AWS Certified Solutions Architect Professional - Free Practice Tests

This AWS practice test helps you to pass the following AWS exams and can also helps you to revise the AWS concepts if you are preparing for AWS interviews.

AWS Certified Solutions Architect Professional
AWS Certified Solutions Architect Associate
AWS Certified Cloud Practitioner

Below AWS practice tests has two different Modes

Learning Mode: 25 questions per test with answers and explanation, no time limit, repeat tests
Exam Mode: 75 questions per test (similar to real AWS exam), 180 minutes, repeat tests

AWS Certified Solutions Architect Professional – Learning Mode

/25

1 votes, 5 avg

AWS Certified Solutions Architect Professional - Learning Mode

1 / 25

You are managing cloud storage for your company, which wants the technical staff to have some latitude in managing the buckets under your supervision. In an effort to increase visibility and accountability on bucket management, you'd like to know who is accessing the buckets and to be notified of delete actions.

What features can provide this information for S3 buckets? (Choose 2 answers)

Enable CloudWatch Logs

Turn on S3 Event Notifications for delete actions

Enable S3 Server Access Logs on the buckets

View the S3 event logs

Explanation

S3 Event Notifications can be set up on objects stored in S3. An event could be set up to notify when a delete is performed. Logging is turned off by default but can be enabled. When enabled, they can track requests to your S3 bucket.

S3 Server Access Logging tracks detailed information not currently available with CloudWatch metrics or CloudTrail logs. To track requests for access to your bucket, you can enable access logging. Each access log record provides details about a single access request, such as the requester, bucket name, request time, request action, response status, and error code, if any. Access log information can be useful in security and access audits. It can also help you learn about your customer base and understand your Amazon S3 bill.

Explanation

2 / 25

Your team is setting up DynamoDB for a client. You need to explain to them how DynamoDB tables are partitioned. Which calculations are used to determine the number of partitions that will be created? (Choose 2 answers)

The total table size divided by 40 GB

The total RCU divided by 3000 + total WCU divided by 1000

The total RCU divided by 5000 + total WCU divided by 1000

The total table size divided by 10 GB

Explanation

DynamoDB tables are portioned based on the following: First, calculate total RCU/3000 + total WCU/1000. Then calculate the total size/10 GB. Then round up the higher of the two results.

Explanation

DynamoDB tables are portioned based on the following: First, calculate total RCU/3000 + total WCU/1000. Then calculate the total size/10 GB. Then round up the higher of the two results.

3 / 25

You are a DBA at a rapidly growing company and you want to shorten failover time for your Amazon RDS SQL Server database. Which strategies will shorten failover time? (Choose 2 answers)

Use larger transactions.

Configure the health check using shorter intervals.

Use smaller transactions

Ensure you have provisioned sufficient IOPS.

Explanation

Recovery takes IOPS; therefore, insufficient IOPS will slow down failover time. Database recovery relies on transactions; therefore, smaller transactions will shorten failover time.

Explanation

Recovery takes IOPS; therefore, insufficient IOPS will slow down failover time. Database recovery relies on transactions; therefore, smaller transactions will shorten failover time.

4 / 25

Your developers have created a sales application that works in tandem with the no SQL database. To ensure the fastest response for the application in production, the developers wish to remove the need to wait for acknowledgments from the database to the application after data have been sent. The acknowledgments can be stored and accessed asynchronously. Which managed application would be the best choice for their design?

AWS Config

Simple Queue Service

Simple Workflow Service

CloudWatch Logs

Explanation

SQS allows you to quickly build hosted and scalable message queuing applications that can run on any computer. SQS stores messages in transit between diverse, distributed application components without losing messages and without requiring each component to be always available

Explanation

5 / 25

You have been assigned to a client who has an existing AWS cloud environment. They are already using CloudFormation to deploy web dev, test, and production environments. You immediately recognize that they are using the same CloudFormation template for dev and production. The Project Plan calls for major performance testing at the end of the project and the client wants to cut cost wherever possible. You recommend using smaller EC2 instances for the Developers dev environments. What section of a CloudFormation template can you use to deploy variable sized instances depending on the environment?

Conditions

Mappings

Transform

Metadata

Explanation

The conditions section of a CloudFormation template defines conditions that control whether certain resources are created or whether certain resource properties are assigned a value during stack creation or update. For example, you could conditionally create a resource that depends on whether the stack is for a production or test environment

Explanation

6 / 25

When CloudWatch detailed monitoring is enabled, what is the minimum duration of a CloudWatch alarm?

10 minutes

30 minutes

5 minutes

1 minute

Explanation

When creating an alarm, select a period that is greater than or equal to the frequency of the metric to be monitored. For example, basic monitoring for Amazon EC2 provides metrics for your instances every 5 minutes. When setting an alarm on a basic monitoring metric, select a period of at least 300 seconds (5 minutes). Detailed monitoring for Amazon EC2 provides metrics for your instances every 1 minute. When setting an alarm on a detailed monitoring metric, select a period of at least 60 seconds (1 minute).

Explanation

7 / 25

You have 4 Direct Connect (DX) connections to your VPC from your Chicago, Boston, Houston, and Orlando offices. Your VPC’s address range is 10.20.0.0/16. You are using BGP routing. You would like to ensure AWS uses the Chicago connection to reach the IP addresses ranging from 10.20.30.0-10.20.30.127 on your network. The other three locations are currently advertising the following routes:

Boston: 10.20.0.0/16 AS 65000

Houston: 10.20.30.0/24 AS 65000 65000

Orlando: 10.20.30.254/32 AS 65000 65000 65000

Which of the following routes could you advertise from your Chicago connection to ensure AWS uses it to access IP addresses ranging from 10.20.30.0-10.20.30.127?

10.20.128.0/17 AS 65000

10.20.30.0/23 AS 65000 65000

10.20.30.128/26 AS 65000

10.20.30.0/25 AS 65000 65000 65000

Explanation

AWS will choose the most specific route first. If routes are equal after checking for the most specific routes, AWS will use AS path prepending to determine which route is preferred. In this example, 10.20.30.0/25 is more specific than 10.20.30.0/24 and 10.20.0.0/16, so AS path prepending will not matter. The other options are either outside of the address range in question (10.20.30.128/26 and 10.20.128.0/17) or less specific than the route advertised by Houston (10.20.30.0/23). The route advertised from Orlando, 10.20.30.254/32, identifies a single IPv4 address that is outside of the range in question

Explanation

8 / 25

To provide adequate computer resources for your company portal during busy sales cycles, you have your instances assigned to an EC2 auto scaling group associated with an application load balancer. You are now configuring the health checks for the auto scaling group.

What statement regarding health check configuration options for your auto scaling group is correct?

You can only use ALB health checks as a health check for your auto scaling group

You can use either EC2 Instance Status Checks or ALB health checks for your auto scaling group., but not both simultaneously

You can use both EC2 Instance Status Checks and ALB health checks simultaneously for your auto scaling group

You can only use EC2 Instance Status Checks as a health check for your auto scaling group

Explanation

Both instance status checks and health checks must be enabled before unhealthy instances will be terminated. It is critical that you test not only the saturation and breaking points but also the "normal" traffic profile you expect

Explanation

9 / 25

You need to design secure administrative access to application servers residing in private subnets in multiple availability zones. You require a select group of administrators to have access from specific IP addresses. You also want the solution to be automated and repeatable. Which of the following options could achieve your goals? (Choose 2 answers)

NAT Gateway

Elastic Beanstalk

Cloud Formation

Quick Start

Explanation

Quick Start is a new solution that is worth checking out. You can use IAM with AWS CloudFormation to control what users can do with AWS CloudFormation. Amazon provides Amazon Linux AMIs that are configured to run as NAT instances. Elastic Beanstalk is primarily for web applications only

Explanation

10 / 25

You are an engineer at a large bank, responsible for managing your firm’s AWS infrastructure. As the environment and number of active resources continue to grow, your finance team is having a difficult time attributing your AWS costs to the various business units. How can you help the finance team assign costs to the correct business units? (Choose 2 answers)

Enable Cost and Usage reports.

Give them access to TCO calculator.

Tag all resources with the appropriate business unit.

Set up consolidated billing

Explanation

By tagging all resources with the business unit and enabling detailed billing reports, you would enable the finance team to run cost reports by business unit.

Explanation

By tagging all resources with the business unit and enabling detailed billing reports, you would enable the finance team to run cost reports by business unit.

11 / 25

You are migrating your Oracle database using the AWS Database Migration Service. Due to a large amount of data being replicated, you need the replication process to be continuous. What must be changed on your replication instance to use ongoing replication?

Increase the number of tables that are cached in RAM.

Disable backups on the target instance

Enable the Multi-AZ option on the replication instance.

Disable Multi-AZ on the target instance

Explanation

Enabling the Multi-AZ option provides high availability and failover support for the replication instance

Explanation

Enabling the Multi-AZ option provides high availability and failover support for the replication instance

12 / 25

A customer has a website which shows all the sales available in leading online and brick-and-mortar stores.

Currently, the website's web, application, and database tiers are hosted on five large, on-demand EC2 instances to manage day-to-day traffic. However, from late November through the end of December, the website traffic quadruples the normal rate for various periods, sometimes a few minutes, and sometimes a few hours. During the peaks in activity, the website requires up to 20 large instances.

The level of activity is not predictable. It is also prone to large, sudden spikes at random times based on when various temporary sales are available. The site's traffic can quadruple in a matter of minutes.

Which option is the most cost-effective and achieves better performance to handle these peaks in traffic reliably?

Launch ten on-demand instances running continuously, and manually launch ten instances every day during office hours based on workload metrics as needed.

Purchase 5 Standard reserved instances immediately. Add ten on-demand instances to run continuously from late November through the end of December. Create an auto scaling group to scale out an additional five instances based on the workload metrics as needed.

Purchase 5 Standard reserved instances immediately. Add five on-demand instances during the from late November through the end of December, and create an auto scaling group to scale out an additional ten instances based on the workload metrics as needed.

Purchase 5 Scheduled reserved instances immediately. Add 15 on-demand instances to run continuously from late November through the end of December.

Explanation

AWS provides an on-demand, scalable infrastructure. Amazon EC2 allows the user to launch On-Demand instances and the organization should create an AMI of the running instance. When the organization is experiencing varying loads and the time of the load is not known but it is higher than the routine traffic it is recommended that the organization launches a few instances beforehand and then setups AutoScaling with policies which scale up and down as per the EC2 metrics, such as Network I/O or CPU utilization.

If the organization keeps all ten additional instances as a part of the AutoScaling policy sometimes during a sudden higher load, it may take time to launch instances and may not give optimal performance. This is the reason it is recommended that the organization keeps an additional five instances running and the next five instances scheduled as per the AutoScaling policy for cost-effectiveness.

Additionally, the website has established a baseline of normal workload outside of the peak season, so they can invest in Standard reserved instances to manage this workload and save dramatically on compute resource costs.

Explanation

13 / 25

You have created an S3 bucket where project managers can upload their projects' files. Project files change frequently, so retaining multiple copies of files when changes occur is essential. Each project is also considered confidential, each project file must be encrypted at rest when stored in S3.

How could you meet these requirements for your bucket and contents?

Each PM should compress project files and assign a password for compressed files, and encryption needs to be enabled on the bucket

Delete all prior versions after a certain timestamp alert is met

Server-side encryption should be enabled on the S3 bucket

Enable versioning for the S3 bucket, and encrypt project files using client-side or server-side encryption

Explanation

Versioning provides redundancy as it keeps multiple variants of an object in the same bucket. You can use versioning to preserve, retrieve, and restore every version of every object stored in your Amazon S3 bucket. With versioning, you can easily recover from both unintended user actions and application failures.

Explanation

14 / 25

After reviewing the reports from AWS Trusted Advisor, your company has decided to enable multi-factor authentication for IAM users and the root account. Which of the following MFA options can be used for both account types? (Choose 2 answers)

AWS Security Token Service

SNS Notification Service

A software-based Virtual MFA device

Hardware MFA Device

Explanation

For increased security, AWS recommends that you configure multi-factor authentication (MFA) to help protect your AWS resources. MFA adds extra security because it requires users to enter a unique authentication code from an approved authentication device or SMS text message when they access AWS websites or services. This type of MFA requires you to assign an MFA device (hardware or virtual) to the IAM user or the AWS root account.

Explanation

15 / 25

You are an engineer at a large bank, responsible for managing your firm’s AWS infrastructure. Your finance team has approached you, indicating their concern over the growing EC2 budget. They have asked you to identify strategies to reduce the EC2 spend by at least 25% before the next monthly billing cycle. How choices below could assist in accomplishing this? (Choose 3 answers)

Consolidate AWS accounts for billing.

Look for opportunities to use reserved or spot instances.

Look for opportunities to use dedicated instances.

Reduce or eliminate over-provisioned or unused instances.

Explanation

You can reduce EC2 spend by migrating to reserved/spot instances, eliminating/shrinking unused resources, or consolidating AWS accounts (to qualify for volume discounts). The paying account's use of consolidated billing can benefit from volume pricing discounts gained thru aggregate account usage.

Explanation

16 / 25

You’ve been contracted by a client to improve the resiliency of their VPC in preparation for increased Disaster Recovery requirements with shorter RTO and RPOs. One thing you’d like to improve upon is resource and application monitoring. Which services used together will allow for the monitoring of application logs on EC2, notification of users managing the services, and the overall health of AWS resources? (Choose 2 answers)

SNS

Trusted Advisor

Cloudwatch

CloudFront

Explanation

Amazon SNS and CloudWatch are integrated so you can collect, view, and analyze metrics for every active Amazon SNS notification. By configuring CloudWatch for Amazon SNS, you can gain better insight into the performance of your Amazon SNS topics, push notifications, and SMS deliveries.

Explanation

17 / 25

You have taken on a client that has been configured for AWS cloud and is fully operational. Your investigation of the environment reveals that your predecessor was a highly skilled AWS Architect. You view one instance that handles Internet traffic but also handles back end database traffic in a private subnet. This one instance is configured as a full management network attached to both a public subnet and a private subnet. What AWS device will enable such a configuration for a single instance?

Auto scaling group

Elastic Load Balancer

Elastic Network Interface

Elastic ip address

Explanation

You can create a management network using network interfaces. In this scenario, the secondary network interface on the instance handles public-facing traffic and the primary network interface handles back-end management traffic and is connected to a separate subnet in your VPC that has more restrictive access controls. The public-facing interface, which may or may not be behind a load balancer, has an associated security group that allows access to the server from the Internet while the private facing interface has an associated security group allowing SSH access only from an allowed range of IP addresses either within the VPC or from the Internet, a private subnet within the VPC or a virtual private gateway.

Explanation

18 / 25

You have been contracted by a company to design and implement their AWS cloud environment. The company has a very tight budget and would like to maximize savings wherever possible. They've gotten a 5-year government contract and the workload is expected to remain steady throughout the length of the contract. What type of instance will best meet their computing needs while providing maximum savings?

Standard reserved instances, one-year commitment, no upfront

Convertible reserved instances, one-year commitment, no upfront

Convertible reserved instances, three-year term commitment, all upfront

Standard reserved instances, three-year term commitment, all upfront

Explanation

When you purchase a Reserved Instance, choose a payment option, term, and an offering class that suits your needs. Generally speaking, you can save more money choosing Reserved Instances with a higher upfront payment. There are three payment options (No Upfront, Partial Upfront, All Upfront), two-term lengths (one-year or three-years), and two offering classes (Convertible and Standard). Convertible RIs offer up to a 55% discount, while Standard offers up to a 75% discount. No Upfront and Partial Upfront Reserved Instances are billed for usage on an hourly basis, regardless of whether they are being used. All Upfront Reserved Instances have no additional hourly charges.

Explanation

19 / 25

You have been asked to create a new S3 Bucket that will be used by the financial auditing team to store and share some files. There are a lot of different permissions between listing only, read-only and read-write access. You have decided to use resource-based permissions for the flexibility of it. Which statements below are correct with regards to resource-based permissions on your S3 bucket? (Choose 2 answers)

Resource-based permissions are managed policies you can apply directly to your bucket

Resource-based permissions could be attached to a user, role or group

An explicit deny in resource-based permissions will overwrite an allow permissions the user might have for the same resource

With resource-based permissions, you can define permissions for sub-directories of your bucket separately

Explanation

Resource-based permissions are permissions you attach directly to a resource. Resource-level permissions refer to the ability to specify not just what actions users can perform, but which resources they're allowed to perform those actions on. Resource-based policies are inline only, not managed. You can specify resource-based permissions for Amazon S3 buckets, Amazon Glacier vaults, Amazon SNS topics, Amazon SQS queues, and AWS Key Management Service encryption keys.

Explanation

20 / 25

Your company is considering migrating to AWS, but they are concerned about the initial and mid- to short-term costs due to the complexity of the migration cycle. To effectively calculate the total cost of ownership, certain costs must be understood and planned for.

What costs should be primary considerations? (Choose 3 answers)

The cost of running migration tools

The cost of using a Direct Link connection

The cost of outside consulting services

The cost of running duplicate environments

Explanation

Failing to accurately estimate your costs before migration and during the migration process is a recipe for disaster. To build a migration model for optimal efficiency, it is important to accurately understand the current costs of running on-premises applications, as well as the interim costs incurred during the transition

Explanation

21 / 25

Your company has decided to use cloud methods for disaster recovery. The company is most concerned with RTO and RPO and is willing to accept the extra cost of Warm Standby over Pilot Light. When a disaster occurs, your top priority is to increase the processing capacity of your scaled-down environment. Once that is accomplished, you can then increase the environment's resilience and self-management capabilities.

What steps will help you accomplish your top priority when a disaster occurs? (Choose 2 answers)

Extend your auto scaling group across multiple availability zones

Re-size the small capacity servers to run on larger EC2 instances

Modify your Amazon RDS servers to a multi-AZ deployment

Explanation

The Warm Standby scenario uses a scaled-down version of a fully functional environment that is always running. Business-critical applications can always be running in the cloud. When a DR scenario comes about, the servers can be quickly scaled up, scaled out or both, but horizontal scaling is preferred over vertical scaling.

The two incorrect choices will increase your environment's resilience by adding availability

Explanation

The two incorrect choices will increase your environment's resilience by adding availability

22 / 25

After monitoring your online sales application for the last two weeks of holiday sales, it is apparent that your database tier’s current architectural design is not sufficient. Your database is currently managed within Amazon RDS. The decision is made to scale your instance to a greater size based on database recommendations from the vendor. Your current database storage type is magnetic, and storage usage is currently at 70%.

Which modifications could potentially improve the performance of your database? (Choose 2 answers)

Increase the currently allocated storage space

Decrease the currently allocated storage space

Change the storage type to general-purpose SSD.

Increase the number of read replicas.

Explanation

When scaling a database, you can increase the storage capacity of a DB Instance up to a maximum of 64 terabytes (TiB). Please note that scaling the storage allocation with Amazon RDS does not incur a database outage. The performance will be increased as well.

Explanation

23 / 25

Your company decided to create AWS Account and start moving some workloads to the cloud. The security team would like to utilize the existing identity and access management system which is based on Active Directory to manage access to the new AWS Account. For that reason you decided to use SAML federation to allow users in local identity and access management system access to AWS Services.

Which of the following are primary components in SAML Federation configuration for the new AWS account? (Choose 2 answers)

Direct Connect or VPN connectivity must be established between AWS and your company's data center

SAML-Based identity provider has to be available to be used with company's identity store (Active Directory)

IAM trust policy that allows external identity store like Active Directory to be used as the primary IDP for this AWS account

IAM Roles matching Active Directory groups that you would like to allow access to AWS

Explanation

To enable SAML-Based federation for AWS Account, the following actions are required

1- Inside your organization's network, you configure your identity store (such as Windows Active Directory) to work with a SAML-based identity provider (IdP) like Windows Active Directory Federation Services

2- In IAM, create a new SAML provider, which is an entity in IAM that holds information about your organization's identity provider.

3- You also need to create roles that will map to allowed groups in company's identity store, members of these groups will be presented with set of roles that map to their group membership to choose which role they would like to assume while logging in to AWS console

Explanation

To enable SAML-Based federation for AWS Account, the following actions are required

2- In IAM, create a new SAML provider, which is an entity in IAM that holds information about your organization's identity provider.

24 / 25

Your account has 3 VPCs deployed in the same region.

The IPv4 address ranges of the VPCs are:

VPC A 172.22.0.0/16

VPC B 10.3.0.0/16

VPC C 10.4.0.0/16

VPC B and VPC C are already connected through VPC peering connection (PCX) named pcx-abcxyz. VPC A has resources that VPC B and VPC C must access. Which of the options below best achieves the objective of allowing VPC B and VPC C to access VPC A?

Connect VPC A to VPC B using VPC Peering and allow VPC C to access VPC A through VPC B

Connect VPC A to pcx-abcxyz

Create separate VPC Peering connections between VPC A & VPC B and VPC A & VPC C

Add static routes to VPC A with Targets of 10.3.0.0/16 and 10.4.0.0/16 and a Destination of pcx-abcxyz

Explanation

Creating separate VPC Peering connections between each VPC is required for Peering 3 VPCs together. Transitive routing is not supported in VPC Peering so VPC C could not reach VPC A through VPC B. A new VPC Peering connection is required for connecting additional VPCs, so connecting VPC A to pcx-abcxyz is not a viable option. Adding a static route to VPC A that points to pcx-abcxyz would not work as pcx-abcxyz is not connected to VPC A.

Explanation

25 / 25

A root account owner has created an S3 bucket named 'testmycloud'. The account owner wants to allow separate AWS accounts to upload objects, and require the separate accounts to manage permissions for their uploaded objects.

Which choice is the easiest way to achieve this?

The root account should create an S3 Bucket Access Control List (ACL) for the bucket allowing separate AWS accounts to upload content to the bucket.

The root account should create the IAM users for separate AWS accounts, and provide them the permission to upload content to the bucket.

The root account owner should create an S3 bucket policy allowing specified IAM users with separate AWS accounts to upload content to the bucket.

The root account owner should create an S3 bucket policy allowing other account owners to set the object permissions for that bucket.

Explanation

Each Amazon S3 bucket and object has an ACL (Access Control List) associated with it. An ACL is a list of grants identifying the grantee and the permission granted. The user can use ACLs to grant basic read/write permissions to other AWS accounts. ACLs use an Amazon S3–specific XML schema. The user cannot grant permissions to other users in his account. ACLs are suitable for specific scenarios. For example, if a bucket owner allows other AWS accounts to upload objects, permissions to these objects can only be managed using the object ACL by the AWS account that owns the object

Explanation

Your score is

LinkedIn Facebook Twitter

Please rate your experience to help us improve !

AWS Certified Solutions Architect Professional – Exam Mode

/75

0 votes, 0 avg

Click Start button to start exam !

Time Out !

1 / 75

What costs should be primary considerations? (Choose 3 answers)

The cost of using a Direct Link connection

The cost of outside consulting services

The cost of running duplicate environments

The cost of running migration tools

Explanation

2 / 75

Your company is planning to deploy a hybrid environment linking their on-premise database to an application hosted at AWS. When considering performance rather than security, what are key concerns when designing a network between AWS and the on-site database? (Choose 2 answers)

Network bandwidth

Network latency

Private network access

Control of data resources

Explanation

Since the database is not located in the same location as the application servers, network latency and bandwidth could potentially be an issue

Explanation

Since the database is not located in the same location as the application servers, network latency and bandwidth could potentially be an issue

3 / 75

Resource-based permissions are managed policies you can apply directly to your bucket

With resource-based permissions, you can define permissions for sub-directories of your bucket separately

An explicit deny in resource-based permissions will overwrite an allow permissions the user might have for the same resource

Resource-based permissions could be attached to a user, role or group

Explanation

4 / 75

You need to set up a high level of security for an Amazon Relational Database Service (RDS) you have just built in order to protect the confidential information stored in it. What are all the possible security groups that RDS uses?

DB security groups, VPC security groups, and EC2 security groups.

VPC security groups, and EC2 security groups.

DB Security groups only

EC2 security groups only

Explanation

A security group controls the access to a DB instance. It does so by allowing access to IP address ranges or Amazon EC2 instances that you specify. Amazon RDS uses DB security groups, VPC security groups, and EC2 security groups. In simple terms, a DB security group controls access to a DB instance that is not in a VPC, a VPC security group controls access to a DB instance inside a VPC, and an Amazon EC2 security group controls access to an EC2 instance and can be used with a DB instance.

Explanation

5 / 75

Mappings

Transform

Metadata

Conditions

Explanation

6 / 75

You are an administrator managing Windows File Servers in Amazon Web Services. You need to set up a fault-tolerant system to protect your shared files. You decide to use DFS Namespaces and DFS Replication.

Which of the following are prerequisites? (Choose 2 answers)

File servers running Windows Server 2008 R2

File servers running Windows Server 2012 R2

The File Server Resource Manager role installed by your domain controllers

An Active Directory Schema of 2008 R2 or later

Explanation

The technical requirements are file servers running Windows Server 2012 R2 and an Active Directory Schema of at least Server 2008 R2.

Explanation

The technical requirements are file servers running Windows Server 2012 R2 and an Active Directory Schema of at least Server 2008 R2.

7 / 75

You are architecting for a hybrid cloud solution that will require continuous connectivity between on-premises servers and instances on AWS. You found that the connectivity between on-premises and AWS does not require high bandwidth for now so you decided to go with resilient VPN connectivity. Which of the following services are part of establishing a resilient VPN connection between on-premises networks and AWS? (Choose 3 answers)

VPN connection

Public VIFs

Customer gateway

Virtual private gateway

Explanation

A customer gateway CGW is the anchor on the customer side of that connection. It can be a physical or software appliance. The anchor on the AWS side of the VPN connection is called a virtual private gateway VGW. There are two lines between the customer gateway and virtual private gateway because the VPN connection consists of two tunnels in case of device failure. When you configure your customer gateway, it's important you configure both tunnels.

The VPN connection will connect VGW attached to certain VPC and CGW on AWS.

Public and Private Virtual Interfaces VIFs are part of configuring a Direct Connect between on-premises and AWS

Explanation

The VPN connection will connect VGW attached to certain VPC and CGW on AWS.

Public and Private Virtual Interfaces VIFs are part of configuring a Direct Connect between on-premises and AWS

8 / 75

You are signed in as root user on your account but there is an Amazon S3 bucket under your account that you cannot access. What is a possible reason for this?

The S3 bucket has reached the maximum number of objects allowed

You are in the wrong availability zone

The S3 bucket is full.

An IAM user assigned a bucket policy to an Amazon S3 bucket and didn't specify the root user as a principal

Explanation

With IAM, you can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users can access. In some cases, you might have an IAM user with full access to IAM and Amazon S3. If the IAM user assigns a bucket policy to an Amazon S3 bucket and doesn't specify the root user as a principal, the root user is denied access to that bucket. However, as the root user, you can still access the bucket by modifying the bucket policy to allow root user access.

Explanation

9 / 75

Your company uses multiple Amazon VPCs and is setting up a new office. The company is deciding on the best way to connect this new, remote office network with the company’s Amazon VPC environment. Due to the fact it is a new office, no VPN equipment or internet connections exist yet, so this office can design any network connection type it desires. The highest priorities are: A predictable network performance A private connection avoiding the public internet Reduced bandwidth costs Minimal administration required to maintain the high availability of network endpoints Which VPC connection option best fits your requirements to connect your new office to one of your VPCs?

Configure a VPN connection with a hardware VPN.

Configure a VPN connection with a software VPN.

Connect via AWS Direct Connect

Use a hub-and-spoke model with AWS VPN CloudHub

Explanation

Establish a private connection from your new office’s network to your Amazon VPC using AWS Direct Connect is the most suitable option in this case. This option provides predictable network performance, reduces bandwidth costs, and doesn’t require that customers be responsible for implementing high availability solutions for all VPN endpoints. The downside of this option (possible requiring additional telecom and hosting provider relationships) is mitigated in this instance because the office is new and would need to provision a whole new network anyway

Explanation

10 / 75

You are developing a new application in which you need to transfer files over long distances between client-side storage and an S3 bucket. You decide to try sending data to the S3 bucket using S3 Transfer Acceleration. What must you do to achieve this? (Choose 2 answers)

Use the SDK S3 accelerate upload commands

Turn on S3 Transfer Acceleration for the bucket.

Use the new accelerate endpoints to transfer your data to S3.

Use the CLI S3 accelerate upload commands.

Explanation

After you turn on S3 Transfer Acceleration for a bucket, two new endpoints are created for the bucket: one for IPv4 and one for IPv6. You can use either the accelerate endpoints or the standard endpoints if you choose not to use the accelerate feature.

Explanation

11 / 75

You have determined specific instances will need to be resized by either scaling the instance(s) up or down.

What basic rules apply when resizing EC2 instances? (Choose 2 answers

Instances need to have the same virtualization type

Instances with limited storage compatibility require migration instead of resizing

You can only resize spot or on-demand instances but not reserved instances

Instances need to be from the same AMI

Explanation

When you resize an instance, you must select an instance type that is compatible with the configuration of the instance. If the instance type that you want is not compatible with the instance configuration you have, then you must migrate your application to a new instance with the instance type that you need. As your needs change, you might find that your instance is over-utilized (the instance type is too small) or under-utilized (the instance type is too large). If this is the case, you can change the size of your instance. For example, if your t2.micro instance is too small for its workload, you can change it to an m3. medium instance

Explanation

12 / 75

Trusted Advisor

Cloudwatch

SNS

CloudFront

Explanation

13 / 75

What statement regarding health check configuration options for your auto scaling group is correct?

You can use either EC2 Instance Status Checks or ALB health checks for your auto scaling group., but not both simultaneously

You can use both EC2 Instance Status Checks and ALB health checks simultaneously for your auto scaling group

You can only use ALB health checks as a health check for your auto scaling group

You can only use EC2 Instance Status Checks as a health check for your auto scaling group

Explanation

14 / 75

Your business is slowly migrating to the AWS cloud, but must continue to support its on-premises servers and networks while extending to the cloud. As a result, you are looking for every possible way to optimize costs while ensuring resources remain secure. In order to provide an extra layer of security, you would like for your servers hosted within your VPCs to communicate with other AWS services without leaving your VPC network. You would also like your on-premises servers to be able to connect to these same AWS services through your VPC instead of sending and receiving requests over the public internet. Which AWS networking service or component would satisfy these requirements?

VPC Virtual Private Gateways

VPC Gateway Endpoints

VPC Peering Connections

VPC Interface Endpoints

Explanation

With VPC Interface Endpoints, it is possible to connect to a number of AWS services both from resources within your Amazon VPC and from resources in your on-premises environment. This is not possible with VPC Gateway Endpoints.

Explanation

15 / 75

You have been contracted to start building the latest and greatest mobile chat app. The schedule for this development and delivery is time critical. What correct mix of AWS services and components should you consider to ensure that your mobile chat app can be produced on time, ensuring that the mobile chat app can authenticate and authorize users?

Create an auto scaling group of EC2 instances with custom and specialized authentication and authorization logic using SSL and JWT tokens to perform user authentication and authorization.

Configure Amazon Cognito together with IAM Roles and Policies, leverage the AWS Mobile SDK within the mobile chat app to perform user authentication and authorization

Configure Amazon CloudFront in association with AWS WAF to perform user authentication and authorization

Create an auto scaling group of EC2 instances with SAML 2.0 service endpoint, setup and install a custom LDAP directory, configure SSO within the mobile app to use the SAML 2.0 service endpoint to perform user authentication and authorization

Explanation

Answer “Configure Amazon Cognito together with IAM Roles and Policies, leverage the AWS Mobile SDK within the mobile chat app to perform user authentication and authorization” is correct. The question highlights that the “development and delivery is time critical” - therefore the best approach time wise is to use the fit for purpose managed services provided by AWS - in this case, Amazon Cognito, IAM Roles and Policies, and the AWS Mobile SDK.

Explanation

16 / 75

Your supervisor asks you to set up a NAT gateway so that your private subnets can communicate with the Internet. Which of the following are the things that you will need to do to ensure this works successfully? (Choose 3 answers)

Open port 80 to all incoming traffic

Update the route table associated with one or more of your private subnets to point Internet-bound traffic to the NAT gateway

Specify the public subnet in which the NAT gateway will reside.

Specify an Elastic IP address to associate with the NAT gateway when you create it

Explanation

To create a NAT gateway, you must specify the public subnet in which the NAT gateway will reside. You must also specify an Elastic IP address to associate with the NAT gateway when you create it. After you've created a NAT gateway, you must update the route table associated with one or more of your private subnets to point Internet-bound traffic to the NAT gateway. This enables instances in your private subnets to communicate with the Internet.

Each NAT gateway is created in a specific Availability Zone and implemented with redundancy in that zone. You have a limit on the number of NAT gateways you can create in an Availability Zone.

Explanation

Each NAT gateway is created in a specific Availability Zone and implemented with redundancy in that zone. You have a limit on the number of NAT gateways you can create in an Availability Zone.

17 / 75

You are creating a custom Virtual Private Cloud (VPC) which will host a mix of public and private instances. An EC2 instance has been deployed to one of the public subnets in this VPC. What are the configurations that have to be implemented to make this instance accessible from the internet? (Choose 3 answers)

Create a new record set and custom domain name for the new instance in Route 53

Make sure the instance has a public IP address

Attach an Internet gateway to the VPC and add a default route to the IGW in public subnet's route table

Edit security group to allow traffic to and from the internet on required ports

Explanation

Public and private subnets, except for the default VPC, do not automatically have Internet access enabled. To enable access to or from the Internet for instances in a VPC subnet, you must do the following:

Attach an Internet gateway to your VPC.
Ensure that your subnet's route table points to the Internet gateway.
Ensure that instances in your subnet have a globally unique IP address (public IPv4 address, Elastic IP address, or IPv6 address).
Ensure that your network access control and security group rules allow the relevant traffic to flow to and from your instance

Explanation

Attach an Internet gateway to your VPC.
Ensure that your subnet's route table points to the Internet gateway.
Ensure that instances in your subnet have a globally unique IP address (public IPv4 address, Elastic IP address, or IPv6 address).
Ensure that your network access control and security group rules allow the relevant traffic to flow to and from your instance

18 / 75

A MySQL database currently contains 2 million records. Approximately 2000 new records are added every day, with an average of 80 queries per second. The database is running on a 4 core, 4 GB dedicated system in the local data center. Once a week, on average, the system has issues and resets. It is next on the list to be moved to the cloud. What step should be taken first before it is migrated?

Order an on-demand instance matching the on-premises architecture.

Export all database records to S3.

Use the AWS server migration service to migrate existing records

Fix all MySQL issues in the local data center.

Explanation

Issues that are not first solved locally will not be solved by moving to the cloud. Moving to the cloud is not a silver bullet. If there are inherent problems in the existing architecture there is no guarantee that they will be solved by moving to the cloud. Try to resolve any issues locally before migrating your architecture (and its existing issues) to the cloud.

Explanation

19 / 75

Your team is developing an application using Elastic Beanstalk and discussing the most appropriate environment for deployment. What two types of environments can be created when using Elastic Beanstalk? (Choose 2 answers)

Web worker environment

Load-balancing and auto-scaling environment

Single-instance environment

Multi-region, multiple-instance environment

Explanation

In Elastic Beanstalk, you can create a load-balancing, autoscaling environment or a single-instance environment. The type of environment that you require depends on the application that you deploy. For example, you can develop and test an application in a single-instance environment to save costs and then upgrade that environment to a load-balancing, autoscaling environment when the application is ready for production.

Explanation

20 / 75

A client has contacted you about designing their AWS cloud environment. They want to fully migrate their compute environment to the cloud. Their biggest requirement is that they need high availability at both the web and database tiers. Their current database is MySQL. How might you best design high availability for their environment with cost being a consideration as well?

Auto scaling

Read Replicas

Cross-region replication

Multi-AZ Deployment

Explanation

Amazon RDS provides high availability and failover support for DB instances using Multi-AZ deployments. Amazon RDS uses several different technologies to provide failover support. Multi-AZ deployments for Oracle, PostgreSQL, MySQL, and MariaDB DB instances use Amazon's failover technology. SQL Server DB instances use SQL Server Mirroring. Amazon Aurora instances stores copies of the data in a DB cluster across multiple Availability Zones in a single region, regardless of whether the instances in the DB cluster span multiple Availability Zones.

Explanation

21 / 75

You need to create an Amazon Machine Image (AMI) for a customer for an application which does not appear to be part of the standard AWS AMI template that you can see in the AWS console. What are the alternative possibilities for creating an AMI on AWS ?

You can purchase an AMIs from a third party but cannot create your own AMI

Only AWS can create AMIs and you need to request them to create one for you.

You can purchase an AMIs from a third party or can create your own AMI.

Only AWS can create AMIs and you need to wait till it becomes available.

Explanation

You can purchase an AMIs from a third party, including AMIs that come with service contracts from organizations such as Red Hat. You can also create an AMI and sell it to other Amazon EC2 users. After you create an AMI, you can keep it private so that only you can use it, or you can share it with a specified list of AWS accounts. You can also make your custom AMI public so that the community can use it. Building a safe, secure, usable AMI for public consumption is a fairly straightforward process, if you follow a few simple guidelines.

Explanation

22 / 75

What steps will help you accomplish your top priority when a disaster occurs? (Choose 2 answers)

Extend your auto scaling group across multiple availability zones

Re-size the small capacity servers to run on larger EC2 instances

Modify your Amazon RDS servers to a multi-AZ deployment

Explanation

The two incorrect choices will increase your environment's resilience by adding availability

Explanation

The two incorrect choices will increase your environment's resilience by adding availability

23 / 75

Which modifications could potentially improve the performance of your database? (Choose 2 answers)

Decrease the currently allocated storage space

Increase the number of read replicas.

Increase the currently allocated storage space

Change the storage type to general-purpose SSD.

Explanation

24 / 75

Hardware MFA Device

AWS Security Token Service

SNS Notification Service

A software-based Virtual MFA device

Explanation

25 / 75

Your organization is thinking of running parts of their workload on AWS while keeping the critical and sensitive servers on-premises with continuous connectivity between instances in AWS and corporate data center. In such a hybrid cloud environment what are the minimum requirements to maintain resilient continuous connectivity between AWS and corporate data center?

A primary direct connect line and a VPN connection for backup connected to the corporate primary router

A primary and a backup direct connect line connected to the primary router in the corporate data center

A primary direct connect line connected to at least two routers in the corporate data center

A primary and a backup direct connect line and at least two routers in the corporate data center

Explanation

In Hybrid cloud environment where connectivity between AWS and Corporate datacenter is critical, redundant active/active or active/passive configurations should be implemented for connectivity resources. redundancy has to be on both sides (AWS and On-premises) hence the minimum requirements to implement this architecture is two direct connect lines and two customer devices (ideally in two different data centers)

Explanation

26 / 75

The total RCU divided by 5000 + total WCU divided by 1000

The total RCU divided by 3000 + total WCU divided by 1000

The total table size divided by 10 GB

The total table size divided by 40 GB

Explanation

DynamoDB tables are portioned based on the following: First, calculate total RCU/3000 + total WCU/1000. Then calculate the total size/10 GB. Then round up the higher of the two results.

Explanation

DynamoDB tables are portioned based on the following: First, calculate total RCU/3000 + total WCU/1000. Then calculate the total size/10 GB. Then round up the higher of the two results.

27 / 75

You need to change a deployed Elastic Beanstalk environment to provide additional performance for EC2 instances that a client is currently running on their application. To change your instance count for Elastic Beanstalk, select the necessary steps (in any order). (Choose 3 answers)

Open the Elastic Beanstalk console and navigate to the management page

Choose Configuration and then choose Scaling.

Open a command prompt window and execute the command change-elastic-beanstock -env.

Change the Minimum Instance Count and then Apply

Explanation

Elastic Beanstalk environments can be changed after creation. For example, if you have a compute-intensive application, you can change the type of Amazon EC2 instance that is running your application. To do this, you use the Scaling option in the management page of the Elastic Beanstalk console and change the minimum instance count.

Explanation

28 / 75

One of your customers is a large multi-national company whose infrastructure on AWS has grown significantly over the past year. The CIO has come to you asking how the huge amount of data that is being generated can be accessed in real-time which would give them a significant edge over all of their competitors. You know that AWS can provide a range of analytics but which of the following would be best to try and accomplish this?

Amazon Kinesis

AWS Data Pipeline

Amazon EMR

Amazon Elasticsearch

Explanation

Amazon Kinesis is a fully managed service for real-time processing of streaming data at massive scale. Amazon Kinesis can continuously capture and store terabytes of data per hour from hundreds of thousands of sources such as website clickstreams, financial transactions, social media feeds, IT logs, and location-tracking events. With Amazon Kinesis Client Library (KCL), you can build Amazon Kinesis Applications and use streaming data to power real-time dashboards, generate alerts, implement dynamic pricing and advertising, and more.

Explanation

29 / 75

Your company is migrating into Amazon Web Services and has selected the US East region in which to operate. The majority of your work involves interfacing with government departments in the United States and Germany. Your company expects the deployment into the cloud to be up and running in a minimum of time. Before deploying any resources in the European region, what should be your first consideration?

European privacy laws

Industry rules and standards

The number of web servers to deploy

The pre-warming storage and load balancers

Explanation

Privacy laws in foreign countries will dictate compliance rules and regulations. AWS customers remain responsible for complying with applicable compliance laws and regulations.

Explanation

Privacy laws in foreign countries will dictate compliance rules and regulations. AWS customers remain responsible for complying with applicable compliance laws and regulations.

30 / 75

You are designing monitoring and operation management for your environment on AWS and in the process of deciding which metrics to start with for your monitoring. Which of the following metrics should be included in your initial monitoring plan at a minimum? (Choose 3 answers)

Volume Queue Length

Memory Utilization

Disk Performance (Read and Write OPS)

CPU Utilization

Explanation

To establish a baseline you should, at a minimum, monitor the following items:

CPU Utilization
Memory Utilization
Network Utilization
Disk Performance
Disk Space.

Explanation

To establish a baseline you should, at a minimum, monitor the following items:

CPU Utilization
Memory Utilization
Network Utilization
Disk Performance
Disk Space.

31 / 75

A user is uploading a backup of data to S3 Glacier for the purpose of disaster recovery (DR). The data stored in S3 Glacier is part of a larger data recovery plan that involves other AWS services. There is a relatively small set of data (100 MB) that needs to be restored immediately when a DR plan is executed, and the organization is planning RTO of 1 hour. Assuming the data size meets the requirements for any of the given retrieval options below, which S3 Glacier data retrieval option would you plan in a DR situation?

Use Bulk retrievals

Use Expedited Retrievals with Provisioned Capacity

Use Standard retrievals

Use Expedited retrievals without Provisioned Capacity

Explanation

There are three retrieval options with Amazon S3 Glacier:

Expedited — There are two types of Expedited retrievals: On-Demand and Provisioned. On-Demand requests are similar to EC2 On-Demand instances and are available most of the time. Provisioned requests are guaranteed to be available when you need them, which is recommended for a DR plan.
Standard — Standard retrievals allow you to access any of your archives within several hours.
Bulk — Bulk retrievals are Amazon S3 Glacier’s lowest-cost retrieval option, which you can use to retrieve large amounts, even petabytes, of data inexpensively in a day. Bulk retrievals typically complete within 5–12 hours.

Explanation

There are three retrieval options with Amazon S3 Glacier:

Expedited — There are two types of Expedited retrievals: On-Demand and Provisioned. On-Demand requests are similar to EC2 On-Demand instances and are available most of the time. Provisioned requests are guaranteed to be available when you need them, which is recommended for a DR plan.
Standard — Standard retrievals allow you to access any of your archives within several hours.
Bulk — Bulk retrievals are Amazon S3 Glacier’s lowest-cost retrieval option, which you can use to retrieve large amounts, even petabytes, of data inexpensively in a day. Bulk retrievals typically complete within 5–12 hours.

32 / 75

You have been charged with investigating cloud security options for your company in light of recent suspected threats. You are aware that certain AWS services can help mitigate DDoS attacks, and you are specifically looking for a service that provides protection from counterfeit requests (Layer 7) or SYN floods (Layer 4). Which services provide this protection? (Choose 2 answers)

Route 53

CloudFront with AWS Shield

Amazon API Gateway

VPC Security Groups

Explanation

Amazon API Gateway automatically protects your backend systems from distributed denial-of-service (DDoS) attacks, whether attacked with counterfeit requests (Layer 7) or SYN floods (Layer 3). Additional reading is available here (https://aws.amazon.com/api-gateway/faqs/).

AWS Shield Advanced includes intelligent DDoS attack detection and mitigation for not only for the network layer (layer 3) and transport layer (layer 4) attacks but also for application layer (layer 7) attacks.

NACLs do not provide DDoS mitigation. They are used to control ingress and egress into a subnet based on port and source IP range. Route 53 can protect against DNS based DDoS attacks but does not protect entire layers. Elastic Load Balancing can protect EC2 instances specifically, but not other AWS resources.

Explanation

33 / 75

You have configured an AWS cloud environment for an ecommerce company. This environment is heavily reliant upon being highly available as downtime will lose the company a great deal of money. You monitor this environment very closely with numerous CloudWatch alarms. Recently you are seeing 'InsufficientInstanceCapacity' errors during auto scaling attempts during peak hours from 4:00 - 9:00 pm EST. This is causing costly downtime. Which option will best handle this situation?

Purchase Scheduled Reserved Instances for peak hours

Increase the maximum size of you auto scaling group to add more capacity

Scale up your RDS instance for more capacity

Use spot instances in place of on-demand instances

Explanation

If you get an InsufficientInstanceCapacity error when you try to launch an instance or start a stopped instance, AWS does not currently have enough available capacity to service your request. In this situation, reserved instances offer the required reliability to avoid outages and loss of money. Reserved Instances are a long-term capacity reservation, and you will not have to rely on Amazon having enough on-demand capacity. Usually these capacity issues are short term, but due to the nature of the company even short outages can be very costly.

Explanation

34 / 75

You are responsible for maintaining an RDS database deployed in a Multi-AZ deployment architecture. What would be the downtime and/or failover cycle associated with maintenance events on your database? (Choose 2 answers)

Maintenance will be applied to the primary instance first

Standby instance will become the new primary after maintenance

Maintenance will be applied to standby instance first.

The old primary will be promoted back to the new primary after maintenance

Explanation

Running a DB Instance as a Multi-AZ deployment can further reduce the impact of a maintenance event because Amazon RDS will conduct maintenance by following these steps: Perform maintenance on the standby.

Perform maintenance on the standby.
Promote the standby to primary.
Perform maintenance on the old primary, which becomes the new standby.

Explanation

Perform maintenance on the standby.
Promote the standby to primary.
Perform maintenance on the old primary, which becomes the new standby.

35 / 75

Due to compliance rules and regulations, your company's workload has to run on dedicated instances. How can you make sure that all EC2 instances created for your workload now and in the future are dedicated instances? (Choose 2 answers)

Create a dedicated Placement Group and associate all new instances with this placement group at launch time. All instances launched in a dedicated placement group will be dedicated

Create your VPCs with instance tenancy of dedicated. This will ensure that all instances launched in VPC are dedicated

Create a golden AMI of the dedicated instance and enforce this AMI as the base for any new instance in your environment. This guarantees that all instances created based on the AMI will be dedicated

Create a CloudFormation template that has the EC2 Instance Tenancy attribute as dedicated and always use it to launch any new instance

Explanation

You can create a VPC with an instance tenancy of dedicated to ensure that all instances launched into the VPC are dedicated instances. Alternatively, you can specify the tenancy of the instance during launch

Explanation

36 / 75

A major customer has asked you to set up his AWS infrastructure so that it will be easy to recover in the case of a disaster of some sort. Which of the following is important when thinking about being able to quickly launch resources in AWS to ensure business continuity in case of a disaster?

All items listed here are important when thinking about disaster recovery.

Create and maintain AMIs of key servers where fast recovery is required

Regularly run your servers, test them, and apply any software updates and configuration changes.

Ensure that you have all supporting custom software packages available in AWS.

Explanation

In the event of a disaster to your AWS infrastructure you should be able to quickly launch resources in Amazon Web Services (AWS) to ensure business continuity. The following are some key steps you should have in place for preparation: 1. Set up Amazon EC2 instances to replicate or mirror data. 2. Ensure that you have all supporting custom software packages available in AWS. 3. Create and maintain AMIs of key servers where fast recovery is required. 4. Regularly run these servers, test them, and apply any software updates and configuration changes. 5. Consider automating the provisioning of AWS resources.

Explanation

37 / 75

Your engineers are concerned about application availability during in-place updates to a live Elastic Beanstalk stack. You advise them to consider a blue/green deployment and then list the necessary steps to carry out this deployment. Which steps are valid to include? (Choose 3 answers)

Deploy the new version of the application

From the new environment’s dashboard, swap environmental URLs and click Swap

From the new environment’s dashboard, choose Restart Environment

Clone your current environment

Explanation

Blue/green deployments resolve application unavailability during updates.

To perform a blue/green deployment:

Open the Elastic Beanstalk console.
Clone your current environment, or launch a new environment running the desired configuration.
Deploy the new application version to the new environment.
Test the new version in the new environment.
From the new environment's dashboard, choose Actions and then choose Swap Environment URLs.

Explanation

Blue/green deployments resolve application unavailability during updates.

To perform a blue/green deployment:

Open the Elastic Beanstalk console.
Clone your current environment, or launch a new environment running the desired configuration.
Deploy the new application version to the new environment.
Test the new version in the new environment.
From the new environment's dashboard, choose Actions and then choose Swap Environment URLs.

38 / 75

You are developing a static website using S3 for your company’s clients. Your team is configuring the site and has granted public read access. What other steps must they take? (Choose 2 answers)

Specify a default index document

Enable server-side scripting

Enable static website hosting.

Create a website page hierarchy

Explanation

To configure a bucket for static website hosting, you add a website configuration to your bucket. The configuration includes an index document, error documents, redirects of all requests that are intended for the index page, and any conditional redirects. Amazon S3 does not support server-side scripting.

Explanation

39 / 75

Your company is concerned with EBS volume backup on Amazon EC2 and wants to ensure they have proper backups that are scheduled once a day and that the data is durable. Which of the following options would be best for this? (Choose 2 answers)

Use the AWS Console to stop the instance, copy it to AWS Glacier and then start the instance again.

Use the AWS Console to take a snapshot of production EBS volumes

Write a Lambda function to take a snapshot of production EBS volumes

Write a cronjob and implement it via CloudWatch Events to take a snapshot of production EBS volumes

Explanation

The data is durable because EBS snapshots are stored on the Amazon S3 standard storage class.
You cannot schedule snaphots in the AWS Console.

Explanation

The data is durable because EBS snapshots are stored on the Amazon S3 standard storage class.
You cannot schedule snaphots in the AWS Console.

40 / 75

Your web-based application has been launched publicly. Your design has implemented auto scaling and classic load balancing and your design is responding to the changes in demand as expected. Over the next few months, during the holiday season, demand is expected to be quite robust. You estimate that 100 EC2 instances will be required to meet your customers’ demand. How should you plan properly for growth? (Choose 2 answers)

Add a second load balancer for additional redundancy

Use AWS Trusted Advisor to analyze your workload requirements

Change your auto scaling configuration, setting a desired maximum capacity of 100 instances. Verify your limits allow for this capacity

Contact Amazon to pre-warm your elastic load balancer to match the expected demands.

Explanation

In certain scenarios, such as when flash traffic is expected, or in the case where a load test cannot be configured to gradually increase traffic, AWS recommends that you have your load balancer "pre-warmed". They will configure the load balancer to have the appropriate level of capacity based on the traffic that you expect. They also need to know the start and end dates of your tests or expected flash traffic, the expected request rate per second and the total size of the typical request/response that you will be testing

Explanation

41 / 75

You are performing some testing of an application in development and wish to delete the parts of a multipart upload after a mistake is made with part numbering. Which command would you run to stop the upload and delete all the parts?

Delete multipart upload

Abort multipart upload

Remove multipart upload

Cancel multipart upload

Explanation

To delete the parts of a failed multipart upload so that you do not get charged for storage of those parts, you must use the command “Abort Multipart Upload” and provide the upload ID of upload you wish to abort. After aborting a multipart upload, you cannot upload any part using that upload ID again. All storage that any parts from the aborted multipart upload consumed is then freed.

Explanation

42 / 75

AWS Config

Simple Queue Service

CloudWatch Logs

Simple Workflow Service

Explanation

43 / 75

A legacy application in your company has been deployed in a single availability zone. It is used only sporadically but must be available nevertheless. Due to your heavy administrative workload, you wish to automate a process that will rebuild the application automatically if it fails. What action should you take?

Monitor the server availability using Cloud Watch metrics to receive alerts of health check failures.

Perform snapshots of EBS volumes on a set schedule.

Add an additional availability zone and a load balancer.

Configure the server in an auto scaling group with a minimum and maximum size of one

Explanation

Auto scaling provides redundancy for a single server with the option of launching a configuration using the attributes from a running instance. When you use this option, auto scaling copies the attributes from the specified instance into a template from which you can launch one or more auto scaling groups.

Note that if the specified instance has properties that are not currently supported by auto scaling, instances launched by auto scaling using the launch configuration created from the identified instance might not be identical to the identified instance.

Explanation

44 / 75

Your account has 3 VPCs deployed in the same region.

The IPv4 address ranges of the VPCs are:

VPC A 172.22.0.0/16

VPC B 10.3.0.0/16

VPC C 10.4.0.0/16

Connect VPC A to pcx-abcxyz

Connect VPC A to VPC B using VPC Peering and allow VPC C to access VPC A through VPC B

Create separate VPC Peering connections between VPC A & VPC B and VPC A & VPC C

Add static routes to VPC A with Targets of 10.3.0.0/16 and 10.4.0.0/16 and a Destination of pcx-abcxyz

Explanation

45 / 75

Your organization is migrating applications to AWS. Your new security policy mandates that all user accounts be created and managed through IAM. Currently, your corporation is using Active Directory as their on-premise LDAP service. Once applications go live at AWS, all users must access applications using temporary access credentials, and all IAM users must have passwords that are rotated on a set schedule. Which of the following actions will allow you to enforce this security policy? (Choose 3 answers)

Deploy federation services that support the Security Token Service

Disable the root account for your AWS account.

Create and enforce a password expiration policy option for all IAM users.

Create required IAM user accounts

Explanation

STS is the “glue” that supports temporary access credentials for federation. If you are running code, AWS CLI, or Tools for Windows PowerShell commands inside an EC2 instance, you can take advantage of roles for Amazon EC2. Otherwise, you can call an AWS STS API to get the temporary credentials, and then use them explicitly to make calls to AWS services.

Explanation

46 / 75

You wish to perform detailed monitoring on servers that are marked as unhealthy before they are terminated. After researching the issue, you find that lifecycle hooks can be deployed as necessary. Which strategies could you use to perform detailed monitoring? (Choose 2 answers)

Create a longer cooldown period in the launch configuration

Define a notification target for the lifecycle hook

Query 160.254.169.254 when instances are first marked as unhealthy

Use a CloudWatch event to invoke a Lambda function

Explanation

Lifecycle hooks allow customization of existing auto-scaling groups

Explanation

Lifecycle hooks allow customization of existing auto-scaling groups

47 / 75

You’ve designed a public portal (with a MySQL database) featuring popular scientific journals. Due to its popularity, users are complaining it takes much longer to review selected journals than in the past. In addition, the popularity of your site is worldwide.

What are the first steps that you should take to resolve your performance issues? (Choose 2 answers)

Create a read replica of your master database

Place additional read replicas in AWS regions closer to your users

Deploy ElasticSearch for faster searching of available scientific journals

Redesign your database as a Multi-AZ solution

Explanation

Read replicas of your master database allow you to increase performance. Placing your read replicas in different AWS regions closer to your users will maximize performance and increase the availability of your database.

Explanation

48 / 75

Your on-premise bare-metal servers are over five years old. You’re considering moving to AWS. The offerings of virtual instances far surpass what you can access on-premises. Before you choose your test instance at AWS, what questions should you ask? (Choose 3 answers)

What is the cost of over-provisioning?

When peak load occurs, how much over-provisioning is required?

How much network bandwidth do you need?

What is the average server utilization?

Explanation

On-premises data centers have costs associated with the servers, storage, networking, power, cooling, physical space, and IT labor required to support applications and services running in the production environment. For servers, these questions are most applicable: What is your average server utilization? How much do you overprovision for peak load? What is the cost of over-provisioning?

Explanation

49 / 75

Your client's AWS environment contains several EBS-backed EC2 instances for a project that needs to be postponed.

What choices below will allow you to avoid charges for these on-demand instances, but retain data currently stored within these instances? (Choose 2 answers)

Terminate all the instances.

Take a snapshot of all the instances and then terminate all the instances.

Stop all the instances

Terminate all the instances and then make an image of all the instances.

Explanation

If you stop the instances you will not be charged and the data will still be kept. If you terminate the instances you will lose all your data. If you take a snapshot of all the instances and then terminate all the instances you will not be charged but will still have all your data in the snapshot which can be restored later.

Explanation

50 / 75

Tag all resources with the appropriate business unit.

Give them access to TCO calculator.

Set up consolidated billing

Enable Cost and Usage reports.

Explanation

By tagging all resources with the business unit and enabling detailed billing reports, you would enable the finance team to run cost reports by business unit.

Explanation

By tagging all resources with the business unit and enabling detailed billing reports, you would enable the finance team to run cost reports by business unit.

51 / 75

The IAM administrator is trying to create IAM groups and IAM users for employees within numerous separate company departments. The owner has created groups for each department, but needs even further separation between department subgroups within IAM groups. For example, two users from different department subgroups should be identified separately and have separate permissions.

How can the IAM administrator configure this?

Create a hierarchy of separate IAM users based on their department

Create a nested IAM group

Use the paths to separate IAM users within the same IAM group

It is not possible to subdivide IAM users within an IAM group

Explanation

The path functionality within an IAM group and user allows them to delineate by further levels. In this case, the user needs to use the path with each user or group so that the ARN of the user will look similar to:

arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/user1
arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/user2

Explanation

arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/user1
arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/user2

52 / 75

You have deployed an application hosted on both a primary instance and a secondary standby instance. The instances are in the same subnet within a VPC.

If the primary instance fails, you would like to failover to the secondary instance without having to reconfigure the application. How can you accomplish this? (Choose 3 answers)

Attach elastic network interfaces to the primary and secondary instances

Use load balancing to redirect traffic to the secondary instance

Use an additional elastic network interface for failover to another instance

Add a second private IP address to the primary instance's ENI that can be moved to the secondary instance's ENI.

Explanation

The ENI can only be attached to an instance hosted in a VPC. When you move a network interface from one instance to another, network traffic is redirected to the new instance. Some network and security appliances, such as load balancers, network address translation (NAT) servers, and proxy servers prefer to be configured with multiple network interfaces. You can create and attach secondary network interfaces to instances in a VPC that are running these types of applications and configure the additional interfaces with their own public and private IP addresses, security groups, and source/destination checking

Explanation

53 / 75

An international web journal hosted on AWS handles requests for technical publications. The front-end tier is hosted in a VPC with multiple availability zones, auto-scaling groups, and cross zone load-balancing. RDS hosts the application database responsible for indexing and searching the content, and technical journals are served from S3 buckets. At certain times, specific professional journals became quite popular, causing viewing delays. Which additional components could be utilized in your architecture to help improve performance? (Choose 2 answers)

Add cross-region replication to S3 buckets hosting your journals

Utilize ElasticCache with Lazy Loading to cache popular searches and indexes

Utilize the SQS service to speed up response to requests

Deploy CloudFront to help with content delivery to users in remote geographic locations

Explanation

Lazy loading keeps the cache up to date based only on requests, which avoids filling up the cache needlessly, but if data is only written to the cache when there is a cache miss, data in the cache can become stale since there are no updates to the cache when data is changed in the database. This issue is addressed by using lazy loading in conjunction with write through, which adds data or updates data in the cache whenever data is written to the database. You may also use CloudFront to optimize your caching. By default, CloudFront doesn't consider headers when caching your objects in edge locations. If your origin returns two objects and they differ only by the values in the request headers, CloudFront caches only one version of the object

Explanation

54 / 75

To optimize the cost associated with your application's compute layer, your development team decided to integrate spot instances to support spikes in your workload. However, your auto scaling group should always contain eight (8) on-demand or reserved instances to process the normal amount of requests, and deploy a combination of spot and on-demand instances to manage spikes of activity requiring more than eight (8) instances.

How can you ensure there are always eight (8) on-demand instances to support your compute layers' typical workload?

Within your launch template, set the instance weighting for on-demand instances to eight (8) instances.

Within your launch template, set the auto scaling group's minimum capacity to eight (8) instances.

Within your launch template, set the auto scaling group's optional on-demand base to eight (8) instances.

Within your launch template, set the auto scaling group's desired capacity to eight (8) instances.

Explanation

When you want to include instances with multiple purchase types in the same auto scaling group, you have the ability to maintain a set number of on-demand instances will be deployed at all times, and then split the remaining instances between multiple purchase types as you see fit. To configure this, set a number of instances as your "optional on-demand base" within your launch template. This is not possible using a launch configuration.

Explanation

55 / 75

What does Amazon DynamoDB provide?

A fast and reliable PL/SQL database cluster

A fast, highly scalable managed NoSQL database service

A standalone Cassandra database, managed by Amazon Web Services

A predictable and scalable MySQL database

Explanation

Amazon DynamoDB is a managed NoSQL database service offered by Amazon. It automatically manages tasks like scalability for you while it provides high availability and durability for your data, allowing you to concentrate in other aspects of your application

Explanation

56 / 75

A user wants to use an EBS-backed Amazon EC2 instance for a temporary job. Based on the input data, the job is most likely to finish within a week. Which one of the following is the best way to terminate the instance automatically once the job is finished?

Configure a CloudWatch alarm to terminate the instance once it is idle.

Configure an Auto Scaling scheduled activity to terminate the instance after seven days

Associate the EC2 instance with an ELB to terminate the instance when it remains idle

Configure the EC2 instance with a stop instance to terminate it.

Explanation

Auto Scaling can start and stop the instance at a pre-defined time. Here, the total running time is unknown. Thus, the user has to use the CloudWatch alarm, which monitors the CPU utilization. The user can create an alarm that is triggered when the average CPU utilization percentage has been lower than 10 percent for 24 hours, signaling that it is idle and no longer in use. When the utilization is below the threshold limit, it will terminate the instance as a part of the instance action.

Explanation

57 / 75

Your client has contacted you about an existing AWS cloud environment that they have. They have a large number of T2 large instances in a VPC but have statistics indicating they may need larger instances soon. Another consideration is the company's limited budget to add new instances and/or upgrade its current instances. However, they need to do something and are relying on you to provide a solution. This company has used its existing instances for over 3 years and expects a similar lifespan for any new solution.

What changes would best address the issues with their compute resources? (Choose 2 answers)

Upgrade to Enhanced Networking instances.

Use spot instances to supplement the existing instances.

Upgrade to standard reserved instances

Replace T2 large instances with large general purpose instances.

Explanation

T2 instances are Burstable Performance Instances that provide a baseline level of CPU performance with the ability to burst above the baseline. The baseline performance and ability to burst are governed by CPU Credits. M4 instances are the latest generation of General Purpose Instances. This family provides a balance of compute, memory, and network resources, and it is a good choice for many applications. In this instance, the only option which provides for growth while keeping costs in check is to upgrade to reserved M4 instances on a long term 3 year contract.

Explanation

58 / 75

A user has set up the CloudWatch alarm on the CPU utilization metric at 50%, with a time interval of 5 minutes and 10 periods to monitor. What will be the state of the alarm at the end of 90 minutes, if the CPU utilization is constant at 80%?

INSUFFICIENT_DATA

ALARM

ALERT

Explanation

In this case the alarm watches a metric every 5 minutes for 10 intervals. Thus, it needs at least 50 minutes to come to the "OK" state. Till then it will be in the INSUFFUCIENT_DATA state. Since 90 minutes have passed and CPU utilization is at 80% constant, the state of alarm will be "ALARM".

Explanation

59 / 75

You have begun your migration into Amazon Web Services using the AWS Database Migration Service. You are pleased that there are no errors; however, the migration tasks are running slowly. You review the resources that have been assigned to the AWS DMS replication instance, and they seem to be adequate. Which other task could you perform to help speed up the initial migration tasks?

Reduce the frequency of automatic backups.

Turn off all logging on the target database

Increase the IOPs on the replication instance.

Enable multi-availability zones on the target database instance.

Explanation

Turning off automatic backups or logging on the target database during the migration will help increase the speed of the initial migration load.

Explanation

Turning off automatic backups or logging on the target database during the migration will help increase the speed of the initial migration load.

60 / 75

You are configuring your application's compute layer using AWS EC2 Auto Scaling. When configuring the group's capacity, you have set the auto scaling group's minimum capacity to four, the desired capacity to 8, and the maximum capacity to 16. When you deploy your auto scaling group, and the instances have completely deployed, how many instances will there be within your group?

Explanation

You configure the size of your Auto Scaling group by setting the minimum, maximum, and desired capacity. The minimum and maximum capacity are required to create an Auto Scaling group, while the desired capacity is optional. If you do not define your desired capacity upfront, it defaults to your minimum capacity.

By default, the minimum, maximum, and desired capacity are set to one instance when you create an Auto Scaling group from the console. If you change the desired capacity, the capacity that you specify will be the total number of instances launched right after creating your Auto Scaling group.

An Auto Scaling group is elastic as long as it has different values for minimum and maximum capacity. All requests to change the Auto Scaling group's desired capacity (either by manual scaling or automatic scaling) must fall within these limits.

If you choose to automatically scale your group, the maximum limit lets Amazon EC2 Auto Scaling scale out the number of instances as needed to handle an increase in demand. The minimum limit helps ensure that you always have a certain number of instances running at all times

Explanation

61 / 75

Select a true statement about Amazon EC2 Security Groups (EC2-Classic).

After you launch an instance in EC2-Classic, you cannot add or remove rules from a security group.

After you launch an instance in EC2-Classic, you can change its security groups only once.

After you launch an instance in EC2-Classic, you can only add rules to a security group.

After you launch an instance in EC2-Classic, you can't change its security groups.

Explanation

After you launch an instance in EC2-Classic, you can't change its security groups. However, you can add rules to or remove rules from a security group, and those changes are automatically applied to all instances that are associated with the security group

Explanation

62 / 75

You are looking for a simple way to configure high availability for your EC2 instances. You need to create a plan for replacing unhealthy or failed instances. It is acceptable to have a short amount of downtime to keep costs down. Which process is appropriate for achieving this?

Create a custom AMI and use it to create an Auto Scaling Launch Configuration; then create a “Steady State” auto scaling policy using a minimum of 2 instances and a maximum of 2 instances.

Create a custom AMI of your EC2 instance, and configure a CloudWatch alarm based on StatusCheckFailed_Instance with an EC2 action of “Reboot this instance.”

Create a custom AMI of your EC2 instance, and configure a CloudWatch alarm based on StatusCheckFailed_Instance with an EC2 action of “Recover this instance.”

Create a custom AMI of your EC2 instances. Use the custom AMI to create a new EC2 instance if there are issues with a current EC2 instance, and move the EIP to the new instance.

Explanation

Creating a custom AMI of the instance for which you are trying to provide HA allows you to bring the instance online quickly with no build time. Moving the EIP from the instance, you are replacing to the new instance will send all traffic to the new instance without any change to DNS, which would take time to propagate. Using the AutoRecover option will not replace the unhealthy or failing instance. It will only try to restart it on another host. Creating a “Steady State” Auto Scaling Group would also be a good solution, although using two as a minimum would have a higher cost.

Explanation

63 / 75

You are in a company meeting serving as Lead Architect. Your company wants to expand into the cloud by creating an area for low latency and high throughput of up to 10 Gbps. You recommend using a cluster placement group. What features in your design should be in place to take full advantage of a cluster placement group? (Choose 2 answers)

EC2 instances that support enhanced networking

Reserved instances that provide highest availability

Instances in multiple Availability Zones for fault tolerance

All instances grouped in a single Availability Zone

Explanation

A placement group is a logical grouping of instances within a single Availability Zone. Cluster placement groups are recommended for applications that benefit from low network latency, high network throughput, or both. To provide the lowest latency, and the highest packet-per-second network performance for your cluster placement group, choose an instance type that supports enhanced networking

Explanation

64 / 75

Your team has found that a client's load balancer needs to be configured with support for SSL offload using the default security policy. When negotiating the SSL connections between the client and the load balancer, you want the load balancer to determine which cipher is used for the SSL connection. Which actions perform this process on the load balancer? (Choose 3 answers)

Select the default security policy.

Choose the server order preference option

Select a client configuration preference option

Enable SSL offload.

Explanation

Elastic Load Balancing uses a Secure Socket Layer (SSL) negotiation configuration, known as a security policy, to negotiate SSL connections between a client and the load balancer. A security policy is a combination of SSL protocols, SSL ciphers, and the Server Order Preference option.

Explanation

65 / 75

You are an engineer at a large bank, responsible for managing your firm’s AWS infrastructure. The finance team has approached you, indicating their concern over the growing AWS budget, and has asked you to investigate ways to lower it. Since your firm has enterprise-level support, you decide to use the AWS Trusted Advisor tool for this effort. What are some of the cost optimization checks that Trusted Advisor will perform? (Choose 3 answers)

Underutilized Amazon Redshift Clusters

Idle Load Balancers

EC2 Spot Instance Optimization

Underutilized Amazon EBS Volumes

Explanation

Trusted Advisor checks for Amazon EC2 reserved instances optimization, low utilization of Amazon EC2 instances, idle Load Balancers, underutilized Amazon EBS Volumes, unassociated Elastic IP Addresses, Amazon RDS idle DB instances, Amazon Route 53 Latency Resource Record Sets, Amazon EC2 reserved instance lease expiration and underutilized Amazon Redshift Clusters

Explanation

66 / 75

The total table size divided by 10 GB

The total RCU divided by 3000 + total WCU divided by 1000

The total RCU divided by 5000 + total WCU divided by 1000

The total table size divided by 40 GB

Explanation

DynamoDB tables are portioned based on the following: First, calculate total RCU/3000 + total WCU/1000. Then calculate the total size/10 GB. Then round up the higher of the two results

Explanation

DynamoDB tables are portioned based on the following: First, calculate total RCU/3000 + total WCU/1000. Then calculate the total size/10 GB. Then round up the higher of the two results

67 / 75

A user is running a batch process which runs for 1 hour every day. Which of the below mentioned options is the right instance type and costing model in this case if the user performs the same task for the whole year?

EBS backed instance with heavy utilized reserved instance pricing

Instance store backed instance with spot instance pricing.

EBS backed instance with low utilized reserved instance pricing

EBS backed instance with on-demand instance pricing.

Explanation

For Amazon Web Services, the reserved instance helps the user save money if the user is going to run the same instance for a longer period. Generally, if the user uses the instances around 30-40% annually it is recommended to use RI. Here as the instance runs only for 1 hour daily it is not recommended to have RI as it will be costlier. The user should use on-demand with EBS in this case.

Explanation

68 / 75

You have been assigned to a client for whom your company designed and implemented an AWS cloud environment. The client is a government contracting firm and handles sensitive data. They have identified a set of IP addresses in a foreign country that has attempted to access their servers. You have been asked to implement a solution which will deny access to the IP address range from which these addresses originate. Which AWS service will best handle denial of a defined set of IP addresses without adding considerable cost?

AWS WAF

Network Access Control List

Routing Table

Security Group

Explanation

Your VPC automatically comes with a modifiable default Network ACL. By default, it allows all inbound and outbound IPv4 traffic and, if applicable, IPv6 traffic. You can create a custom Network ACL and associate it with a subnet. By default, each custom Network ACL denies all inbound and outbound traffic until you add rules. Each subnet in your VPC must be associated with a network ACL. If you don't explicitly associate a subnet with a network ACL, the subnet is automatically associated with the default network ACL.

AWS WAF could meet the same security requirements, but would add considerably more cost to your overall budget

Explanation

AWS WAF could meet the same security requirements, but would add considerably more cost to your overall budget

69 / 75

You have started your own consulting business and have been contracted by a doctors office to help move their outdated scheduling and billing system to the cloud. One feature you have offered at low cost is a disaster recovery solution that will keep their offices operational with minimal downtime. You've configured a standby EC2 instance that can be spun up in minutes. What feature can be quickly attached to the standby EC2 instance in a failover situation, to get the standby operational as quickly as possible?

IPv6 address

Elastic Load Balancer

Elastic Network Interface

MAC address

Explanation

An elastic network interface is a virtual network interface that you can attach to an instance in a VPC. Network interfaces are available only for instances running in a VPC. If one of your instances serving a particular function fails, its network interface can be attached to a replacement or hot standby instance pre-configured for the same role to rapidly recover the service.

Explanation

70 / 75

You are in the process of planning your backup strategy between an on-premises data center and AWS cloud. You are considering Storage Gateway technology for backup and restore in your hybrid environment. What are the primary factors that affect Backup and Recovery times when using Storage Gateways? (Choose 2 answers)

Amount of data required for backup each day after on-premise data deduplication and compression

Amount of data required for backup each day before on-premise data deduplication and compression

Net available bandwidth between on-premises and AWS over the public internet or Direct Connect line.

Compute power of on-premises instances that need to be backed up

Explanation

Storage gateways interact with AWS over the public Internet or direct connect. You will need to know the amount of data per day that needs to be transferred to Amazon S3 and the net available bandwidth of your network connection. Storage Gateway is capable of running data compression, and comparison so only changed data is being backed up.

Explanation

71 / 75

A user has launched two EBS backed EC2 instances in the us-east-1a availability zone. The user wants to change the availability zone of one of the instances. How can the user change it?

The zone can only be modified using the AWS CLI

From the AWS EC2 console, select the Actions - > Change zones and specify the new zone

It is not possible to change the zone of an instance after it is launched

Stop one of the instances and change the availability zone

Explanation

With AWS EC2, when a user is launching an instance he can select the availability zone (AZ) at the time of launch. If the zone is not selected, AWS selects it on behalf of the user. Once the instance is launched, the user cannot change the zone of that instance unless he/she creates an AMI of that instance and launches a new instance from it

Explanation

72 / 75

You are a DBA at a rapidly growing company and you want to shorten failover time for your Amazon RDS SQL Server database. Which strategies will shorten failover time? (Choose 2 answers)

Use smaller transactions

Ensure you have provisioned sufficient IOPS.

Configure the health check using shorter intervals.

Use larger transactions.

Explanation

Recovery takes IOPS; therefore, insufficient IOPS will slow down failover time. Database recovery relies on transactions; therefore, smaller transactions will shorten failover time.

Explanation

Recovery takes IOPS; therefore, insufficient IOPS will slow down failover time. Database recovery relies on transactions; therefore, smaller transactions will shorten failover time.

73 / 75

You have been chosen to lead the design of an AWS cloud environment for an accounting firm. The firm needs high availability and scalability and your team is considering a multi-AZ deployment. In addition, the firm expects to need Online Analytics processing (OLAP) for their Actuarial Department. What AWS service is best to meet the OLAP requirement?

Amazon Redshift

Amazon RDS

Amazon RDS with DynamoDB for caching

Amazon Elasticahe

Explanation

Amazon Redshift is a fast, fully managed data warehouse that makes it simple and cost-effective to analyze all your data using standard SQL and your existing Business Intelligence (BI) tools. It allows you to run complex analytic queries against petabytes of structured data, using sophisticated query optimization, columnar storage on high-performance local disks, and massively parallel query execution.

Explanation

74 / 75

What is one security benefit of utilizing the Elastic Load Balancer?

Blocking network traffic based on heuristic analysis

Providing TLS/SSL termination as well as centralized certificate management

Performing network address translation

Providing encrypted data storage for use in application development

Explanation

The Elastic Load Balancer can integrate with the AWS Certificate Manager to provide a central method of managing your TLS/SSL certificates. It allows you to renew, deploy and configure your TLS/SSL certificates for your application or website from a single location.

Explanation

75 / 75

Your new client is a federal agency utilizing a hybrid cloud environment. The agency distributes large amounts of sensitive data throughout the world. Your task is to ensure that the data is secure using various encryption techniques as well as security groups and access control lists.

One of the requirements is to distribute content utilizing CloudFront for optimal performance but to completely restrict access from within certain blacklisted countries. What service can you use with CloudFront to fulfill this requirement?

firewall rules

IAM roles

Geo-restriction

Server-side encryption

Explanation

You can use geo restriction, also known as geoblocking, to prevent users in specific geographic locations from accessing content that you're distributing through a CloudFront web distribution.

To use geo restriction, you have two options:

Use the CloudFront geo restriction feature. Use this option to restrict access to all of the files that are associated with a distribution and to restrict access at the country level.
Use a third-party geolocation service. Use this option to restrict access to a subset of the files that are associated with a distribution or to restrict access at a finer granularity than the country level

Explanation

You can use geo restriction, also known as geoblocking, to prevent users in specific geographic locations from accessing content that you're distributing through a CloudFront web distribution.

To use geo restriction, you have two options:

Use the CloudFront geo restriction feature. Use this option to restrict access to all of the files that are associated with a distribution and to restrict access at the country level.
Use a third-party geolocation service. Use this option to restrict access to a subset of the files that are associated with a distribution or to restrict access at a finer granularity than the country level

Your score is

The average score is 14%

LinkedIn Facebook Twitter

Please rate your experience to help us improve !

Follow Us

Basic & Fundamentals

Recent Posts

Most Read

AWS Certified Solutions Architect Professional – Free Practice Tests

AWS Certified Solutions Architect Professional – Learning Mode

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

AWS Certified Solutions Architect Professional – Exam Mode

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation