Test - 2 Flashcards

Question 1

Q

Question 397  

A VPC public subnet is one that (Choose one of the correct option below):

A. Has at least one route in its associated routing table that uses an Internet gateway

B. Includes a route in its associated routing table via a Network Address Translation(NAT) instance.

C. Has a Network Access Control List (NACL) permitting outbound traffic to 0.0.0.0/0

D. Has the public Subnet option selected in its configuration

Answer

A

Answer: A

The public subnet has a route table that uses the internet gateway

For more information on public subnets please visit the below URL:
http: //docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenarioi.html

Question 2

Q

Question 398  

What action is required to establish an VPC VPN connection between an on- premise data center and an VPC virtual private gateway?

A. Assign a static internet-routable IP Address to an Amazon VPC customer gateway

B. Modify the main route table to allow traffic to a network address translation instance.

C. Use a dedicated network address translation instance in the public subnet

D. Establish a dedicated networking connection using Direct Connect

Answer

A

Answer: A

When defining a VPN connection between the on-premise network and the VPC, you need to have a customer gateway defined. Since this is accessed over the internet, it needs to have a static internet-routable IP Address.

For more information on VPC VPN connections please visit the below URLs:

http: //docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Introduction.html
http: //docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpn-connections.html

Question 3

Q

Question 399  

A startup company hired you to help them build a mobile application that will ultimately store billions of images and videos on S3. The company is lean on funding and wants to minimize operational costs however they have an aggressive marketing plan, and expect to double their current installation base every six months. Due to the nature of their business they are expecting a sudden and large increases in traffic to and from S3 and need to ensure that it can handle the performance needs of their application. What other information must you gather from this customer in order to determine whether S3 is the right option?

A. You must know how many customers the company has today because this is critical in understanding what their customer base will be in 2 years.

B. You must find out the total number of requests per second at peak usage.

C. You must know the size of the individual objects being written to S3, in order to properly design the key namespace.

D. In order to build the key namespace correctly you must understand the total amount of storage needs for each S3 bucket.

Answer

A

When you define an S3 bucket the billing is done on the requests.

If you go to the
URL: http://calculator.s3.amazonaws.com/index.html

which is the calculator for S3 costs, you can see that the cost is related to the total number of requests in addition to the storage. In order to find the estimated cost for the S3 storage, you should get a number of requests.

Question 4

Q

Question 400

  You have configuring a solution which uses EC2 Instances and an Elastic Load Balancer. Which of the following protocols can be used to ensure that traffic is secure from the client machine to the Elastic Load Balancer. Choose 2 answers from the options given below

A. HTTP

B. HTTPS

C. TCP

D. SSL

Answer

A

Answer: B, D

The HTTPS protocol uses the SSL protocol to establish secure connections over the HTTP layer. You can also use the SSL protocol to establish secure connections over the TCP layer.

For more information on ELB Listener configuration please see the below link:
http: //docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-listener-config.html

Question 5

Q

Question 401  

After creating a new AWS account, you use the API to request 40 on-demand EC2 instances in a single AZ. After 20 successful requests, subsequent requests failed. What could be a reason for this issue, and how can you resolve it?

A. You encountered a soft limit of 20 instances per region. Submit the limit increase form and retry the failed requests once approved.

B. AWS allows you to provision no more than 20 instances per AZ. Select a different AZ and retry the failed request.

C. You need to use VPC in order to provision more than 20 instances in a single AZ. Simply terminate the resources already provisioned and re-launch them all in a VPC.

D. You encountered an API throttling situation and should try the failed requests using an exponential decay retry algorithm.

Answer

A

Answer: A

There is a soft limits of 20 instances. Since this is across an instance family,
option B is wrong because it will not work even if you try another availability zone.

For more information on all service limits please visit the below URL:

https: //aws.amazon.com/ec2/faqs/#How_many_instances_can_I_run_in_Amazon_ECz2
http: //docs.aws.amazon.com/general/latest/gr/aws_service_limits.html

Question 6

Q

Question 402  

You have been tasked with creating a VPC network topology for your company. The VPC network must support both internet facing applications and internally-facing applications accessed only over VPN. Both Internet-facing and internally- applications must be able to leverage at least 3 AZs for high availability. At a minimum, how many subnets must you create within your VPC to accommodate these requirements?

A.2

B.3

C4

D.6

Answer

A

Internet as well as intranet(private) applications must be able to make use of at least three Availability Zones for high availability. So 3 subnets for internet and 3 subnets for private is 6 subnets in total.

For more information on VPC and subnets please visit the below URL:
http: //docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html

Question 7

Q

Question 403  

You receive a Linux Spot Instance at a bid of $0.05/hr. After 30 minutes, the Spot prices increases to $0.06/hr and your Spot Instance is terminated by AWS. What was the total EC2 compute cost of running your Spot Instances?

A. $0.025

B. $0.03

C. $0.05

D. $0.06

Answer

A

Answer: A

From 2nd October 2017, per second billing has come into effect for some EC2 instances and EBS. AWS per-second billing will apply to Linux. On-Demand, Reserved, and Spot EC2 instances. However, Per-second billing is not applicable to Microsoft Windows instances or to all Linux distributions, so some Linux AMIs may still have an hourly charge.

https://aws.amazon.com/blogs/aws/new-per-second-billing-for-ec2-instances-and-ebs-volumes/

With per-second billing effect, if AWS stops your instance, you will be billed for exactly what you have used. For example, if your you after a half an hour of use, you only pay for the 30 mins instead of a full hour.

For more information on spot instance pricing please visit the below URL:
https://aws.amazon.com/ec2/spot/pricing/

Question 8

Q

Question 404  

Which of the following is a durable key-value store?

A. Amazon Simple Storage Service

B. Amazon Simple Queue Service

C. Amazon Simple Workflow Service

D. Amazon Simple Notification Service

Answer

A

Answer: A

This is clearly given in the AWS documentations:

For more information on S3 please visit the below URLs:

http: //docs.aws.amazon.com/AmazonS3/latest/dev/UsingObjects.html
https: //aws.amazon.com/s3/details

Question 9

Q

Question 405

  In reviewing the Auto-Scaling events for your application you notice that your application is scaling up and down multiple times in the same hour. What design choice could you make to optimize for costs while preserving elasticity? Select 2 options.

A. Modify the Auto Scaling policy to use scheduled scaling actions

B. Modify the Auto Scaling Group cool down timers

C. Modify the Amazon Cloudwatch alarm period that triggers your AutoScaling scale down policy.

D. Modify the Auto Scaling group termination policy to terminate the newest instance first.

Answer

A

Answer: B, C

The Auto Scaling cooldown period is a configurable setting for your Auto Scaling group that helps to ensure that Auto Scaling doesn’t launch or terminate additional instances before the previous scaling activity takes effect. After the Auto Scaling group dynamically scales using a simple scaling policy, Auto Scaling waits for the cool down period to complete before resuming scaling activities. When you manually scale your Auto Scaling group, the default is not to wait for the cool down period, but you can override the default and honor the cooldown period. Note that if an instance becomes unhealthy, Auto Scaling does not wait for the cooldown period to complete before replacing the unhealthy instance.

For more information on Autoscale cool down timers please visit the URL:
http: //docs.aws.amazon.com/autoscaling/latest/userguide/Cooldown.html

You can also modify the CloudWatch triggers to ensure the thresholds are appropriate for the scale down policy.

For more information on Autoscaling user guide please visit the URL:
http://docs.aws.amazon.com/autoscaling/latest/userguide/as-scale-based-on-demand.html

Question 10

Q

Question 406

  Which route must be added to your routing table in order to allow connections to the internet from your subnet?

A. Destination:0.0.0.0/0–>Target:your internet gateway

B. Destination:192.168.1.257/0–>Target:your internet gateway

C. Destination:0.0.0.0/33–>Target:your virtual private gateway

D. Destination:0.0.0.0/0–> Target:0.0.0.0/24

Answer

A

Answer: A

The question indicates a public subnet. The public subnet has a route table that uses the internet gateway.

For more information on public subnets please visit the below URL:
http: //docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenarioi.html

Question 11

Q

Question 407

  You are deploying an application on Amazon EC2 that must call AWS API’s. What is the method for securely passing credentials to the application that you use?

A. Embed the API credentials into your JAR files.

B. Use the AWS Identity and Access Management (IAM) roles for EC2 instances

C. Store API credentials as an object in S3.

D. Pass API credentials to the instance using instance userdata.

Answer

A

Answer: B

An IAM role is similar to a user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it. Also, a role does not have any credentials (password or access keys) associated with it. Instead, if a user is assigned to a role, access keys are created dynamically and provided to the user.

For more information on IAM role please visit the below URL:
http: //docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html

Question 12

Q

Question 408  What are some of the metrics that are monitored by AWS Lambda? Choose 3 answers from the options given below.

A. Invocations

B. Duration

C. Errors

D. Database Changes

Answer

A

Answer: A, B, C

AWS Lambda automatically monitors functions on your behalf, reporting metrics through Amazon CloudWatch. These metrics include Invocations, Duration, and Errors.

For more information on Lambda metrics please visit the below URL:

https: //docs.aws.amazon.com/lambda/latest/dg/monitoring-functions-metrics.html
http: //docs.aws.amazon.com/lambda/latest/dg/monitoring-functions-access-metrics.html

Question 13

Q

Question 409  

There is a new facility from AWS which allows for fast, easy, and secure transfers of files over long distances between your client and your Amazon S3 bucket. What is this service called?

A. File Transfer

B. HTTP Transfer

C. S3 Transfer Acceleration

D. Kinesis Acceleration

Answer

A

Answer: C

To know more about S3 transfer acceleration, please visit the below URL:
http: //docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html

Question 14

Q

Question 410

  What are the languages currently supported by AWS Lambda? Choose 3 answers from the options given below.

A. Node.js

B. Angular.js

C. Java

D. C#

Answer

A

Answer: A, C, D

AWS Lambda runs your code on a high-availability compute infrastructure and performs all of the administration of the compute resources, including server and operating system maintenance, capacity provisioning and automatic scaling, code monitoring and logging. All you need to do is supply your code in one of the languages that AWS Lambda supports (currently Node.js, Java, C# and Python).

For more information on Lamda please visit the below URL:
http: //docs.aws.amazon.com/lambda/latest/dg/welcome.html

Question 15

Q

Question 411  

Your company has an application hosted in AWS which makes use of DynamoDB. There is a requirement from the IT security department to ensure that all source IP addresses which make calls to the DynamoDB tables are recorded. Which of the following services can be used to ensure this requirement is fulfilled.

A. AWS Code Commit

B. AWS Code Pipeline

C. AWS CloudTrail

D. AWS Cloudwatch

Answer

A

Answer: C

The AWS Documentation mentions the following DynamoDB is integrated with CloudTrail, a service that captures low-level API requests made by or on behalf of DynamoDB in your AWS account and delivers the log files to an Amazon S3 bucket that you specify. CloudTrail captures calls made from the DynamoDB console or from the DynamoDB low-level API. Using the information collected by CloudTrail, you can determine what request was made to DynamoDB, the source IP address from which the request was made, who made the request, when it was made, and so on.

For more information on DynamoDB and Cloudtrail, please refer to the below link:
http: //docs.aws.amazon.com/amazondynamodb/latest/developerguide/logging-using-cloudtrail.html

Question 16

Q

Question 412  

Which of the following statements are false about Amazon Glacier. Choose one answer from the options given below.

A. It supports archive operations of Upload, Download and Delete

B. The archives are mutable

C. Uploading an archive is a synchronous operation

D. Archives can be as large at 40TB

Answer

A

Answer: B

This is clearly given in the AWS documentation. A single archive can be as large as 40 terabytes. You can store an unlimited number of archives and an unlimited amount of data in Amazon Glacier. Each archive is assigned a unique archive ID at the time of creation, and the content of the archive is immutable, meaning that after an archive is created it cannot be updated.

For more information on AWS Glacier please visit the below URL:
https://aws.amazon.com/glacier/details/

Question 17

Q

Question 413

  Your company currently has a web application hosted on a single EC2 Instance.
The load on the application has increased over time and now the users are complaining
of slow response time. Which of the following implementations can help alleviate this
issue.

A. Attach an additional EBS Volume to the EC2 Instance and direct the application to make the reads from this new volume.

B. Attach an additional network interface with an Elastic IP so that requests can be made onto multiple IP’s.

C. Launch additional EC2 Instances in a web server farm type configuration and place them behind an Elastic Load Balancer.

D. Launch additional EC2 Instances in a web server farm type configuration and place them behind Routes53.

Answer

A

Answer: C

The AWS mentions the following about the Elastic Load balancer that can be used to help in this issue A load balancer distributes incoming application traffic across multiple EC2 instances in multiple Availability Zones. This increases the fault tolerance of your applications. Elastic Load Balancing detects unhealthy instances and routes traffic only to healthy instances. Your load balancer serves as a single point of contact for clients. This increases the availability of your application. You can add and remove instances from your load balancer as your needs change, without disrupting the overall flow of requests to your application. Elastic Load Balancing scales your load balancer as traffic to your application changes over time. Elastic Load Balancing can scale to the vast majority of workloads automatically.

For more information on the Elastic Load Balancer, please refer to the below link:
http: //docs.aws.amazon.com/elasticloadbalancing/latest/classic/introduction.html

Question 18

Q

Question 414  

Which of the following are used to get data records from Amazon Kinesis? Choose an answer from the options below

A. Consumer

B. Stream

C. Producer

D. None of the above

Answer

A

Answer: A

Aconsumer gets data records from Amazon Kinesis streams. A consumer, known
as an Amazon Kinesis Streams application, processes the data records from a stream.

For more information on AWS Kinesis consumers please visit the below URL:
http: //docs.aws.amazon.com/streams/latest/dev/amazon-kinesis-consumers.html

Question 19

Q

Question 415

  What is the maximum possible retention period for data in Kinesis Streams? Choose an answer from the options below.

A. 5 days

B. 7 days

C. 10 days

D. 24 hours

Answer

A

Answer: B

For more information on AWS Kinesis consumers please visit the below URL:
http: //docs.aws.amazon.com/streams/latest/dev/amazon-kinesis-consumers.html

Data records are accessible for a default of 24 hours from the time they are added toa stream. This time frame is called the retention period and is configurable in hourly increments from 24 to 168 hours (1 to 7 days).

Question 20

Q

Question 416  

Which of the following is false when you create an encrypted EBS volume?

Data is encrypted at rest inside the volume

B. Data is encrypted when it is moved from one instance to another in the same subnet.

C. Data is encrypted when data is moved between the volume and the instance

D. All snapshots created from the volume are encrypted

Answer

A

Answer: B

The AWS mentions the following about EBS Encryption Amazon EBS encryption offers you a simple encryption solution for your EBS volumes without the need for you to build, maintain, and secure your own key management infrastructure. When you create an encrypted EBS volume and attach it to a supported instance type, the following types of data are encrypted: -

Data at rest inside the volume -

All data moving between the volume and the instance -

All snapshots created from the volume

For more information on EBS Encryption, please refer to the below link:
http: //docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption. html

Question 21

Q

Question 417

  In AWS what constitutes temporary security credentials? Choose 3 answers from the options given below

A. AWS Access Key ID

B. Secret Access Key

C. Security Token

D. SSL Keys

Answer

A

Answer: A, B, C

This is given in the AWS documentation:

For more information on LAM please visit the below URL:
https://aws.amazon.com/iam/faqs/

Question 22

Q

Question 418

  Your company has a set of resources hosted in AWS. Your IT Supervisor is concerned with the costs being incurred with the current set of AWS resources and wants to monitor the cost usage. Which of the following mechanisms can be used to monitor the costs of the AWS resources and also look at the possibility of cost optimization. Choose 3 answers from the options given below

A. Use the Cost Explorer to see the costs of AWS resources

B. Create budgets in billing section so that budgets are set beforehand

C. Send all logs to Cloudwatch logs and inspect the logs for billing details

D. Consider using the Trusted Advisor

Answer

A

Answer: A, B, D

The AWS Documentation mentions the following

1) For a quick, high-level analysis use Cost Explorer, which is a free tool that you can use to view graphs of your AWS spend data. It includes a variety of filters and preconfigured views, as well as forecasting capabilities. Cost Explorer displays data from the last 13 months, the current month, and the forecasted costs for the next three months, and it updates this data daily.
2) Consider using budgets if you have a defined spending plan for a project or service and you want to track how close your usage and costs are to exceeding your budgeted amount. Budgets use data from Cost Explorer to provide you with a quick way to see your usage-to-date and current estimated charges from AWS. You can also set up notifications that warn you if you exceed or are about to exceed your budgeted amount.
3) Visit the AWS Trusted Advisor console regularly. Trusted Advisor works like a customized cloud expert, analyzing your AWS environment and providing best practice recommendations to help you save money, improve system performance and reliability, and close security gaps.

For more information on cost optimization, please visit the below URL:
https://aws.amazon.com/answers/account-management/cost-optimization-monitor/

Question 23

Q

Question 419

  Who are federated users when it comes to AWS? Choose an answer from the options given below

A. These are LAM users in aws

B. These are IAM groups in aws

C. These are Federated users (external identities) are users you manage outside of AWS in your corporate directory

D. None of the above

Answer

A

Answer: C

This is given in the AWS documentation: For more information on IAM please visit
the below URL: https://aws.amazon.com/iam/faqs/

Question 24

Q

Question 420

  As a solution architect, you have been asked to decide on whether to use Amazon EBS-backed or instance-store backed instance. What is one key difference between an Amazon EBS-backed and an instance-store backed instance that you need to keep in mind.

A. Amazon EBS-backed instances can be stopped and restarted.

B. Instance-store backed instances can be stopped and restarted.

C. Auto scaling requires using Amazon EBS-backed instances.

D. Virtual Private Cloud (VPC) requires EBS backed instances.

Answer

A

Answer: A

Amazon EBS-backed instances can be stopped and restarted.

Please visit the below URL for the key differences between EBS and instance store volumes:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ComponentsAMIs.html

Amazon EBS-backed AMI can be placed in stopped state where instance is not running, but the root volume is persisted in Amazon EBS. Amazon Instance store -backed AMI cannot be in stopped state; instances are running or terminated

Question 25

Q

Question 421

  Which of the following are not supported in the classic load balancer service provided by AWS? Choose an answer from the options given below.

A. Health Checks

B. Cloudwatch Metrics

C. Host Based Routing

D. Access Logs

Answer

A

Answer: C

This is clearly given in the AWS documentation: For more information on ELB please visit the below URL:
https://aws.amazon.com/elasticloadbalancing/classicloadbalancer/faqs/

Question 26

Q

Question 422

  Your company has an on-premise Active Directory setup in place. The company has extended their footprint on AWS , but still want to have the ability to use their on- premise Active Directory for authentication. Which of the following AWS services can be used to ensure that AWS resources such as AWS Workspaces can continue to use the existing credentials stored in the on-premise Active Directory.

A. Use the Active Directory service on AWS

B. Use the AWS Simple AD service

C. Use the Active Directory connector service on AWS

D. Use the ClassicLink feature on AWS

Answer

A

Answer: C

The AWS Documentation mentions the following AD Connector is a directory gateway with which you can redirect directory requests to your on-premises Microsoft Active Directory without caching any information in the cloud. AD Connector comes in two sizes, small and large. A small AD Connector is designed for smaller organizations of up to 500 users. A large AD Connector can support larger organizations of up to 5,000 users.

For more information on the AD connector, please refer to the below URL:
http://docs.aws.amazon.com/directoryservice/latest/admin-guide/directory_ad_connector.html

Question 27

Q

Question 423

  Which DNS record types does Amazon Route 53 support? Select 3 options.

A. A(address record)

B. AAAA(IPv6 address record)

C. TXT (txt record)

D. Host Information records (HINFO)

Answer

A

Answer: A, B, C

For more information on Route53, please visit the below URL:
https: //aws.amazon.com/route53/faqs/

Question 28

Q

Question 424

  A user has been created in IAM but the user is still not able to make API calls. After creating a new IAM user which of the following must be done before they can successfully make API calls?

A. Add a password to the user.

B. Enable Multi-Factor Authentication for the user.

C. Assign a Password Policy to the user.

D. Create a set of Access Keys for the user.

Answer

A

Answer: D

In IAM , when you create a user , you need to download the Access Key ID and Secret access key so that the user can access aws.

For more information on IAM please visit the following URL:
http: //docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html

Question 29

Q

Question 425

  Which of the following is not supported by AWS Import/Export?

Import to Amazon S3

B. Export from Amazon S3

C. Import to Amazon EBS

D. Import to Amazon Glacier

E. Export from Amazon Glacier

Answer

A

Answer: E

The AWS documentation mentions the following AWS Import/Export accelerates transferring data between the AWS cloud and portable storage devices that you mail to us. AWS Import/Export is a good choice if you have 16 terabytes (TB) or less of data to import into Amazon Simple Storage Service or Amazon Elastic Block Store (Amazon EBS). You can also export data from Amazon S3 with AWS Import/Export. Before Amazon Glacier data can be exported it needs to be restored to Amazon S3 using the S3 Lifecycle Restore feature For more information on AWS Import/Export.

please refer to the below link: https://docs.aws.amazon.com/amazonglacier/latest/dev/uploading-an-archive.html
http: //docs.aws.amazon.com/AWSImportExport/latest/DG/whatisdisk.html

Question 30

Q

Question 426

  Which of the following programming languages have an officially supported AWS SDK? Select 2 options.

A. PHP

B. Pascal

C. Java

D. SQL

E. Perl

Answer

A

Answer: A, C

This is as per the AWS documentation For more information on aws toolkits available, please refer to the below url: https://aws.amazon.com/tools/

Question 31

Q

Question 427

  When using the following AWS services, which should be implemented in multiple Availability Zones for high availability solutions? Choose 2 answers from the options below.

A. Amazon DynamoDB

B. Amazon Elastic Compute Cloud (EC2)

C. Amazon Elastic Load Balancing

D. Amazon Simple Storage Service (S3)

Answer

A

Answer: B, C

The snapshot from the AWS documentation shows how the ELB and EC2 instances get setup for high availability. You have the ELB placed in front of the instances. The instances are placed in different AZ’s. For more information on the ELB, please visit the below URL: https://aws.amazon.com/elasticloadbalancing/

Option A is wrong because the service runs across Amazon’s proven, high-availability data centers. The service replicates data across three facilities in an AWS Region to provide fault tolerance in the event of a server failure or Availability Zone outage.

Option D is wrong because Amazon Sg Standard and Standard - IA redundantly stores your objects on multiple devices across multiple facilities in an Amazon S3 Region. The service is designed to sustain concurrent device failures by quickly detecting and repairing any lost redundancy

Question 32

Q

Question 428  

Which of the following statements are true with regards to EBS Volumes. Choose 3 correct answers from the options given below

EBS Volumes are automatically replicated within that zone to prevent data loss due to failure of any single hardware component

B. EBS Volumes can be attached to any EC2 Instance in any AZ.

C. After you attach a volume, it appears as a native block device similar to a hard drive or other physical device.

D. An EBS volume can be attached to only one instance at a time

Answer

A

Answer: A, C, D

When you create an EBS volume in an Availability Zone, it is automatically replicated within that zone to prevent data loss due to failure of any single hardware component. After you create a volume, you can attach it to any EC2 instance in the same Availability Zone. After you attach a volume, it appears as a native block device similar to a hard drive or other physical device. At that point, the instance can interact with the volume just as it would with a local drive; the instance can format the EBS volume with a file system, such as ext3, and then install applications. An EBS volume can be attached to only one instance at a time within the same Availability Zone. However, multiple volumes can be attached to a single instance.

Option B is invalid because you can attach EBS Volumes to any EC2 instance in the same Availability Zone only

For more information on EBS Volumes, please visit the below URL:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumes.html

Question 33

Q

Question 429

  You are planning on hosting a static website on an EC2 Instance. Which of the below aspects can be used to create a highly available environment. Choose 3 answers from the options given below

A. An auto scaling group to recover from EC2 instance failures

B. Elastic Load Balancer

C. An SQS queue

D. Multiple Availability Zones

Answer

A

Answer: A, B, D

The diagram from AWS documentation shows an example of a high available architecture for hosting EC2 Instances Here you have the

1) ELB which is placed in front of the users which helps in directing the traffic to the EC2 Instances.
2) The EC2 Instances which are placed as part of an AutoScaling Group
3) And then you have multiple subnets which are mapped to multiple availability zones For a static web site , the SQS is not required to build such an environment. If you have a system such as an order processing systems , which has that sort of queuing of requests , then that could be a candidate for using SQS Queues.

For more information on high availability, please visit the below URL:
https://media.amazonwebservices.com/architecturecenter/AWS_ac_ra_ftha_o4.pdf

Question 34

Q

Question 430

  Which of the following services does not natively encrypts data at rest within an AWS region?
(Choose two.)

A. AWS Storage Gateway

B. Amazon DynamoDB

C. Amazon CloudFront

D. Amazon Glacier

E. Amazon Simple Queue Service

Answer

A

Answer: C, E

CloudFront and SQS do not have Encryption at Rest. All remaining options have Encryption at Rest. This is clearly given in the AWS documentation

For information on Amazon Glacier, please refer to the below link:
https://aws.amazon.com/glacier/faqs/

For information on Amazon Storage gateways, please refer to the below link:
https://aws.amazon.com/storagegateway/faqs/

On Feb 8 2018, Amazon announced Encryption at Rest for DynamoDB For information on Amazon DynamoDb Encryption at Rest,

please refer to the below link: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/EncryptionAtRest.html “

Question 35

Q

Question 431  

Amazon’s Redshift uses which block size for its columnar storage

A. 2KB

B. 8KB

C. 16KB

D. 32KB

E. 1024KB

Answer

A

Answer: E

Columnar storage for database tables is an important factor in optimizing analytic query performance because it drastically reduces the overall disk I/O requirements and reduces the amount of data you need to load from disk. Typical database block sizes efficient and further reduces the number of I/O requests needed to perform any database loading or other operations that are part of query execution. For more information on Redshift column storage,

please visit the below URL:
http: //docs.aws.amazon.com/redshift/latest/dg/c_columnar_storage_disk_mem_mgmnt.html

Question 36

Q

Question 432  

Which procedure for backing up a relational database on EC2 that is using a set of RAIDed EBS volumes for storage minimizes the time during which the database cannot be written to and results in a consistent backup?

A. 1. Detach EBS volumes, 2. Start EBS snapshot of volumes, 3. Re-attach EBS volumes

B. 1. Stop the EC2 Instance. 2. Snapshot the EBS volumes

C. 1. Suspend disk I/O, 2. Create an image of the EC2 Instance, 3. Resume disk 1/0

D. 1. Suspend disk I/O, 2. Start EBS snapshot of volumes, 3. Resume disk 1/0

E. 1. Suspend disk I/O, 2. Start EBS snapshot of volumes, 3. Wait for snapshots to
complete, 4. Resume disk

Answer

A

Answer: E

The AWS Documentation mentions the following when considering snapshot for EBS Volumes in a RAID configuration When you take a snapshot of an attached Amazon EBS volume that is in use, the snapshot excludes data cached by applications or the operating system. For a single EBS volume, this is often not a problem. However, when cached data is excluded from snapshots of multiple EBS volumes in a RAID array, restoring the volumes from the snapshots can degrade the integrity of the array. When creating snapshots of EBS volumes that are configured in a RAID array, it is critical that there is no data I/O to or from the volumes when the snapshots are created. RAID arrays introduce data interdependencies and a level of complexity not present in a single EBS volume configuration. For more information on this,

please refer to the below link:
https://aws.amazon.com/premiumsupport/knowledge-center/snapshot-ebs-raid-array/

Question 37

Q

Question 433

  For which of the following use cases are Simple Workflow Service (SWF) and Amazon EC2 an appropriate solution? Choose 2 answers

A. Using as an endpoint to collect thousands of data points per hour from a distributed fleet of sensors

B. Managing a multi-step and multi-decision checkout process of an e-commerce website

C. Orchestrating the execution of distributed and auditable business processes

D. Using as an SNS (Simple Notification Service) endpoint to trigger execution of video transcoding jobs

E. Using as a distributed session store for your web application

Answer

A

Answer: B, C

The AWS Documentation mentions the following on the AWS Simple Workflow service The Amazon Simple Workflow Service (Amazon SWF) makes it easier to develop asynchronous and distributed applications by providing a programming model and infrastructure for coordinating distributed components and maintaining their execution state in a reliable way. By relying on Amazon SWF, you are freed to focus on building the aspects of your application that differentiate it. For more information on the simple workflow service,

please refer to the below link:
http: //docs.aws.amazon.com/amazonswf/latest/developerguide/swf-dg-intro-to-swf.html

Question 38

Q

Question 434

  An instance can have many states that perform part of its lifecycle. Choose 3 options which are correct states of an instance lifecycle

A. rebooting

B. pending

C. running

D. Shutdown

Answer

A

Answer: A, B, C

The question indicates the different Instance states. For more information on Instance states,

please visit the url
http: //docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html

Question 39

Q

Question 435

  Which of the following can be used as an origin server in CloudFront? Choose 3 answers from the options given below.

A. A web server running on EC2

B. A web server running in your own datacenter

C. ARDS instance

D. An Amazon S3 bucket

Answer

A

Answer: A, B, D

Currently Cloudfront supports the following types of distributions $3 buckets - When you use Amazon S3 as an origin for your distribution, you place any objects that you want CloudFront to deliver in an Amazon S3 bucket. Custom Origin - A custom origin is an HTTP server, for example, a web server. The HTTP server can be an Amazon EC2 instance or an HTTP server that you manage privately. When you use a custom origin, you specify the DNS name of the server, along with the HTTP and HTTPS ports and the protocol that you want CloudFront to use when fetching objects from your origin.

For more information on Cloudfront Distributions, please visit the url
http: //docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DownloadDistS3AndCustomOrigins.html

Question 40

Q

Question 436

  A company has configured and peered two VPCs: VPC-1 and VPC-2. VPC-1 contains only private subnets, and VPC-2 contains only public subnets. The company uses a single AWS Direct Connect connection and private virtual interface to connect their on-premises network with VPC-1. Which two methods increases the fault tolerance of the connection to VPC-1? (Choose two.)

A. Establish a hardware VPN over the internet between VPC-2 and the on- premises network.

B. Establish a hardware VPN over the internet between VPC-1 and the on-premises network.

C. Establish a new AWS Direct Connect connection and private virtual interface in the same region as VPC-2.

D. Establish a new AWS Direct Connect connection and private virtual interface in a different AWS region than VPC-1.

E. Establish a new AWS Direct Connect connection and private virtual interface in the same AWS region as VPC-1

Answer

A

Answer: B, E

Having a VPN Connection is considered as a backup to a Direct Connect connection.

Please find the below article on configuring a VPN connection as a backup https://aws.amazon.com/premiumsupport/knowledge-center/configure-vpn-backup-dx/

One can also have another Direct Connect connection , so that if one goes down, the other one would still be active. This needs to be in the same region as VPC-1.

Question 41

Q

Question 437  

By default, what happens to data when an EC2 instance terminates? Select 3 options.

A. For EBS backed AMI, the root EBS volume with operating system preserved by default.

B. For EBS backed AMI, any volume attached apart from the OS volume is preserved

C. All the snapshots of the EBS volume with operating system is preserved

D. For S3 backed AMI, all the data in the local (ephemeral) hard drive is deleted

Answer

A

Answer: B, C, D

Option B is correct because when an instance is terminated, the volume will remain, unless you specifically delete the volume. When you create an instance, you have the root volume that does get deleted on deletion of the instance. But when you add a new volume, by default the “Delete on termination flag” is unchecked. So unless you don’t check this, the volume will remain.

Option C is correct because this is the whole idea of snapshots to remain even if the volume or instance is deleted.

Option D is correct because ephemeral storage is temporary storage by default and gets deleted when the system is terminated.

For more information on EBS volumes, please visit the link -
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumes.html

Question 42

Q

Question 438  

When storing sensitive data on the cloud which of the below options should be carried out on AWS? Choose 3 answers from the options given below.

A. With AWS you do not need to worry about encryption

B. Enable EBS Encryption

C. Encrypt the file system on an EBS volume using Linux tools

D. Enable S3 Encryption

Answer

A

Answer: B, C, D

Amazon EBS encryption offers you a simple encryption solution for your EBS volumes without the need for you to build, maintain, and secure your own key management infrastructure. When you create an encrypted EBS volume and attach it to a supported instance type, the following types of data are encrypted: Data at rest inside the volume. All data moving between the volume and the instance All snapshots created from the volume

For more information on EBS Encryption, please refer to the below link
http: //docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption. html

Data protection refers to protecting data while in-transit (as it travels to and from Amazon S3) and at rest (while it is stored on disks in Amazon S3 data centers). You can protect data in transit by using SSL or by using client-side encryption.

For more information on S3 Encryption, please refer to the below link
http: //docs.aws.amazon.com/AmazonS3/latest/dev/UsingEncryption.html

Question 43

Q

Question 439  When using the following AWS services, which should be implemented in multiple Availability Zones for high availability solutions? Choose 2 answers

A. Amazon DynamoDB

B. Amazon Elastic Compute Cloud (EC2)

C. Amazon Elastic Load Balancing

D. Amazon Simple Notification Service (SNS)

E. Amazon Simple Storage Service (S3)

Answer

A

Answer: B, C

It is an architecture sample using Elastic Load Balancer , EC2 and Autoscaling Here the web servers are scaled on demand using Autoscaling. They are then placed behind an ELB which is used to distribute the traffic amongst the instances. Also the Web servers are placed between multiple availability zones for fault tolerance.

For more information on best practices for web hosting, please refer to the below URL:
https://do.awsstatic.com/whitepapers/aws-web-hosting-best-practices.pdf

Question 44

Q

Question 440  What is the default period for EC2 cloudwatch data with detailed monitoring disabled?

A. One second

B. Five seconds

C. One minute

D. Three minutes

E. Five minutes

Answer

A

Answer: E

In Amazon CloudWatch for basic monitoring of EC2 instances, the important metrics are collected at five minute intervals and stored for two weeks.

CPU load
disk I/O
network I/O

For more information on Amazon Cloudwatch EC2 basic monitoring, please visit
https://aws.amazon.com/blogs/aws/amazon-cloudwatch-basic-monitoring-for-ec2-at-no-charge/

Question 45

Q

Question 441  You are a solutions architect working for a large digital media company. Your company is migrating their production estate to AWS and you are in the process of setting up access to the AWS console using Identity Access Management (IAM). You have created 5 users for your system administrators. What further steps do you need to take to enable your system administrators to get access to the AWS console?

A. Generate an Access Key ID & Secret Access Key, and give these to your system administrators.

B. Enable multi-factor authentication on their accounts and define a password policy.

C. Generate a password for each user created and give these passwords to your system administrators.

D. Give the system administrators the secret access key and access key id, and tell them to use these credentials to log in to the AWS console.

Answer

A

Answer: C

In order to allow the users to log into the console, you need to provide a password for the users. For more information on how to allow users to sign into an account,

please refer to the below URL:
http: //docs.aws.amazon.com/IAM/latest/UserGuide/getting-started_how-users-sign-in.html

Question 46

Q

Question 442

  Which technique can be used to integrate AWS LAM (Identity and Access Management) with an on-premise LDAP (Lightweight Directory Access Protocol) directory service?

A. Use an IAM policy that references the LDAP account identifiers and the AWS credentials.

B. Use SAML (Security Assertion Markup Language) to enable single sign-on between AWS and LDAP.

C. Use AWS Security Token Service from an identity broker to issue short-lived AWS credentials.

D. Use IAM roles to automatically rotate the LAM credentials when LDAP credentials are updated.

E. Use the LDAP credentials to restrict a group of users from launching specific EC2 instance types.

Answer

A

Answer: C

For more information on AWS and SAML, please refer to the below URL:
https://aws.amazon.com/blogs/aws/aws-identity-and-access-management-now-with-identity-federation/

Question 47

Q

Question 443  

Your fortune 500 company has under taken a TCO analysis evaluating the use of Amazon S3 versus acquiring more hardware The outcome was that ail employees would be granted access to use Amazon S3 for storage of their personal documents. Which of the following will you need to consider so you can set up a solution that incorporates single sign-on from your corporate AD or LDAP directory and restricts access for each user to a designated user folder in a bucket? Choose three answers from the options given below

A. Setting up a federation proxy or identity provider

B. Using AWS Security Token Service to generate temporary tokens

C. Tagging each folder in the bucket

D. Configuring LAM role

E. Setting up a matching LAM user for every user in your corporate directory that needs access to a folder in the bucket

Answer

A

Answer: A, B, D

The diagram shows how the setup is done using the Secure token service to achieve integration between AWS and an on premise Active Directory infrastructure. You need to have an identity provider such as Active Directory Federation services. The Secure Token service is used to generate temporary credentials. These credentials are then mapped to corresponding LAM roles.

For more information please refer to the below link:
http: //docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html

Question 48

Q

Question 444  

Which of the following are true regarding encrypted Amazon Elastic Block Store (EBS) volumes? Choose 2 answers

A. Supported on all Amazon EBS volume types

B. Snapshots are automatically encrypted

C. Available to all instance types

D. Existing volumes can be encrypted

E. shared volumes can be encrypted

Answer

A

Answer: A, B

Please note the keyword “encrypted” in the question.

Option C is wrong because this there are some instance types that need to IOPS storage and not EBS storage.

Option D is wrong because existing volumes cannot be encrypted.

Option E is wrong because Shared volumes cannot be encrypted.

EBS volumes can be applied to all of the below Volume types:
For more information on EBS volume types, please visit the link:
http: //docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption. html

Question 49

Q

Question 445

  For which of the following use cases are Simple Workflow Service (SWF) and Amazon EC2 an appropriate solution? Choose 2 answers

A. Using as an endpoint to collect thousands of data points per hour from a distributed fleet of sensors

B. Managing a multi-step and multi-decision checkout process of an e-commerce website

C. Orchestrating the execution of distributed and auditable business processes

D. Using as an SNS (Simple Notification Service) endpoint to trigger execution of video transcoding jobs

E. Using as a distributed session store for your web application

Answer

A

Answer: B, C

Amazon Simple Workflow Service (SWF) is a web service that makes it easy to coordinate work across distributed application components. Amazon SWF enables applications for a range of use cases, including media processing, web application back-ends, business process workflows, and analytics pipelines, to be designed as a coordination of tasks. For collection of data points, this is normally done via Amazon Kinesis, so

Option A is wrong. In SWF, you can create multi-step and decision processes for managing approvals during the workflow process, hence

Option B is correct. Since business processed can be orchestrated in AWF,

Option C is correct. Video transcoding videos generally don’t need SWF and rely more on SQS, hence

Option D is wrong. Option E is wrong because you need to use a caching solution for this and now SWF.

For more information on aws SWF - Please visit the URL -
https://aws.amazon.com/swf/faqs/

Question 50

Q

Question 446  

You need to configure an Amazon S3 bucket to serve static assets for your public-facing web application. Which methods ensure that all objects uploaded to the bucket are set to public read? Choose 2 answers

A. Set permissions on the object to public read during upload.

B. Configure the bucket ACL to set all objects to public read.

C. Configure the bucket policy to set all objects to public read.

D. Use AWS Identity and Access Management roles to set the bucket to public read.

E. Amazon S3 objects default to public read, so no action is needed.

Answer

A

Answer: A, C

To set permissions on buckets and objects, you can give permissions to the bucket beforehand or you can set the permissions to the bucket when an object is uploaded to S3. Option B is incorrect, you cannot configure ACL for all objects to a public read. Even though you can use AWS to create identities, you cannot use it to give public read to a bucket Option E is incorrect, because public read is not set by default. To implement public read, just go to bucket and Permissions section. Click on Add more permissions, choose the Grantee as Everyone, ensure all permissions are given and then click on the Save button.

For more information on access control, please visit the link:
http://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html

Question 51

Q

Question 447

  Which of the following are valid statements about Amazon S3? Choose 2 options.

A. 83 provides read-after-write consistency for any type of PUT or DELETE.

B. Consistency is not guaranteed for any type of PUT or DELETE.

C. A successful response to a PUT request only occurs when a complete object is saved.

D. Partially saved objects are immediately readable with a GET after an overwrite PUT.

E. S3 provides eventual consistency for overwrite PUTS and DELETES.

Answer

A

Answer: C, E

By default the documentation provides a clear description on the read and write consistency for objects on S3. Based on this information Option C and E are the right options.

For more information on S3, please visit the link -
https://aws.amazon.com/s3/faqs/

Question 52

Q

Question 448

  Which of the following are characteristics of a standard reserved instance? Choose 3 answers

It can be migrated across Availability Zones

B. It is specific to an Amazon Machine Image (AMI)

C. It can be applied to instances launched by Auto Scaling

D. It is specific to an instance Type

E. It can be used to lower Total Cost of Ownership (TCO) of a system

Answer

A

Answer: A, C, E

Option A is correct, because you can migrate instances between AZ’s.

Please refer to the link for the confirmation on this case -
http: //docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-modifying.html

Option D is incorrect because it is specific to instance family however instance type can be changed. Also when you create a reserved instance, you can see the Instance Type as an option.

Option E is correct, because reserved instances can be used to lower costs. Reserved Instances provide you with a discount on usage of EC2 instances, and a capacity reservation when they are applied to a specific Availability Zone, giving you additional confidence that you will be able to launch the instances you have reserved when you need them.

For more information on reserved instances, please visit the link -
https://aws.amazon.com/ec2/pricing/reserved-instances/

Question 53

Q

Question 449

  If you’re unable to connect via SSH to your EC2 instance, which of the following should you check and possibly correct to restore connectivity?

A. Adjust Security Group to permit egress traffic over TCP port 443 from your IP.

B. Configure the LAM role to permit changes to security group settings.

C. Modify the instance security group to allow ingress of ICMP packets from your IP.

D. Adjust the instance’s Security Group to permit ingress traffic over port 22 from your IP.

E. Apply the most recently released Operating System security patches.

Answer

A

Answer: D

A security group acts as a virtual firewall that controls the traffic for one or more instances. When you launch an instance, you associate one or more security groups with the instance. You add rules to each security group that allow traffic to or from its associated instances. For connecting via SSH on EC2, you need to ensure that port 22 is open on the security group for the EC2 instance.

Option A is wrong, because port 443 is for HTTPS and not for SSH.

Option B is wrong because LAM role is not pertinent to security groups

Option C is wrong because this is relevant to SSH and not ICMP

Option E is wrong because it does not matter what patches are there on the system

So in your EC2 Dashboard, go to Security groups, choose the relevant security group. Then click on Inbound rules and ensure there is a rule for TCP on port 22.

For more information on EC2 Security groups, please visit the url -
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security. html

Question 54

Q

Question 450

  An Auto-Scaling group spans 3 AZs and currently has 4 running EC2 instances. When Auto Scaling needs to terminate an EC2 instance by default, Auto Scaling will: Choose 2 answers.

A. Allow at least five minutes for Windows/Linux shutdown scripts to complete, before terminating the instance.

B. Terminate the instance with the least active network connections. If multiple instances meet this criterion, one will be randomly selected.

C. Send a SNS notification, if configured to do so.

D. Terminate an instance in the AZ which currently has 2 running EC2 instances.

E. Randomly select one of the 3 AZs, and then terminate an instance in that AZ.

Answer

A

Answer: C, D

In the above scenario, you would probably have 2 instances running in one AZ and one each running in the other AZ’s. The below diagram shows how the instances will be terminated and the policy used by Auto scaling. So it will select the AZ with the most running instances as per the flow chart and hence Option D is correct and Option A, B and E are wrong. Also Auto scaling allows for notification via SNS, so if that is enabled, it will send out the notification accordingly.

For more information on Auto scaling Termination, please visit the link:
http: //docs.aws.amazon.com/autoscaling/latest/userguide/as-instance-termination.html

Question 55

Q

Question 451  

In order to optimize performance for a compute cluster that requires low inter- node latency, which of the following feature should you use?

A. Multiple Availability Zones

B. AWS Direct Connect

C. EC2 Dedicated Instances

D. Placement Groups

E. VPC private subnets

Answer

A

Answer: D

Option A is wrong because Multi AZ’s are used to distribute your AWS resources and is not connected to clusters for low latency. Option B is wrong because this is used to connect on-premise data centers to AWS Option C is wrong because dedicated resources does not guarantee low latency. Option E is wrong because VPC private subnets resources does not guarantee low latency. A placement group is a logical grouping of instances within a single Availability Zone. Placement groups are recommended for applications that benefit from low network latency, high network throughput, or both.

For more information on placement groups please visit
http: //docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html

Question 56

Q

Question 452  

A company is preparing to give AWS Management Console access to developers Company policy mandates identity federation and role-based access control. Roles are currently assigned using groups in the corporate Active Directory. What combination of the following will give developers access to the AWS console? Choose 2 answers

A. AWS Directory Service AD Connector

B. AWS Directory Service Simple AD

C. AWS Identity and Access Management groups

D. AWS identity and Access Management roles

E. AWS identity and Access Management users

Answer

A

Answer: A,D

To enable trust relationship between AWS AD and Directory Service you need to create a New Role. After that, you need to assign Active Directory users or groups to those IAM roles. If roles are existing then you can assign Active Directory users or groups to existing LAM roles.

Find details below:
https://aws.amazon.com/blogs/security /how-to-connect-your-on-premises-active-directory-to-aws-using-ad-connector/

AWS Directory Service provides multiple ways to use Microsoft Active Directory with other AWS services. You can choose the directory service with the features you need at a cost that fits your budget. Use Simple AD if you need an inexpensive Active Directory—compatible service with the common directory features. Select AWS Directory Service for Microsoft Active Directory (Enterprise Edition) for a feature-rich managed Microsoft Active Directory hosted on the AWS cloud. The third option, AD Connector, lets you simply connect your existing on-premises Active Directory to AWS.

For more information on the Ad Connector, please visit
http: //docs.aws.amazon.com/directoryservice/latest/admin-guide/what_is.html

Question 57

Q

Question 453

  Which of the following are true regarding encrypted Amazon Elastic Block Store (EBS) volumes? Choose two answers from the options given below

A. Supported on all Amazon EBS volume types

B. Snapshots are automatically encrypted

C. Available to all instance types

D. Existing volumes can be encrypted

E. Shared volumes can be encrypted

Answer

A

Answer: A, B

The AWS Documentation mentions the following on EBS Volumes and is available for all volume types You can create EBS General Purpose SSD (gp2), Provisioned IOPS SSD (io1), Throughput Optimized HDD (st1), and Cold HDD (sc1) volumes up to 16 TiB in size The snapshots of encrypted EBS Volumes are automatically encrypted, this is given in the AWS documentation

For more information on EBS Volumes , please refer to the below URL:
http: //docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html

Question 58

Q

Question 454

  Which of the following are characteristics of Amazon VPC subnets? Choose 2 answers from the options given below

A. Each subnet spans at least 2 Availability Zones to provide a high-availability environment.

B. Each subnet maps to a single Availability Zone.

C. CIDR block mask of/25 is the smallest range supported.

D. By default, all subnets can route between each other, whether they are private or public.

E. Instances in a private subnet can communicate with the Internet only if they have an Elastic IP.

Answer

A

Answer: B, D

Please see the below for further justification. A subnet can only map to one availability zone. So from options A and B, B is correct. When you create a CIDR block, the least allowable is /28, so option C is wrong. Option E is wrong because EC2 instances in a private subnet will not be able to route anything on the internet even if they have an elastic IP.

Question 59

Q

Question 455

  Per the AWS Acceptable Use Policy, penetration testing of EC2 instances:

May be performed by AWS, and will be performed by AWS upon customer request.

B. May be performed by AWS, and is periodically performed by AWS.

C. Are expressly prohibited under all circumstances.

D. May be performed by the customer on their own instances with prior authorization from AWS.

E. May be performed by the customer on their own instances, only if performed from EC2 instances.

Answer

A

You need to take prior authorization from AWS before doing a penetration test on EC2 Instances.

Please refer to the below url for more details:
https://aws.amazon.com/security/penetration-testing/

Question 60

Q

Question 456  

How can you secure data at rest on an EBS volume?

A. Attach the volume to an instance using EC2’s SSL interface.

B. Write the data randomly instead of sequentially.

C. Encrypt the volume using the S3 server-side encryption service.

D. Create an IAM policy that restricts read and write access to the volume.

E. Use an encrypted file system on top of the EBS volume.

Answer

A

Answer: E

In order to secure data at rest on an EBS volume, you either have to encrypt the volume when it is being created or encrypt the data after the volume is created.

Question 61

Q

Question 457

  If you want to launch Amazon Elastic Compute Cloud (EC2) instances and assign each instance a private IP address in a predetermined range, you should: (choose one of the correct answer below)

A. Launch the instance from a private Amazon Machine Image (AMI).

B. Assign a group of sequential Elastic IP address to the instances.

C. Launch the instances in the Amazon Virtual Private Cloud (VPC).

D. Launch the instances in a Placement Group.

E. Use standard EC2 instances since each instance gets a private Domain Name Service (DNS) already.

Answer

A

Answer: C

This is the default reason for a VPC to host your own subnet and have EC2 instances have a private IP when it is launched in a VPC. Below is an example of an EC2 instance having a Private IP.

For more information on private IP addresses, please refer the below URL:
http: //docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing. html

Question 62

Q

Question 458  

Which of the following notification endpoints or clients are supported by Amazon Simple Notification Service? Choose 2 answers from the options below.

A. Email

B. CloudFront distribution

C. File Transfer Protocol

D. Short Message Service

E. Simple Network Management Protocol

Answer

A

Answer: A, D

When you create a subscription in SNS , these are the protocols available on your console.

Question 63

Q

Question 459  

Which of the following instance types are available as Amazon EBS-backed only? Choose 2 answers from the options below.

A. General purpose T2

B. General purpose M3

C. Compute-optimized C4

D. Compute-optimized C3

E. Storage-optimized I2

Answer

A

Answer: A, C

For details for all instance types, please visit the url -
https://aws.amazon.com/ec2/instance-types/

Question 64

Q

Question 460  

There is an urgent requirement to monitor few database metrics for a database hosted on AWS and send notifications. Which AWS services can accomplish this requirements? Choose 2 answers from the options given below.

A. Amazon Simple Email Service

B. Amazon CloudWatch

C. Amazon Simple Queue Service (SQS)

D. Amazon Route 53

E. Amazon Simple Notification Service (SNS)

Answer

A

Answer: B, E

Amazon Cloudwatch will be used to monitor the IOP’s metrics from the RDS instance and Amazon Simple Notification Service will be used to send the notification if any alarm is triggered.

For more information on Cloudwatch and SNS, please visit the below URLs:

https: //aws.amazon.com/cloudwatch/
https: //aws.amazon.com/sns/

Answer 65

A

Answer: B, E

As per the AWS documentation, if you have too few tasks , then you have nodes sitting idle. You can increase the number of simultaneous mapper tasks and reduce the size of the MapReduce job configuration

For more information on EMR tasks please visit the below URL:
http://docs.aws.amazon.com/emr/latest/DeveloperGuide/TaskConfiguration_H1.0.3.html

Answer 66

A

Answer: A, E

This is clearly given in the AWS documentation:

For more information on S3 please visit the below URL:
https://aws.amazon.com/s3/faqs/

Answer 67

A

Answer: D, E

If you read the question carefully, it asks you the scenario when only one AZ goes down at a time. The requirement is to make 6 instances always running even if any one of the AZ is goes down. The questions doesn’t ask you if any 2 or 3 AZ goes down at a time. Hence D and E ensures that always 6 instances are running if any one AZ goes down at a time. I hope this clears your doubts.Since we need 6 instances running at all times , only D and E fulfill this option. Option A is invalid , because if any one of Availability zones goes down , then we are left with only 4 running instances. Option B is invalid because if either us-west-2a or us-west-2b goes down then we are left with less than 6 instances. Option C is invalid if us-west-2a goes down then we are left with less than 6 instances

For more information on building fault tolerant applications in AWS , please refer to the below link
http: //media.amazonwebservices.com/AWS_Building_Fault_Tolerant_Applications.pdf

Answer 68

A

Answer: A, B, E

Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while managing time-consuming database administration tasks, freeing you up to focus on your applications and business. Amazon ElastiCache is a web service that makes it easy to deploy, operate, and scale an in-memory data store or cache in the cloud. The service improves the performance of web applications by allowing you to retrieve information from fast, managed, in-memory data stores, instead of relying entirely on slower disk-based databases.

Amazon DynamoDB Amazon DynamoDB is a fast and flexible NoSQL database service for all applications that need consistent, single-digit millisecond latency at any scale. It is a fully managed cloud database and supports both document and key-value store models. Its flexible data model and reliable performance make it a great fit for mobile, web, gaming, ad tech, IoT, and many other applications.

For more information on Amazon RDS please visit the below URL:
https://aws.amazon.com/rds/ Amazon Elastic Cache

For more information on Amazon Elastic Cache please visit the below URL:
https://aws.amazon.com/elasticache/

For more information on Amazon DynamoDB please visit the below URL:
https://aws.amazon.com/dynamodb/

Answer 69

A

Answer: B, D, F

Please find the AWS Documentation references for Elastic Cache and DynamoDB. Relational databases have always been a source for storing session data. Amazon ElastiCache is a web service that makes it easy to deploy, operate, and scale an in- memory data store or cache in the cloud. The service improves the performance of web applications by allowing you to retrieve information from fast, managed, in-memory data stores, instead of relying entirely on slower disk-based databases.

For more information on Elastic Cache , please refer to the below link
https: //aws.amazon.com/elasticache/

An example of managing session state via DynamoDB is given below
http://docs.aws.amazon.com/sdk-for-net/v2/developer-guide/dynamodb-session-net-sdk.html

Answer 70

A

Answer: B, D

Since the resources need to be separated and a separate governance model is required for each section of resources , then it’s better to have a separate AWS account for each division. Each division’s AWS account can sign up for consolidating billing to the main corporate account by creating AWS Organisations. The IT administrators can then be granted access via cross account role access.

For more information on consolidating billing, please visit the below URL:
http: //docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/consolidated-billing. html

Answer 71

A

Answer: B, C, D

Amazon DynamoDB stores structured data, indexed by primary key, and allows low latency read and write access to items ranging from 1 byte up to 400KB. Amazon S3 stores unstructured blobs and suited for storing large objects up to 5 TB. DynamoDB IS a good choice to store the metadata for a BLOB, such as name, date created, owner, etc… The Binary Large OBject itself would be stored in S3.

For more information on Amazon Dynamo DB, please visit
https://aws.amazon.com/dynamodb/faqs/

Answer 72

A

Answer: A, B, E

One can encrypt data in an S3 bucket using both server side encryption and client side encryption. The following techniques are available

. Use Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)

. Use Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS)

. Use Server-Side Encryption with Customer-Provided Keys (SSE-C)

. Use Client-Side Encryption with AWS KMS-—Managed Customer Master Key (CMK)

. Use Client-Side Encryption Using a Client-Side Master Key

For more information on using encryption, please refer to the below URL:
http: //docs.aws.amazon.com/AmazonS3/latest/dev/UsingEncryption.html

Answer 73

A

Answer: A, E

The AWS Documentation mentions the following With Amazon EBS, you can use any of the standard RAID configurations that you can use with a traditional bare metal server, as long as that particular RAID configuration is supported by the operating system for your instance. This is because all RAID is accomplished at the software level.

For greater I/O performance than you can achieve with a single volume, RAID o can stripe multiple volumes together; for on-instance redundancy, RAID 1 can mirror two volumes together.

For more information on RAID configuration, please refer to the below URL:
http: //docs.aws.amazon.com/AWSEC2/latest/UserGuide/raid-config.html

and then to offset the use of higher compute capacity, it is better to use a better instance type

For more information on Instance types, please refer to the below URL:
https://aws.amazon.com/ec2/instance-types/

Answer 74

A

Answer: C, D, E

The snapshot from the aws documentation shows the best architecture practices for avoiding DDos attacks.

For best practises against DDos attacks , please visit the below link
https://do.awsstatic.com/whitepapers/DDoS_White_Paper_June2015.pdf

Answer 75

A

Answer: A, C, D, F

Please view the shared responsibility model shared by AWS
https://aws.amazon.com/compliance/shared-responsibility-model/

Answer 76

A

Answer: A

Amazon S3 is a perfect storage layer for storing documents and other types of objects Amazon S3 also has the option for versioning as shown below. The versioning is on the bucket level and can be used to recover prior versions of an object.

For more information on Amazon S3, please visit the following URL:
https://aws.amazon.com/s3/

Answer 77

A

Answer: D, E

Option A is incorrect because if one AZ becomes unavailable, then you would only have 4 instances available which does not meet the requirement. Option B is incorrect because if either us-west-2a or us-west-2b becomes unavailable, then you would only have 3 instances available which does not meet the requirement. Option C is incorrect because if us-west-2a becomes unavailable, then you would only have 4 instances available which does not meet the requirement.

For more information on AWS Regions and Availability Zones, please visit the following URL:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html

Answer 78

A

Answer: D

One can create a Lambda function which can contain the code to process the file. You can then use the Event notification from the S3 bucket to invoke the Lambda function whenever the file is uploaded.

For more information on Amazon S3 event notification, please visit the following URL:
https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html

Answer 79

A

Answer: D

The AWS Documentation supports the mentioned requirements which is supported by AWS Aurora Amazon Aurora (Aurora) is a fully managed, MySQL- and PostgreSQL-compatible, relational database engine. It combines the speed and reliability of high-end commercial databases with the simplicity and cost-effectiveness of open-source databases. It delivers up to five times the throughput of MySQL and up to three times the throughput of PostgreSQL without requiring changes to most of your existing applications. All Aurora Replicas return the same data for query results with minimal replica lag—usually much less than 100 milliseconds after the primary instance has written an update

For more information on AWS Aurora, please visit the following URL:
http: //docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Aurora.Overview.html

Answer 80

A

Answer: A, C

The AWS Documentation clearly mentions that the Elastic Beanstalk component can be used to create Web Server environments and Worker environments

For more information on AWS Elastic beanstalk Web server environments, please visit the following URL: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/concepts-webserver.html

Answer 81

A

Answer: A, C

Since the database is used infrequently and really is not used throughout the day and the question mentions the MOST cost effective storage type, you need to choose EBS General Purpose SSD over EBS provisioned IOPS SSD.

For more information on AWS EBS Volumes, please visit the following URL:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumes.html

Answer 82

A

Answer: B

The AWS Documentation mentions the following Amazon EFS provides scalable file storage for use with Amazon EC2. You can create an EFS file system and configure your instances to mount the file system. You can use an EFS file system as a common data source for workloads and applications running on multiple instances

For more information on AWS EFS, please visit the following URL:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEFS.html

Answer 83

A

Answer: B

Amazon S3 Infrequent access is perfect if you want to store data that is not frequently access. It is must more cost effective than Option D of Amazon Sg Standard. And if you choose Amazon Glacier with expedited retrievals, then you defeat the whole purpose of the requirement, because you would have an increased cost with this option

For more information on AWS Storage classes, please visit the following URL:
https://aws.amazon.com/s3/storage-classes/

Answer 84

A

Answer: B

The AWS Documentation mentions the following Expedited retrievals allow you to quickly access your data when occasional urgent requests for a subset of archives are required.

For more information on AWS Glacier Retrieval, please visit the following
URL: https://docs.aws.amazon.com/amazonglacier /latest/dev/downloading-an-archive-two-steps.html

Answer 85

A

Answer: C

The AWS Documentation mentions the following An Internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the Internet. It therefore imposes no availability risks or bandwidth constraints on your network traffic.

For more information on the Internet gateway, please visit the following URL:
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Internet_Gateway-html

Answer 86

A

Answer: C, E

One of the main reasons for this is that not enough time is being given for the scaling activity to take effect and for the entire infrastructure to stabilize after the scaling activity. This can be defined by increasing the Autoscaling group cool down timers.

For more information on Autoscaling cool down, please visit the following URL:
https://docs.aws.amazon.com/autoscaling/ec2/userguide/Cooldown.html

Another reason is that you have defined the right threshold for the Cloudwatch alarm for the scale down policy.

For more information on Autoscaling dynamic scaling, please visit the following URL:
https: //docs.aws.amazon.com/autoscaling/ec2/userguide/as-scale-based-on-demand.html

Answer 87

A

Answer: B, C

This sort of setup is given in the AWS documentation.

1) To ensure that traffic can flow into your web server from anywhere on secure traffic, you need to allow inbound security at 443
2) And then ensure that traffic can flow from the database server to the web server via the database security group The below snapshot from the AWS Documentation shows the rules tables for the security groups which relate to the same requirements as the question

For more information on this use case scenario, please visit the following URL:
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html

Answer 88

A

Answer: A

If the request rate is high, then you can use hash keys or random strings to prefix the object name. In such a case, the partitions used to store the objects will be better distributed and hence allow for better read/write performance for your objects.

For more information on how to ensure performance in S3, please visit the following
URL: https://docs.aws.amazon.com/AmazonS3/latest/dev/request-rate-perf-considerations.html

Answer 89

A

Answer: D

The AWS Documentation mentions the following You can use roles to delegate access to users, applications, or services that don’t normally have access to your AWS resources Its not a best practice to use IAM credentials for any production based application. It’s always a good practice to use IAM Roles.

For more information on IAM Roles, please visit the following URL:
https://docs.aws.amazon.com/IAM /latest/UserGuide/id_roles.html

Answer 90

A

Answer: B

The AWS Documentation mentions the following on the benefits of using Cloudfront Amazon CloudFront is a web service that speeds up distribution of your static and dynamic web content, such as .html, .css, .js, and image files, to your users. CloudFront delivers your content through a worldwide network of data centers called edge locations. When a user requests content that you’re serving with CloudFront, the user is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance. If the content is already in the edge location with the lowest latency

For more information on AWS Cloudfront, please visit the following URL:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Introduction.btml

Answer 91

A

Answer: B

Option A is invalid since the records need to be stored in a highly scalable system

Option C is invalid since the records must be available for immediate download

Option D is invalid because it does not have the concept of the lifecycle policy

The AWS Documentation mentions the following on lifecycle policies Lifecycle configuration enables you to specify the lifecycle management of objects in a bucket.

The configuration is a set of one or more rules, where each rule defines an action for Amazon S3 to apply to a group of objects. These actions can be classified as follows:

- Transition actions — In which you define when objects transition to
another storage class. For example, you may choose to transition objects to the
STANDARD_IA (IA, for infrequent access) storage class 30 days after creation, or
archive objects to the GLACIER storage class one year after creation.

Expiration actions — In which you specify when the objects expire. Then
Amazon S3 deletes the expired objects on your behalf.

For more information on AWS S3 Lifecycle policies, please visit the following URL:
https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html

Answer 92

A

Answer: B

The AWS Documentation mentions the below on AWS Cloudformation. This supplements the requirement in the question for the consultants to use their architecture diagrams to construct cloudformation templates. AWS CloudFormation is a service that helps you model and set up your Amazon Web Services resources so that you can spend less time managing those resources and more time focusing on your applications that run in AWS. You create a template that describes all the AWS resources that you want (like Amazon EC2 instances or Amazon RDS DB instances), and AWS CloudFormation takes care of provisioning and configuring those resources for you.

For more information on AWS Cloudformation, please visit the following URL:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html

Answer 93

A

Answer: A

Option B is incorrect - The AWS Certificate manager can be used to generate SSL certificates that can be used to encrypt traffic in transit, but not at rest

Option C is incorrect is again used for issuing tokens when using API gateway for traffic in transit.

Option D is used for secure access to EC2 Instances

The AWS Documentation mentions the following on AWS KMS AWS Key Management Service (AWS KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data. AWS KMS is integrated with other AWS services including Amazon Elastic Block Store (Amazon EBS), Amazon Simple Storage Service (Amazon S3), Amazon Redshift, Amazon Elastic Transcoder, Amazon WorkMail, Amazon Relational Database Service (Amazon RDS), and others to make it simple to encrypt your data with encryption keys that you manage

For more information on AWS KMS, please visit the following URL:
https://docs.aws.amazon.com/kms/latest/developerguide/overview.html

Answer 94

A

Answer: A

Option B is incorrect because it does not help in durability of EBS Volumes

Option C is incorrect since EC2 Instance stores are not durable

Option D is incorrect since mirroring data across EBS volumes is inefficient, when you already have the option for
EBS snapshots

The AWS Documentation mentions the following on AWS EBS Snapshots You can back up the data on your Amazon EBS volumes to Amazon S3 by taking point-in-time snapshots. Snapshots are incremental backups, which means that only the blocks on the device that have changed after your most recent snapshot are saved. This minimizes the time required to create the snapshot and saves on storage costs by not duplicating data. When you delete a snapshot, only the data unique to that snapshot is removed. Each snapshot contains all of the information needed to restore your data (from the moment when the snapshot was taken) to a new EBS volume

For more information on AWS EBS Snapshots, please visit the following URL:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.html

Answer 95

A

Answer: C, D

The AWS Documentation mentions the following on the benefits for using NAT gateways and VPC endpoints for better and secure communication of private resources to public endpoints like $3 You can use a network address translation (NAT) gateway to enable instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a connection with those instances

For more information on AWS NAT Gateway, please visit the following URL:
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-gateway.html

A VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network.

For more information on AWS VPC endpoints, please visit the following URL:
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-endpoints.html

Answer 96

A

Answer: C

The AWS Documentation mentions the following on DynamoDB Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. The data in DynamoDB is stored in JSON format and hence is the perfect data store for the requirement in the question.

For more information on AWS DynamoDB, please visit the following URL:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ Introduction.html

Answer 97

A

Answer: B

Since the language is specified in the query string parameters, hence the Cloudfront should be configured for query string parameters

For more information on configuring cloudfront via Query string parameters, please visit the following URL:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/QueryStringParameters.html

Answer 98

A

Answer: D

The AWS Documentation mentions the following You can use Amazon SNS to send text messages, or SMS messages, to SMS-enabled devices. You can send a message directly to a phone number, or you can send a message to multiple phone numbers at once by subscribing those phone numbers to a topic and sending your message to the topic.

For more information on configuring SNS and SMS messages, please visit the
following URL: https://docs.aws.amazon.com/sns/latest/dg/SMSMessages.html

Answer 99

A

Answer: A

The AWS Documentation mentions the following With LAM roles for Amazon ECS tasks, you can specify an IAM role that can be used by the containers in a task. Applications must sign their AWS API requests with AWS credentials, and this feature provides a strategy for managing credentials for your applications to use, similar to the way that Amazon EC2 instance profiles provide credentials to EC2 instances.

For more information on configuring IAM Roles for tasks in ECS, please visit the following URL:
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html

Answer 100

A

Answer: A

The AWS Documentation mentions the following Amazon Redshift is a fully managed, petabyte-scale data warehouse service in the cloud. You can start with just a few hundred gigabytes of data and scale to a petabyte or more. This enables you to use your data to acquire new insights for your business and customers.

For more information on AWS Redshift, please visit the following URL:
https://docs.aws.amazon.com/redshift/latest/mgmt/welcome.html

Answer 101

A

Answer: B, D

DynamoDB and Elasticache are the perfect options for storing session data. The AWS Documentation mentions the following on these services Amazon DynamoDB is a fast and flexible NoSQL database service for all applications that need consistent, single-digit millisecond latency at any scale. It is a fully managed cloud database and supports both document and key-value store models. Its flexible data model, reliable performance, and automatic scaling of throughput capacity, makes it a great fit for mobile, web, gaming, ad tech, IoT, and many other applications

For more information on AWS DynamoDB, please visit the following URL:
https://aws.amazon.com/dynamodb/

ElastiCache is a web service that makes it easy to set up, manage, and scale a distributed in-memory data store or cache environment in the cloud. It provides a high-performance, scalable, and cost-effective caching solution, while removing the complexity associated with deploying and managing a distributed cache environment.

For more information on AWS Elasticache, please visit the following URL:
https://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/Whatls.html

Answer 102

A

Answer: B

Amazon S3 also has the option for versioning as shown below. The versioning is on the bucket level and can be used to recover prior versions of an object.

For more information on AWS S3 versioning, please visit the following URL:
https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html

Answer 103

A

Answer: D

Amazon Redshift has all the features which meet the requirements. The AWS Documentation mentions the following Amazon Redshift is a fully managed, petabyte- scale data warehouse service in the cloud. You can start with just a few hundred gigabytes of data and scale to a petabyte or more Amazon Redshift replicates all your data within your data warehouse cluster when it is loaded and also continuously backs up your data to S3. Amazon Redshift always attempts to maintain at least three copies of your data (the original and replica on the compute nodes and a backup in Amazon S3). Redshift can also asynchronously replicate your snapshots to $3 in another region for disaster recovery.

For more information on AWS Redshift, please visit the following
URL: https://docs.aws.amazon.com/redshift/latest/mgmt/welcome.html

Answer 104

A

Answer: A

Since there is a high performance requirement with high IOPS needed, one needs to opt for EBS Provisioned IOPS SSD The below snapshot from the AWS Documentation mentions the need of using Provisioned IOPS for better IOPS performance for database based applications.

For more information on AWS EBS Volume types, please visit the following URL:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html

Answer 105

A

Answer: B

The AWS Documentation mentions the following on lifecycle policies Lifecycle configuration enables you to specify the lifecycle management of objects in a bucket. The configuration is a set of one or more rules, where each rule defines an action for Amazon S3 to apply to a group of objects. These actions can be classified as follows:

Transition actions — In which you define when objects transition to another storage class. For example, you may choose to transition objects to the STANDARD_IA (IA, for infrequent access) storage class 30 days after creation, or archive objects to the GLACIER storage class one year after creation.
Expiration actions — In which you specify when the objects expire. Then Amazon S3 deletes the expired objects on your behalf.

For more information on AWS S3 Lifecycle policies, please visit the following URL:
https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html

Answer 106

A

Answer: D

The AWS Documentation mentions the following Amazon Elastic File System (Amazon EFS) provides simple, scalable file storage for use with Amazon EC2 instances in the AWS Cloud. Amazon EFS is easy to use and offers a simple interface that allows you to create and configure file systems quickly and easily. With Amazon EFS, storage capacity is elastic, growing and shrinking automatically as you add and remove files, so your applications have the storage they need, when they need it. When mounted on Amazon EC2 instances, an Amazon EFS file system provides a standard file system
interface and file system access semantics, allowing you to seamlessly integrate Amazon EFS with your existing applications and tools. Multiple Amazon EC2 instances can access an Amazon EFS file system at the same time, allowing Amazon EFS to provide a common data source for workloads and applications running on more than one Amazon EC2 instance.

For more information on AWS EFS, please visit the
following URL: https://aws.amazon.com/efs/

Answer 107

A

Answer: B

The below snippet from the AWS Documentation shows the server available for Web server environments that can be created via Elastic Beanstalk. The server shows that nginx servers can be provisioned via the Elastic Beanstalk service.

For more information on the supported platforms for AWS Elastic beanstalk, please visit the following URL:
https: //docs.aws.amazon.com/elasticbeanstalk/latest/dg/concepts.platforms.html

Answer 108

A

Answer: B

This recommendation for increasing performance if you have a high request rate in S3 is given in the AWS documentation

For more information on S3 performance considerations, please visit the following URL:
https://docs.aws.amazon.com/AmazonS3/latest/dev/request-rate-perf-considerations.html

Answer 109

A

Answer: B

The AWS Documentation mentions the following VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data is stored using Amazon CloudWatch Logs. After you’ve created a flow log, you can view and retrieve its data in Amazon CloudWatch Logs.

For more information on VPC Flow Logs, please visit the following URL:
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html

Answer 110

A

Answer: A

One can use SQS FIFO queues for this purpose. The AWS Documentation mentions the following on SQS FIFO Queues. Amazon SQS is a reliable and highly-scalable managed message queue service for storing messages in transit between application components. FIFO queues complement the existing Amazon SQS standard queues, which offer high throughput, best-effort ordering, and at-least-once delivery. FIFO queues have essentially the same features as standard queues, but provide the added benefits of supporting ordering and exactly-once processing. FIFO queues provide additional features that help prevent unintentional duplicates from being sent by message producers or from being received by message consumers. Additionally, message groups allow multiple separate ordered message streams within the same queue.

For more information on SQS FIFO Queues, please visit the following URL:
https://aws.amazon.com/about-aws/whats-new/2016/11/amazon-sqs-introduces-fifo-queues-with-exactly-once-processing-and-lower-prices-for-standard-queues/

Answer 111

A

Answer: C

AWS DynamoDB is a database that is schema-less and hence is ideal if you have multiple schema changes. It is also durable. Option A is incorrect because S3 is an object storage device and not a database. Option B is more of a data warehousing solution. Option D needs support for a constant schema and hence is not an ideal solution.

For more information on AWS Aurora, please visit the following URL:
http: //docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Aurora.Overview.html

Answer 112

A

Answer: B

The diagram in the article shows that snapshots are available for Redshift clusters which enables clusters to be available in different regions

For more information on managing Redshift snapshots, please visit the following URL:
https://docs.aws.amazon.com/redshift/latest/mgmt/managing-snapshots-console.html

Answer 113

A

Answer: B

The AWS Documentation mentions the following Amazon Redshift uses a hierarchy of encryption keys to encrypt the database. You can use either AWS Key Management Service (AWS KMS) or a hardware security module (HSM) to manage the top-level encryption keys in this hierarchy. The process that Amazon Redshift uses for encryption differs depending on how you manage keys.

For more information on Redshift encryption, please visit the following URL:
https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-db-encryption.html

Answer 114

A

Answer: A

When you consider block level storage , then you need to consider EBS Volumes.

Option B and C is incorrect since they are object level storage. Option D is incorrect since this is file level storage.

For more information on EBS volumes, please visit the following URL:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumes.html

Answer 115

A

Answer: C

When you are considering storage volume types for batch processing activities with large throughput , then consider using EBS Throughput Optimized volume type.

This is also mentioned in the AWS Documentation For more information on EBS volume types, please visit the following URL:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html

Answer 116

A

Answer: D

Option A and C are incorrect because you normally use these options when you want private resources to access the Internet.

Option B is incorrect since the resources are in the same region, so you don’t need a VPN connection.

The AWS Documentation mentions the following about VPC Peering A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them privately. Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your own VPCs, with a VPC in another AWS account, or with a VPC in a different AWS Region.

For more information on VPC Peering, please visit the following URL:
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-peering.html

Answer 117

A

Answer: C

One can simply start using the NAT gateway service and stop using the deployed NAT instances. But you need to ensure that the NAT gateway is deployed in the public subnet

For more information on migrating to a NAT gateway, please visit the following URL:
https://aws.amazon.com/premiumsupport/knowledge-center/migrate-nat-instance-gateway/

Answer 118

A

Answer: C

Since there is only one NAT instance, this is a bottleneck for the architecture. For high availability, launch NAT instances in multiple available zones and make it as part of an Autoscaling Group.

For more information on NAT Instances, please visit the following URL:
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html

Answer 119

A

Answer: B

Since the company has full ownership of the API, the best solution would be to convert the code for the API and use it in a Lambda function. You can save on cost, since in Lambda you don’t pay for any infrastructure and only pay for how much time the Lambda function runs. And then you can use the API gateway along with the AWS Lambda function which can scale accordingly.

For more information on using API gateway with AWS Lambda, please visit the following URL:
https://docs.aws.amazon.com/apigateway /latest/developerguide/getting-started-with-lambda-integration.html

Answer 120

A

Answer: A

Since there is a high performance requirement with high IOPS needed, one needs to opt for EBS Provisioned IOPS SSD The below snapshot from the AWS Documentation mentions the need of using Provisioned IOPS for better IOPS performance for database based applications.

For more information on AWS EBS Volume types, please visit the following URL:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html

Answer 121

A

Answer: C

The most efficient storage mechanism for just storing metadata is DynamoDB. DynamoDB is normally used in conjunction with the Simple Storage service. So after storing the images in S3 , you can store the metadata in DynamoDB. You can also create secondary indexes for DynamoDB Tables

For more information on managing indexes in DynamoDB, please visit the following URL:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/SQLtoNoSQL-Indexes.html

Answer 122

A

Answer: C

The AWS Documentation mentions the following Scaling based on a schedule allows you to scale your application in response to predictable load changes. For example, every week the traffic to your web application starts to increase on Wednesday, remains high on Thursday, and starts to decrease on Friday. You can plan your scaling activities based on the predictable traffic patterns of your web application. To configure your Auto Scaling group to scale based on a schedule, you create a scheduled action, which tells Amazon EC2 Auto Scaling to perform a scaling action at specified times.

For more information on Autoscaling scheduled scaling, please visit the following URL:
https://docs.aws.amazon.com/autoscaling/ec2/userguide/schedule_time.html

Answer 123

A

Answer: B

The AWS Documentation mentions the following A snapshot is constrained to the region where it was created. After you create a snapshot of an EBS volume, you can use it to create new volumes in the same region. For more information, see Restoring an Amazon EBS Volume from a Snapshot. You can also copy snapshots across regions, making it possible to use multiple regions for geographical expansion, data center migration, and disaster recovery

For more information on EBS Snapshots, please visit the following URL:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.html

Answer 124

A

Answer: A, C

AWS Cloudtrail can be used to monitor the API calls.

For more information on Cloudtrail, please visit the following URL: https://aws.amazon.com/cloudtrail/

When you use Cloudwatch metrics for an ELB, you can get the amount of read requests and latency out of the box.

For more information on using Cloudwatch with the ELB, please visit the following
URL: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-cloudwatch-metrics.html

Answer 125

A

Answer: A

The AWS Documentation mentions the following You can now turn on a trail across all regions for your AWS account. CloudTrail will deliver log files from all regions to the Amazon S3 bucket and an optional CloudWatch Logs log group you specified. Additionally, when AWS launches a new region, CloudTrail will create the same trail in the new region. As a result, you will receive log files containing API activity for the new region without taking any action.

For more information on this feature, please visit the following URL: https://aws.amazon.com/about-aws/whats-
new/2015/12/turn-on-cloudtrail-across-all-regions-and-support-for-multiple-trails/

Answer 126

A

Answer: C

The AWS Documentation mentions the following If you need low-latency access to your entire dataset, first configure your on-premises gateway to store all your data locally. Then asynchronously back up point-in-time snapshots of this data to Amazon S3. This configuration provides durable and inexpensive offsite backups that you can recover to your local data center or Amazon EC2. For example, if you need replacement capacity for disaster recovery, you can recover the backups to Amazon EC2.

For more information on the Storage gateway, please visit the following URL: https://docs.aws.amazon.com/storagegateway /latest/userguide/WhatIsStorageGateway-html

Answer 127

A

Answer: A

A VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network.

For more information on AWS VPC endpoints, please visit the following URL: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-endpoints.html

Answer 128

A

Answer: A, B

As soon as you see the requirement for scaling , automatically think of the Autoscaling service provided by AWS. This can be used to scale both the proxy servers and the backend instances.

For more information on Autoscaling, please visit the following URL:
https://docs.aws.amazon.com/autoscaling /plans/userguide/what-is-aws-auto-scaling.html

Answer 129

A

Answer: D

In a disaster recovery scenario , the best from the above options is to divert the traffic to a static web site. Option A is wrong because ELB can only balance traffic in one region and not across regions. Option B and C are incorrect because using backups across AZ’s is not enough for disaster recovery purposes.

For more information on disaster recovery in AWS, please visit the following URL:
https://aws.amazon.com/disaster-recovery/

Answer 130

A

Answer: B, C

You can host a static web site in S3. You need to ensure that the nameserver
records for the Route53 hosted zone are entered in your domain registrar.

For more information on website hosting in S3, please visit the following URL:
https: //docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html

Answer 131

A

Answer: C

Elastic cache is an in-memory solution that can be used in front of a database to cache the common queries issued against the database. This can reduce the overall load on the database.

Option A is incorrect because normally this is used for content distribution

Option B is partially correct , but you need to have one more database as an internal load balancing solution.

Option D is incorrect because SNS is a simple notification service.

For more information on Elasticache, please visit the following
URL: https://aws.amazon.com/elasticache/

Answer 132

A

Answer: C

Option A is incorrect because the Multi-AZ feature allows for high availability across availability zones and not regions. Option B and D are incorrect because Read Replica’s can be used to offload database reads. But if you want high availability then opt for the Multi-AZ feature. The AWS Documentation mentions the following Amazon RDS Multi-AZ deployments provide enhanced availability and durability for Database (DB) Instances, making them a natural fit for production database workloads. When you provision a Multi-AZ DB Instance, Amazon RDS automatically creates a primary DB Instance and synchronously replicates the data to a standby instance in a different Availability Zone (AZ).

For more information on AWS RDS Multi-AZ, please visit the following URL:
https://aws.amazon.com/rds/details/multi-az/

Answer 133

A

Answer: B

The ideal setup is to ensure that the web server is hosted in the public subnet so that it can be accessed by users on the internet. The database server can be hosted in the private subnet. The below diagram from the AWS Documentation shows how this can be setup

For more information on public and private subnets in AWS, please visit the following URL:
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html

Answer 134

A

Answer: B

The AWS Documentation mentions the following Amazon Kinesis Data Streams enables you to build custom applications that process or analyze streaming data for specialized needs. Kinesis Data Streams can continuously capture and store terabytes of data per hour from hundreds of thousands of sources such as website clickstreams, financial transactions, social media feeds, IT logs, and location-tracking events.

For more information on Amazon Kinesis, please visit the following URL:
https://aws.amazon.com/kinesis/data-streams/

Answer 135

A

Answer: A

The AWS Documentation mentions the following which perfectly matches this requirement Amazon Kinesis Data Firehose is the easiest way to load streaming data into data stores and analytics tools. It can capture, transform, and load streaming data into Amazon S3, Amazon Redshift, Amazon Elasticsearch Service, and Splunk, enabling near real-time analytics with existing business intelligence tools and dashboards you’re already using today.

For more information on Amazon Kinesis firehose, please visit the following URL: https://aws.amazon.com/kinesis/data-firehose/

Answer 136

A

Answer: B

Pre-signed URL’s are the perfect solution when you want to give temporary access to users for S3 buckets. So whenever a new profile is created, you can create a pre- signed URL to ensure that the URL lasts for a week to allow for users to upload the required objects.

For more information on pre-signed URL’s, please visit the following URL:
https://docs.aws.amazon.com/AmazonS3/latest/dev/PresignedUrlUploadObject.html

Answer 137

A

Answer: D

The Elastic Container service from AWS can be used for container orchestration. Since there are both critical and non-critical loads, one can use Spot instances for the non-critical workloads for ensuring cost is kept at a minimal.

For more information on AWS ECS, please visit the following URL:
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/Welcome.html

Answer 138

A

Answer: C

Amazon Glacier is the perfect solution for this. Since the agreed timeframe for retrieval is met at 8h, this will be the most cost effective option.

For more information on AWS Glacier, please visit the following URL:
https://aws.amazon.com/documentation/glacier/

Answer 139

A

Answer: C

The AWS Documentation mentions the following to support this If you want to route traffic approximately randomly to multiple resources, such as web servers, you can create one multivalue answer record for each resource and, optionally, associate an Amazon Route 53 health check with each record. For example, suppose you manage an HTTP web service with a dozen web servers that each have their own IP address. No one web server could handle all of the traffic, but if you create a dozen multi-value answer records, Amazon Route 53 responds to DNS queries with up to eight healthy records in response to each DNS query. Amazon Route 53 gives different answers to different DNS resolvers. If a web server becomes unavailable after a resolver caches a response, client software can try another IP address in the response.

For more information on this option, please visit the following URL:
https://aws.amazon.com/about-aws/whats-new/2017/06/amazon-route-53-announces-support-for-multivalue-answers-in-response-to-dns-queries/

Answer 140

A

Answer: A

In this case AWS Aurora would be the perfect choice

Option B is incorrect because joins is not supported in DynamoDB

Option C is incorrect because this is more an option for object storage

Option D is incorrect because this option is better for data warehousing solutions

For more information on AWS Aurora please visit the following URL:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Aurora.Overview.html

Answer 141

A

Answer: B

When you create a volume, you have the option to encrypt the volume using keys generated by the Key Management service.

For more information on using KMS, please refer to the below URL:
https://docs.aws.amazon.com/kms/latest/developerguide/services-ebs.html

Answer 142

A

Answer: D

For the sheer data size, the ideal storage unit would be to use AWS Redshift. The AWS Documentation mentions the following on AWS Redshift Amazon Redshift is a fully managed, petabyte-scale data warehouse service in the cloud. You can start with just a few hundred gigabytes of data and scale to a petabyte or more. This enables you to use your data to acquire new insights for your business and customers. The first step to create a data warehouse is to launch a set of nodes, called an Amazon Redshift cluster. After you provision your cluster, you can upload your data set and then perform data analysis queries. Regardless of the size of the data set, Amazon Redshift offers fast query performance using the same SQL-based tools and business intelligence applications that you use today.

For more information on AWS Redshift, please refer to the below URL:
https://docs.aws.amazon.com/redshift/latest/mgmt/welcome.html

Answer 143

A

Answer: B

The AWS Documentation mentions the following on Amazon Kinesis Amazon Kinesis makes it easy to collect, process, and analyze real-time, streaming data so you can get timely insights and react quickly to new information. Amazon Kinesis offers key capabilities to cost-effectively process streaming data at any scale, along with the flexibility to choose the tools that best suit the requirements of your application. With Amazon Kinesis, you can ingest real-time data such as video, audio, application logs, website clickstreams, and IoT telemetry data for machine learning, analytics, and other applications.

For more information on Amazon Kinesis, please refer to the below URL:
https://aws.amazon.com/kinesis/

Answer 144

A

Answer: B, D

Cloudwatch Events can be used to monitor the state change of EC2 Instances. You can choose the Event Source and the Event type as shown below. You can then have a AWS Lambda function as a target which can then be used to store the record in a DynamoDB table.

For more information on Cloudwatch events, please refer to the below URL:
https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/WhatIsCloudWatcEvents.html

Answer 145

A

Answer: C

The NAT gateway is the ideal option to ensure that instances in the private subnet
have the ability to download updates from the internet.

For more information on the NAT gateway, please refer to the below URL:
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-gateway.html

Answer 146

A

Answer: D

AWS Documentation also shows that the ideal and cost efficient storage type would be Cold HDD

For more information on EBS volume types, please refer to the below URL:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html

Answer 147

A

Answer: B

If you need storage for the Internet, then AWS Simple Storage service is the best option. Each file uploaded would automatically get a public URL which could be used to download the file at a later point in time.

For more information on Amazon S3, please refer to the below URL:
https://aws.amazon.com/s3/

Answer 148

A

Answer: B, C

The best secure option is to place the database in a private subnet. The below diagram from the AWS Documentation shows this setup. Also ensure that access is not allowed from all sources but just from the web servers.

For more information on this type of setup, please refer to the below URL:
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html

Answer 149

A

Answer: A

To always ensure secure access to AWS resources from EC2 Instances, always ensure to assign a Role to the EC2 Instance

For more information on IAM Roles, pleaserefer to the below URL:
https://docs.aws.amazon.com/IAM /latest/UserGuide/id_roles.html

Answer 150

A

Answer: D

The AWS Documentation mentions the following Amazon ElastiCache offers fully managed Redis and Memcached. Seamlessly deploy, operate, and scale popular open source compatible in-memory data stores. Build data-intensive apps or improve the performance of your existing apps by retrieving data from high throughput and low latency in-memory data stores. Amazon ElastiCache is a popular choice for Gaming, Ad-Tech, Financial Services, Healthcare, and IoT apps.

For more information on Elasticache, please refer to the below URL:
https://aws.amazon.com/elasticache/

Answer 151

A

Answer: D

One can use DynamoDB streams to monitor the changes to a DynamoDB table The AWS Documentation mentions the following A DynamoDB stream is an ordered flow of information about changes to items in an Amazon DynamoDB table. When you enable a stream on a table, DynamoDB captures information about every modification to data items in the table.

For more information on DynamoDB streams, please refer to the below URL:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Streams.html

If you enable DynamoDB Streams on a table, you can associate the stream ARN with a Lambda function that you write. Immediately after an item in the table is modified, a new record appears in the table’s stream. AWS Lambda polls the stream and invokes your Lambda function synchronously when it detects new stream records. Since wehave a requirement that when an item is modified in a DynamoDB table, an immediate entry need to be made to an associating application a lambda function is also required.

For more information on DynamoDB streams Lambda, please refer to the below URL:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Streams.Lambda.html

Answer 152

A

Answer: B

The ideal option would be to make use of AWS Simple Queue Service to manage the messages between the application components. The AWS SQS service is a highly scalable and durable service.

For more information on Amazon SQS, please refer to the
below URL: https://aws.amazon.com/sqs/

Answer 153

A

Answer: C

The AWS Documentation mentions the following Amazon RDS Read Replicas provide enhanced performance and durability for database (DB) instances. This feature makes it easy to elastically scale out beyond the capacity constraints of a single DB instance for read-heavy database workloads. You can create one or more replicas of a given source DB Instance and serve high-volume application read traffic from multiple copies of your data, thereby increasing aggregate read throughput

For more information on Amazon Read Replica’s, please refer to the below URL:
https://aws.amazon.com/rds/details/read-replicas/

Answer 154

A

Answer: D

The AWS Documentation mentions the following which can be used to support the requirement Lifecycle configuration enables you to specify the lifecycle management of objects in a bucket. The configuration is a set of one or more rules, where each rule defines an action for Amazon S3 to apply to a group of objects.

These actions can be classified as follows:

- Transition actions — In which you define when objects transition to
another storage class. For example, you may choose to transition objects to the
STANDARD_IA (IA, for infrequent access) storage class 30 days after creation, or
archive objects to the GLACIER storage class one year after creation.

Expiration actions — In which you specify when the objects expire. Then Amazon S3 deletes the
expired objects on your behalf.

For more information on S3 lifecycle policies, please refer to the below URL: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html

Answer 155

A

Answer: D

The AWS Documentation mentions the following A VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network.

For more information on VPC endpoints, please refer to the below URL:
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-endpoints.html

Answer 156

A

Answer: C

The AWS Documentation mentions the following When you provision an Amazon Redshift cluster, it is locked down by default so nobody has access to it. To grant other users inbound access to an Amazon Redshift cluster, you associate the cluster with a security group.

For more information on Redshift Security Groups, please refer to the below URL: https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-security-groups.html

Answer 157

A

Answer: D

The AWS Documentation mentions the following Amazon CloudFront is a web service that speeds up distribution of your static and dynamic web content, such as -html, .css, .js, and image files, to your users. CloudFront delivers your content through a worldwide network of data centers called edge locations. When a user requests content that you’re serving with CloudFront, the user is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance.

For more information on Amazon Cloudfront, please refer to the below URL:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Introduction.btml

Answer 158

A

Answer: B

The AWS Documentation mentions the following If you have resources in multiple Availability Zones and they share one NAT gateway, in the event that the NAT gateway’s Availability Zone is down, resources in the other Availability Zones lose internet access. To create an Availability Zone-independent architecture, create a NAT gateway in each Availability Zone and configure your routing to ensure that resources use the NAT gateway in the same Availability Zone.

For more information on the NAT gateway, please refer to the below URL:
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-gateway.html

Answer 159

A

Answer: B

The AWS Documentation mentions the following Amazon Aurora (Aurora) is a fully managed, MySQL- and PostgreSQL-compatible, relational database engine. It combines the speed and reliability of high-end commercial databases with the simplicity and cost-effectiveness of open-source databases. It delivers up to five times the throughput of MySQL and up to three times the throughput of PostgreSQL without requiring changes to most of your existing applications.

For more information on AWS Aurora, please refer to the below URL:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Aurora.Overview.html

Answer 160

A

Answer: C

The diagram from the AWS Documentation shows the right setup for this.

For more information on this setup, please refer to the below URL:
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-gateway.html

Answer 161

A

Answer: B

One can directly create a pre-signed URL for the images to be uploaded. So the S3 bucket owner can create the pre-signed URL’s to upload the images to S3.

For more information on pre-signed URL’s, please refer to the below URL:
https://docs.aws.amazon.com/AmazonS3/latest/dev/PresignedUrlUploadObject.html

Answer 162

A

Answer: B

The snapshot from the AWS Documentation also shows that the ideal storage option is Provisioned IOPS SSD because this will provide a high number of IOPS for the underlying database.

For more information on EBS volume types, please refer to the below URL:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html

Answer 163

A

Answer: A

Routes3 health checks can be used for any endpoint which can be accessed via the Internet. Hence this would be an ideal option for monitoring the endpoints. The AWS Documentation mentions the following You can configure a health check that monitors an endpoint that you specify either by IP address or by domain name. At regular intervals that you specify, Route 53 submits automated requests over the internet to your application, server, or other resource to verify that it’s reachable, available and functional.

For more information on Route53 Health checks, please refer to the below URL: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-simple-configs.html

Answer 164

A

Answer: B

The AWS Documentation provides the following information that can be used to support this requirement Amazon Kinesis makes it easy to collect, process, and analyze real-time, streaming data so you can get timely insights and react quickly to new information. Amazon Kinesis offers key capabilities to cost-effectively process streaming data at any scale, along with the flexibility to choose the tools that best suit the requirements of your application. With Amazon Kinesis, you can ingest real-time data such as video, audio, application logs, website clickstreams, and IoT telemetry data for machine learning, analytics, and other applications. For more information on Amazon Kinesis, please refer to the below URL: https: //aws.amazon.com/kinesis/

Answer 165

A

Answer: D

The AWS Documentation provides the following information to support this concept Balancing resources across Availability Zones is a best practice for well- architected applications, as this greatly increases aggregate system availability. Auto
Scaling automatically balances EC2 instances across zones when you configure multiple zones in your Auto Scaling group settings. Auto Scaling always launches new instances such that they are balanced between zones as evenly as possible across the entire fleet.

For more information on Managing resources with Autoscaling, please refer to the
below URL: https://aws.amazon.com/blogs/compute/fleet-management-made-easy-with-auto-scaling/

Answer 166

A

Answer: C

Option A is incorrect because this is normally used for petabyte based storage

Option B is incorrect because this is used for archive storage

Option D is incorrect because this used for messaging purposes.

AWS DynamoDB is the best light weight and durable storage option for the metadata.

For more information on DynamoDB, please
refer to the below URL: https://aws.amazon.com/dynamodb/

Answer 167

A

Answer: D

The AWS Documentation mentions the following With Elastic Beanstalk, you can quickly deploy and manage applications in the AWS Cloud without worrying about the infrastructure that runs those applications. AWS Elastic Beanstalk reduces management complexity without restricting choice or control. You simply upload your application, and Elastic Beanstalk automatically handles the details of capacity provisioning, load balancing, scaling, and application health monitoring

For more information on AWS Elastic beanstalk. please refer to the below URL:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/Welcome.html

Answer 168

A

Answer: C

Amazon EFS provides scalable file storage for use with Amazon EC2. You can create an EFS file system and configure your instances to mount the file system. You can use an EFS file system as a common data source for workloads and applications running on multiple instances

For more information on AWS EFS, please visit the following URL:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEFS.html

Answer 169

A

Answer: B

Amazon S3 Infrequent access is perfect if you want to store data that is not frequently access. It is must more cost effective than Option D of Amazon Sg Standard. And if you choose Amazon Glacier with expedited retrievals, then you defeat the whole purpose of the requirement, because you would have an increased cost with this option

For more information on AWS Storage classes, please visit the following URL:
https://aws.amazon.com/s3/storage-classes/

Answer 170

A

Answer: C

The AWS Documentation mentions the following An Internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the Internet. It therefore imposes no availability risks or bandwidth constraints on your network traffic.

For more information on the Internet gateway, please visit the following URL:
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Internet_Gateway-html

Answer 171

A

Answer: A

If you scaling events are not based on the right metrics and have the right threshold defined, then the scaling will not occur as you want it to happen.

For more information on Autoscaling Dynamic Scaling, please visit the following URL: https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-scale-based-on-demand.html

Answer 172

A

Answer: C

This sort of setup is given in the AWS documentation.

1) To ensure that traffic can flow into your web server from anywhere on secure traffic, you need to allow inbound security at 443
2) And then ensure that traffic can flow from the database server to the web server via the database security group The snapshot from the AWS Documentation shows the rules tables for the security groups which relate to the same requirements as the question

For more information on this use case scenario, please visit the following URL:
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html

Answer 173

A

Answer: A

If the request rate is high, then you can use hash keys or random strings to prefix the object name. In such a case, the partitions used to store the objects will be better distributed and hence allow for better read/write performance for your objects.

For more information on how to ensure performance in S3, please visit the following URL:
https://docs.aws.amazon.com/AmazonS3/latest/dev/request-rate-perf-considerations.html

Answer 174

A

Answer: B

The AWS Documentation provides the following information to support this requirement AWS CloudFormation provisions your resources in a safe, repeatable manner, allowing you to build and rebuild your infrastructure and applications, without having to perform manual actions or write custom scripts. CloudFormation takes care of determining the right operations to perform when managing your stack, and rolls back changes automatically if errors are detected.

For more information on AWS Cloudformation, please visit the following URL:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html

Answer 175

A

Answer: C

Option A and B are incorrect, because you can’t directly copy EBS volumes

Option D is incorrect, because disaster recovery always looks at ensuring resources are created in another region.

The AWS Documentation provides the following information to support this requirement A snapshot is constrained to the region where it was created. After you create a snapshot of an EBS volume, you can use it to create new volumes in the same region. For more information, see Restoring an Amazon EBS Volume from a Snapshot. You can also copy snapshots across regions, making it possible to use multiple regions for geographical expansion, data center migration, and disaster recovery

For more information on EBS Snapshots, please visit the following URL:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.html

Answer 176

A

Answer: A, C

The AWS Documentation mentions the following If you run PCI or HIPAA- compliant workloads, based on the AWS Shared Responsibility Model, we recommend that you log your CloudFront usage data for the last 365 days for future auditing purposes. To log usage data, you can do the following:

Enable CloudFront access logs.
Capture requests that are sent to the CloudFront API.

For more information on compliance with Cloudfront, please visit the following URL:
https://docs.aws.amazon.com/AmazonCloudFront/latest/ DeveloperGuide/compliance-html

Answer 177

A

Answer: C

Use the SNS service to send the notification The AWS Documentation mentions the following Amazon Simple Notification Service (Amazon SNS) is a web service that coordinates and manages the delivery or sending of messages to subscribing endpoints or clients.

For more information on AWS SNS, please visit the following URL:
https://docs.aws.amazon.com/sns/latest/dg/welcome.html

Answer 178

A

Answer: D

One can create an AMI from the EC2 instances and then copy them to another region. In case of a disaster, you can create an EC2 Instance from the AMI Option A and B are good options for fault tolerance, but cannot help completely in a disaster recovery for the EC2 Instances Option C is incorrect because we don’t know what is hosted on the EC2 instance to make any sort of judgement as to whether cloudfront can be helpful in this scenario.

For more information on AWS AMI’s, please visit the following URL:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html

Answer 179

A

Answer: A

The AWS Documentation mentions the following When you use Amazon Redshift Enhanced VPC Routing, Amazon Redshift forces all COPY and UNLOAD traffic between your cluster and your data repositories through your Amazon VPC. If Enhanced VPC Routing is not enabled, Amazon Redshift routes traffic through the Internet, including traffic to other services within the AWS network.

For more information on redshift Enhanced routing, please visit the following URL:
https://docs.aws.amazon.com/redshift/latest/mgmt/enhanced-vpc-routing.html

Answer 180

A

Answer: B

The AWS Documentation mentions the following You can import Windows and Linux VMs that use VMware ESX or Workstation, Microsoft Hyper-V, and Citrix Xen virtualization formats.

For more information on VM Import, please visit the following URL:
https://aws.amazon.com/ec2/vm-import/

Answer 181

A

Answer: A

The AWS Documentation mentions the following on EBS Volumes Amazon Elastic Block Store (Amazon EBS) provides block level storage volumes for use with EC2 instances. EBS volumes are highly available and reliable storage volumes that can be attached to any running instance that is in the same Availability Zone. EBS volumes that are attached to an EC2 instance are exposed as storage volumes that persist independently from the life of the instance

For more information on Amazon EBS, please visit the following URL:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html

Answer 182

A

Answer: B

The best and most efficient option is to host the jobs suing AWS Lambda. This service has the facility to have code run in the C# programming language. The AWS Documentation mentions the following on AWS Lambda AWS Lambda is a compute service that lets you run code without provisioning or managing servers. AWS Lambda executes your code only when needed and scales automatically, from a few requests per day to thousands per second. You pay only for the compute time you consume - there is no charge when your code is not running. With AWS Lambda, you can run code for virtually any type of application or backend service - all with zero administration

For more information on AWS Lambda, please visit the following URL:
https://docs.aws.amazon.com/lambda/latest/dg/welcome.html

Answer 183

A

Answer: D

The AWS Documentation mentions the following on AWS Cloudtrail AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting.

For more information on AWS Cloudtrail, please visit the following URL:
https://aws.amazon.com/cloudtrail/

Answer 184

A

Answer: B, C

The AWS Documentation mentions this as a best practice. Because Amazon Redshift is a SQL-based relational database management system (RDBMS), it is compatible with other RDBMS applications and business intelligence tools. Although Amazon Redshift provides the functionality of a typical RDBMS, including online transaction processing (OLTP) functions, it is not designed for these workloads. If you expect a high concurrency workload that generally involves reading and writing all of the columns for a small number of records at a time you should instead consider using Amazon RDS or Amazon DynamoDB

For more information on AWS Cloud best practises, please visit the following URL:
https://do.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf

Answer 185

A

Answer: B

The AWS Documentation mentions the following Amazon Redshift provides free storage for snapshots that is equal to the storage capacity of your cluster until you delete the cluster. After you reach the free snapshot storage limit, you are charged for any additional storage at the normal rate. Because of this, you should evaluate how many days you need to keep automated snapshots and configure their retention period accordingly, and delete any manual snapshots that you no longer need.

For more information on working with Redshift snapshots, please visit the following URL:
https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-snapshots.html

Answer 186

A

Answer: D

The AWS Documentation mentions the following about VPC Peering A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them privately. Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your own VPCs, with a VPC in another AWS account, or with a VPC in a different AWS Region.

For more information on VPC Peering, please visit the
following URL: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-peering.html

Answer 187

A

Answer: B, C

The AWS Documentation mentions the following Adding Auto Scaling to your application architecture is one way to maximize the benefits of the AWS cloud. When you use Auto Scaling, your applications gain the following benefits: Better fault tolerance. Auto Scaling can detect when an instance is unhealthy, terminate it, and launch an instance to replace it. You can also configure Auto Scaling to use multiple Availability Zones. If one Availability Zone becomes unavailable, Auto Scaling can launch instances in another one to compensate. Better availability. Auto Scaling can help you ensure that your application always has the right amount of capacity to handle the current traffic demands.

For more information on the benefits of AutoScaling, please visit the following URL:
https://docs.aws.amazon.com/autoscaling/ec2/userguide/auto-scaling-benefits.html

Answer 188

A

Answer: A

One can easily start using Volume gateways to start storing their data in S3. One can use the Cached volumes. The AWS Documentation mentions the following You store your data in Amazon Simple Storage Service (Amazon S3) and retain a copy of frequently accessed data subsets locally. Cached volumes offer a substantial cost savings on primary storage and minimize the need to scale your storage on-premises. You also retain low-latency access to your frequently accessed data.

For more information on Storage gateways please visit the following URL:
https://docs.aws.amazon.com/storagegateway /latest/userguide/WhatIsStorageGateway-html

Answer 189

A

Answer: B

Amazon S3 has the option for versioning as shown below. The versioning is on the bucket level and can be used to recover prior versions of an object.

For more information on Amazon S3, please visit the following URL:
https://aws.amazon.com/s3/

Answer 190

A

Answer: D

The AWS Documentation mentions the following Amazon Redshift is a fully managed, petabyte-scale data warehouse service in the cloud. You can start with just a few hundred gigabytes of data and scale to a petabyte or more. This enables you to use your data to acquire new insights for your business and customers.

For more information on AWS Redshift, please visit the following URL:
https://docs.aws.amazon.com/redshift/latest/mgmt/welcome.html

Answer 191

A

Answer: D

The AWS Documentation mentions the following If your workload is mainly sending GET requests, in addition to the preceding guidelines, you should consider using Amazon CloudFront for performance optimization. Integrating Amazon CloudFront with Amazon S3, you can distribute content to your users with low latency and a high data transfer rate. You will also send fewer direct requests to Amazon S3, which will reduce your costs. For example, suppose that you have a few objects that are very popular. Amazon CloudFront fetches those objects from Amazon S3 and caches them. Amazon CloudFront can then serve future requests for the objects from its cache, reducing the number of GET requests it sends to Amazon S3.

For more information on performance considerations in S3, please visit the following URL:
https://docs.aws.amazon.com/AmazonS3/latest/dev/request-rate-perf-considerations.html

Answer 192

A

Answer: A

One can use SQS FIFO queues for this purpose. The AWS Documentation mentions the following on SQS FIFO Queues. Amazon SQS is a reliable and highly- scalable managed message queue service for storing messages in transit between application components. FIFO queues complement the existing Amazon SQS standard queues, which offer high throughput, best-effort ordering, and at-least-once delivery. FIFO queues have essentially the same features as standard queues, but provide the added benefits of supporting ordering and exactly-once processing. FIFO queues provide additional features that help prevent unintentional duplicates from being sent by message producers or from being received by message consumers. Additionally, message groups allow multiple separate ordered message streams within the same queue.

For more information on SQS FIFO Queues, please visit the following URL:
https://aws.amazon.com/about-aws/whats-new/2016/11/amazon-sqs-introduces-fifo-queues-with-exactly-once-processing-and-lower-prices-for-standard-queues/

Answer 193

A

Answer: B

The following is mentioned in the AWS Whitepaper which supplements the ability to use AWS Lambda for this requirement. A stateless application is an application that needs no knowledge of previous interactions and stores no session information. Such an example could be an application that, given the same input, provides the same response to any end user. A stateless application can scale horizontally since any request can be serviced by any of the available compute resources (e.g., EC2 instances, AWS Lambda functions)

For more information on AWS Cloud best practices, please visit the following URL:
https://d1.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf

Answer 194

A

Answer: A, C

The AWS Documentation mentions the following A load balancer distributes incoming application traffic across multiple EC2 instances in multiple Availability Zones. This increases the fault tolerance of your applications. Elastic Load Balancing detects unhealthy instances and routes traffic only to healthy instances.

For more information on the AWS Classic Load balancer, please visit the following URL:
https://docs.aws.amazon.com/elasticloadbalancing /latest/classic/introduction.html

Answer 195

A

Answer: C

One effective solution would be to use Spot Instances in this scenario. Additionally the AWS Documentation mentions the following Spot Instances are a cost-effective choice if you can be flexible about when your applications run and if your applications can be interrupted. For example, Spot Instances are well-suited for data analysis, batch jobs, background processing, and optional tasks.

For more information on using Spot Instances, please visit the following URL:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-spot-instances.html

Answer 196

A

Answer: A, C

AWS Elastic search provides full search capabilities and can be used for the log files stored in the S3 bucket The AWS Documentation mentions the following with regards to the integration of Elastic search with S3 You can integrate your Amazon ES domain with Amazon S3 and AWS Lambda. Any new data sent to an S3 bucket triggers an event notification to Lambda, which then runs your custom Java or Node.js application code. After your application processes the data, it streams the data to your domain.

For more information on integration between Elastic Search and S3, please visit the following URL: https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-aws-integrations.html

Answer 197

A

Answer: B, C

The AWS Documentation mentions the following Docker containers are particularly suited for batch job workloads. Batch jobs are often short-lived and embarrassingly parallel. You can package your batch processing application into a Docker image so that you can deploy it anywhere, such as in an Amazon ECS task

For more information on the use cases for AWS ECS, please visit the following URL: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/common_use_cases.html

Answer 198

A

Answer: D

The AWS Documentation mentions the following You can create an active-passive failover configuration by using failover records. You create a primary and a secondary failover record that have the same name and type, and you associate a health check with each.

For more information on DNS failover using Route53, please visit the following URL: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-configuring-options. html

Answer 199

A

Answer: D

If you want to self-manage a database , then you should have an EC2 Instance and then you will have complete control over the underlying database instance.

For more information on Amazon EC2, please visit the following URL: https://aws.amazon.com/ec2/

Answer 200

A

Answer: D

The AWS Documentation supports the mentioned requirements which is supported by AWS Aurora Amazon Aurora (Aurora) is a fully managed, MySQL- and PostgreSQL-compatible, relational database engine. It combines the speed and reliability of high-end commercial databases with the simplicity and cost-effectiveness of open-source databases. It delivers up to five times the throughput of MySQL and up to three times the throughput of PostgreSQL without requiring changes to most of your existing applications. All Aurora Replicas return the same data for query results with minimal replica lag—usually much less than 100 milliseconds after the primary instance has written an update For more information on AWS Aurora,

please visit the following URL:
http: //docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Aurora.Overview.html

Answer 201

A

Answer: C

AWS Direct Connect makes it easy to establish a dedicated network connection from your premises to AWS. Using AWS Direct Connect, you can establish private connectivity between AWS and your datacenter, office, or colocation environment, which in many cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections

For more information on AWS direct connect please visit the below URL:
https://aws.amazon.com/directconnect/

Answer 202

A

Answer: C

Amazon Glacier is a secure, durable, and extremely low-cost cloud storage service for data archiving and long-term backup. Customers can reliably store large or small amounts of data for as little as $0.004 per gigabyte per month, a significant savings compared to on-premises solutions. To keep costs low yet suitable for varying retrieval needs, Amazon Glacier provides three options for access to archives, from a few minutes to several hours.

For more information on Amazon Glacier, please refer to the below link:
https://aws.amazon.com/glacier/

Answer 203

A

Answer: A

The question mentioned a scalable web tier and not a database tier. So Option C, D and B are already automated eliminated, since we do not need a database option. The example shows an Elastic Load balancer connected to 2 EC2 instances connected via Auto Scaling. This is an example of an elastic and scalable web tier. By scalable we mean that the Auto scaling process will increase or decrease the number of EC2 instances as required.

For more information on the Elastic Load Balancer, please refer to the below link:
https://docs.aws.amazon.com/elasticloadbalancing /latest/classic/introduction.html

Answer 204

A

Answer: A, C

Encryption for the database can be done during the creation of the database. Also you need to ensure that the underlying instance type supports DB encryption.

For more information on database encryption, please refer to the below URL:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html

Answer 205

A

Answer: B

In this case , since each data item is 30KB and since DynamoDB is an ideal data layer for storing user preferences, this would be an ideal option. Also DynamoDB is a highly scalable and available service.

For more information on AWS DynamoDB, please refer to the below URL:
https://aws.amazon.com/dynamodb/

Answer 206

A

Answer: D

One can use scheduled scaling to ensure that the capacity is peaked before 9:00 in the morning. The AWS Documentation further mentions the below on Scheduled scaling Scaling based on a schedule allows you to scale your application in response to predictable load changes. For example, every week the traffic to your web application starts to increase on Wednesday, remains high on Thursday, and starts to decrease on Friday. You can plan your scaling activities based on the predictable traffic patterns of your web application.

For more information on Scheduled scaling, please refer to the below URL:
https://docs.aws.amazon.com/autoscaling/ec2/userguide/schedule_time.html

Answer 207

A

Answer: C

SQS queues can be used to store the pending database writes. These writes can then be added to the database. It is the perfect queuing system for such as architecture Note that adding more IOPS may help the situation but will not totally eliminate that database writes are not lost.

For more information on AWS SQS, please refer to the below URL:
https://aws.amazon.com/sqs/faqs/

Answer 208

A

Answer: A

The AWS Documentation mentions the following which supports this requirement Each Lambda function has an IAM role (execution role) associated with it. You specify the IAM role when you create your Lambda function. Permissions you grant to this role determine what AWS Lambda can do when it assumes the role. There are two types of permissions that you grant to the IAM role: - If your Lambda function code accesses other AWS resources, such as to read an object from an S3 bucket or write logs to CloudWatch Logs, you need to grant permissions for relevant Amazon S3 and CloudWatch actions to the role

For more information on the permission Role model for AWS Lambda please refer to the below URL:
https://docs.aws.amazon.com/lambda/latest/dg/intro-permission-model.html

Answer 209

A

Answer: A, C

The AWS Documentation mentions the following on using S3 for static web site hosting. This would be an ideal and cost effective solution. You can host a static website on Amazon Simple Storage Service (Amazon S3). On a static website, individual webpages include static content. They might also contain client-side scripts.

For more information on static web site hosting using Sg please refer to the below URL: https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html

Answer 210

A

Answer: C

The AWS Documentation mentions the following You can create an Amazon Aurora MySQL DB cluster as a Read Replica in a different AWS Region than the source DB cluster. Taking this approach can improve your disaster recovery capabilities, let you scale read operations into a region that is closer to your users, and make it easier to migrate from one region to another.

For more information on Amazon Aurora cross region replication please refer to the below URL:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/AuroraMySQL.Replication.CrossRegion.html

Answer 211

A

Answer: A

Amazon S3 also has the option for versioning as shown below. The versioning is on the bucket level and can be used to recover prior versions of an object.

For more information on S3 versioning please refer to the below URL:
https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html

Answer 212

A

Answer: A

The AWS Documentation mentions the following Provisioned IOPS SSD (io1) volumes are designed to meet the needs of I/O-intensive workloads, particularly database workloads that are sensitive to storage performance and consistency.

Formore information on AWS EBS Volumes, please visit the following URL:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumes.html

Answer 213

A

Answer: D

The AWS Documentation mentions the following When mounted on Amazon EC2 instances, an Amazon EFS file system provides a standard file system interface and file system access semantics, allowing you to seamlessly integrate Amazon EFS with your existing applications and tools. Multiple Amazon EC2 instances can access an Amazon EFS file system at the same time, allowing Amazon EFS to provide a common data source for workloads and applications running on more than one Amazon EC2 instance.

For more information on AWS EFS, please visit the following URL:
https://aws.amazon.com/efs/

Answer 214

A

Answer: A

The AWS Documentation mentions the following. While ordinary Amazon Route 53 records are standard DNS records, alias records provide a Route 53-specific extension to DNS functionality. Instead of an IP address or a domain name, an alias record contains a pointer to a CloudFront distribution, an Elastic Beanstalk environment, an ELB Classic, Application, or Network Load Balancer, an Amazon S3 bucket that is configured as a static website, or another Route 53 record in the same hosted zone. When Route 53 receives a DNS query that matches the name and type in an alias record, Route 53 follows the pointer and responds with the applicable value

For more information on Route53 Alias records, please visit the following URL: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-choosing-alias-non-alias.html

Answer 215

A

Answer: D

The AWS Documentation mentions the following By using cached volumes, you can use Amazon S3 as your primary data storage, while retaining frequently accessed data locally in your storage gateway. Cached volumes minimize the need to scale your on-premises storage infrastructure, while still providing your applications with low- latency access to their frequently accessed data. You can create storage volumes up to 32 TiB in size and attach to them as iSCSI devices from your on-premises application servers. Your gateway stores data that you write to these volumes in Amazon S3 and retains recently read data in your on-premises storage gateway’s cache and upload buffer storage.

For more information on AWS Storage gateways, please visit the following URL:
https://docs.aws.amazon.com/storagegateway/latest/userguide/StorageGatewayConcepts.html

Answer 216

A

Answer: A

The NAT gateway is a managed resource which can be used in place of a NAT instance. Even though you can consider changing the Instance type for the underlying NAT instance, this would still not guarantee that the issue will not occur in the future.

For more information on the NAT gateway, please visit the following URL:
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-gateway.html

Answer 217

A

Answer: B

The ideal setup is to ensure that the web server is hosted in the public subnet so that it can be accessed by users on the internet. The database server can be hosted in the private subnet. The diagram from the AWS Documentation shows how this can be setup

For more information on public and private subnets in AWS, please visit the following URL:
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html

Answer 218

A

Answer: C

One can use the Elastic Beanstalk service to host Docker containers. The AWS Documentation further mentions the following Elastic Beanstalk supports the deployment of web applications from Docker containers. With Docker containers, you can define your own runtime environment. You can choose your own platform, programming language, and any application dependencies (such as package managers or tools), that aren’t supported by other platforms. Docker containers are self- contained and include all the configuration information and software your web application requires to run.

For more information on using Elastic Beanstalk for Docker containers, please visit the following URL:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_docker.html

Answer 219

A

Answer: A

The AWS Documentation mentions the following A VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network.

For more information on VPC endpoints, please visit the following URL: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-endpoints.html

Answer 220

A

Answer: B

Since this is like a batch processing job, the best type of instance to use is a Spot instances. Spot instances are normally used in batch processing jobs. Since these jobs don’t last for the entire duration of the year, they can bid upon and allocated and de- allocated as requested. Reserved Instances/Dedicated instances cannot be used because this is not a 100% used application. There is no mentioned on a continuous demand of work from the question so there is no need to use On-demand instances.

For more information on Spot Instances, please visit the following URL:
https://aws.amazon.com/ec2/spot/

Answer 221

A

Answer: D

Now even though SQS does guarantees the order of the messages for FIFO queues, this is still not the reason as to why this is the appropriate reason. The normal reason for using SQS, is for decoupling of systems and helps in horizontal scaling of aws
resources. SQS does not either do transcoding output or checks the health of the worker instances. The health of the worker instances can be done via ELB or Cloudwatch

For more information on SQS, please visit the following URL:
https://aws.amazon.com/sqs/faqs/

Answer 222

A

Answer: A

Cloud front is only used for distribution of content across edge or region locations. It is not used for restricting access to content, so Option B is wrong. Blocking IP’s is challenging because they are dynamic in nature and you will not know which sites are accessing your main site, so Option C is also not feasible. Storing photos on EBS volume is not a good practice or architecture approach for an AWS Solution Architect.

For more information on pre-signed URL’s, please visit the following URL:
https://docs.aws.amazon.com/AmazonS3/latest/dev/PresignedUrlUploadObject.html

Answer 223

A

Answer: C

AWS CloudFormation gives developers and systems administrators an easy way to create and manage a collection of related AWS resources, provisioning and updating them in an orderly and predictable fashion. You can use AWS Cloud Formation’s sample templates or create your own templates to describe the AWS resources, and any associated dependencies or runtime parameters, required to run your application. You don’t need to figure out the order for provisioning AWS services or the subtleties of making those dependencies work. CloudFormation takes care of this for you. After the AWS resources are deployed, you can modify and update them in a controlled and predictable way, in effect applying version control to your AWS infrastructure the same way you do with your software. You can also visualize your templates as diagrams and edit them using a drag-and-drop interface with the AWS CloudFormation Designer.

For more information on AWS Cloudformation, please visit the following URL:
https://aws.amazon.com/cloudformation/

Answer 224

A

Answer: D

The AWS Documentation mentions the following to support this requirement Geolocation routing lets you choose the resources that serve your traffic based on the geographic location of your users, meaning the location that DNS queries originate from

For more information on AWS Route53 Routing policies, please visit the following URL: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html

Answer 225

A

Answer: B, C

The AMI’s can be used to create a snapshot or template of the underlying instance. You can then copy the AMI to another region. You can also make Snapshots of the volumes and then copy them to the destination region

For more information on AMI’s and EBS Snapshots, please visit the following URL:

https: //docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.html
https: //docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html

Answer 226

A

Answer: C

The AWS Documentation mentions the following Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. DynamoDB lets you offload the administrative burdens of operating and scaling a distributed database, so that you don’t have to worry about hardware provisioning, setup and configuration, replication, software patching, or cluster scaling.

For more information on AWS DynamoDB, please visit the following URL:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ Introduction.html

Answer 227

A

Answer: C

Amazon S3 is the perfect storage solution for audio files and text files. It is a highly available and durable storage device.

For more information on Amazon $3, please visit the following URL:
https://aws.amazon.com/s3/

Answer 228

A

Answer: D

If the VPC and subnet are created with the default settings, then the Network Access Control Lists would already allow all traffic. So you only need to ensure that the Security groups are changed to allow SSH traffic into the Instance.

For more information on VPC Security groups, please visit the following URL: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html

Answer 229

A

Answer: C

The AWS Documentation mentions the following One can create a Virtual private connection to establish communication across both environments over the Internet

For more information on Virtual private connection, please visit the following URL: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_VPN.html

Answer 230

A

Answer: A,B,C

The AWS Lambda is serverless compute service that can allow you to build independent services The ECS is the Elastic Container service that can be used to manage containers The API Gateway is a serverless component for managing access to API’s

For more information on Microservices on AWS, please visit the following URL:
https://aws.amazon.com/microservices/

Answer 231

A

Answer: A

The AWS Documentation mentions the following Amazon Kinesis makes it easy to collect, process, and analyze real-time, streaming data so you can get timely insights and react quickly to new information. Amazon Kinesis offers key capabilities to cost-effectively process streaming data at any scale, along with the flexibility to choose the tools that best suit the requirements of your application. With Amazon Kinesis, you can ingest real-time data such as video, audio, application logs, website clickstreams, and IoT telemetry data for machine learning, analytics, and other applications. Amazon Kinesis enables you to process and analyze data as it arrives and respond instantly instead of having to wait until all your data is collected before the processing can begin.

For more information on Amazon Kinesis , please visit the following URL:
https://aws.amazon.com/kinesis/

Answer 232

A

Answer: D

The AWS Documentation mentions the following An Amazon EBS volume is a durable, block-level storage device that you can attach to a single EC2 instance. You can use EBS volumes as primary storage for data that requires frequent updates, such as the system drive for an instance or storage for a database application. You can also use them for throughput-intensive applications that perform continuous disk scans

For more information on Amazon EBS Volumes , please visit the following URL:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumes.html

Answer 233

A

Answer: C

The AWS Documentation mentions the following If you intend to keep your Amazon Redshift cluster running continuously for a prolonged period, you should consider purchasing reserved node offerings. These offerings provide significant savings over on-demand pricing, but they require you to reserve compute nodes and commit to paying for those nodes for either a one-year or three-year duration.

For more information on Reserved Nodes in Redshift , please visit the following URL:
https://docs.aws.amazon.com/redshift/latest/mgmt/purchase-reserved-node-instance.html

Answer 234

A

Answer: A

The AWS Documentation mentions the following AWS Lambda automatically monitors Lambda functions on your behalf, reporting metrics through Amazon CloudWatch. To help you troubleshoot failures in a function, Lambda logs all request handled by your function and also automatically stores logs generated by your code through Amazon CloudWatch Logs.

For more information on Monitoring Lambda functions , please visit the following URL:
https://docs.aws.amazon.com/lambda/latest/dg/monitoring-functions-logs.html

Answer 235

A

Answer: C

The AWS Documentation mentions the following Many companies that distribute content via the internet want to restrict access to documents, business data, media streams, or content that is intended for selected users, for example, users who have paid a fee.

To securely serve this private content using CloudFront, you can do the following:
- Require that your users access your private content by using special CloudFront signed URLs or signed cookies.

Require that your users access your Amazon S3 content using CloudFront URLs, not Amazon S3 URLs. Requiring CloudFront URLs isn’t required, but we recommend it to prevent users from bypassing the restrictions that you specify in signed URLs or signed cookies.

For more information on serving private content via Cloudfront , please visit the following url
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html#

Answer 236

A

Answer: A

The diagram from the AWS Documentation shows the Internet gateway and the route table

For more information on the Internet gateway , please visit the following URL:
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Internet_Gateway.html

Answer 237

A

Answer: D

The AWS Documentation mentions the following Redshift is a fully managed, petabyte-scale data warehouse service in the cloud. You can start with just a few hundred gigabytes of data and scale to a petabyte or more. This enables you to use your data to acquire new insights for your business and customers.

For more information on AWS Redshift, please visit the following URL: https://docs.aws.amazon.com/redshift/latest/mgmt/welcome.html

Answer 238

A

Answer: D

This is mentioned clearly as a use case for S3 cross-region replication. You might configure cross-region replication on a bucket for various reasons, including the following:

Compliance requirements — Although, by default, Amazon S3 stores your data across multiple geographically distant Availability Zones, compliance requirements might dictate that you store data at even further distances. Cross-region replication allows you to replicate data between distant AWS Regions to satisfy these compliance requirements.

For more information on S3 cross-region replication, please visit the following URL:
https://docs.aws.amazon.com/AmazonS3/latest/dev/crr.html

Answer 239

A

Answer: C

This can be done via the Opswork service. Below is the documentation from AWS to support this requirement AWS OpsWorks Stacks lets you manage applications and servers on AWS and on-premises. With OpsWorks Stacks, you can model your application as a stack containing different layers, such as load balancing, database, and application server. You can deploy and configure Amazon EC2 instances in each layer or connect other resources such as Amazon RDS databases.

For more information on Opswork stacks, please visit the following URL:
https://aws.amazon.com/opsworks/stacks/

Answer 240

A

Answer: B

If your workload in an Amazon S3 bucket routinely exceeds 100 PUT/LIST/DELETE requests per second or more than 300 GET requests per second then you need to perform some guidelines for your S3 bucket. One way to add a hash prefix key to the key name - One way to introduce randomness to key names is to add a hash string as prefix to the key name. For example, you can compute an MDs hash of the character sequence that you plan to assign as the key name.

For performance considerations in the Simple Storage service, please visit the URL:
http: //docs.aws.amazon.com/AmazonS3/latest/dev/request-rate-perf-considerations.html

Answer 241

A

Answer: D

The AWS Documentation mentions the following AWS Auto Scaling enables you to configure automatic scaling for the scalable AWS resources for your application in a matter of minutes. AWS Auto Scaling uses the Auto Scaling and Application Auto Scaling services to configure scaling policies for your scalable AWS resources.

For more information on AWS Autoscaling, please visit the URL:
https://docs.aws.amazon.com/autoscaling/plans/userguide/what-is-aws-auto-scaling.html

Answer 242

A

Answer: B

The AWS Documentation mentions the following on lifecycle policies Lifecycle configuration enables you to specify the lifecycle management of objects in a bucket. The configuration is a set of one or more rules, where each rule defines an action for Amazon S3 to apply to a group of objects. These actions can be classified as follows:

Transition actions — In which you define when objects transition to another storage class. For example, you may choose to transition objects to the STANDARD_IA (IA, for infrequent access) storage class 30 days after creation, or archive objects to the GLACIER storage class one year after creation.
Expiration actions — In which you specify when the objects expire. Then Amazon S3 deletes the expired objects on your behalf.

For more information on AWS S3 Lifecycle policies, please visit the following URL:
https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html

Answer 243

A

Answer: B

The AWS Documentation mentions the following You control access to Amazon API Gateway with LAM permissions by controlling access to the following two API Gateway component processes:

To create, deploy, and manage an API in API Gateway, you must grant the API developer permissions to perform the required actions supported by the API management component of API Gateway.
To call a deployed API or to refresh the API caching, you must grant the API caller permissions to perform required IAM actions supported by the API execution component of API Gateway.

For more information on permissions with the API gateway, please visit the following URL:
https://docs.aws.amazon.com/apigateway /latest/developerguide/permissions.html

Answer 244

A

Answer: A

The AWS Documentation mentions the following: When you launch an instance in Amazon EC2, you have the option of passing user data to the instance that can be used to perform common automated configuration tasks and even run scripts after the instance starts. You can pass two types of user data to Amazon EC2: shell scripts and cloud-init directives. You can also pass this data into the launch wizard as plain text, as a file (this is useful for launching instances using the command line tools), or as base64-encoded text (for API calls).

For more information on User Data, please visit the following URL:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html

Answer 245

A

Answer: A

Amazon SQS is used to decouple systems. It can store the requests to process videos which can be picked up by the Worker processes. The AWS Documentation mentions the following Amazon Simple Queue Service (Amazon SQS) offers a reliable, highly-scalable hosted queue for storing messages as they travel between applications or microservices. It moves data between distributed application components and helps you decouple these components.

For more information on AWS SQS, please visit the following URL:
https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/Welcome.html

Answer 246

A

Answer: B, E

Amazon Cloudwatch will be used to monitor the IOP’s metrics from the RDS instance and Amazon Simple Notification Service will be used to send the notification if any alarm is triggered.

For more information on Cloudwatch and SNS, please visit the below URLS:
https://aws.amazon.com/cloudwatch/ https://aws.amazon.com/sns/

Answer 247

A

Answer: C

Since the requirement is that the application should never go down even if an AZ is availability. Option A and D are incorrect
because region deployment is not possible for ELB. ELB’s can manage traffic within a region and not between regions. Option B is incorrect because even if one AZ goes down, we would be operating at only 66% and not the required 100%.

For more information on Autoscaling please visit the below URL:
https://aws.amazon.com/autoscaling/

Answer 248

A

Answer: D

Since each subnet corresponds to one availability zone and you need 3 AZ’s for the internet and intranet applications, hence you need 6 subnets.

For more information on VPC and subnets please visit the below URL:
http: //docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html

Answer 249

A

Answer: B

Amazon Elastic Cache is an in-memory cache which can be used to cache common read requests. The diagram from the AWS Documentations shows how caching can be added to an existing architecture

For more information on database caching please visit the below URL:
https: //aws.amazon.com/caching/database-caching/

Answer 250

A

Answer: D

The AWS Documentation mentions the following Cold HDD (sc1) volumes provide low-cost magnetic storage that defines performance in terms of throughput rather than IOPS. With a lower throughput limit than st1, sc1 is a good fit ideal for large, sequential cold-data workloads. If you require infrequent access to your data and are looking to save costs, sc1 provides inexpensive block storage.

For more information on the various EBS Volume types please visit the below URL:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html

Answer 251

A

Answer: A

VM Import/Export enables customers to import Virtual Machine (VM) images in order to create Amazon EC2 instances. Customers can also export previously imported EC2 instances to create VMs. Customers can use VM Import/Export to leverage their previous investments in building VMs by migrating their VMs to Amazon EC2.

For more information on AWS VM Import, please visit the URL:
https://aws.amazon.com/ec2/vm-import/

Answer 252

A

Answer: C

Amazon Route 53 health checks monitor the health and performance of your web applications, web servers, and other resources. If you have multiple resources that perform the same function, you can configure DNS failover so that Amazon Route 53 will route your traffic from an unhealthy resource to a healthy resource. For example, if you have two web servers and one web server becomes unhealthy, Amazon Route 53 can route traffic to the other web server. So you can route traffic to a website hosted on S3 or to a cloudfront distribution.

For more information on DNS failover using Routes3, please refer to the below link:
http://docs.aws.amazon.com/Routes53/latest/DeveloperGuide/dns-failover.html

Answer 253

A

Answer: B

Multi-AZ databases is better for production environments rather than for development environments, so you can reduce costs by not using this for development environments Amazon RDS Multi-AZ deployments provide enhanced availability and durability for Database (DB) Instances, making them a natural fit for production database workloads. When you provision a Multi-AZ DB Instance, Amazon RDS automatically creates a primary DB Instance and synchronously replicates the data to a standby instance in a different Availability Zone (AZ). Each AZ runs on its own physically distinct, independent infrastructure, and is engineered to be highly reliable. standby (or to a read replica in the case of Amazon Aurora), so that you can resume database operations as soon as the failover is complete. Since the endpoint for your DB Instance remains the same after a failover, your application can resume database operation without the need for manual administrative intervention

For more information on Multi-AZ RDS, please refer to the below link:
https://aws.amazon.com/rds/details/multi-az/

Answer 254

A

Answer: D

Since this is a self-managed database and not an AWS RDS instance , hence Option A and B are incorrect. To ensure high availability have the EC2 Instance in another Availability zone , so even if one goes down , the other one will still be available.

One can refer to the following media link for achieving high availability in AWS
https://media.amazonwebservices.com/architecturecenter/AWS_ac_ra_ftha_o4.pdf

Answer 255

A

Answer: A

The AWS Documentation mentions the following If you have multiple resources that perform the same function, you can configure DNS failover so that Route 53 will route your traffic from an unhealthy resource to a healthy resource. For example, if you have two web servers and one web server becomes unhealthy, Route 53 can route traffic to the other web server For more information on configuring DNS failover using Route§3.

one can refer to the below link:
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html

Answer 256

A

Answer: A

If the Internet gateway is not attached to the VPC, which is a pre-requisite for the instances to be accessed from the internet then the instances will not be reachable.

For more information on Internet gateways, please refer to the below link:
http: //docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Internet_Gateway.html

Answer 257

A

Answer: A, C

Both the Simple Storage service and DynamoDB are complete serverless offerings from AWS where you don’t need to manage the infrastructure. For more information on S3 and DynamoDB,

please refer to the below links

https: //aws.amazon.com/s3/
https: //aws.amazon.com/dynamodb/

Answer 258

A

Answer: C

This is given in the aws documentation For more information on Security Groups,

please refer to the below link:
http: //docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html

Answer 259

A

Answer: C

The AWS Documentation mentions the following Server-side encryption is about data encryption at rest—that is, Amazon S3 encrypts your data at the object level as it writes it to disks in its data centers and decrypts it for you when you access it. As long as you authenticate your request and you have access permissions, there is no difference in the way you access encrypted or unencrypted objects.

For more information on S3 server side encryption, please refer to the below link:
https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html

Answer 260

A

Answer: A, C

The AWS Documentation mentions the following Amazon S3 offers access policy options broadly categorized as resource based policies and user policies. Access policies you attach to your resources (buckets and objects) are referred to as resource-based policies. For example, bucket policies and access control lists (ACLs) are resource- based policies. You can also attach access policies to users in your account. These are called user policies. You may choose to use resource-based policies, user policies, or some combination of these to manage permissions to your Amazon S3 resources.

For more information on S3 access control, please refer to the below link:
https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html

Answer 261

A

Answer: C

The best way is to use 2 SQS queues. Each queue can be polled separately. The high priority queue can be polled first.

For more information on AWS SQS, please refer to the below link:
https://aws.amazon.com/sqs/

Answer 262

A

Answer: C

You have to ensure that the Route table has an entry to the Internet gateway because this is required for instances to communicate over the internet. The diagram shows the configuration of the public subnet in a VPC.

Option A is wrong because you already have a public IP Assigned to the instance, so this should be enough to connect to the Internet.

Option B is wrong because private IP’s cannot be access from the internet

Option D is wrong because the Route table is what is causing the issue and not the system

For more information on AWS public subnet, please visit the link:
http: //docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario1.html

Answer 263

A

Answer: A

Gateway-cached volumes let you use Amazon Simple Storage Service (Amazon S3) as your primary data storage while retaining frequently accessed data locally in your storage gateway. Gateway-cached volumes minimize the need to scale your on-premises storage infrastructure, while still providing your applications with low-latency access to their frequently accessed data. You can create storage volumes up to 32 TiB in size and attach to them as iSCSI devices from your on-premises application servers. Your gateway stores data that you write to these volumes in Amazon S3 and retains recently read data in your on-premises storage gateway’s cache and upload buffer storage.

For more information on Storage gateways, please visit the link:
http://docs.aws.amazon.com/storagegateway/latest/userguide/storage-gateway-cached-concepts.html

Answer 264

A

Answer: A

The AWS Documentation mentions the following The Fargate launch type allows you to run your containerized applications without the need to provision and manage the backend infrastructure. Just register your task definition and Fargate launches the container for you.

For more information on the different launch types, please visit the link:
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html

Answer 265

A

Answer: D

By default the public IP address of an EC2 Instance is released after the instance is stopped and started. Hence the earlier IP address which were mapped to the domain names would have become invalid now.

For more information on public IP addressing, please visit the below URL:
http: //docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.htm]#concepts-public-addresses

Answer 266

A

Answer: A, D

The AWS Documentation mentions the following about these services AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting.

For more information on Cloudtrail, please refer to below URL:
https://aws.amazon.com/cloudtrail/

You can use Amazon CloudWatch Logs to monitor, store, and access your log files from Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, Amazon Route 53, and other sources. You can then retrieve the associated log data from CloudWatch Logs.

For more information on Cloudwatch logs, please refer to below URL:
http: //docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html

Answer 267

A

Answer: D

This sort of setup as per the aws documentation coincides with Scenario2 of setting up a VPC.

For more information on the VPC Scenario for public and private subnets please see the below link:
http: //docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html

Answer 268

A

Answer: D

You can easily add tags which define which instances are production and which are development instances and then ensure these tags are used when controlling access via an IAM policy.

For more information on tagging your resources, please refer to the below link:
http: //docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html

Answer 269

A

Answer: A, D

If the database is going to have a lot of read/write requests, then the ideal solution would be to have the underlying EBS volume as Provisioned IOPS. Whereas since the standard workload, General Purpose SSD should be sufficient enough. The below except from the documentation also shows the different types of EBS volumes for different workloads For more information on EBS Volume types,

please visit the following URL:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html

Answer 270

A

Answer: D

Since there is only a mention of one EC2 instance, placing it behind the ELB would not make much sense , hence Option A and B are invalid. Having it in an Autoscaling Group with just one instance would not make much sense. The Cloudfront distribution would help alleviate the load on the EC2 Instance because of its edge location and cache feature.

For more information on Cloudfront, please visit the following URL:
https://docs.aws.amazon.com/AmazonCloudFront/latest/ DeveloperGuide/Introduction.html

Answer 271

A

Answer: D

An AWS White paper on the caveat for Read Replica’s is given below which must be taken into consideration by designers Read replicas are separate database instances that are replicated asynchronously. As a result, they are subject to replication lag and might be missing some of the latest transactions. Application designers need to consider which queries have tolerance to slightly stale data. Those queries can be executed on a read replica, while the rest should run on the primary node. Read replicas can also not accept any write queries.

For more information on AWS Cloud best practices, please visit the following URL: https://d1.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf

Answer 272

A

Answer: B

When working with AWS Lambda functions, if there is a need to access other resources, then ensure that an IAM role is in place. The IAM role will have the required permissions to access the SQS queue.

For more information on AWS IAM Roles, please visit the following URL:
https://docs.aws.amazon.com/IAM /latest/UserGuide/id_roles.html

Answer 273

A

Answer: B

The AWS Documentation mentions the following By default, CloudTrail event log files are encrypted using Amazon S3 server-side encryption (SSE). You can also choose to encrypt your log files with an AWS Key Management Service (AWS KMS) key. You can store your log files in your bucket for as long as you want. You can also define Amazon S3 lifecycle rules to archive or delete log files automatically. If you want notifications about log file delivery and validation, you can set up Amazon SNS notifications.

For more information on how Cloudtrail works, please visit the following
URL: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/how-cloudtrail-works.html

Answer 274

A

Answer: B

When updates are made to objects in S3, they have an eventual consistency model. Hence when objects updates are made to the same key, there can be a slight delay when the updated object is provided back to the user when the next read request is made.

For more information on the various aspects for the Simple Storage service, please visit the following URL: https://aws.amazon.com/s3/faqs/

Answer 275

A

Answer: C

The AWS Documentation mentions the following Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. DynamoDB lets you offload the administrative burdens of operating and scaling a distributed database, so that you don’t have to worry about hardware provisioning, setup and configuration, replication, software patching, or cluster scaling

For more information on AWS DynamoDB, please visit the following URL:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ Introduction.html

Answer 276

A

Answer: C

The AWS Documentation mentions the following which can support this requirement AWS OpsWorks is a configuration management service that helps you configure and operate applications in a cloud enterprise by using Puppet or Chef. AWS
OpsWorks Stacks and AWS OpsWorks for Chef Automate let you use Chef cookbooks and solutions for configuration management, while AWS OpsWorks for Puppet Enterprise lets you configure a Puppet Enterprise master server in AWS. Puppet offers a Set of tools for enforcing the desired state of your infrastructure, and automating on- demand tasks. For more information on AWS Opswork,

please visit the following URL:
https://docs.aws.amazon.com/opsworks/latest/userguide/welcome.html

Answer 277

A

Answer: B

The ideal solution would be to use Elastic Cache The AWS Documentation furthers mentions the following with respective to Elastic cache ElastiCache is a web service that makes it easy to set up, manage, and scale a distributed in-memory data store or cache environment in the cloud. It provides a high-performance, scalable, and cost-effective caching solution, while removing the complexity associated with deploying and managing a distributed cache environment.

For more information on AWS Elastic Cache, please visit the following URL:
https://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/Whatls.html

Answer 278

A

Answer: A

The AWS Documentation mentions the following on Amazon Glacier Amazon Glacier is an extremely low-cost storage service that provides durable storage with security features for data archiving and backup. With Amazon Glacier, customers can store their data cost effectively for months, years, or even decades. Amazon Glacier enables customers to offload the administrative burdens of operating and scaling storage to AWS, so they don’t have to worry about capacity planning, hardware provisioning, data replication, hardware failure detection and recovery, or time- consuming hardware migrations. For more information on Amazon Glacier,

please visit the following URL:
https://docs.aws.amazon.com/amazonglacier/latest/dev/introduction.html

Answer 279

A

Answer: A

Security groups can be used to control traffic into an EC2 Instance The below snapshot from the AWS Documentation shows the rules tables for the security groups for a sample web and database server setup.

For more information on this use case scenario, please visit the following URL:
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html

Answer 280

A

Answer: B, C

The AWS Documentation mentions the following When a user performs a DELETE operation on an object, subsequent simple (un-versioned) requests will no longer retrieve the object. However, all versions of that object will continue to be preserved in your Amazon Sg bucket and can be retrieved or restored. Versioning’s MFA Delete capability, which uses multi-factor authentication, can be used to provide an additional layer of security. By default, all requests to your Amazon S3 bucket require your AWS account credentials. If you enable Versioning with MFA Delete on your Amazon S3 bucket, two forms of authentication are required to permanently delete a version of an object: your AWS account credentials and a valid six-digit code and serial number from an authentication device in your physical possession

For more information on the features of S3, please visit the following URL:
https://aws.amazon.com/s3/faqs/

Answer 281

A

Answer: A, B

The AWS Documentation mentions the following When your workload is sending mostly GET requests, you can add randomness to key names. In addition, you can integrate Amazon CloudFront with Amazon S3 to distribute content to your users with low latency and a high data transfer rate.

For more information on S3 bucket performance, please visit the following URL:
https://aws.amazon.com/premiumsupport/knowledge-center/s3-bucket-performance-improve/

Answer 282

A

Answer: A

The AWS Documentation mentions the following Regardless of whether you enable automated snapshots, you can take a manual snapshot whenever you want. Amazon Redshift will never automatically delete a manual snapshot. Manual snapshots are retained even after you delete your cluster. Because manual snapshots accrue storage charges, it’s important that you manually delete them if you no longer need them \

For more information on working with Snapshots, please visit the following URL:
https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-snapshots.html

Answer 283

A

Answer: A

Option B is incorrect because it does not help in durability of EBS Volumes

Option C is incorrect since EC2 Instance stores are not durable

Option D is incorrect since mirroring data across EBS volumes is inefficient, when you already have the option for
EBS snapshots

The AWS Documentation mentions the following on AWS EBS Snapshots You can back up the data on your Amazon EBS volumes to Amazon S3 by taking point-in-time snapshots. Snapshots are incremental backups, which means that only the blocks on the device that have changed after your most recent snapshot are saved. This minimizes the time required to create the snapshot and saves on storage costs by not duplicating data. When you delete a snapshot, only the data unique to that snapshot is removed. Each snapshot contains all of the information needed to restore your data (from the moment when the snapshot was taken) to a new EBS volume.

For more information on AWS EBS Snapshots, please visit the following URL:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.html

Answer 284

A

Answer: C

If a backup of On-premise data is required, the most efficient way would be to make use of Storage gateway Cached Volumes. The AWS Documentation mentions the following on Cached Volumes. Cached volumes — You store your data in Amazon Simple Storage Service (Amazon S3) and retain a copy of frequently accessed data subsets locally. Cached volumes offer a substantial cost savings on primary storage and minimize the need to scale your storage on-premises. You also retain low-latency access to your frequently accessed data.

For more information on the Storage gateway, please visit the following URL:
https://docs.aws.amazon.com/storagegateway/latest/userguide/WhatIsStorageGateway.html

Answer 285

A

Answer: A

The AWS Documentation mentions the following on Amazon Aurora Amazon Aurora is a drop-in replacement for MySQL and PostgreSQL. The code, tools and applications you use today with your existing MySQL and PostgreSQL databases can be used with Amazon Aurora.

For more information on Amazon Aurora, please visit the following URL:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Aurora.Overview.html

Answer 286

A

Answer: A

The API gateway provides the ideal access to your backend services via API’s.

For more information on the API gateway service, please visit the following URL:
https://docs.aws.amazon.com/apigateway/latest/developerguide/welcome.html

Answer 287

A

Answer: A

The simple storage service is the perfect place to store the documents. You can define buckets for each user and have policies which restrict access so that each user can only access their own files.

For more information on the S3 service, please visit the following
URL: https://aws.amazon.com/s3/

Answer 288

A

Answer: D

The AWS Documentation mentions the following on Standard retrievals Standard retrievals are a low-cost way to access your data within just a few hours. For example, you can use Standard retrievals to restore backup data, retrieve archived media content for same-day editing or distribution, or pull and analyze logs to drive business decisions within hours.

For more information on Amazon Glacier retrievals, please visit the following URL: https://aws.amazon.com/glacier/faqs/#dataretrievals

Answer 289

A

Answer: A, C

The Elastic Load balancer can be used to distribute traffic to EC2 Instances. So to add elasticity to your setup, one can either do this, or even use Route53. In Route53, you can setup weighted routing policies to distribute requests to multiple EC2 Instances.

For more information on architecting for the cloud, please visit the following
URL: https://aws.amazon.com/whitepapers/architecting-for-the-aws-cloud-best-practices/

Answer 290

A

Answer: C

Spot instances enable you to bid on unused EC2 instances, which can lower your Amazon EC2 costs significantly. The hourly price for a Spot instance (of each instance type in each Availability Zone) is set by Amazon EC2, and fluctuates depending on the supply of and demand for Spot instances. Your Spot instance runs whenever your bid exceeds the current market price. Spot instances are a cost-effective choice if you can be flexible about when your applications run and if your applications can be interrupted. For example, Spot instances are well-suited for data analysis, batch jobs, background processing, and optional tasks

Option A is invalid because even though Reserved instances can reduce costs , its best for workloads that would be active for a longer period of time rather than for batch load processes which could last for a shorter period of time.

Option B is not right because On-Demand Instances tend to be more expensive than Spot Instances.

Option D is invalid because there is no concept of Regular instances in AWS

For more information on Spot Instances, please visit the below URL: http: //docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-spot-instances.html

Answer 291

A

Answer: A

The AWS Documentation mentions the following Amazon Elastic Container Service for Kubernetes (Amazon EKS) is a managed service that makes it easy for you to run Kubernetes on AWS without needing to install and operate your own Kubernetes clusters. Kubernetes is an open-source system for automating the deployment, scaling, and management of containerized applications. Operating Kubernetes for production applications presents a number of challenges. You need to manage the scaling and availability of your Kubernetes masters and persistence layer by ensuring that you have chosen appropriate instance types, running them across multiple Availability Zones, monitoring their health, and replacing unhealthy nodes. You need to patch and upgrade your masters and worker nodes to ensure that you are running the latest version of Kubernetes. This all requires expertise and a lot of manual work. With Amazon EKS, upgrades and high availability are managed for you by AWS. Amazon EKS runs three Kubernetes masters across three Availability Zones in order to ensure high availability. Amazon EKS automatically detects and replaces unhealthy masters, and it provides automated version upgrades and patching for the masters. For more information on the Elastic Container service, please visit the below URL: https://aws.amazon.com/eks/

Answer 292

A

Answer: B, C

The snapshot from the aws documentation shows how the ELB and EC2 instances get setup for high availability. You have the ELB placed in front of the instances. The instances are placed in different AZ’s.

For more information on the ELB, please visit the below URL: https://aws.amazon.com/elasticloadbalancing/

Option A is wrong because the service runs across Amazon’s proven, high-availability data centers. The service replicates data across three facilities in an AWS Region to provide fault tolerance in the event of a server failure or Availability Zone outage.

Option D is wrong because Amazon S3 Standard and Standard - IA redundantly stores your objects on multiple devices across multiple facilities in an Amazon S3 Region. The service is designed to sustain concurrent device failures by quickly detecting and repairing any lost redundancy

Answer 293

A

Answer: D

Since cost is a factor, both option A and B are invalid. The best and most cost effective option is to create Cloudformation templates which can be used to spin up resources in another region in a disaster recovery.

For more information on Cloudformation please visit the below URL:
https://aws.amazon.com/cloudformation/

Answer 294

A

Answer: B, C

The User data section of an Instance launch can be used to pre-configure software after the instance is initially booted.

For more information on UserData please visit the below URL:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html

Also you can create an AMI or a golden image with the software already installed and then create a launch configuration which can be used by that Autoscaling Group

For more information on AMI’s please visit the below URL:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html

Answer 295

A

Answer: A

The diagram from the AWS Documentation shows how the stateless architecture would look like.

For more information on architecting for the cloud please visit the
below URL: https://aws.amazon.com/whitepapers/architecting-for-the-aws-cloud-best-practices/

Answer 296

A

Answer: A

Amazon EMR is a managed cluster platform that simplifies running big data frameworks, such as Apache Hadoop and Apache Spark, on AWS to process and analyze vast amounts of data. By using these frameworks and related open-source projects, such as Apache Hive and Apache Pig, you can process data for analytics purposes and business intelligence workloads. Additionally, you can use Amazon EMR to transform and move large amounts of data into and out of other AWS data stores and databases, such as Amazon Simple Storage Service (Amazon S3) and Amazon DynamoDB.

Option B and C, even though partially correct would be an overhead for EC2 Instances to process the log files when you already have a readymade service which can help in this regard

Option D is in invalid because DynamoDB is not an ideal option to store log files.

For more information on EMR, please visit the below URL:
http: //docs.aws.amazon.com/emr/latest/ManagementGuide/emr-what-is-emr.html

Answer 297

A

Answer: A

The AWS Documentation mentions the following Cross-region replication is a bucket-level configuration that enables automatic, asynchronous copying of objects across buckets in different AWS Regions.

For more information on Cross region replication in the Simple Storage Service, please visit the below URL:
https://docs.aws.amazon.com/AmazonS3/latest/dev/crr.html

Answer 298

A

Answer: C

The AWS Documentation mentions the following AWS Lambda is a compute service that lets you run code without provisioning or managing servers. AWS Lambda executes your code only when needed and scales automatically, from a few requests per day to thousands per second. You pay only for the compute time you consume - there is no charge when your code is not running. With AWS Lambda, you can run code for virtually any type of application or backend service - all with zero administration.

For more information on AWS Lambda, please visit the below URL:
https://docs.aws.amazon.com/lambda/latest/dg/welcome.html

Answer 299

A

Answer: C

The AWS Documentation mentions the following on lifecycle policies Lifecycle configuration enables you to specify the lifecycle management of objects in a bucket. The configuration is a set of one or more rules, where each rule defines an action for Amazon S3 to apply to a group of objects. These actions can be classified as follows:

Transition actions — In which you define when objects transition to another storage class. For example, you may choose to transition objects to the STANDARD_IA (IA, for infrequent access) storage class 30 days after creation, or archive objects to the GLACIER storage class one year after creation.
Expiration actions — In which you specify when the objects expire. Then Amazon S3 deletes the expired objects on your behalf.

For more information on AWS S3 Lifecycle policies, please visit the following URL:
https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html

Answer 300

A

Answer: C

Snapshot of the service limits that the Trusted Advisor can monitor will be found in AWS documentation

Option A is invalid because even though you can monitor resources, it cannot be checked against the service limit.

Option B is invalid because this is the Elastic Compute cloud service Option D is invalid because it can be send notification but not check on service limits

For more information on the Trusted Advisor monitoring, please visit the below
URL: https://aws.amazon.com/premiumsupport/ta-faqs/

Answer 301

A

Answer: D

You can copy an Amazon Machine Image (AMI) within or across an AWS region using the AWS Management Console, the AWS command line tools or SDKs, or the Amazon EC2 API, all of which support the CopyImage action. You can copy both Amazon EBS-backed AMIs and instance store-backed AMIs. You can copy AMIs with encrypted snapshots and encrypted AMIs. Copying a source AMI results in an identical but distinct target AMI with its own unique identifier. In the case of an Amazon EBS-backed AMI, each of its backing snapshots is, by default, copied to an identical but distinct target snapshot. Option A is invalid, because it is a maintenance overhead to maintain another non-running instance Option B is invalid, because the pre-configured software could have settings on the root volume Option C is invalid because this is a long and inefficient way to restore a failed instance

For more information on Copying AMI’s, please visit the below URL:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/CopyingAMIs.html

Answer 302

A

Answer: B

Applications must sign their API requests with AWS credentials. Therefore, if you are an application developer, you need a strategy for managing credentials for your applications that run on EC2 instances. For example, you can securely distribute your AWS credentials to the instances, enabling the applications on those instances to use your credentials to sign requests, while protecting your credentials from other users. However, it’s challenging to securely distribute credentials to each instance, especially those that AWS creates on your behalf, such as Spot Instances or instances in Auto Scaling groups. You must also be able to update the credentials on each instance when you rotate your AWS credentials. LAM roles are designed so that your applications can securely make API requests from your instances, without requiring you to manage the security credentials that the applications use.

For more information on IAM Roles, please visit the below URL:
http: //docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

Answer 303

A

Answer: A

The AWS Documentation mentions the following on Encryption keys - SSE-S3 requires that Amazon S3 manage the data and master encryption keys. - SSE-C requires that you manage the encryption key. - SSE-KMS requires that AWS manage the data key but you manage the master key in AWS KMS.

For more information on using the Key Management service for S3, please visit the below URL: https://docs.aws.amazon.com/kms/latest/developerguide/services-s3.html

Answer 304

A

Answer: C

The AWS Documentation mentions the following on monitoring Redshift Clusters Amazon CloudWatch metrics help you monitor physical aspects of your cluster, such as CPU utilization, latency, and throughput. Metric data is displayed directly in the Amazon Redshift console. You can also view it in the Amazon CloudWatch console, or you can consume it in any other way you work with metrics such as with the Amazon CloudWatch Command Line Interface (CLI) or one of the AWS Software Development Kits (SDKs).

For more information on monitoring Redshift please visit the below URL:
https://docs.aws.amazon.com/redshift/latest/mgmt/metrics.html

Answer 305

A

Answer: A

The AWS Documentation mentions the following Using CloudFront can be more cost effective if your users access your objects frequently because, at higher usage, the price for CloudFront data transfer is lower than the price for Amazon S3 data transfer.
In addition, downloads are faster with CloudFront than with Amazon S3 alone because your objects are stored closer to your users.

For more information on using Cloudfront with S3 please visit the below URL:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/MigrateS3ToCloudFront.html

Answer 306

A

Answer: A

The AWS Documentation mentions the following Amazon Simple Notification Service (Amazon SNS) is a web service that coordinates and manages the delivery or sending of messages to subscribing endpoints or clients. In Amazon SNS, there are two types of clients—publishers and subscribers—also referred to as producers and consumers. Publishers communicate asynchronously with subscribers by producing and sending a message to a topic, which is a logical access point and communication channel. Subscribers (i.e., web servers, email addresses, Amazon SQS queues, AWS Lambda functions) consume or receive the message or notification over one of the supported protocols (i.e., Amazon SQS, HTTP/S, email, SMS, Lambda) when they are subscribed to the topic.

For more information on the Simple Notification service, please visit the below URL: https://docs.aws.amazon.com/sns/latest/dg/welcome.html

Answer 307

A

Answer: C

Kinesis Streams supports changes to the data record retention period of your stream. A Kinesis stream is an ordered sequence of data records meant to be written to and read from in real-time. Data records are therefore stored in shards in your stream temporarily. The time period from when a record is added to when it is no longer accessible is called the retention period. A Kinesis stream stores records from 24 hours by default, up to 168 hours.

Option A, even though a possibility, cannot be taken for granted as the right option.

Option B is invalid since S3 can store data indefinitely unless you have a lifecycle policy defined.

Option D is invalid because the Kinesis service is perfect for this sort of data ingestion

For more information on Kinesis data retention, please refer to the below URL:
http: //docs.aws.amazon.com/streams/latest/dev/kinesis-extended-retention.html

Answer 308

A

Answer: A

The AWS Documentation mentions the following Amazon Redshift is a column- oriented, fully managed, petabyte-scale data warehouse that makes it simple and cost-effective to analyze all your data using your existing business intelligence tools. Amazon Redshift achieves efficient storage and optimum query performance through a combination of massively parallel processing, columnar data storage, and very efficient, targeted data compression encoding schemes

For more information on columnar database in AWS, please refer to the below URL:
https://aws.amazon.com/nosql/columnar/

Answer 309

A

Answer: A

Since there is a high performance requirement with high IOPS needed, one needs to opt for EBS Provisioned IOPS SSD The snapshot from the AWS Documentation mentions the need of using Provisioned IOPS for better IOPS performance for database based applications.

For more information on AWS EBS Volume types, please visit the following URL:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html

Answer 310

A

Answer: B

The AWS Documentation mentions the following AWS Elastic Beanstalk is an easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS. You can simply upload your code and Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring. At the same time, you retain full control over the AWS resources powering your application and can access the underlying resources at any time.

For more information on the Elastic beanstalk
service, please visit the following URL: https://aws.amazon.com/elasticbeanstalk/

Answer 311

A

Answer: B

This recommendation for increasing performance if you have a high request rate in S3 is given in the AWS documentation

For more information on S3 performance considerations, please visit the following URL:
https://docs.aws.amazon.com/AmazonS3/latest/dev/request-rate-perf-considerations.html

Answer 312

A

Answer: B

The Simple Queue service can be used to build a decoupled architecture. The AWS Documentation further mentions the following Amazon Simple Queue Service (SQS) is a fully managed message queuing service that makes it easy to decouple and scale microservices, distributed systems, and serverless applications. Building applications from individual components that each perform a discrete function improves scalability and reliability, and is best practice design for modern applications.

For more information on the Simple Queue Service, please visit the following URL:
https://aws.amazon.com/sqs/

Answer 313

A

Answer: D

The AWS Documentation mentions that the weighted routing policy is good for testing new versions of the software. And this is the ideal approach for Blue Green deployments. Weighted routing lets you associate multiple resources with a single
domain name (example.com) or subdomain name (acme.example.com) and choose how much traffic is routed to each resource. This can be useful for a variety of purposes, including load balancing and testing new versions of software.

For more information on Routes3 routing policies, please visit the following URL:
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html

Answer 314

A

Answer: C

When you are considering storage volume types for batch processing activities with large throughput, then consider using EBS Throughput Optimized volume type. This is also mentioned in the AWS Documentation

For more information on EBS volume types, please visit the following URL:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html

Answer 315

A

Answer: D

The AWS Documentation mentions the following about VPC Peering. A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them privately. Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your own VPCs, with a VPC in another AWS account, or with a VPC in a different AWS Region.

For more information on VPC Peering, please visit the following URL: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-peering.html

Answer 316

A

Answer: D

If you look at the comparison of the NAT gateway and NAT instances in the AWS Documentation, you can see that the NAT gateway is highly available and requires less management.

For more information on the comparison, please visit the following URL: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-comparison.html

Answer 317

A

Answer: A

The AWS Documentation mentions the following Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. DynamoDB enables customers to offload the administrative burdens of operating and scaling distributed databases to AWS so that they don’t have to worry about hardware provisioning, setup and configuration, throughput capacity planning, replication, software patching, or cluster scaling.

For more information on DynamoDB please visit the following URL:
https://aws.amazon.com/dynamodb/faqs/

Answer 318

A

Answer: D

The AWS Documentation mentions the following Amazon Elastic Container Registry (ECR) is a fully-managed Dockercontainer registry that makes it easy for developers to store, manage, and deploy Docker container images. Amazon ECR is integrated with Amazon Elastic Container Service (ECS), simplifying your development to production workflow.

For more information on the Elastic container service please visit the following URL:
https://aws.amazon.com/ecr/?nc2=h_m1

Answer 319

A

Answer: B

The AWS Documentation mentions the following Amazon EMR provides a managed Hadoop framework that makes it easy, fast, and cost-effective to process vast amounts of data across dynamically scalable Amazon EC2 instances. You can also run other popular distributed frameworks such as Apache Spark, HBase, Presto, and Flink in Amazon EMR, and interact with data in other AWS data stores such as Amazon S3 and Amazon DynamoDB. Amazon EMR securely and reliably handles a broad set of big data use cases, including log analysis, web indexing, data transformations (ETL), machine learning, financial analysis, scientific simulation, and bioinformatics.

For more information on the EMR service please visit the following:
URL: https://aws.amazon.com/emr/?nc2=h_m1

Answer 320

A

Answer: C

When the idea comes for scalability then SQS is the best option. Normally DynamoDB is scalable, but since one is looking for a cost effective solution, the messaging in SQS can assist in managing the situation mentioned in the question. Amazon Simple Queue Service (SQS) is a fully-managed message queuing service for reliably communicating among distributed software components and microservices - at any scale. Building applications from individual components that each perform a discrete function improves scalability and reliability, and is best practice design for modern applications. SQS makes it simple and cost-effective to decouple and coordinate the components of a cloud application. Using SQS, you can send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be always available

For more information on SQS, please refer to the URL:
https://aws.amazon.com/sqs/

Answer 321

A

Answer: B

If you want to use CloudFront signed URLs or signed cookies to provide access to objects in your Amazon S3 bucket, you probably also want to prevent users from accessing your Amazon S3 objects using Amazon S3 URLs. If users access your objects directly in Amazon S3, they bypass the controls provided by CloudFront signed URLs or signed cookies, for example, control over the date and time that a user can no longer access your content and control over which IP addresses can be used to access content. In addition, if user’s access objects both through CloudFront and directly by using Amazon S3 URLs, CloudFront access logs are less useful because they’re incomplete.

For more information on Origin Access Identity please see the below link:
http: //docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html

Answer 322

A

Answer: A

The AWS Documentation mentions the following which helps support thisrequirement Tags enable you to categorize your AWS resources in different ways, for example, by purpose, owner, or environment. This is useful when you have many resources of the same type — you can quickly identify a specific resource based on the tags you’ve assigned to it. Each tag consists of a key and an optional value, both of which you define. For example, you could define a set of tags for your account’s Amazon EC2 instances that helps you track each instance’s owner and stack level. We recommend that you devise a set of tag keys that meets your needs for each resource type. Using a consistent set of tag keys makes it easier for you to manage your resources. You can search and filter the resources based on the tags you add.

For more information on using tags, please see the below link:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html

Answer 323

A

Answer: D

The diagram from the AWS documentation show cases this architecture

For more information on the VPC Scenario for public and private subnets please see the below link:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html

Answer 324

A

Answer: D

Snapshots are point-in-time backups of a cluster. There are two types of snapshots: automated and manual. Amazon Redshift stores these snapshots internally in Amazon S3 by using an encrypted Secure Sockets Layer (SSL) connection. If you need to restore from a snapshot, Amazon Redshift creates a new cluster and imports data from the snapshot that you specify. Now since the question already mentions that the cluster is easily reproducible from additional data stored on Amazon Sg then you don’t need to maintain any sort of snapshots

For more information on Red shift snapshots, please visit the below URL:
http://docs.aws.amazon.com/redshift/latest/mgmt/working-with-snapshots.html

Answer 325

A

Answer: D

IAM roles are designed so that your applications can securely make API requests from your instances, without requiring you to manage the security credentials that the applications use. Instead of creating and distributing your AWS credentials

For more information on LAM Roles please refer to the below link:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

Answer 326

A

Answer: A, D, E

Amazon RDS Read Replicas provide enhanced performance and durability for database (DB) instances. This replication feature makes it easy to elastically scale out beyond the capacity constraints of a single DB Instance for read-heavy database workloads. You can create one or more replicas of a given source DB Instance and serve high-volume application read traffic from multiple copies of your data, thereby increasing aggregate read throughput For more information on Read Replica’s please refer to the below link: https://aws.amazon.com/rds/details/read-replicas/ Sharding is a common concept to split data across multiple tables in a database

For more information on sharding please refer to the below link:
https://forums.aws.amazon.com/thread.jspa?messageID=203052

Amazon ElastiCache is a web service that makes it easy to deploy, operate, and scale an in-memory data store or cache in the cloud. The service improves the performance of web applications by allowing you to retrieve information from fast, managed, in-memory data stores, instead of relying entirely on slower disk-based databases

For more information on Elastic Cache please refer to the below link:

https://aws.amazon.com/elasticache/

Option B is not an ideal way to scale a database

Option C is not ideal to store the data which would go into a database because of the message size

Option F is invalid because Multi-AZ feature is only a failover option

Answer 327

A

Answer: C

Elastic Beanstalk supports the deployment of web applications from Docker containers. With Docker containers, you can define your own runtime environment. You can choose your own platform, programming language, and any application dependencies (such as package managers or tools), that aren’t supported by other platforms. Docker containers are self-contained and include all the configuration information and software your web application requires to run. Option A is an efficient way to use Docker. The entire idea of Docker is that you have a separate environment for various applications. Option B is ideally used to running code and not packaging the applications and dependencies Option D is not ideal deploying Docker containers using Cloudformation.

For more information on Docker and Elastic Beanstalk, please visit the below URL:
http: //docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_docker.html

Answer 328

A

Answer: C

The best way is to distribute the instances across multiple AZ’s to get the best and avoid a disaster scenario. With this scenario, you will always a minimum of more than 8 servers even if one AZ were to go down.

Even though options A and D are also valid options, the best option when it comes to distribution is Option C.

For more information on High Availability and Fault tolerance, please refer to the below link:
https://media.amazonwebservices.com/architecturecenter/AWS_ac_ra_ftha_o4.pdf

Answer 329

A

Answer: C

Option A is invalid, because cloudwatch will not store the logs indefinitely and secondly it won’t be the cost effective option.

Option B is invalid, because it won’t server the purpose of regularly retrieve the most recent logs for troubleshooting. You will need to pay more to retrieve the logs faster from this storage.

Option D is invalid, because it is not an ideal or cost effective option.

For more information on Lifecycle management please refer to the below link:
http://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html

Answer 330

A

Answer: B

If you need an AMI across multiple regions , then you have to copy the AMI across regions.

Note that by default AMI’s that you have created will not be available across all regions.
So option A is automatically invalid.

Next you can share AMI’s with other users, but they will not be available across regions. So option C and D is invalid.

You have to copy the AMI across regions.

For more information on copying AMI’s , please refer to the below URL:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/CopyingAMIs.html

Answer 331

A

Answer: A

AWS Cloudtrail is the defacto service provided by aws for monitoring all API calls to AWS and is used for logging and monitoring purposes for compliance purposes. Amazon Cloudtrail detects every call made to aws and creates a log which can then be further used for analysis.

For more information on Amazon Cloudtrail , please visit the link:
https://aws.amazon.com/cloudtrail/

Answer 332

A

Answer: D

This question is not that complicated, even though if you don’t understand the options. By default when you see “collection of logs and processing of logs”, directly think of AWS EMR. Amazon EMR provides a managed Hadoop framework that makes it easy, fast, and cost-effective to process vast amounts of data across dynamically scalable Amazon EC2 instances. You can also run other popular distributed frameworks such as Apache Spark, HBase, Presto, and Flink in Amazon EMR, and interact with data in other AWS data stores such as Amazon S3 and Amazon DynamoDB. Amazon EMR securely and reliably handles a broad set of big data use cases, including log analysis, web indexing, data transformations (ETL), machine learning, financial analysis, scientific simulation, and bioinformatics.

For more information on EMR, please visit the link:
https://aws.amazon.com/emr/

Answer 333

A

Answer: A

Amazon S3 is a perfect storage layer for storing documents and other types of objects Amazon S3 also has the option for versioning as shown below. The versioning is on the bucket level and can be used to recover prior versions of an object.

For more information on Amazon S3, please visit the following URL:
https://aws.amazon.com/s3/

Answer 334

A

Answer: D

The AWS Documentation mentions the following Amazon RDS Multi-AZ deployments provide enhanced availability and durability for Database (DB) Instances, making them a natural fit for production database workloads. When you provision a Multi-AZ DB Instance, Amazon RDS automatically creates a primary DB Instance and synchronously replicates the data to a standby instance in a different Availability Zone (AZ). Each AZ runs on its own physically distinct, independent infrastructure, and is engineered to be highly reliable. In case of an infrastructure failure, Amazon RDS performs an automatic failover to the standby (or to a read replica in the case of Amazon Aurora), so that you can resume database operations as soon as the failover is complete. Since the endpoint for your DB Instance remains the same after a failover, your application can resume database operation without the need for manual administrative intervention.

For more information on AWS RDS Multi-AZ, please visit the following URL:
https://aws.amazon.com/rds/details/multi-az/

Answer 335

A

Answer: A, C

One can create a Lambda function which can contain the code to process the file and add the name of the file to the DynamoDB table. You can then use the Event notification from the S3 bucket to invoke the Lambda function whenever the file is uploaded.

For more information on Amazon S3 event notification, please visit the following URL:
https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html

Answer 336

A

Answer: D

The AWS Documentation supports the mentioned requirements which is supported by AWS Aurora Amazon Aurora (Aurora) is a fully managed, MySQL- and PostgreSQL-compatible, relational database engine. It combines the speed and reliability of high-end commercial databases with the simplicity and cost-effectiveness of open-source databases. It delivers up to five times the throughput of MySQL and up to three times the throughput of PostgreSQL without requiring changes to most of your existing applications. All Aurora Replicas return the same data for query results with minimal replica lag—usually much less than 100 milliseconds after the primary instance has written an update.

For more information on AWS Aurora, please visit the following URL:
http: //docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Aurora.Overview.html

Answer 337

A

Answer: C

The AWS Documentation mentions the following: You can host a static website on Amazon Simple Storage Service (Amazon S3). On a static website, individual webpages include static content. They might also contain client-side scripts.

For more information on AWS S3 web site hosting, please visit the following URL:
https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html

Answer 338

A

Answer: C

Since the database is not going to be used that frequently you should ideally choose the EBS General Purpose SSD over EBS provisioned IOPS SSD.

For more information on AWS EBS Volumes, please visit the following URL:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumes.html

Answer 339

A

Answer: B

The AWS Documentation mentions the following Amazon EFS provides scalable file storage for use with Amazon EC2. You can create an EFS file system and configure your instances to mount the file system. You can use an EFS file system as a common data source for workloads and applications running on multiple instances

For more information on AWS EFS, please visit the following URL:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEFS.html

Answer 340

A

Answer: B, D

Store the images initially in Standard storage since they are accessed frequently. Define Lifecycle policies to move the images to Infrequent Access storage to save on costs. Amazon S3 Infrequent access is perfect if you want to store data that is not frequently access. It is must more cost effective than Option D of Amazon Sg Standard. And if you choose Amazon Glacier with expedited retrievals, then you defeat the whole purpose of the requirement, because you would have an increased cost with this option

For more information on AWS Storage classes, please visit the following URL:
https://aws.amazon.com/s3/storage-classes/

Answer 341

A

Answer: B

The AWS Documentation mentions the following Expedited retrievals allow you to quickly access your data when occasional urgent requests for a subset of archives are required.

For more information on AWS Glacier Retrieval, please visit the following
URL: https://docs.aws.amazon.com/amazonglacier /latest/dev/downloading-an-archive-two-steps.html

Answer 342

A

Answer: A

The AWS Documentation mentions the following Amazon Elastic Container Service for Kubernetes (Amazon EKS) is a managed service that makes it easy for you to run Kubernetes on AWS without needing to install and operate your own Kubernetes clusters

For more information on AWS Elastic Container service for Kubernetes, please visit the following URL: https://aws.amazon.com/eks/

Answer 343

A

Answer: B

The AWS Documentation mentions the following The cool down period is a configurable setting for your Auto Scaling group that helps to ensure that it doesn’t launch or terminate additional instances before the previous scaling activity takes effect. After the Auto Scaling group dynamically scales using a simple scaling policy, it waits for the cool down period to complete before resuming scaling activities.

For more information on Autoscaling cooldown, please visit the following URL:
https://docs.aws.amazon.com/autoscaling/ec2/userguide/Cooldown.html

Answer 344

A

Answer: C

Option A and B are invalid because by default the Security Groups already block
traffic. You can use NACL’s as an additional security layer for the subnet to deny traffic.

Option D is invalid since just changing the Inbound Rules is sufficient.

The AWS Documentation mentions the following A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. You might set up network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC. For optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. You might set up network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC.

For more information on Network Access Control Lists, please visit the following URL:
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html

Answer 345

A

Answer: A

If the request rate is high, then you can use hash keys or random strings to prefix the object name. In such a case, the partitions used to store the objects will be better distributed and hence allow for better read/write performance for your objects.

For more information on how to ensure performance in S3, please visit the following URL:
https://docs.aws.amazon.com/AmazonS3/latest/dev/request-rate-perf-considerations.html

Answer 346

A

Answer: D

The AWS Documentation mentions the following You can use roles to delegate access to users, applications, or services that don’t normally have access to your AWS resources. Its not a best practice to use IAM credentials for any production based application. It’s always a good practice to use IAM Roles. For more information on IAM Roles, please visit the following URL: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html

Answer 347

A

Answer: B

The AWS Documentation mentions the following to backup this requirement Amazon CloudFront is a web service that speeds up distribution of your static and dynamic web content, such as .html, .css, .js, and image files, to your users. CloudFront delivers your content through a worldwide network of data centers called edge locations. When a user requests content that you’re serving with CloudFront, the user is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance. If the content is already in the edge location with the lowest latency, CloudFront delivers it immediately. If the content isnot in that edge location, CloudFront retrieves it from an Amazon S3 bucket or an HTTP server (for example, a web server) that you have identified as the source for the definitive version of your content.

For more information on Amazon Cloudfront, please visit the following URL: https://docs.aws.amazon.com/AmazonCloudFront/latest/ DeveloperGuide/Introduction.html

Answer 348

A

Answer: C

With Amazon CloudSearch, you can quickly add rich search capabilities to your website or application. You don’t need to become a search expert or worry about hardware provisioning, setup, and maintenance. With a few clicks in the AWS
Management Console, you can create a search domain and upload the data that you want to make searchable, and Amazon CloudSearch will automatically provision the required resources and deploy a highly tuned search index. You can easily change your search parameters, fine tune search relevance, and apply new settings at any time. As your volume of data and traffic fluctuates, Amazon CloudSearch seamlessly scales to meet your needs.

For more information on AWS cloudsearch , please visit the below link:
https://aws.amazon.com/cloudsearch/

Answer 349

A

Answer: B

The AWS Documentation mentions the following AWS Direct Connect makes it easy to establish a dedicated network connection from your premises to AWS. Using AWS Direct Connect, you can establish private connectivity between AWS and your datacenter, office, or colocation environment, which in many cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections.   For more information on AWS Direct Connect, please visit the below link:
https://aws.amazon.com/directconnect/

Answer 350

A

Answer: A, B

Tags enable you to categorize your AWS resources in different ways, for example, by purpose, owner, or environment. This is useful when you have many resources of the same type — you can quickly identify a specific resource based on the tags you’ve assigned to it. Each tag consists of a key and an optional value, both of which you define

For more information on tagging aws resources please refer to the below URL:
http: //docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html

Answer 351

A

Answer: B, E

Amazon Cloudwatch will be used to monitor the IOP’s metrics from the RDS instance and Amazon Simple Notification Service will be used to send the notification if any alarm is triggered.

For more information on cloudwatch metrics, please refer to the link:
http://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CW_Support_For_AWS.html

Answer 352

A

Answer: C

You can distribute private content using a signed URL that is valid for only a short time—possibly for as little as a few minutes. Signed URLs that are valid for such a short period are good for distributing content on-the-fly to a user for a limited purpose, such as distributing movie rentals or music downloads to customers on demand.

For more information on Signed URL’s please visit the below link:
http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-signed-urls.html

Answer 353

A

Answer: B

The AWS Documentation mentions the below on AWS Cloudformation. This supplements the requirement in the question for the consultants to use their architecture diagrams to construct cloudformation templates. AWS CloudFormation is a service that helps you model and set up your Amazon Web Services resources so that you can spend less time managing those resources and more time focusing on your applications that run in AWS. You create a template that describes all the AWS resources that you want (like Amazon EC2 instances or Amazon RDS DB instances), and AWS CloudFormation takes care of provisioning and configuring those resources for you.

For more information on AWS Cloudformation, please visit the following URL:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html

Answer 354

A

Answer: A

Option B is incorrect - The AWS Certificate manager can be used to generate SSL certificates that can be used to encrypt traffic in transit, but not at rest

Option C is incorrect is again used for issuing tokens when using API gateway for traffic in transit.

Option D is used for secure access to EC2 Instances

The AWS Documentation mentions the following on AWS KMS AWS Key Management Service (AWS KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data. AWS KMS is integrated with other AWS services including Amazon Elastic Block Store (Amazon EBS), Amazon Simple Storage Service (Amazon S3), Amazon Redshift, Amazon Elastic Transcoder, Amazon WorkMail, Amazon Relational Database Service (Amazon RDS), and others to make it simple to encrypt your data with encryption keys that you manage

For more information on AWS KMS, please visit the following URL:
https://docs.aws.amazon.com/kms/latest/developerguide/overview.html

Answer 355

A

Answer: C

The AWS Documentation mentions the following You can back up the data on your Amazon EBS volumes to Amazon S3 by taking point-in-time snapshots. Snapshots are incremental backups, which means that only the blocks on the device that have
changed after your most recent snapshot are saved. This minimizes the time required to create the snapshot and saves on storage costs by not duplicating data.

For more information on EBS snapshots, please visit the following URL:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.html

Answer 356

A

Answer: A

The AWS Documentation mentions the following Amazon DynamoDB is a fast and flexible NoSQL database service for all applications that need consistent, single-digit millisecond latency at any scale. It is a fully managed cloud database and supports both document and key-value store models. Its flexible data model, reliable performance, and automatic scaling of throughput capacity, makes it a great fit for mobile, web, gaming, ad tech, IoT, and many other applications

For more information on AWS DynamoDB, please visit the following URL: https://aws.amazon.com/dynamodb/

Answer 357

A

Answer: D

The AWS Documentation mentions the following Amazon Simple Queue Service (SQS) is a fully managed message queuing service that makes it easy to decouple and scale microservices, distributed systems, and serverless applications. Building applications from individual components that each perform a discrete function improves scalability and reliability, and is best practice design for modern applications. SQS makes it simple and cost-effective to decouple and coordinate the components of a cloud application. Using SQS, you can send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be always available.

For more information on AWS SQS, please visit the following URL:
https://aws.amazon.com/sqs/

Answer 358

A

Answer: A

The AWS Documentation mentions the following You can use the AWS Security Token Service (AWS STS) to create and provide trusted users with temporary security credentials that can control access to your AWS resources. Temporary security credentials are short-term, as the name implies. They can be configured to last for anywhere from a few minutes to several hours. After the credentials expire, AWS no longer recognizes them or allows any kind of access from API requests made with them.

For more information on the Secure Token Service, please visit the following URL:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html

Answer 359

A

Answer: B

The AWS Documentation mentions the following AWS Auto Scaling monitors your applications and automatically adjusts capacity to maintain steady, predictable performance at the lowest possible cost. Using AWS Auto Scaling, it’s easy to setup application scaling for multiple resources across multiple services in minutes.

For more information on AWS Autoscaling, please visit the following URL:
https://aws.amazon.com/autoscaling/

Answer 360

A

Answer: C

The AWS Documentation mentions the following Amazon ElastiCache offers fully managed Redis and Memcached. Seamlessly deploy, operate, and scale popular open source compatible in-memory data stores. Build data-intensive apps or improve the
performance of your existing apps by retrieving data from high throughput and low latency in-memory data stores. Amazon ElastiCache is a popular choice for Gaming, Ad-Tech, Financial Services, Healthcare, and IoT apps.

For more information on AWS ElastiCache, please visit the following URL: https://aws.amazon.com/elasticache/

Answer 361

A

Answer: A

Since there is a high performance requirement with high IOPS needed, one needs to opt for EBS Provisioned IOPS SSD The snapshot from the AWS Documentation mentions the need of using Provisioned IOPS for better IOPS performance for database based applications.

For more information on AWS EBS Volume types, please visit the following URL:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html

Answer 362

A

Answer: C

When you want to automate deployment, the automatic choice is Cloudformation. Below is the excerpt from AWS on cloudformation. AWS CloudFormation gives developers and systems administrators an easy way to create and manage a collection of related AWS resources, provisioning and updating them in an orderly and predictable fashion. You can use AWS CloudFormation’s sample templates or create your own templates to describe the AWS resources, and any associated dependencies or runtime parameters, required to run your application. You don’t need to figure out the order for provisioning AWS services or the subtleties of making those dependencies work. CloudFormation takes care of this for you. After the AWS resources are deployed, you can modify and update them in a controlled and predictable way, in effect applying version control to your AWS infrastructure the same way you do with your software

For more information on Cloud Formation, please visit the URL:
https://aws.amazon.com/cloudformation/

Answer 363

A

Answer: A

The AWS Documentation mentions the following You control access to Amazon API Gateway with LAM permissions by controlling access to the following two API Gateway component processes: - To create, deploy, and manage an API in API Gateway, you must grant the API developer permissions to perform the required actions supported by the API management component of API Gateway. - Tocalla deployed API or to refresh the API caching, you must grant the API caller permissions to perform required LAM actions supported by the API execution component of API Gateway.

For more information on permissions for the API gateway, please visit the URL:
https://docs.aws.amazon.com/apigateway/latest/developerguide/permissions.html

Answer 364

A

Answer: C

The AWS Documentation mentions the following A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them privately. Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your own VPCs, with a VPC in another AWS account, or with a VPC in a different AWS Region.

For more information on VPC peering, please visit the URL:
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-peering.html

Answer 365

A

Answer: C

The AWS Documentation mentions the following Spot Instances in Amazon EMR provide an option for you to purchase Amazon EC2 instance capacity at a reduced cost
as compared to On-Demand purchasing.

For more information on Instance types for EMR, please visit the URL:
https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-instance-purchasing-options.html

Answer 366

A

Answer: B

The AWS Documentation mentions the following All objects by default are private.
Only the object owner has permission to access these objects. However, the object
owner can optionally share objects with others by creating a pre-signed URL, using
their own security credentials, to grant time-limited permission to download the
objects.

For more information on pre-signed URL’s, please visit the URL
https://docs.aws.amazon.com/AmazonS3/latest/dev/ShareObjectPreSignedURL.html

Answer 367

A

Answer: C

The AWS Documentation mentions the following A DynamoDB stream is an ordered flow of information about changes to items in an Amazon DynamoDB table. When you enable a stream on a table, DynamoDB captures information about every modification to data items in the table. Whenever an application creates, updates, or deletes items in the table, DynamoDB Streams writes a stream record with the primary key attribute(s) of the items that were modified. Astream record contains information about a data modification to a single item in a DynamoDB table. You can configure the stream so that the stream records capture additional information, such as the “before” and “after” images of modified items. For more information on DynamoDB streams ,

please visit the below url
http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Streams.html

Answer 368

A

Answer: B

The AWS Documentation mentions the following on the Trusted Advisor An online resource to help you reduce cost, increase performance, and improve security by optimizing your AWS environment, Trusted Advisor provides real time guidance to
help you provision your resources following AWS best practices. For more information on the Trusted Advisor ,

please visit the below URL:
https://aws.amazon.com/premiumsupport/trustedadvisor/

Answer 369

A

Answer: B

The AWS Documentation mentions the following VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data is stored using Amazon CloudWatch Logs. After you’ve created a fl Logs, please visit the following URL:
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html

Answer 370

A

Answer: B

The diagram shows that snapshots are available for Redshift clusters which enables clusters to be available in different regions

For more information on managing Redshift snapshots, please visit the following URL:
https://docs.aws.amazon.com/redshift/latest/mgmt/managing-snapshots-console.html

Answer 371

A

Answer: B

The AWS Documentation mentions the following Amazon RDS Read Replicas enable you to create one or more read-only copies of your database instance within the same AWS Region or in a different AWS Region. Updates made to the source database are then asynchronously copied to your Read Replicas. In addition to providing scalability for read-heavy workloads, Read Replicas can be promoted to become a standalone database instance when needed.

For more information on Read Replica’s, please visit the following URL:
https://aws.amazon.com/rds/details/read-replicas/

Answer 372

A

Answer: C

The AWS Documentation mentions the below Amazon Kinesis makes it easy to collect, process, and analyze real-time, streaming data so you can get timely insights and react quickly to new information. Amazon Kinesis offers key capabilities to cost effectively process streaming data at any scale, along with the flexibility to choose the of your application. With Amazon Kinesis, you can ingest real-time data such as application logs, website clickstreams, IoT telemetry data, databases, data lakes and data warehouses, or build your own real- time applications using this data. Amazon Kinesis enables you to process and analyze data as it arrives and respond in real-time instead of having to wait until all your data is collected before the processing can begin.

For more information on AWS Kinesis please see the below link:
https://aws.amazon.com/kinesis/

Answer 373

A

Answer: C

The AWS Documentation mentions the below An Amazon Machine Image (AMI) provides the information required to launch an instance, which is a virtual server in the cloud. You must specify a source AMI when you launch an instance. You can launch multiple instances from a single AMI when you need multiple instances with the same configuration. You can use different AMIs to launch instances when you need instances with different configurations.

For more information on AMI’s please see the below link:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html

Answer 374

A

Answer: B, C

The AWS documentation mentions the following about the respective services With a Snowball, you can transfer hundreds of terabytes or petabytes of data between your on-premises data centers and Amazon Simple Storage Service (Amazon S3). AWS Snowball uses Snowball appliances and provides powerful interfaces that you can use to create jobs, transfer data, and track the status of your jobs through to completion. By shipping your data in Snowballs, you can transfer large amounts of data at a significantly faster rate than if you were transferring that data over the Internet, saving you time and money. AWS Direct Connect links your internal network to an AWS Direct Connect location over a standard 1-gigabit or 10-gigabit Ethernet fiber-optic cable. One end of the cable is connected to your router, the other to an AWS Direct Connect router. With this connection in place, you can create virtual interfaces directly
to public AWS services (for example, to Amazon S3) or to Amazon VPC, bypassing Internet service providers in your network pat

For more information on Direct Connect, please refer to the below URL:
http: //docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html

For more information on AWS Snowball, please refer to the below URL:
http: //docs.aws.amazon.com/snowball/latest/ug/whatissnowball.html

Answer 375

A

Answer: B

The AWS Documentation mentions the following By default, any cluster that you create is closed to everyone. LAM credentials only control access to the Amazon Redshift API-related resources: the Amazon Redshift console, command line interface (CLI), API, and SDK. To enable access to the cluster from SQL client tools via JDBC or ODBC, you use security groups:

If you are using the EC2-Classic platform for your Amazon Redshift cluster, you must use Amazon Redshift security groups.
If you are using the EC2-VPC platform for your Amazon Redshift cluster, you must use VPC security groups.

For more information on Amazon Redshift, please refer to the below URL:
http: //docs.aws.amazon.com/redshift/latest/mgmt/overview. html

Answer 376

A

Answer: D

The AWS Documentation mentions the following Amazon Kinesis makes it easy to collect, process, and analyze real-time, streaming data so you can get timely insights and react quickly to new information. Amazon Kinesis offers key capabilities to cost-effectively process streaming data at any scale, along with the flexibility to choose the tools that best suit the requirements of your application. With Amazon Kinesis, you can ingest real-time data such as video, audio, application logs, website clickstreams, and IoT telemetry data for machine learning, analytics, and other applications. Amazon Kinesis enables you to process and analyze data as it arrives and respond instantly instead of having to wait until all your data is collected before the processing can begin.

For more information on Amazon Kinesis , please visit the link:
https://aws.amazon.com/kinesis/

Answer 377

A

Answer: D

You would use VPC Security Groups for this. The AWS Documentation additionally mentions the following A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a VPC, you can assign up to five security groups to the instance. Security groups act at the instance level, not the subnet level. Therefore, each instance in a subnet in your VPC could be assigned to a different set of security groups. If you don’t specify a particular group at launch time, the instance is automatically assigned to the default security group for the VPC.

For more information on VPC Security Groups, please visit the link:
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html

Answer 378

A

Answer: A

When you consider block level storage , then you need to consider EBS Volumes. Option B and C is incorrect since they are object level storage. Option D is incorrect since this is file level storage.

For more information on EBS volumes, please visit the following URL:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumes.html

Answer 379

A

Answer: D

If you need storage for infrequently accessed storage , then EBS Cold HDD is the best option for this This is also mentioned in the AWS Documentation

For more information on EBS volume types, please visit the following URL:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html

Answer 380

A

Answer: D

You can use Amazon CloudWatch Logs to monitor, store, and access your log files from Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, and other sources.

For more information on Cloudwatch Logs, please visit the following URL:
https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html

Answer 381

A

Answer: A

When you have instances that will be used continuously and throughout the year, the best option is to buy reserved instances. By buying reserved instances, you are actually allocated an instance for the entire year or the duration you specify with a reduced cost.

To understand more on reserved instances, please visit the below URL:
https://aws.amazon.com/ec2/pricing/reserved-instances/

Answer 382

A

Answer: B

AWS S3 is already highly available and fault tolerant.

This is very clearly mentioned in its FAQ’s, the link is given below
https://aws.amazon.com/s3/faqs/

Answer 383

A

Answer: A

With the above requirements, the best option is to opt for Amazon Glacier. The AWS Documentation further mentions the following Amazon Glacier is a secure, durable, and extremely low-cost cloud storage service for data archiving and long-term backup. It is designed to deliver 99.999999999% durability, and provides comprehensive security and compliance capabilities that can help meet even the most stringent regulatory requirements

For more information on Amazon Glacier, please refer to the below URL:
https://aws.amazon.com/glacier/

Answer 384

A

Answer: C

Amazon S83 is the best storage option for this. It is durable and highly available.

For more information on Amazon S3, please refer to the below URL:
https://aws.amazon.com/s3/

Answer 385

A

Answer: A, B

This is provided in the aws documentation.

For more information on troubleshooting Autoscaling, please refer to the
following link: http://docs.aws.amazon.com/autoscaling/latest/userguide/ts-as-capacity.html

Answer 386

A

Answer: C

You can control how long your objects stay in a CloudFront cache before CloudFront forwards another request to your origin. Reducing the duration allows you to serve dynamic content. Increasing the duration means your users get better performance because your objects are more likely to be served directly from the edge cache. A longer duration also reduces the load on your origin.

For more information on Cloudfront cache expiration, please refer to the following link:
http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html

Answer 387

A

Answer: A

Since the cost needs to be at a minimum, the best option is to back up all the resources and then perform a restore in the event of a disaster.

For more information on disaster recovery, please refer to the below link:
https://media.amazonwebservices.com/AWS_Disaster_Recovery.pdf

Answer 388

A

Answer: C

Once can simple start using the NAT gateway service and stop using the deployed NAT instances. But you need to ensure that the NAT gateway is deployed in the public subnet

For more information on migrating to a NAT gateway, please visit the following URL:
https://aws.amazon.com/premiumsupport/knowledge-center/migrate-nat-instance-gateway/

Answer 389

A

Answer: A,C

When you use Cloudwatch metrics for an ELB, you can get the amount of read requests and latency out of the box.

For more information on using Cloudwatch with the ELB, please visit the following URL:
https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-cloudwatch-metrics.html

Elastic Load Balancing provides access logs that capture detailed information about requests sent to your load balancer. Each log contains information such as the time the request was received, the client’s IP address, latencies, request paths, and server responses. You can use these access logs to analyze traffic patterns and to troubleshoot issues.

For more information on using ELB logs, please visit the following URL:
https://docs.aws.amazon.com/elasticloadbalancing /latest/classic/access-log-collection.html

Answer 390

A

Answer: C

The AWS Documentation mentions the following If you need low-latency access to your entire dataset, first configure your on-premises gateway to store all your data locally. Then asynchronously back up point-in-time snapshots of this data to Amazon S3. This configuration provides durable and inexpensive offsite backups that you can recover to your local data center or Amazon EC2. For example, if you need replacement capacity for disaster recovery, you can recover the backups to Amazon EC2.

For more information on the Storage gateway, please visit the following URL:
https://docs.aws.amazon.com/storagegateway/latest/userguide/WhatIsStorageGateway-html

Answer 391

A

Answer: A

A VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network.

For more information on AWS VPC endpoints, please visit the following URL: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-endpoints.html

Answer 392

A

Answer: B

The ideal setup is to ensure that the web server is hosted in the public subnet so that it can be accessed by users on the internet. The database server can be hosted in the private subnet. The diagram from the AWS Documentation shows how this can be setup

For more information on public and private subnets in AWS, please visit the following URL:
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html

Answer 393

A

Answer: A, B, C

The AWS documentation mentions the following Amazon EBS encryption offers you a simple encryption solution for your EBS volumes without the need for you to build, maintain, and secure your own key management infrastructure. When you create an encrypted EBS volume and attach it to a supported instance type, the following types
of data are encrypted:

Data at rest inside the volume
All data moving between the volume and the instance
All snapshots created from the volume Data protection refers to protecting
data while in-transit (as it travels to and from Amazon S3) and at rest (while it is stored
on disks in Amazon S3 data centers).

You can protect data in transit by using SSL or by using client-side encryption. You
have the following options of protecting data at rest in Amazon S3.

-Use Server-Side Encryption — You request Amazon S3 to encrypt your object
before saving it on disks in its data centers and decrypt it when you download the
objects.

-Use Client-Side Encryption — You can encrypt data client-side and upload the
encrypted data to Amazon S3. In this case, you manage the encryption process, the
encryption keys, and related tools. You can create a load balancer that uses the
SSL/TLS protocol for encrypted connections (also known as SSL offload). This feature
enables traffic encryption between your load balancer and the clients that initiate
HTTPS sessions, and for connections between your load balancer and your EC2
instances.

For more information on securing data at rest , please refer to the below link:
https://do.awsstatic.com/whitepapers/aws-securing-data-at-rest-with-encryption.pdf

Answer 394

A

Answer: A, D

AWS showcases a self-healing architecture where you have a set of EC2 servers as Web server being launched by an Autoscaling Group. The AWS Documentation mentions the following Amazon RDS Multi-AZ deployments provide enhanced availability and durability for Database (DB) Instances, making them a natural fit for production database workloads. When you provision a Multi-AZ DB Instance, Amazon RDS automatically creates a primary DB Instance and synchronously replicates the data to a standby instance in a different Availability Zone (AZ). Each AZ runs on its own physically distinct, independent infrastructure, and is engineered to be highly reliable. In case of an infrastructure failure, Amazon RDS performs an automatic failover to the standby (or to a read replica in the case of Amazon Aurora), so that you can resume database operations as soon as the failover is complete. Since the endpoint for your DB Instance remains the same after a failover, your application can resume database operation without the need for manual administrative intervention.

For more information on Multi-AZ RDS, please refer to the below link:
https://aws.amazon.com/rds/details/multi-az/

Answer 395

A

Answer: B, D

The AWS Documentation mentions the following IAM roles are designed so that your applications can securely make API requests from your instances, without requiring you to manage the security credentials that the applications use. Instead creating and distributing your AWS credentials, you can delegate permission to make API requests using IAM roles

For more information on IAM Roles, please refer to the below link:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

MFA Delete can be used to add another layer of security to S3 Objects to prevent accidental deletion of objects.

For more information on MFA Delete, please refer to the below link:
https://aws.amazon.com/blogs/security/securing-access-to-aws-using-mfa-part-3/

Answer 396

A

Answer: C

The AWS Documentation mentions the following With AWS Config, you can do the following: - Evaluate your AWS resource configurations for desired settings.

Get a snapshot of the current configurations of the supported resources that are associated with your AWS account.
Retrieve configurations of one or more resources that exist in your account.
Retrieve historical configurations of one or more resources.
Receive a notification whenever a resource is created, modified, or deleted.

View relationships between resources.

For example, you might want to find all resources that use a particular security group.

For more information on AWS Config , please visit the below URL:
http://docs.aws.amazon.com/config/latest/developerguide/WhatIsConfig.html

Answer 397

A

Answer: A, D

The AWS documentation mentions the following Amazon RDS Read Replicas provide enhanced performance and durability for database (DB) instances. This replication feature makes it easy to elastically scale out beyond the capacity constraints of a single DB Instance for read-heavy database workloads. You can create one or more replicas of a given source DB Instance and serve high-volume application read traffic from multiple copies of your data, thereby increasing aggregate read throughput. Read replicas can also be promoted when needed to become standalone DB instances.

For more information on AWS RDS Read Replica’s, please visit the below URL:
https://aws.amazon.com/rds/details/read-replicas/

Amazon ElastiCache is a web service that makes it easy to deploy, operate, and scale an in-memory data store or cache in the cloud. The service improves the performance of web applications by allowing you to retrieve information from fast, managed, in-memory data stores, instead of relying entirely on slower disk-based databases.

For more information on AWS Elastic Cache, please visit the below URL:
https://aws.amazon.com/elasticache/

Brainscape's Knowledge GenomeTM

Test - 2 Flashcards

Brainscape's Knowledge Genome^TM