Real test 2 Flashcards

Question 1

Q

How can an EBS volume that is currently attached to an EC2 instance be migrated from one Availability Zone to another?
A. Detach the volume and attach it to another EC2 instance in the other AZ.
B. Simply create a new volume in the other AZ and specify the original volume as the source.
C. Create a snapshot of the volume, and create a new volume from the snapshot in the other AZ.
D. Detach the volume, then use the ec2-migrate-volume command to move it to another AZ.

Answer

A

Answer is C. EBS is Available Zone specific, not a Region Specific. You have to complete the snapshot and create new volume in another Available Zone from the snapshot.

Question 2

Q

After launching an instance that you intend to serve as a NAT (Network Address Translation) device in a public subnet you modify your route tables to have the NAT device be the target of internet bound traffic of your private subnet. When you try and make an outbound connection to the internet from an instance in the private subnet, you are not successful.
Which of the following steps could resolve the issue?
A. Disabling the Source/Destination Check attribute on the NAT instance
B. Attaching an Elastic IP address to the instance in the private subnet
C. Attaching a second Elastic Network Interface (ENI) to the NAT instance, and placing it in the private subnet
D. Attaching a second Elastic Network Interface (ENI) to the instance in the private subnet, and placing it in

Answer

A

Correct Answer: A
Reference:

http://docs.aws.amazon.com/workspaces/latest/adminguide/gsg_create_vpc.html

Question 3

Q

Your application provides data transformation services. Files containing data to be transformed are first uploaded to Amazon S3 and then transformed by a fleet of spot EC2 instances. Files submitted by your premium customers must be transformed with the highest priority.
How should you implement such a system?
A. Use a DynamoDB table with an attribute defining the priority level. Transformation instances will scan the table for tasks, sorting the results by priority level.
B. Use Route 53 latency based-routing to send high priority tasks to the closest transformation instances.
C. Use two SQS queues, one for high priority messages, the other for default priority. Transformation instances first poll the high priority queue; if there is no message, they poll the default priority queue.
D. Use a single SQS queue. Each message contains the priority level. Transformation instances poll high-

Answer

A

simple answer: c

http://jayendrapatil.com/aws-sqs-simple-queue-service/

Question 4

Q

Which of the following are characteristics of Amazon VPC subnets? (Choose 2)
A. Each subnet spans at least 2 Availability Zones to provide a high-availability environment.
B. Each subnet maps to a single Availability Zone.
C. CIDR block mask of /25 is the smallest range supported.
D. By default, all subnets can route between each other, whether they are private or public.
E. Instances in a private subnet can communicate with the Internet only if they have an Elastic IP.

Answer

A

Subnet is always a single AZ. BD is correct answer.

Question 5

Q

In AWS, which security aspects are the customer’s responsibility? (Choose 4)
A. Security Group and ACL (Access Control List) settings
B. Decommissioning storage devices
C. Patch management on the EC2 instance’s operating system
D. Life-cycle management of IAM credentials
E. Controlling physical access to compute resources
F. Encryption of EBS (Elastic Block Storage) volumes

Answer

A

A C D F you are responsible for EBS encryption and you cant possibly be responsible for controlling physical access

Question 6

Q

When you put objects in Amazon S3, what is the indication that an object was successfully stored?
A. A HTTP 200 result code and MD5 checksum, taken together, indicate that the operation was successful.
B. Amazon S3 is engineered for 99.999999999% durability. Therefore there is no need to confirm that data was inserted.
C. A success code is inserted into the S3 object metadata.
D. Each S3 account has a special bucket named _s3_logs. Success codes are written to this bucket with a

Answer

A

http://jayendrapatil.com/aws-simple-storage-service-s3-overview/

Question 7

Q

Within the IAM service a GROUP is regarded as a:
A. A collection of AWS accounts
B. It’s the group of EC2 machines that gain the permissions specified in the GROUP.
C. There’s no GROUP in IAM, but only USERS and RESOURCES.
D. A collection of users.

Answer

A

Answer is D. IAM (Identity and Access Management) Group is a collection of users,

Question 8

Q

Amazon EC2 provides a repository of public data sets that can be seamlessly integrated into AWS cloud- based applications.
What is the monthly charge for using the public data sets?
A. A 1-time charge of 10$ for all the datasets.
B. 1$ per dataset per month
C. 10$ per month for all the datasets
D. There is no charge for using the public data sets

Answer

A

D

http://jayendrapatil.com/aws-ec2-storage/

Question 9

Q

In the Amazon RDS Oracle DB engine, the Database Diagnostic Pack and the Database Tuning Pack are only available with \_\_\_\_\_\_\_\_\_\_.
A. Oracle Standard Edition
B. Oracle Express Edition
C. Oracle Enterprise Edition
D. None of these

Answer

A

Answer is C. Enterprise Edition Options are currently supported under the BYOL model:
Advanced Security (Transparent Data Encryption, Native Network Encryption)
Partitioning
Management Packs (Diagnostic, Tuning)
Advanced Compression
Total Recall

Question 10

Q

A 3-Ber e-commerce web application is currently deployed on-premises, and will be migrated to AWS for greater scalability and elasticity. The web tier currently shares read-only data using a network distributed file system. The app server tier uses a clustering mechanism for discovery and shared session state that depends on IP multicast. The database tier uses shared-storage clustering to provide database failover capability, and uses several read slaves for scaling. Data on all servers and the distributed file system directory is backed up weekly to off-site tapes.
Which AWS storage and database architecture meets the requirements of the application?
A. Web servers: store read-only data in S3, and copy from S3 to root volume at boot time. App servers: share state using a combination of DynamoDB and IP unicast. Database: use RDS with multi-AZ deployment and one or more read replicas. Backup: web servers, app servers, and database backed up weekly to Glacier using snapshots.
B. Web servers: store read-only data in an EC2 NFS server, mount to each web server at boot time. App servers: share state using a combination of DynamoDB and IP multicast. Database: use RDS with multi- AZ deployment and one or more Read Replicas. Backup: web and app servers backed up weekly via AMIs, database backed up via DB snapshots.
C. Web servers: store read-only data in S3, and copy from S3 to root volume at boot time. App servers: share state using a combination of DynamoDB and IP unicast. Database: use RDS with multi-AZ deployment and one or more Read Replicas. Backup: web and app servers backed up weekly via AMIs, database backed up via DB snapshots.
D. Web servers: store read-only data in S3, and copy from S3 to root volume at boot time App servers: share state using a combination of DynamoDB and IP unicast. Database: use RDS with multi-AZ deployment.

Answer

A

C
Duplicate question #87

ANS: C
http://jayendrapatil.com/aws-storage-options-whitepaper/

A. Snapshots to Glacier don’t work directly with EBS snapshots
B. IP multicast not available in AWS
D. Need Read replicas for scalability and elasticity

Question 11

Q

A user is running a batch process on EBS backed EC2 instances. The batch process launches few EC2 instances to process Hadoop Map reduce jobs which can run between 50 ?600 minutes or sometimes for even more time. The user wants a configuration that can terminate the instance only when the process is completed.
How can the user configure this with CloudWatch?
A. Configure a job which terminates all instances after 600 minutes
B. It is not possible to terminate instances automatically
C. Configure the CloudWatch action to terminate the instance when the CPU utilization falls below 5%
D. Set up the CloudWatch with Auto Scaling to terminate all the instances

Answer

A

Correct Answer: C
Amazon CloudWatch alarm watches a single metric over a time period that the user specifies and performs one or more actions based on the value of the metric relative to a given threshold over a number of time periods. The user can setup an action which terminates the instances when their CPU utilization is below a certain threshold for a certain period of time. The EC2 action can either terminate or stop the instance as part of the EC2 action. http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/UsingAlarmActions.html

Question 12

Q

What is the maximum write throughput I can provision for a single Dynamic DB table?
A. 1,000 write capacity units
B. 100,000 write capacity units
C. Dynamic DB is designed to scale without limits, but if you go beyond 10,000 you have to contact AWS first.
D. 10,000 write capacity units

Answer

A

Correct Answer: C

https://aws.amazon.com/dynamodb/faqs/

Question 13

Q

What is the name of licensing model in which I can use your existing Oracle Database licenses to run Oracle deployments on Amazon RDS?
A. Bring Your Own License
B. Role Bases License
C. Enterprise License
D. License Included

Answer

A

Answer is A

Update new link https://aws.amazon.com/rds/oracle/faqs/

Question 14

Q

When you resize the Amazon RDS DB instance, Amazon RDS will perform the upgrade during the next maintenance window. If you want the upgrade to be performed now, rather than waiting for the maintenance window, specify the option.
A. ApplyNow
B. ApplySoon
C. ApplyThis
D. ApplyImmediately

Answer

A

Correct Answer: D

http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.DBInstance.Modifying.html

Question 15

Q

If I write the below command, what does it do?
ec2-run ami-e3a5408a -n 20 -g appserver
A. Start twenty instances as members of appserver group.
B. Creates 20 rules in the security group named appserver
C. Terminate twenty instances as members of appserver group.
D. Start 20 security groups

Answer

A

Correct Answer: A

Question 16

Q

The \_\_\_\_\_\_\_\_ service is targeted at organizations with multiple users or systems that use AWS products such as Amazon EC2, Amazon SimpleDB, and the AWS Management Console.
A. Amazon RDS
B. AWS Integrity Management
C. AWS Identity and Access Management
D. Amazon EMR

Answer

A

Answer is C.

Question 17

Q

Which AWS instance address has the following characteristics? :"If you stop an instance, its Elastic IP address is unmapped, and you must remap it when you restart the instance."
A. Both A and B
B. None of these
C. VPC Addresses
D. EC2 Addresses

Answer

A

Correct Answer: D
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html

Stopping an instance -

EC2-Classic -
If you stop an instance, its Elastic IP address is disassociated, and you must reassociate the Elastic IP address when you restart the instance.

EC2-VPC -
If you stop an instance, its Elastic IP address remains associated.

Question 18

Q

By default, Amazon Cognito maintains the last-written version of the data. You can override this behavior and resolve data conflicts programmatically.
In addition, push synchronization allows you to use Amazon Cognito to send a silent notification to all devices associated with an identity to notify them that new data is available.
A. get
B. post
C. pull
D. push

Answer

A

Correct Answer: D

http://aws.amazon.com/cognito/faqs/

Question 19

Q

You want to use AWS CodeDeploy to deploy an application to Amazon EC2 instances running within an
Amazon Virtual Private Cloud (VPC).
What criterion must be met for this to be possible?
A. The AWS CodeDeploy agent installed on the Amazon EC2 instances must be able to access only the public AWS CodeDeploy endpoint.
B. The AWS CodeDeploy agent installed on the Amazon EC2 instances must be able to access only the public Amazon S3 service endpoint.
C. The AWS CodeDeploy agent installed on the Amazon EC2 instances must be able to access the public AWS CodeDeploy and Amazon S3 service endpoints.
D. It is not currently possible to use AWS CodeDeploy to deploy an application to Amazon EC2 instances

Answer

A

Correct Answer: C
You can use AWS CodeDeploy to deploy an application to Amazon EC2 instances running within an Amazon
Virtual Private Cloud (VPC).
However, the AWS CodeDeploy agent installed on the Amazon EC2 instances must be able to access the public AWS CodeDeploy and Amazon S3 service endpoints. http://aws.amazon.com/codedeploy/faqs/

Question 20

Q

An IAM user is trying to perform an action on an object belonging to some other root account’s bucket.
Which of the below mentioned options will AWS S3 not verify?
A. The object owner has provided access to the IAM user
B. Permission provided by the parent of the IAM user on the bucket
C. Permission provided by the bucket owner to the IAM user
D. Permission provided by the parent of the IAM user

Answer

A

Correct Answer: B
If the IAM user is trying to perform some action on the object belonging to another AWS user’s bucket, S3 will verify whether the owner of the IAM user has given sufficient permission to him. It also verifies the policy for the bucket as well as the policy defined by the object owner. http://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-auth-workflow-object-operation.html

Question 21

Q

An organization is planning to extend their data center by connecting their DC with the AWS VPC using the
VPN gateway. The organization is setting up a dynamically routed VPN connection.
Which of the below mentioned answers is not required to setup this configuration?
A. The type of customer gateway, such as Cisco ASA, Juniper J-Series, Juniper SSG, Yamaha.
B. Elastic IP ranges that the organization wants to advertise over the VPN connection to the VPC.
C. Internet-routable IP address (static) of the customer gateway’s external interface.
D. Border Gateway Protocol (BGP) Autonomous System Number (ASN) of the customer gateway.

Answer

A

Answer is B. I found the explanation in the following link very informative.
http://hadoopexam.com/do1111/index.php/aws-amazon-webservice/aws-sol-architect-professional/74-question-1-quicktechie-com-has-three-different-datacenters-in-mumbai-geneva-and-navada-which-is-planning-to-extend-their-data-center-by-connecting-their-dc-with-the-aws-vpc-using-the-vpn-gateway-quicktechie-com-is-setting-up-a-dynamically-routed-vpn-conne

Question 22

Q

In the context of AWS IAM, identify a true statement about user passwords (login profiles).
A. They must contain Unicode characters.
B. They can contain any Basic Latin (ASCII) characters.
C. They must begin and end with a forward slash (/).
D. They cannot contain Basic Latin (ASCII) characters.

Answer

A

Correct Answer: B
The user passwords (login profiles) of IAM users can contain any Basic Latin (ASCII)characters. http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html

Question 23

Q

An organization is planning to host a Wordpress blog as well a joomla CMS on a single instance launched with
VPC. The organization wants to have separate domains for each application and assign them using Route 53.
The organization may have about ten instances each with two applications as mentioned above. While launching the instance, the organization configured two separate network interfaces (primary + ENI) and wanted to have two elastic IPs for that instance. It was suggested to use a public IP from AWS instead of an elastic IP as the number of elastic IPs is restricted.
What action will you recommend to the organization?
A. I agree with the suggestion but will prefer that the organization should use separate subnets with each ENI for different public IPs.
B. I do not agree as it is required to have only an elastic IP since an instance has more than one ENI and AWS does not assign a public IP to an instance with multiple ENIs.
C. I do not agree as AWS VPC does not attach a public IP to an ENI; so the user has to use only an elastic IP only.
D. I agree with the suggestion and it is recommended to use a public IP from AWS since the organization is

Answer

A

Correct Answer: B
A Virtual Private Cloud (VPC) is a virtual network dedicated to the user’s AWS account. It enables the user to launch AWS resources into a virtual network that the user has defined. An Elastic Network Interface (ENI) is a virtual network interface that the user can attach to an instance in a VPC. The user can attach up to two ENIs with a single instance. However, AWS cannot assign a public IP when there are two ENIs attached to a single instance. It is recommended to assign an elastic IP in this scenario. If the organization wants more than 5 EIPs they can request AWS to increase the number. http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html

Question 24

Q

What is the default maximum number of VPCs allowed per region?
A. 5
B. 10
C. 100
D. 15

Answer

A

Correct Answer: A
The maximum number of VPCs allowed per region is 5.
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Appendix_Limits.html

Question 25

Q

A customer has a website which shows all the deals available across the market. The site experiences a load of 5 large EC2 instances generally.
However, a week before Thanksgiving vacation they encounter a load of almost 20 large instances. The load during that period varies over the day based on the office timings.
Which of the below mentioned solutions is cost effective as well as help the website achieve better performance?
A. Setup to run 10 instances during the pre-vacation period and only scale up during the office time by launching 10 more instances using the AutoScaling schedule.
B. Keep only 10 instances running and manually launch 10 instances every day during office hours.
C. During the pre-vacation period setup 20 instances to run continuously.
D. During the pre-vacation period setup a scenario where the organization has 15 instances running and 5

Answer

A

Correct Answer: B
AWS provides an on demand, scalable infrastructure. AWS EC2 allows the user to launch On- Demand instances and the organization should create an AMI of the running instance. When the organization is experiencing varying loads and the time of the load is not known but it is higher than the routine traffic it is recommended that the organization launches a few instances beforehand and then setups AutoScaling with policies which scale up and down as per the EC2 metrics, such as Network I/O or CPU utilization. If the organization keeps all 10 additional instances as a part of the AutoScaling policy sometimes during a sudden higher load it may take time to launch instances and may not give an optimal performance. This is the reason it is recommended that the organization keeps an additional 5 instances running and the next 5 instances scheduled as per the AutoScaling policy for cost effectiveness.

Question 26

Q

An organization is setting a website on the AWS VPC. The organization has blocked a few IPs to avoid a D-
DOS attack.
How can the organization configure that a request from the above mentioned IPs does not access the application instances?
A. Create an IAM policy for VPC which has a condition to disallow traffic from that IP address.
B. Configure a security group at the subnet level which denies traffic from the selected IP.
C. Configure the security group with the EC2 instance which denies access from that IP address.
D. Configure an ACL at the subnet which denies the traffic from that IP address.

Answer

A

Correct Answer: D
A Virtual Private Cloud (VPC) is a virtual network dedicated to the user’s AWS account. It enables the user to launch AWS resources into a virtual network that the user has defined. AWS provides two features that the user can use to increase security in VPC: security groups and network ACLs. Security group works at the instance level while ACL works at the subnet level. ACL allows both allow and deny rules. Thus, when the user wants to reject traffic from the selected IPs it is recommended to use ACL with subnets. http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html

Question 27

Q

An organization has 4 people in the IT operations team who are responsible to manage the AWS infrastructure. The organization wants to setup that each user will have access to launch and manage an instance in a zone which the other user cannot modify.
Which of the below mentioned options is the best solution to set this up?
A. Create four AWS accounts and give each user access to a separate account.
B. Create an IAM user and allow them permission to launch an instance of a different sizes only.
C. Create four IAM users and four VPCs and allow each IAM user to have access to separate VPCs.
D. Create a VPC with four subnets and allow access to each subnet for the individual IAM user.

Answer

A

Correct Answer: D
A Virtual Private Cloud (VPC) is a virtual network dedicated to the user’s AWS account. The user can create subnets as per the requirement within a VPC. The VPC also work with IAM and the organization can create
IAM users who have access to various VPC services. The organization can setup access for the IAM user who can modify the security groups of the VPC. The sample policy is given below:
{
“Version”: “2012-10-17”,
“Statement”:
[{ “Effect”: “Allow”,
“Action”: “ec2:RunInstances”, “Resource”:
[“arn:aws:ec2:region::image/ami-”, “arn:aws:ec2:region:account:subnet/subnet-1a2b3c4d”,
“arn:aws:ec2:region:account:network-interface/”, “arn:aws:ec2:region:account:volume/”,
“arn:aws:ec2:region:account:key-pair/”, “arn:aws:ec2:region:account:security-group/sg-123abc123” ] }]
}
With this policy the user can create four subnets in separate zones and provide IAM user access to each subnet. http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_IAM.html

Question 28

Q

An organization is planning to host an application on the AWS VPC. The organization wants dedicated instances. However, an AWS consultant advised the organization not to use dedicated instances with VPC as the design has a few limitations.
Which of the below mentioned statements is not a limitation of dedicated instances with VPC?
A. All instances launched with this VPC will always be dedicated instances and the user cannot use a default tenancy model for them.
B. It does not support the AWS RDS with a dedicated tenancy VPC.
C. The user cannot use Reserved Instances with a dedicated tenancy model.
D. The EBS volume will not be on the same tenant hardware as the EC2 instance though the user has

Answer

A

Correct Answer: C
The Amazon Virtual Private Cloud (Amazon VPC) allows the user to define a virtual networking environment in a private, isolated section of the Amazon Web Services (AWS) cloud. The user has complete control over the virtual networking environment. Dedicated instances are Amazon EC2 instances that run in a Virtual Private
Cloud (VPC) on hardware that is dedicated to a single customer. The client’s dedicated instances are physically isolated at the host hardware level from instances that are not dedicated instances as well as from instances that belong to other AWS accounts. All instances launched with the dedicated tenancy model of VPC will always be dedicated instances. Dedicated tenancy has a limitation that it may not support a few services, such as RDS. Even the EBS will not be on dedicated hardware. However, the user can save some cost as well as reserve some capacity by using a Reserved Instance model with dedicated tenancy. http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/dedicated-instance.html

Question 29

Q

In which step of using AWS Direct Connect should the user determine the required port speed?
A. Complete the Cross Connect
B. Verify Your Virtual Interface
C. Download Router Configuration
D. Submit AWS Direct Connect Connection Request

Answer

A

Correct Answer: D
To submit an AWS Direct Connect connection request, you need to provide the following information:
Your contact information.
The AWS Direct Connect Location to connect to.
Details of AWS Direct Connect partner if you use the AWS Partner Network (APN) service. The port speed you require, either 1 Gbps or 10 Gbps. http://docs.aws.amazon.com/directconnect/latest/UserGuide/getstarted.html#ConnectionRequest

Question 30

Q

In Amazon IAM, what is the maximum length for a role name?
A. 128 characters
B. 512 characters
C. 64 characters
D. 256 characters

Answer

A

Correct Answer: C
In Amazon IAM, the maximum length for a role name is 64 characters. http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html

Question 31

Q

A user is planning to host a web server as well as an app server on a single EC2 instance which is a part of the public subnet of a VPC.
How can the user setup to have two separate public IPs and separate security groups for both the application as well as the web server?
A. Launch VPC with two separate subnets and make the instance a part of both the subnets.
B. Launch a VPC instance with two network interfaces. Assign a separate security group and elastic IP to them.
C. Launch a VPC instance with two network interfaces. Assign a separate security group to each and AWS will assign a separate public IP to them.
D. Launch a VPC with ELB such that it redirects requests to separate VPC instances of the public subnet.

Answer

A

Correct Answer: B
If you need to host multiple websites (with different IPs) on a single EC2 instance, the following is the suggested method from AWS.
Launch a VPC instance with two network interfaces.
Assign elastic IPs from VPC EIP pool to those interfaces (Because, when the user has attached more than one network interface with an instance, AWS cannot assign public IPs to them.) Assign separate Security Groups if separate Security Groups are needed This scenario also helps for operating network appliances, such as firewalls or load balancers that have multiple private IP addresses for each network interface. http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/MultipleIP.html

Question 32

Q

You have subscribed to the AWS Business and Enterprise support plan.
Your business has a backlog of problems, and you need about 20 of your IAM users to open technical support cases.
How many users can open technical support cases under the AWS Business and Enterprise support plan?
A. 5 users
B. 10 users
C. Unlimited
D. 1 user

Answer

A

Correct Answer: C
In the context of AWS support, the Business and Enterprise support plans allow an unlimited number of users to open technical support cases (supported by AWS Identity and Access Management (IAM)). https://aws.amazon.com/premiumsupport/faqs/

Question 33

Q

While implementing the policy keys in AWS Direct Connect, if you use and the request comes from an Amazon
EC2 instance, the instance’s public IP address is evaluated to determine if access is allowed.
A. aws:SecureTransport
B. aws:EpochIP
C. aws:SourceIp
D. aws:CurrentTime

Answer

A

Correct Answer: C
While implementing the policy keys in Amazon RDS, if you use aws: SourceIp and the request comes from an
Amazon EC2 instance, the instance’s public IP address is evaluated to determine if access is allowed. http://docs.aws.amazon.com/directconnect/latest/UserGuide/using_iam.html

Question 34

Q

How many g2.2xlarge on-demand instances can a user run in one region without taking any limit increase approval from AWS?
A. 20
B. 2
C. 5
D. 10

Answer

A

Correct Answer: C
Generally, AWS EC2 allows running 20 on-demand instances and 100 spot instances at a time. This limit can be increased by requesting at https://aws.amazon.com/contact-us/ec2-request.

Excluding certain types of -
instances, the limit is lower than mentioned above. For g2.2xlarge, the user can run only 5 on-demand instance at a time. http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_ec2

Question 35

Q

A user has created a MySQL RDS instance with PIOPS. Which of the below mentioned statements will help user understand the advantage of PIOPS?
A. The user can achieve additional dedicated capacity for the EBS I/O with an enhanced RDS option
B. It uses a standard EBS volume with optimized configuration the stacks
C. It uses optimized EBS volumes and optimized configuration stacks
D. It provides a dedicated network bandwidth between EBS and RDS

Answer

A

Correct Answer: C
RDS DB instance storage comes in two types: standard and provisioned IOPS. Standard storage is allocated on the Amazon EBS volumes and connected to the user’s DB instance. Provisioned IOPS uses optimized EBS volumes and an optimized configuration stack. It provides additional, dedicated capacity for the EBS I/O. http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html

Question 36

Q

A user authenticating with Amazon Cognito will go through a multi-step process to bootstrap their credentials.
Amazon Cognito has two different flows for authentication with public providers.
Which of the following are the two flows?
A. Authenticated and non-authenticated
B. Public and private
C. Enhanced and basic
D. Single step and multistep

Answer

A

Correct Answer: C
A user authenticating with Amazon Cognito will go through a multi-step process to bootstrap their credentials.
Amazon Cognito has two different flows for authentication with public providers: enhanced and basic. http://docs.aws.amazon.com/cognito/devguide/identity/concepts/authentication-flow/

Question 37

Q

Which of the following is the Amazon Resource Name (ARN) condition operator that can be used within an
Identity and Access Management (IAM) policy to check the case-insensitive matching of the ARN?
A. ArnCheck
B. ArnMatch
C. ArnCase
D. ArnLike

Answer

A

Correct Answer: D
Amazon Resource Name (ARN) condition operators let you construct Condition elements that restrict access based on comparing a key to an ARN. ArnLike, for instance, is a case-insensitive matching of the ARN. Each of the six colon-delimited components of the ARN is checked separately and each can include a multi- character match wildcard (*) or a single-character match wildcard (?). http://docs.aws.amazon.com/IAM/latest/UserGuide/AccessPolicyLanguage_ElementDescriptions.html

Question 38

Q

An organization is creating a VPC for their application hosting. The organization has created two private subnets in the same AZ and created one subnet in a separate zone.
The organization wants to make a HA system with the internal ELB.
Which of these statements is true with respect to an internal ELB in this scenario?
A. ELB can support only one subnet in each availability zone.
B. ELB does not allow subnet selection; instead it will automatically select all the available subnets of the VPC.
C. If the user is creating an internal ELB, he should use only private subnets.
D. ELB can support all the subnets irrespective of their zones.

Answer

A

Correct Answer: A
The Amazon Virtual Private Cloud (Amazon VPC) allows the user to define a virtual networking environment in a private, isolated section of the Amazon Web Services (AWS) cloud.
The user has complete control over the virtual networking environment. Within this virtual private cloud, the user can launch AWS resources, such as an ELB, and EC2 instances.
There are two ELBs available with VPC: internet facing and internal (private) ELB. For internal servers, such as App servers the organization can create an internal load balancer in their VPC and then place back-end application instances behind the internal load balancer.
The internal load balancer will route requests to the back-end application instances, which are also using private IP addresses and only accept requests from the internal load balancer.
The Internal ELB supports only one subnet in each AZ and asks the user to select a subnet while configuring internal ELB. http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/USVPC_creating_basic_lb.html

Question 39

Q

In Amazon ElastiCache, the failure of a single cache node can have an impact on the availability of your application and the load on your back-end database while ElastiCache provisions a replacement for the failed cache node and it get repopulated.
Which of the following is a solution to reduce this potential availability impact?
A. Spread your memory and compute capacity over fewer number of cache nodes, each with smaller capacity.
B. Spread your memory and compute capacity over a larger number of cache nodes, each with smaller capacity.
C. Include fewer number of high capacity nodes.
D. Include a larger number of cache nodes, each with high capacity.

Answer

A

Correct Answer: B
In Amazon ElastiCache, the number of cache nodes in the cluster is a key factor in the availability of your cluster running Memcached. The failure of a single cache node can have an impact on the availability of your application and the load on your back-end database while ElastiCache provisions a replacement for the failed cache node and it get repopulated.
You can reduce this potential availability impact by spreading your memory and compute capacity over a larger number of cache nodes, each with smaller capacity, rather than using a fewer number of high capacity nodes. http://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/CacheNode.Memcached.html

Question 40

Q

MapMySite is setting up a web application in the AWS VPC. The organization has decided to use an AWS
RDS instead of using its own DB instance for HA and DR requirements.
The organization also wants to secure RDS access.
How should the web application be setup with RDS?
A. Create a VPC with one public and one private subnet. Launch an application instance in the public subnet while RDS is launched in the private subnet.
B. Setup a public and two private subnets in different AZs within a VPC and create a subnet group. Launch RDS with that subnet group.
C. Create a network interface and attach two subnets to it. Attach that network interface with RDS while launching a DB instance.
D. Create two separate VPCs and launch a Web app in one VPC and RDS in a separate VPC and connect

Answer

A

Correct Answer: B
A Virtual Private Cloud (VPC) is a virtual network dedicated to the user’s AWS account. It enables the user to launch AWS resources, such as RDS into a virtual network that the user has defined. Subnets are segments of a VPC’s IP address range that the user can designate to a group of VPC resources based on the security and operational needs.
A DB subnet group is a collection of subnets (generally private) that a user can create in a VPC and assign to the RDS DB instances. A DB subnet group allows the user to specify a particular VPC when creating the DB instances. Each DB subnet group should have subnets in at least two Availability Zones in a given region. http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html

Question 41

Q

When does an AWS Data Pipeline terminate the AWS Data Pipeline-managed compute resources?
A. AWS Data Pipeline terminates AWS Data Pipeline-managed compute resources every 2 hours.
B. When the final activity that uses the resources is running
C. AWS Data Pipeline terminates AWS Data Pipeline-managed compute resources every 12 hours.
D. When the final activity that uses the resources has completed successfully or failed

Answer

A

Correct Answer: D
Compute resources will be provisioned by AWS Data Pipeline when the first activity for a scheduled time that uses those resources is ready to run, and those instances will be terminated when the final activity that uses the resources has completed successfully or failed. https://aws.amazon.com/datapipeline/faqs/

Question 42

Q

What bandwidths do AWS Direct Connect currently support?
A. 10Mbps and 100Mbps
B. 10Gbps and 100Gbps
C. 100Mbps and 1Gbps
D. 1Gbps and 10 Gbps

Answer

A

D
AWS Direct Connection currently supports 1Gbps and 10 Gbps.
http://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html

Question 43

Q

The Principal element of an IAM policy refers to the specific entity that should be allowed or denied permission, whereas the translates to everyone except the specified entity.
A. NotPrincipal
B. Vendor
C. Principal
D. Action

Answer

A

Correct Answer: A
The element NotPrincipal that is included within your IAM policy statements allows you to specify an exception to a list of principals to whom the access to a specific resource is either allowed or denied. Use the
NotPrincipal element to specify an exception to a list of principals. For example, you can deny access to all principals except the one named in the NotPrincipal element. http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html#Principal

Question 44

Q

Doug has created a VPC with CIDR 10.201.0.0/16 in his AWS account. In this VPC he has created a public subnet with CIDR block 10.201.31.0/24.
While launching a new EC2 from the console, he is not able to assign the private IP address 10.201.31.6 to this instance.
Which is the most likely reason for this issue?
A. Private address IP 10.201.31.6 is currently assigned to another interface
B. Private IP address 10.201.31.6 is reserved by Amazon for IP networking purposes.
C. Private IP address 10.201.31.6 is blocked via ACLs in Amazon infrastructure as a part of platform security.
D. Private IP address 10.201.31.6 is not part of the associated subnet’s IP address range.

Answer

A

Correct Answer: A
In Amazon VPC, you can assign any Private IP address to your instance as long as it is: Part of the associated subnet’s IP address range
Not reserved by Amazon for IP networking purposes Not currently assigned to another interface http://aws.amazon.com/vpc/faqs/

Question 45

Q

A user is configuring MySQL RDS with PIOPS. What should be the minimum size of DB storage provided by the user?
A. 1 TB
B. 50 GB
C. 5 GB
D. 100 GB

Answer

A

Correct Answer: D
If the user is trying to enable PIOPS with MySQL RDS, the minimum size of storage should be 100 GB. http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.html

Question 46

Q

The Statement element, of an AWS IAM policy, contains an array of individual statements. Each individual statement is a(n) \_\_\_\_\_\_\_\_\_ block enclosed in braces { }.
A. XML
B. JavaScript
C. JSON
D. AJAX

Answer

A

Correct Answer: C
The Statement element, of an IAM policy, contains an array of individual statements. Each individual statement is a JSON block enclosed in braces { }. http://docs.aws.amazon.com/IAM/latest/UserGuide/AccessPolicyLanguage_ElementDescriptions.html

Question 47

Q

If no explicit deny is found while applying IAM’s Policy Evaluation Logic, the enforcement code looks for any
______ instructions that would apply to the request.
A. “cancel”
B. “suspend”
C. “allow”
D. “valid”

Answer

A

Correct Answer: C
If an explicit deny is not found among the applicable policies for a specific request, IAM’s Policy Evaluation
Logic checks for any “allow” instructions to check if the request can be successfully completed. http://docs.aws.amazon.com/IAM/latest/UserGuide/AccessPolicyLanguage_EvaluationLogic.html

Question 48

Q

An organization is hosting a scalable web application using AWS. The organization has configured ELB and
Auto Scaling to make the application scalable.
Which of the below mentioned statements is not required to be followed for ELB when the application is planning to host a web application on VPC?
A. The ELB and all the instances should be in the same subnet.
B. Configure the security group rules and network ACLs to allow traffic to be routed between the subnets in the VPC.
C. The internet facing ELB should have a route table associated with the internet gateway.
D. The internet facing ELB should be only in a public subnet.

Answer

A

Correct Answer: A
Amazon Virtual Private Cloud (Amazon VPC) allows the user to define a virtual networking environment in a private, isolated section of the Amazon Web Services (AWS) cloud. The user has complete control over the virtual networking environment. Within this virtual private cloud, the user can launch AWS resources, such as an ELB, and EC2 instances. There are two ELBs available with VPC: internet facing and internal (private) ELB.
For the internet facing ELB it is required that the ELB should be in a public subnet. After the user creates the public subnet, he should ensure to associate the route table of the public subnet with the internet gateway to enable the load balancer in the subnet to connect with the internet. The ELB and instances can be in a separate subnet. However, to allow communication between the instance and the ELB the user must configure the security group rules and network ACLs to allow traffic to be routed between the subnets in his VPC. http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/CreateVPCForELB.ht ml

Question 49

Q

An organization (account ID 123412341234) has configured the IAM policy to allow the user to modify his credentials.
What will the below mentioned statement allow the user to perform?

A. Allow the IAM user to update the membership of the group called TestingGroup
B. The IAM policy will throw an error due to an invalid resource name
C. The IAM policy will allow the user to subscribe to any IAM group
D. Allow the IAM user to delete the TestingGroup

Answer

A

Correct Answer: A
AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. If the organization (account ID 123412341234) wants their users to manage their subscription to the groups, they should create a relevant policy for that. The below mentioned policy allows the respective IAM user to update the membership of the group called MarketingGroup.
{
“Version”: “2012-10-17”,
“Statement”: [{
“Effect”: “Allow”, “Action”: [ “iam:AddUserToGroup”,
“iam:RemoveUserFromGroup”, “iam:GetGroup”
],
“Resource”: “arn:aws:iam:: 123412341234:group/ TestingGroup “ }] http://docs.aws.amazon.com/IAM/latest/UserGuide/Credentials-Permissions-examples.html#creds-policies- credentials

Question 50

Q

A user has configured EBS volume with PIOPS. The user is not experiencing the optimal throughput.
Which of the following could not be factor affecting I/O performance of that EBS volume?
A. EBS bandwidth of dedicated instance exceeding the PIOPS
B. EBS volume size
C. EC2 bandwidth
D. Instance type is not EBS optimized

Answer

A

Correct Answer: B
If the user is not experiencing the expected IOPS or throughput that is provisioned, ensure that the EC2 bandwidth is not the limiting factor, the instance is EBS-optimized (or include 10 Gigabit network connectivity) and the instance type EBS dedicated bandwidth exceeds the IOPS more than he has provisioned. http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-io-characteristics.html

Question 51

Q

How can multiple compute resources be used on the same pipeline in AWS Data Pipeline?
A. You can use multiple compute resources on the same pipeline by defining multiple cluster objects in your definition file and associating the cluster to use for each activity via its runs On field.
B. You can use multiple compute resources on the same pipeline by defining multiple cluster definition files
C. You can use multiple compute resources on the same pipeline by defining multiple clusters for your activity.
D. You cannot use multiple compute resources on the same pipeline.

Answer

A

Correct Answer: A
Multiple compute resources can be used on the same pipeline in AWS Data Pipeline by defining multiple cluster objects in your definition file and associating the cluster to use for each activity via its runs On field, which allows pipelines to combine AWS and on premise resources, or to use a mix of instance types for their activities. https://aws.amazon.com/datapipeline/faqs/

Question 52

Q

The two policies that you attach to an IAM role are the access policy and the trust policy. The trust policy identifies who can assume the role and grants the permission in the AWS Lambda account principal by adding the \_\_\_\_\_\_\_ action.
A. aws:AssumeAdmin
B. lambda:InvokeAsync
C. sts:InvokeAsync
D. sts:AssumeRole

Answer

A

Correct Answer: D
The two policies that you attach to an IAM role are the access policy and the trust policy. Remember that adding an account to the trust policy of a role is only half of establishing the trust relationship. By default, no users in the trusted accounts can assume the role until the administrator for that account grants the users the permission to assume the role by adding the Amazon Resource Name (ARN) of the role to an Allow element for the sts:AssumeRole action. http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_manage_modify.html

Question 53

Q

The MySecureData company has five branches across the globe. They want to expand their data centers such that their web server will be in the AWS and each branch would have their own database in the local data center. Based on the user login, the company wants to connect to the data center.
How can MySecureData company implement this scenario with the AWS VPC?
A. Create five VPCs with the public subnet for the app server and setup the VPN gateway for each VPN to connect them individually.
B. Use the AWS VPN CloudHub to communicate with multiple VPN connections.
C. Use the AWS CloudGateway to communicate with multiple VPN connections.
D. It is not possible to connect different data centers from a single VPC.

Answer

A

Correct Answer: B
A Virtual Private Cloud (VPC) is a virtual network dedicated to the user’s AWS account. The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data centre, he can setup a public and VPN only subnet which uses hardware VPN access to connect with his data centre. If the organization has multiple VPN connections, he can provide secure communication between sites using the
AWS VPN CloudHub.
The VPN CloudHub operates on a simple hub-and-spoke model that the user can use with or without a VPC.
This design is suitable for customers with multiple branch offices and existing internet connections who would like to implement a convenient, potentially low-cost hub-and- spoke model for primary or backup connectivity between remote offices. http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPN_CloudHub.html

Question 54

Q

One of your AWS Data Pipeline activities has failed consequently and has entered a hard failure state after retrying thrice.
You want to try it again. Is it possible to increase the number of automatic retries to more than thrice?
A. Yes, you can increase the number of automatic retries to 6.
B. Yes, you can increase the number of automatic retries to indefinite number.
C. No, you cannot increase the number of automatic retries.
D. Yes, you can increase the number of automatic retries to 10.

Answer

A

Correct Answer: D
In AWS Data Pipeline, an activity fails if all of its activity attempts return with a failed state. By default, an activity retries three times before entering a hard failure state. You can increase the number of automatic retries to 10. However, the system does not allow indefinite retries. https://aws.amazon.com/datapipeline/faqs/

Question 55

Q

True or False: In Amazon ElastiCache replication groups of Redis, for performance tuning reasons, you can change the roles of the cache nodes within the replication group, with the primary and one of the replicas exchanging roles.
A. True, however, you get lower performance.
B. FALSE
C. TRUE
D. False, you must recreate the replication group to improve performance tuning.

Answer

A

Correct Answer: C
In Amazon ElastiCache, a replication group is a collection of Redis Cache Clusters, with one primary read- write cluster and up to five secondary, read-only clusters, which are called read replicas. You can change the roles of the cache clusters within the replication group, with the primary cluster and one of the replicas exchanging roles. You might decide to do this for performance tuning reasons. http://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/Replication.Redis.Groups.html

Question 56

Q

How much memory does the cr1.8xlarge instance type provide?
A. 224 GB
B. 124 GB
C. 184 GB
D. 244 GB

Answer

A

Correct Answer: D
The CR1 instances are part of the memory optimized instances. They offer lowest cost per GB RAM among all the AWS instance families. CR1 instances are part of the new generation of memory optimized instances, which can offer up to 244 GB RAM and run on faster CPUs (Intel Xeon E5-2670 with NUMA support) in comparison to the M2 instances of the same family. They support cluster networking for bandwidth intensive applications. cr1.8xlarge is one of the largest instance types of the CR1 family, which can offer 244 GB RAM. http://aws.amazon.com/ec2/instance-types/

Question 57

Q

How many cg1.4xlarge on-demand instances can a user run in one region without taking any limit increase approval from AWS?
A. 20
B. 2
C. 5
D. 10

Answer

A

Correct Answer: B
Generally, AWS EC2 allows running 20 on-demand instances and 100 spot instances at a time. This limit can be increased by requesting at https://aws.amazon.com/contact-us/ec2-request.

Excluding certain types of instances, the limit is lower than mentioned above. For cg1.4xlarge, the user can run only 2 on-demand instances at a time. http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_ec2

Question 58

Q

Regarding Amazon SNS, you can send notification messages to mobile devices through any of the following supported push notification services, EXCEPT:
A. Microsoft Windows Mobile Messaging (MWMM)
B. Google Cloud Messaging for Android (GCM)
C. Amazon Device Messaging (ADM)
D. Apple Push Notification Service (APNS)

Answer

A

Correct Answer: A
In Amazon SNS, you have the ability to send notification messages directly to apps on mobile devices.
Notification messages sent to a mobile endpoint can appear in the mobile app as message alerts, badge updates, or even sound alerts. Microsoft Windows Mobile Messaging (MWMM) doesn’t exist and is not supported by Amazon SNS. http://docs.aws.amazon.com/sns/latest/dg/SNSMobilePush.html

Question 59

Q

You want to define permissions for a role in an IAM policy. Which of the following configuration formats should you use?
A. An XML document written in the IAM Policy Language
B. An XML document written in a language of your choice
C. A JSON document written in the IAM Policy Language
D. JSON document written in a language of your choice

Answer

A

Correct Answer: C
You define the permissions for a role in an IAM policy. An IAM policy is a JSON document written in the IAM
Policy Language.
http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html

Question 60

Q

IAM Secure and Scalable is an organization which provides scalable and secure SAAS to its clients. They are planning to host a web server and App server on AWS VPC as separate tiers. The organization wants to implement the scalability by configuring Auto Scaling and load balancer with their app servers (middle tier) too.
Which of the below mentioned options suits their requirements?
A. Since ELB is internet facing, it is recommended to setup HAProxy as the Load balancer within the VPC.
B. Create an Internet facing ELB with VPC and configure all the App servers with it.
C. The user should make ELB with EC2-CLASSIC and enable SSH with it for security.
D. Create an Internal Load balancer with VPC and register all the App servers with it.

Answer

A

Correct Answer: D
The Amazon Virtual Private Cloud (Amazon VPC) allows the user to define a virtual networking environment in a private, isolated section of the Amazon Web Services (AWS) cloud. The user has complete control over the virtual networking environment. Within this virtual private cloud, the user can launch AWS resources, such as an ELB, and EC2 instances.
There are two ELBs available with VPC: internet facing and internal (private) ELB. For internal servers, such as App servers the organization can create an internal load balancer in their VPC and then place back-end application instances behind the internal load balancer. The internal load balancer will route requests to the back-end application instances, which are also using private IP addresses and only accept requests from the internal load balancer.
Reference: http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/vpc-loadbalancer- types.html

Question 61

Q

True or False: Amazon ElastiCache supports the Redis key-value store.
A. True, ElastiCache supports the Redis key-value store, but with limited functionalities.
B. False, ElastiCache does not support the Redis key-value store.
C. True, ElastiCache supports the Redis key-value store.
D. False, ElastiCache supports the Redis key-value store only if you are in a VPC environment.

Answer

A

Correct Answer: C
This is true. ElastiCache supports two open-source in-memory caching engines: 1. Memcached - a widely adopted memory object caching system. ElastiCache is protocol compliant with Memcached, so popular tools that you use today with existing Memcached environments will work seamlessly with the service. 2. Redis - a popular open-source in-memory key-value store that supports data structures such as sorted sets and lists.
ElastiCache supports Master / Slave replication and Multi-AZ which can be used to achieve cross AZ redundancy.
Reference:
https://aws.amazon.com/elasticache/

Question 62

Q

Which of the following is NOT an advantage of using AWS Direct Connect?
A. AWS Direct Connect provides users access to public and private resources by using two different connections while maintaining network separation between the public and private environments.
B. AWS Direct Connect provides a more consistent network experience than Internet-based connections.
C. AWS Direct Connect makes it easy to establish a dedicated network connection from your premises to AWS.
D. AWS Direct Connect reduces your network costs.

Answer

A

Correct Answer: A
AWS Direct Connect makes it easy to establish a dedicated network connection from your premises to AWS.
Using AWS Direct Connect, you can establish private connectivity between AWS and your datacenter, office, or colocation environment, which in many cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections.
By using industry standard 802.1q VLANs, this dedicated connection can be partitioned into multiple virtual interfaces. This allows you to use the same connection to access public resources such as objects stored in
Amazon S3 using public IP address space, and private resources such as Amazon EC2 instances running within an Amazon Virtual Private Cloud (VPC) using private IP space, while maintaining network separation between the public and private environments. http://aws.amazon.com/directconnect/#details

Question 63

Q

An organization is setting up an application on AWS to have both High Availability (HA) and Disaster Recovery
(DR). The organization wants to have both Recovery point objective (RPO) and Recovery time objective (RTO) of 10 minutes.
Which of the below mentioned service configurations does not help the organization achieve the said RPO and
RTO?
A. Take a snapshot of the data every 10 minutes and copy it to the other region.
B. Use an elastic IP to assign to a running instance and use Route 53 to map the user’s domain with that IP.
C. Create ELB with multi-region routing to allow automated failover when required.
D. Use an AMI copy to keep the AMI available in other regions.

Answer

A

Correct Answer: C
AWS provides an on demand, scalable infrastructure. AWS EC2 allows the user to launch On- Demand instances and the organization should create an AMI of the running instance. Copy the AMI to another region to enable Disaster Recovery (DR) in case of region failure. The organization should also use EBS for persistent storage and take a snapshot every 10 minutes to meet Recovery time objective (RTO). They should also setup an elastic IP and use it with Route 53 to route requests to the same IP. When one of the instances fails the organization can launch new instances and assign the same EIP to a new instance to achieve High
Availability (HA). The ELB works only for a particular region and does not route requests across regions.
Reference:
http://d36cz9buwru1tt.cloudfront.net/AWS_Disaster_Recovery.pdf

Question 64

Q

An organization is having an application which can start and stop an EC2 instance as per schedule. The organization needs the MAC address of the instance to be registered with its software. The instance is launched in EC2-CLASSIC.
How can the organization update the MAC registration every time an instance is booted?
A. The organization should write a boot strapping script which will get the MAC address from the instance metadata and use that script to register with the application.
B. The organization should provide a MAC address as a part of the user data. Thus, whenever the instance is booted the script assigns the fixed MAC address to that instance.
C. The instance MAC address never changes. Thus, it is not required to register the MAC address every time.
D. AWS never provides a MAC address to an instance; instead the instance ID is used for identifying the

Answer

A

Correct Answer: A
AWS provides an on demand, scalable infrastructure. AWS EC2 allows the user to launch On- Demand instances. AWS does not provide a fixed MAC address to the instances launched in EC2-CLASSIC. If the instance is launched as a part of EC2-VPC, it can have an ENI which can have a fixed MAC. However, with
EC2-CLASSIC, every time the instance is started or stopped it will have a new MAC address. To get this MAC, the organization can run a script on boot which can fetch the instance metadata and get the MAC address from that instance metadata. Once the MAC is received, the organization can register that MAC with the software.
Reference:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AESDG-chapter-instancedata.html

Answer 65

A

Correct Answer: B
You can use the action Modify DB Instance, available in the Amazon RDS API, to pass values for the parameters DB Instance Identifier and DB Security Groups specifying the instance ID and the DB Security
Groups you want your instance to be part of.
Reference:
http://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBInstance.html

Answer 66

A

Correct Answer: B
AWS has many solutions for Disaster Recovery(DR) and High Availability(HA). When the organization wants to have HA and DR but are okay to have a longer recovery time they should select the option backup and restore with S3. The data can be sent to S3 using either Direct Connect, Storage Gateway or over the internet.
The EC2 instance will pick the data from the S3 bucket when started and setup the environment. This process takes longer but is very cost effective due to the low pricing of S3. In all the other options, the EC2 instance might be running or there will be AMI storage costs. Thus, it will be a costlier option. In this scenario the organization should plan appropriate tools to take a backup, plan the retention policy for data and setup security of the data. http://d36cz9buwru1tt.cloudfront.net/AWS_Disaster_Recovery.pdf

Answer 67

A

Correct Answer: A

In Amazon ElastiCache, you can run a maximum of 20 Cache Nodes.

Answer 68

A

Correct Answer: C
An AWS Direct Connect location provides access to Amazon Web Services in the region it is associated with, as well as access to other US regions. For example, you can provision a single connection to any AWS Direct
Connect location in the US and use it to access public AWS services in all US Regions and AWS GovCloud
(US).
Reference:
http://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html

Answer 69

A

Correct Answer: B
A pipeline definition specifies the business logic of your data management.
Reference:
http://docs.aws.amazon.com/datapipeline/latest/DeveloperGuide/what-is-datapipeline.html

Answer 70

A

Correct Answer: D
Session persistence is a feature of the load balancing service. It attempts to force subsequent connections to a service to be redirected to the same node as long as it is online.
Reference:
http://docs.rackspace.com/loadbalancers/api/v1.0/clb-devguide/content/Concepts-d1e233.html

Answer 71

A

Correct Answer: A
Amazon Cognito identity pools support both authenticated and unauthenticated identities. Authenticated identities belong to users who are authenticated by a public login provider or your own backend authentication process. Unauthenticated identities typically belong to guest users.
Reference:
http://docs.aws.amazon.com/cognito/devguide/identity/identity-pools/

Answer 72

A

Correct Answer: A
Temporary credentials in IAM are valid throughout their defined duration of time and hence can’t be revoked.
However, because permissions are evaluated each time an AWS request is made using the credentials, you can achieve the effect of revoking the credentials by changing the permissions for the credentials even after they have been issued. http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_disable-perms.html

Answer 73

A

Correct Answer: C
AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. If the CFO wants to allow only AWS usage report page access, the policy for that IAM user will be as given below:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow", "Action": [
"aws-portal:ViewUsage"
],
"Resource": "*"
}
]
}
http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html

Answer 74

A

Correct Answer: B
The maximum number of BGP advertised routes allowed per route table is 100. http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Appendix_Limits.html

Answer 75

A

Correct Answer: C
AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services.
Whenever the organization is creating an IAM user, there should be a unique ID for each user. It is not possible to have the same login ID for multiple users. The names of users, groups, roles, instance profiles must be alphanumeric, including the following common characters: plus (+), equal (=), comma (,), period (.), at
(@), and dash (-).
http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_SettingUpUser.html

Answer 76

A

Correct Answer: B
IOPS are input/output operations per second. Amazon EBS measures each I/O operation per second (that is
256 KB or smaller) as one IOPS.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-io-characteristics.html

Answer 77

A

Correct Answer: A
A Virtual Private Cloud (VPC) is a virtual network dedicated to the user’s AWS account. The user can create subnets as per the requirement within a VPC. The VPC is always specific to a region. The user can create a
VPC which can span multiple Availability Zones by adding one or more subnets in each Availability Zone. The instance launched will always be in the same availability zone of the respective subnet. When creating an EBS the user cannot specify the subnet or VPC. However, the user must create the EBS in the same zone as the instance so that it can attach the EBS volume to the running instance. http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html#VPCSubnet

Answer 78

A

Correct Answer: C
A Virtual Private Cloud (VPC) is a virtual network dedicated to the user’s AWS account. It enables the user to launch AWS resources into a virtual network that the user has defined. An Elastic Network Interface (ENI) is a virtual network interface that the user can attach to an instance in a VPC. The user can create a management network using two separate network interfaces. For the present scenario it is required that the secondary network interface on the instance handles the public facing traffic and the primary network interface handles the back-end management traffic and it is connected to a separate subnet in the VPC that has more restrictive access controls. The public facing interface, which may or may not be behind a load balancer, has an associated security group to allow access to the server from the internet while the private facing interface has an associated security group allowing SSH access only from an allowed range of IP addresses either within the VPC or from the internet, a private subnet within the VPC or a virtual private gateway.
Reference:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html

Answer 79

A

Correct Answer: D
From AWS console the user can configure to have notifications sent to Amazon Simple Notifications Service
(SNS). The user can select specific jobs that, on completion, will trigger the notifications such as Vault
Inventory Retrieval Job Complete and Archive Retrieval Job Complete. http://docs.aws.amazon.com/amazonglacier/latest/dev/configuring-notifications-console.html

Answer 80

A

Correct Answer: C
A Virtual Private Cloud (VPC) is a virtual network dedicated to the user’s AWS account. It enables the user to launch AWS resources into a virtual network that the user has defined. An Elastic Network Interface (ENI) is a virtual network interface that the user can attach to an instance in a VPC. An ENI can include attributes such as: a primary private IP address, one or more secondary private IP addresses, one elastic IP address per private IP address, one public IP address, one or more security groups, a MAC address, a source/destination check flag, and a description. The user can create a network interface, attach it to an instance, detach it from an instance, and attach it to another instance. The attributes of a network interface follow the network interface as it is attached or detached from an instance and reattached to another instance. Thus, the user can maintain a fixed MAC using the network interface. http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html

Brainscape's Knowledge GenomeTM

Real test 2 Flashcards

Brainscape's Knowledge Genome^TM