AWS Certified Solutions Architect Associate (SAA02) - Free Practice Tests

This AWS practice test helps you to pass the following AWS exams and can also helps you to revise the AWS concepts if you are preparing for AWS interviews.

AWS Certified Solutions Architect Associate
AWS Certified Cloud Practitioner

Below AWS practice tests has two different Modes

Learning Mode: 25 questions per test with answers and explanation, no time limit, repeat tests
Exam Mode: 65 questions per test (similar to real AWS exam), 130 minutes, repeat tests

AWS Certified Solutions Architect Associate (SAA) – Learning Mode

/25

10 votes, 4.5 avg

341

1 / 25

Your client’s AWS environment contains several EBS-backed EC2 instances for a project that needs to be postponed.

What choices below will allow you to avoid charges for these on-demand instances, but retain data currently stored within these instances? (Choose 2 answers)

Take a snapshot of all the instances and then terminate all the instances.

Terminate all the instances.

Stop all the instances

Terminate all the instances and then make an image of all the instances.

Explanation

If you stop the instances you will not be charged and the data will still be kept. If you terminate the instances you will lose all your data. If you take a snapshot of all the instances and then terminate all the instances you will not be charged but will still have all your data in the snapshot which can be restored later.

Explanation

2 / 25

You are performing some testing of an application in development and wish to delete the parts of a multipart upload after a mistake is made with part numbering. Which command would you run to stop the upload and delete all the parts?

Cancel multipart upload

Abort multipart upload

Remove multipart upload

Delete multipart upload

Explanation

To delete the parts of a failed multipart upload so that you do not get charged for storage of those parts, you must use the command “Abort Multipart Upload” and provide the upload ID of upload you wish to abort. After aborting a multipart upload, you cannot upload any part using that upload ID again. All storage that any parts from the aborted multipart upload consumed is then freed.

Explanation

3 / 25

You are designing a AWS cloud environment for a client who has a contract with a federal government agency. The cloud environment will have multiple VPCs and be in multiple regions. The government agency wants to whitelist only a handful of instances in your organization. This will dictate that these instances have static IP addresses. Elastic ip addresses can be used to keep a fixed set of IP addresses. How can the Elastic IP addresses (EIP) be used in this environment?

EIPs can be moved from one instance to another in multiple VPCs and multiple regions

EIPs can be moved from one instance to another within the same Availability Zone

EIPs can be moved from one instance to another in multiple VPCs within the same region

EIPs are attached to an instance and exist only for the life of that instance

Explanation

An Elastic IP address is associated with your AWS account. With an Elastic IP address, you can mask the failure of an instance or software by rapidly remapping the address to another instance in your account. You can disassociate an Elastic IP address from a resource, and reassociate it with a different resource. A disassociated Elastic IP address remains allocated to your account until you explicitly release it. An Elastic IP address is for use in a specific region only.

Explanation

4 / 25

Your company uses multiple Amazon VPCs and is setting up a new office. The company is deciding on the best way to connect this new, remote office network with the company’s Amazon VPC environment.

Due to the fact it is a new office, no VPN equipment or internet connections exist yet, so this office can design any connection design it desires. The highest priorities are:

A predictable network performance
A private connection avoiding the public internet
Reduced bandwidth costs
Minimal administration required to maintain the high availability of network endpoints

Which VPC connection option best fit your requirements to connect your new office to one of your VPCs?

Connect via AWS Direct Connect.

Configure a VPN connection with a hardware VPN

Use a hub-and-spoke model with AWS VPN CloudHub

Configure a VPN connection with a software VPN

Explanation

Establish a private connection from your new office’s network to your Amazon VPC using AWS Direct Connect is the most suitable option in this case. This option provides predictable network performance, reduces bandwidth costs, and doesn’t require that customers be responsible for implementing high availability solutions for all VPN endpoints. The downside of this option (possible requiring additional telecom and hosting provider relationships) is mitigated in this instance because the office is new and would need to provision a whole new network anyway.

Explanation

5 / 25

If your AWS data must meet specific regulations such as the EU Data protection laws, what must you do?

Be aware that they exist and comply with them when and if you have time to do so

Keep that data on-premise and do not move it to the cloud under any circumstance

Architect your environment to meet these security requirements

Move your data somewhere else so you don’t have to worry about extra security

Explanation

Some laws require specific security controls, retention requirements, etc, dependent on the data being stored. Other legislations exist where certain data may have to remain within a specific region and can not be transferred out of those boundaries. You need to architect your environment to meet these security requirement and mitigate the risk of data being stored in a geographic location that’s restricted. Breaches to this legislation could have a legal impact and lead to additional risks against your organization, so it’s fundamental that you are aware of your data privacy and storage location laws and regulations.

Explanation

6 / 25

A national auto parts chain contracted your firm to design and implement their AWS environment. It is a very large-scale system that handles order processing, accounting, stocking, and logistics. This system spans multiple availability zones and requires a multi-AZ environment for high availability. The system has been implemented and you need to test the database failover mechanism. It is imperative that the failover occurs within the specified RTO. How can you consistently test database failover?

Backup then delete the primary database instance

Amazon has thoroughly tested failover and customers can not test failover.

Reboot the primary database instance

Contact Amazon to conduct a failover test.

Explanation

If you are looking to use replication to increase database availability while protecting your latest database updates against unplanned outages, consider running your DB instance as a Multi-AZ deployment. When you create or modify your DB instance to run as a Multi-AZ deployment, Amazon RDS will automatically provision and manage a “standby” replica in a different Availability Zone (independent infrastructure in a physically separate location). In the event of planned database maintenance, DB instance failure, or an Availability Zone failure, Amazon RDS will automatically failover to the standby so that database operations can resume quickly without administrative intervention. Multi-AZ deployments utilize synchronous replication, making database writes concurrently on both the primary and standby so that the standby will be up-to-date in the event a failover occurs.

Explanation

7 / 25

In Amazon EC2, if your EBS volume stays in the detaching state, you can force the detachment by clicking

AttachInstance

Detach Instance

Force Detach

AttachVolume

Explanation

If your volume stays in the detaching state, you can force the detachment by clicking Force Detach

Explanation

If your volume stays in the detaching state, you can force the detachment by clicking Force Detach

8 / 25

You are creating a custom Virtual Private Cloud (VPC) which will host a mix of public and private instances. An EC2 instance has been deployed to one of the public subnets in this VPC. What are the configurations that have to be implemented to make this instance accessible from the internet? (Choose 3 answers)

Edit security group to allow traffic to and from the internet on required ports

Create a new record set and custom domain name for the new instance in Route 53

Attach an Internet gateway to the VPC and add a default route to the IGW in public subnet’s route table

Make sure the instance has a public IP address

Explanation

Public and private subnets, except for the default VPC, do not automatically have Internet access enabled. To enable access to or from the Internet for instances in a VPC subnet, you must do the following:

Attach an Internet gateway to your VPC.
Ensure that your subnet’s route table points to the Internet gateway.
Ensure that instances in your subnet have a globally unique IP address (public IPv4 address, Elastic IP address, or IPv6 address).
Ensure that your network access control and security group rules allow the relevant traffic to flow to and from your instance

Explanation

Attach an Internet gateway to your VPC.
Ensure that your subnet’s route table points to the Internet gateway.
Ensure that instances in your subnet have a globally unique IP address (public IPv4 address, Elastic IP address, or IPv6 address).
Ensure that your network access control and security group rules allow the relevant traffic to flow to and from your instance

9 / 25

You are building a system to distribute confidential documents to employees across the world. Using CloudFront, what method could be used to serve content that is stored in S3, but not publically accessible from S3 directly?

Create an Identity and Access Management (IAM) User for CloudFront and grant access to the objects in your S3 bucket to that IAM User.

Create a S3 bucket policy that lists the CloudFront distribution ID as the Principal and the target bucket as the Amazon Resource Name (ARN).

Create an Origin Access Identity (OAI) for CloudFront and grant access to the objects in your S3 bucket to that OAI.

Add the CloudFront account security group “amazon-cf/amazon-cf-sg” to the appropriate S3 bucket policy.

Explanation

You restrict access to Amazon S3 content by creating an origin access identity, which is a special CloudFront user. You change Amazon S3 permissions to give the origin access identity permission to access your objects, and to remove permissions from everyone else. When your users access your Amazon S3 objects using CloudFront URLs, the CloudFront origin access identity gets the objects on your users’ behalf. If your users try to access objects using Amazon S3 URLs, they’re denied access. The origin access identity has permission to access objects in your Amazon S3 bucket, but users don’t.

Explanation

10 / 25

You have just set up a large site for a client which involved a huge database which you set up with Amazon RDS to run as a Multi-AZ deployment. You now start to worry about what will happen if the database instance fails. Which statement best describes how this database will function if there is a database failure?

Updates to your DB Instance are synchronously replicated across S3 to the standby in order to keep both in sync and protect your latest database updates against DB Instance failure.

Your database will not resume operation without manual administrative intervention.

Updates to your DB Instance are synchronously replicated across Availability Zones to the standby in order to keep both in sync and protect your latest database updates against DB Instance failure.

Updates to your DB Instance are asynchronously replicated across Availability Zones to the standby in order to keep both in sync and protect your latest database updates against DB Instance failure.

Explanation

Amazon Relational Database Service (Amazon RDS) is a managed service that makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity, while managing time-consuming database administration tasks, freeing you up to focus on your applications and business. When you create or modify your DB Instance to run as a Multi-AZ deployment, Amazon RDS automatically provisions and maintains a synchronous “standby” replica in a different Availability Zone. Updates to your DB Instance are synchronously replicated across Availability Zones to the standby in order to keep both in sync and protect your latest database updates against DB Instance failure. During certain types of planned maintenance, or in the unlikely event of DB Instance failure or Availability Zone failure, Amazon RDS will automatically failover to the standby so that you can resume database writes and reads as soon as the standby is promoted. Since the name record for your DB Instance remains the same, your application can resume database operation without the need for manual administrative intervention. With Multi-AZ deployments, replication is transparent: you do not interact directly with the standby, and it cannot be used to serve read traffic. If you are using Amazon RDS for MySQL and are looking to scale read traffic beyond the capacity constraints of a single DB Instance, you can deploy one or more Read Replicas

Explanation

11 / 25

You are looking for a simple way to configure high availability for your EC2 instances. You need to create a plan for replacing unhealthy or failed instances. It is acceptable to have a short amount of downtime to keep costs down. Which process is appropriate for achieving this?

Create a custom AMI of your EC2 instances. Use the custom AMI to create a new EC2 instance if there are issues with a current EC2 instance, and move the EIP to the new instance.

Create a custom AMI of your EC2 instance, and configure a CloudWatch alarm based on StatusCheckFailed_Instance with an EC2 action of “Recover this instance.”

Create a custom AMI and use it to create an Auto Scaling Launch Configuration; then create a “Steady State” auto scaling policy using a minimum of 2 instances and a maximum of 2 instances.

Create a custom AMI of your EC2 instance, and configure a CloudWatch alarm based on StatusCheckFailed_Instance with an EC2 action of “Reboot this instance.”

Explanation

Creating a custom AMI of the instance for which you are trying to provide HA allows you to bring the instance online quickly with no build time. Moving the EIP from the instance, you are replacing to the new instance will send all traffic to the new instance without any change to DNS, which would take time to propagate. Using the AutoRecover option will not replace the unhealthy or failing instance. It will only try to restart it on another host. Creating a “Steady State” Auto Scaling Group would also be a good solution, although using two as a minimum would have a higher cost.

Explanation

12 / 25

Your client has a need to store data which could grow quickly but unpredictably. You recommend EBS as a storage solution. But they have voiced concerns about scalability. What features of EBS can you highlight to provide assurances of its elasticity and scalabilty? (Choose 3 answers)

You can quickly provision additional capacity by adding new EBS volumes

An Elastic Load Balancer can scale EBS appropriately

EBS volumes are redundantly replicated on different hardware within the same AZ.

You can resize an existing volume by creating a snapshot and launching a new (larger volume) from the snapshot

Explanation

AWS can be quickly provisioned for additional capacity by adding new EBS volumes. Existing volumes can be resized by creating a snapshot and launching a new (larger volume) from the snapshot. Each Amazon EBS volume is automatically replicated within its Availability Zone to protect you from component failure, offering high availability and durability. Amazon EBS is designed for application workloads that benefit from fine tuning for performance, cost and capacity

Explanation

13 / 25

You have set up an Elastic Load Balancer (ELB) with the usual default settings, which route each request independently to the application instance with the smallest load. However, someone has asked you to bind a user’s session to a specific application instance so as to ensure that all requests coming from the user during the session will be sent to the same application instance. AWS has a feature to do this. What is it called?

Proxy protocol

Connection draining

Tagging

Sticky session

Explanation

An Elastic Load Balancer(ELB) by default, routes each request independently to the application instance with the smallest load. However, you can use the sticky session feature (also known as session affinity), which enables the load balancer to bind a user’s session to a specific application instance. This ensures that all requests coming from the user during the session will be sent to the same application instance. The key to managing the sticky session is determining how long your load balancer should consistently route the user’s request to the same application instance. If your application has its own session cookie, then you can set Elastic Load Balancing to create the session cookie to follow the duration specified by the application’s session cookie. If your application does not have its own session cookie, then you can set Elastic Load Balancing to create a session cookie by specifying your own stickiness duration. You can associate stickiness duration for only HTTP/HTTPS load balancer listeners. An application instance must always receive and send two cookies: A cookie that defines the stickiness duration and a special Elastic Load Balancing cookie named AWSELB, that has the mapping to the application instance.

Explanation

14 / 25

Which IAM role do you use to grant AWS Lambda permission to access a DynamoDB Stream?

Invocation role

Event Source role

Execution role

Dynamic role

Explanation

You grant AWS Lambda permission to access a DynamoDB Stream using an IAM role known as the “execution role”.

Explanation

You grant AWS Lambda permission to access a DynamoDB Stream using an IAM role known as the “execution role”.

15 / 25

An organization has a statutory requirement to protect the data at rest for data stored in EBS volumes. Which of the below mentioned options can the organization use to achieve data protection?

All the options listed here.

Data encryption.

Data replication.

Data snapshot.

Explanation

For protecting the Amazon EBS data at REST, the user can use options, such as Data Encryption (Windows / Linux / third party based), Data Replication (AWS internally replicates data for redundancy), and Data Snapshot (for point in time backup). Reference: http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf

Explanation

16 / 25

When CloudWatch detailed monitoring is enabled, what is the minimum duration of a CloudWatch alarm?

30 minutes

10 minutes

5 minutes

1 minute

Explanation

When creating an alarm, select a period that is greater than or equal to the frequency of the metric to be monitored. For example, basic monitoring for Amazon EC2 provides metrics for your instances every 5 minutes. When setting an alarm on a basic monitoring metric, select a period of at least 300 seconds (5 minutes). Detailed monitoring for Amazon EC2 provides metrics for your instances every 1 minute. When setting an alarm on a detailed monitoring metric, select a period of at least 60 seconds (1 minute).

Explanation

17 / 25

You need to measure the performance of your EBS volumes as they seem to be under performing. You have come up with a measurement of 1,024 KB I/O but your colleague tells you that EBS volume performance is measured in IOPS. How many IOPS is equal to 1,024 KB I/O?

256

Explanation

Several factors can affect the performance of Amazon EBS volumes, such as instance configuration, I/O characteristics, workload demand, and storage configuration. IOPS are input/output operations per second. Amazon EBS measures each I/O operation per second (that is 256 KB or smaller) as one IOPS. I/O operations that are larger than 256 KB are counted in 256 KB capacity units. For example, a 1,024 KB I/O operation would count as 4 IOPS. When you provision a 4,000 IOPS volume and attach it to an EBS-optimized instance that can provide the necessary bandwidth, you can transfer up to 4,000 chunks of data per second (provided that the I/O does not exceed the 128 MB/s per volume throughput limit of General Purpose (SSD) and Provisioned IOPS (SSD) volumes).

Explanation

18 / 25

Do you need to shutdown your EC2 instance when you create a snapshot of EBS volumes that serve as root devices?

No, the snapshot would turn off your instance automatically

No, you only need to shutdown an instance before deleting it

Yes

Explanation

Yes, to create a snapshot for Amazon EBS volumes that serve as root devices, you should stop the instance before taking the snapshot.

Explanation

Yes, to create a snapshot for Amazon EBS volumes that serve as root devices, you should stop the instance before taking the snapshot.

19 / 25

You are an administrator managing Windows File Servers in Amazon Web Services. You need to set up a fault-tolerant system to protect your shared files. You decide to use DFS Namespaces and DFS Replication.

Which of the following are prerequisites? (Choose 2 answers)

The File Server Resource Manager role installed by your domain controllers

File servers running Windows Server 2012 R2

File servers running Windows Server 2008 R2

An Active Directory Schema of 2008 R2 or later

Explanation

The technical requirements are file servers running Windows Server 2012 R2 and an Active Directory Schema of at least Server 2008 R2.

Explanation

The technical requirements are file servers running Windows Server 2012 R2 and an Active Directory Schema of at least Server 2008 R2.

20 / 25

You work for a company that automatically tags photographs using artificial neural networks (ANNs), which run on GPUs using C++. You receive millions of images in one batch, with an average of 3 batches per day. These images are loaded into an Amazon S3 bucket you control for you in a batch, and then the customer publishes a JSON-formatted manifest into another S3 bucket you control as well. Each image takes 10 milliseconds to process using a full GPU. Your neural network software requires 5 minutes to bootstrap. Image tags are JSON objects, and you must publish them to an S3 bucket.

Which of these is the best system architectures for this system?

Make an S3 notification configuration which publishes to AWS Lambda on the manifest bucket. Make the Lambda create a CloudFormation Stack which contains the logic to construct an autoscaling worker tier of EC2 G2 instances with the ANN code on each instance. Create an SQS queue of the images in the manifest. Tear the stack down when the queue is empty.

Deploy your ANN code to AWS Lambda as a bundled binary for the C++ extension. Make an S3 notification configuration on the manifest, which publishes to another AWS Lambda running controller code. This controller code publishes all the images in the manifest to AWS Kinesis. Your ANN code Lambda Function uses the Kinesis as an Event Source. The system automatically scales when the stream contains image events

Create an Auto Scaling, Load Balanced Elastic Beanstalk worker tier Application, and Environment. Deploy the ANN code to G2 instances in this tier. Set the desired capacity to 1. Make the code periodically check S3 for new manifests. When a new manifest is detected, push all of the images in the manifest into the SQS queue associated with the Elastic Beanstalk worker tier.

Create an OpsWorks Stack with two Layers. The first contains lifecycle scripts for launching and bootstrapping an HTTP API on G2 instances for ANN image processing, and the second has an always-on instance which monitors the S3 manifest bucket for new files. When a new file is detected, request instances to boot on the ANN layer. When the instances are booted and the HTTP APIs are up, submit processing requests to individual instances

Explanation

The Elastic Beanstalk option is incorrect because it requires a constantly-polling instance, which may break and costs money.

The Lambda fleet option is incorrect because AWS Lambda does not support GPU usage.

The OpsWorks stack option both requires a constantly-polling instance, and also requires complex timing and capacity planning logic.

The CloudFormation option requires no polling, has no always-on instances, and allows arbitrarily fast processing by simply setting the instance count as high as needed.

Explanation

The Elastic Beanstalk option is incorrect because it requires a constantly-polling instance, which may break and costs money.

The Lambda fleet option is incorrect because AWS Lambda does not support GPU usage.

The OpsWorks stack option both requires a constantly-polling instance, and also requires complex timing and capacity planning logic.

The CloudFormation option requires no polling, has no always-on instances, and allows arbitrarily fast processing by simply setting the instance count as high as needed.

21 / 25

Which of the following accurately describes Elastic Load Balancing? (Choose 3 answers)

Elastic Load Balancing automatically scales its request handling capacity to meet the demands of application traffic.

Elastic Load Balancing ensures that only healthy Amazon EC2 instances receive traffic by detecting unhealthy instances and rerouting traffic across the remaining healthy instances.

Elastic Load Balancing works with Amazon Virtual Private Cloud (VPC) to provide robust networking and security features.

Elastic Load Balancing delivers your content through a worldwide network of edge locations.

Explanation

Elastic Load Balancing works with Amazon Virtual Private Cloud (VPC) to provide robust networking and security features. Elastic Load Balancing ensures that only healthy Amazon EC2 instances receive traffic by detecting unhealthy instances and rerouting traffic across the remaining healthy instances. Elastic Load Balancing automatically scales its request handling capacity to meet the demands of application traffic.

CloudFront delivers your content through a worldwide network of edge locations. Using Elastic Beanstalk, you can quickly deploy and manage applications in the AWS Cloud without worrying about the infrastructure that runs those applications

Explanation

22 / 25

Which use cases would be best served by an S3 bucket ACL? (Choose 2 answers)

Hosting databases

Making a bucket world readable for static web hosting

Enabling bucket logging

Implementing client-side encrypted data

Explanation

S3 bucket access control lists are a legacy access control mechanism, created before IAM existed. S3 bucket ACLs are best used for a limited set of use cases

Explanation

S3 bucket access control lists are a legacy access control mechanism, created before IAM existed. S3 bucket ACLs are best used for a limited set of use cases

23 / 25

Regarding Amazon Route 53, if your application is running on Amazon EC2 instances in two or more Amazon EC2 regions and if you have more than one Amazon EC2 instance in one or more regions, you can use _______ to route traffic to the correct region for fastest response and then use ________to route traffic to instances within the region, based on weights that you specify.

latency-based routing; alias resource record sets

latency-based routing; weighted resource record sets

weighted-based routing; weighted resource record sets

weighted-based routing; alias resource record sets

Explanation

Regarding Amazon Route 53, if your application is running on Amazon EC2 instances in two or more regions, and if you have more than one Amazon EC2 instance in one or more regions, you can use latency-based routing to route traffic to the correct region and then use weighted resource record sets to route traffic to instances within the region based on weights that you specify

Explanation

24 / 25

In Elastic Load Balancing, what parameters determine the cost for the Application Load Balancer (ALB)? (Choose 2 answers)

Load Capacity Units (LCUs) used per hour

Each hour or partial hour that an ELB is running

Only hours that an ELB is running and the amount of storage the instance takes

GB of data transferred

Explanation

Application Load Balancer
You are charged for each hour or partial hour that an Application Load Balancer is running and the number of Load Balancer Capacity Units (LCU) used per hour.

Network Load Balancer
You are charged for each hour or partial hour that a Network Load Balancer is running and the number of Load Balancer Capacity Units (LCU) used by Network Load Balancer per hour.

Classic Load Balancer
You are charged for each hour or partial hour that a Classic Load Balancer is running and for each GB of data transferred through your load balancer.

Explanation

Application Load Balancer
You are charged for each hour or partial hour that an Application Load Balancer is running and the number of Load Balancer Capacity Units (LCU) used per hour.

Classic Load Balancer
You are charged for each hour or partial hour that a Classic Load Balancer is running and for each GB of data transferred through your load balancer.

25 / 25

A user is aware that a huge download is occurring on his instance. He has already set the Auto Scaling policy to increase the instance count when the network I/O increases beyond a certain limit. How can the user ensure that this temporary event does not result in scaling?

The network I/O are not affected during data download

There is no way the user can stop scaling as it is already configured

The policy cannot be set on the network I/O

Suspend scaling

Explanation

The user may want to stop the automated scaling processes on the Auto Scaling groups either to perform manual operations or during emergency situations. To perform this, the user can suspend one or more scaling processes at any time. Once it is completed, the user can resume all the suspended processes.

Explanation

Your score is

The average score is 54%

LinkedIn Facebook Twitter

Please rate your experience to help us improve !

Ready to take AWS Certified Solutions Architect Associate (SAA) – Exam mode ?

AWS Certified Solutions Architect Associate (SAA) – Exam Mode

/65

5 votes, 4.8 avg

163

Click Start button to start exam !

Time Out !

1 / 65

You are asked to add an application to an EC2 instance within your company’s VPC. Because it is a Windows 2012 instance, you will RDP into it. When you attempt to connect via RDP, you receive the following message: Error connecting to your instance: Connection timed out.

How could you fix this issue? (Choose 3 answers)

Disable the source/destination check on your Internet gateway.

Add a security group rule to allow inbound traffic from your public IPv4 address on port 3389.

Make sure network ACLs allow inbound/outbound traffic from your local IP address on port 3389.

Add a route to your Internet gateway for the VPC

Explanation

Check the network access control list (ACL) for the subnet. The network ACLs must allow inbound and outbound traffic from your local IP address on the proper port. The default network ACL allows all inbound and outbound traffic. To enable Internet access for the EC2 instances in a VPC, you must create an Internet Gateway as well as a route to it in the router table.

Explanation

2 / 65

A user is planning to launch a scalable web application. Which of the below mentioned options will not affect the latency of the application?

Availability Zone.

Provisioned IOPS.

Region.

Instance size.

Explanation

In AWS, the instance size decides the I/O characteristics. The provisioned IOPS ensures higher throughput, and lower latency. The region does affect the latency, latency will always be less when the instance is near to the end user. Within a region the user uses any AZ and this does not affect the latency. The AZ is mainly for fault toleration or HA

Explanation

3 / 65

You’ve been assigned to assist a client in the creation of their AWS Virtual Private Cloud (VPC). You are shadowing their IT admin to allow the admin to create the VPC, learn, and benefit from your guidance. Which VPC components come automatically upon creation of a default VPC? (Choose 3 answers)

a default subnet

a default VPC security group

a default elastic IP address (EIP)

a main route table

Explanation

When you create a default VPC, the following components are created with it:

default subnet in each Availability Zone.
main route table
default security group
default network access control list (ACL)
Associate the default DHCP options set for your AWS account with your default VPC.

Explanation

When you create a default VPC, the following components are created with it:

default subnet in each Availability Zone.
main route table
default security group
default network access control list (ACL)
Associate the default DHCP options set for your AWS account with your default VPC.

4 / 65

Is it recommended to shutdown your EC2 instance when you create a snapshot of EBS volumes that serve as root devices?

Yes

No, you only need to shutdown an instance before deleting it.

No, the snapshot would turn off your instance automatically

Explanation

To create a snapshot for Amazon EBS volumes that serve as root devices, it is recommended to shutdown the instance before taking the snapshot.

Explanation

To create a snapshot for Amazon EBS volumes that serve as root devices, it is recommended to shutdown the instance before taking the snapshot.

5 / 65

A major customer has asked you to set up his AWS infrastructure so that it will be easy to recover in the case of a disaster of some sort. Which of the following is important when thinking about being able to quickly launch resources in AWS to ensure business continuity in case of a disaster?

Create and maintain AMIs of key servers where fast recovery is required

Regularly run your servers, test them, and apply any software updates and configuration changes.

All items listed here are important when thinking about disaster recovery.

Ensure that you have all supporting custom software packages available in AWS.

Explanation

In the event of a disaster to your AWS infrastructure you should be able to quickly launch resources in Amazon Web Services (AWS) to ensure business continuity. The following are some key steps you should have in place for preparation: 1. Set up Amazon EC2 instances to replicate or mirror data. 2. Ensure that you have all supporting custom software packages available in AWS. 3. Create and maintain AMIs of key servers where fast recovery is required. 4. Regularly run these servers, test them, and apply any software updates and configuration changes. 5. Consider automating the provisioning of AWS resources.

Explanation

6 / 65

Updates to your DB Instance are asynchronously replicated across Availability Zones to the standby in order to keep both in sync and protect your latest database updates against DB Instance failure.

Updates to your DB Instance are synchronously replicated across Availability Zones to the standby in order to keep both in sync and protect your latest database updates against DB Instance failure.

Your database will not resume operation without manual administrative intervention.

Updates to your DB Instance are synchronously replicated across S3 to the standby in order to keep both in sync and protect your latest database updates against DB Instance failure.

Explanation

7 / 65

While monitoring your application servers hosted behind an elastic load balancer, you discover that the servers always operate at between 75 and 80% of their capacity after five minutes of operation. Also, there is a constant number of servers being marked as unhealthy very early in their initial lifecycle. Upon further analysis, you also discover that your servers are taking between three and four minutes to become operational after launch. What two tasks should you complete as soon as possible? (Choose 2 answers)

Increase the length of your scaling cool down period

Increase the size of instances in your launch configuration.

Decrease the length of your scaling cool down period

Increase the maximum number of instances in your auto-scaling group

Explanation

A prolonged grace period and a larger number of instances will solve these issues. You can use scaling policies to increase or decrease the number of running EC2 instances in your group automatically to meet changing conditions. When the scaling policy is in effect, the Auto Scaling group adjusts the desired capacity of the group and launches or terminates the instances as needed. If you manually scale or scale on a schedule, you must adjust the desired capacity of the group for the changes to take effect.

Explanation

8 / 65

You are deploying over 50 EC2 in separate regions to support your new mobile photo editing app. All have implemented health checks for all Application Load Balancers, as well as CloudWatch alarms for key performance metrics. You have also created Route 53 endpoint health checks for each individual instance. You are growing concerned about the number of SNS notifications you will receive for each of these health checks.

Your ELB health checks can monitor individual instances, but how can you quickly determine whether enough instances in your production environment are unhealthy that it will negatively impact your application’s availability?

Integrate with Amazon QuickSight, to display overall Route 53 Health Check status in a dashboard

Monitor instance health using CloudWatch and set a CloudWatch alarm based on the number of unhealthy instances

Implement a Route 53 Calculated Health Check for your EC2 instance endpoints and create an SNS notification

Create a CloudTrail trail related to Route 53 health checks to a CloudWatch Logs log group, and create an alarm based on a threshold of unhealthy health check results.

Explanation

Implementing a Route 53 Calculated Health Check is the best solution in this case because it aggregates all of the individual health checks. Integrating QuickSight and CloudTrail will create an effective dashboard, but this is not an automated solution because someone has to continuously check the dashboard.

You can also create a CloudWatch Log log alarm, but this would be overly complex compared to the Calculated Health Checks.

For example, let’s say you have deployed 15 EC2 instances, and created 15 separate Route 53 health checks to monitor each one. While you are concerned about each instance’s performance, you essentially need 10 of the 15 instances to be healthy for your system to run properly. Rather than setting up SNS notifications for each individual health check, you can create a calculated health check that collects the results of each health check into a single count between 0-15, and compares that count to a threshold you’ve set. In this case, the threshold could be 10. Now, if 10 instances are healthy, the calculated health check comes back healthy. If less than 10 instances are healthy, the health check comes back unhealthy.For example, let’s say you have deployed 15 EC2 instances, and created 15 separate Route 53 health checks to monitor each one. While you are concerned about each instance’s performance, you essentially need 10 of the 15 instances to be healthy for your system to run properly. Rather than setting up SNS notifications for each individual health check, you can create a calculated health check that collects the results of each health check into a single count between 0-15, and compares that count to a threshold you’ve set. In this case, the threshold could be 10. Now, if 10 instances are healthy, the calculated health check comes back healthy. If less than 10 instances are healthy, the health check comes back unhealthy.

Explanation

You can also create a CloudWatch Log log alarm, but this would be overly complex compared to the Calculated Health Checks.

9 / 65

You are designing the compute resources for a cloud-native application that you will host on AWS. You want to configure auto scaling groups, to increase the compute layer’s resilience and responsiveness. However, your IT management team has one concern. They want the ability to optimize the Amazon EC2 instances within an auto scaling group as easily and with as little downtime as possible after it has been launched. What is the best way to meet this requirement?

Associate the auto scaling group with a launch template. When you need to update the instances within the autoscaling group, create a new version of the launch template and assign it to the autoscaling group

Associate the auto scaling group with a launch template. When you need to update the instances within the autoscaling group, stop the instances, modify them, and restart them

Associate the auto scaling group with a launch template. When you need to update the instances within the autoscaling group, delete the existing template and create and attach a new launch template

Associate the Auto Scaling Group with a launch configuration. When you need to update the instances within the autoscaling group, create and attach a new launch configuration to the Auto Scaling Group

Explanation

A launch configuration is a template that the Auto Scaling group uses to launch Amazon EC2 instances. You create the launch configuration by including information such as the Amazon Machine Image ID to use for launching the EC2 instance, the instance type, key pairs, security groups, and block device mappings, among other configuration settings. When you create your Auto Scaling group, you must associate it with a launch configuration. You can attach only one launch configuration to an Auto Scaling group at a time.

Launch configurations cannot be modified. They are immutable.

If you want to change the launch configuration of your Auto Scaling group, you have to first create a new launch configuration and then update your Auto Scaling group by attaching the new launch configuration.

When you attach a new launch configuration to your Auto Scaling group, any new instances are launched using the new configuration parameters. Existing instances are not affected.

Launch templates work very differently. You can have multiple versions of a launch template saved, and disassociate one version from an auto scaling group and replace it with another without deleting any existing templates or stop and restarting your auto scaling group

Explanation

Launch configurations cannot be modified. They are immutable.

When you attach a new launch configuration to your Auto Scaling group, any new instances are launched using the new configuration parameters. Existing instances are not affected.

10 / 65

You are running an Amazon EC2 EBS-backed instance with a Windows operating system. The hourly instance charge for your instance is $14. You’ve asked your team to stop the instance when they aren’t using it in an effort to save money. However, when the bill comes, you’re surprised to realize that there was an hour where you were charged $42 for the instance. How could this be?

Too many people attempted to access that instance in that particular hour, resulting in a higher bill.

That instance was stopped and never started again, resulting in a premature termination fee.

No one ever stopped the instance like they were supposed to when they weren’t using it.

That instance was stopped and restarted twice within that hour.

Explanation

When an Amazon EBS-backed instance is stopped, you’re not charged for instance usage; however, you’re still charged for volume storage. Amazon charges a full instance hour for every transition from a stopped state to a running state, even if you transition the instance multiple times within a single hour. In this scenario, the charge was $42, which is three times more than $14. This suggests that you stopped and restarted that instance twice during that hour (the initial $14, plus 2 x $14 for each restart).

Although some instances now have per-second billing available, this new billing structure does not apply to Windows instances at this point.

Explanation

Although some instances now have per-second billing available, this new billing structure does not apply to Windows instances at this point.

11 / 65

A user wants to use an EBS-backed Amazon EC2 instance for a temporary job. Based on the input data, the job is most likely to finish within a week. Which one of the following is the best way to terminate the instance automatically once the job is finished?

Configure the EC2 instance with a stop instance to terminate it.

Associate the EC2 instance with an ELB to terminate the instance when it remains idle

Configure a CloudWatch alarm to terminate the instance once it is idle

Configure an Auto Scaling scheduled activity to terminate the instance after seven days.

Explanation

Auto Scaling can start and stop the instance at a pre-defined time. Here, the total running time is unknown. Thus, the user has to use the CloudWatch alarm, which monitors the CPU utilization. The user can create an alarm that is triggered when the average CPU utilization percentage has been lower than 10 percent for 24 hours, signaling that it is idle and no longer in use. When the utilization is below the threshold limit, it will terminate the instance as a part of the instance action

Explanation

12 / 65

In Elastic Load Balancing, what parameters determine the cost for the Application Load Balancer (ALB)? (Choose 2 answers)

GB of data transferred

Each hour or partial hour that an ELB is running

Only hours that an ELB is running and the amount of storage the instance takes

Load Capacity Units (LCUs) used per hour

Explanation

Application Load Balancer
You are charged for each hour or partial hour that an Application Load Balancer is running and the number of Load Balancer Capacity Units (LCU) used per hour.

Classic Load Balancer
You are charged for each hour or partial hour that a Classic Load Balancer is running and for each GB of data transferred through your load balancer.

Explanation

Application Load Balancer
You are charged for each hour or partial hour that an Application Load Balancer is running and the number of Load Balancer Capacity Units (LCU) used per hour.

Classic Load Balancer
You are charged for each hour or partial hour that a Classic Load Balancer is running and for each GB of data transferred through your load balancer.

13 / 65

A non-root EC2 instance store volume is added to an EBS-backed EC2 instance. Then the instance is somehow accidentally terminated or failed. What happened to the data on the non-root EC2 instance store volume?

The data is automatically copied to another instance store volume

The data persists.

The data is deleted

The volume data is saved in S3

Explanation

EC2 instance store volumes can be added as additional volumes to certain EBS-backed EC2 Instance types. Any data on the instance store volumes persists as long as the instance is running, but this data is deleted when the instance is terminated or if it fails (such as if an underlying drive has issues).

Explanation

14 / 65

The IAM administrator is trying to create IAM groups and IAM users for employees within numerous separate company departments. The owner has created groups for each department, but needs even further separation between department subgroups within IAM groups. For example, two users from different department subgroups should be identified separately and have separate permissions.

How can the IAM administrator configure this?

It is not possible to subdivide IAM users within an IAM group

Create a hierarchy of separate IAM users based on their department

Create a nested IAM group

Use the paths to separate IAM users within the same IAM group

Explanation

The path functionality within an IAM group and user allows them to delineate by further levels. In this case, the user needs to use the path with each user or group so that the ARN of the user will look similar to:

arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/user1
arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/user2

Explanation

arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/user1
arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/user2

15 / 65

Which of the four storage options on Amazon S3 and Amazon Glacier charges per GB retrieval fees? (Choose 2 answers)

Amazon S3 Standard Storage

Amazon S3 Standard-Infrequent Access Storage

Amazon S3 Reduced Redundancy Storage

Amazon Glacier Storage

Explanation

Amazon Glacier and S3 Standard-IA are both designed for storing infrequently accessed data. This is why the data storage fees are roughly one-half to one-sixth the cost of Standard Storage. Retrieval fees will quickly add up if the data is retrieved too often, so planning or correctly setting your object lifecycle based on how often you or your company will need the data is important.

Explanation

16 / 65

Which statements regarding VPC subnets are correct? (Choose 2 answers)

A route to a NAT instance indicates VPN communication with on-premises servers

A route to a virtual private gateway means that the subnet is public

A route to an internet gateway means the subnet is public

No route to an internet gateway or virtual private gateway indicates a private subnet.

Explanation

Your VPC has an implicit router and a main route table that you can modify. Each subnet you create must be associated with a route table. Adding an internet gateway and adding a route to that IGW facilitates traffic out to the Internet for a public subnet. NAT instance and NAT gateways are provided to allow instances in private subnets to gain internet access

Explanation

17 / 65

You have started your own consulting business and have been contracted by a doctors office to help move their outdated scheduling and billing system to the cloud. One feature you have offered at low cost is a disaster recovery solution that will keep their offices operational with minimal downtime. You’ve configured a standby EC2 instance that can be spun up in minutes. What feature can be quickly attached to the standby EC2 instance in a failover situation, to get the standby operational as quickly as possible?

IPv6 address

MAC address

Elastic Load Balancer

Elastic Network Interface

Explanation

An elastic network interface is a virtual network interface that you can attach to an instance in a VPC. Network interfaces are available only for instances running in a VPC. If one of your instances serving a particular function fails, its network interface can be attached to a replacement or hot standby instance pre-configured for the same role to rapidly recover the service.

Explanation

18 / 65

Your company is considering migrating to AWS, but they are concerned about the initial and mid- to short-term costs due to the complexity of the migration cycle. To effectively calculate the total cost of ownership, certain costs must be understood and planned for.

What costs should be primary considerations? (Choose 3 answers)

The cost of outside consulting services

The cost of running duplicate environments

The cost of running migration tools

The cost of using a Direct Link connection

Explanation

Failing to accurately estimate your costs before migration and during the migration process is a recipe for disaster. To build a migration model for optimal efficiency, it is important to accurately understand the current costs of running on-premises applications, as well as the interim costs incurred during the transition

Explanation

19 / 65

You are designing a cloud implementation for a client. They have requested a database that will serve data to a website as well as perform some complex reporting in a Data Warehouse. They are also looking for a durable location to store session state. Which design choices would meet the client’s requirements? (Choose 3 answers)

Amazon Redshift for Data Warehousing/Reporting

DynamoDB for session state

Amazon Glacier for Data Warehousing/Reporting

MySQL database to serve data to the website

Explanation

An RDS database such as MySQL is a good choice as the back end for a web server. Amazon Redshift is often paired with RDS to offload Data Warehousing/Reporting traffic. DynamoDB is a good choice for managing session state, shopping cart data, or time-series data.

Explanation

20 / 65

Your business is slowly migrating to the AWS cloud, but must continue to support its on-premises servers and networks while extending to the cloud. As a result, you are looking for every possible way to optimize costs while ensuring resources remain secure. In order to provide an extra layer of security, you would like for your servers hosted within your VPCs to communicate with other AWS services without leaving your VPC network. You would also like your on-premises servers to be able to connect to these same AWS services through your VPC instead of sending and receiving requests over the public internet. Which AWS networking service or component would satisfy these requirements?

VPC Virtual Private Gateways

VPC Interface Endpoints

VPC Peering Connections

VPC Gateway Endpoints

Explanation

With VPC Interface Endpoints, it is possible to connect to a number of AWS services both from resources within your Amazon VPC and from resources in your on-premises environment. This is not possible with VPC Gateway Endpoints.

Explanation

21 / 65

You have been charged with investigating cloud security options for your company in light of recent suspected threats. You are aware that certain AWS services can help mitigate DDoS attacks, and you are specifically looking for a service that provides protection from counterfeit requests (Layer 7) or SYN floods (Layer 4). Which services provide this protection? (Choose 2 answers)

VPC Security Groups

CloudFront with AWS Shield

Amazon API Gateway

Route 53

Explanation

Amazon API Gateway automatically protects your backend systems from distributed denial-of-service (DDoS) attacks, whether attacked with counterfeit requests (Layer 7) or SYN floods (Layer 3). Additional reading is available here (https://aws.amazon.com/api-gateway/faqs/).

AWS Shield Advanced includes intelligent DDoS attack detection and mitigation for not only for the network layer (layer 3) and transport layer (layer 4) attacks but also for application layer (layer 7) attacks.

NACLs do not provide DDoS mitigation. They are used to control ingress and egress into a subnet based on port and source IP range. Route 53 can protect against DNS based DDoS attacks but does not protect entire layers. Elastic Load Balancing can protect EC2 instances specifically, but not other AWS resources.

Explanation

22 / 65

You are the Lead Architect within an IT department of a company that has recently acquired several small start-up application development companies within the last year. In an effort to consolidate your resources, you are gradually migrating all digital files to your parent company AWS accounts, and storing a large number of files within an S3 bucket.

You are uploading millions of files, to save costs, but have not had the opportunity to review many of the files and documents to understand which files will be accessed frequently or infrequently.

What would be the best way to quickly upload the objects to S3 and ensure the best storage class from a cost perspective, without prior knowledge of the object or its access patterns throughout the financial year?

Upload all the files to Amazon S3 Standard-IA storage class and review costs for access frequency over time.

Upload all files to Amazon S3 Standard-IA storage class and immediately set up all objects to be processed with Storage Class Analysis.

Upload all files to Amazon S3 Intelligent_Tiering storage class and review costs related to access frequency over time.

Upload all files to Amazon S3 Standard storage class and immediately set up all objects to be processed with Storage Class Analysis.

Explanation

There are essentially three types of answers here – choices that use no automation, choices that use the incorrect type of automation given the situation, and a choice that uses the correct type of automation.

First, the choices that use little to no automation in this case would be the least recommended decision. Uploading millions of files to either Standard or Standard-IA and then waiting to review costs and access patterns could be very costly.

Second, the choice to use storage class analysis could work eventually, if you have the time to wait for analytics to be gathered (which could still be as costly as the choice above) and the time to then review the analytics, and then sift through the files to migrate them to the correct storage class. This is a better choice, but not the best choice.

Finally, the correct answer would be to use Intelligent_Tiering, which continuously monitors the access frequency and shifts the objects between a standard and infrequent-access tier depending on how access patterns may change. This happens automatically, and starts immediately, so it is the best choice of the options provided.

Explanation

23 / 65

You are troubleshooting issues in an AWS Auto Scaling group. The Auto Scaling group is behind an application load balancer (ALB) and is not replacing a faulty instance.

What must you ensure that Auto Scaling is checking so that instances in your Auto Scaling group are properly marked as unhealthy? (Choose 2 answers)

Cloudtrail Logs

Event Viewer

Instance Status Check

ELB Health Check

Explanation

Auto Scaling uses EC2 status checks to detect hardware and software issues with the instances, but the load balancer performs health checks by sending a request to the instance and then waiting for a 200 response code, or by establishing a TCP connection (for a TCP-based health check) with the instance. Even if you’ve configured an Elastic Load Balancer, the autoscaler does not automatically check the ELBs health checks. You must add the ELB Health Check to your autoscaling policy.

Explanation

24 / 65

Due to compliance rules and regulations, your company’s workload has to run on dedicated instances. How can you make sure that all EC2 instances created for your workload now and in the future are dedicated instances? (Choose 2 answers)

Create a golden AMI of the dedicated instance and enforce this AMI as the base for any new instance in your environment. This guarantees that all instances created based on the AMI will be dedicated

Create a dedicated Placement Group and associate all new instances with this placement group at launch time. All instances launched in a dedicated placement group will be dedicated

Create a CloudFormation template that has the EC2 Instance Tenancy attribute as dedicated and always use it to launch any new instance

Create your VPCs with instance tenancy of dedicated. This will ensure that all instances launched in VPC are dedicated

Explanation

You can create a VPC with an instance tenancy of dedicated to ensure that all instances launched into the VPC are dedicated instances. Alternatively, you can specify the tenancy of the instance during launch

Explanation

25 / 65

Which one of the below is not an AWS Storage Service?

Amazon EBS

Amazon S3

Amazon CloudFront

Amazon Glacier

Explanation

AWS Storage Services are: Amazon S3 Amazon Glacier Amazon EBS AWS Storage Gateway

Explanation

AWS Storage Services are: Amazon S3 Amazon Glacier Amazon EBS AWS Storage Gateway

26 / 65

Which one of the following answers is not a possible state of Amazon CloudWatch Alarm?

STATUS_CHECK_FAILED

INSUFFICIENT_DATA

ALARM

Explanation

Amazon CloudWatch Alarms have three possible states: OK: The metric is within the defined threshold ALARM: The metric is outside of the defined threshold INSUFFICIENT_DATA: The alarm has just started, the metric is not available, or not enough data is available for the metric to determine the alarm state

Explanation

27 / 65

You are an engineer at a large bank, responsible for managing your firm’s AWS infrastructure. The finance team has approached you, indicating their concern over the growing AWS budget, and has asked you to investigate ways to lower it. Since your firm has enterprise-level support, you decide to use the AWS Trusted Advisor tool for this effort. What are some of the cost optimization checks that Trusted Advisor will perform? (Choose 3 answers)

Underutilized Amazon EBS Volumes

Idle Load Balancers

Underutilized Amazon Redshift Clusters

EC2 Spot Instance Optimization

Explanation

Trusted Advisor checks for Amazon EC2 reserved instances optimization, low utilization of Amazon EC2 instances, idle Load Balancers, underutilized Amazon EBS Volumes, unassociated Elastic IP Addresses, Amazon RDS idle DB instances, Amazon Route 53 Latency Resource Record Sets, Amazon EC2 reserved instance lease expiration and underutilized Amazon Redshift Clusters

Explanation

28 / 65

You are preparing a proposal for a prospective new client. They would like their cloud application environment to be highly scalable. Your proposal includes the benefits of scalability on AWS. Which statements regarding scaling are correct? (Choose 2 answers)

More EC2 instances will ultimately pay for themselves in performance.

Dynamic scaling is always the best option.

Increasing resources will have a proportional increase in performance.

The environment becomes more cost effective as it grows

Explanation

Dynamic scaling can provide a very robust scaling option. But it is not the only option and not always the best option in all scenarios. Manual scaling and scheduled scaling also have use cases where they may be a better choice than dynamic scaling. Increasing resources to improve performance is certainly the most common use case for scaling. However, it is important also to be aware of the effects of scaling on cost. Utilizing auto scaling in conjunction with Cloudwatch monitoring can help insure that resources are scaled in and out appropriately and that money is not wasted on idle or underused resources

Explanation

29 / 65

You are developing a static website using S3 for your company’s clients. Your team is configuring the site and has granted public read access. What other steps must they take? (Choose 2 answers)

Enable server-side scripting

Specify a default index document

Create a website page hierarchy

Enable static website hosting.

Explanation

To configure a bucket for static website hosting, you add a website configuration to your bucket. The configuration includes an index document, error documents, redirects of all requests that are intended for the index page, and any conditional redirects. Amazon S3 does not support server-side scripting.

Explanation

30 / 65

A user has set up the CloudWatch alarm on the CPU utilization metric at 50%, with a time interval of 5 minutes and 10 periods to monitor. What will be the state of the alarm at the end of 90 minutes, if the CPU utilization is constant at 80%?

ALARM

INSUFFICIENT_DATA

ALERT

Explanation

In this case the alarm watches a metric every 5 minutes for 10 intervals. Thus, it needs at least 50 minutes to come to the “OK” state. Till then it will be in the INSUFFUCIENT_DATA state. Since 90 minutes have passed and CPU utilization is at 80% constant, the state of alarm will be “ALARM”.

Explanation

31 / 65

Your client’s AWS environment contains several EBS-backed EC2 instances for a project that needs to be postponed.

What choices below will allow you to avoid charges for these on-demand instances, but retain data currently stored within these instances? (Choose 2 answers)

Stop all the instances

Terminate all the instances.

Terminate all the instances and then make an image of all the instances.

Take a snapshot of all the instances and then terminate all the instances.

Explanation

32 / 65

You are the lead architect for an online educational content streaming service. You currently have hundreds of Apple HLS video files formated and packaged using AWS Elemental MediaConvert, and hosted in Amazon S3 buckets. You are streaming content via HTTPS. After an extended loss of availability due to a regional Amazon S3 outage, you need to optimize your CloudFront distributions using origin groups. Which types of origin servers could you configure as your secondary origins, in case another Amazon S3 outage occurs? (Choose 3 answers)

Amazon EC2 instances

RTMP distributions

On-premise HTTP servers

An Amazon S3 bucket in a different region

Explanation

When you configure an origin group, you can pair two AWS origins or custom origins. This means all three of the choices would be possible, but RTMP distributions are not compatible because they do not transfer over HTTPS. You also want to select an Amazon S3 bucket in a different region from your primary origin, so that failover is possible

Explanation

33 / 65

Which of the following accurately describes Elastic Load Balancing? (Choose 3 answers)

Elastic Load Balancing delivers your content through a worldwide network of edge locations.

Elastic Load Balancing ensures that only healthy Amazon EC2 instances receive traffic by detecting unhealthy instances and rerouting traffic across the remaining healthy instances.

Elastic Load Balancing works with Amazon Virtual Private Cloud (VPC) to provide robust networking and security features.

Elastic Load Balancing automatically scales its request handling capacity to meet the demands of application traffic.

Explanation

34 / 65

_____ is a useful and powerful tool within Billing and Cost Management. It allows you to view historical billing information in a graphical format giving you greater insight to your AWS spend.

Consolidated Billing

AWS Cost Explorer

Cost Allocation Tags

AWS Budgets

Explanation

Cost Explorer, this is a useful and powerful tool within Billing and Cost Management. It allows you to view historical billing information in a graphical format giving you greater insight to your AWS spend. A valuable tool that can help to identify where you should be focusing your cost optimization efforts. It also can forecast your estimated spend up to two months ahead using existing data as a reference. If you can see that your estimated future bills are becoming too high, you have the time now to identify where you can make and initiate cost reduction mechanisms to help mitigate the risk.

Cost Explorer comes configured with three pre-defined views which are commonly used to analyze spending across your account:

Monthly Spend by Service view – this covers the current and previous two months and is grouped by AWS services
Monthly Spend by Linked Account View – this covers the current and previous two months and is grouped by linked accounts
Daily Spend view – this covers the daily spend over the previous sixty days

Explanation

Cost Explorer comes configured with three pre-defined views which are commonly used to analyze spending across your account:

Monthly Spend by Service view – this covers the current and previous two months and is grouped by AWS services
Monthly Spend by Linked Account View – this covers the current and previous two months and is grouped by linked accounts
Daily Spend view – this covers the daily spend over the previous sixty days

35 / 65

In a design meeting with your Senior AWS Architect you are asked to create a dual homed network. The client has been using AWS cloud for a few years and has staff who are fairly well versed in AWS technology. They have offered a preliminary design, which calls for dual homed web servers attached to an application server. This setup is also dual homed to connect to a backend database server. Which AWS device will enable such a dual homed scenario?

Elastic IP Address

Dual Channel VPN

Elastic Network Interface

Elastic Load Balancer

Explanation

You can place a network interface on each of your web servers that connects to a mid-tier network where an application server resides. The application server can also be dual-homed to a back-end network (subnet) where the database server resides. Instead of routing network packets through the dual-homed instances, each dual-homed instance receives and processes requests on the front end, initiates a connection to the back end, and then sends requests to the servers on the back-end network.

Explanation

36 / 65

An organization has launched five instances: two for production and three for testing. The organization wants a particular group of IAM users to access only the test instances and not the production ones. They want to deploy the instances in various locations based on the factors that will change from time to time, especially in the test group. They expect instances will often be deleted and replaced, especially in the testing group. This means the five instances they have created now will soon be replaced by a different set of five instances. The members of each group, production, and testing will not change in the foreseeable future.

Given the situation, what choice below is the most efficient and time-saving strategy to define the IAM policy? (Choose 2 answers)

Configure tags on the instances in each environment defining which are ‘test’ and which are ‘production’

Launch the test and production instances in separate regions and allowing region wise access to the group

Add a condition to the IAM policy that allows access to the configured tags for the ‘test’ environment

Define the IAM policy that allows access based on the instance ID

Explanation

AWS Identity and Access Management is a web service that allows organizations to manage users and user permissions for various AWS services. The user can add conditions as a part of the IAM policies. The condition can be set on AWS Tags, Time, and Client IP as well as on various parameters. If the organization wants the user to access only specific instances, he should define proper tags and add to the IAM policy condition. The sample policy is shown below.
"Statement": [ { "Action": "ec2:*", "Effect": "Allow", "Resource": "*", "Condition": { "StringEquals": { "ec2:ResourceTag/InstanceType": "Production" } } } ]

Explanation

37 / 65

You have successfully created your first WordPress blog that is hosted on an Amazon EC2 instance. You’ve noticed that when the public DNS address for your instance changes, it breaks your installation. What could you do to prevent this? (Choose 3 answers)

If you have a domain name, update the DNS record for the domain name to point to your Elastic IP address

Allocate an EC2 instance

If you don’t have a domain name, create one using Amazon Route 53 and associate your instance’s Elastic IP address with the new domain name.

Allocate an Elastic IP address for your Amazon instance

Explanation

To prevent the public DNS address for your instance from changing and breaking your installation, you can associate an Elastic IP address (EIP) to the instance you are using. You need to allocate an Elastic IP address for that instance (the first association is free). If you own a domain name and you want to use it for your blog, you can update the DNS record for the domain name to point to your EIP address. If you don’t already have a domain name for your blog, you can register a domain name with Amazon Route 53 and associate your instance’s EIP address with your domain name.

Explanation

38 / 65

You are an engineer at a large bank, responsible for managing your firm’s AWS infrastructure. Your finance team has approached you, indicating their concern over the growing EC2 budget. They have asked you to identify strategies to reduce the EC2 spend by at least 25% before the next monthly billing cycle. How choices below could assist in accomplishing this? (Choose 3 answers)

Look for opportunities to use reserved or spot instances.

Reduce or eliminate over-provisioned or unused instances.

Consolidate AWS accounts for billing.

Look for opportunities to use dedicated instances.

Explanation

You can reduce EC2 spend by migrating to reserved/spot instances, eliminating/shrinking unused resources, or consolidating AWS accounts (to qualify for volume discounts). The paying account’s use of consolidated billing can benefit from volume pricing discounts gained thru aggregate account usage.

Explanation

39 / 65

An organization has a statutory requirement to protect the data at rest for data stored in EBS volumes. Which of the below mentioned options can the organization use to achieve data protection?

Data encryption.

All the options listed here.

Data replication.

Data snapshot.

Explanation

40 / 65

256

Explanation

41 / 65

Your company allows technical personnel to manage their own S3 buckets. But there have been too many instances of users deleting important project related data. What additional steps can you take to prevent accidental deletion or overwriting of data? (Choose 3 answers)

Add versioning

Add MFA Delete

Create read replicas.

Add cross-region replication

Explanation

Amazon S3 storage offers very high durability, but it is still a best practice to protect against user level deletion or overwriting of data using versioning, cross-region replication, and MFA Delete.

Explanation

42 / 65

You are very concerned about security on your network because you have multiple programmers testing APIs and SDKs and you have no idea what is happening. You think CloudTrail may help but are not sure what it does. Which of the following statements best describes the AWS service CloudTrail?

With AWS CloudTrail you can get a history of IAM users for your account.

With AWS CloudTrail you can get a history of S3 logfiles for your account.

With AWS CloudTrail you can get a history of CloudFormation JSON scripts used for your account.

With AWS CloudTrail you can get a history of AWS API calls and related events for your account.

Explanation

With AWS CloudTrail, you can get a history of AWS API calls for your account, including API calls made via the AWS Management Console, the AWS SDKs, the command line tools, and higher-level AWS services. You can also identify which users and accounts called AWS APIs for services that support CloudTrail, the source IP address the calls were made from, and when the calls occurred. You can identify which users and accounts called AWS for services that support CloudTrail, the source IP address the calls were made from, and when the calls occurred. You can integrate CloudTrail into applications using the API, automate trail creation for your organization, check the status of your trails, and control how administrators turn CloudTrail logging on and off.

Explanation

43 / 65

Within Elastic Load Balancing, the time-to-live ensures that the IP addresses can be remapped quickly in response to changing traffic. What is the default time-to-live (TTL) limit specified by a DNS entry?

10 seconds

90 seconds

60 seconds

30 seconds

Explanation

The DNS entry specifies the time-to-live (TTL) as 60 seconds, which ensures that the IP addresses can be remapped quickly in response to changing traffic.

Explanation

The DNS entry specifies the time-to-live (TTL) as 60 seconds, which ensures that the IP addresses can be remapped quickly in response to changing traffic.

44 / 65

Which of the following are IAM best practices (Choose 3 answers)

Assign permissions to IAM groups instead of IAM users

Create privileged users and enable multi-factor authentication.

Designate a backup administrator to use the root access key

Discontinue use of the root access key.

Explanation

You use an access key (consisting of an access key ID and secret access key) to make programmatic requests to AWS. However, do not use your AWS account (root) access key. Create groups that relate to job functions so that you can make changes for everyone in a group in just one place.

Explanation

45 / 65

An EC2 instance has one additional EBS volume attached to it. How can a user attach the same volume to another running instance in the same availability zone?

Detach the volume first and attach it to new instance

Terminate the first instance and only then attach it to the new instance

Attach the volume as read-only to the second instance

No need to detach. Just select the volume and attach it to the new instance, it will take care of mapping internally.

Explanation

If an EBS volume is attached to a running EC2 instance, the user needs to detach the volume from the original instance and then attach it to a new running instance. The user doesn’t need to stop or terminate the original instance.

Explanation

46 / 65

A user has created photo editing software and hosted it on EC2. The software accepts requests from the user about the photo format and resolution and sends a message to S3 to enhance the picture accordingly. Which of the below mentioned AWS services will help make a scalable software with the AWS infrastructure in this scenario?

AWS Elastic Transcoder

AWS Simple Notification Service

AWS Simple Queue Service

AWS Glacier

Explanation

Amazon Simple Queue Service (SQS) is a fast, reliable, scalable, and fully managed message queuing service. SQS provides a simple and cost-effective way to decouple the components of an application. The user can configure SQS, which will decouple the call between the EC2 application and S3. Thus, the application does not keep waiting for S3 to provide the data.

Explanation

47 / 65

A client contacts you to troubleshoot an issue with their company’s VPC. An initial review of an architectural diagram appears to call for an Internet-facing load balancer, and two auto scaling groups within a VPC. After logging in, you recognize that health checks are not reaching the EC2 instances launched in the VPC because the front-end connection (client to load balancer) has timed out.

What series of AWS recommended troubleshooting steps would likely resolve this issue? (Choose 3 answers)

Adjust response timeouts in your load balancer health check configuration.

Ensure that the load balancer is configured for ingress traffic.

Adjust the health check interval settings.

Verify the issue by connecting directly with the instance.

Explanation

It is critical before making any major changes to your health checks to verify whether you can connect manually to the EC2 instances in question. Once you’ve verified you can connect to them manually, you can begin altering the health check settings.

Explanation

48 / 65

You have a lot of data stored in the AWS Storage Gateway and your manager has come to you asking about how the billing is calculated, specifically the Virtual Tape Shelf usage. What would be a correct response to this?

You are billed for the virtual tape data you store in Amazon Glacier and are billed for the size of the virtual tape

You are billed for the virtual tape data you store in Amazon S3 and are billed for the size of the virtual tape.

You are billed for the virtual tape data you store in Amazon S3 and billed for the portion of virtual tape capacity that you use, not for the size of the virtual tape.

You are billed for the virtual tape data you store in Amazon Glacier and billed for the portion of virtual tape capacity that you use, not for the size of the virtual tape.

Explanation

The AWS Storage Gateway is a service connecting an on-premises software appliance with cloud-based storage to provide seamless and secure integration between an organization’s on-premises IT environment and AWS’s storage infrastructure. AWS Storage Gateway billing is as follows. Volume storage usage (per GB per month): You are billed for the Cached volume data you store in Amazon S3. You are only billed for volume capacity you use, not for the size of the volume you create. Snapshot Storage usage (per GB per month): You are billed for the snapshots your gateway stores in Amazon S3. These snapshots are stored and billed as Amazon EBS snapshots. Snapshots are incremental backups, reducing your storage charges. When taking a new snapshot, only the data that has changed since your last snapshot is stored. Virtual Tape Library usage (per GB per month): You are billed for the virtual tape data you store in Amazon S3. You are only billed for the portion of virtual tape capacity that you use, not for the size of the virtual tape. Virtual Tape Shelf usage (per GB per month): You are billed for the virtual tape data you store in Amazon Glacier. You are only billed for the portion of virtual tape capacity that you use, not for the size of the virtual tape

Explanation

49 / 65

A media company has contracted you to design its AWS cloud environment. They host websites and have many well known bloggers who post daily and weekly blogs as well as podcasts. Your analysis of their existing traffic reveals that their database traffic will be nearly 90% read traffic. From this analysis, your design will include read replicas in regions outside the primary DB region, so you know that you have to choose a database engine that supports this.

Which AWS RDS engines does not support read replicas located in a separate AWS region from the primary DB?

MariaDB

MySQL

Amazon Aurora

SQL Server

Explanation

Amazon RDS Read Replicas provide enhanced performance and durability for database (DB) instances. This replication feature makes it easy to elastically scale out beyond the capacity constraints of a single DB Instance for read-heavy database workloads. You can create one or more replicas of a given source DB Instance and serve high-volume application read traffic from multiple copies of your data, thereby increasing aggregate read throughput. Read replicas can also be promoted when needed to become standalone DB instances.

Read replicas in different regions are available in Amazon RDS for MYSQL, MariaDB, PostgreSQL, Oracle, and Aurora

Explanation

Read replicas in different regions are available in Amazon RDS for MYSQL, MariaDB, PostgreSQL, Oracle, and Aurora

50 / 65

A user has configured ELB with two EBS backed EC2 instances. The user is trying to understand the DNS access and IP support for ELB. Which of the below mentioned statements may not help the user understand the IP mechanism supported by ELB?

ELB DNS supports both IPV4 and IPV6

The client can connect over IPV4 or IPV6 using Dualstack

Communication between the load balancer and back-end instances is always through IPV4

The ELB supports either IPV4 or IPV6 but not both

Explanation

Elastic Load Balancing supports both Internet Protocol version 6 (IPv6) and Internet Protocol version 4 (IPv4). Clients can connect to the user’s load balancer using either IPv4 or IPv6 (in EC2-Classic) DNS. However, communication between the load balancer and its back-end instances uses only IPv4. The user can use the Dualstack-prefixed DNS name to enable IPv6 supportfor communications between the client and the load balancers. Thus, the clients are able to access the load balancer using either IPv4 or IPv6 as their individual connectivity needs dictate.

Explanation

51 / 65

Your company has recently discovered a massive security leak in which several users’ access credentials were compromised. As a response, the Senior IT Security Manager has requested you to prevent all high-risk data from being modified or deleted by any users, including the root user.

What if the most efficient way to implement this security measure?

Migrate the high-risk data to new S3 buckets and enable object versioning. Enable MFA Delete for all buckets.

Migrate the high-risk data to new S3 buckets and enable object locks. Configure a retention mode of compliance mode.

Enable object locks for all existing buckets with high-risk data. Configure a retention mode of governance mode.

Enable object versioning for all existing buckets with high-risk data. Enable a default legal hold for the bucket

Explanation

There are a few key points to this question:

Object locks can prevent objects from modification or deletion; objection versioning does not – it only maintains versions of an object until those versions are deleted.
Users can only enable Object locks can on new S3 buckets.
Object locks have two retention modes – governance mode and compliance mode. Compliance mode prevents objects from being deleted or updated by users, including the root user. Governance mode allows objects to be modified, but prevents objects from being deleted.

Explanation

There are a few key points to this question:

Object locks can prevent objects from modification or deletion; objection versioning does not – it only maintains versions of an object until those versions are deleted.
Users can only enable Object locks can on new S3 buckets.
Object locks have two retention modes – governance mode and compliance mode. Compliance mode prevents objects from being deleted or updated by users, including the root user. Governance mode allows objects to be modified, but prevents objects from being deleted.

52 / 65

You’ve been assigned to assist a client in the creation of their AWS Virtual Private Cloud (VPC). You are shadowing their IT admin to allow the admin to create the VPC, learn, and benefit from your guidance. Which VPC components are optional and should be created at the discretion of the customer? (Choose 3 answers)

Internet Gateways

NAT Gateways

Virtual Private Gateways

Route Tables

Explanation

The optional components of a VPC are available for situational use in the VPC. An internet gateway needs to be created to give instances within the VPC internet access. By creating the Internet Gateway and creating a route in the route table to the Internet Gateway the instances will be able to access the internet. NAT Gateway perform a similar function to Internet Gateways but they are used for instances within private subnets. Virtual Private Gateways facilitate connectivity between the VPC and an on-premises network.

Explanation

53 / 65

A user is planning to make a mobile game which can be played online or offline and will be hosted on EC2. The user wants to ensure that if someone breaks the highest score or they achieve some milestone they can inform all their colleagues through email. Which of the below mentioned AWS services helps achieve this goal?

AWS Simple Email Service.

Amazon Cognito

AWS Simple Queue Service.

AWS Simple Workflow Service.

Explanation

Amazon Simple Email Service (Amazon SES) is a highly scalable and cost-effective email-sending service for businesses and developers. It integrates with other AWS services, making it easy to send emails from applications that are hosted on AWS.

Explanation

54 / 65

You are designing a VPC for a small legal firm. The firm only has 6 users who will need instances, and the firm does not expect any growth. When creating the VPC, you will need to specify an IPv4 address range by choosing a CIDR block. What is the smallest size CIDR block that could be used for this network?

/24

/28

/16

Explanation

When you create a VPC, you must specify a range of IPv4 addresses for the VPC in the form of a Classless Inter-Domain Routing (CIDR) block; for example, 10.0.0.0/16. The first four IP addresses and the last IP address in each subnet CIDR block are not available for you to use, and cannot be assigned to an instance. AWS reserves the first four addresses and the last address in a CIDR block, so be sure to subtract five to give the number of addresses in a CIDR block available for use

Explanation

55 / 65

You have been using T2 instances as your CPU requirements have not been that intensive. However, you now start to think about larger instance types and start looking at M1 and M3 instances. You are a little confused as to the differences between them as they both seem to have the same ratio of CPU and memory. Which statement below is incorrect as to why you would use one over the other?

M3 instances are less expensive than M1 instances

M3 instances are configured with more swap memory than M1 instances.

M3 instances provide better, more consistent performance that M1 instances for most use-cases

M3 instances also offer SSD-based instance storage that delivers higher I/O performance.

Explanation

Amazon EC2 allows you to set up and configure everything about your instances from your operating system up to your applications. An Amazon Machine Image (AMI) is simply a packaged-up environment that includes all the necessary bits to set up and boot your instance. M1 and M3 Standard instances have the same ratio of CPU and memory, some reasons below as to why you would use one over the other. M3 instances provide better, more consistent performance that M1 instances for most use-cases. M3 instances also offer SSD-based instance storage that delivers higher I/O performance. M3 instances are also less expensive than M1 instances. Due to these reasons, we recommend M3 for applications that require general purpose instances with a balance of compute, memory, and network resources. However, if you need more disk storage than what is provided in M3 instances, you may still find M1 instances useful for running your applications

Explanation

56 / 65

When CloudWatch detailed monitoring is enabled, what is the minimum duration of a CloudWatch alarm?

1 minute

10 minutes

30 minutes

5 minutes

Explanation

57 / 65

You configured a VPC with web servers hosted on EC2 instances in an EC2 Auto Scaling group in a public subnet. You then create a private subnet and deploy your Amazon RDS database servers in it.

You grant a database administrator access to the RDS database instance, but she is unable to connect to it.

What steps can you take to resolve the issue?

Create a key pair for your database administrator to log in

Use a different port for ingress.

Configure single sign-on for your database administrator.

Create a security group with specific ingress and egress rules for the DB instance

Explanation

When you are unable to connect to a new database, it is often because the DB instance creation is still in progress and is not available yet. A reasonable amount of time to wait (at most) is 20 to 30 minutes. Beyond that, there is likely a problem. A common pattern in DB implementation involves placing databases in private subnets for additional security. If you follow this practice, make sure that the Security Groups provide appropriate ingress and egress to the DB instance

Explanation

58 / 65

Which choice below accurately describes the ‘warm standby’ disaster recovery method?

Keeping data backed up to tape and sent offsite regularly, from which all data can be restored in the event of a disaster.

A duplicate version of only your business-critical systems that is always running, in case you need to divert your workloads to them in the event of a disaster.

A complete duplicate of your entire system, to which all traffic can be directed in the event of a disaster.

Storing critical systems as a template, from which resources can be scaled out in the event of a disaster.

Explanation

Warm standby is essentially ready to go with all key services running in the most minimal possible way, essentially a smaller version of the production environment. In the event of a disaster, the standby environment will be scaled up for production load quickly and easily. DNS records will be changed to route all traffic to the AWS environment.

Explanation

59 / 65

You are involved in the design of a client’s AWS cloud environment. A requirements meeting regarding storage leads to the need for EBS volumes in the design. Much of the design will require standard storage but there is a critical business application, which requires sustained IOPs performance. Which EBS storage option is best for critical apps that need high performance?

General-purpose SSD

High IOPs SSD

Magnetic volumes

Provisioned IOPs SSD

Explanation

Amazon RDS provides three storage types: magnetic, General Purpose (SSD), and Provisioned IOPS (input/output operations per second). Provisioned IOPS storage is designed to meet the needs of I/O-intensive workloads, particularly database workloads, that are sensitive to storage performance and consistency in random access I/O throughput. Provisioned IOPS volumes can range in size from 100 GB to 6 TB for MySQL, MariaDB, PostgreSQL, and Oracle DB engines.

Explanation

60 / 65

A user has launched an instance-store backed EC2 instance in the US-East-1a zone. The user then creates AMI-1 and copied it to the EU-West-1 region. The AMI copy in the EU-West-1 region is named AMI-1-West. Later, the user updates the application running on the instance in US-East-1a, and updates AMI-1 with this version of the instance. The updated version of AMI-1 is named AMI-1.1. Finally, the user attempts to launch a new instance from AMI-1-West in the EU-West-1 region. Which statement below is correct regarding this scenario?

The new instance will launch successfully and match AMI-1.1

The new instance launches successfully and matches AMI-1, not AMI-1.1

EC2 will allow the user to select which AMI version should apply to this instance because AMI versioning is enabled by default for all AMI copies

The attempt to launch an instance based on AMI-1-West will fail because the copy is outdated

Explanation

Within EC2, when the user copies an AMI, the new AMI is fully independent of the source AMI; there is no link to the original (source) AMI. The user can modify the source AMI without affecting the new AMI and vice versa. Therefore, in this case even if the source AMI is modified, the copied AMI of the EU region will not have the changes. The user needs to copy the new source AMI to the destination region to get those changes

Explanation

61 / 65

An accountant asks you to design a small VPC network for him and, due to the nature of his business, just needs something where the workload on the network will be low, and dynamic data will be accessed infrequently. Being an accountant, low cost is also a major factor. Which EBS volume type would best suit his requirements?

General Purpose (SSD)

Magnetic or Provisioned IOPS (SSD)

Any, as they all perform the same and cost the same

Magnetic

Explanation

You can choose between three EBS volume types to best meet the needs of their workloads: General Purpose (SSD), Provisioned IOPS (SSD), and Magnetic. General Purpose (SSD) is the new, SSD-backed, general purpose EBS volume type that we recommend as the default choice for customers. General Purpose (SSD) volumes are suitable for a broad range of workloads, including small to medium sized databases, development and test environments, and boot volumes. Provisioned IOPS (SSD) volumes offer storage with consistent and low-latency performance, and are designed for I/O intensive applications such as large relational or NoSQL databases. Magnetic volumes provide the lowest cost per gigabyte of all EBS volume types. Magnetic volumes are ideal for workloads where data is accessed infrequently, and applications where the lowest storage cost is important

Explanation

62 / 65

An Elastic Load Balancer can scale EBS appropriately

You can resize an existing volume by creating a snapshot and launching a new (larger volume) from the snapshot

You can quickly provision additional capacity by adding new EBS volumes

EBS volumes are redundantly replicated on different hardware within the same AZ.

Explanation

63 / 65

You have multiple VPN connections and want to provide secure communication between sites using the AWS VPN CloudHub. Which statement is the most accurate in describing what you must do to set this up correctly?

Create a virtual private gateway with multiple customer gateways, each with unique Border Gateway Protocol (BGP) Autonomous System Numbers (ASNs)

Create a virtual private gateway with multiple customer gateways, each with unique subnet id

Create a virtual public gateway with multiple customer gateways, each with a unique Private subnet

Create a virtual private gateway with multiple customer gateways, each with a unique set of keys

Explanation

If you have multiple VPN connections, you can provide secure communication between sites using the AWS VPN CloudHub. The VPN CloudHub operates on a simple hub-and-spoke model that you can use with or without a VPC. This design is suitable for customers with multiple branch offices and existing Internet connections who’d like to implement a convenient, potentially low-cost hub-and-spoke model for primary or backup connectivity between these remote offices. To use the AWS VPN CloudHub, you must create a virtual private gateway with multiple customer gateways, each with unique Border Gateway Protocol (BGP) Autonomous System Numbers (ASNs). Customer gateways advertise the appropriate routes (BGP prefixes) over their VPN connections. These routing advertisements are received and re-advertised to each BGP peer, enabling each site to send data to and receive data from the other sites. The routes for each spoke must have unique ASNs and the sites must not have overlapping IP ranges. Each site can also send and receive data from the VPC as if they were using a standard VPN connection

Explanation

64 / 65

A user has applied an S3 Bucket access control list (ACL) and a bucket policy to an S3 bucket. Then, the user enables cross-origin resource sharing (CORS) on the same bucket.

Which of the following statements is true in this context?

The ACLs and policies continue to apply when you enable CORS on the bucket.

With CORS, only the policy can be applied.

With CORS, only an ACL can be applied.

It is not possible to have all three applied to the same bucket.

Explanation

The CORS specification gives a user the ability to build web applications that make requests to domains other than the one which supplied the primary content. The ACLs and policies continue to apply when you enable CORS on the bucket.

Explanation

65 / 65

A user is planning to make a mobile game which can be played online over the internet with multiplayer functionality or played offline individually, this game will be hosted on EC2. The user wants to ensure that if someone breaks the highest score or they achieve some milestone they can inform all their colleagues through emails. Which of the below mentioned AWS services would be best suited to achieve this goal?

Amazon Cognito

AWS Simple Email Service.

AWS Simple Queue Service

AWS Simple Workflow Service

Explanation

Amazon Simple Email Service (Amazon SES) is a highly scalable and cost-effective email-sending service for businesses and developers. It integrates with other AWS services, making it easy to send emails from applications that are hosted on AWS

Explanation

Your score is

The average score is 41%

LinkedIn Facebook Twitter

Please rate your experience to help us improve !

Need more practice ? take the AWS Certified Solutions Architect Associate (SAA) – Learning mode

AWS Certified Solutions Architect Associate (SAA02) – Free Practice Tests

AWS Certified Solutions Architect Associate (SAA) – Learning Mode

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

AWS Certified Solutions Architect Associate (SAA) – Exam Mode

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation