AWS – Solution Architect Associate Level Certification - Mock Test

stephon
Quiz by , created over 3 years ago

Origin From: http://www.cloudsolutionsbook.com/amazon-cloud-solutions/june-20th-2015 Mock up 94 Questions – 80 Minutes Mark the right answers – do not use the right column

9102
29
3
stephon
Created by stephon over 3 years ago
Amazon Web Services - Nov 2018
Hunter Leachman
esempio test
Karla Jordao
AWS Certified Solutions Architect Associate notes
Gaurav Sehgal
Hamlet Quotations
CuteMarshmallow
Rivers, Floods and Management Key Terms
09newkieran31
Embryology of the Reproductive System
Matthew Coulson
70-411 - MCSA: Administering Windows Server 2012 - Exam 3
Mike M
70-411 - MCSA: Administering Windows Server 2012 - Exam 4
Mike M
70-411 - MCSA: Administering Windows Server 2012 - Exam 5
Mike M
70-411 - MCSA: Administering Windows Server 2012 - Exam 6
Mike M

Question 1

Question
How do you secure company critical data on S3 (choose 4 correct answers)
Answer
  • You can use IAM Policies
  • You can use Bucket Policies
  • You can use Access Control Lists (ACLs)
  • You can use the Server Side Encryption (SSE)
  • You can serve it through CloudFront

Question 2

Question
How to secure data on rest in EBS (choose 1 correct answer)
Answer
  • EBS automatically encrypts data on it for more security
  • You can use your own encryption layer on the top
  • Use S3 instead
  • Block the EC2 to access data to your EBS

Question 3

Question
You have a photo selling website where you have a library of photos on S3. You noticed that there are some websites that are showing the link to your S3 photos. How do you restrict sites like these using your S3 photos link? (choose 1 correct answer)
Answer
  • Use CloudFront to serve images
  • Restrict access to those websites in the bucket policy
  • Use Glacier to store images
  • Restrict access to those websites in the IAM policy
  • Remove the public URL link from the object in S3

Question 4

Question
In which of the following cases should you use SQS – Simple Queue Service? (choose 2 correct answers)
Answer
  • Designing a business application which requires a lot of co-ordination between different tasks
  • Video encoding application where each video is encoded with a pre-defined number of steps
  • Receiving thousands of notifications from a process and add them to a queue
  • Process a queue of messages where each message is a task that needs to be completed

Question 5

Question
How do you ensure that the data has been saved properly in S3? (choose 1 correct answer)
Answer
  • Every S3 account has a predefined bucket where the logs are stored
  • When processing a request to store data, the service will redundantly store your object across multiple facilities before returning SUCCESS.
  • You can see the HTTP success code in the logs
  • Using a combination of Content-MD5 checksums

Question 6

Question
You are running an application on an EC2 and now you want to add another EC2 for your application that requires a high bandwidth connect with the existing EC2. Where should you launch your EC2 in this case? (choose 1 correct answer)
Answer
  • VPC
  • Public Subnet
  • Private Subnet
  • Placement Group
  • Availability Zone

Question 7

Question
Where should you use SWF – Simple Workflow Service? (choose 2 correct answers)
Answer
  • Designing a business application which requires a lot of co-ordination between different tasks
  • Video encoding application where each video is encoded with a pre-defined number of steps
  • Receiving thousands of notifications from a process and add them to a queue
  • Process a queue of messages where each message is a task that needs to be completed

Question 8

Question
What services are required for Auto Scaling? (choose 2 correct answers)
Answer
  • SNS
  • CloudWatch
  • SQS
  • ELB

Question 9

Question
Your web application is using Auto Scaling and Elastic Load Balancer. You want to monitor the application to ensure that it maintain a good quality of service for your customers, defined by the application’s page load time. What metric in AWS CloudWatch can best be used for this? (choose one correct answer) (Origin Number: 71)
Answer
  • Latency reported by the Elastic Load Balancer(ELB)
  • Request count reported by ELB
  • Aggregate networking for the web tier
  • Aggregate CPU Utilisation for the web tier

Question 10

Question
Amazon Glacier is designed for (chose 2 correct answers)
Answer
  • Active database storage.
  • Infrequently accessed data.
  • Data archives.
  • Frequently accessed data.
  • Cached session data.

Question 11

Question
An instance is launched into the public subnet of a VPC. Which of the following must be done in order for it to be accessible FROM the Internet? (choose 1 correct answer)
Answer
  • Attach an Elastic IP to the instance
  • Nothing. The instance is accessible from the Internet
  • Launch a NAT instance and route all traffic to it
  • Make an entry in the route table passing all traffic going outside the VPC to the NAT instance

Question 12

Question
In VPCs with private and public subnets, database servers should ideally be launched into? (choose 1 correct answer)
Answer
  • The public subnet
  • The private subnet
  • Either of them
  • Not recommended, they should ideally be launched outside VPC

Question 13

Question
What are the benefits of using ElastiCache for you web application? (choose 2 correct answers)
Answer
  • It reduces the load on your web servers
  • It reduces the load on your database
  • Gives you more availability of cached data when your Multi-AZ RDS is under maintenance
  • Gives you faster access to your cache data

Question 14

Question
You configured ELB to perform health checks on EC2 instances. If an instance fails to pass health checks, which statement will be true? (choose 1 correct answer)
Answer
  • The instance is replaced automatically by the ELB.
  • The instance gets terminated automatically by the ELB.
  • The ELB stops sending traffic to the instance that failed its health check.
  • The instance gets quarantined by the ELB for root cause analysis.

Question 15

Question
What are the characteristics of DynamoDB? (choose 3 correct answers)
Answer
  • It is used for SQL databases like MsSQL, MySQL, Oracle
  • Gives you a fast and predictable performance with seamless scalability
  • It is a managed service provided by AWS
  • When reading data from Amazon DynamoDB, users can specify whether they want the read to be eventually consistent or strongly consistent
  • There is a limit of stored data or throughput of data

Question 16

Question
You have a business critical application that requires it to be highly available with 6 instances always running. What should you do to achieve this? (choose 3 correct answers)
Answer
  • 2 EC2 in 3 regions with ELB on top
  • 3 EC2 in 2 AZ with ELB on top
  • Auto Scaling rule for 6 instances always running
  • Auto scaling rule for 3 instance always running in each zone
  • Auto Scaling Replace the lost capacity in case of zone failure in the other zone
  • Auto Scaling Replace the lost capacity in case of region failure in other region

Question 17

Question
What are the characteristics of Elastic Beanstalk? (choose 2 correct answers)
Answer
  • You can use it to replace an instance in the ELB when it fails its health check
  • Helps you quickly deploy and manage applications in the AWS cloud
  • It creates a template for your EC2 instance
  • You don’t need to worry about the infrastructure required to run your applications

Question 18

Question
How do you achieve single sign on with AWS? (choose 1 correct answer)
Answer
  • It is configurable in the IAM policies for the user
  • By Using Multi-factor authentication
  • By Using Active Directory and LDAP integration
  • By Configuring SAML 2.0
  • It is currently not possible in AWS

Question 19

Question
What is true about VPC? (choose 3 correct answers)
Answer
  • You can have one EC2 in more than 1 VPC
  • There will always be atleast 1 default VPC
  • A VPC is always across multiple availability zones within a region
  • You can either have a VPC with public subnet or private subnet
  • You may use a third party software VPN to create a site to site or remote access VPN connection with your VPC via the Internet Gateway

Question 20

Question
You are building a system to distribute confidential training videos to employees. Using CloudFront, what method could be used to serve content that is stored in S3, but not publically accessible from S3 directly? (choose 1 correct answer)
Answer
  • Create an Origin Access Identity (OAI) for CloudFront and grant access to the objects in your S3 bucket to that OAI.
  • Add the CloudFront account security group “amazon-cf/amazon-cf-sg” to the appropriate S3 bucket policy.
  • Create an Identity and Access Management (IAM) User for CloudFront and grant access to the objects in your S3 bucket to that IAM User.
  • Create a S3 bucket policy that lists the CloudFront distribution ID as the Principal and the target bucket as the Amazon Resource Name (ARN).

Question 21

Question
An instance is connected to an ENI (Elastic Network Interface) in one subnet. What happens when you attach an ENI of a different subnet to this instance? (choose 1 correct answer)
Answer
  • The instance follows the rules of the older subnet
  • The instance follows the rules of both the subnets
  • The instance follows the rules of the newer subnet
  • Not possible cannot be connected to 2 ENIs

Question 22

Question
How do you point apex record of your website (example.com) to the public DNS of the Elastic Load Balancer? (choose 1 correct answer)
Answer
  • A Record
  • CNAME record
  • AAAA record
  • Alias
  • NS Record

Question 23

Question
Which of the following will occur when an EC2 instance in a VPC (Virtual Private Cloud) with an associated Elastic IP is stopped and started? (choose 2 correct answers)
Answer
  • The Elastic IP will be dissociated from the instance
  • All data on instance-store devices will be lost
  • All data on EBS (Elastic Block Store) devices will be lost
  • The ENI (Elastic Network Interface) is detached
  • The underlying host for the instance may change

Question 24

Question
You are running an ERP application on EC2 for your company that runs 24x7 and the load is predictable and constant throughout the year. Which is the most cost-efficient option for the EC2 purchase model in this case? (choose 1 correct answer)
Answer
  • On-Demand
  • Reserved
  • Dedicated
  • Spot
  • EC2 is not the right choice here

Question 25

Question
What are the characteristics of EBS? (choose 3 correct answers)
Answer
  • You can attach one EBS volume to multiple EC2 instance
  • Data in EBS is stored across multiple AZ for redundancy
  • Maximum size of an EBS can be 1 TB
  • You can have provisioned IOPS with your EBS volumes
  • EBS behaves like raw unformatted block device

Question 26

Question
You notice that you are not able to access your EC2 linux instance using SSH. What should you check first? (choose 1 correct answer)
Answer
  • Make sure that the patches are up to date on the instance
  • Make sure the port 22 are open on the subnet for incoming traffic
  • Make sure the port 22 are open on the subnet for outgoing traffic
  • Make sure the port 22 are open on the security group for incoming traffic
  • Make sure the port 22 are open on the security group for outgoing traffic

Question 27

Question
What is true about AMI? (choose 4 correct answers)
Answer
  • You can share your AMI with other AWS account owners
  • You can create an instance store-backed AMI
  • You can create an EBS-backed AMI
  • For Instance stored-backed AMIs, the root volume is stored in S3
  • For EBS stored-backed AMIs, the root volume is stored in S3

Question 28

Question
What is true about RDS? (choose 3 correct answers)
Answer
  • You can create multiple read replica for ready heavy applications
  • You can have a read replica of a read replica
  • Daily backups are automatically taken
  • You can enable Multi-AZ option to have automatic failover in a different region
  • You can have provisioned IOPS for your RDS database

Question 29

Question
What are the characteristics of IAM? (choose 2 correct answers)
Answer
  • By Default all the services are enabled for a new IAM user
  • By Default all the services are disabled for a new IAM user
  • You can create multiple access ID and secret keys for 1 IAM user

Question 30

Question
What are the characteristics of VPC subnets? (choose 2 correct answers)
Answer
  • network traffic entering and exiting each subnet can be allowed or denied via network Access Control Lists (ACLs)
  • A subnet can be across multiple availability zones
  • A subnet can be across multiple regions
  • Default subnets are assigned a /20 netblocks
  • Default subnets are assigned a /16 netblocks

Question 31

Question
You have created 4 weighted resource record sets with weights 1, 2, 3 and 4. the 3rd record set is selected by Route53? (choose 1 correct answer)
Answer
  • 1/7th of the time
  • 3/10th of the time
  • 3/7th of the time
  • 1/4th of the time

Question 32

Question
Which of the following can be used as an origin server in CloudFront? (Choose 3 correct answers)
Answer
  • A webserver running on EC2
  • A webserver running in your own datacenter
  • A RDS instance
  • An Amazon S3 bucket
  • A Glacier storage

Question 33

Question
In CloudFront what happens when content is NOT present at an edge location and a request is made to it? (choose 1 correct answer)
Answer
  • Option 1 An Error 404 not found is returned
  • CloudFront delivers the content directly from the origin server and stores it in the cache of the edge location
  • The request is kept on hold till content is delivered to the edge location
  • The request is routed to the next closest edge location

Question 34

Question
Which of the following is true with respect to serving private content through CloudFront? (choose 3 correct answers)
Answer
  • Signed URLs can be created to access objects from CloudFront edge locations
  • Direct access to S3 URLs can be removed therefore allowing access only through CloudFront URLs
  • Mark the S3 bucket private and allow access to CloudFront by means of Roles
  • Mark the S3 bucket private and and create an Origin Access Identity to access the objects

Question 35

Question
You have written a CloudFormation template that creates 1 elastic load balancer fronting 2 EC2 instances. Which section of the template should you edit so that the DNS of the load balancer is returned upon creation of the stack? (choose 1 correct answers)
Answer
  • Resources
  • Parameters
  • Outputs
  • Mappings

Question 36

Question
You are doing a large data analysis which requires high computing power and many instances to be launched simultaneously and then to be retired after the analysis. If the instance is retired during the analysis, the program automatically shifts the analysis to the other instance. Which is the most cost-efficient option for launching the EC2 in this case? (choose 1 correct answer)
Answer
  • On-Demand
  • Reserved
  • Dedicated
  • Spot
  • EC2 is not the right choice here

Question 37

Question
What is true about penetration testing in AWS? (choose 2 correct answers)
Answer
  • You can do the penetration on your individual EC2 instance only
  • A prior permission is required from AWS for penetration testing
  • You cannot do the penetration testing at all
  • You can ask AWS support to do the penetration testing
  • AWS will automatically conduct penetration testing from time to time

Question 38

Question
What are the benefits of Multi-AZ RDS deployments? (choose 2 correct answers)
Answer
  • You get a read-replica
  • More availability during the maintenance window
  • Automatic failover in case of one data center failure
  • More IOPS available for data throughput
  • You get more privileges to manage your database

Question 39

Question
What kind of data should not be stored in S3? (choose 3 correct answers)
Answer
  • Images and videos
  • Static files for your websites
  • Your website database
  • Notifications from a computer program
  • Static Files that are accessed once in many years

Question 40

Question
What are the characteristics of a reserved instance? (choose 3 correct answers)
Answer
  • It can be applied across regions
  • It saves you significant money over on-demand instance
  • You can shut down the reserved instance any time you want and the hourly charge wont incur for the shutdown hours
  • If your AMI changes the Reserved instance is still valid if it’s the same instance type
  • You pay a fixed amount of money irrespective of the number of hours you used the instance for

Question 41

Question
What are the characteristics of CloudFormation? (choose 2 correct answers)
Answer
  • You can use it to replace an instance in the ELB when it fails its health check
  • Helps you quickly deploy and manage applications in the AWS cloud
  • It creates a template for your EC2 instance
  • You don’t need to worry about the infrastructure required to run your applications

Question 42

Question
To protect S3 data from accidental deletion and overwriting you should (choose 1 correct answer)
Answer
  • Disable S3 delete using an IAM bucket policy
  • Access S3 data only using signed URLs
  • Enable S3 reduced redundancy storage
  • Enable S3 versioning on the bucket
  • Enable MFA protected access

Question 43

Question
Which one is an operational process performed by AWS for data security? (choose 1 correct answer)
Answer
  • AES 256 bit encryption of data stored on any shared storage device
  • Decommissioning of storage device using industry-standard practices
  • Background virus scans of EBS volumes and EBS snapshots
  • Replication of data across multiple geographic regions
  • Secure wiping of EBS volumes when they are un-mounted

Question 44

Question
Which metrics could CloudWatch monitor? (choose 2 correct answers)
Answer
  • Hypervisor visible metrics such as CPU utilization
  • Operating system visible metrics such as memory utilization
  • Network Utilization (Read-write)
  • Web server visible metrics such as number failed transaction requests
  • Database visible metrics such as number of connections

Question 45

Question
How should you launch instance if you need a pre-defined IP? (choose 1 correct answer)
Answer
  • Launch it in a VPC
  • Launch it under an ELB
  • Pre-assign an IP using CloudFormation script
  • Launch it in a Placement Group

Question 46

Question
In which case do you have full authority of the underlying instance? (choose 2 correct answers)
Answer
  • EC2
  • RDS
  • DynamoDB
  • EMR (Elastic Map Reduce)

Question 47

Question
What is true about EBS? (choose 3 correct answers)
Answer
  • The snapshots are stored in S3
  • The snapshots are just stored as another EBS volume
  • Snapshots are incremental in nature and only
  • You can share the snapshot with other AWS accounts
  • Snapshots are automatically encrypted

Question 48

Question
What is the difference between a security group in VPC and a network ACL in VPC? (choose 3 correct answers)
Answer
  • Security group restricts access to a Subnet while ACL restricts traffic to EC2
  • Security group restricts access to EC2 while ACL restricts traffic to a subnet
  • Security group can work outside the VPC also while ACL only works within a VPC
  • Network ACL performs stateless filtering and Security group provides stateful filtering
  • Security group can only set Allow rule, while ACL can set Deny rule also

Question 49

Question
For an EC2 instance launched in a private subnet in VPC, which of the following are the options for it to be able to connect to the internet (assume security groups have proper ports open)? (choose 1 correct answer)
Answer
  • Simply attach an Elastic IP
  • If there is also a public subnet in the same VPC, an ENI can be attached to the instance with the ip address range of the public subnet
  • If there is a public subnet in the same VPC with a NAT instance attached to internet gateway, then a route can be configured from the instance to the NAT
  • There is no way for an instance in private subnet to talk to the internet

Question 50

Question
What happens to data when an EC2 instance terminates? (choose 3 correct answers)
Answer
  • For EBS backed AMI, the EBS volume with operation system on it is preserved
  • For EBS backed AMI, any volume attached other than the OS volume is preserved
  • All the snapshots of the EBS volume with operating system is preserved
  • For S3 backed AMI, all the data in the local (ephemeral) hard drive is deleted
  • For Instance store-backed EC2 the data is lost when the instance is rebooted

Question 51

Question
Which of the following Auto scaling cannot do? (choose 3 correct answers)
Answer
  • Start up EC2 instances when CPU utilization is above threshold
  • Release EC2 instances when CPU utilization is below threshold
  • Increase the instance size when utilization is above threshold
  • Add more Relational Database Service (RDS) read replicas when utilization is above threshold
  • Reboots an instance if the health check is failed for that instance

Question 52

Question
What is true for S3 buckets? (choose 3 correct answers)
Answer
  • Bucket namespace is shared and is global among all AWS users.
  • Bucket names can contain alpha numeric characters
  • Bucket are associated with a region, and all data in a bucket resides in that region
  • Buckets can be transferred from one account to another through API
  • You can have unlimited number of buckets in each AWS account

Question 53

Question
Does S3 provides read-after-write consistency? (choose 1 correct answer)
Answer
  • Yes, not for all regions
  • Yes, for all regions
  • No, it does not provide read-after-write consistency
  • You can provision this by making the right API calls

Question 54

Question
Choose the correct statement (choose 3 correct answers)
Answer
  • You can have unlimited number of objects in S3 bucket
  • An S3 object can be of unlimited size
  • Data stored in S3 is encrypted
  • You can use Reduced Redundancy storage for lower cost option
  • You can serve your static website from S3

Question 55

Question
In CloudFront what happens when content is NOT present at an edge location and a request is made to it? (choose 1 correct answer)
Answer
  • An Error 404 not found is returned
  • CloudFront delivers the content directly from the origin server and stores it in the cache of the edge location
  • The request is kept on hold till content is delivered to the edge location
  • The request is routed to the next closest edge location

Question 56

Question
Which if the services could spread across Multi-AZ? (choose 2 correct answers)
Answer
  • EC2
  • ELB
  • RDS
  • DynamoDB
  • EBS

Question 57

Question
How do you mount a new EBS to an EC2? (choose 3 correct answers)
Answer
  • Using AWS management console
  • Using AWS API tools
  • Using AWS command line interface
  • By doing an RDP to the instance
  • By doing an SSH to the instance

Question 58

Question
Which of the following will provide the maximum IOPS for your EC2? (choose 1 correct answer)
Answer
  • Instance based SSD storage
  • EBS with SSD storage
  • EBS with provisioned IOPS
  • Stripe data across Multiple EBS volumes with Raid 5
  • Stripe data across Multiple EBS volumes with Raid 0

Question 59

Question
Choose the right statements about EC2 instance (choose 2 correct answers)
Answer
  • The instance based storage is automatically saved in S3
  • You can use the instance based storage for your root volume
  • You can attach multiple Elastic IPs to a single EC2
  • The public DNS of the EC2 remains intact when you shut down the EC2 and start it again
  • Data on the instance based storage remains intact when you reboot the instance

Question 60

Question
What is the best way of taking a fast snapshot without losing the consistency? (choose 1 correct answer)
Answer
  • Stop the EC2, issue a snapshot command, switch on the EC2
  • Stop the EC2, issue a snapshot command, wait to complete the snapshot, remount EBS
  • Just issue the snapshot command
  • Un-mount EBS, issue snapshot command, remount
  • Un-mount EBS, take snapshot, wait to complete the snapshot, remount EBS

Question 61

Question
What is the maximum size of a single S3 object?
Answer
  • There is no such limit
  • 5 TB
  • 5 GB
  • 100 GB

Question 62

Question
Which of the following benefits does adding Multi-AZ deployment in RDS provide? (choose multiple if more than one is true)
Answer
  • Multi-AZ deployed database can tolerate an Availability Zone failure
  • Decrease latencies if app servers accessing database are in multiple availability zones
  • Make database access times faster for all app servers
  • Make database more available during maintenance tasks

Question 63

Question
When an ELB is setup, what is the best way to route a website’s traffic to it?
Answer
  • Resolve the ELB name to an ip address and point the website to that ip address
  • There is no direct way to do so, Route53 has to be used
  • Generate a CNAME record for the website pointing to the DNS name of the ELB

Question 64

Question
You want to use Route53 to direct your www sub-domain to an Elastic Load Balancer fronting your web servers. What kind of record set should you create?
Answer
  • A record
  • AAAA record
  • NS record
  • CNAME record

Question 65

Question
You have created a Route 53 latency record set from your domain to a machine in Singapore and a similar record to a machine in Oregon. When a user located in India visits your domain he will be routed to:
Answer
  • Singapore
  • Oregon
  • Depends on the load on each machine
  • Both, because 2 requests are made, 1 to each machine

Question 66

Question
If I want an instance to have a public IP address, which IP address should I use?
Answer
  • Elastic IP Address
  • Class B IP Address
  • Class A IP Address
  • Dynamic IP Address

Question 67

Question
What does RRS stand for when talking about S3?
Answer
  • Redundancy Removal System
  • Relational Rights Storage
  • Regional Rights Standard
  • Reduced Redundancy Storage

Question 68

Question
What does the AWS Storage Gateway provide?
Answer
  • It allows to integrate on-premises IT environments with cloud storage.
  • A direct encrypted connection to Amazon S3.
  • It's a backup solution that provides an on-premises cloud storage.
  • It provides an encrypted SSL endpoint for backups in the cloud.

Question 69

Question
How many relational database engines does RDS currently support?
Answer
  • Three: MySQL, Oracle and Microsoft SQL Server.
  • Just two: MySQL and Oracle.
  • Five: MySQL, PostgreSQL, MongoDB, Cassandra and SQLite.
  • Just one: MySQL.

Question 70

Question
What are the two permission types used by AWS?
Answer
  • Resource-based and Product-based
  • Product-based and Service-based
  • Service-based
  • User-based and Resource-based

Question 71

Question
Which of the following requires a custom cloudwatch metric to monitoring?
Answer
  • Disk usage activity of the ephemeral volumes of an Amazon EC2 instance
  • CPU Utilisation of an Amazon Elastic Compute Cloud (EC2) instance
  • Disk usage activity of an Elastic Block Store volume attached to an Amazon EC2 instance
  • Disk full percentage of an Elastic Block Store volume

Question 72

Question
You run a two-tiered application with the following components: an Elastic Load Balancer (ELB), three web/application server on Amazon Elastic Compute Cloud (EC2), and one MySQL RDS database. With growing load, database query take longer and longer and slow down the overall response time for user requests. What of the following options could speed up performance ? choose 3
Answer
  • Create an RDS read-replica and redirect half of the database read request to it
  • Cache database queries in Amazon Elastic Cloud
  • Setup RDS in Multi-AZ mode.
  • Shard the database and distribute loads between shards.
  • Use AWS CloudFront to cache database queries.

Question 73

Question
As an application has increased in popularity, reports of performance issues have grown. the current configuration initiates scaling actions based on avg CPU utilization; however during reports of slowness, CloudWatch graphs have shown that average CPU remains steady at 40 percent. This is well below the alarm threshold of 60 percent. Your developers have discovered that, due to the unique design of the application, performance degradation occurs on an instance when it is processing more than 200 threads. What is the best way to ensure that your application scales to match the demands?
Answer
  • Launch two to six additional instances outside of the AutoScaling group to handle the additional load.
  • Populate the custom CloudWatch metric for concurrent session and initiate scaling action based on that metric instead of CPU use.
  • Empirically determine the expected CPU use for 200 concurrent sessions and adjust the CloudWatch alarm threshold to be that CPU use.
  • Add a script to each instance to detect the number of concurrent sessions. If the number of sessions remains over 200 for 5 minutes, have the instance increased the desired capacity of the AutoScaling group by one.

Question 74

Question
Your company build the mobile application that has already been downloaded several hundreds and thousands of times. Which authentication solution would enables mobile client to access picture stored on aws s3 bucket and provide you with the height flexibility to rotate credentials?
Answer
  • Identify federation based on AWS security token service(STS) using an aws IAM policy for the respective s3 bucket
  • IAM user per registered client with an IAM policy granted aws s3 access to the respective bucket

Question 75

Question
EBS can always tolerate an Availability Zone failure?
Answer
  • No, all EBS volume is stored in a single Availability Zone
  • Yes, EBS volume has multiple copies so it should be fine
  • Depends on how it is setup
  • Depends on the Region where EBS volume is initiated

Question 76

Question
You receive a spot instance at a bit of $0.05/hr. After 30 minutes, the spot price increase to $0.06/hr and your spot instances is terminated by AWS. What was the total EC2 compute cost of running your spot instance?
Answer
  • $0.00
  • $0.02
  • $0.03
  • $0.04
  • $0.05

Question 77

Question
You have an Amazon Elastic Cloud Compute (EC2) security group with several running EC2 instances. You change the security group rules to allow inbound traffic on a new port and protocol, and launch several new instance in the same security group. The new rule apply:-
Answer
  • Immediately to the new instances only
  • Immediately to the new instances only, but old instance must be stopped and restarted before before the new rule apply.
  • To all instances, but it may take several minutes for old install to see the changes.
  • Immediately to all instances in the security group

Question 78

Question
You are developing a highly available web application using stateless web servers. Which services are suitable for storing session state data? (choose 3).
Answer
  • Amazon DynamoDB
  • Amazon ElastiCache
  • Elastic Load Balancing
  • AWS storage Gateway
  • Amazon Relational Database service (RDS)
  • Amazon CloudWatch

Question 79

Question
What combination of the following options will protect Amazon Simple Storage Services (S3) objects from both accidental deletion and accidental overwriting? (Choose two)
Answer
  • Enable S3 versioning on bucket
  • Access S3 data using only signed URL.
  • Disable S3 delete using an IAM bucket policy.
  • Enable S3 Reduced Redundancy storage
  • Enable multi-factor authentication(MFA) protected access.

Question 80

Question
You have been tasked with creating a VPC network topology for your company. The VPC network must support both internet-facing application and internally-facing application accessed only over VPN. Both internet-facing and internally-facing application must be able to leverage at least three AZs for high availability. At a minimum, how many subnets must you create within your VPC to accommodate these requirement?
Answer
  • 2
  • 3
  • 4
  • 6

Question 81

Question
You have an Amazon Virtual Private Cloud with a public subnet. Three Amazon Elastic Compute Cloud (EC2) instances currently running inside the subnet can successfully communicate with other hosts on the internet. You launch a fourth instance in the same subnet, using the same amazon machine image (AMI) and security group configuration, you used for others, but find that this instance cannot be accessed from the internet. What should you do to enable internet access?
Answer
  • Deploy a NAT instance into the public subnet.
  • Modify the routing table for the public subnet.
  • Configure a publically routable IP address in the host OS of the fourth instance.
  • Assign an elastic ip address to the fourth instance.

Question 82

Question
You have a business-critical two-tier web app currently deployed in two availability zones in a single region, using Elastic, Load Balancing and AutoScaling. The app depends on synchronous replication(very low latency connectivity) at the data layer. The application need to remain fully available even if one application availability zone goes off-line, and auto scaling cannot launch new instances in the remaining availability zones, How can the current architecture be enhanced to ensure this?
Answer
  • Deploy in three availability zone, with auto scaling minimum set to handel 33 percent peak load per zone.
  • Deploy in two region using Weighted Round Robin(WRR), with Auto Scaling minimums set for 50 percent peak load per Region.
  • Deploy in two region using Weighted Round Robin(WRR), with Auto Scaling minimums set for 100 percent peak load per region.
  • Deploy in three availability Zones, with auto scaling minimum set to handle 50 percent peak load per zone.

Question 83

Question
Which of the following requires a custom CloudWatch metric to monitor?
Answer
  • Memory use
  • CPU use
  • Disk read operations
  • Network in
  • Estimated charges

Question 84

Question
How can software determine the public and private ip addresses of the aws EC2 instance that it is running on?
Answer
  • Query the appropriate AWS cloudwatch metric
  • Use an ipconfig or ifconfig command
  • Query the local instance metadata
  • Query the local instance userdata

Question 85

Question
What action is required to establish an Amazon VPC VPN connection between an on-premises data center and Amazon VPC Virtual Private Gateway?
Answer
  • Established a dedicated network connection using AWS Direct Connect
  • Modify the main route table to allow traffic to a network address translation instance.
  • Use a dedicated network address translation instance in the public subnet
  • Assign a static internet-routable ip address to Amazon VPC Customer Gateway

Question 86

Question
Which of the following is a durable key-value store?
Answer
  • Amazon Simple Notification Service
  • Amazon Simple Queue Service
  • Amazon Simple WorkFlow Service
  • Amazon Simple Storage Service

Question 87

Question
Which route must be added to your routing table in order to allow connections to the internet from your subnet?
Answer
  • Destination:0.0.0.0/0 → Target:your internet gateway
  • Destination:192.168.1.257/0 → Target:your internet gateway
  • Destination:0.0.0.0/33 → Target:your virtual private gateway
  • Destination:0.0.0.0/0 → Target:0.0.0.0/24
  • Destination:0.0.0.0/32 → Target:your virtual private gateway

Question 88

Question
After creating a new aws account, you use the api to request 40 on-demand AWS EC2 instances in a single availability zone. After 20 successful requests, subsequent request failed. what could be a reason for this issue, and how would you resolve it?
Answer
  • You encountered a soft limit of 20 instances per region.submit the limit increase form and retry the failed requests once approved.
  • AWS allows you to provision no more than 20 instances per availability zone.select a different availability zone and retry the failed request.
  • You need to use amazon VPC in order to provision more than 20 instances in a single availability zone. simply terminate the resources already provisioned and re-launch them all in a VPC.
  • You encountered an api throttling situation and should try the failed request using an exponential decay retry algorithm.

Question 89

Question
In reviewing the auto scaling events for your application you notice that your application is scaling up and down multiple times in the same hour. What design choice could you make to optimize for cost while preserving elasticity? choose 2
Answer
  • Modify the auto scaling group termination policy to terminate the oldest instance first.
  • Modify the auto scaling to use scheduled scaling actions
  • Modify the auto scaling group termination policy to terminate the newest instance first.
  • Modify the amazon cloudwatch alarm period that trigger yours auto scaling scale down policy.
  • Modify the auto scaling group cool-down timers.

Question 90

Question
A customer's nightly EMR job processes a single 2-TB data file stored on S3. The amazon EMR job runs on two on-demand core nodes and three on-demand task nodes. Which of the following may help reduce the EMR job completion time? choose 2
Answer
  • Use three spot instances rather than three on-demand instances for the task nodes.
  • Change the input split size in the mapreduce job configuration.
  • Use a bootstrap action to present the s3 bucket as a local filesystem.
  • Launch the core nodes and task nodes within an amazon virtual cloud.
  • Adjust the number of simultaneous mapper tasks.
  • Enable termination protection for the job flow

Question 91

Question
You have an application running in us-west-2 that requires 6 amazon elastic compute cloud instances running at all times. With 3 availability of zones available in that region(us-west-2a,us-west-2b,us-west-2c), which of the following development provide 100% fault tolerance if any single availability zone in us-west-2 becomes unavailable? choose 2
Answer
  • us-west-2a with 2 EC2 instances, us-west-2b with 2 EC2 instance, us-west-2c with 2 EC2 instance
  • us-west-2a with 3 EC2 instances, us-west-2b with 3 EC2 instance, us-west-2c with no EC2 instance
  • us-west-2a with 4 EC2 instances, us-west-2b with 2 EC2 instance, us-west-2c with 2 EC2 instance
  • us-west-2a with 6 EC2 instances, us-west-2b with 6 EC2 instance, us-west-2c with no EC2 instance
  • us-west-2a with 3 EC2 instances, us-west-2b with 3 EC2 instance, us-west-2c with 3 EC2 instance

Question 92

Question
A VPC public subnet is one that:
Answer
  • Has at least 1 route in its associate routing table that uses an internet gateway(IGW)
  • Include a route in its associated routing table via a NAT.
  • Has network Access control list (NACL) permitting outbound traffic to 0.0.0.0/0
  • Has the public subnet options selected in its configuration

Question 93

Question
You are deploying a an application on EC2 that must call aws APIs. what method of securely passing credential to the application should you use?
Answer
  • Store API credentials as an object in Amazon S3
  • Use AWS Identity and Access Management roles for EC2 instance
  • Pass API credentials to the instance using instance user data
  • Embed the API credential into your jar file

Question 94

Question
A Startup company hired you to help them build a mobile application, that will ultimately store billions of images and videos in Amazon Simple Storage double their current installation base every six months, Due to the nature of their business, they are expecting sudden and large increase in traffic to and from s3, and need to ensure that it can handle the performance need of their applications. What other information must you gather from this customer in order to determine whether s3 is the right option?
Answer
  • You must know how many customers the company has today, because this critical in understanding what their customer base will be in two years.
  • Uou must find out total number of requests per second at peak usage.
  • Uou must know the size individual objects being written to S3, in order to properly design the key namespace.
  • In order to build the key namespace correctly, you must understand the total amount of storage needs for each S3 bucket.