Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Practice Exam simple > Real test 3 > Flashcards

Real test 3 Flashcards

1
Q

ABC has three separate departments and each department has their own AWS accounts. The HR department has created a file sharing site where all the on roll employees’ data is uploaded. The Admin department uploads data about the employee presence in the office to their DB hosted in the VPC. The Finance department needs to access data from the HR department to know the on roll employees to calculate the salary based on the number of days that an employee is present in the office.
How can ABC setup this scenario?
A. It is not possible to configure VPC peering since each department has a separate AWS account.
B. Setup VPC peering for the VPCs of Admin and Finance.
C. Setup VPC peering for the VPCs of Finance and HR as well as between the VPCs of Finance and Admin.
D. Setup VPC peering for the VPCs of Admin and HR

A

Correct Answer: C
A Virtual Private Cloud (VPC) is a virtual network dedicated to the user’s AWS account. It enables the user to launch AWS resources into a virtual network that the user has defined. A VPC peering connection allows the user to route traffic between the peer VPCs using private IP addresses as if they are a part of the same network. This is helpful when one VPC from the same or different AWS account wants to connect with resources of the other VPC. http://docs.aws.amazon.com/AmazonVPC/latest/PeeringGuide/peering-configurations-full-access.html#three- vpcs-full-access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

An organization is undergoing a security audit. The auditor wants to view the AWS VPC configurations as the organization has hosted all the applications in the AWS VPC. The auditor is from a remote place and wants to have access to AWS to view all the VPC records.
How can the organization meet the expectations of the auditor without compromising on the security of their
AWS infrastructure?
A. The organization should not accept the request as sharing the credentials means compromising on security.
B. Create an IAM role which will have read only access to all EC2 services including VPC and assign that role to the auditor.
C. Create an IAM user who will have read only access to the AWS VPC and share those credentials with the auditor.
D. The organization should create an IAM user with VPC full access but set a condition that will not allow to

A

b is correct - see -https://docs.aws.amazon.com/vpc/latest/userguide/vpc-policy-examples.html#security_iam_id-based-policy-examples-console

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q 
What is the maximum length for an instance profile name in AWS IAM?
A. 512 characters
B. 128 characters
C. 1024 characters
D. 64 characters
A

Correct Answer: B
The maximum length for an instance profile name is 128 characters. http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Cognito Sync is an AWS service that you can use to synchronize user profile data across mobile devices without requiring your own backend. When the device is online, you can synchronize data.
If you also set up push sync, what does it allow you to do?
A. Notify other devices that a user profile is available across multiple devices
B. Synchronize user profile data with less latency
C. Notify other devices immediately that an update is available
D. Synchronize online data faster

A

Correct Answer: C
Cognito Sync is an AWS service that you can use to synchronize user profile data across mobile devices without requiring your own backend. When the device is online, you can synchronize data, and if you have also set up push sync, notify other devices immediately that an update is available. http://docs.aws.amazon.com/cognito/devguide/sync/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

An organization is planning to create a secure scalable application with AWS VPC and ELB. The organization has two instances already running and each instance has an ENI attached to it in addition to a primary network interface. The primary network interface and additional ENI both have an elastic IP attached to it.
If those instances are registered with ELB and the organization wants ELB to send data to a particular EIP of the instance, how can they achieve this?
A. The organization should ensure that the IP which is required to receive the ELB traffic is attached to a primary network interface.
B. It is not possible to attach an instance with two ENIs with ELB as it will give an IP conflict error.
C. The organization should ensure that the IP which is required to receive the ELB traffic is attached to an additional ENI.
D. It is not possible to send data to a particular IP as ELB will send to any one EIP.

A

Correct Answer: A
Amazon Virtual Private Cloud (Amazon VPC) allows the user to define a virtual networking environment in a private, isolated section of the Amazon Web Services (AWS) cloud. The user has complete control over the virtual networking environment. Within this virtual private cloud, the user can launch AWS resources, such as an ELB, and EC2 instances. There are two ELBs available with VPC: internet facing and internal (private) ELB.
For the internet facing ELB it is required that the ELB should be in a public subnet. When the user registers a multi-homed instance (an instance that has an Elastic Network Interface (ENI) attached) with a load balancer, the load balancer will route the traffic to the IP address of the primary network interface (eth0).
Reference:
http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/gs-ec2VPC.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

In Amazon Cognito, your mobile app authenticates with the Identity Provider (IdP) using the provider’s SDK.
Once the end user is authenticated with the IdP, the OAuth or OpenID Connect token returned from the IdP is passed by your app to Amazon Cognito, which returns a new _____ for the user and a set of temporary, limited-privilege AWS credentials.
A. Cognito Key Pair
B. Cognito API
C. Cognito ID
D. Cognito SDK

A

Correct Answer: C
Your mobile app authenticates with the identity provider (IdP) using the provider’s SDK. Once the end user is authenticated with the IdP, the OAuth or OpenID Connect token returned from the IdP is passed by your app to
Amazon Cognito, which returns a new Cognito ID for the user and a set of temporary, limited-privilege AWS credentials. http://aws.amazon.com/cognito/faqs/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q 
What is the maximum length for a certificate ID in AWS IAM?
A. 1024 characters
B. 512 characters
C. 64 characters
D. 128 characters
A

Correct Answer: D
The maximum length for a certificate ID is 128 characters.
http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A user is trying to create a PIOPS EBS volume with 3 GB size and 90 IOPS. Will AWS create the volume?
A. No, since the PIOPS and EBS size ratio is less than 30
B. Yes, since the ratio between EBS and IOPS is less than 30
C. No, the EBS size is less than 4GB
D. Yes, since PIOPS is higher than 100

A

Correct Answer: C
A Provisioned IOPS (SSD) volume can range in size from 4 GiB to 16 TiB and you can provision up to 20,000
IOPS per volume.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html#EBSVolumeTypes_piops

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q 
If a single condition within an IAM policy includes multiple values for one key, it will be evaluated using a logical\_\_\_\_\_\_.
A. OR
B. NAND
C. NOR
D. AND
A

Correct Answer: A
If a single condition within an IAM policy includes multiple values for one key, it will be evaluated using a logical OR. http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following cache engines does Amazon ElastiCache support?
A. Amazon ElastiCache supports Memcached and Redis.
B. Amazon ElastiCache supports Redis and WinCache.
C. Amazon ElastiCache supports Memcached and Hazelcast.
D. Amazon ElastiCache supports Memcached only.

A

Correct Answer: A
The cache engines supported by Amazon ElastiCache are Memcached and Redis. http://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/SelectEngine.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

You have been given the task to define multiple AWS Data Pipeline schedules for different activities in the same pipeline.
Which of the following would successfully accomplish this task?
A. Creating multiple pipeline definition files
B. Defining multiple pipeline definitions in your schedule objects file and associating the desired schedule to the correct activity via its schedule field
C. Defining multiple schedule objects in your pipeline definition file and associating the desired schedule to the correct activity via its schedule field
D. Defining multiple schedule objects in the schedule field

A

Correct Answer: C
To define multiple schedules for different activities in the same pipeline, in AWS Data Pipeline, you should define multiple schedule objects in your pipeline definition file and associate the desired schedule to the correct activity via its schedule field. As an example of this, it could allow you to define a pipeline in which log files are stored in Amazon S3 each hour to drive generation of an aggregate report once a day. https://aws.amazon.com/datapipeline/faqs/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

In a VPC, can you modify a set of DHCP options after you create them?
A. Yes, you can modify a set of DHCP options within 48 hours after creation and there are no VPCs associated with them.
B. Yes, you can modify a set of DHCP options any time after you create them.
C. No, you can’t modify a set of DHCP options after you create them.
D. Yes, you can modify a set of DHCP options within 24 hours after creation.

A

Correct Answer: C
After you create a set of DHCP options, you can’t modify them. If you want your VPC to use a different set of
DHCP options, you must create a new set and associate them with your VPC. You can also set up your VPC to use no DHCP options at all. http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_DHCP_Options.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A bucket owner has allowed another account’s IAM users to upload or access objects in his bucket. The IAM user of Account A is trying to access an object created by the IAM user of account B. What will happen in this scenario?
A. It is not possible to give permission to multiple IAM users
B. AWS S3 will verify proper rights given by the owner of Account A, the bucket owner as well as by the IAM user B to the object
C. The bucket policy may not be created as S3 will give error due to conflict of Access Rights
D. It is not possible that the IAM user of one account accesses objects of the other IAM user

A

Correct Answer: B
If a IAM user is trying to perform some action on an object belonging to another AWS user’s bucket, S3 will verify whether the owner of the IAM user has given sufficient permission to him. It also verifies the policy for the bucket as well as the policy defined by the object owner. http://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-auth-workflow-object-operation.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which statement is NOT true about a stack which has been created in a Virtual Private Cloud (VPC) in AWS
OpsWorks?
A. Subnets whose instances cannot communicate with the Internet are referred to as public subnets.
B. Subnets whose instances can communicate only with other instances in the VPC and cannot communicate directly with the Internet are referred to as private subnets.
C. All instances in the stack should have access to any package repositories that your operating system depends on, such as the Amazon Linux or Ubuntu Linux repositories.
D. Your app and custom cookbook repositories should be accessible for all instances in the stack.

A

Correct Answer: A
In AWS OpsWorks, you can control user access to a stack’s instances by creating it in a virtual private cloud
(VPC). For example, you might not want users to have direct access to your stack’s app servers or databases and instead require that all public traffic be channeled through an Elastic Load Balancer. A VPC consists of one or more subnets, each of which contains one or more instances. Each subnet has an associated routing table that directs outbound traffic based on its destination IP address. Instances within a VPC can generally communicate with each other, regardless of their subnet. Subnets whose instances can communicate with the
Internet are referred to as public subnets. Subnets whose instances can communicate only with other instances in the VPC and cannot communicate directly with the Internet are referred to as private subnets.
AWS OpsWorks requires the VPC to be configured so that every instance in the stack, including instances in private subnets, has access to the following endpoints:
The AWS OpsWorks service,
https://opsworks-instance-service.us-east-1.amazonaws.com
. Amazon S3
The package repositories for Amazon Linux or Ubuntu 12.04 LTS, depending on which operating system you specify.
Your app and custom cookbook repositories.
http://docs.aws.amazon.com/opsworks/latest/userguide/workingstacks-vpc.html#workingstacks-vpc-basics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

An organization has hosted an application on the EC2 instances. There will be multiple users connecting to the instance for setup and configuration of application. The organization is planning to implement certain security best practices.
Which of the below mentioned pointers will not help the organization achieve better security arrangement?
A. Allow only IAM users to connect with the EC2 instances with their own secret access key.
B. Create a procedure to revoke the access rights of the individual user when they are not required to connect to EC2 instance anymore for the purpose of application configuration.
C. Apply the latest patch of OS and always keep it updated.
D. Disable the password based login for all the users. All the users should use their own keys to connect with

A

Correct Answer: A
Since AWS is a public cloud any application hosted on EC2 is prone to hacker attacks. It becomes extremely important for a user to setup a proper security mechanism on the EC2 instances. A few of the security measures are listed below:
Always keep the OS updated with the latest patch
Always create separate users with in OS if they need to connect with the EC2 instances, create their keys and disable their password
Create a procedure using which the admin can revoke the access of the user when the business work on the
EC2 instance is completed. Lock down unnecessary ports.
Audit any proprietary applications that the user may be running on the EC2 instance Provide temporary escalated privileges, such as sudo for users who need to perform occasional privileged tasks
The IAM is useful when users are required to work with AWS resources and actions, such as launching an instance. It is not useful to connect (RDP / SSH) with an instance. http://aws.amazon.com/articles/1233/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q 
By default, temporary security credentials for an IAM user are valid for a maximum of 12 hours, but you can request a duration as long as \_\_\_\_\_\_\_\_\_ hours.
A. 24
B. 36
C. 10
D. 48
A

Correct Answer: B
By default, temporary security credentials for an IAM user are valid for a maximum of 12 hours, but you can request a duration as short as 15 minutes or as long as 36 hours. http://docs.aws.amazon.com/STS/latest/UsingSTS/CreatingSessionTokens.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What RAID method is used on the Cloud Block Storage back-end to implement a very high level of reliability and performance?
A. RAID 1 (Mirror)
B. RAID 5 (Blocks striped, distributed parity)
C. RAID 10 (Blocks mirrored and striped)
D. RAID 2 (Bit level striping)

A

Correct Answer: C
Cloud Block Storage back-end storage volumes employs the RAID 10 method to provide a very high level of reliability and performance. http://www.rackspace.com/knowledge_center/product-faq/cloud-block-storage

18
Q

One of the AWS account owners faced a major challenge in June as his account was hacked and the hacker deleted all the data from his AWS account. This resulted in a major blow to the business.
Which of the below mentioned steps would not have helped in preventing this action?
A. Setup an MFA for each user as well as for the root account user.
B. Take a backup of the critical data to offsite / on premise.
C. Create an AMI and a snapshot of the data at regular intervals as well as keep a copy to separate regions.
D. Do not share the AWS access and secret access keys with others as well do not store it inside programs,

A

Correct Answer: C
AWS security follows the shared security model where the user is as much responsible as Amazon. If the user wants to have secure access to AWS while hosting applications on EC2, the first security rule to follow is to enable MFA for all users. This will add an added security layer. In the second step, the user should never give his access or secret access keys to anyone as well as store inside programs. The better solution is to use IAM roles. For critical data of the organization, the user should keep an offsite/ in premise backup which will help to recover critical data in case of security breach. It is recommended to have AWS AMIs and snapshots as well as keep them at other regions so that they will help in the DR scenario. However, in case of a data security breach of the account they may not be very helpful as hacker can delete that.
Therefore, creating an AMI and a snapshot of the data at regular intervals as well as keep a copy to separate regions, would not have helped in preventing this action.

19
Q

With Amazon Elastic MapReduce (Amazon EMR) you can analyze and process vast amounts of data. The cluster is managed using an open-source framework called Hadoop. You have set up an application to run
Hadoop jobs. The application reads data from DynamoDB and generates a temporary file of 100 TBs.
The whole process runs for 30 minutes and the output of the job is stored to S3.
Which of the below mentioned options is the most cost effective solution in this case?
A. Use Spot Instances to run Hadoop jobs and configure them with EBS volumes for persistent data storage.
B. Use Spot Instances to run Hadoop jobs and configure them with ethereal storage for output file storage.
C. Use an on demand instance to run Hadoop jobs and configure them with EBS volumes for persistent storage.
D. Use an on demand instance to run Hadoop jobs and configure them with ephemeral storage for output file

A

Correct Answer: B
AWS EC2 Spot Instances allow the user to quote his own price for the EC2 computing capacity. The user can simply bid on the spare Amazon EC2 instances and run them whenever his bid exceeds the current Spot
Price. The Spot Instance pricing model complements the On-Demand and Reserved Instance pricing models, providing potentially the most cost-effective option for obtaining compute capacity, depending on the application. The only challenge with a Spot Instance is data persistence as the instance can be terminated whenever the spot price exceeds the bid price. In the current scenario a Hadoop job is a temporary job and does not run for a longer period. It fetches data from a persistent DynamoDB. Thus, even if the instance gets terminated there will be no data loss and the job can be re-run. As the output files are large temporary files, it will be useful to store data on ethereal storage for cost savings. http://aws.amazon.com/ec2/purchasing-options/spot-instances/

20
Q 
In Amazon SNS, to send push notifications to mobile devices using Amazon SNS and ADM, you need to obtain the following, except:
A. Device token
B. Client ID
C. Registration ID
D. Client secret
A

Correct Answer: A
To send push notifications to mobile devices using Amazon SNS and ADM, you need to obtain the following:
Registration ID and Client secret.
http://docs.aws.amazon.com/sns/latest/dg/SNSMobilePushPrereq.html

21
Q

True or False: “In the context of Amazon ElastiCache, from the application’s point of view, connecting to the cluster configuration endpoint is no different than connecting directly to an individual cache node.”
A. True, from the application’s point of view, connecting to the cluster configuration endpoint is no different than connecting directly to an individual cache node since, each has a unique node identifier.
B. True, from the application’s point of view, connecting to the cluster configuration endpoint is no different than connecting directly to an individual cache node.
C. False, you can connect to a cache node, but not to a cluster configuration endpoint.
D. False, you can connect to a cluster configuration endpoint, but not to a cache node.

A

Correct Answer: B
This is true. From the application’s point of view, connecting to the cluster configuration endpoint is no different than connecting directly to an individual cache node. In the process of connecting to cache nodes, the application resolves the configuration endpoint’s DNS name. Because the configuration endpoint maintains
CNAME entries for all of the cache nodes, the DNS name resolves to one of the nodes; the client can then connect to that node. http://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/
AutoDiscovery.HowAutoDiscoveryWorks.html

22
Q

An organization is setting up a highly scalable application using Elastic Beanstalk.
They are using Elastic Load Balancing (ELB) as well as a Virtual Private Cloud (VPC) with public and private subnets. They have the following requirements:
- All the EC2 instances should have a private IP
- All the EC2 instances should receive data via the ELB’s.
Which of these will not be needed in this setup?
A. Launch the EC2 instances with only the public subnet.
B. Create routing rules which will route all inbound traffic from ELB to the EC2 instances.
C. Configure ELB and NAT as a part of the public subnet only.
D. Create routing rules which will route all outbound traffic from the EC2 instances through NAT.

A

Correct Answer: A
The Amazon Virtual Private Cloud (Amazon VPC) allows the user to define a virtual networking environment in a private, isolated section of the Amazon Web Services (AWS) cloud. The user has complete control over the virtual networking environment. If the organization wants the Amazon EC2 instances to have a private IP address, he should create a public and private subnet for VPC in each Availability Zone (this is an AWS Elastic
Beanstalk requirement). The organization should add their public resources, such as ELB and NAT to the public subnet, and AWC Elastic Beanstalk will assign them unique elastic IP addresses (a static, public IP address). The organization should launch Amazon EC2 instances in a private subnet so that AWS Elastic
Beanstalk assigns them non-routable private IP addresses. Now the organization should configure route tables with the following rules:
✑ route all inbound traffic from ELB to EC2 instances
✑ route all outbound traffic from EC2 instances through NAT
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/AWSHowTo-vpc.html

23
Q

An EC2 instance that performs source/destination checks by default is launched in a private VPC subnet. All security, NACL, and routing definitions are configured as expected. A custom NAT instance is launched.
Which of the following must be done for the custom NAT instance to work?
A. The source/destination checks should be disabled on the NAT instance.
B. The NAT instance should be launched in public subnet.
C. The NAT instance should be configured with a public IP address.
D. The NAT instance should be configured with an elastic IP address.

A

Correct Answer: A
Each EC2 instance performs source/destination checks by default. This means that the instance must be the source or destination of any traffic it sends or receives. However, a NAT instance must be able to send and receive traffic when the source or destination is not itself. Therefore, you must disable source/destination checks on the NAT instance. http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/
VPC_NAT_Instance.html#EIP_DisableSrcDestCheck

24
Q

An organization has created multiple components of a single application for compartmentalization. Currently all the components are hosted on a single EC2 instance. Due to security reasons the organization wants to implement two separate SSLs for the separate modules although it is already using VPC.
How can the organization achieve this with a single instance?
A. You have to launch two instances each in a separate subnet and allow VPC peering for a single IP.
B. Create a VPC instance which will have multiple network interfaces with multiple elastic IP addresses.
C. Create a VPC instance which will have both the ACL and the security group attached to it and have separate rules for each IP address.
D. Create a VPC instance which will have multiple subnets attached to it and each will have a separate IP

A

Correct Answer: B
A Virtual Private Cloud (VPC) is a virtual network dedicated to the user’s AWS account. It enables the user to launch AWS resources into a virtual network that the user has defined. With VPC the user can specify multiple private IP addresses for his instances.
The number of network interfaces and private IP addresses that a user can specify for an instance depends on the instance type. With each network interface the organization can assign an EIP. This scenario helps when the user wants to host multiple websites on a single EC2 instance by using multiple SSL certificates on a single server and associating each certificate with a specific EIP address. It also helps in scenarios for operating network appliances, such as firewalls or load balancers that have multiple private IP addresses for each network interface. http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/MultipleIP.html

25
Q

An organization is making software for the CIA in USA. CIA agreed to host the application on AWS but in a secure environment. The organization is thinking of hosting the application on the AWS GovCloud region.
Which of the below mentioned difference is not correct when the organization is hosting on the AWS GovCloud in comparison with the AWS standard region?
A. The billing for the AWS GovCLoud will be in a different account than the Standard AWS account.
B. GovCloud region authentication is isolated from Amazon.com.
C. Physical and logical administrative access only to U.S. persons.
D. It is physically isolated and has logical network isolation from all the other regions.

A

Correct Answer: A
AWS GovCloud (US) is an isolated AWS region designed to allow U.S. government agencies and customers to move sensitive workloads into the cloud by addressing their specific regulatory and compliance requirements. The AWS GovCloud (US) Region adheres to the U.S. International Traffic in Arms Regulations
(ITAR) requirements. It has added advantages, such as:
Restricting physical and logical administrative access to U.S. persons only There will be a separate AWS
GovCloud (US) credentials, such as access key and secret access key than the standard AWS account
The user signs in with the IAM user name and password
The AWS GovCloud (US) Region authentication is completely isolated from Amazon.com If the organization is planning to host on EC2 in AWS GovCloud then it will be billed to standard AWS account of organization since
AWS GovCloud billing is linked with the standard AWS account and is not be billed separately http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/whatis.html

26
Q

How does in-memory caching improve the performance of applications in ElastiCache?
A. It improves application performance by deleting the requests that do not contain frequently accessed data.
B. It improves application performance by implementing good database indexing strategies.
C. It improves application performance by using a part of instance RAM for caching important data.
D. It improves application performance by storing critical pieces of data in memory for low-latency access.

A

Correct Answer: D
In Amazon ElastiCache, in-memory caching improves application performance by storing critical pieces of data in memory for low-latency access. Cached information may include the results of I/O-intensive database queries or the results of computationally intensive calculations. http://aws.amazon.com/elasticache/faqs/#g4

Question #207Topic 1

27
Q

A user is thinking to use EBS PIOPS volume.
Which of the below mentioned options is a right use case for the PIOPS EBS volume?
A. Analytics
B. System boot volume
C. Mongo DB
D. Log processing

A

Correct Answer: C
Provisioned IOPS volumes are designed to meet the needs of I/O-intensive workloads, particularly database workloads that are sensitive to storage performance and consistency in random access I/O throughput.
Provisioned IOPS volumes are designed to meet the needs of I/O-intensive workloads, particularly database workloads, that are sensitive to storage performance and consistency in random access I/O throughput business applications, database workloads, such as NoSQL DB, RDBMS, etc. http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html

28
Q

How can a user list the IAM Role configured as a part of the launch config?
A. as-describe-launch-configs -iam-profile
B. as-describe-launch-configs -show-long
C. as-describe-launch-configs -iam-role
D. as-describe-launch-configs -role

A

Correct Answer: B
As-describe-launch-configs describes all the launch config parameters created by the AWS account in the specified region. Generally, it returns values, such as Launch Config name, Instance Type and AMI ID. If the user wants additional parameters, such as the IAM Profile used in the config, he has to run command: as-describe-launch-configs –show-long

29
Q

An organization is setting up a multi-site solution where the application runs on premise as well as on AWS to achieve the minimum recovery time objective(RTO).
Which of the below mentioned configurations will not meet the requirements of the multi-site solution scenario?
A. Configure data replication based on RTO.
B. Keep an application running on premise as well as in AWS with full capacity.
C. Setup a single DB instance which will be accessed by both sites.
D. Setup a weighted DNS service like Route 53 to route traffic across sites.

A

Correct Answer: C
AWS has many solutions for DR (Disaster recovery) and HA (High Availability). When the organization wants to have HA and DR with multi-site solution, it should setup two sites: one on premise and the other on AWS with full capacity. The organization should setup a weighted DNS service which can route traffic to both sites based on the weightage. When one of the sites fails it can route the entire load to another site. The organization would have minimal RTO in this scenario. If the organization setups a single DB instance, it will not work well in failover.
Instead they should have two separate DBs in each site and setup data replication based on RTO (recovery time objective) of the organization. http://d36cz9buwru1tt.cloudfront.net/AWS_Disaster_Recovery.pdf

30
Q

Which of the following is true of an instance profile when an IAM role is created using the console?
A. The instance profile uses a different name.
B. The console gives the instance profile the same name as the role it corresponds to.
C. The instance profile should be created manually by a user.
D. The console creates the role and instance profile as separate actions.

A

Correct Answer: B
Amazon EC2 uses an instance profile as a container for an IAM role. When you create an IAM role using the console, the console creates an instance profile automatically and gives it the same name as the role it corresponds to. If you use the AWS CLI, API, or an AWS SDK to create a role, you create the role and instance profile as separate actions, and you might give them different names. http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html

31
Q

In the context of policies and permissions in AWS IAM, the Condition element is ____________.
A. crucial while writing the IAM policies
B. an optional element
C. always set to null
D. a mandatory element

A

Correct Answer: B
The Condition element (or Condition block) lets you specify conditions for when a policy is in effect. The
Condition element is optional.
http://docs.aws.amazon.com/IAM/latest/UserGuide/AccessPolicyLanguage_ElementDescriptions.html

32
Q

Which of the following is true while using an IAM role to grant permissions to applications running on Amazon
EC2 instances?
A. All applications on the instance share the same role, but different permissions.
B. All applications on the instance share multiple roles and permissions.
C. Multiple roles are assigned to an EC2 instance at a time.
D. Only one role can be assigned to an EC2 instance at a time.

A

Correct Answer: D
Only one role can be assigned to an EC2 instance at a time, and all applications on the instance share the same role and permissions. http://docs.aws.amazon.com/IAM/latest/UserGuide/role-usecase-ec2app.html

33
Q 
When using string conditions within IAM, short versions of the available comparators can be used instead of the more verbose ones. streqi is the short version of the \_\_\_\_\_\_\_ string condition.
A. StringEqualsIgnoreCase
B. StringNotEqualsIgnoreCase
C. StringLikeStringEquals
D. StringNotEquals
A

Correct Answer: A
When using string conditions within IAM, short versions of the available comparators can be used instead of the more verbose versions. For instance, streqi is the short version of StringEqualsIgnoreCase that checks for the exact match between two strings ignoring their case. http://awsdocs.s3.amazonaws.com/SNS/20100331/sns-gsg-2010-03-31.pdf

34
Q

Attempts, one of the three types of items associated with the schedule pipeline in the AWS Data Pipeline, provides robust data management.
Which of the following statements is NOT true about Attempts?
A. Attempts provide robust data management.
B. AWS Data Pipeline retries a failed operation until the count of retries reaches the maximum number of allowed retry attempts.
C. An AWS Data Pipeline Attempt object compiles the pipeline components to create a set of actionable instances.
D. AWS Data Pipeline Attempt objects track the various attempts, results, and failure reasons if applicable.

A

Correct Answer: C
Attempts, one of the three types of items associated with a schedule pipeline in AWS Data Pipeline, provides robust data management. AWS Data Pipeline retries a failed operation. It continues to do so until the task reaches the maximum number of allowed retry attempts. Attempt objects track the various attempts, results, and failure reasons if applicable. Essentially, it is the instance with a counter. AWS Data Pipeline performs retries using the same resources from the previous attempts, such as Amazon EMR clusters and EC2 instances. http://docs.aws.amazon.com/datapipeline/latest/DeveloperGuide/dp-how-tasks-scheduled.html

35
Q

Select the correct statement about Amazon ElastiCache.
A. It makes it easy to set up, manage, and scale a distributed in-memory cache environment in the cloud.
B. It allows you to quickly deploy your cache environment only if you install software.
C. It does not integrate with other Amazon Web Services.
D. It cannot run in the Amazon Virtual Private Cloud (Amazon VPC) environment.

A

Correct Answer: A
ElastiCache is a web service that makes it easy to set up, manage, and scale a distributed in memory cache environment in the cloud. It provides a high-performance, scalable, and cost- effective caching solution, while removing the complexity associated with deploying and managing a distributed cache environment. With
ElastiCache, you can quickly deploy your cache environment, without having to provision hardware or install software. http://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/WhatIs.html

36
Q 
In Amazon RDS for PostgreSQL, you can provision up to 3TB storage and 30,000 IOPS per database instance. For a workload with 50% writes and 50% reads running on a cr1.8xlarge instance, you can realize over 25,000 IOPS for PostgreSQL. However, by provisioning more than this limit, you may be able to achieve:
A. higher latency and lower throughput.
B. lower latency and higher throughput.
C. higher throughput only.
D. higher latency only.
A

Correct Answer: B
You can provision up to 3TB storage and 30,000 IOPS per database instance. For a workload with 50% writes and 50% reads running on a cr1.8xlarge instance, you can realize over 25,000 IOPS for PostgreSQL.
However, by provisioning more than this limit, you may be able to achieve lower latency and higher throughput.
Your actual realized IOPS may vary from the amount you provisioned based on your database workload, instance type, and database engine choice. https://aws.amazon.com/rds/postgresql/

37
Q

Which of the following cannot be done using AWS Data Pipeline?
A. Create complex data processing workloads that are fault tolerant, repeatable, and highly available.
B. Regularly access your data where it’s stored, transform and process it at scale, and efficiently transfer the results to another AWS service.
C. Generate reports over data that has been stored.
D. Move data between different AWS compute and storage services as well as on premise data sources at

A

Correct Answer: C
AWS Data Pipeline is a web service that helps you reliably process and move data between different AWS compute and storage services as well as on premise data sources at specified intervals. With AWS Data
Pipeline, you can regularly access your data where it’s stored, transform and process it at scale, and efficiently transfer the results to another AWS.
AWS Data Pipeline helps you easily create complex data processing workloads that are fault tolerant, repeatable, and highly available. AWS Data Pipeline also allows you to move and process data that was previously locked up in on premise data silos. http://aws.amazon.com/datapipeline/

38
Q

AWS Direct Connect itself has NO specific resources for you to control access to. Therefore, there are no
AWS Direct Connect Amazon Resource Names (ARNs) for you to use in an Identity and Access Management
(IAM) policy.
With that in mind, how is it possible to write a policy to control access to AWS Direct Connect actions?
A. You can leave the resource name field blank.
B. You can choose the name of the AWS Direct Connection as the resource.
C. You can use an asterisk (*) as the resource.
D. You can create a name for the resource.

A

Correct Answer: C
AWS Direct Connect itself has no specific resources for you to control access to. Therefore, there are no AWS
Direct Connect ARNs for you to use in an IAM policy. You use an asterisk (*) as the resource when writing a policy to control access to AWS Direct Connect actions. http://docs.aws.amazon.com/directconnect/latest/UserGuide/using_iam.html

39
Q 
Identify an application that polls AWS Data Pipeline for tasks and then performs those tasks.
A. A task executor
B. A task deployer
C. A task runner
D. A task optimizer
A

Correct Answer: C
A task runner is an application that polls AWS Data Pipeline for tasks and then performs those tasks. You can either use Task Runner as provided by AWS Data Pipeline, or create a custom Task Runner application.
Task Runner is a default implementation of a task runner that is provided by AWS Data Pipeline. When Task
Runner is installed and configured, it polls AWS Data Pipeline for tasks associated with pipelines that you have activated. When a task is assigned to Task Runner, it performs that task and reports its status back to AWS
Data Pipeline. If your workflow requires non-default behavior, you’ll need to implement that functionality in a custom task runner. http://docs.aws.amazon.com/datapipeline/latest/DeveloperGuide/dp-how-remote-taskrunner-client.html

40
Q

With respect to AWS Lambda permissions model, at the time you create a Lambda function, you specify an
IAM role that AWS Lambda can assume to execute your Lambda function on your behalf. This role is also referred to as the________role.
A. configuration
B. execution
C. delegation
D. dependency

A

Correct Answer: B
Regardless of how your Lambda function is invoked, AWS Lambda always executes the function. At the time you create a Lambda function, you specify an IAM role that AWS Lambda can assume to execute your
Lambda function on your behalf. This role is also referred to as the execution role. http://docs.aws.amazon.com/lambda/latest/dg/lambda-dg.pdf

Practice Exam simple (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions