feedback came from plants in countries other than US that they are experiencing slow upload times. How can you make the process of uploading the files to S3 faster?

  1. Use S3 multipart upload
  2. Change you design to first upload the data in region closest to the plan , then replicate it to us-west-1 central bucket using cross-region replication.
  3. Use S3 Transfer Acceleration
  4. Use Amazon Cloudfront
A
  1. Use S3 multipart upload
  2. Change you design to first upload the data in region closest to the plan , then replicate it to us-west-1 central bucket using cross-region replication.
  3. Use S3 Transfer Acceleration
  4. Use Amazon Cloudfront
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Your company has SaaS product which provides different kind of reports to various subscribed customers. The reports ranges from adhoc, daily and monthly on various metrics. This is resulting in very high read traffic to underlying Amazon RDS MySQL instance. What can you do to improve the performance without affecting the user experience?

  1. Ensure that underlying RDS MySQL instance is Multi-AZ enabled.
  2. Create a read replica for underlying RDS MySQL.
  3. Change the RDS instance from MySQL to PostgreSQL.
  4. Analyze and improve the performance of read queries.
A
  1. Ensure that underlying RDS MySQL instance is Multi-AZ enabled.
  2. Create a read replica for underlying RDS MySQL.
  3. Change the RDS instance from MySQL to PostgreSQL.
  4. Analyze and improve the performance of read queries.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

You are planning a strategy to migrate over 600 terabytes (TB) of data from on-premises storage system to Amazon S3 and Amazon EFS. You don’t want to use other AWS offline data transfer services. You need to move data from their on-premises storage to AWS via Direct Connect or VPN, without traversing the public internet, to further increase the security of the copied data. Which AWS service you will use?

  1. AWS Snowball
  2. AWS Snowball Edge
  3. AWS Snowmobile
  4. AWS DataSync
  5. AWS AppSync
A
  1. AWS Snowball
  2. AWS Snowball Edge
  3. AWS Snowmobile
  4. AWS DataSync
  5. AWS AppSync
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What are the different IAM Roles you have to create for your ECS to work properly? Choose 5.

  1. Amazon ECS Task Execution IAM Role
  2. Amazon ECS Container Instance IAM Role
  3. Amazon ECS Instance Agent IAM Role
  4. Amazon ECS CodeDeploy IAM Role
  5. Amazon ECS CloudWatch Events IAM Role
  6. Amazon ECS Cluster IAM Role
A
  1. Amazon ECS Task Execution IAM Role
  2. Amazon ECS Container Instance IAM Role
  3. Amazon ECS Instance Agent IAM Role
  4. Amazon ECS CodeDeploy IAM Role
  5. Amazon ECS CloudWatch Events IAM Role
  6. Amazon ECS Cluster IAM
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

You have on-premise distributed applications connected through message broker supporting JMS APIs and AMQP/ MQTT Protocols. You are planning to migrate the whole application portfolio to AWS and re-develop using native AWS services. Which AWS service should you use to replace the message broker architecture layer?

  1. Amazon Message Broker
  2. Amazon SQS
  3. Amazon SWF
  4. Amazon MQ
A
  1. Amazon Message Broker
  2. Amazon SQS
  3. Amazon SWF
  4. Amazon MQ
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

As a solution architect you want to ensure that Amazon Simple Storage Service (Amazon S3) buckets and objects are secure. The resources that needs to be private must be private. What are the ways to limit permission to Amazon S3 resources? Choose 4.

  1. Writing AWS Identity and Access Management (IAM) user policies that specify the users that can access specific buckets and objects.
  2. Writing bucket policies that define access to specific buckets and objects.
  3. Using Client side encryption
  4. Using Amazon S3 Block Public Access as a centralized way to limit public access.
  5. Using server side encryption
  6. Setting access control lists (ACLs) on your buckets and objects.
A
  1. Writing AWS Identity and Access Management (IAM) user policies that specify the users that can access specific buckets and objects.
  2. Writing bucket policies that define access to specific buckets and objects.
  3. Using Client side encryption
  4. Using Amazon S3 Block Public Access as a centralized way to limit public access.
  5. Using server side encryption
  6. Setting access control lists (ACLs) on your buckets and objects.
28
Q

Which of the following three statements are correct about VPC peering connections?

  1. Transitive peering relationships is supported.
  2. A VPC peering connection is a one to one relationship between two VPCs.
  3. A VPC can peer with multiple VPCs in one to many relationships.
  4. Transitive peering relationships are not supported.
A
  1. Transitive peering relationships is supported.
  2. A VPC peering connection is a one to one relationship between two VPCs.
  3. A VPC can peer with multiple VPCs in one to many relationships.
  4. Transitive peering relationships are not supported.
29
Q

You are creating a test web app based on serverless architecture. The main functionality of the app is to process the photos uploaded by the user and execute following steps:

  • Extract meta data such as geolocation, time, size, format.
  • create a thumbnail version
  • use image recognition to tag objects in the photo

Which AWS services you will use?

  1. Amazon S3, AWS Lambda, AWS Step Functions, Amazon Rekognition, Amazon DynamoDB
  2. Amazon S3, EC2, AWS Step Functions, Amazon Rekognition, Amazon DynamoDB
  3. Amazon RDS , EC2, AWS Step Functions, Amazon Rekognition, Amazon DynamoDB
  4. Amazon RDS, AWS Lambda, AWS Step Functions, Amazon Rekognition, Amazon DynamoDB
A
  1. Amazon S3, AWS Lambda, AWS Step Functions, Amazon Rekognition, Amazon DynamoDB
  2. Amazon S3, EC2, AWS Step Functions, Amazon Rekognition, Amazon DynamoDB
  3. Amazon RDS , EC2, AWS Step Functions, Amazon Rekognition, Amazon DynamoDB
  4. Amazon RDS, AWS Lambda, AWS Step Functions, Amazon Rekognition, Amazon DynamoDB
30
Q

Which are the features provided by Amazon Virtual Private Cloud that you can use to increase and monitor the security for your virtual private cloud (VPC)? Choose 3.

  1. Security groups
  2. Network access control lists (ACLs)
  3. Flow logs
  4. Cloudwatch
A
  1. Security groups
  2. Network access control lists (ACLs)
  3. Flow logs
  4. Cloudwatch
31
Q

You have a website www.example.com which has its static images stored in S3. The domain name of distribution you have created in the CloudFront for S3 as origin is: d111111abcdef8.cloudfront.net. You don’t want to use CloudFront domain name for your files. For example the URL for a file called /images/image.jpg will be: http://d111111abcdef8.cloudfront.net/images/image.jpg Your solution architect told you that you can use your own domain name, www.example.com, instead of the cloudfront.net domain name by adding ‘www.example.com ‘as an alternate domain name to your distribution setting. Which of the following steps are required to use alternate domain name? Choose 4.

  1. ‘www.example.com ‘should be registered domain name with Route 53 or another domain provider.
  2. Add a certificate from an authorized certificate authority (CA) to CloudFront that covers the ‘www.example.com ‘domain name to validate that you are authorized to use the domain.
  3. Update the ‘Alternate Domain Name (CNAME) ‘distribution settings field with ‘www.example.com’.
  4. There is no need to configure the DNS service for the domain to route traffic for the domain ‘www.example.com’, to the CloudFront domain name for your distribution ‘d111111abcdef8.cloudfront.net’.
  5. Configure the DNS service for the domain to route traffic for the domain ‘www.example.com’, to the CloudFront domain name for your distribution ‘d111111abcdef8.cloudfront.net’.
A
  1. ‘www.example.com ‘should be registered domain name with Route 53 or another domain provider.
  2. Add a certificate from an authorized certificate authority (CA) to CloudFront that covers the ‘www.example.com ‘domain name to validate that you are authorized to use the domain.
  3. Update the ‘Alternate Domain Name (CNAME) ‘distribution settings field with ‘www.example.com’.
  4. There is no need to configure the DNS service for the domain to route traffic for the domain ‘www.example.com’, to the CloudFront domain name for your distribution ‘d111111abcdef8.cloudfront.net’.
  5. Configure the DNS service for the domain to route traffic for the domain ‘www.example.com’, to the CloudFront domain name for your distribution ‘d111111abcdef8.cloudfront.net’.
32
Q

Which component of site to site VPN is on the AWS VPC side?

  1. Direct Connect
  2. Virtual Private Gateway
  3. AWS Transit Gateway
  4. Customer Gateway
A
  1. Direct Connect
  2. Virtual Private Gateway
  3. AWS Transit Gateway
  4. Customer Gateway
33
Q

The diagram below depicts the configuration in an AWS Organization setup for a company. Services whitelisted (allowed) for each group by the organization’s SCP are in filled circle, and IAM policies allowing access to particular services are in without filled circle. The IAM user Bob is part of the Dev OU, and the IAM policy associated with Bob allows full access to the Amazon S3 and Amazon EC2 services. The SCP associated with the Dev OU and Sales OU allows the use of the S3 service. David user doesn’t have any IAM policy attached to it. Which of the following statements are correct? Choose 2.

  1. Bob cannot use EC2.
  2. Bob can use EC2.
  3. David can access S3.
  4. David cannot access S3.
A
  1. Bob cannot use EC2.
  2. Bob can use EC2.
  3. David can access S3.
  4. David cannot access S3.
34
Q

Which two secondary indexes you can create on a DynamoDB table? Choose 2.

  1. Global secondary index – An index with a partition key and sort key that can be different from those on the table.
  2. Local secondary index – An index that has the same partition key as the table, but a different sort key.
  3. Global secondary index – An index with a partition key and sort key that can be same as those on the table.
  4. Local secondary index – An index that has the same partition key as the table, but two different sort key.
A
  1. Global secondary index – An index with a partition key and sort key that can be different from those on the table.
  2. Local secondary index – An index that has the same partition key as the table, but a different sort key.
  3. Global secondary index – An index with a partition key and sort key that can be same as those on the table.
  4. Local secondary index – An index that has the same partition key as the table, but two different sort key.
35
Q

What you must do to enable access to or from the internet for instances in a VPC subnet? Choose 4.

  1. Attach an internet gateway to your VPC.
  2. Attach a Transit Gateway or VPN Gateway to your VPC.
  3. Ensure that your subnet’s route table points to the internet gateway.
  4. Ensure that instances in your subnet have a globally unique IP address (public IPv4 address, Elastic IP address, or IPv6 address).
  5. Ensure that your network access control and security group rules allow the relevant traffic to flow to and from your instance.
A
  1. Attach an internet gateway to your VPC.
  2. Attach a Transit Gateway or VPN Gateway to your VPC.
  3. Ensure that your subnet’s route table points to the internet gateway.
  4. Ensure that instances in your subnet have a globally unique IP address (public IPv4 address, Elastic IP address, or IPv6 address).
  5. Ensure that your network access control and security group rules allow the relevant traffic to flow to and from your instance.
36
Q

AWS Trusted Advisor analyzes your environment on which of the following five categories?

  1. Cost Optimization
  2. Performance
  3. Security
  4. Reliability
  5. Fault Tolerance
  6. Service Limits
A
  1. Cost Optimization
  2. Performance
  3. Security
  4. Reliability
  5. Fault Tolerance
  6. Service Limits
37
Q

Which of the following two statements are correct about data archiving storage classes in S3? Choose 2.

  1. GLACIER—used for archives where portions of the data might need to be retrieved in minutes.
  2. DEEP_ARCHIVE —used for archives where portions of the data might need to be retrieved in minutes.
  3. GLACIER —Use for archiving data that rarely needs to be accessed.
  4. DEEP_ARCHIVE—Use for archiving data that rarely needs to be accessed.
A
  1. GLACIER—used for archives where portions of the data might need to be retrieved in minutes.
  2. DEEP_ARCHIVE —used for archives where portions of the data might need to be retrieved in minutes.
  3. GLACIER —Use for archiving data that rarely needs to be accessed.
  4. DEEP_ARCHIVE—Use for archiving data that rarely needs to be accessed.
38
Q

You run an online photo editing website for two type of members: free members and fee paying premium members. The set of editing requests and photos is placed asynchronously in a SQS queue which is then processed by EC2 instances in an auto scaling group. How can you modify the architecture to ensure that your premium members editing upload get higher request than free member photo uploads?

  1. Set the message timer attribute for free member’s message so that those category messages are delayed for processing
  2. Create two queues, one for premium members and one for free members editing task. EC2 processing program should poll premium member’s queue first and only if message request is empty then it should poll the free member’s queue.
  3. Set the priority in a message attribute and EC2 program will process the message accordingly.
  4. Create a separate delay queue for free member’s messages.
A
  1. Set the message timer attribute for free member’s message so that those category messages are delayed for processing
  2. Create two queues, one for premium members and one for free members editing task. EC2 processing program should poll premium member’s queue first and only if message request is empty then it should poll the free member’s queue.
  3. Set the priority in a message attribute and EC2 program will process the message accordingly.
  4. Create a separate delay queue for free member’s messages.
39
Q

Which of the following DynamoDB table partition key schemes will result in better provisioned throughput efficiency? Choose 2.

  1. User ID, where the application has many users.
  2. Status code, where there are only a few possible status codes.
  3. Item creation date, rounded to the nearest time period (for example, day, hour, or minute).
  4. Device ID, where each device accesses data at relatively similar intervals.
  5. Device ID, where even if there are many devices being tracked, one is by far more popular than all the others.
A
  1. User ID, where the application has many users.
  2. Status code, where there are only a few possible status codes.
  3. Item creation date, rounded to the nearest time period (for example, day, hour, or minute).
  4. Device ID, where each device accesses data at relatively similar intervals.
  5. Device ID, where even if there are many devices being tracked, one is by far more popular than all the others.
40
Q

You are the solution architect for a mortgage broker who has a web application running on an on-demand EC2 instance in a public subnet of VPC. The database servers are in the private subnet. This web application is for end customers to log in and check their application status. You are using security group to manage the user request reaching your instances in public and private subnet. Your IT monitoring team notice a brute force attack from an ip address outside the company network. How can you block the ip address so that request doesn’t reach your web servers?

  1. Create a rule in security group attached to web server instance to block the ip address.
  2. Create a rule in Network Access Control attached to web server instance to deny access to ip address.
  3. Move the web servers instance from public subnet to private subnet.
  4. Create a rule to block the ip address in the internet gateway.
A
  1. Create a rule in security group attached to web server instance to block the ip address.
  2. Create a rule in Network Access Control attached to web server instance to deny access to ip address.
  3. Move the web servers instance from public subnet to private subnet.
  4. Create a rule to block the ip address in the internet gateway.
41
Q

In your route 53 hosted zone, you have created two record sets associated with one DNS name—one with weight 3 and one with weight 1. Which of the following is true.

  1. 30% of the time Route 53 will return the record set with weight 1 and 10% of the time Route 53 will return the record set with weight 3
  2. 30% of the time Route 53 will return the record set with weight 3 and 10% of the time Route 53 will return the record set with weight 1
  3. 75% of the time Route 53 will return the record set with weight 1 and 25% of the time Route 53 will return the record set with weight 3
  4. 75% of the time Route 53 will return the record set with weight 3 and 25% of the time Route 53 will return the record set with weight 1
A
  1. 30% of the time Route 53 will return the record set with weight 1 and 10% of the time Route 53 will return the record set with weight 3
  2. 30% of the time Route 53 will return the record set with weight 3 and 10% of the time Route 53 will return the record set with weight 1
  3. 75% of the time Route 53 will return the record set with weight 1 and 25% of the time Route 53 will return the record set with weight 3
  4. 75% of the time Route 53 will return the record set with weight 3 and 25% of the time Route 53 will return the record set with weight 1
42
Q

You have created a VPC with public and private subnet with instances in both the subnet. To provide internet access to instances in private subnet you are using NAT gateway. The private subnet instance daily stores and fetches data from S3 which is nearly 1 TB of size every day. This request and data is passed through the NAT gateway. You notice in your month’s billing that this is one of the major cost as NAT gateway is billed both in Price per NAT gateway as $/hour as well as Price per GB data processed ($). How can you minimize the data transfer cost?

  1. There is no alternate way as instance in private subnet can access internet over NAT gateway only.
  2. Use VPC Gateway Endpoint which supports Amazon S3.
  3. Use Amazon S3 Gateway.
  4. Use Customer Gateway
A
  1. There is no alternate way as instance in private subnet can access internet over NAT gateway only.
  2. Use VPC Gateway Endpoint which supports Amazon S3.
  3. Use Amazon S3 Gateway.
  4. Use Customer Gateway
43
Q

What are components of site to site VPN? Choose 3.

  1. Direct Connect
  2. Virtual Private Gateway
  3. AWS Transit Gateway
  4. Customer Gateway
A
  1. Direct Connect
  2. Virtual Private Gateway
  3. AWS Transit Gateway
  4. Customer Gateway
44
Q

You are using Amazon ElastiCache for Memcache to cache queries of your web application RDS MySQL. You have just released the web application to beta users with minimum number of nodes in the ElastiCache cluster. As the number of users will increase you will need to increase the number of cluster nodes. What you should do minimize the changes in your caching when scale out is done?

  1. On adding new nodes, update the list of cache node endpoints manually in the configuration file and re-initialize the application by restarting it.
  2. Auto Discovery capable client must be used to connect to Amazon ElastiCache Cluster.
  3. Auto Discovery capable server must be used to connect to Amazon ElastiCache Cluster.
  4. None of the above
A
  1. On adding new nodes, update the list of cache node endpoints manually in the configuration file and re-initialize the application by restarting it.
  2. Auto Discovery capable client must be used to connect to Amazon ElastiCache Cluster.
  3. Auto Discovery capable server must be used to connect to Amazon ElastiCache Cluster.
  4. None of the above
45
Q

You are the solution architect for a financial services company who is migrating their in-house application to AWS. Because of the sensitive financial data and security requirement you are planning to house the application instances in private subnet that are not publicly reachable. Your architecture consists of A public-facing load balancer to distribute the load across the instances in the private subnets. Two tier: Application and Database tiers. Application tier consists of EC2 instances in auto scaling group. Database tier using RDS in a Multi-AZ deployment. Application and Database tiers should be in separate private subnets. Application which should be highly available and scalable. How many minimum subnets you will need to create?

  1. Total 4. Across Two AZs, each with two private subnets.
  2. Total 6. Across Two AZs, each having one public subnet and two private subnets.
  3. Total 6. One AZ, having two public subnet and four private subnets.
  4. Total 5. One AZ, having one public subnet and four private subnets.
A
  1. Total 4. Across Two AZs, each with two private subnets.
  2. Total 6. Across Two AZs, each having one public subnet and two private subnets.
  3. Total 6. One AZ, having two public subnet and four private subnets.
  4. Total 5. One AZ, having one public subnet and four private subnets.
46
Q

Amazon RDS read replicas complement Multi-AZ deployments. While both features maintain a second copy of your data, choose two differences from the following list.

  1. In Read Replicas only database engine on primary instance is active while in Multi-AZ all replicas are accessible and can be used for read scaling.
  2. Multi-AZ Deployments have synchronous replication and is highly durable while Read Replicas have Asynchronous replication and is highly scalable.
  3. In Multi-AZ only database engine on primary instance is active while in Read Replicas all read replicas are accessible and can be used for read scaling.
  4. Read Replicas have synchronous replication and is highly durable while Multi-AZ have Asynchronous replication and is highly scalable.
A
  1. In Read Replicas only database engine on primary instance is active while in Multi-AZ all replicas are accessible and can be used for read scaling.
  2. Multi-AZ Deployments have synchronous replication and is highly durable while Read Replicas have Asynchronous replication and is highly scalable.
  3. In Multi-AZ only database engine on primary instance is active while in Read Replicas all read replicas are accessible and can be used for read scaling.
  4. Read Replicas have synchronous replication and is highly durable while Multi-AZ have Asynchronous replication and is highly scalable.
47
Q

You are an IT administrator of a company which has a SaaS product developed using AWS platform. You have enabled multi-AZ deployment for the product RDS database. Few days after the release you get an alert from DB event notification on your mobile phone that your primary Amazon RDS instance has failed. What should you do ensure that your production environment is available to users by ensuring a fast seamless failover to secondary instance?

  1. Update the DB connection string used by application server to secondary database instance.
  2. Create a new primary instance by making a copy from the secondary instance.
  3. No need to do anything, Amazon RDS handles failovers automatically so you can resume database operations as quickly as possible without administrative intervention.
  4. Update the DNS record of the DB instance to point to the standby DB instance.
A
  1. Update the DB connection string used by application server to secondary database instance.
  2. Create a new primary instance by making a copy from the secondary instance.
  3. No need to do anything, Amazon RDS handles failovers automatically so you can resume database operations as quickly as possible without administrative intervention.
  4. Update the DNS record of the DB instance to point to the standby DB instance.
48
Q

You have created a static blog website using S3. The name of the bucket is ‘mycloudblogs.com’ created in us-west-2 region. The website is available at the following Amazon S3 website endpoint: http://mycloudblogs.com.s3-website-us-west-2.amazonaws.com/

Your website also has JavaScript on the webpages that are stored in this bucket to be able to make authenticated GET and PUT requests against the same bucket by using the Amazon S3 API endpoint for the bucket: mycloudblogs.com.s3-us-west-2.amazonaws.com You have also created the alias record for mycloudblogs.com in Route 53 so that your user can access the website by using the url http://mycloudblogs.com. When you tested the website by invoking the website endpoint url on your browser you are getting following error: ‘No ‘Access-Control-Allow-Origin’ header is present on the requested resource’. What could be the reason?

  1. You need to pass a unique header value from browser to Amazon S3 for every request.
  2. You need to pass a unique header value from Amazon S3 to browser for every request.
  3. Need to configure your CORS Settings for your bucket on amazon S3 console.
  4. Need to configure your CORS Settings for your bucket in Route 53 record.
A
  1. You need to pass a unique header value from browser to Amazon S3 for every request.
  2. You need to pass a unique header value from Amazon S3 to browser for every request.
  3. Need to configure your CORS Settings for your bucket on amazon S3 console.
  4. Need to configure your CORS Settings for your bucket in Route 53 record.
49
Q

How can you restrict access to content like documents, business data, media streams, or content that is intended for selected users when you are securely serving these private content through CloudFront? Choose 2.

  1. Require that your users access your private content by using special CloudFront signed URLs or signed cookies.
  2. Require that content is always encrypted.
  3. Require that your users access your content by using CloudFront URLs, not URLs that access content directly on the origin server (for example, Amazon S3 or a private HTTP server).
  4. Require that it is always through HTTPS.
A
  1. Require that your users access your private content by using special CloudFront signed URLs or signed cookies.
  2. Require that content is always encrypted.
  3. Require that your users access your content by using CloudFront URLs, not URLs that access content directly on the origin server (for example, Amazon S3 or a private HTTP server).
  4. Require that it is always through HTTPS.
50
Q

You have created an online event ticket platform in which users can buy tickets for county and state fairs. The platform supports user request originating from multiple channels of desktop web, mobile web and native mobile app in iOS/Android. You have designed and deployed your instances in such a way that there are different instances to serve the request based on source channel. The request URL when user starts to buy a ticket are:

Web: www.statefair.com/web/buytickets

Mobile Web: www.statefair.com/mobileweb/buytickets

Native mobile app: www.statefair.com/mobileapp/buytickets

Your architecture has one application load balancer to serve the requests originating from different channels. How can you configure the load balancer so that request are served by their respective instances?

  1. Replace your application load balancer with network load balancer and configure path based routing in your application load balancer to route request to different target group of instances.
  2. Replace your application load balancer with network load balancer and configure host based routing in your application load balancer to route request to different target group of instances.
  3. Configure path based routing in your application load balancer to route request to different target group of instances.
  4. Configure host based routing in your application load balancer to route request to different target group of instances.
A
  1. Replace your application load balancer with network load balancer and configure path based routing in your application load balancer to route request to different target group of instances.
  2. Replace your application load balancer with network load balancer and configure host based routing in your application load balancer to route request to different target group of instances.
  3. Configure path based routing in your application load balancer to route request to different target group of instances.
  4. Configure host based routing in your application load balancer to route request to different target group of instances.
51
Q

Which Amazon service offers threat detection that enables you to continuously monitor and protect your AWS accounts and workloads by continuously analyzing streams of meta-data generated from your account and network activity found in AWS CloudTrail Events, Amazon VPC Flow Logs, and DNS Logs?

  1. AWS WAF
  2. AWS Shield
  3. Amazon GuardDuty
  4. Amazon Macie
A
  1. AWS WAF
  2. AWS Shield
  3. Amazon GuardDuty
  4. Amazon Macie
52
Q

A company wants to use S3 to store the paid invoices by its customers. These paid invoices are accessed by various departments from finance, sales, and department heads and customer representatives for 30 days. The invoices that are paid more than 30 days before are infrequently accessed only by accounting department for auditing purpose. After the financial year these invoices are rarely accessed by any one and even if accessed, fast retrieval is not a consideration. How the solution architect of the company should plan on using different storage tiers in most cost effective way?

  1. Use STANDARD tier for storing paid invoice for first 30 days. Configure lifecycle rule to move the invoice to ONEZONE_IA after 30 days and to GLACIER after the financial year is over.
  2. Use STANDARD tier for storing paid invoice for first 30 days. Configure lifecycle rule to move the invoice to STANDARD _IA after 30 days and to GLACIER after the financial year is over.
  3. Use STANDARD tier for storing paid invoice for first 30 days. Configure lifecycle rule to move the invoice to STANDARD _IA after 30 days and to DEEP_ARCHIVE after the financial year is over.
  4. Use STANDARD tier for storing paid invoice for first 30 days. Configure lifecycle rule to move the invoice to STANDARD_IA after 30 days and to DEEP_ARCHIVE after the financial year is over.
A
  1. Use STANDARD tier for storing paid invoice for first 30 days. Configure lifecycle rule to move the invoice to ONEZONE_IA after 30 days and to GLACIER after the financial year is over.
  2. Use STANDARD tier for storing paid invoice for first 30 days. Configure lifecycle rule to move the invoice to STANDARD _IA after 30 days and to GLACIER after the financial year is over.
  3. Use STANDARD tier for storing paid invoice for first 30 days. Configure lifecycle rule to move the invoice to STANDARD _IA after 30 days and to DEEP_ARCHIVE after the financial year is over.
  4. Use STANDARD tier for storing paid invoice for first 30 days. Configure lifecycle rule to move the invoice to STANDARD_IA after 30 days and to DEEP_ARCHIVE after the financial year is over.
53
Q

You are building an ETL solution for daily sales report analysis. All the regional headquarter in the country upload their sales data between 7pm-11pm to a S3 bucket. Upon upload each file should be transformed and loaded into a data warehouse. What services you will use to design this solution in a most cost effective way? Choose 2.

  1. Configure S3 event notification to trigger a lambda function which will kick start ETL job whenever a file is uploaded.
  2. Use AWS Glue for ETL and Redshift for Data warehouse
  3. Use AWS Data Pipeline for ETL and Redshift for Data warehouse
  4. Use AWS Glue for ETL and Amazon EMR for Data warehouse
A
  1. Configure S3 event notification to trigger a lambda function which will kick start ETL job whenever a file is uploaded.
  2. Use AWS Glue for ETL and Redshift for Data warehouse
  3. Use AWS Data Pipeline for ETL and Redshift for Data warehouse
  4. Use AWS Glue for ETL and Amazon EMR for Data warehouse
54
Q

What are the features of IAM roles for EC2 instances? Choose 4

  1. AWS temporary security credentials to use when making requests from running EC2 instances to AWS services.
  2. Define cross account permission of EC2 instances.
  3. Automatic rotation of the AWS temporary security credentials.
  4. Granular AWS service permissions for applications running on EC2 instances.
  5. Simplifies management and deployment of AWS access keys to EC2 instances.
A
  1. AWS temporary security credentials to use when making requests from running EC2 instances to AWS services.
  2. Define cross account permission of EC2 instances.
  3. Automatic rotation of the AWS temporary security credentials.
  4. Granular AWS service permissions for applications running on EC2 instances.
  5. Simplifies management and deployment of AWS access keys to EC2 instances.
55
Q

How is web identity federation i.e. providing access to externally authenticated users supported in AWS? Choose 3.

  1. Using Amazon Cognito as an identity broker which does much of the federation work.
  2. If you are creating a mobile app or web-based app it blocks users who have Login with Amazon, Facebook, Google, or any OpenID Connect (OIDC) compatible identity provider.
  3. You can create a mobile app or web-based app that can let users identify themselves through an Internet identity provider like Login with Amazon, Facebook, Google, or any OpenID Connect (OIDC) compatible identity provider, the app can use federation to access AWS.
  4. Using Web Identity Federation API Operations for Mobile Apps
A
  1. Using Amazon Cognito as an identity broker which does much of the federation work.
  2. If you are creating a mobile app or web-based app it blocks users who have Login with Amazon, Facebook, Google, or any OpenID Connect (OIDC) compatible identity provider.
  3. You can create a mobile app or web-based app that can let users identify themselves through an Internet identity provider like Login with Amazon, Facebook, Google, or any OpenID Connect (OIDC) compatible identity provider, the app can use federation to access AWS.
  4. Using Web Identity Federation API Operations for Mobile Apps
56
Q

You have a S3 bucket named Photos with versioning enabled. You do following steps: PUT a new object photo.gif which gets version ID = 111111 PUT a new version of photo.gif. DELETE photo.gif Which of the following two statements are correct?

  1. After Step2, Amazon S3 generates a new version ID (121212), and adds the newer version to the bucket retaining the older version with ID=111111.There is two versions of photo.gif.
  2. After Step2, Amazon S3 overwrites the older version with ID=111111 and grants it new ID. There is only one version of photo.gif.
  3. After Step 3, when you DELETE an object, all versions remain in the bucket and Amazon S3 inserts a delete marker.
  4. After Step 3, when you DELETE an object, all versions are deleted from the bucket.
A
  1. After Step2, Amazon S3 generates a new version ID (121212), and adds the newer version to the bucket retaining the older version with ID=111111.There is two versions of photo.gif.
  2. After Step2, Amazon S3 overwrites the older version with ID=111111 and grants it new ID. There is only one version of photo.gif.
  3. After Step 3, when you DELETE an object, all versions remain in the bucket and Amazon S3 inserts a delete marker.
  4. After Step 3, when you DELETE an object, all versions are deleted from the bucket.
57
Q

You want to leverage AWS native components to do Clickstream analytics by collecting, analyzing, and reporting aggregate data about which webpages someone visits and in what order in your website. The clickstream analytics solution should provide these capabilities: Streaming data ingestion, which can process millions of website clicks (clickstream data) a day from global websites. Near real-time visualizations and recommendations, with web usage metrics that include events per hour, visitor count, web/HTTP user agents (e.g., a web browser), abnormal events, aggregate event count, referrers, and recent events. You want to build a recommendation engine on a data warehouse. Analysis and visualizations of your clickstream data both real time and analytical. Which AWS native services you will use to build this solution?

  1. Amazon IoT core, Amazon Elasticsearch Amazon S3, Amazon RDS, Amazon Redshift, Amazon Quicksight, Amazon Athena
  2. Amazon Kinesis Data Firehose, Amazon Elasticsearch Amazon S3, Amazon Redshift, Amazon Quicksight, Amazon Athena
  3. Amazon IoT core, Amazon Elasticsearch Amazon S3, Amazon DynamoDB, Amazon Redshift, Amazon Quicksight, Amazon Athena
  4. Amazon EC2, Amazon Elasticsearch Amazon S3, Amazon Redshift, Amazon Quicksight, Amazon Athena
A
  1. Amazon IoT core, Amazon Elasticsearch Amazon S3, Amazon RDS, Amazon Redshift, Amazon Quicksight, Amazon Athena
  2. Amazon Kinesis Data Firehose, Amazon Elasticsearch Amazon S3, Amazon Redshift, Amazon Quicksight, Amazon Athena
  3. Amazon IoT core, Amazon Elasticsearch Amazon S3, Amazon DynamoDB, Amazon Redshift, Amazon Quicksight, Amazon Athena
  4. Amazon EC2, Amazon Elasticsearch Amazon S3, Amazon Redshift, Amazon Quicksight, Amazon Athena
58
Q

What are the best practices for managing IAM user access keys? Choose 4.

  1. Remove (or Don’t Generate) Account Access Key.
  2. Use Temporary Security Credentials (IAM Roles) Instead of Long-Term Access Keys
  3. Don’t embed access keys directly into code.
  4. Rotate access keys periodically.
  5. Embed access keys directly into code for better security.
A
  1. Remove (or Don’t Generate) Account Access Key.
  2. Use Temporary Security Credentials (IAM Roles) Instead of Long-Term Access Keys
  3. Don’t embed access keys directly into code.
  4. Rotate access keys periodically.
  5. Embed access keys directly into code for better security.
59
Q

Your company has been using AWS for different kind of workloads running on EC2 instances for more than a year. As part of companywide cost optimization drive you been asked to look at how you can optimize the EC2 instances cost. Which AWS service you will use to analyze the current EC2 instances both from cost optimization and performance bottleneck identification so as to: Get downsizing recommendations within or across instance families. Get upsizing recommendations to remove performance bottlenecks. Understand the performance risks and how your workload would perform on various EC2 instance options to evaluate the price-performance trade-off for your workloads.

  1. AWS Compute Optimizer
  2. AWS Cost Explorer
  3. AWS EC2 optimizer
  4. AWS Budget
A
  1. AWS Compute Optimizer
  2. AWS Cost Explorer
  3. AWS EC2 optimizer
  4. AWS Budget
60
Q

Your organization has adopted AWS and hosts applications that spans hundreds of VPCs. Which AWS service can minimize the operations burden of managing such a vast distributed network, Connecting and managing hundreds of VPCs via peering requiring massive route tables which is difficult to deploy, manage and can be error prone ?

  1. AWS Direct Connect
  2. AWS Site to Site VPN
  3. AWS VPN Gateway
  4. AWS Transit Gateway
A
  1. AWS Direct Connect
  2. AWS Site to Site VPN
  3. AWS VPN Gateway
  4. AWS Transit Gateway
61
Q

Based on the figure below of a network ACL configured for a subnet, how the rules will be evaluated for a packet destined for the SSL port (443)?

  1. Rule 110 will be directly matched and inbound packet will be allowed.
  2. First the lower number rule 100 will be evaluated and then next 110 will be evaluated which matches.
  3. All the six rule will be evaluated at once and packet match with a rule will be done.
  4. Rules will be evaluated in descending order i.e. 140, 130, 120, 110 till the match.
A
  1. Rule 110 will be directly matched and inbound packet will be allowed.
  2. First the lower number rule 100 will be evaluated and then next 110 will be evaluated which matches.
  3. All the six rule will be evaluated at once and packet match with a rule will be done.
  4. Rules will be evaluated in descending order i.e. 140, 130, 120, 110 till the match
62
Q

Your company has around 3000 users and want to use Microsoft Active Directory compatible features to manage their EC2 instances running Windows and other AWS applications such as Amazon workspaces, Amazon Workdocs or Amazon WorkMail. You don’t want to set a trust relationship with on-premise AD. Which AWS service will you use?

  1. AWS Managed Microsoft AD
  2. AD Connector
  3. Amazon Cloud Directory
  4. Simple AD
A
  1. AWS Managed Microsoft AD
  2. AD Connector
  3. Amazon Cloud Directory
  4. Simple AD
63
Q

You are learning AWS by watching tutorial videos which are in English. To test your learning you want to create a PoC application which will take a video file as an input and generate subtitles in Spanish. The system will receive a video input, extract the audio track, transcribe it, and generate different subtitle files for your video. Your initial core design is to use: Amazon Elastic Transcoder to extract the audio from the video Amazon Transcribe to convert the audio to text Amazon Translate to achieve fast, high-quality language translation You will also include a workflow management component which will coordinate components and steps through the functions of your application. What are other services you will use to design a cost optimized PoC application?

  1. S3, Lambda, Cognito, DynamoDB
  2. S3, Lambda, Step functions, Cognito, DynamoDB
  3. S3, EC2, Step functions, Cognito, DynamoDB
  4. S3, ECS, Step functions, Cognito, DynamoDB
A
  1. S3, Lambda, Cognito, DynamoDB
  2. S3, Lambda, Step functions, Cognito, DynamoDB
  3. S3, EC2, Step functions, Cognito, DynamoDB
  4. S3, ECS, Step functions, Cognito, DynamoDB
64
Q

You have configured an application load balancer listening on port 80 and mapped it to a target group of EC2 instances also listening on port 80. When a client request reaches load balancer with correct protocol and port, how many connection load balancer maintains between client and target EC2 instance?

  1. 1
  2. 2
  3. 3
  4. 4
A
  1. 1
  2. 2
  3. 3
  4. 4
65
Q

You are the solution architect for a pharmaceutical company which has been using a client application to manage their on-premise data backup and archival. The application uses iSCSI protocol to transfer data between application and on-premise storage. The on-premise storage currently store TBs of data and is reaching near capacity. The company doesn’t want to invest in expanding the on-premise storage capacity. Which AWS service company should leverage so that there is minimum or no change to existing backup & archiving application as well as low latency is provided for frequently used data?

  1. Use AWS Tape Gateway.
  2. Use AWS Volume Storage Gateway.
  3. Use AWS File Gateway.
  4. Use AWS Volume Cached Gateway
A
  1. Use AWS Tape Gateway.
  2. Use AWS Volume Storage Gateway.
  3. Use AWS File Gateway.
  4. Use AWS Volume Cached Gateway

AWS Study Deck - SAA (18 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions