AWS Certified Developer Associate

Question 1

What is the proper definition of an IAM Role?

a. IAM Users in multiple User Groups
b. An IAM entity that defines a set of permissions for making requests to AWS services and will be used by an AWS service.
c. An IAM entity that defines a password policy for IAM Users
d. Permissions assigned to IAM Users to perform actions

Answer 1

b. An IAM entity that defines a set of permissions for making requests to AWS services and will be used by an AWS service

Question 2

Which of the following is an IAM Security Tool?

a. IAM Credentials Report
b. IAM Root Account Manager
c. IAM Services Report
d. IAM Security Advisor

Answer 2

a. IAM Credentials Report

Question 3

Which answer is INCORRECT regarding IAM Users?

a. IAM Users can belong to multiple User Groups
b. IAM Users don’t have to belong to a User Group
c. IAM Policies can be attached directly to IAM Users
d. IAM Users access AWS services using root account credentials

Answer 3

d. IAM Users access AWS services using root account credentials

Question 4

Which of the following is an IAM best practice?

a. create serveral IAM Users for on physical person
b. share your AWS account credentials with your colleague, so he can perform a task for you
c. don’t use the root user account
d. do not enable MFA for easier access

Answer 4

c. don’t use the root user account

Question 5

What are IAM Policies?

a. a set of policies defines how AWS accounts interact with each other
b. JSON documents that define a set of permissions for making requests to AWS services, and can be used by IAM Users, User Groups, and IAM Roles
c. a set of policies that define a password for IAM Users
d. a set of policies defined by AWS that show how customers interact with AWS

Answer 5

b. JSON documents that define a set of permissions for making requests to AWS services, and can be used by IAM Users, User Groups, and IAM Roles

Question 6

Which principle should you apply regarding IAM Permissions?

a. grant least privilege
d. grant most privilege
c. grant more permissions if your employee asks you to
d. restrict root account permissions

Answer 6

a. grant least privilege

Question 7

What should you do to increase your root account security?

a. remove permissions from the root account
b. only access AWS services through AWS Command Line Interface (CLI)
c. enable Multi-factor Authentication (MFA)
d. don’t create IAM Users, only access your AWs account using the root account

Answer 7

c. enable Multi-factor Authentication (MFA)

Question 8

True or False:

IAM User Groups can contain IAM Users and other User Groups

Answer 8

False

Question 9

An IAM policy consists of one or more statements. A statement in an IAM Policy consists of the following EXCEPT:

a. effect
b. principal
c. version
d. action
e. resource

Answer 9

c. version

Question 10

According to the AWS Shared Responsibility Model, which of the following is AWS responsibility?

a. rotate Access Key for IAM users
b. enable MFA for the root account and all IAM Users
c. IAM Users, User Groups, and IAM Policies
d. AWS Infrastructure

Answer 10

d. AWS Infrastructure

Question 11

Which EC2 Purchasing Option can provide you the biggest discount, but it is not suitable for critical jobs or databases?

a. convertible reserved instances
b. dedicated hosts
c. spot instances

Answer 11

c. spot instances

Question 12

What should you use to control traffic in and out of EC2 instances?

a. network access control list (NACL)
b. security groups
c. IAM policies

Answer 12

b. security groups

Question 13

How long can you reserve and EC2 Reserved Instance?

a. 1 or 3 years
b. 2 or 4 years
c. 6 months or 1 year
d. anytime between 1 and 3 years

Answer 13

a. 1 or 3 years

Question 14

You would like to deploy a High-Performance Computing (HPC) application on EC2 instances. Which EC2 instance type should you choose?

a. storage optimized
b. memory optimized
c. compute optimized
d. general purpose

Answer 14

c. compute optimized

Question 15

Which EC2 Purchasing option should you use for an application you plan to run on a sever continuously for 1 year?

a. on-demand instances
b. spot instances
c. reserved instances

Answer 15

c. reserved instances

Question 16

You are preparing to launch an application that will be hosted on a set of EC2 instances. This application needs some software installation and some OS packages need to be updated during the first launch. What is the best way to achieve this when you launch the EC2 instance?

a. Connect to each EC2 instance using SSH, then install the required software and update your OS package manually.
b. Write a bash script that installs the required software and updates to your OS, then use this script in EC2 User Data when you launch your EC2 instances.
c. Write a bash script that installs the required software and updates to your OS, then contact AWS Support and provide them with the script. They will run it on your EC2 instances at launch.

Answer 16

b. Write a bash script that installs the required software and updates to your OS, then use this script in EC2 User Data when you launch your EC2 instances.

Question 17

Which EC2 instance type should you choose for a critical application that uses an in-memory database?

a. compute optimized
b. storage optimized
c. memory optimized
d. general purpose

Answer 17

c. memory optimized

Question 18

You have an e-commerce application with an OLTP database hosted on-premises. This application has popularity which results in its database has thousands of requests per second. You want to migrate the database to an EC2 instance. Which EC2 instance type should you choose to handle this high-frequency OLTP database?

a. compute optimized
b. storage optimized
c. memory optimized
d. general purpose

Answer 18

b. storage optimized

Question 19

True or False: Security Groups can be attached to only one EC2 instance.

Answer 19

False

Question 20

You are planning to migrate on-premises applications to AWS. Your company has strict compliance requirements that require your application to run on dedicated servers. You also need to use your own server-bound software license to reduce costs. Which EC2 purchasing options is suitable for you?

a. convertible reserved instances
b. dedicated hosts
c. spot instances

Answer 20

b. dedicated hosts

Question 21

You would like to deploy a database technology on an EC2 instance and the vendor license bills you based on the physical cores and underlying network socket visibility. Which EC2 purchasing option allows you to get visibility into them?

a. dedicated hosts
b. spot instances
c. on-demand
d. reserved instances

Answer 21

a. dedicated hosts

Question 22

You have just terminated an EC2 instance in us-east-1a, and its attached EBS volume is now available. Your teammate tries to attach it to an EC2 instance in us-east-1b but he can’t. What is a possible cause for this?

a. he’s missing IAM permissions
b. EBS volumes are locked to an AWS Region
c. EBS volumes are locked to an AZ

Answer 22

c. EBS volumes are locked to an AZ

Question 23

You have launched an EC2 instance with two EBS volumes, the root volume type and the other EBS volume type to store the data. A month later you are planning to terminate the EC2 instance. What’s the default behavior that will happen to each EBS volume?

a. both the root volume type and the EBS volume type will be deleted
b. the root volume type will be deleted and the EBS volume type will not be deleted.
c. the root volume type will not be deleted and the EBS volume type will be deleted.
d. Both the root volume type and the EBS volume type will not be deleted.

Answer 23

b. the root volume type will be deleted an the EBS volume type will not be deleted.

Question 24

True or False: You can use an AMI in N. Virginia Region us-east-1 to launch an EC2 instance in any AWS Region.

Answer 24

False

Question 25

Which of the following EBS volume types can be used as boot volumes when you create EC2 instances?

a. gp2, gp3, io1, io2
b. gp2, gp3, st1, sc1
c. io1, io2, st1, sc1

Answer 25

a. gp2, gp3, io1, io2

Question 26

What is EBS Multi-Attach?

a. attach the same EBS volume to multiple EC2 instances in multiple AZs
b. attach multiple EBS volumes in the same AZ to the same EC2 instance.
c. attach the same EBS volume to multiple EC2 instances in the same AZ.
d. attach multiple EBS volumes in multiple AZs to the same EC2 instance

Answer 26

c. attach the same EBS volume to multiple EC2 instances in the same AZ

Question 27

You have provisioned an 8TB gp2 EBS volume and you are running out of IOPS. What is NOT a way to increase performance?

a. mount EBS volumes in RAID 0
b. change to an io1 volume type
c. increase the EBS volume size

Answer 27

c. increase the EBS volume size

Question 28

You have a fleet of EC2 instances distributed across AZs that process a large data set. What do you recommend to make the same data to be accessible as an NFS drive to all of your EC2 instances?

a. use an instance store
b. use EBS
c. use EFS

Answer 28

c. use EFS

Question 29

You would like to have a high-performance local cache for your application hosted on an EC2 instance. You don’t mind losing the cache upon the termination of your EC2 instance. Which storage mechanism do you recommend as a Solutions Architect?

a. instance store
b. EBS
c. EFS

Answer 29

a. instance store

Question 30

You are running a high-performance database that requires and IPS of 310,000 for its underlying storage. What do you recommend?

a. use an EC2 Instance store
b. use an EBS gp2 drive
c. use an EBS io1 drive
d. use an EBS io2 Block Express drive

Answer 30

a. use an EC2 instance store

Question 31

Scaling an EC2 instance from r4.large to r4.4xlarge is called _____.

a. horizontal scalability
b. vertical scalability

Answer 31

b. vertical scalability

Question 32

Running an application on an Auto Scaling Group that scales the number of EC2 instance in and out is called ____.

a. vertical scalability
b. horizontal scalability

Answer 32

b. horizontal scalability

Question 33

Elastic Load Balancers provide a ____.

a. static IPv4 we can use in our application
b. static DNS name we can use in our application
c. static IPv6 we can use in our application

Answer 33

b. static DNS name we can use in our application

Question 34

You are running a website on 10 EC2 instances fronted by an Elastic Load Balancer. Your users are complaining about the fact that the website always asks them to re-authenticate when they are moving between website pages. You are puzzled because it’s working just fin on your machine and in the Dev environment with 1 EC2 instance. What could be the reason?

a. The elastic load balancer does not have Sticky Sessions enabled.
b. your website must have an issue when hosted on multiple EC2 instances.
c. The ec2 instances log out users as they cant see their IP addresses, instead, they receive ELB IP addresses.

Answer 34

a. The elastic load balancer does not have Sticky Sessions enabled.

Question 35

You are using an Application Load Balancer to distribute traffic to your website hosted on EC2 instances. It turns out that your website only sees traffic coming from private IPv4 addresses which are in fact your Application Load Balancer’s IP addresses. What should you do to get the IP address of clients connected to your website?

a. modify your website’s frontend so that users send their IP in every request.
b. modify your website’s backend to get the client IP address from X-Forwarded-For header
c. modify your website’s backend to get the client IP address from X-Forwarded-Port header
d. modify your website’s backend to get the client IP address from X-Forwarded-Proto header

Answer 35

b. modify your website’s backend to get the client IP address from X-Forwarded-For header

Question 36

You hosted an application on a set of EC2 instances fronted by an Elastic load balancer. A week later, users begin complaining that sometimes the application just doesn’t work. You investigate the issue and found that some EC2 instances crash from time to time. What should you do to protect users from connecting to the EC2 instances that are crashing?

a. Enable ELB stickiness
b. enable SSL Termination
c. enable ELB health checks
d. enable Cross-Zone Load Balancing

Answer 36

c. enable ELB health checks

Question 37

You are working as a Solutions Architect for a company and you are required to design an architecture for a high-performance, low-latency application that will receive millions of requests per second. Which type of Elastic Load Balancer should you choose?

a. Application Load Balancer
b. Classic Load Balancer
c. Network Load Balancer

Answer 37

c. Network Load Balancer

Question 38

Application Load Balancers support the following protocols, EXCEPT:

a. HTTP
b. HTTPS
c. WebSocket
d. TCP

Answer 38

d. TCP

Question 39

Application Load Balancers can route traffic to different Target Groups based on the following EXCEPT:

a. hostname
b. client’s location (geography)
c. request URL path
d. source IP address

Answer 39

b. client’s location (geography)

Question 40

Registered targets in a Target Group for an Application Load Balancer can be one of the following EXCEPT:

a. network load balancer
b. lambda functions
c. private IP addresses
d. EC2 instances

Answer 40

a. network load balancer

Question 41

For compliance purposes, you would like to expose a fixed static IP address to your end-users so that they can write firewall rules that will be stable and approved by regulators. What type of Elastic Load Balancer would you choose?

a. Application Load Balancer with an Elastic IP attached to it
b. Network Load Balancer
c. Classic Load Balancer

Answer 41

b. Network Load Balancer

Question 42

You want to create a customer applciaton-based cookie in your Application Load Balancer. Which of the following can you use as a cookie name?

a. AWSALBAPP
b. AWSALBTG
c. APPUSERC
d. AWSALB

Answer 42

c. APPUSERC

Question 43

You have a Network Load Balancer that distributes traffic across a set of EC2 instances in us-east-1. You have 2 EC2 instances in us-east-1b AZ and 5 EC2 instances in us-east-1e AZ. You have noticed that the CPU utilization is higher in the EC2 instances in us-east-1b AZ. After more investigation, you noticed that the traffic is equally distributed across the two AZs. How would you solve this problem?

a. enable Sticky Sessions
b. enable Cross-Zone Load Balancing
c. enable ELB Health Checks
d. enable SSL termination

Answer 43

b. enable Cross-Zone Load Balancing

Question 44

Which feature in both Application Load Balancers and Network Load Balancers allows you to load multiple SSL certificates on one listener?

a. Server Name Indication (SNI)
b. TLS Termination
c. Host Headers
d. SSL Security Policies

Answer 44

a. Sever Name Indication (SNI)

Question 45

You have an Application Load Balancer that is configured to redirect traffic to 2 Target Groups based on the following hostnames: users.example.com, api.external.example.com, and checkout.example.com. You would like to configure HTTPS for each of these hostnames. How do you configure the ALB to make this work?

a. use an HTTP to HTTPS redirect rule
b. use a security group SSL certificate
c. use Server Name Indication (SNI)

Answer 45

c. user Server Name Indication (SNI)

Question 46

You have an application hosted on a set of EC2 instances managed by an Auto Scaling Group that you configured both desired and maximum capacity to 3. Also, you have created a CloudWatch Alarm that is configured to scale out your ASG when CPU Utilization reaches 60%. Your application suddenly received huge traffic and is now running at 80% CPU Utilization. What will happen?

a. the desired capacity will go up to 4 and the maximum capacity will stay at 3.
b. nothing
c. the desired capacity will go up to 4 and the maximum capacity will stay at 4

Answer 46

b. nothing

Question 47

You have an Auto Scaling Group frontend by an Application Load Balancer. You have configured the ASG to use ALB Health Checks, then one EC2 instance has just been reported unhealthy. What will happen to the EC2 instance?

a. the ASG will keep the instance running and re-start the applciaton.
b. the ASG will detach the EC2 instance and leave it running
c. the ASG will terminate the EC2 instance

Answer 47

c. the ASG will terminate the EC2 instance

Question 48

Your boss asked you to scale your ASG based on the number of requests per minute your application makes to your database. What should you do?

a. You politely tell him it’s impossible
b. create a CloudWatch custom metric then create a CloudWatch Alarm on this metric to scale your ASG
c. enable Detailed Monitoring then create a CloudWatch Alarm to scale your ASG

Answer 48

b. create a CloudWatch custom metric then create a CloudWatch Alarm on this metric to scale your ASG

Question 49

A web application hosted on a fleet of EC2 instances managed by an ASG. You are exposing the application through an ALB. Both the EC2 instances and the ALB are deployed on a VPC with the following CIDR 192.168.0.0/18. How do you configure the EC2 instances’ security group to ensure only the ALB can access them on port 80?

a. add an inbound rule with port 80 and 0.0.0.0/0 as the source
b. add an inbound rule with port 80 and 192.168.0.0/18 as the source
c. add an inbound rule with port 80 and the ALB’s Security Group as the source
d. load an SSL certificate on the ALB

Answer 49

c. add an inbound rule with port 80 and the ALB’s Security Group as the source

Question 50

An application is deployed with an ALB and an ASG. Currently, you manually scale the ASG and you would like to define a Scaling Policy that will ensure the average number of connections to your EC2 instances is around 1000. Which Scaling Policy should you use?

a. simple scaling policy
b. step scaling policy
c. scheduled scaling policy
d. target tracking policy

Answer 50

d. target tracking policy

Question 51

Your application hosted on EC2 instances by and ASG suddenly receives a spike in traffic which triggers your ASG to scale out and a new EC2 instance has been launched. The traffic continuously increases but the ASG doesn’t launch any new EC2 instances immediately but after 5 minutes. What is a possible cause for this behavior?

a. cooldown period
b. lifecycle hooks
c. target tracking policy
d. launch template

Answer 51

a. cooldown period

Question 52

Amazon RDS supports the following databases, EXCEPT:

a. MongoDB
b. MySQL
c. MariaDB
d. Microsoft SQL Server

Answer 52

a. MongoDB

Question 53

You’re planning for a new solution that requires a MySQL database that must be available even in case of a disaster in one of the Availability Zones. What should you use?

a. Create Read Replicas
b. Enable Encryption
c. Enable Multi-AZ

Answer 53

c. Enable Multi-AZ

Question 54

We have an RDS database that struggles to keep up with the demand of requests from our website. Our million users mostly read news, and we don’t post news very often. Which solution is NOT adapted to this problem?

a. an ElastiCache Cluster
b. RDS Multi-AZ
c. RDS Read Replicas

Answer 54

b. RDS Multi-AZ

Question 55

You have set up read replicas on your RDS database, but users are complaining that upon updating their social media posts, they do not see their updated posts right away. What is a possible cause for this?

a. There must be a bug in your application
b. Read Replicas have Asynchronous Replication, therefore it’s likely your users will only read Eventual Consistency
c. You should have setup Multi-AZ instead.

Answer 55

b. Read Replicas have Asynchronous Replication, therefore it’s likely your users will only read Eventual Consistency

Question 56

Which RDS (NOT Aurora) feature when used does not require you to change the SQL connection string?

a. Read Replicas
b. Multi-AZ

Answer 56

b. Multi-AZ

Question 57

Your application running on a fleet of EC2 instances managed by an ASG behind an ALB. Users have to constantly log back in and you don’t want to enable Sticky Sessions on your ALB as you fear it will overload some EC2 instances. What should you do?

a. Use your own custom Load Balancer on EC2 instances instead of using ALB
b. Store session data in RDS
c. Store session data in ElastiCache
d. Store session data in a shared EBS volume

Answer 57

c. Store Session data in ElastiCache

Question 58

An analytics application is currently performing its queries against your main production RDS database. These queries run at any time of the day and slow down the RDS database which impacts your users’ experience. What should you do to improve the users’ experience?

a. setup a read replica
b. setup Multi-AZ
c. run the analytics queries at night

Answer 58

a. setup a read replica

Question 59

You are running an ElastiCache Redis cluster which you want to ensure it is high available. What should you do?

a. add read replicas
b. enable mulit-az

Answer 59

a. add read replicas

Question 60

How can you enhance the security of your ElastiCache Redis Cluster by forcing users to enter a password when they connect?

a. Use Redis Auth
b. Use IAM Auth
c. Use Security Groups

Answer 60

a. Use Redis Auth

Question 61

Your company has a production Node.js application that is using RDS MySQL 5.6 as its database. A new application programmed in Java will perform some heavy analytics workload to create a dashboard on a regular hourly basis. What is the most cost-effective solution you can implement to minimize disruption for the main application?

a. Enable Multi-AZ for the RDS database and run the analytics workload on the standby database.
b. Create a Read Replica in a different AZ and run the analytics workload on the replica database
c. Create a Read Replica in a different AZ and run the analytics workload on the source database

Answer 61

b. Create a Read Replica in a different AZ and run the analytics workload on the replica database.

Question 62

You would like to create a disaster recovery strategy for your RDS PostgreSQL database so that in case of regional outage the database can be quickly made available for both read and write workloads in another AWS Region. The DR database must be highly available. what do you recommend?

a. create a read replica in the same region and enable multi-az on the main database.
b. create a read replica in the same region and enable multi-az on the read replica
c. create a read replica in a different region and enable multi-az and the read replica
d. enable multi-region option on the main database

Answer 62

c. create a read replica in a different region and enable multi-az and the read replica

Question 63

You have migrated the MySQL database from on-premises to RDS. You have a lot of applications and developers interacting with your database. Each developer has an IAM user in the company’s AWS account. What is a suitable approach to give access to developers to the MySQL RDS DB instance instead of creating a DB user for each one?

a. enable IAM Database Authentication
b. user Amazon Cognito
c. by default IAM users have access to your RDS database

Answer 63

a. enable IAM Database Authenticaiton

Question 64

Which of the following statement is true regarding replication in both RDS Read Replica and Multi-AZ?

a. read replica uses Asynchronous Replication and Multi-AZ uses Asynchronous Replication
b. read replica uses synchronous replication and multi-az uses asynchronous replication
c. read replica uses synchronous replication and multi-az uses synchronous replication
d. read replica uses asynchronous replication and multi-az uses synchronous replication

Answer 64

d. read replica uses asynchronous replication and multi-az uses synchronous replication

Question 65

How do you encrypt an unencrypted RDS DB Instance?

a. do it straight from AWS Console, select RDS DB instance, choose Actions then Encrypt using KMS
b. create a snapshot of the unencrypted RDS DB instance, copy the snapshot and tick “Enable encryption”, then restore the RDS DB instance from the encrypted snapshot
c. Do it straight from AWS Console, after stopping the RDS DB instance

Answer 65

b. create a snapshot of the unencrypted RDS DB instance, copy the snapshot and tick “Enable encryption”, then restore the RDS DB instance from the encrypted snapshot

Question 66

For your RDS database, you can have up to ___ read replicas.

a. 3
b. 5
c. 7

Answer 66

b. 5

Question 67

Which RDS database technology does NOT support IAM Database Authentication?

a. Oracle
b. PostgreSQL
c. MySQL

Answer 67

a. Oracle

Question 68

Yes or No: You have an unencrypted RDS DB instance and you want to create read replicas. Can you configure the RDS read replicas to be encrypted?

Answer 68

No

Question 69

How many Aurora Read Replicas can you have in a single Aurora DB Cluster?

a. 5
b. 10
c. 15

Answer 69

c. 15

Question 70

Amazon Aurora supports both ____ databases

a. MySQL and MariaDB
b. Oracle and MariaDB
c. MySQL and PostgreSQL
d. Oracle and MS SQL Server

Answer 70

c. MySQL and PostgreSQL

Question 71

What is the maximum number of read replicas you can add in an ElastiCache Redis Cluster with Cluster-Mode Disabled?

a. 3
b. 4
c. 5

Answer 71

c. 5

Question 72

You have an ElastiCache Redis Cluster that serves a popular application. You have noticed that there are a large number of requests that go to the database because a large number of items are removed from the cache before they expire. What is this called and how to solve it?

a. Cache Evictions, Scale up or out your ElastiCache Redis Cluster
b. Cache Invalidations, Scale up or out your ElastiCache Redis Cluster
c. Cache Evictions, Scale down or in your ElastiCache Cluster
d. Cache Invalidations, Scale down or in your ElastiCache Cluster

Answer 72

a. Cache Evictions, Scale up or out your ElastiCache Redis Cluster

Question 73

You have a MySQL RDS database instance on which you want to enforce SSL connections. What should you do?

a. modify your DB security group to only allow SSL traffic
b. download SSL certificates form your DB, then use these certificates in your application to connect over SSL
c. enable MySQL RDS Database Encryption
d. Execute a REQUIRE SSL SQL statement to all your DB users

Answer 73

d. Execute a REQUIRE SSL SQL statement to all your DB users

Question 74

You have an ElastiCache cluster with small cache size, so you want to ensure that only the data that’s requested will be loaded into the cluster. Which caching strategy should you use?

a. write through
b. lazy loading
c. time-to-live(TTL)

Answer 74

b. lazy loading

Question 75

You’re hosting a dynamic website fronted by an ElastiCache Cluster. You have been instructed to keep latency to a minimum for all read requests for every user. Also, writes can take longer to happen. Which caching strategy do you recommend?

a. Cache Aside
b. Time-To-Live (TTL)
c. Write Through

Answer 75

c. Write Through

Question 76

You have purchased mycoolcompany.com on Amazon Route 53 Registrar and would like the domain to point to your Elastic Load Balancer my-elb-1234567890.us-west-2.elb.amazonaws.com. Which Route 53 Record type must you use here?

a. CNAME
b. Alias

Answer 76

b. Alias

Question 77

You have deployed a new Elastic Beanstalk environment and would like to direct 5% of your production traffic to this new environment. This allows you to monitor for CloudWatch metrics and ensuring that no bugs exists with your new environment. Which Route 53 Record type allows you to do so?

a. simple
b. weighted
c. latency
d. failover

Answer 77

b. weighted

Question 78

You have updated a Route 53 Record’s myapp.mydomain.com value to point to a new Elastic Load Balancer, but it looks like users are still redirected to the old ELB. What is a possible cause for this behavior?

a. Because of the Alias Record
b. Because of the CNAME Record
c. Because of the TTL
d. Because of the Route 53 Health Checks

Answer 78

c. Because of the TTL

Question 79

You have an application that’s hosted in two different AWS Regions us-west-1 and eu-west-2. You want your users to get the best possible user experience by minimizing the response time from application servers to your users. Which Route 53 Routing Policy should you choose?

a. latency
b. multi value
c. weighted
d. geolocation

Answer 79

a. latency

Question 80

You have a legal requirement that people in any country but France should NOT be able to access your website. Which Route 53 Routing Policy helps you in achieving this?

a. latency
b. simple
c. multi value
d. geolocation

Answer 80

d. geolocation

Question 81

You have purchased a domain on GoDaddy and would like to use Route 53 as the DNS Service Provider. What should you do to make this work?

a. Request for a domain transfer
b. Create a Private Hosted Zone and update the 3rd party Registrar NS records
c. Create a Public Hosted Zone and update the 3rd party Registrar NS records
d. Create a Public Hosted Zone and update the Route 53 NS records

Answer 81

c. Create a Public Hosted Zone and update the 3rd party Registrar NS records

Question 82

Which of the following are NOT valid Route 53 Health Checks?

a. Health Check that monitor SQS Queue
b. Health Check that monitors an Endpoint
c. Health Check that monitors other Health Checks
d. Health Check that monitor CloudWatch Alarms

Answer 82

a. Heath Check that monitor SQS Queue

Question 83

Security Groups operate at the ____ level while NACLs operate at the ____ level.

a. EC2 instance, Subnet
b. Subnet, EC2 instance

Answer 83

a. EC2 instance, Subnet

Question 84

You have attached an Internet Gateway to your VPC, but your EC2 instances still don’t have access to the internet. What is NOT a possible issue?

a. Route Tables are missing entries
b. the EC2 instances don’t have public IP’s
c. the Security Group does not allow traffic in
d. the NACL does not allow network traffic out

Answer 84

c. the security group does not allow traffic in

Question 85

You would like to provide internet access to your EC2 instances in private subnets with IPv4 while making sure this solution requires the least amount of administration and scales seamlessly. What should you use?

a. NAT instances with source/destination check flag off
b. NAT Gateway
c. Egress only Internet Gateway

Answer 85

b. NAT Gateway

Question 86

When using VPC Endpoints, what are the only two AWS services that have a Gateway Endpoint available?

a. Amazon S3 & Amazon SQS
b. Amazon SQS & DynamoDB
c. Amazon S3 & DynamoDB

Answer 86

c. Amazon S3 & DynamoDB

Question 87

You have 3 VPCs A, B, and C. You want to establish a VPC Peering connection between all the 3 VPCs. What should you do?

a. Establish 3 VPC Peering connections (A-B, A-C, B-C)
b. As VPC Peering supports Transitive Peering, so you need to establish 2 VPC Peering connections (A-B, B-C)

Answer 87

a. Establish 3 VPC Peering connections (A-B, A-C, B-C)

Question 88

How can you capture information about IP traffic inside your VPCs?

a. enable VPC Traffic Monitoring
b. enable VPC Flow Logs
c. enable CloudWatch Traffic Logs

Answer 88

b. enable VPC Flow Logs

Question 89

You need to set up a dedicated connection between your on-premises corporate datacenter and AWS Cloud. This connection must be private, consistent, and traffic must not travel through the internet. Which AWS service should you use?

a. Site-to-Site VPN
b. AWS PrivateLink
c. Amazon EventBridge
d. AWS Direct Connect

Answer 89

d. AWS Direct Connect

Question 90

You have a 25 GB file that you’re trying to upload to S3 but you’re getting errors. What is a possible solution for this?

a. the file size limit on S3 is 5 GB
b. update your bucket policy to allow the larger file
c. use multi-part upload when uploading files larger than 5GB
d. encrypt the file

Answer 90

c. use multi-part upload when uploading files larger than 5GB

Question 91

You’re getting errors while trying to create a new S3 bucket named dev. You’re using a new AWS Account with no S3 buckets created before. What is a possible cause for this?

a. You’re missing IAM permissions to create an S3 bucket
b. S3 bucket names must be globally unique and dev is already taken

Answer 91

b. S3 bucket names must be globally unique and dev is already taken

Question 92

You have enabled versioning in your S3 bucket which already contains a lot of files. Which version will the existing files have?

a. 1
b. 0
c. -1
d. null

Answer 92

d. null

Question 93

Your client wants to make sure that file encryption is happening in S3, but he wants to fully manage the encryption keys and never store them in AWS. You recommend him to use ____.

a. SSE-S3
b. SSE-KMS
c. SSE-C
d. Client-Side Encryption

Answer 93

c. SSE-C

Question 94

A company you’re working for wants their data store in S3 to be encrypted. They don’t mind the encryption keys stored and managed by AWS, but they want to maintain control over the rotation policy of the encryption keys. You recommend them to use ____.

a. SSE-S3
b. SSE-KMS
c. SSE-C
d. Client-Side Encryption

Answer 94

b. SSE-KMS

Question 95

Your company does not trust AWS for the encryption process and wants it to happen on the application. You recommend them to use ____.

a. SSE-S3
b. SSE-KMS
c. SSE-C
d. Client-Side Encryption

Answer 95

d. Client-Side Encryption

Question 96

You have updated an S3 bucket policy to allow IAM users to read/write files in the S3 bucket, but one of the users complain that he can’t perform a PutObject API call. What is a possible cause for this?

a. The S3 bucket policy must be wrong
b. The user is lacking permissions
c. The IAM user must have an explicit DENY in the attached IAM Policy
d. You need to contact AWS Support to lift this limit

Answer 96

c. The IAM user must have an explicit DENY in the attached IAM Policy

Question 97

You have a website that loads files from an S3 bucket. When you try the URL of the files directly in your Chrome browser it works, but when the website you’re visiting tries to load these files it doesn’t. What’s the problem?

a. the bucket policy is wrong
b. the IAM policy is wrong
c. Encryption is wrong
d. CORS is wrong

Answer 97

d. CORS is wrong

Question 98

Which S3 encryption method mandates that you use HTTPS while uploading/download objects?

a. SSE-C
b. SSE-S3
c. SSE -KMS
d. Client-Side Encryption

Answer 98

a. SSE-C

Question 99

An application hosted on an EC2 instance wants to upload objects to an S3 bucket using the PutObject API call, but it lacks the required permissions. What should you do?

a. From inside the EC2 instance, run “aws configure” and insert your personal IAM Credentials, because you have access to do the required API call.
b. Ask an administrator to attach an IAM Policy to the IAM Role on your EC2 instance that authorizes it to do the required API call.
c. Export the environment variables with your IAM credentials on the EC2 instance.
d. use the EC2 Metadata API call

Answer 99

b. Ask an administrator to attach an IAM Policy to the IAM Role on your EC2 instance that authorizes it to do the required API call.

Question 100

You and your colleague are working on an application that’s interacting with some AWs services through making API calls. Your colleague can run the application on his machine without issues, while you get API Authorization Exceptions What should you do?

a. send him your AWS Access Key and Secret Access Key so he can replicate the issue on his machine
b. ask him to send you his IAM credentials so you can work without issues.
c. Compare both your IAM Policy and his IAM Policy in AWS Policy Simulator to understand the differences
d. Ask him to create an EC2 Instance and insert his IAM credentials inside it, so you can run the application from the EC2 instance.

Answer 100

c. Compare both your IAM Policy and his IAM Policy in AWS Policy Simulator to understand the differences

Question 101

Your administrator launched a Linux EC2 instance ang gives you the EC2 Key Pair so you can SSH into it. After getting into the EC2 instance, you want to get the EC2 instance ID. What is the best way to do this?

a. create an IAM Role and attach it to your EC2 instance so you can perform a “describe-instances” API call
b. Query the user data at http://169.254.169.254/latest/user-data
c. Query the metadata at http://254.169.254.169/latest/meta-data
d. Query the metadata at http://169.254.169.254/latest/meta-data

Answer 101

d. Query the metadata at http://169.254.169.254/latest/meta-data

Question 102

AWS CLI requires _____ as its runtime.

a. Java
b. Golang
c. Python
d. C#

Answer 102

c. Python

Question 103

You’re running an application on an on-premises server. The application needs to perform API calls to an S3 bucket. How can you achieve this in the most secure manner?

a. create an IAM user to be used by the application, then generate IAM credentials and put the credentials into environment variables
b. from inside your on-premises server, run “aws configure” and insert your personal IAM Credentials
c. Create an IAM user to be used by the application, then generate IAM credentials and use the credentials in the application’s code
d. attach an IAM role to your on-premises server

Answer 103

a. create an IAM user to be used by the application, then generate IAM credentials and put the credentials into environment variables

Question 104

When you have an IAM role attached to your EC2 instance and you run AWS CLI commands from inside this instance, AWS CLI uses the ______ to get _____ credentials.

a. instance user data, temporary
b. instance metadata, temporary
c. instance user data, permanent
d. instance metadata, permanent

Answer 104

b. instance metadata, temporary

Question 105

You have created an IAM role with the required IAM permissions to make API calls to get sensitive files stored in an S3 bucket. You have attached the newly created IAM role to an EC2 instance an you want to test whether you can download these files from inside the EC2 instance. What should you do to make your tests without changing the parameters’ values as they’re critical?

a. use IAM Policy simulator or the Instance metadata
b. use “–dry-run” AWS CLI option or the Instance metadata
c. use IAM Policy simulator or the “–dry-run” AWS CLI option

Answer 105

c. use IAM Policy simulator or the “–dry-run” AWS CLI option

Question 106

True or False: When an IAM role is attached to your EC2 instance, you can retrieve both the IAM role name and the IAM policies attached to the role.

Answer 106

False

Question 107

While performing EC2 API calls from inside your EC2 instance, you received the following authorization exception: vbguZQ1pz421h4rtSaXnEfDAZPii8X…..
How can you decode this encrypted error message?

a. contact AWS Support as they’re the only ones who can decode these messages.
b. use the EC2 decode-authorization-message API call
c. use the IAM decode-authorization-message API call
d. use the STS decode-authorization-message API call

Answer 107

d. use the STS decode-authorization-message API call

Question 108

The last AP calls you made to AWS KMS begin to throttle, as you have reached the max allowed API calls per second. What should you do?

a. make API calls every 10 ms
b. use exponential Backoff Strategy
c. use-linear backoff strategy

Answer 108

b. use exponential backoff strategy

Question 109

Before making API calls against MFA-protected API, you should use ____ to get temporary credentials.

a. STS GetSessionToken
b. STS GetFederationToken
c. IAM GetMFAToken

Answer 109

a. STS GetSessionToken

Question 110

AWS CLI uses credentials located in multiple locations and certain locations take precedence over others. Which of the following is the correct order for locations AWS CLI uses to find credentials?

a. environment variables -> command line options -> ec2 Instance Profile
b. command line options -> environment variables -> ec2 instance profile
c. ec2 instance profile -> command line options -> environment variables
d. ec2 instance profile -> environment variables -> command line options

Answer 110

b. command line options -> environment variables -> ec2 instance profile

Question 111

AWS CLI and AWS SDKs sign API requests for you using your AWS access key. If you’re writing your custom code, you must sign AWS API requests using ______.

a. signature version 1 (SigV1)
b. signature version 2 (SigV2)
c. signature version 3 (SigV3)
d. signature version 4 (SigV4)

Answer 111

d. signature version 4 (SigV4)

Question 112

You have enabled versioning and want to be extra careful when it comes to deleting files on an S3 bucket. What should you enable to prevent accidental permanent deletions?

a. use a bucket policy
b. encrypt the files
c. enable mfa delete
d. disable versioning

Answer 112

c. enable mfa delete

Question 113

You would like all your files in an S3 bucket to be encrypted by default. What is the optimal way of achieving this?

a. use a bucket policy that forces HTTPS connections
b. enable default encryption
c. enable versioning

Answer 113

b. enable default encryption

Question 114

You suspect that some of your employees try to access files in an S3 bucket that they don’t have access to. How can you verify this is indeed the case without them noticing?

a. restrict their IAM policies and look at CloudTrail logs
b. use a bucket policy
c. enable S3 Access Logs and analyze them using Athena

Answer 114

c. enable S3 Access Logs and analyze them using Athena

Question 115

You want the content of an S3 bucket to be fully available in different AWS Regions. That will help your team perform data analysis at the lowest latency and cost possible. What S3 feature should you use?

a. Amazon CloudFront Distributions
b. S3 Replication
c. S3 versioning
d. S3 Static Website hosting

Answer 115

b. S3 Replication

Question 116

You have 2 S3 buckets. One source bucket A, and two destination buckets B and C in different AWS Regions. You want to replicate objects from bucket A to both bucket B and C. How would you achieve this?

a. configure replication from bucket A to bucket B, then from bucket A to bucket C.
b. Configure replication from bucket A to bucket B, then from bucket B to bucket C.
c. configure replication from bucket A to bucket C, then from bucket C to bucket B.

Answer 116

a. configure replication from bucket A to bucket B, then from bucket A to bucket C.

Question 117

Which of the following is NOT a Glacier Deep Archive retrieval mode?

a. Standard (12 hrs)
b. Expedited (1-5 minutes)
c. Bulk (48 hrs)

Answer 117

b. Expedited (1-5 minutes)

Question 118

How can you be notified when there’s an object uploaded to your S3 bucket?

a. S3 Select
b. S3 Access Logs
c. S3 Event Notifications
d. S3 Analytics

Answer 118

c. S3 Event Notifications

Question 119

You are looking to provide temporary URLs to a growing list of federated users to allow them to perform a file upload on your S3 bucket to a specific location. What should you use?

a. S3 CORS
b. S3 Pre-signed URL
c. S3 Bucket Policies
d. IAM Users

Answer 119

b. S3 Pre-signed URL

Question 120

You have an S3 bucket that has S3 Versioning enabled. This S3 bucket has a lot of objects, and you would like to remove old object versions to reduce costs. What’s the best approach to automate the deletion of these old object version?

a. S3 Lifecycle Rules - Expiration Actions
b. S3 Lifecycle Rules - Transition Actions
c. S3 Access Logs

Answer 120

a. S3 Lifecycle Rules - Expiration Actions

Question 121

How can you automate the transition of S3 objects between their different tiers?

a. AWS Lambda
b. CloudWatch Events
c. S3 Lifecycle Rules

Answer 121

c. S3 Lifecycle Rules

Question 122

Which of the following is NOT a Glacier Flexible retrieval mode?

a. Expedited (1-5 min)
b. Standard (3-5 hrs)
c. Bulk (5-12 hrs)
d. Instant (10 secs)

Answer 122

d. Instant (10 secs)

Question 123

While you’re uploading large files to an S3 bucket using Multi-part Upload, there are a lot of unfinished parts stored in the S3 bucket due to network issues. You are not using these unfinished parts and they cost you money. What is the best approach to remove these unfinished parts?

a. Use AWS Lambda to loop on each old/unfinished part and delete them
b. Use and S3 Lifecycle Policy to automate old/unfinished parts deletion
c. Request AWS Support to help you delete old/unfinished parts

Answer 123

b. Use and S3 Lifecycle Policy to automate old/unfinished parts deletion

Question 124

Which of the following is a Serverless data analysis service allowing you to query data in S3?

a. S3 Analytics
b. Redshift
c. Athena
d. RDS

Answer 124

c. Athena

Question 125

You are looking to build an index of your files in S3, using Amazon RDS PostgreSQL. To build this index, tit is necessary to read the first 250 bytes of each object in S3, which contains some metadata about the content of the file itself. There are over 100,000 files in your S3 bucket, amounting to 50 TB of data, how can you build this index efficiently?

a. use the RDS import feature to load the data from S3 to PostgreSQL, and run a SQL query to build the index
b. Create an application that will traverse the S3 bucket, issue a Byte Range Fetch for the first 250 bytes, and store that information in RDS.
c. Create an application that will traverse the S3 bucket, read all the files one by one, extract the first 250 bytes, and store that information in RDS.
d. Create an application that will traverse the S3 bucket, use S3 Select to get the first 250 bytes, and store that information in RDS.

Answer 125

b. Create an application that will traverse the S3 bucket, issue a Byte Range Fetch for the first 250 bytes, and store that information in RDS.

Question 126

You have a large dataset stored on-premises that you want to upload to the S3 bucket. The dataset is divided into 10GB files. You have good bandwidth but your internet connection isn’t stable. What is the best way to upload this dataset to s3 and ensure that the process is fast and avoid any problems with the internet connection?

a. use S3 multi-part upload & S3 Transfer Acceleration
b. Use S3 Select & use S3 Transfer Acceleration
c. use multi-part upload only

Answer 126

a. use S3 multi-part upload & S3 Transfer Acceleration

Question 127

You would like to retrieve a subset of your dataset store in S3 with the CSV format. You would like to retrieve a month of data and only 3 columns out of 10, to minimize compute and network costs. What should you use?

a. S3 Inventory
b. S3 Select
c. S3 Analytics
d. S3 Access Logs

Answer 127

b. S3 Select

Question 128

You have a paid content that is stored in the S3 bucket. You want to distribute the content globally, so you have set up a CloudFront Distribution and configured the S3 bucket to only exchange data with your CloudFront Distribution. Which CloudFront feature allows you to securely distribute this paid content?

a. Origin Access Identity
b. S3 Pre-Signed URL
c. CloudFront Signed URL
d. CloudFront Invalidation

Answer 128

c. CloudFront Signed URL

Question 129

You have a CloudFront Distribution that serves your website hosted on a fleet of EC2 instances behind an Application Load Balancer. All your clients are from the United States, but you found that some malicious requests are coming from other countries. What should you do to only allow users from the US and block other countries?

a. User Origin Access Identity
b. Use CloudFront Geo Restriction
c. set up a security group and attach it to your CloudFront Distribution
d. Use a Route 53 Latency record and attach it to CloudFront

Answer 129

b. Use CloudFront Geo Restriction

Question 130

You have a static website hosted on an S3 bucket. You have created a CloudFront Distribution that points to your S3 bucket to better serve your requests and improve performance. After a while, you noticed that users can still access your website directly from the S3 bucket. You want to enforce users to access the website only through CloudFront. How do you achieve that?

a. Configure your CloudFront Distribution and create an Origin Access Identity, then update your S3 Bucket Policy to only accept requests from your CloudFront Distribution OAI user.
b. Send an email to your clients and tell them to not use the S3 endpoint
c. Use S3 Access Points to redirect clients to CloudFront

Answer 130

a. Configure your CloudFront Distribution and create an Origin Access Identity, then update your S3 Bucket Policy to only accept requests from your CloudFront Distribution OAI user.

Question 131

A website is hosted on a set of EC2 instance fronted by an Application Load Balancer. You have created a CloudFront Distribution and set up its origin to point to your ALB. What should you use to provide access to hundreds of private files served by your CloudFront distribution?

a. CloudFront Signed URLs
b. CloudFront Origin Access Identity
c. CloudFront HTTPS Encryption
d. CloudFront Signed Cookies

Answer 131

d. CloudFront Signed Cookies

Question 132

What does this S3 bucket policy do?
{
    "Version": "2012-10-17",
    "Id": "Mystery Policy",
    "Statement": [ {
          "Sid": "What could it be?",
          "Effect": "Allow",
          "Principal": { "CanonicalUser": "CloudFront Origin Identity Canonical User ID" },
          "Action": "s3:GetObject",
          "Resource": "arn:aws:s3:::examplebucket/*"
    }]
}

a. Forces GetObject request to be encrypted if coming from CloudFront
b. Only allows the S3 bucket content to be accessed from your CloudFront Distribution Origin Access Identity
c. Only allows GetObject type of request on the S3 bucket from anybody

Answer 132

b. Only allows the S3 bucket content to be accessed from your CloudFront Distribution Origin Access Identity

Question 133

You have a React Single Page Application hosted on an S3 Bucket and served through CloudFront Distribution. You have made an update to your React application an pushed it to S3, but the old version is still cached at CloudFront, and clients still see the old version. You want the new update to be propagated immediately. What would you do?

a. use CloudFront Invalidation
b. delete and create a new CloudFront Distribution
c. tell your clients to remove cache from their browsers or use Incognito Mode

Answer 133

a. use CloudFront Invalidation

Question 134

You are hosting highly dynamic content in an S3 bucket in the us-east-1 region. You want to make this data to be available with low latency in Singapore’s ap-southeast-1 region. What do you recommend?

a. Amazon CloudFront
b. S3 Cross-Region Replication
c. S3 Pre-Signed URLs

Answer 134

b. S3 Cross-Region Replication

Question 135

Using a CloudFront Distribution, you can cache based on the following, except ______.

a. HTTP Headers
b. HTTP Cookies
c. Query String Parameters
d. HTTP Methods

Answer 135

d. HTTP Methods

Question 136

When you’re configuring a CloudFront distribution to use Signed URLs/Cookies, it is recommended to use ______ signer instead of ______ signer.

a. trusted key group, CloudFront key pair
b. CloudFront key pair, Trusted key group

Answer 136

a. trusted key group, CloudFront key pair

Question 137

You have multiple Docker-based applications hosted on-premises that you want to migrate to AWS. You don’t want to provision or manage any infrastructure, you just want to run your containers on AWS. Which AWS Service should you choose?

a. Elastic Container Service (ECS)
b. Elastic Container Registry (ECR)
c. AWS Fargate
d. Elastic Kubernetes Service (EKS)

Answer 137

c. AWS Fargate

Question 138

Two of the launch types of ECS are:

a. Amazon EC2 Launch Type and Fargate Launch Type
b. Amazon EC2 Launch Type and EKS Launch Type
c. Fargate Launch Type and EKS Launch Type

Answer 138

a. Amazon EC2 Launch Type and Fargate Launch Type

Question 139

You have an application hosted on an ECS Cluster (EC2 Launch Type) where you want your ECS tasks to upload files to an S3 bucket. Which IAM Role for your ECS Tasks should you modify?

a. EC2 Instance Profile
b. ECS Task Role

Answer 139

b. ECS Task Role

Question 140

You’re planning to migrate a Word Press website running on Docker containers from on-premises to AWS. You have decided to run the application in an ECS Cluster, but you want your Docker containers to access the same WordPress website content such as website files, images, videos, etc. What do you recommend to achieve this?

a. Mount an EFS volume
b. Mound and EBS volume
c. Use and EC2 Instance Store

Answer 140

a. Mount and EFS volume

Question 141

You are deploying an application on an ECS Cluster made of EC2 instances. Currently, the cluster is hosting one application that is issuing API calls to DynamoDB successfully. Upon adding a second application, which issues API calls to S3, you are getting authorization issues. What should you do to resolve the problem and ensure proper security?

a. Edit the EC2 instance role to add permission to S3
b. Create and IAM task role for the new application
c. Enable the Fargate mode
d. Edit the S3 bucket policy to allow the ECS task

Answer 141

b. Create an IAM task role for the new application

Question 142

Which feature allows an Application Load Balancer to redirect traffic to multiple ECS Tasks running on the same ECS Container instance?

a. Automatic Port Mapping
b. ECS Task Definition
c. ECS Service
d. Dynamic Port Mapping

Answer 142

d. Dynamic Port Mapping

Question 143

You are migrating your on-premises Docker-based application to Amazon ECS. You were using Docker Hub Container Image Library as your container image repository. Which is an alternative AWS service which is fully integrated with Amazon ECS?

a. AWS Fargate
b. Elastic Kubernetes Service (EKS)
c. Elastic Container Registry (ECR)
d. Amazon EC2

Answer 143

c. Elastic Container Registry (ECR)

Question 144

You have a Classic ECS cluster that you want to enable IAM roles for your ECS tasks so that they can make API requests to AWS Services. Which ECS configuration options should you enable in /etc/ecs/ecs.config?

a. ECS_CLUSTER
b. ECS_ENGINE_AUTH_DATA
c. ECS_AVAILABLE_LOGGING_DRIVERS
d. ECS_ENABLE_TASK_IAM_ROLES

Answer 144

d. ECS_ENABLE_TASK_IAM_ROLES

Question 145

You have a CodePipeline pipeline, which contains a build state that uses AWS CodeBuild. This build stage builds your Docker images and pushes them to Amazon ECR. The build stage fails with an authorization issues. What is the issue?

a. Open an AWS Support ticket?
b. Delete and re-create your ECR repositories
c. Double-check your IAM role and permissions for the AWS CodeBuild service
d. You must have an up and running EC2 container instance

Answer 145

c. Double-check your IAM role and permissions for the AWS CodeBuild service

Question 146

You are looking to run multiple copies of the same application on the same EC2 instance and expose it with an load balancer. The application is available as a Docker image. You should use _____.

a. Application Load Balancer + ECS
b. Classic Load Balancer + Beanstalk
c. Application Load Balancer + Beanstalk
d. Classic Load Balancer + ECS

Answer 146

a. Application Load Balancer + ECS

Question 147

You have a containerized application stored as Docker images in an ECR repository, that you want to run on an ECS cluster. You’re trying to launch two copies of the same Docker container to the same EC2 container instance. The first container successfully starts, but the second container doesn’t. You have checked that there’s enough CPU and RAM on the EC2 container instance. What is the problem here?

a. The EC2 container instance doesn’t have the required IAM permissions to fetch Docker images from the ECR repository.
b. The host port defined in the task definition
c. The container port defined in the task definition
d. EC2 container instances can only run one container instance for each Docker image.

Answer 147

b. The host port defined in the task definition

*** To enable random host port, set host port=0 (or empty), which allows multiple containers of the same type to launch on the same EC2 container instance.

Question 148

A newly launched EC2 container instance can’t be registered with your ECS cluster. What is NOT a reason for this issue?

a. the ECS agent is not running
b. the AMI used isn’t the Amazon ECS-optimized AMI
c. the EC2 container instance is missing IAM permissions
d. the security group on the EC2 instance does not allow inbound traffic.

Answer 148

d. the security group on the EC2 instance does not allow inbound traffic.

Question 149

You want to pull Docker images from a private ECR repository. Which AWS CLI command can you use?

a. docker login -u $AWS_ACCESS_KEY_ID -p $AWS_SECRET_ACCESS_KEY $ECR_URL
docker pull $ECR_IMAGE_URL

b. docker login -u $AWS_USERNAME -p $AWS_PASSWORD $ECR_URL
docker pull $ECR_IMAGE_URL

c. $(aws ecr get-login –no-include-email)
docker pull $ECR_IMAGE_URL

d. docker build -t $ECR_URL
docker pull $ECR_IMAGE_URL

Answer 149

c. $(aws ecr get-login –no-include-email)

docker pull $ECR_IMAGE_URL

Question 150

You have an ECS cluster where you want to run 4 ECS services. Each ECS service needs to interact with various AWS services. Which of the following is the best practice while giving permission to these ECS services?

a. Create an IAM role with 4 IAM policies and attach it to the EC2 instances in the ECS cluster.
b. Create 4 IAM roles and attach them to the EC2 instances in the ECS cluster.
c. Create 1 ECS Task role with 4 policies and attach it to each ECS Task definition.
d. Create 4 ECS Task roles and attach them to the relevant ECS Task definition.

Answer 150

d. Create 4 ECS Task roles and attach them to the relevant ECS Task definition.

Question 151

Which ECS Task Placement strategy is the most cost-efficient?

a. spread
b. binpack
c. random

Answer 151

b. binpack

Question 152

Which ECS Task Placement constraint allows you to place each ECS Task on a different EC2 container instance?

a. distintInstance
b. memberOf

Answer 152

a. distintInstance

Question 153

You’re developing an application and would like to deploy it to Elastic Beanstalk with minimal cost. you should run it in ___.

a. single instance mode
b. high availability mode

Answer 153

a. single instance mode

Question 154

Elastic Beanstalk application versions can be deployed to ____.

a. one environment
b. many environments

Answer 154

b. many environments

Question 155

You have been tasked to run an application developed using Rust language on Elastic Beanstalk. After checking you found that Rust runtime is not currently supported on Elastic Beanstalk. Which of the following is NOT a solution?

a. Create a custom platform.
b. Install scripts and security software using an EC2 User Data script
c. Use a Docker image with all scripts and security software installed.
d. use a Custom AMI

Answer 155

b. Install scripts and security software using an EC2 User Data script

Question 156

True or False: Environments in Elastic Beanstalk must have the following names: dev, test, and prod.

Answer 156

False

Question 157

You are developing a new application that’s hosted on Elastic Beanstalk. As you are in the development process you don’t mind downtime so you want your application to be deployed as soon as a new version is available. Which Elastic Beanstalk deployment option should you use?

a. all at once
b. rolling
c. rolling with additional batches
d. immutable

Answer 157

a. all at once

Question 158

A company hosting their websites on AWS Elastic Beanstalk. They want a methodology to continuously release new application versions with the ability to roll back very quickly in case if there’s any issues. Also, the application must be running at full capacity while releasing new versions. Which Elastic Beanstalk deployment option do you recommend?

a. all at once
b. rolling
c. rolling with additional batches
d. immutable

Answer 158

d. immutable

Question 159

You’re a DevOps engineer working for a startup company hosting their application on Elastic Beanstalk. The application is in its early phases and it has a lot of new updates every week while being used by a number of users. You want to continuously release new features without application downtime and without incurring extra costs. It’s acceptable to temporarily decrease the number of running instances serving users. Which Elastic Beanstalk deployment option should you choose?

a. all at once
b. rolling
c. rolling with additional batches
d. immutable

Answer 159

b. rolling

Question 160

Which Elastic Beanstalk deployment option allows you to release new version of your application with minimal added cost while maintaining the full capacity to serve the current users?

a. all at once
b. rolling
c. rolling with additional batches
d. immutable

Answer 160

c. rolling with additional batches

Question 161

To improve you application performance, you want to add an ElastiCache cluster to your application hosted on Elastic Beanstalk. What should you do?

a. Manually create an ElastiCache cluster outside of your Elastic Beanstalk and connect to it through using environment variables.
b. Create an elasticache.extensions file at the root of the code zip files and provide appropriate configuration.
c. Create a config.elasticache file in the .ebextensions folder which is at the root of the code zip file and provide appropriate configuration.
d. Create and elasticache.config file in the .ebextensions folder which is at the root of the code zip file and provides appropriate configuration.

Answer 161

d. Create and elasticache.config file in the .ebextensions folder which is at the root of the code zip file and provides appropriate configuration.

Question 162

Your deployment on Elastic Beanstalk have been painfully slow. After checking the logs, you realize that this is due to the fact that your application dependencies are resolved on each instance each time you deploy. What can you do to speed up to the deployment process with minimal impact?

a. Resolve the dependencies beforehand and package them in the zip file uploaded to Elastic Beanstalk
b. Remove some dependencies in your code
c. Place the dependencies in an S3 Bucket

Answer 162

a. Resolve the dependencies beforehand and package them in the zip file uploaded to Elastic Beanstalk

Question 163

Which AWS service does Elastic Beanstalk use under the hood?

a. AWS OpsWorks
b. AWS CloudFormation
c. AWS Lambda
d. Amazon EC2

Answer 163

b. AWS CloudFormation

Question 164

Due to compliance regulations, you have been tasked to enable HTTPS for your application hosted on Elastic Beanstalk. This allows in-flight encryption between your clients and web servers. What must be done to set up HTTPS on Elastic Beanstalk?

a. Use a separate CloudFormation template to load the SSL certificate onto the Application Load Balancer
b. Modify Security Groups to allows inbound traffic on port 80.
c. Create an .ebextension/securelistner-alb.config file to configure the Applicaiton Load Balancer
d. Configure Health Checks

Answer 164

c. Create an .ebextension/securelistner-alb.config file to configure the Applicaiton Load Balancer

Question 165

Which feature in Elastic Beanstalk allows you to automate deletions of old application versions so that new application versions can be created?

a. setup an .ebextensions file
b. use a lifecycle policy
c. define a Lambda function
d. use Worker environments

Answer 165

b. use a lifecycle policy

Question 166

You’re using Elastic Beanstalk and you would like to schedule tasks to run periodically and asynchronously. These tasks typically take more than 1 hour to complete. Which Elastic Beanstalk environment should you choose?

a. web server environment and a .ebextension file
b. web server environment and a cron.yaml file
c. worker environment and a .ebextension file
d. work environment and a cron.yaml file

Answer 166

d. work environment and a cron.yaml file

Question 167

You have created a test environment in Elastic Beanstalk and as part of the environment, you have created an RDS DB instance. How can you make sure the database can be used after you delete the environment

a. Make a selective delete in Elastic Beanstalk
b. Make a snapshot of the RDS DB instance before it gets deleted
c. Change the Elastic Beanstalk environment variables

Answer 167

b. Make a snapshot of the RDS DB instance before it gets deleted

Question 168

You’re running an application on Elastic Beanstalk. You have just finished a major update to your application. You want to deploy the new version then direct a small percentage of traffic to the new version so you can test and fall back if there’re any issues. Which Elastic Beanstalk deployment option should you choose?

a. Traffic Splitting
b. Rolling
c. Rolling with Additional Batches
d. Immutable

Answer 168

a. Traffic Splitting

Question 169

You have been hired by a company to run some tests on their application hosted on Elastic Beanstalk. You can’t run these tests on the current environment as this is the production environment, so you have to create another environment similar to the one already running. Which Elastic Beanstalk feature allows you to do this?

a. Download the current Elastic Beanstalk environment CloudFormation template, then use it to create another environment.
b. Manually create another environment with the same configuration
c. Elastic Beanstalk Cloning
d. Use Worker Environment

Answer 169

c. Elastic Beanstalk Cloning