Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS Study Deck - SAA > Practice Exam - 1 > Flashcards

Practice Exam - 1 Flashcards

1
Q

You have a corporate intranet web application that required 500GB of block storage at 1000 IOPS throughout the day apart from 40 minutes at night when you run a schedule batch process to generate reports during which you require 3000 IOPS. Which Amazon EBS volume will be cost effective?

  1. General Purpose SSD (gp2)
  2. Provisioned IOPS SSD (io1)
  3. Throughput Optimized HDD (st1)
  4. Cold HDD (sc1)
A
  1. General Purpose SSD (gp2)
  2. Provisioned IOPS SSD (io1)
  3. Throughput Optimized HDD (st1)
  4. Cold HDD (sc1)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Rama creates a S3 bucket ‘mywestwebsite’ in ‘us-west-1’ region. Which of these are correct url to access this bucket? Choose 3.

  1. https://amazonaws. s3.us-west-1.com/mywestwebsite
  2. https://s3.us-west-1.amazonaws.com/mywestwebsite
  3. https://s3.amazonaws.com/mywestwebsite
  4. https://mywestwebsite.s3.amazonaws.com
  5. https://mywestwebsite.s3.us-west-1.amazonaws.com
A
  1. https://amazonaws. s3.us-west-1.com/mywestwebsite
  2. https://s3.us-west-1.amazonaws.com/mywestwebsite
  3. https://s3.amazonaws.com/mywestwebsite
  4. https://mywestwebsite.s3.amazonaws.com
  5. https://mywestwebsite.s3.us-west-1.amazonaws.com
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

You have developed a web application and plan to deploy it in your VPC in us-west region. Your VPC has three subnets mapped to three availability zones: us-west-1a, us-west-1b, us-west-1c. Your application requires in normal scenario nine servers but can run on a minimum 66 percent capacity. How many web server instances should you deploy in each of three AZ so that you can meet the above availability requirements in a cost effective way?

  1. Six in us-west-1a, six in us-west-1b, six in us-west-1c.
  2. Two in us-west-1a, two in us-west-1b, four in us-west-1c.
  3. Four in us-west-1a, four in us-west-1b, four in us-west-1c.
  4. Three in us-west-1a, three in us-west-1b, three in us-west-1c.
A
  1. Six in us-west-1a, six in us-west-1b, six in us-west-1c.
  2. Two in us-west-1a, two in us-west-1b, four in us-west-1c.
  3. Four in us-west-1a, four in us-west-1b, four in us-west-1c.
  4. Three in us-west-1a, three in us-west-1b, three in us-west-1c.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Your company is planning to use WordPress hosted on AWS for corporate website. You are planning to run your WordPress site using an auto scaling group of Amazon EC2 instances and database layer on Amazon RDS Aurora. Which Amazon service you should use to store shared, unstructured WordPress data like php files, config themes, plugin etc. This storage service should be accessible by multiple WordPress EC2 instances.

  1. Amazon S3
  2. Amazon RDS
  3. Amazon EFS
  4. Amazon EBS
A
  1. Amazon S3
  2. Amazon RDS
  3. Amazon EFS
  4. Amazon EBS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

You have deployed a fleet of EC2 instances using an auto scaling group based on target tracking dynamic scaling. Recently you notice that scaling policy is launching, terminating and relaunching many instances in an hour. This has led to increased cost as you are getting billed for every instance which is getting launched for few seconds to few minutes. What should you do so that frequency of launching and termination of instances is optimized? Choose 2

  1. Scale out quickly but scale in slowly. Increase the duration of cooldown period.
  2. Scale out slowly and scale in quickly. Decrease the duration of cooldown period.
  3. Change the target tracking scaling metric
  4. Analyze and change the target tracking metric target value.
A
  1. Scale out quickly but scale in slowly. Increase the duration of cooldown period.
  2. Scale out slowly and scale in quickly. Decrease the duration of cooldown period.
  3. Change the target tracking scaling metric
  4. Analyze and change the target tracking metric target value.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which AWS service you will use to direct your users to application based on their geographic location, application health, and weights that you can configure. You also want to use static IP addresses that are globally unique for your application so that there is no need to update clients as your application scales. Your application has Application Load Balancers.

  1. CloudFront
  2. Route53
  3. Application Load Balancer
  4. Global Accelerator
A
  1. CloudFront
  2. Route53
  3. Application Load Balancer
  4. Global Accelerator
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

You have purchased an a1.large Linux Standard Reserved Instance in us-west-1a. Which of the following ways you can modify the reservation? Choose 3.

  1. Change it into windows instance
  2. Change it in a1.xlarge
  3. Change the region to us-east and AZ to us-east-1a
  4. Change the AZ to us-west-1b
  5. Change it into two a1.medium instances.
A
  1. Change it into windows instance
  2. Change it in a1.xlarge
  3. Change the region to us-east and AZ to us-east-1a
  4. Change the AZ to us-west-1b
  5. Change it into two a1.medium instances.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following statements is incorrect as the suitable scenario for using ENI vs EN vs EFA?

  1. Use ENI when you need basic networking and want to create a separate management network at low cost.
  2. Use ENI when you need to accelerate High Performance Computing and machine learning application.
  3. Use EN (Enhanced Networking) when you need speeds between 10GBps and 100 GBps with high throughput.
  4. Use EFA when you need to accelerate High Performance Computing and machine learning application
A
  1. Use ENI when you need basic networking and want to create a separate management network at low cost.
  2. Use ENI when you need to accelerate High Performance Computing and machine learning application.
  3. Use EN (Enhanced Networking) when you need speeds between 10GBps and 100 GBps with high throughput.
  4. Use EFA when you need to accelerate High Performance Computing and machine learning application
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

You are migrating your on premise Windows-based custom build .Net applications to AWS cloud platform using Lift-and-Shift strategy. These applications require shared file storage provided by Windows-based file systems (NTFS) and that uses the SMB protocol. Which AWS services you will use? Choose 2.

  1. Lambda
  2. EFS
  3. EBS
  4. EC2
  5. FSx for Windows File Server
A
  1. Lambda
  2. EFS
  3. EBS
  4. EC2
  5. FSx for Windows File Server
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You recently launched your website to your global users. After few hours you got to know that some of the static images you are distributing through Cloudfront needs to be changed as they are of older version. You know that default expiration of content served from Cloudfront edge server is 24 hours. What should you do so that new version of images are immediately reflected in user requests? Choose 2.

  1. Invalidate the file from edge caches.
  2. Validate the file from edge caches.
  3. Replace the files in the origin servers with new files having same name.
  4. Use file versioning to serve a different version of the file that has a different name.
A
  1. Invalidate the file from edge caches.
  2. Validate the file from edge caches.
  3. Replace the files in the origin servers with new files having same name.
  4. Use file versioning to serve a different version of the file that has a different name.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

You have a web app that provides video transcoding services. The videos uploaded by the users are first stored in a S3 bucket where you have configured “An object created event” notification to a SQS queue. There are fleet of EC2 instances which picks up the videos from the queue and places it in another S3 bucket after transcoding the file. These consumer fleet of EC2 instance also has dynamic auto scaling policy based on custom metric ‘backlog per instance’. Which type of EC2 instances you will use which will be most cost effective given that you don’t have defined duration in which you have to complete the transcoding for an uploaded file?

  1. Reserved Instances
  2. On-demand Instances
  3. Saving plans Instances
  4. Spot Instances
A
  1. Reserved Instances
  2. On-demand Instances
  3. Saving plans Instances
  4. Spot Instances
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which Amazon EBS volume type you will use for Streaming workloads requiring consistent, fast throughput at a low price Big data or Data warehouses Log processing

  1. General Purpose SSD (gp2)
  2. Provisioned IOPS SSD (io1)
  3. Throughput Optimized HDD (st1)
  4. Cold HDD (sc1)
A
  1. General Purpose SSD (gp2)
  2. Provisioned IOPS SSD (io1)
  3. Throughput Optimized HDD (st1)
  4. Cold HDD (sc1)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

You are using Amazon SQS in your ecommerce application to send order confirmation email asynchronously. You have created a program which polls the SQS queue frequently for new order message and then sends the email after fetching new order message from the queue. You observe that at times the program is getting empty response to the ReceiveMessage request. What should you do to eliminate empty responses to reduce cost?

  1. Create a delay queue.
  2. Increase the duration of visibility timeout value to higher number.
  3. Make wait time for the ReceiveMessage API action is greater than 0 to effect long polling.
  4. Make wait time for the ReceiveMessage API action is greater than 0 to effect short polling.
A
  1. Create a delay queue.
  2. Increase the duration of visibility timeout value to higher number.
  3. Make wait time for the ReceiveMessage API action is greater than 0 to effect long polling.
  4. Make wait time for the ReceiveMessage API action is greater than 0 to effect short polling.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

You are developing a mobile application that will enable user to login using their userids in Facebook, Amazon and Google. In the cloud backend you will have Serverless architecture. For backend application data storage you want to use a RDBMS database. What is the minimum set of AWS services you will need for your mobile application and backend cloud application?

  1. Lambda, Cognito, API Gateway, DynamoDB
  2. Lambda, Cognito, API Gateway, Aurora Serverless
  3. Elastic Beanstalk, Cognito, API Gateway, Aurora
  4. Lambda, Fargate, API Gateway, DynamoDB
A
  1. Lambda, Cognito, API Gateway, DynamoDB
  2. Lambda, Cognito, API Gateway, Aurora Serverless
  3. Elastic Beanstalk, Cognito, API Gateway, Aurora
  4. Lambda, Fargate, API Gateway, DynamoDB
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

You are solution architect for a Stock Trading web application provider company. Financial regulation mandates them to keep the trading data for five years. From analysis of past internal and customer access behavior you are certain that data more than two year old is unlikely to be accessed, data less than two year old but more than six months old is infrequently accessed. Any data less than six months old will need to have faster access. Currently 150 TB data are stored in in-premise data storage which company is planning to move to AWS cloud storage to save cost. Which is the most cost effective option?

  1. Store the data on Amazon S3 with lifecycle policy that change the storage class from Standard to Standard-IA in six months, from Standard-IA to Glacier in 1.5 years and expiration in 3.5 years.
  2. Store the data on Amazon S3 with lifecycle policy that change the storage class from Standard to Standard-IA in six months, from Standard-IA to Glacier in two year and expiration in five years.
  3. Store all the data in Redshift data warehouse
  4. Store all the data in EBS general purpose volume attached to EC2 cheapest instance
A
  1. Store the data on Amazon S3 with lifecycle policy that change the storage class from Standard to Standard-IA in six months, from Standard-IA to Glacier in 1.5 years and expiration in 3.5 years.
  2. Store the data on Amazon S3 with lifecycle policy that change the storage class from Standard to Standard-IA in six months, from Standard-IA to Glacier in two year and expiration in five years.
  3. Store all the data in Redshift data warehouse
  4. Store all the data in EBS general purpose volume attached to EC2 cheapest instance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which AWS service lets you monitor the HTTP and HTTPS requests that are forwarded to an Amazon API Gateway, Amazon CloudFront or an Application Load Balancer and gives you control over which traffic to allow or block to your web applications by defining customizable web security rules?

  1. AWS Shield
  2. AWS Cloudtrail
  3. AWS Cloudwatch
  4. AWS WAF
A
  1. AWS Shield
  2. AWS Cloudtrail
  3. AWS Cloudwatch
  4. AWS WAF
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are the two steps you will take regarding your instances if your application requirement is low network latency, high network throughput, majority of the network traffic is between the instances in the group and require highest packet-per-second network Performance? Choose 2.

  1. Use Cluster placement groups
  2. Use Spread Placement groups
  3. Choose an instance type that supports enhanced networking
  4. Choose an instance type that supports performance networking
A
  1. Use Cluster placement groups
  2. Use Spread Placement groups
  3. Choose an instance type that supports enhanced networking
  4. Choose an instance type that supports performance networking
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

You are the architect of a payment gateway provider and anticipating a fivefold increase in traffic in the upcoming shopping season. You are using RDS with MySQL as database engine. During load testing you notice a decrease in query performance with increase in traffic. Which of the following options you could do immediately to increase database performance?

  1. Instead of MySQL use Oracle or SQL Server.
  2. Instead of MySQL use DynamoDB.
  3. Use Multi-AZ deployment option to increase read and write performance.
  4. Use Read Replicas and redirect read queries to those replicas.
A
  1. Instead of MySQL use Oracle or SQL Server.
  2. Instead of MySQL use DynamoDB.
  3. Use Multi-AZ deployment option to increase read and write performance.
  4. Use Read Replicas and redirect read queries to those replicas.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

John hosts his personal blog website as static website on S3. The bucket name he uses to store his website files is ‘west-bucket’ in ‘us-west-2’ region. The photos are uploaded under the main bucket folder using the S3 console. What is the url of john’s static website?

  1. A. http:// s3-us-west-2.amazonaws.com/ west-bucket
  2. B. http://west-bucket.s3-us-west-2.amazonaws.com/
  3. C. http://west-bucket.s3-website-us-west-2.amazonaws.com/
  4. D. http:// s3-website-us-west-2.amazonaws.com/west-bucket
A
  1. A. http:// s3-us-west-2.amazonaws.com/ west-bucket
  2. B. http://west-bucket.s3-us-west-2.amazonaws.com/
  3. C. http://west-bucket.s3-website-us-west-2.amazonaws.com/
  4. D. http:// s3-website-us-west-2.amazonaws.com/west-bucket
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

You are creating proof of concept web application and want to quickly deploy and manage applications in the AWS Cloud without having to learn about the infrastructure that runs those applications. You don’t want to handle the details of capacity provisioning, load balancing, scaling, and application health monitoring. Which AWS services you should leverage?

  1. EC2, ELB, Auto Scaling
  2. AWS Elastic Beanstalk
  3. Lambda, ELB, Auto Scaling
  4. EC2, S3, ELB, Auto Scaling
  5. Lambda, ELB, Auto Scaling, CloudFormation
A
  1. EC2, ELB, Auto Scaling
  2. AWS Elastic Beanstalk
  3. Lambda, ELB, Auto Scaling
  4. EC2, S3, ELB, Auto Scaling
  5. Lambda, ELB, Auto Scaling, CloudFormation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

You are running the following On-Demand Instances in account A:

4 x m3.large Linux, default tenancy instances in Availability Zone us-east-1a

2 x m4.xlarge Amazon Linux, default tenancy instances in Availability Zone us-east-1b

1 x c4.xlarge Amazon Linux, default tenancy instances in Availability Zone us-east-1c

You purchase the following Reserved Instances in account A:

4 x m3.large Linux, default tenancy Reserved Instances in Availability Zone us-east-1a (capacity is reserved)

4 x m4.large Amazon Linux, default tenancy Reserved Instances in Region us-east-1

1 x c4.large Amazon Linux, default tenancy Reserved Instances in Region us-east-1

How the reserved instances are applied? Choose 3.

  1. reservation of the four m3.large zonal Reserved Instances is used by the four m3.large instances
  2. m4.large regional Reserved Instances billing discount applies to 100% usage of 2 x m4.xlarge Amazon Linux, default tenancy
  3. m4.large regional Reserved Instances billing discount applies to 50% usage 2 x m4.xlarge Amazon Linux, default tenancy
  4. c4.large regional Reserved Instance billing discount applies to 50% of c4.xlarge usage.
  5. c4.large regional Reserved Instance billing discount applies to 100% of c4.xlarge usage.
A
  1. reservation of the four m3.large zonal Reserved Instances is used by the four m3.large instances
  2. m4.large regional Reserved Instances billing discount applies to 100% usage of 2 x m4.xlarge Amazon Linux, default tenancy
  3. m4.large regional Reserved Instances billing discount applies to 50% usage 2 x m4.xlarge Amazon Linux, default tenancy
  4. c4.large regional Reserved Instance billing discount applies to 50% of c4.xlarge usage.
  5. c4.large regional Reserved Instance billing discount applies to 100% of c4.xlarge usage.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

A law firm has an internal tablet/mobile application used by employees to download large word documents in their devices for offline review. These document’s size are in the range of 10-20 MB. The employees save the document in local device storage, edit it in offline mode and then use the feature in app to upload file to cloud storage. Most of the time users are expected to be in area of high mobile bandwidth of LTE or WIFI but some time they may be in area using a slow speed network (EDGE) or 3G with lots of fluctuations. The files are stored in AWS S3 buckets. What approach should the architect recommend for file upload in application?

  1. Use Single PUT operation to upload the files to S3
  2. Use Multipart upload to upload the files to S3
  3. Use Amazon S3 Transfer Acceleration to upload the files
  4. Use Single POST operation to upload the files to S3
A
  1. Use Single PUT operation to upload the files to S3
  2. Use Multipart upload to upload the files to S3
  3. Use Amazon S3 Transfer Acceleration to upload the files
  4. Use Single POST operation to upload the files to S3
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Because of a new regulatory compliance requirement you have to encrypt all your encrypted existing application RDS DB instances. You know that in AWS RDS DB instance you can only enable encryption for an Amazon RDS DB instance when you create it, not after the DB instance is created. What steps you should take to meet the compliance requirements?Choose 2.

  1. Step1: You create a new DB instance with encryption enabled
  2. Step 2: Copy data from the old DB instance to new encrypted DB instance
  3. Step1: You can create a snapshot of your DB instance, and then create an encrypted copy of that snapshot.
  4. Step2: You can then restore a DB instance from the encrypted snapshot, and thus you have an encrypted copy of your original DB instance.
A
  1. Step1: You create a new DB instance with encryption enabled
  2. Step 2: Copy data from the old DB instance to new encrypted DB instance
  3. Step1: You can create a snapshot of your DB instance, and then create an encrypted copy of that snapshot.
  4. Step2: You can then restore a DB instance from the encrypted snapshot, and thus you have an encrypted copy of your original DB instance.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

When should you use EFS vs FSx for Windows vs FSx for Lustre? Choose 3.

  1. Use EFS, for Windows Applications and Windows instances when you need simple, scalable, fully managed elastic NFS file.
  2. Use FSx for Windows File Server, for Linux based application when you need centralized storage having native support for POSIX file system features and support for network access through industry-standard Server Message Block (SMB) protocol.
  3. Use EFS, for Linux Applications and Linux instances when you need simple, scalable, fully managed elastic NFS file.
  4. Use FSx for Windows File Server, for Windows based application when you need centralized storage having native support for Windows file system features and support for network access through industry-standard Server Message Block (SMB) protocol.
  5. Use FSx for Lustre, when you need to launch and run the popular, high-performance Lustre file system for workloads where speed matters, such as machine learning, high performance computing (HPC), video processing, and financial modeling.
A
  1. Use EFS, for Windows Applications and Windows instances when you need simple, scalable, fully managed elastic NFS file.
  2. Use FSx for Windows File Server, for Linux based application when you need centralized storage having native support for POSIX file system features and support for network access through industry-standard Server Message Block (SMB) protocol.
  3. Use EFS, for Linux Applications and Linux instances when you need simple, scalable, fully managed elastic NFS file.
  4. Use FSx for Windows File Server, for Windows based application when you need centralized storage having native support for Windows file system features and support for network access through industry-standard Server Message Block (SMB) protocol.
  5. Use FSx for Lustre, when you need to launch and run the popular, high-performance Lustre file system for workloads where speed matters, such as machine learning, high performance computing (HPC), video processing, and financial modeling.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Your Amazon ECS service can optionally be configured to use Elastic Load Balancing to distribute traffic evenly across the tasks in your service.

  1. TRUE
  2. FALSE
A
  1. TRUE
  2. FALSE
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is a ‘fan out ‘scenario?

  1. A publisher sends same message to multiple SNS topics or SQS queues
  2. Amazon SNS message is sent to a topic and then replicated and pushed to multiple Amazon SQS queues, HTTP endpoints, or email addresses.
  3. Message is sent to a SQS queue and then replicated and pushed to multiple Amazon SNS topics.
  4. Message is sent to a SQS queue and then replicated and pushed to multiple Amazon SQS queues.
A
  1. A publisher sends same message to multiple SNS topics or SQS queues
  2. Amazon SNS message is sent to a topic and then replicated and pushed to multiple Amazon SQS queues, HTTP endpoints, or email addresses.
  3. Message is sent to a SQS queue and then replicated and pushed to multiple Amazon SNS topics.
  4. Message is sent to a SQS queue and then replicated and pushed to multiple Amazon SQS queues.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Your company is planning to store their important documents in S3 storage. The compliance unit wants to be intimated when documents are created or deleted along with the user name. You know that S3 has the feature of event notification for object events like s3: ObjectCreated:*, s3: ObjectRemoved:*. What are the destination where S3 can publish events? Choose3.

  1. Amazon SES
  2. Amazon Simple Notification Service (Amazon SNS) topic
  3. Amazon Simple Queue Service (Amazon SQS) queue
  4. AWS Lambda
A
  1. Amazon SES
  2. Amazon Simple Notification Service (Amazon SNS) topic
  3. Amazon Simple Queue Service (Amazon SQS) queue
  4. AWS Lambda
28
Q

You have three VPCs A, B, C. How many peer connection you need to configure so all the VPCs can access the resource of one another?

  1. Two peer configuration. A-B and B-C peer configuration needs to be done. A-C transitive peering configuration will be automatically done.
  2. Three peer configuration. A-B, B-C and C-A.
  3. Two peer configuration. A-C and B-C peer configuration needs to be done. A-B transitive peering configuration will be automatically done.
  4. None of the above.
A
  1. Two peer configuration. A-B and B-C peer configuration needs to be done. A-C transitive peering configuration will be automatically done.
  2. Three peer configuration. A-B, B-C and C-A.
  3. Two peer configuration. A-C and B-C peer configuration needs to be done. A-B transitive peering configuration will be automatically done.
  4. None of the above.
29
Q

You have a photo upload application and use S3 to store the uploaded images. After an image is uploaded you want to create a thumbnail version of it. Which of the following option will be most scalable and cost effective?

  1. Create a Lambda function that Amazon S3 can invoke when objects are created. Then, the Lambda function can read the image object from the source bucket and create a thumbnail image target bucket.
  2. Have a fleet of EC2 instances running a program which continuously reads the most latest object uploaded in S3 and converts into thumbnail.
  3. S3 posts new image upload event notification as JSON to a SQS queue from which a fleet of EC2 servers will process the image.
  4. S3 posts new image upload event notification as JSON to a SNS topic from which a fleet of EC2 servers will process the image.
A
  1. Create a Lambda function that Amazon S3 can invoke when objects are created. Then, the Lambda function can read the image object from the source bucket and create a thumbnail image target bucket.
  2. Have a fleet of EC2 instances running a program which continuously reads the most latest object uploaded in S3 and converts into thumbnail.
  3. S3 posts new image upload event notification as JSON to a SQS queue from which a fleet of EC2 servers will process the image.
  4. S3 posts new image upload event notification as JSON to a SNS topic from which a fleet of EC2 servers will process the image.
30
Q

You want to run a public-facing web application, while maintaining back-end servers that aren’t publicly accessible. You will have to set up security and routing so that the web servers can communicate with the MySQL database servers. You also need to ensure that database servers can connect to the Internet for software updates but the Internet cannot establish connections to the database servers. How will you set up your VPC configuration? Choose 3.

  1. Set up web servers in a public subnet and the database servers in a private subnet.
  2. The DB instances in the private subnet can access the Internet by using a network address translation (NAT) gateway that resides in the public subnet.
  3. Security Group attached with DB Instance should only allow read or write database requests from the web servers by configuring source as web server’s security group.
  4. The DB instances in the private subnet can access the Internet by using a web server EC2 instance that resides in the public subnet.
A
  1. Set up web servers in a public subnet and the database servers in a private subnet.
  2. The DB instances in the private subnet can access the Internet by using a network address translation (NAT) gateway that resides in the public subnet.
  3. Security Group attached with DB Instance should only allow read or write database requests from the web servers by configuring source as web server’s security group.
  4. The DB instances in the private subnet can access the Internet by using a web server EC2 instance that resides in the public subnet.
31
Q

You are the solution architect for a global financial services company providing banking and stock market trading to its customers. Because of compliance and regulatory reasons the application must be hosted in respective country of the users. For example a U.S citizen request must be routed to application hosted in US-East region and for a European Union user it must be routed to application hosted in EU-Central region. Which routing policy you will configure in the Route 53 to achieve this requirement?

  1. Geolocation Routing
  2. Geoproximity Routing
  3. User Location Routing
  4. User Profile Routing
A
  1. Geolocation Routing
  2. Geoproximity Routing
  3. User Location Routing
  4. User Profile Routing
32
Q

A building construction company’s architects use CAD software installed in their workstation to design architecture blueprints. These blueprint files are very large. The company started using S3 and AWS Storage gateway for file storage and back up. After a while as number of users increased after rolling it out across different global office locations, it was found that transferring/fetching large data files speed was slow. What should they do to decrease the amount of time required to transfer data in a cost effective way?

  1. Increase the bandwidth with your Internet service provider.
  2. Create VPN connection with AWS resources.
  3. Use AWS Direct Connect to connect with AWS resources.
  4. Use AWS Transit Gateway to connect with AWS resources.
A
  1. Increase the bandwidth with your Internet service provider.
  2. Create VPN connection with AWS resources.
  3. Use AWS Direct Connect to connect with AWS resources.
  4. Use AWS Transit Gateway to connect with AWS resources.
33
Q

You are a solution architect for a multinational company which wants to migrate all their existing applications to AWS cloud platform. They want to create separate AWS account based on each country where they have regional headquarters. They also want to centrally manage billing; control access, compliance, and security; and share resources across AWS accounts. If you want to define your own custom multi-account environment with advanced governance and management capabilities which AWS service you will use?

  1. AWS Organizations
  2. AWS System Manager
  3. AWS Control Tower
  4. AWS Service Catalog
A
  1. AWS Organizations
  2. AWS System Manager
  3. AWS Control Tower
  4. AWS Service Catalog
34
Q

You are using DynamoDB to host a discussion forum website on AWS topics (S3, VPC, ELB….). Users can subscribe to notification whenever there is a new discussion thread or post on topics they have chosen. For example user Smith has chosen to be notified for (RDS, EC2, ECS). How can you achieve this?

  1. Use Lambda with DynamoDB stream to capture the new post or topic record insertion in the table, function will have logic to query the list of users subscribed to that discussion topic then it will send notification to subscribed users through SNS.
  2. Use Cloudwatch with DynamoDB stream to capture the new post or topic record insertion in the table, trigger a Lambda to query the list of users subscribed to that discussion topic then it will send notification to subscribed users through SNS.
  3. Use Cloudtrail with DynamoDB stream to capture the new post or topic record insertion in the table, trigger a Lambda to query the list of users subscribed to that discussion topic then it will send notification to subscribed users through SNS.
  4. Use a scheduled job running in an EC2 server to continuously read the DynamoDB table and send the notification to subscribed users through SNS.
A
  1. Use Lambda with DynamoDB stream to capture the new post or topic record insertion in the table, function will have logic to query the list of users subscribed to that discussion topic then it will send notification to subscribed users through SNS.
  2. Use Cloudwatch with DynamoDB stream to capture the new post or topic record insertion in the table, trigger a Lambda to query the list of users subscribed to that discussion topic then it will send notification to subscribed users through SNS.
  3. Use Cloudtrail with DynamoDB stream to capture the new post or topic record insertion in the table, trigger a Lambda to query the list of users subscribed to that discussion topic then it will send notification to subscribed users through SNS.
  4. Use a scheduled job running in an EC2 server to continuously read the DynamoDB table and send the notification to subscribed users through SNS.
35
Q

You have configured a VPC with public and private subnet as shown in the diagram below with: Public subnet: web server instance, NAT instance for private subnet instances to access the internet. Private subnet: RDS instances, fleet of EC2 instances in an auto scaling group. These instances access internet through NAT instance in the public subnet for software updates. The software updates for instances in the private subnet is schedule to run every night from 11 pm – 1am. You observe recently that these updates has become very slow and some of the updates are getting time out before the maintenance window of two hours. You identify the bottleneck is NAT instance network bandwidth. What architecture changes you can do to resolve this problem?

  1. Increase the number of NAT instances and change its instance type to one having more bandwidth.
  2. Use NAT gateway instead of NAT instance.
  3. Place NAT instance in the private subnet to increase network performance.
  4. Change the maintenance window of private subnet instances so as not to overlap with one another.
A
  1. Increase the number of NAT instances and change its instance type to one having more bandwidth.
  2. Use NAT gateway instead of NAT instance.
  3. Place NAT instance in the private subnet to increase network performance.
  4. Change the maintenance window of private subnet instances so as not to overlap with one another.
36
Q

Which strategy KMS uses to encrypt data and also protect your encryption key?

  1. Encryption Context
  2. Symmetric keys
  3. Asymmetric keys
  4. Envelope Encryption
A
  1. Encryption Context
  2. Symmetric keys
  3. Asymmetric keys
  4. Envelope Encryption
37
Q

You are the solution architect for a law firm which is using S3 to store numerous documents related to cases handled by their lawyers. Recently one of the employee inadvertely deleted few important documents stored in bucket. Luckily another employee had the local copy in his computer and you were able to restore the document in the bucket. You have been asked to do configuration changes in S3 so that such unintentional mistakes can be avoided and even if it happens there should be easier way to recover form it ?Choose 3.

  1. Set S3 object lock
  2. Enable S3 cross region replication
  3. Enable bucket versioning
  4. Enable MFA delete on a bucket
A
  1. Set S3 object lock
  2. Enable S3 cross region replication
  3. Enable bucket versioning
  4. Enable MFA delete on a bucket
38
Q

You run an online photo editing website for two type of members: free members and fee paying premium members. The set of editing requests and photos is placed asynchronously in a SQS queue which is then process by worked EC2 instances in an auto scaling group. The architecture has two SQS queues, one for premium members and one for free members editing task. You have on-demand EC2 instances in an auto scale group to process the messages in the premium members queue and spot instances for processing the message from free member queue. At times spot instances are terminated by AWS. What will happen to messages which are in-process by those terminated instances?

  1. The message will be deleted by SQS.
  2. The message will be deleted by the terminated instance and will not appear in the queue.
  3. The message will be visible immediately in the queue and picked up for processing by other live spot instance.
  4. The message will be visible in the queue after the visibility time is over and picked up for processing by other live spot instance.
A
  1. The message will be deleted by SQS.
  2. The message will be deleted by the terminated instance and will not appear in the queue.
  3. The message will be visible immediately in the queue and picked up for processing by other live spot instance.
  4. The message will be visible in the queue after the visibility time is over and picked up for processing by other live spot instance.
39
Q

You are designing an online gaming application for users across the world. As the game comprise of augmented reality, high performance and very low latency is one of the important criteria for providing best gaming experience. Because of this reason you want to design a multiregional architecture using DynamoDB as the database. Which of the following will you use in the application to meet these design criteria? Choose 2.

  1. Use Cloudfront with DynamoDB as origin
  2. Enable DynamoDB Accelerator (DAX) and DynamoDB auto scaling
  3. Use DynamoDB Global Tables
  4. Enable DynamoDB Adaptive Capacity
A
  1. Use Cloudfront with DynamoDB as origin
  2. Enable DynamoDB Accelerator (DAX) and DynamoDB auto scaling
  3. Use DynamoDB Global Tables
  4. Enable DynamoDB Adaptive Capacity
40
Q

How many IP addresses in each subnet CIDR block are not available for you to use, and cannot be assigned to an instance?

  1. 2
  2. 3
  3. 4
  4. 5
A
  1. 2
  2. 3
  3. 4
  4. 5
41
Q

You have developed your own blog website ‘www.mycloudblogs.com’ in which you write about AWS, Cloud and Digital topics. It also has other features of discussion forums and ability for the user to take mock tests. You have deployed it in a VPC, web server on EC2 instances with Auto Scaling group and an Application Load Balancer (ALB) in the front. The domain name ‘www.mycloudblogs.com’ will be pointing to the ALB. You are also using Route 53 to manage DNS Which record types will you create in Route 53 assuming you have configured your VPC and ALB to route only IPv4 traffic?

  1. ‘AAAA’ Alias record with Alias Target as the ALB
  2. ‘A’ Alias record with Alias Target as the ALB
  3. ‘A’ Non Alias record with Alias Target as the ALB
  4. ‘AAAA’ Non Alias record with Alias Target as the ALB
  5. CNAME record with Alias Target as the ALB
A
  1. ‘AAAA’ Alias record with Alias Target as the ALB
  2. ‘A’ Alias record with Alias Target as the ALB
  3. ‘A’ Non Alias record with Alias Target as the ALB
  4. ‘AAAA’ Non Alias record with Alias Target as the ALB
  5. CNAME record with Alias Target as the ALB
42
Q

Your company is migrating two existing applications to AWS. Application portfolio has one internet application which will be accessed by its customers and one intranet application which will be accessed only by employees from corporate network. Your plan is to create one VPC and deploy each application instances individually in a separate subnet. You also want to ensure that whole design is fault tolerant and services should not be hampered in case one of AWS AZ goes down? How many minimum subnets should you create?

  1. 2 subnets
  2. 4 subnets
  3. 1 subnets
  4. 6 subnets
A
  1. 2 subnets
  2. 4 subnets
  3. 1 subnets
  4. 6 subnets
43
Q

How are the rules evaluated in a security group (SG) and network ACLs? Choose 2.

  1. Network ACLs evaluate all rules before deciding whether to allow traffic
  2. SG evaluate all rules before deciding whether to allow traffic
  3. Network ACLs process rules in number order when deciding whether to allow traffic
  4. SG process rules in number order when deciding whether to allow traffic
A
  1. Network ACLs evaluate all rules before deciding whether to allow traffic
  2. SG evaluate all rules before deciding whether to allow traffic
  3. Network ACLs process rules in number order when deciding whether to allow traffic
  4. SG process rules in number order when deciding whether to allow traffic
44
Q

You were doing a PoC for a web application using a simple three tier architecture as shown below. Now you want to leverage other AWS services and features to change this architecture for production environment for global user base. The key architecture criteria are:

  • It should be resilient.
  • It should be elastic to grow for handling the increased load.
  • Reduce latency for global user base and high performance.
  • Though application is stateless, it should be able to track user session.
  • Storage for static assets and backups.

What services you will use to meet above criteria?

  1. Application Load Balancer, RDS Multi-AZ & Read Replica, Web EC2 Instance Auto Scale Multi AZ, ElastiCache, Cloudfront, S3
  2. Application Load Balancer, RDS , Web EC2 Instance Auto Scale Multi AZ, DynamoDB, ElastiCache, Cloudfront, S3
  3. Application Load Balancer, RDS Multi-AZ & Read Replica, Web EC2 Instance Auto Scale Multi AZ, S3
  4. Application Load Balancer, RDS, Web EC2 Instance Auto Scale Multi AZ, DynamoDB, ElastiCache, Cloudfront, S3
A
  1. Application Load Balancer, RDS Multi-AZ & Read Replica, Web EC2 Instance Auto Scale Multi AZ, ElastiCache, Cloudfront, S3
  2. Application Load Balancer, RDS , Web EC2 Instance Auto Scale Multi AZ, DynamoDB, ElastiCache, Cloudfront, S3
  3. Application Load Balancer, RDS Multi-AZ & Read Replica, Web EC2 Instance Auto Scale Multi AZ, S3
  4. Application Load Balancer, RDS, Web EC2 Instance Auto Scale Multi AZ, DynamoDB, ElastiCache, Cloudfront, S3
45
Q

You are the solution architect for a SaaS application in which you provide different domain to each tenant. How will you configure multiple certificates for different domains using Elastic Load Balancing (ELB) so that multi-tenant SaaS applications can run behind the same load balancer? Choose 2.

  1. Use a Subject Alternative Name (SAN) certificate to validate multiple domains behind the load balancer, including wildcard domains, with AWS Certificate Manager (ACM).
  2. Use an Application Load Balancer (ALB), which supports multiple SSL certificates and smart certificate selection using Server Name Indication (SNI).
  3. It is not possible.
  4. Use a Classic Load Balancer, which supports multiple SSL certificates and smart certificate selection using Server Name Indication (SNI).
A
  1. Use a Subject Alternative Name (SAN) certificate to validate multiple domains behind the load balancer, including wildcard domains, with AWS Certificate Manager (ACM).
  2. Use an Application Load Balancer (ALB), which supports multiple SSL certificates and smart certificate selection using Server Name Indication (SNI).
  3. It is not possible.
  4. Use a Classic Load Balancer, which supports multiple SSL certificates and smart certificate selection using Server Name Indication (SNI).
46
Q

You are solution architect for a sports media company that hosts its websites on AWS. Most of the users visits the website for reading latest news, videos and articles on different sports available on the website, only minority of users write reviews or comments. Website server runs on Amazon EC2 auto scale enabled instances along with single EC2 instance for MySQL. With increase in the popularity of the website you have been tasked to make it more resilient and improve the performance. How can you do that? Choose 2.

  1. Migrate MySQL to Amazon RDS with Multi-AZ for performance.
  2. Migrate MySQL to Amazon RDS with Multi-AZ for resiliency.
  3. Enable Read Replicas on Amazon RDS and distribute read traffic for performance improvement.
  4. Enable Read Replicas on Amazon RDS and distribute read traffic for resiliency.
A
  1. Migrate MySQL to Amazon RDS with Multi-AZ for performance.
  2. Migrate MySQL to Amazon RDS with Multi-AZ for resiliency.
  3. Enable Read Replicas on Amazon RDS and distribute read traffic for performance improvement.
  4. Enable Read Replicas on Amazon RDS and distribute read traffic for resiliency.
47
Q

What is Recovery Time Objective (RTO)?

  1. The time it takes after a disruption to restore a database to its service level, as defined by the operational level agreement (OLA).
  2. The acceptable amount of performance loss measured in time.
  3. The time it takes after a disruption to restore a business process to its service level, as defined by the operational level agreement (OLA).
  4. The acceptable amount of data loss measured in time.
A
  1. The time it takes after a disruption to restore a database to its service level, as defined by the operational level agreement (OLA).
  2. The acceptable amount of performance loss measured in time.
  3. The time it takes after a disruption to restore a business process to its service level, as defined by the operational level agreement (OLA).
  4. The acceptable amount of data loss measured in time.
48
Q

What are available retrieval options when restoring an archived object from S3 in Glacier and Deep Archive storage? Choose 3.

  1. Expedited
  2. Standard
  3. Urgent
  4. Bulk
  5. Immediate
A
  1. Expedited
  2. Standard
  3. Urgent
  4. Bulk
  5. Immediate
49
Q

You are solution architect for a new global tennis sports news web site. Web site will be hosted on a fleet of EC2 instances. Which AWS services you can use to ensure that when load on website increases, users will not experience slow response? Choose 3.

  1. Amazon ElastiCache as in memory data store for web caching.
  2. AWS Auto Scaling for web site resources.
  3. CloudFormation to deploy the application in AWS region with maximum online users.
  4. AWS CloudFront with website as the custom origin.
A
  1. Amazon ElastiCache as in memory data store for web caching.
  2. AWS Auto Scaling for web site resources.
  3. CloudFormation to deploy the application in AWS region with maximum online users.
  4. AWS CloudFront with website as the custom origin.
50
Q

How can you ensure that the load balancer stops sending requests to instances that are deregistering or unhealthy while keeping the existing session connection open so as to complete the in-flight requests to these instances ?

  1. Programmatically keep sending requests to the same instance till session completes.
  2. Enable sticky sessions.
  3. Enable connection draining.
  4. All of the above.
A
  1. Programmatically keep sending requests to the same instance till session completes.
  2. Enable sticky sessions.
  3. Enable connection draining.
  4. All of the above.
51
Q

Which AWS security service uses machine learning to automatically discover, classify, and protect sensitive data such as personally identifiable information (PII) or intellectual property.

  1. AWS WAF
  2. AWS Shield
  3. Amazon GuardDuty
  4. Amazon Macie
A
  1. AWS WAF
  2. AWS Shield
  3. Amazon GuardDuty
  4. Amazon Macie
52
Q

How can you protect data at rest in S3? Choose 2.

  1. Using server side encryption
  2. Using client side encryption
  3. Using SSL between client and S3
A
  1. Using server side encryption
  2. Using client side encryption
  3. Using SSL between client and S3
53
Q

Which AWS database service will you choose for Online Analytical Processing (OLAP)?

  1. Amazon RDS
  2. Amazon Redshift
  3. Amazon Glacier
  4. Amazon DynamoDB
A
  1. Amazon RDS
  2. Amazon Redshift
  3. Amazon Glacier
  4. Amazon DynamoDB
54
Q

Soma is founder of an Artificial Intelligence product start up. Upon starting the company, she created her own AWS account and used AWS products by herself. Then as company expanded she hired developers, admins, testers, managers, and system administrators. Using AWS account root user credentials she created a user for herself called Soma, and a group called Admins. She added user Soma to group Admins. She also created groups called Developers, Testers, Managers and SysAdmins. She created users for each of her employees, and puts the users in their respective groups. What IAM best practice she should follow so that she can easily apply any account-wide permissions to all users in the AWS account?

  1. Create a customer managed policy and attach to each user.
  2. Any account wide permission can be updated in each of the group’s permission (Developers, Testers, Managers and SysAdmins) are attached to.
  3. She should create a group called AllUsers and add all users to that group so that she can easily apply any account-wide permissions to all users in the AWS account..
  4. Create a customer managed policy and attach to each group.
A
  1. Create a customer managed policy and attach to each user.
  2. Any account wide permission can be updated in each of the group’s permission (Developers, Testers, Managers and SysAdmins) are attached to.
  3. She should create a group called AllUsers and add all users to that group so that she can easily apply any account-wide permissions to all users in the AWS account..
  4. Create a customer managed policy and attach to each group.
55
Q

Your company is adopting AWS cloud by migrating majority of existing on-premise application to cloud and retaining some of them on premise. Currently they use on-premises AD to administer user accounts, manage group memberships, and control access to on-premises resources. You want to enable your users to sign in to the AWS Management Console using on-premises AD credentials to manage AWS resources such as Amazon EC2, Amazon RDS, and Amazon S3. How can you achieve this? Choose 2.

  1. Connect Your On-Premises Active Directory to AWS Simple AD for federated AWS Management Console access.
  2. Connect Your On-Premises Active Directory to AWS Using AD Connector for federated AWS Management Console access.
  3. By using an AD trust between AWS Microsoft AD and your on-premises AD, you can assign your on-premises AD users and groups to IAM roles for AWS Management Console access.
  4. By using an AD trust between AWS Simple AD and your on-premises AD, you can assign your on-premises AD users and groups to IAM roles for AWS Management Console access.
A
  1. Connect Your On-Premises Active Directory to AWS Simple AD for federated AWS Management Console access.
  2. Connect Your On-Premises Active Directory to AWS Using AD Connector for federated AWS Management Console access.
  3. By using an AD trust between AWS Microsoft AD and your on-premises AD, you can assign your on-premises AD users and groups to IAM roles for AWS Management Console access.
  4. By using an AD trust between AWS Simple AD and your on-premises AD, you can assign your on-premises AD users and groups to IAM roles for AWS Management Console access.
56
Q

You are the solution architect for a gaming company which has a website from which user can download PC games after online payment. The game executable files are stored in Amazon S3 buckets and distribution is configured in CloudFront. How can you ensure that your users can access your files using only CloudFront URL and not through Amazon S3 URLs? Choose 2.

  1. Require that your users access your private files by using special CloudFront signed URLs.
  2. Require that your users access your private files by using signed cookies.
  3. Create an origin access identity, which is a special CloudFront user, and associate the origin access identity with your distribution
  4. Change the permissions either on your Amazon S3 bucket or on the files in your bucket so that only the origin access identity has read permission (or read and download permission).
A
  1. Require that your users access your private files by using special CloudFront signed URLs.
  2. Require that your users access your private files by using signed cookies.
  3. Create an origin access identity, which is a special CloudFront user, and associate the origin access identity with your distribution
  4. Change the permissions either on your Amazon S3 bucket or on the files in your bucket so that only the origin access identity has read permission (or read and download permission).
57
Q

Which AWS service you will use for real time analytics of streaming data such as IoT telemetry data, application logs, and website clickstreams. ?

  1. Amazon Athena
  2. Amazon Kinesis
  3. Amazon Elasticsearch Service
  4. Amazon QuickSight
A
  1. Amazon Athena
  2. Amazon Kinesis
  3. Amazon Elasticsearch Service
  4. Amazon QuickSight
58
Q

Your company has headquarter in Los Angeles CA and have deployed their internal applications in US-West region. They are going to open a new office in Frankfurt Germany and are planning to transfer few employees as well. To comply with European regulations some of the applications will be replicated in a new AWS account created in EU-Central region. How will you manage the IAM users and roles being used by employees who will be transferred to Frankfurt?

  1. IAM is a global service, users and roles are not region specific. You don’t need to create new one for EU-Central region.
  2. You will need to create new IAM users and roles for EU-Central region.
  3. IAM users is a global service, roles are region specific. You don’t need to create new users but will need to create new roles for EU-Central region.
  4. IAM roles is a global service, users are region specific. You don’t need to create new roles but will need to create new users for EU-Central region.
A
  1. IAM is a global service, users and roles are not region specific. You don’t need to create new one for EU-Central region.
  2. You will need to create new IAM users and roles for EU-Central region.
  3. IAM users is a global service, roles are region specific. You don’t need to create new users but will need to create new roles for EU-Central region.
  4. IAM roles is a global service, users are region specific. You don’t need to create new roles but will need to create new users for EU-Central region.
59
Q

Which AWS service enables developers to manage and synchronize mobile app data in real time across devices and users, but still allows the data to be accessed and altered when the mobile device is in an offline state?

  1. Amazon API Gateway
  2. Amazon Cognito
  3. AWS DataSync
  4. AWS AppSync
A
  1. Amazon API Gateway
  2. Amazon Cognito
  3. AWS DataSync
  4. AWS AppSync
60
Q

Which of the following statements are true regarding security groups (SG) and network ACLs? Choose 2.

  1. SG operates at instance level and network ACLs operates at subnet level.
  2. SG supports allow rules only and network ACLs support allow and deny rules.
  3. Network ACLs operates at instance level and SG operates at subnet level.
  4. Network ACLs supports allow rules only and SG support allow and deny rules.
A
  1. SG operates at instance level and network ACLs operates at subnet level.
  2. SG supports allow rules only and network ACLs support allow and deny rules.
  3. Network ACLs operates at instance level and SG operates at subnet level.
  4. Network ACLs supports allow rules only and SG support allow and deny rules.
61
Q

Which of the following statements are true regarding security groups (SG) and network ACLs? Choose 2.

  1. Network ACLs is stateful: Return traffic is automatically allowed, regardless of any rules.
  2. SG is stateful: Return traffic is automatically allowed, regardless of any rules.
  3. Network ACLs is stateless: Return traffic must be explicitly allowed by rules
  4. SG is stateless: Return traffic must be explicitly allowed by rules.
A
  1. Network ACLs is stateful: Return traffic is automatically allowed, regardless of any rules.
  2. SG is stateful: Return traffic is automatically allowed, regardless of any rules.
  3. Network ACLs is stateless: Return traffic must be explicitly allowed by rules
  4. SG is stateless: Return traffic must be explicitly allowed by rules.
62
Q

Your company first project in AWS cloud is an internal web application to be used by employees only. You want to provide single sign on where employee can use their existing corporate sign on identities. You don’t want to a have separate user management module in the new application which will require your employees to have a separate authentication userid/password. Essentially this will enable your employees to have single sign on to new web application using existing corporate identities. You found that AWS supports this by way of user federation for authenticating using existing corporate identities. Which of the following consideration have to be kept in mind to use this user federation feature? Choose 3.

  1. Existing corporate Identity Provider should be compatible with Security Assertion Markup Language 2.0 (SAML 2.0) to provide single-sign on (SSO) access.
  2. If your corporate Identity Provider is Microsoft Active Directory Federation Service (AD FS), you cannot configure SSO.
  3. If your corporate Identity Provider is Microsoft Active Directory Federation Service (AD FS), you can configure SSO.
  4. If your corporate directory is not compatible with SAML 2.0, you can create an identity broker application to provide single-sign on (SSO) access to the AWS for your users.
  5. If your corporate directory is not compatible with SAML 2.0, you cannot create an identity broker application to provide single-sign on (SSO) access to the AWS Management Console for your users.
A
  1. Existing corporate Identity Provider should be compatible with Security Assertion Markup Language 2.0 (SAML 2.0) to provide single-sign on (SSO) access.
  2. If your corporate Identity Provider is Microsoft Active Directory Federation Service (AD FS), you cannot configure SSO.
  3. If your corporate Identity Provider is Microsoft Active Directory Federation Service (AD FS), you can configure SSO.
  4. If your corporate directory is not compatible with SAML 2.0, you can create an identity broker application to provide single-sign on (SSO) access to the AWS for your users.
  5. If your corporate directory is not compatible with SAML 2.0, you cannot create an identity broker application to provide single-sign on (SSO) access to the AWS Management Console for your users.
63
Q

Which are the two service provided by AWS for workflow implementation?

  1. Simple Workflow Service (SWF)
  2. Step Functions
  3. API Gateway
  4. SQS
A
  1. Simple Workflow Service (SWF)
  2. Step Functions
  3. API Gateway
  4. SQS
64
Q

Which load balancer you should use if you need extreme performance and static IP is needed for your application?

  1. Application Load Balancers
  2. Classic Load Balancers
  3. Database Load Balancers
  4. Network Load Balancers
A
  1. Application Load Balancers
  2. Classic Load Balancers
  3. Database Load Balancers
  4. Network Load Balancers
65
Q

Your company is exploring AWS Storage Gateway for extending their on-premise storage. One of the key criteria is to have AWS as the primary storage but still there should be fast and low latency access to frequently accessed data. Which Storage Gateway option will meet this criteria? Choose 2.

  1. Tape Gateway
  2. File Gateway
  3. Volume Stored Gateway
  4. Volume Cached Gateway
A
  1. Tape Gateway
  2. File Gateway
  3. Volume Stored Gateway
  4. Volume Cached Gateway

AWS Study Deck - SAA (18 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions