Copy and Edit

AWS - SAA ver.1

Description

Quiz on AWS - SAA ver.1, created by Linh Phan Van on 14/08/2017.
Linh Phan Van
Quiz by Linh Phan Van, updated more than 1 year ago
Linh Phan Van
Created by Linh Phan Van over 6 years ago
325
2
0

Resource summary

Question 1

Question
When trying to grant an amazon account access to S3 using access control lists what method of identification should you use to identify that account with?
Answer
  • The email address of the account or the canonical user ID
  • The AWS account number
  • The ARN
  • An email address with a 2FA token

Question 2

Question
You are a solutions architect working for a large oil and gas company. Your company runs their production environment on AWS and has a custom VPC. The VPC contains 3 subnets, 1 of which is public and the other 2 are private. Inside the public subnet is a fleet of EC2 instances which are the result of an autoscaling group. All EC2 instances are in the same security group. Your company has created a new custom application which connects to mobile devices using a custom port. This application has been rolled out to production and you need to open this port globally to the internet. What steps should you take to do this, and how quickly will the change occur?
Answer
  • Open the port on the existing network Access Control List. Your EC2 instances will be able to communicate on this port after a reboot.
  • Open the port on the existing network Access Control List. Your EC2 instances will be able to communicate over this port immediately.
  • Open the port on the existing security group. Your EC2 instances will be able to communicate over this port immediately.
  • Open the port on the existing security group. Your EC2 instances will be able to communicate over this port as soon as the relevant Time To Live (TTL) expires.

Question 3

Question
Which of the following is not supported by AWS Import/Export?
Answer
  • Import to Amazon S3
  • Export from Amazon S3
  • Import to Amazon EBS
  • Import to Amazon Glacier
  • Export to Amazon Glacier

Question 4

Question
Which of the following is not a service of the security category of the AWS trusted advisor service?
Answer
  • Security Groups – Specific Ports Unrestricted
  • MFA on Root Account
  • IAM Use
  • Vulnerability scans on existing VPCs.

Question 5

Question
You work for a market analysis firm who are designing a new environment. They will ingest large amounts of market data via Kinesis and then analyze this data using Elastic Map Reduce. The data is then imported in to a high performance NoSQL Cassandra database which will run on EC2 and then be accessed by traders from around the world. The database volume itself will sit on 2 EBS volumes that will be grouped into a RAID 0 volume. They are expecting very high demand during peak times, with an IOPS performance level of approximately 15,000. Which EBS volume should you recommend?
Answer
  • Magnetic
  • General Purpose SSD
  • Provisioned IOPS (PIOPS)
  • Turbo IOPS (TIOPS)

Question 6

Question
Which of the following is not a valid configuration type for AWS Storage gateway?
Answer
  • Gateway-accessed volumes
  • Gateway-cached volumes
  • Gateway-stored volumes
  • Gateway-Virtual Tape Library

Question 7

Question
You have started a new role as a solutions architect for an architectural firm that designs large sky scrapers in the Middle East. Your company hosts large volumes of data and has about 250Tb of data on internal servers. They have decided to store this data on S3 due to the redundancy offered by it. The company currently has a telecoms line of 2Mbps connecting their head office to the internet. What method should they use to import this data on to S3 in the fastest manner possible.
Answer
  • Upload it directly to S3
  • Purchase and AWS Direct connect and transfer the data over that once it is installed.
  • AWS Data pipeline
  • AWS Import/Export

Question 8

Question
You are designing a site for a new start up which generates cartoon images for people automatically. Customers will log on to the site, upload an image which is stored in S3. The application then passes a job to AWS SQS and a fleet of EC2 instances poll the queue to receive new processing jobs. These EC2 instances will then turn the picture in to a cartoon and will then need to store the processed job somewhere. Users will typically download the image once (immediately), and then never download the image again. What is the most commercially feasible method to store the processed images?
Answer
  • Rather than use S3, store the images inside a BLOB on RDS with Multi-AZ configured for redundancy.
  • Store the images on S3 RRS, and create a lifecycle policy to delete the image after 24 hours.
  • Store the images on glacier instead of S3.
  • Use elastic block storage volumes to store the images.

Question 9

Question
You are hosting a website in Ireland called aloud.guru and you decide to have a static DR site available on S3 in the event that your primary site would go down. Your bucket name is also called “acloudguru”. What would be the S3 URL of the static website?
Answer
  • https://acloudguru.s3-website-eu-west-1.amazonaws.com
  • https://s3-eu-east-1.amazonaws.com/acloudguru
  • https://acloudguru.s3-website-us-east-1.amazonaws.com
  • https://s3-eu-central-1.amazonaws.com/acloudguru

Question 10

Question
You have a high performance compute application and you need to minimize network latency between EC2 instances as much as possible. What can you do to achieve this?
Answer
  • Use Elastic Load Balancing to load balance traffic between availability zones
  • Create a CloudFront distribution and to cache objects from an S3 bucket at Edge Locations.
  • Create a placement group within an Availability Zone and place the EC2 instances within that placement group.
  • Deploy your EC2 instances within the same region, but in different subnets and different availability zones so as to maximize redundancy.

Question 11

Question
You are creating your own relational database on an EC2 instance and you need to maximize IOPS performance. What can you do to achieve this goal?
Answer
  • Add a single additional volume to the EC2 instance with provisioned IOPS.
  • Create the database on an S3 bucket.
  • Add multiple additional volumes with provisioned IOPS and then create a RAID 0 stripe across those volumes.
  • Attach the single volume to multiple EC2 instances so as to maximize performance.

Question 12

Question
Which of the services below do you get root access to?
Answer
  • Elasticache & Elastic MapReduce
  • RDS & DynamoDB
  • EC2 & Elastic MapReduce
  • Elasticache & DynamoDB

Question 13

Question
Using SAML (Security Assertion Markup Language 2.0) you can give your federated users single sign-on (SSO) access to the AWS Management Console.
Answer
  • True
  • False

Question 14

Question
You run a website which hosts videos and you have two types of members, premium fee paying members and free members. All videos uploaded by both your premium members and free members are processed by a fleet of EC2 instances which will poll SQS as videos are uploaded. However you need to ensure that your premium fee paying members videos have a higher priority than your free members. How do you design SQS?
Answer
  • SQS allows you to set priorities on individual items within the queue, so simply set the fee paying members at a higher priority than your free members.
  • Create two SQS queues, one for premium members and one for free members. Program your EC2 fleet to poll the premium queue first and if empty, to then poll your free members SQS queue.
  • SQS would not be suitable for this scenario. It would be much better to use SNS to encode the videos.

Question 15

Question
You are hosting a MySQL database on the root volume of an EC2 instance. The database is using a large amount of IOPs and you need to increase the IOPs available to it. What should you do?
Answer
  • Migrate the database to an S3 bucket.
  • Migrate the database to Glacier.
  • Add 4 additional EBS SSD volumes and create a RAID 10 using these volumes.
  • Use Cloud Front to cache the database.

Question 16

Question
You working in the media industry and you have created a web application where users will be able to upload photos they create to your website. This web application must be able to call the S3 API in order to be able to function. Where should you store your API credentials whilst maintaining the maximum level of security.
Answer
  • Save the API credentials to your php files.
  • Don’t save your API credentials. Instead create a role in IAM and assign this role to an EC2 instance when you first create it.
  • Save your API credentials in a public Github repository.
  • Pass API credentials to the instance using instance userdata.

Question 17

Question
You are a systems administrator and you need to monitor the health of your production environment. You decide to do this using Cloud Watch, however you notice that you cannot see the health of every important metric in the default dash board. Which of the following metrics do you need to design a custom cloud watch metric for, when monitoring the health of your EC2 instances?
Answer
  • CPU Usage
  • Memory usage
  • Disk read operations
  • Network in
  • Estimated charges

Question 18

Question
You work for a toy company that has a busy online store. As you are approaching christmas you find that your store is getting more and more traffic. You ensure that the web tier of your store is behind an Auto Scaling group, however you notice that the web tier is frequently scaling, sometimes multiple times in an hour, only to scale back after peak usage. You need to prevent this so that Auto Scaling does not scale as rapidly, just to scale back again. What option would help you to achieve this?
Answer
  • Configure Auto Scaling to terminate your oldest instances first, then adjust your CloudWatch alarm.
  • Configure Auto Scaling to terminate your newest instances first, then adjust your CloudWatch alarm.
  • Change your Auto Scaling so that it only scales at scheduled times.
  • Modify the Auto Scaling group cool-down timers & modify the Amazon CloudWatch alarm period that triggers your Auto Scaling scale down policy.

Question 19

Question
You work in the genomics industry and you process large amounts of genomic data using a nightly Elastic Map Reduce (EMR) job. This job processes a single 3 Tb file which is stored on S3. The EMR job runs on 3 ondemand core nodes and four on-demand task nodes. The EMR job is now taking longer than anticipated and you have been asked to advise how to reduced the completion time?
Answer
  • Use four Spot Instances for the task nodes rather than four On-Demand instances.
  • You should reduce the input split size in the MapReduce job configuration and then adjust the number of simultaneous mapper tasks so that more tasks can be processed at once.
  • Store the file on Elastic File Service instead of S3 and then mount EFS as an independent volume for your core nodes.
  • Configure an independent VPC in which to run the EMR jobs and then mount EFS as an independent volume for your core nodes.
  • Enable termination protection for the job flow.

Question 20

Question
You are a solutions architect working for a biotech company who is pioneering research in immunotherapy. They have developed a new cancer treatment that may be able to cure up to 94% of cancers. They store their research data on S3, however recently an intern accidentally deleted some critical files. You’ve been asked to prevent this from happening in the future. What options below can prevent this?
Answer
  • Make sure the interns can only access data on S3 using signed URLs.
  • Enable S3 versioning on the bucket & enable Enable Multifactor Authentication (MFA) on the bucket.
  • Create an IAM bucket policy that disables deletes.
  • Use S3 Infrequently Accessed storage to store the data on.

Question 21

Question
An Auto-Scaling group spans 3 AZs and currently has 4 running EC2 instances. When Auto Scaling needs to terminate an EC2 instance by default, AutoScaling will: Choose 2 answers
Answer
  • Allow at least five minutes for Windows/Linux shutdown scripts to complete, before terminating the instance.
  • Terminate the instance with the least active network connections. If multiple instances meet this criterion, one will be randomly selected.
  • Send an SNS notification, if configured to do so.
  • Terminate an instance in the AZ which currently has 2 running EC2 instances.
  • Randomly select one of the 3 AZs, and then terminate an instance in that AZ.

Question 22

Question
Which of the following eatures ensures even distribution of traffic to Amazon C2 instances in multiple AZ registered with a load balancer?
Answer
  • Elastic Load Balancing request routing
  • An Amazon Route 53 weighted routing policy
  • Elastic Load Balancing cross zone load balancing
  • An Amazon Route 53 latency routing policy

Question 23

Question
Your company has decided to set up a new AWS account for test and dev purposes. They already use AWS for production, but would like a new account dedicated for test and dev so as to not accidentally break the production environment. You launch an exact replica of your production environment using a CloudFormation template that your company uses in production. However CloudFormation fails. You use the exact same CloudFormation template in production, so the failure is something to do with your new AWS account. The CloudFormation template is trying to launch 60 new EC2 instances in a single AZ. After some research you discover that the problem is
Answer
  • For all new AWS accounts there is a soft limit of 20 EC2 instances per region. You should submit the limit increase form and retry the template after your limit has been increased.
  • For all new AWS accounts there is a soft limit of 20 EC2 instances per availability zone. You should submit the limit increase form and retry the template after your limit has been increased.
  • You cannot launch more than 20 instances in your default VPC, instead reconfigure the CloudFormation template to provision the instances in a custom VPC.
  • Your CloudFormation template is configured to use the parent account and not the new account. Change the account number in the CloudFormation template and relaunch the template.

Question 24

Question
You work for a famous bakery who are deploying a hybrid cloud approach. Their legacy IBM AS400 servers will remain on premise within their own datacenter however they will need to be able to communicate to the AWS environment over a site to site VPN connection. What do you need to do to establish the VPN connection?
Answer
  • Connect to the environment using AWS Direct Connect.
  • Assign a public IP address to your Amazon VPC Gateway.
  • Create a dedicated NAT and deploy this to the public subnet.
  • Update your route table to add a route for the NAT to 0.0.0.0/0.

Question 25

Question
You work for a construction company that has their production environment in AWS. The production environment consists of 3 identical web servers that are launched from a standard Amazon linux AMI using Auto Scaling. The web servers are launched in to the same public subnet and belong to the same security group. They also sit behind the same ELB. You decide to do some test and dev and you launch a 4th EC2 instance in to the same subnet and same security group. Annoyingly your 4th instance does not appear to have internet connectivity. What could be the cause of this?
Answer
  • You need to update your routing table so as to provide a route out for this instance.
  • Assign an elastic IP address to the fourth instance.
  • You have not configured a NAT in the public subnet.
  • You have not configured a routable IP address in the host OS of the fourth instance.

Question 26

Question
With which AWS orchestration service can you implement Chef recipes?
Answer
  • CloudFormation
  • Elastic Beanstalk
  • Opsworks
  • Lambda

Question 27

Question
You need to pass a custom script to new Amazon Linux instances created in your Auto Scaling group. Which feature allows you to accomplish this?
Answer
  • User data
  • EC2Config service
  • IAM roles
  • AWS Config

Question 28

Question
You are building an automated transcription service in which Amazon EC2 worker instances process an uploaded audio file and generate a text file. You must store both of these files in the same durable storage until the text file is retrieved. You do not know what the storage capacity requirements are. Which storage option is both cost-efficient and scalable?
Answer
  • Multiple Amazon EBS volume with snapshots
  • A single Amazon Glacier vault
  • A single Amazon S3 bucket
  • Multiple instance stores

Question 29

Question
You are designing a web application that stores static assets in an Amazon Simple Storage Service (S3) bucket. You expect this bucket to immediately receive over 150 PUT requests per second. What should you do to ensure optimal performance?
Answer
  • Use multi-part upload.
  • Add a random prefix to the key names.
  • Amazon S3 will automatically manage performance at this scale.
  • Use a predictable naming scheme, such as sequential numbers or date time sequences, in the key names

Question 30

Question
A customer wants to track access to their Amazon Simple Storage Service (S3) buckets and also use this information for their internal security and access audits. Which of the following will meet the Customer requirement?
Answer
  • Enable AWS CloudTrail to audit all Amazon S3 bucket access.
  • Enable server access logging for all required Amazon S3 buckets
  • Enable the Requester Pays option to track access via AWS Billing
  • Enable Amazon S3 event notifications for Put and Post.

Question 31

Question
You have an application running on an Amazon Elastic Compute Cloud instance, that uploads 5 GB video objects to Amazon Simple Storage Service (S3). Video uploads are taking longer than expected, resulting in poor application performance. Which method will help improve performance of your application?
Answer
  • Enable enhanced networking
  • Use Amazon S3 multipart upload
  • Leveraging Amazon CloudFront, use the HTTP POST method to reduce latency.
  • Use Amazon Elastic Block Store Provisioned IOPs and use an Amazon EBS-optimized instance

Question 32

Question
You are deploying an application to collect votes for a very popular television show. Millions of users will submit votes using mobile devices. The votes must be collected into a durable, scalable, and highly available data store for real-time public tabulation. Which service should you use?
Answer
  • Amazon DynamoDB
  • Amazon Redshift
  • Amazon Kinesis
  • Amazon Simple Queue Service

Question 33

Question
A company is preparing to give AWS Management Console access to developers Company policy mandates identity federation and role-based access control. Roles are currently assigned using groups in the corporate Active Directory. What combination of the following will give developers access to the AWS console? (Select 2) Choose 2 answers
Answer
  • AWS Directory Service AD Connector
  • AWS Directory Service Simple AD
  • AWS Identity and Access Management groups
  • AWS identity and Access Management roles
  • AWS identity and Access Management users

Question 34

Question
Which of the following notification endpoints or clients does Amazon Simple Notification Service support? Choose 2 answers
Answer
  • Email
  • CloudFront distribution
  • File Transfer Protocol
  • Short Message Service
  • Simple Network Management Protocol

Question 35

Question
You have a distributed application that periodically processes large volumes of data across multiple Amazon EC2 Instances. The application is designed to recover gracefully from Amazon EC2 instance failures. You are required to accomplish this task in the most cost-effective way. Which of the following will meet your requirements?
Answer
  • Spot Instances
  • Reserved instances
  • Dedicated instances
  • On-Demand instances

Question 36

Question
In order to optimize performance for a compute cluster that requires low inter-node latency, which of the following feature should you use?
Answer
  • Multiple Availability Zones
  • AWS Direct Connect
  • EC2 Dedicated Instances
  • Placement Groups
  • VPC private subnets

Question 37

Question
You run an ad-supported photo sharing website using S3 to serve photos to visitors of your site. At some point you find out that other sites have been linking to the photos on your site, causing loss to your business. What is an effective method to mitigate this?
Answer
  • Remove public read access and use signed URLs with expiry dates.
  • Use CloudFront distributions for static content.
  • Block the IPs of the offending websites in Security Groups.
  • Store photos on an EBS volume of the web server.

Question 38

Question
You are configuring your company’s application to use Auto Scaling and need to move user state information. Which of the following AWS services provides a shared data store with durability and low latency?
Answer
  • AWS ElastiCache Memcached
  • Amazon Simple Storage Service
  • Amazon EC2 instance storage
  • Amazon DynamoDB

Question 39

Question
Which of the following are valid statements about Amazon S3? (Choose two.)
Answer
  • S3 provides read-after-write consistency for any type of PUT or DELETE.
  • Consistency is not guaranteed for any type of PUT or DELETE.
  • A successful response to a PUT request only occurs when a complete object is saved
  • Partially saved objects are immediately readable with a GET after an overwrite PUT.
  • S3 provides eventual consistency for overwrite PUTS and DELETES

Question 40

Question
After creating a new IAM user which of the following must be done before they can successfully make API calls?
Answer
  • Add a password to the user.
  • Enable Multi-Factor Authentication for the user.
  • Assign a Password Policy to the user.
  • Create a set of Access Keys for the user

Question 41

Question
A company is storing data on Amazon Simple Storage Service (S3). The company’s security policy mandates that data is encrypted at rest. Which of the following methods can achieve this? (Choose three.)
Answer
  • Use Amazon S3 server-side encryption with AWS Key Management Service managed keys
  • Use Amazon S3 server-side encryption with customer-provided keys
  • Use Amazon S3 server-side encryption with EC2 key pair.
  • Use Amazon S3 bucket policies to restrict access to the data at rest.
  • Encrypt the data on the client-side before ingesting to Amazon S3 using their own master key
  • Use SSL to encrypt the data while in transit to Amazon S3.

Question 42

Question
Per the AWS Acceptable Use Policy, penetration testing of EC2 instances:
Answer
  • May be performed by AWS, and will be performed by AWS upon customer request.
  • May be performed by AWS, and is periodically performed by AWS.
  • Are expressly prohibited under all circumstances.
  • May be performed by the customer on their own instances with prior authorization from AWS.
  • May be performed by the customer on their own instances, only if performed from EC2 instances

Question 43

Question
A company has a workflow that sends video files from their on-premise system to AWS for transcoding. They use EC2 worker instances that pull transcoding jobs from SQS. Why is SQS an appropriate service for this scenario?
Answer
  • SQS guarantees the order of the messages.
  • SQS synchronously provides transcoding output.
  • SQS checks the health of the worker instances.
  • SQS helps to facilitate horizontal scaling of encoding tasks.

Question 44

Question
A client application requires operating system privileges on a relational database server. What is an appropriate configuration for highly available database architecture?
Answer
  • A standalone Amazon EC2 instance
  • Amazon RDS in a Multi-AZ configuration
  • Amazon EC2 instances in a replication configuration utilizing a single Availability Zone
  • Amazon EC2 instances in a replication configuration utilizing two different Availability Zones

Question 45

Question
You launch an Amazon EC2 instance without an assigned AWS identity and Access Management (IAM) role. Later, you decide that the instance should be running with an IAM role. Which action must you take in order to have a running Amazon EC2 instance with an IAM role assigned to it?
Answer
  • Create an image of the instance, and register the image with an IAM role assigned and an Amazon EBS volume mapping.
  • Create a new IAM role with the same permissions as an existing IAM role, and assign it to the running instance.
  • Create an image of the instance, add a new IAM role with the same permissions as the desired IAM role, and deregister the image with the new role assigned.
  • Create an image of the instance, and use this image to launch a new instance with the desired IAM role assigned.

Question 46

Question
Which of the following items are required to allow an application deployed on an EC2 instance to write data to a DynamoDB table? Assume that no security keys are allowed to be stored on the EC2 instance. (Choose two.)
Answer
  • Create an IAM Role that allows write access to the DynamoDB table
  • Add an IAM Role to a running EC2 instance.
  • Create an IAM User that allows write access to the DynamoDB table.
  • Add an IAM User to a running EC2 instance.
  • Launch an EC2 Instance with the IAM Role included in the launch configuration

Question 47

Question
You have a web application running on six Amazon EC2 instances, consuming about 45% of resources on each instance. You are using auto-scaling to make sure that six instances are running at all times. The number of requests this application processes is consistent and does not experience spikes. The application is critical to your business and you want high availability at all times. You want the load to be distributed evenly between all instances. You also want to use the same Amazon Machine Image (AMI) for all instances. Which of the following architectural choices should you make?
Answer
  • Deploy 6 EC2 instances in one availability zone and use Amazon Elastic Load Balancer.
  • Deploy 3 EC2 instances in one region and 3 in another region and use Amazon Elastic Load Balancer.
  • Deploy 3 EC2 instances in one availability zone and 3 in another availability zone and use Amazon Elastic Load Balancer.
  • Deploy 2 EC2 instances in three regions and use Amazon Elastic Load Balancer.

Question 48

Question
A customer is leveraging Amazon Simple Storage Service in eu-west-1 to store static content for a web-based property. The customer is storing objects using the Standard Storage class. Where are the customers objects replicated?
Answer
  • Single facility in eu-west-1 and a single facility in eu-central-1
  • Single facility in eu-west-1 and a single facility in us-east-1
  • Multiple facilities in eu-west-1
  • A single facility in eu-west-1

Question 49

Question
Which technique can be used to integrate AWS IAM (Identity and Access Management) with an on-premise LDAP (Lightweight Directory Access Protocol) directory service?
Answer
  • Use an IAM policy that references the LDAP account identifiers and the AWS credentials.
  • Use SAML (Security Assertion Markup Language) to enable single sign-on between AWS and LDAP
  • Use AWS Security Token Service from an identity broker to issue short-lived AWS credentials.
  • Use IAM roles to automatically rotate the IAM credentials when LDAP credentials are updated.
  • Use the LDAP credentials to restrict a group of users from launching specific EC2 instance types.

Question 50

Question
Your application provides data transformation services. Files containing data to be transformed are first uploaded to Amazon S3 and then transformed by a fleet of spot EC2 instances. Files submitted by your premium customers must be transformed with the highest priority. How should you implement such a system?
Answer
  • Use a DynamoDB table with an attribute defining the priority level. Transformation instances will scan the table for tasks, sorting the results by priority level.
  • Use Route 53 latency based-routing to send high priority tasks to the closest transformation instances.
  • Use two SQS queues, one for high priority messages, and the other for default priority. Transformation instances first poll the high priority queue; if there is no message, they poll the default priority queue
  • Use a single SQS queue. Each message contains the priority level. Transformation instances poll high-priority messages first.

Question 51

Question
Which for the services provide root access? Choose 4
Answer
  • Amazon Elastic Map Reduce
  • Elastic Beanstalk
  • Opswork
  • EC2
  • DynamoDb
  • RDS
  • S3

Question 52

Question
After launching an instance that you intend to serve as a NAT (Network Address Translation) device in a public subnet you modify your route tables to have the NAT device be the target of internet bound traffic of your private subnet. When you try and make an outbound connection to the Internet from an instance in the private subnet, you are not successful. Which of the following steps could resolve the issue?
Answer
  • Attaching a second Elastic Network interface (ENI) to the NAT instance, and placing it in the private subnet
  • Attaching an Elastic IP address to the instance in the private subnet
  • Attaching a second Elastic Network Interface (ENI) to the instance in the private subnet, and placing it in the public subnet
  • Disabling the Source/Destination Check attribute on the NAT instance

Question 53

Question
You are using an m1.small EC2 Instance with one 300 GB EBS volume to host a relational database. You determined that write throughput to the database needs to be increased. Which of the following approaches can help achieve this? Choose 2 answers
Answer
  • Use an array of EBS volumes.
  • Enable Multi-AZ mode
  • Place the instance in an Auto Scaling Groups
  • Add an EBS volume and place into RAID 5.
  • Increase the size of the EC2 Instance.
  • Put the database behind an Elastic Load Balancer.

Question 54

Question
Instance A and instance B are running in two different subnets A and B of a VPC. Instance A is not able to ping instance B. What are two possible reasons for this? (Pick 2 correct answers)
Answer
  • The routing table of subnet A has no target route to subnet B
  • The security group attached to instance B does not allow inbound ICMP traffic
  • The policy linked to the IAM role on instance A is not configured correctly
  • The NACL on subnet B does not allow outbound ICMP traffic

Question 55

Question
What does the “Server Side Encryption” option on Amazon S3 provide?
Answer
  • It provides an encrypted virtual disk in the Cloud.
  • It doesn’t exist for Amazon S3, but only for Amazon EC2.
  • It encrypts the files that you send to Amazon S3, on the server side.
  • It allows to upload files using an SSL endpoint, for a secure transfer.

Question 56

Question
An organization has launched 5 instances: 2 for production and 3 for testing. The organization wants that one particular group of IAM users should only access the test instances and not the production ones. How can the organization set that as a part of the policy?
Answer
  • Launch the test and production instances in separate regions and allow region wise access to the group
  • Define the IAM policy which allows access based on the instance ID
  • Create an IAM policy with a condition which allows access to only small instances
  • Define the tags on the test and production servers and add a condition to the IAM policy which allows access to specific tags

Question 57

Question
Which Amazon storage do you think is the best for my database-style applications that frequently encounter many random reads and writes across the dataset?
Answer
  • None of these.
  • Amazon Instance Storage
  • Any of these
  • Amazon EBS

Question 58

Question
Does Amazon RDS for SQL Server currently support importing data into the msdb database?
Answer
  • No
  • Yes

Question 59

Question
My Read Replica appears “stuck” after a Multi-AZ failover and is unable to obtain or apply updates from the source DB Instance. What do I do?
Answer
  • You will need to delete the Read Replica and create a new one to replace it.
  • You will need to disassociate the DB Engine and re associate it.
  • The instance should be deployed to Single AZ and then moved to Multi- AZ once again.
  • You will need to delete the DB Instance and create a new one to replace it.

Question 60

Question
Are you able to integrate a multi-factor token service with the AWS Platform?
Answer
  • Yes, you can integrate private multi-factor token devices to authenticate users to the AWS platform.
  • No, you cannot integrate multi-factor token devices with the AWS platform.
  • Yes, using the AWS multi-factor token devices to authenticate users on the AWS platform.

Question 61

Question
What does Amazon Elastic Beanstalk provide?
Answer
  • An application container on top of Amazon Web Services.
  • A scalable storage appliance on top of Amazon Web Services.
  • A scalable cluster of EC2 instances.
  • A service by this name doesn’t exist.

Question 62

Question
Select the correct statement:
Answer
  • You don’t need not specify the resource identifier while stopping a resource
  • You can terminate, stop, or delete a resource based solely on its tags
  • You can’t terminate, stop, or delete a resource based solely on its tags
  • You don’t need to specify the resource identifier while terminating a resource

Question 63

Question
Please select the Amazon EC2 resource which can be tagged.
Answer
  • key pairs
  • Elastic IP addresses
  • placement groups
  • Amazon EBS snapshots

Question 64

Question
Select the correct set of options. These are the initial settings for the default security group:
Answer
  • Allow no inbound traffic, Allow all outbound traffic and Allow instances associated with this security group to talk to each other
  • Allow all inbound traffic, Allow no outbound traffic and Allow instances associated with this security group to talk to each other
  • Allow no inbound traffic, Allow all outbound traffic and Does NOT allow instances associated with this security group to talk to each other
  • Allow all inbound traffic, Allow all outbound traffic and Does NOT allow instances associated with this security group to talk to each other

Question 65

Question
What can I access by visiting the URL: http://status.aws.amazon.com/?
Answer
  • Amazon Cloud Watch
  • Status of the Amazon RDS DB
  • AWS Service Health Dashboard
  • AWS Cloud Monitor

Question 66

Question
What does Amazon CloudFormation provide?
Answer
  • The ability to setup Autoscaling for Amazon EC2 instances.
  • None of these.
  • A templated resource creation for Amazon Web Services.
  • A template to map network resources for Amazon Web Services.

Question 67

Question
If I have multiple Read Replicas for my master DB Instance and I promote one of them, what happens to the rest of the Read Replicas?
Answer
  • The remaining Read Replicas will still replicate from the older master DB Instance
  • The remaining Read Replicas will be deleted
  • The remaining Read Replicas will be combined to one read replica

Question 68

Question
What are the Amazon EC2 API tools?
Answer
  • They don’t exist. The Amazon EC2 AMI tools, instead, are used to manage permissions.
  • Command-line tools to the Amazon EC2 web service.
  • They are a set of graphical tools to manage EC2 instances.
  • They don’t exist. The Amazon API tools are a client interface to Amazon Web Services.

Question 69

Question
What does a “Domain” refer to in Amazon SWF?
Answer
  • A security group in which only tasks inside can communicate with each other
  • A special type of worker
  • A collection of related Workflows
  • The DNS record for the Amazon SWF service

Question 70

Question
What is the maximum write throughput I can provision for a single Dynamic DB table?
Answer
  • 1,000 write capacity units
  • 100,000 write capacity units
  • Dynamic DB is designed to scale without limits, but if you go beyond 10,000 you have to contact AWS first.
  • 10,000 write capacity units

Question 71

Question
What does the following command do with respect to the Amazon EC2 security groups? ec2-revoke RevokeSecurityGroupIngress
Answer
  • Removes one or more security groups from a rule.
  • Removes one or more security groups from an Amazon EC2 instance.
  • Removes one or more rules from a security group.
  • Removes a security group from our account.

Question 72

Question
What is Amazon Glacier?
Answer
  • You mean Amazon “Iceberg”: it’s a low-cost storage service.
  • A security tool that allows to “freeze” an EBS volume and perform computer forensics on it.
  • A low-cost storage service that provides secure and durable storage for data archiving and backup.
  • It’s a security tool that allows to “freeze” an EC2 instance and perform computer forensics on it.

Question 73

Question
What does the following command do with respect to the Amazon EC2 security groups? ec2-create-group CreateSecurityGroup
Answer
  • Groups the user created security groups in to a new group for easy access.
  • Creates a new security group for use with your account.
  • Creates a new group inside the security group.
  • Creates a new rule inside the security group.

Question 74

Question
In the shared security model, AWS is responsible for which of the following security best practices (check all that apply) :
Answer
  • Penetration testing
  • Operating system account security management
  • Threat modeling
  • User group access management
  • Static code analysis

Question 75

Question
You are running a web-application on AWS consisting of the following components an Elastic Load Balancer (ELB) an Auto-Scaling Group of EC2 instances running Linux/PHP/Apache, and Relational DataBase Service (RDS) MySQL. Which security measures fall into AWS’s responsibility?
Answer
  • Protect the EC2 instances against unsolicited access by enforcing the principle of least-privilege access
  • Protect against IP spoofing or packet sniffing
  • Assure all communication between EC2 instances and ELB is encrypted
  • Install latest security patches on ELB. RDS and EC2 instances
Show full summary Hide full summary

Want to create your own Quizzes for free with GoConqr? Learn more.

Similar

GRE Test - Overview
SAT Prep Group
GRE Word of the Day
SAT Prep Group
Characteristics and Climate of a hot desert
Adam Collinge
GCSE History: The 2014 Source Paper
James McConnell
SMART School Year Goals
Alice McClean
GCSE Biology - Homeostasis and Classification Flashcards
Beth Coiley
Bay of Pigs Invasion : April 1961
Alina A
Latin Literature Exam Techniques
mouldybiscuit
PSBD TEST # 3
yog thapa
GCSE AQA Physics 1 Energy & Efficiency
Lilac Potato
General Pathoanatomy Final MCQs (401-519)- 3rd Year- PMU
Med Student
Browse Library