AWS Certified Solutions Architect Professional - Free Practice Tests

This AWS practice test helps you to pass the following AWS exams and can also helps you to revise the AWS concepts if you are preparing for AWS interviews.

AWS Certified Solutions Architect Professional
AWS Certified Solutions Architect Associate
AWS Certified Cloud Practitioner

Below AWS practice tests has two different Modes

Learning Mode: 25 questions per test with answers and explanation, no time limit, repeat tests
Exam Mode: 75 questions per test (similar to real AWS exam), 180 minutes, repeat tests

AWS Certified Solutions Architect Professional – Learning Mode

/25

1 votes, 5 avg

AWS Certified Solutions Architect Professional - Learning Mode

1 / 25

One of your developers is creating an application that must upload large files to an S3 bucket. You suggest that they use the multipart upload feature. Which actions are required from the developer to complete a multipart upload? (Choose 2 answers)

Upload each part with an upload ID and a part number.

Create ordered ETag values to label each part.

Send a request to initiate a multipart upload

Construct the final object from the parts.

Explanation

When you send a request to initiate a multipart upload, Amazon S3 returns a response with an upload ID, which is a unique identifier for your multipart upload. You must include this upload ID whenever you upload parts, list the parts, complete an upload, or abort an upload. When uploading a part, in addition to the upload ID, you must specify a part number that uniquely identifies a part and its position in the object you are uploading. Amazon S3 returns an ETag header in its response. For each part upload, you must record the part number and the ETag value for use in each subsequent request.

Explanation

2 / 25

Which one of the below is not an AWS Storage Service?

Amazon Glacier

Amazon CloudFront

Amazon EBS

Amazon S3

Explanation

AWS Storage Services are: Amazon S3 Amazon Glacier Amazon EBS AWS Storage Gateway

Explanation

AWS Storage Services are: Amazon S3 Amazon Glacier Amazon EBS AWS Storage Gateway

3 / 25

You are configuring Amazon Route 53 to route traffic destined for yourwebsite.com to an Application Load Balancer that is configured to distribute traffic in two availability zones in the same AWS region. Which record set should you edit to point traffic for yourwebsite.com to your Application Load Balancer? Select the answer that is the most cost-effective and scalable.

CNAME

Alias

Explanation

yourwebsite.com is a zone apex. Alias record sets can be used to set a zone apex, but CNAME records cannot. Additionally, queries to Alias records that are mapped to an ELB are free. A records are used to map IPv4 addresses to FQDNs, the IP address of the ELB may change. MX records are used for email servers.

Explanation

4 / 25

You are in the process of planning your backup strategy between an on-premises data center and AWS cloud. You are considering Storage Gateway technology for backup and restore in your hybrid environment. What are the primary factors that affect Backup and Recovery times when using Storage Gateways? (Choose 2 answers)

Amount of data required for backup each day before on-premise data deduplication and compression

Net available bandwidth between on-premises and AWS over the public internet or Direct Connect line.

Compute power of on-premises instances that need to be backed up

Amount of data required for backup each day after on-premise data deduplication and compression

Explanation

Storage gateways interact with AWS over the public Internet or direct connect. You will need to know the amount of data per day that needs to be transferred to Amazon S3 and the net available bandwidth of your network connection. Storage Gateway is capable of running data compression, and comparison so only changed data is being backed up.

Explanation

5 / 25

You are an engineer at a large bank, responsible for managing your firm’s AWS infrastructure. The finance team has approached you, indicating their concern over the growing AWS budget, and has asked you to investigate ways to lower it. Since your firm has enterprise-level support, you decide to use the AWS Trusted Advisor tool for this effort. What are some of the cost optimization checks that Trusted Advisor will perform? (Choose 3 answers)

Underutilized Amazon EBS Volumes

Underutilized Amazon Redshift Clusters

Idle Load Balancers

EC2 Spot Instance Optimization

Explanation

Trusted Advisor checks for Amazon EC2 reserved instances optimization, low utilization of Amazon EC2 instances, idle Load Balancers, underutilized Amazon EBS Volumes, unassociated Elastic IP Addresses, Amazon RDS idle DB instances, Amazon Route 53 Latency Resource Record Sets, Amazon EC2 reserved instance lease expiration and underutilized Amazon Redshift Clusters

Explanation

6 / 25

True or False: In Amazon Route 53, you can create a hosted zone for a top-level domain (TLD).

False, Amazon Route 53 automatically creates it for you.

FALSE

TRUE

True, only if you send an XML document with a CreateHostedZoneRequest element for TL

Explanation

In Amazon Route 53, you cannot create a hosted zone for a top-level domain (TLD).

Explanation

In Amazon Route 53, you cannot create a hosted zone for a top-level domain (TLD).

7 / 25

You have an application that is generating a log file every 5 minutes and you need to store these log files appropriately. The requirements for storing the log files are:

They should be quickly retrievable when needed, as they may be required only for verification in case of some major issue.
The logs will need to be accessed frequently, as all log data is retrieved and compiled from the files into a bi-monthly report.
The logs are essential to quarterly audits, so the storage solution must offer a high level of durability.
Cost should also be minimized for the storage service as much as possible.

Which of the storage options below is the best choice to meet these requirements?

Amazon S3 OneZone-IA

Amazon S3 Standard - Infrequent Access (IA)

Amazon S3 Glacier

Amazon S3 Standard

Explanation

Amazon S3 stores objects according to their storage class. There are technically four major storage classes: Standard, Standard - Infrequent Access, Reduced Redundancy Storage (RRS) and Glacier.

Standard is for Amazon S3 and provides very high durability. Standard - Infrequent Access is designed for with a minimum data amount required and paid storage for at least 30 days. Glacier is for archival and the files are not available over the internet. Reduced Redundancy Storage is for less critical files.

S3 OneZone IA is a variation of Standard-IA, which offers data archival at a reduced price, but also with less durability because the data within this class is stored within a single availability zone rather than spread throughout all availability zones within the S3 buckets region, as it is with S3 Standard storage.

Explanation

Amazon S3 stores objects according to their storage class. There are technically four major storage classes: Standard, Standard - Infrequent Access, Reduced Redundancy Storage (RRS) and Glacier.

8 / 25

You are tasked with configuring Route 53 for use with EC2 instances across multiple regions that are used for a customer’s website. The customer would like to route traffic based upon the location of the website’s visitors so visitors from specific regions can be presented with specific content. Which of the following would be best suited to meet the requirement?

A geolocation routing policy

EDNS0

A region based routing policy

DynDNS

Explanation

A Geolocation routing policy would allow Route 53 to route queries based upon the location of users. DynDNS is used to automatically update DNS records. EDNS0 can be used to improve the accuracy of geolocation routing, but is not a routing policy in and of itself. Region based is not a valid Route 53 routing policy type.

Explanation

9 / 25

You are deploying a two-tiered web application with web servers in a public subnet of your VPC and your database isolated in a private subnet. Your requirements call for the web tier to be highly available. Which services listed will be needed to make the web-tier highly available? (Choose 3 answers)

Elastic Load Balancer

Auto Scaling

Cross-region replication

Route 53

Explanation

The key is that the requirement is for high availability at the web-tier. While multi-AZ deployments and cross-region replication can contribute to high availability, they are each at the storage tier. Route 53 with Health Checks and Failover, Elastic Load Balancer (with health checks and various forms of load balancing, and auto scaling groups create high availability at the web tier.

Explanation

10 / 25

Your company is migrating into Amazon Web Services and has selected the US East region in which to operate. The majority of your work involves interfacing with government departments in the United States and Germany. Your company expects the deployment into the cloud to be up and running in a minimum of time. Before deploying any resources in the European region, what should be your first consideration?

European privacy laws

The pre-warming storage and load balancers

Industry rules and standards

The number of web servers to deploy

Explanation

Privacy laws in foreign countries will dictate compliance rules and regulations. AWS customers remain responsible for complying with applicable compliance laws and regulations.

Explanation

Privacy laws in foreign countries will dictate compliance rules and regulations. AWS customers remain responsible for complying with applicable compliance laws and regulations.

11 / 25

You’ve designed a public portal (with a MySQL database) featuring popular scientific journals. Due to its popularity, users are complaining it takes much longer to review selected journals than in the past. In addition, the popularity of your site is worldwide.

What are the first steps that you should take to resolve your performance issues? (Choose 2 answers)

Place additional read replicas in AWS regions closer to your users

Redesign your database as a Multi-AZ solution

Deploy ElasticSearch for faster searching of available scientific journals

Create a read replica of your master database

Explanation

Read replicas of your master database allow you to increase performance. Placing your read replicas in different AWS regions closer to your users will maximize performance and increase the availability of your database.

Explanation

12 / 25

Your company allows technical personnel to manage their own S3 buckets. But there have been too many instances of users deleting important project related data. What additional steps can you take to prevent accidental deletion or overwriting of data? (Choose 3 answers)

Add MFA Delete

Add cross-region replication

Add versioning

Create read replicas.

Explanation

Amazon S3 storage offers very high durability, but it is still a best practice to protect against user level deletion or overwriting of data using versioning, cross-region replication, and MFA Delete.

Explanation

13 / 25

A MySQL database currently contains 2 million records. Approximately 2000 new records are added every day, with an average of 80 queries per second. The database is running on a 4 core, 4 GB dedicated system in the local data center. Once a week, on average, the system has issues and resets. It is next on the list to be moved to the cloud. What step should be taken first before it is migrated?

Fix all MySQL issues in the local data center.

Export all database records to S3.

Use the AWS server migration service to migrate existing records

Order an on-demand instance matching the on-premises architecture.

Explanation

Issues that are not first solved locally will not be solved by moving to the cloud. Moving to the cloud is not a silver bullet. If there are inherent problems in the existing architecture there is no guarantee that they will be solved by moving to the cloud. Try to resolve any issues locally before migrating your architecture (and its existing issues) to the cloud.

Explanation

14 / 25

Your organization is thinking of running parts of their workload on AWS while keeping the critical and sensitive servers on-premises with continuous connectivity between instances in AWS and corporate data center. In such a hybrid cloud environment what are the minimum requirements to maintain resilient continuous connectivity between AWS and corporate data center?

A primary direct connect line and a VPN connection for backup connected to the corporate primary router

A primary and a backup direct connect line and at least two routers in the corporate data center

A primary direct connect line connected to at least two routers in the corporate data center

A primary and a backup direct connect line connected to the primary router in the corporate data center

Explanation

In Hybrid cloud environment where connectivity between AWS and Corporate datacenter is critical, redundant active/active or active/passive configurations should be implemented for connectivity resources. redundancy has to be on both sides (AWS and On-premises) hence the minimum requirements to implement this architecture is two direct connect lines and two customer devices (ideally in two different data centers)

Explanation

15 / 25

A customer needs to migrate several hundred terabytes of data into AWS. You typically use Amazon Snowball for these types of requests. What method does AWS recommend regarding data upload to the Snowball appliance? (Choose 2 answers)

Use a single workstation to avoid redundant data transfers to the same Snowball appliance

Use the latest Mac or Linux Snowball client.

When testing data transfer, avoid long test commands in favor of short ones

Use multiple workstations to run the client software to expedite the transfer.

Explanation

Uploading data to the Snowball Appliance requires a client application. The upload is CPU, memory, and networking intensive. If you are uploading large amounts of data, Amazon recommends that you run the client software on multiple workstations to distribute the load and thereby shorten the time the upload will take.

Explanation

16 / 25

You have been contracted to start building the latest and greatest mobile chat app. The schedule for this development and delivery is time critical. What correct mix of AWS services and components should you consider to ensure that your mobile chat app can be produced on time, ensuring that the mobile chat app can authenticate and authorize users?

Create an auto scaling group of EC2 instances with custom and specialized authentication and authorization logic using SSL and JWT tokens to perform user authentication and authorization.

Configure Amazon Cognito together with IAM Roles and Policies, leverage the AWS Mobile SDK within the mobile chat app to perform user authentication and authorization

Create an auto scaling group of EC2 instances with SAML 2.0 service endpoint, setup and install a custom LDAP directory, configure SSO within the mobile app to use the SAML 2.0 service endpoint to perform user authentication and authorization

Configure Amazon CloudFront in association with AWS WAF to perform user authentication and authorization

Explanation

Answer “Configure Amazon Cognito together with IAM Roles and Policies, leverage the AWS Mobile SDK within the mobile chat app to perform user authentication and authorization” is correct. The question highlights that the “development and delivery is time critical” - therefore the best approach time wise is to use the fit for purpose managed services provided by AWS - in this case, Amazon Cognito, IAM Roles and Policies, and the AWS Mobile SDK.

Explanation

17 / 25

A legacy application in your company has been deployed in a single availability zone. It is used only sporadically but must be available nevertheless. Due to your heavy administrative workload, you wish to automate a process that will rebuild the application automatically if it fails. What action should you take?

Monitor the server availability using Cloud Watch metrics to receive alerts of health check failures.

Add an additional availability zone and a load balancer.

Perform snapshots of EBS volumes on a set schedule.

Configure the server in an auto scaling group with a minimum and maximum size of one

Explanation

Auto scaling provides redundancy for a single server with the option of launching a configuration using the attributes from a running instance. When you use this option, auto scaling copies the attributes from the specified instance into a template from which you can launch one or more auto scaling groups.

Note that if the specified instance has properties that are not currently supported by auto scaling, instances launched by auto scaling using the launch configuration created from the identified instance might not be identical to the identified instance.

Explanation

18 / 25

Your web-based application has been launched publicly. Your design has implemented auto scaling and classic load balancing and your design is responding to the changes in demand as expected. Over the next few months, during the holiday season, demand is expected to be quite robust. You estimate that 100 EC2 instances will be required to meet your customers’ demand. How should you plan properly for growth? (Choose 2 answers)

Change your auto scaling configuration, setting a desired maximum capacity of 100 instances. Verify your limits allow for this capacity

Use AWS Trusted Advisor to analyze your workload requirements

Contact Amazon to pre-warm your elastic load balancer to match the expected demands.

Add a second load balancer for additional redundancy

Explanation

In certain scenarios, such as when flash traffic is expected, or in the case where a load test cannot be configured to gradually increase traffic, AWS recommends that you have your load balancer "pre-warmed". They will configure the load balancer to have the appropriate level of capacity based on the traffic that you expect. They also need to know the start and end dates of your tests or expected flash traffic, the expected request rate per second and the total size of the typical request/response that you will be testing

Explanation

19 / 25

You are responsible for maintaining an RDS database deployed in a Multi-AZ deployment architecture. What would be the downtime and/or failover cycle associated with maintenance events on your database? (Choose 2 answers)

The old primary will be promoted back to the new primary after maintenance

Maintenance will be applied to standby instance first.

Maintenance will be applied to the primary instance first

Standby instance will become the new primary after maintenance

Explanation

Running a DB Instance as a Multi-AZ deployment can further reduce the impact of a maintenance event because Amazon RDS will conduct maintenance by following these steps: Perform maintenance on the standby.

Perform maintenance on the standby.
Promote the standby to primary.
Perform maintenance on the old primary, which becomes the new standby.

Explanation

Perform maintenance on the standby.
Promote the standby to primary.
Perform maintenance on the old primary, which becomes the new standby.

20 / 25

You have 4 Direct Connect (DX) connections to your VPC from your Chicago, Boston, Houston, and Orlando offices. Your VPC’s address range is 10.20.0.0/16. You are using BGP routing. You would like to ensure AWS uses the Chicago connection to reach the IP addresses ranging from 10.20.30.0-10.20.30.127 on your network. The other three locations are currently advertising the following routes:

Boston: 10.20.0.0/16 AS 65000

Houston: 10.20.30.0/24 AS 65000 65000

Orlando: 10.20.30.254/32 AS 65000 65000 65000

Which of the following routes could you advertise from your Chicago connection to ensure AWS uses it to access IP addresses ranging from 10.20.30.0-10.20.30.127?

10.20.30.0/25 AS 65000 65000 65000

10.20.30.0/23 AS 65000 65000

10.20.30.128/26 AS 65000

10.20.128.0/17 AS 65000

Explanation

AWS will choose the most specific route first. If routes are equal after checking for the most specific routes, AWS will use AS path prepending to determine which route is preferred. In this example, 10.20.30.0/25 is more specific than 10.20.30.0/24 and 10.20.0.0/16, so AS path prepending will not matter. The other options are either outside of the address range in question (10.20.30.128/26 and 10.20.128.0/17) or less specific than the route advertised by Houston (10.20.30.0/23). The route advertised from Orlando, 10.20.30.254/32, identifies a single IPv4 address that is outside of the range in question

Explanation

21 / 25

Your client has contacted you about an existing AWS cloud environment that they have. They have a large number of T2 large instances in a VPC but have statistics indicating they may need larger instances soon. Another consideration is the company's limited budget to add new instances and/or upgrade its current instances. However, they need to do something and are relying on you to provide a solution. This company has used its existing instances for over 3 years and expects a similar lifespan for any new solution.

What changes would best address the issues with their compute resources? (Choose 2 answers)

Use spot instances to supplement the existing instances.

Replace T2 large instances with large general purpose instances.

Upgrade to standard reserved instances

Upgrade to Enhanced Networking instances.

Explanation

T2 instances are Burstable Performance Instances that provide a baseline level of CPU performance with the ability to burst above the baseline. The baseline performance and ability to burst are governed by CPU Credits. M4 instances are the latest generation of General Purpose Instances. This family provides a balance of compute, memory, and network resources, and it is a good choice for many applications. In this instance, the only option which provides for growth while keeping costs in check is to upgrade to reserved M4 instances on a long term 3 year contract.

Explanation

22 / 25

You are managing cloud storage for your company, which wants the technical staff to have some latitude in managing the buckets under your supervision. In an effort to increase visibility and accountability on bucket management, you'd like to know who is accessing the buckets and to be notified of delete actions.

What features can provide this information for S3 buckets? (Choose 2 answers)

Enable CloudWatch Logs

View the S3 event logs

Turn on S3 Event Notifications for delete actions

Enable S3 Server Access Logs on the buckets

Explanation

S3 Event Notifications can be set up on objects stored in S3. An event could be set up to notify when a delete is performed. Logging is turned off by default but can be enabled. When enabled, they can track requests to your S3 bucket.

S3 Server Access Logging tracks detailed information not currently available with CloudWatch metrics or CloudTrail logs. To track requests for access to your bucket, you can enable access logging. Each access log record provides details about a single access request, such as the requester, bucket name, request time, request action, response status, and error code, if any. Access log information can be useful in security and access audits. It can also help you learn about your customer base and understand your Amazon S3 bill.

Explanation

23 / 25

You are migrating your Oracle database using the AWS Database Migration Service. Due to a large amount of data being replicated, you need the replication process to be continuous. What must be changed on your replication instance to use ongoing replication?

Disable backups on the target instance

Disable Multi-AZ on the target instance

Increase the number of tables that are cached in RAM.

Enable the Multi-AZ option on the replication instance.

Explanation

Enabling the Multi-AZ option provides high availability and failover support for the replication instance

Explanation

Enabling the Multi-AZ option provides high availability and failover support for the replication instance

24 / 25

You are architecting for a hybrid cloud solution that will require continuous connectivity between on-premises servers and instances on AWS. You found that the connectivity between on-premises and AWS does not require high bandwidth for now so you decided to go with resilient VPN connectivity. Which of the following services are part of establishing a resilient VPN connection between on-premises networks and AWS? (Choose 3 answers)

Public VIFs

Virtual private gateway

VPN connection

Customer gateway

Explanation

A customer gateway CGW is the anchor on the customer side of that connection. It can be a physical or software appliance. The anchor on the AWS side of the VPN connection is called a virtual private gateway VGW. There are two lines between the customer gateway and virtual private gateway because the VPN connection consists of two tunnels in case of device failure. When you configure your customer gateway, it's important you configure both tunnels.

The VPN connection will connect VGW attached to certain VPC and CGW on AWS.

Public and Private Virtual Interfaces VIFs are part of configuring a Direct Connect between on-premises and AWS

Explanation

The VPN connection will connect VGW attached to certain VPC and CGW on AWS.

Public and Private Virtual Interfaces VIFs are part of configuring a Direct Connect between on-premises and AWS

25 / 25

Your company wants to migrate an on-premises SQL Server DB to AWS RDS SQL Server. As the DBA, you have determined that your database can be offline while the backup is created, copied, and restored. You decide to use native backup and restore. Which steps are required during setup? (Choose 3 answers)

Add the SQLSERVER_BACKUP_RESTORE option to an option group on your DB instance.

Create an Amazon S3 bucket for your backup files

Turn on compression for your backup files by running “exec rdsadmin..rds_set_configuration ‘S3 backup compression’, ‘true.’”

Create an AWS IAM role for access to the S3 bucket

Explanation

There are three components you'll need to set up for native backup and restore: an Amazon S3 bucket to store your backup files; an AWS Identity and Access Management (IAM) role to access the bucket, and the SQLSERVER_BACKUP_RESTORE option added to an option group on your DB instance.

Explanation

Your score is

LinkedIn Facebook Twitter

Please rate your experience to help us improve !

AWS Certified Solutions Architect Professional – Exam Mode

/75

0 votes, 0 avg

Click Start button to start exam !

Time Out !

1 / 75

Which type of IAM role is pre-defined, and can only be edited in a limited number of cases?

AWS Service-Linked Roles

Identity Provider Access Roles

Cross-Account Access Roles

AWS Service Roles

Explanation

The method that you use to edit a service-linked role depends on the service. Some services might allow you to edit the permissions for a service-linked role from the service console, API, or CLI. However, after you create a service-linked role, you cannot change the name of the role because various entities might reference the role. You can edit the description of any role from the IAM console, API, or CLI.

For information about which services support using service-linked roles, see AWS Services That Work with IAM and look for the services that have Yes in the Service-Linked Role column. To learn whether the service supports editing the service-linked role, choose the Yes link to view the service-linked role documentation for that service.

Explanation

2 / 75

A user is planning to make a mobile game which can be played online over the internet with multiplayer functionality or played offline individually, this game will be hosted on EC2. The user wants to ensure that if someone breaks the highest score or they achieve some milestone they can inform all their colleagues through emails. Which of the below mentioned AWS services would be best suited to achieve this goal?

AWS Simple Queue Service

Amazon Cognito

AWS Simple Email Service.

AWS Simple Workflow Service

Explanation

Amazon Simple Email Service (Amazon SES) is a highly scalable and cost-effective email-sending service for businesses and developers. It integrates with other AWS services, making it easy to send emails from applications that are hosted on AWS

Explanation

3 / 75

Your company uses an on-premise identity system such as Active Directory to authenticate users locally. You would like to grant the same users access into the AWS console without requiring them to authenticate again. What possible solution below can be used to provide this type of access:

If your company's identity system is compatible with SAML 2.0, establish trust between your company's identity system and AWS

If your company's identity system is compatible with Kerberos, establish trust between your company's identity system and AWS

If your company's identity system is compatible with OpenID Connect (OIDC), establish trust between your company's identity system and AWS

If your company's identity system is compatible with OAuth 2.0, establish trust between your company's identity system and AWS

Explanation

Answer “If your company's identity system is compatible with SAML 2.0, establish trust between your company's identity system and AWS” is correct. AWS supports identity federation with SAML 2.0 (Security Assertion Markup Language 2.0), an open standard that many identity providers (IdPs) use. This feature enables federated single sign-on (SSO), so users can log into the AWS Management Console or call the AWS API operations without you having to create an IAM user for everyone in your organization.

Explanation

4 / 75

An international web journal hosted on AWS handles requests for technical publications. The front-end tier is hosted in a VPC with multiple availability zones, auto-scaling groups, and cross zone load-balancing. RDS hosts the application database responsible for indexing and searching the content, and technical journals are served from S3 buckets. At certain times, specific professional journals became quite popular, causing viewing delays. Which additional components could be utilized in your architecture to help improve performance? (Choose 2 answers)

Utilize the SQS service to speed up response to requests

Deploy CloudFront to help with content delivery to users in remote geographic locations

Add cross-region replication to S3 buckets hosting your journals

Utilize ElasticCache with Lazy Loading to cache popular searches and indexes

Explanation

Lazy loading keeps the cache up to date based only on requests, which avoids filling up the cache needlessly, but if data is only written to the cache when there is a cache miss, data in the cache can become stale since there are no updates to the cache when data is changed in the database. This issue is addressed by using lazy loading in conjunction with write through, which adds data or updates data in the cache whenever data is written to the database. You may also use CloudFront to optimize your caching. By default, CloudFront doesn't consider headers when caching your objects in edge locations. If your origin returns two objects and they differ only by the values in the request headers, CloudFront caches only one version of the object

Explanation

5 / 75

Boston: 10.20.0.0/16 AS 65000

Houston: 10.20.30.0/24 AS 65000 65000

Orlando: 10.20.30.254/32 AS 65000 65000 65000

Which of the following routes could you advertise from your Chicago connection to ensure AWS uses it to access IP addresses ranging from 10.20.30.0-10.20.30.127?

10.20.30.0/23 AS 65000 65000

10.20.30.0/25 AS 65000 65000 65000

10.20.128.0/17 AS 65000

10.20.30.128/26 AS 65000

Explanation

6 / 75

You wish to perform detailed monitoring on servers that are marked as unhealthy before they are terminated. After researching the issue, you find that lifecycle hooks can be deployed as necessary. Which strategies could you use to perform detailed monitoring? (Choose 2 answers)

Query 160.254.169.254 when instances are first marked as unhealthy

Define a notification target for the lifecycle hook

Use a CloudWatch event to invoke a Lambda function

Create a longer cooldown period in the launch configuration

Explanation

Lifecycle hooks allow customization of existing auto-scaling groups

Explanation

Lifecycle hooks allow customization of existing auto-scaling groups

7 / 75

Due to compliance rules and regulations, your company's workload has to run on dedicated instances. How can you make sure that all EC2 instances created for your workload now and in the future are dedicated instances? (Choose 2 answers)

Create your VPCs with instance tenancy of dedicated. This will ensure that all instances launched in VPC are dedicated

Create a golden AMI of the dedicated instance and enforce this AMI as the base for any new instance in your environment. This guarantees that all instances created based on the AMI will be dedicated

Create a CloudFormation template that has the EC2 Instance Tenancy attribute as dedicated and always use it to launch any new instance

Create a dedicated Placement Group and associate all new instances with this placement group at launch time. All instances launched in a dedicated placement group will be dedicated

Explanation

You can create a VPC with an instance tenancy of dedicated to ensure that all instances launched into the VPC are dedicated instances. Alternatively, you can specify the tenancy of the instance during launch

Explanation

8 / 75

Use the latest Mac or Linux Snowball client.

When testing data transfer, avoid long test commands in favor of short ones

Use a single workstation to avoid redundant data transfers to the same Snowball appliance

Use multiple workstations to run the client software to expedite the transfer.

Explanation

9 / 75

You have been charged with investigating cloud security options for your company in light of recent suspected threats. You are aware that certain AWS services can help mitigate DDoS attacks, and you are specifically looking for a service that provides protection from counterfeit requests (Layer 7) or SYN floods (Layer 4). Which services provide this protection? (Choose 2 answers)

VPC Security Groups

CloudFront with AWS Shield

Amazon API Gateway

Route 53

Explanation

Amazon API Gateway automatically protects your backend systems from distributed denial-of-service (DDoS) attacks, whether attacked with counterfeit requests (Layer 7) or SYN floods (Layer 3). Additional reading is available here (https://aws.amazon.com/api-gateway/faqs/).

AWS Shield Advanced includes intelligent DDoS attack detection and mitigation for not only for the network layer (layer 3) and transport layer (layer 4) attacks but also for application layer (layer 7) attacks.

NACLs do not provide DDoS mitigation. They are used to control ingress and egress into a subnet based on port and source IP range. Route 53 can protect against DNS based DDoS attacks but does not protect entire layers. Elastic Load Balancing can protect EC2 instances specifically, but not other AWS resources.

Explanation

10 / 75

Your team is setting up DynamoDB for a client. You need to explain to them how DynamoDB tables are partitioned. Which calculations are used to determine the number of partitions that will be created? (Choose 2 answers)

The total table size divided by 40 GB

The total table size divided by 10 GB

The total RCU divided by 3000 + total WCU divided by 1000

The total RCU divided by 5000 + total WCU divided by 1000

Explanation

DynamoDB tables are portioned based on the following: First, calculate total RCU/3000 + total WCU/1000. Then calculate the total size/10 GB. Then round up the higher of the two results

Explanation

DynamoDB tables are portioned based on the following: First, calculate total RCU/3000 + total WCU/1000. Then calculate the total size/10 GB. Then round up the higher of the two results

11 / 75

Within Elastic Load Balancing, the time-to-live ensures that the IP addresses can be remapped quickly in response to changing traffic. What is the default time-to-live (TTL) limit specified by a DNS entry?

30 seconds

10 seconds

60 seconds

90 seconds

Explanation

The DNS entry specifies the time-to-live (TTL) as 60 seconds, which ensures that the IP addresses can be remapped quickly in response to changing traffic.

Explanation

The DNS entry specifies the time-to-live (TTL) as 60 seconds, which ensures that the IP addresses can be remapped quickly in response to changing traffic.

12 / 75

An organization has launched five instances: two for production and three for testing. The organization wants a particular group of IAM users to access only the test instances and not the production ones. They want to deploy the instances in various locations based on the factors that will change from time to time, especially in the test group. They expect instances will often be deleted and replaced, especially in the testing group. This means the five instances they have created now will soon be replaced by a different set of five instances. The members of each group, production, and testing will not change in the foreseeable future.

Given the situation, what choice below is the most efficient and time-saving strategy to define the IAM policy? (Choose 2 answers)

Configure tags on the instances in each environment defining which are ‘test’ and which are ‘production’

Launch the test and production instances in separate regions and allowing region wise access to the group

Define the IAM policy that allows access based on the instance ID

Add a condition to the IAM policy that allows access to the configured tags for the ‘test’ environment

Explanation

AWS Identity and Access Management is a web service that allows organizations to manage users and user permissions for various AWS services. The user can add conditions as a part of the IAM policies. The condition can be set on AWS Tags, Time, and Client IP as well as on various parameters. If the organization wants the user to access only specific instances, he should define proper tags and add to the IAM policy condition. The sample policy is shown below.
"Statement": [ { "Action": "ec2:*", "Effect": "Allow", "Resource": "*", "Condition": { "StringEquals": { "ec2:ResourceTag/InstanceType": "Production" } } } ]

Explanation

13 / 75

You are the technical lead on a project to implement a large scale message queue system. You've presented Amazon SQS and its many benefits as a solution. Your management is impressed but asks about cost. What can you tell them about SQS pricing? (Choose 2 answers)

The Amazon SQS Free Tier provides you with 1 million requests per month at no charge.

You are charged a set price for using the service no matter then number of messages transferred.

You pay only for what you use, and there is no minimum fee.

SQS is completely free. It acts as a link between billed services.

Explanation

The pricing of SQS is as follows: You pay only for what you use, and there is no minimum fee. The cost of Amazon SQS is calculated per request, plus data transfer charges for data transferred out of Amazon SQS. The Amazon SQS Free Tier provides you with 1 million requests per month at no charge. Many small-scale applications are able to operate entirely within the limits of the Free Tier. However, data transfer charges might still apply.

Explanation

14 / 75

What is the network performance offered by the c4.8xlarge instance in Amazon EC2?

20 Gigabit

Very High but variable

5 Gigabit

10 Gigabit

Explanation

Networking performance offered by the c4.8xlarge instance is 10 Gigabit

Explanation

Networking performance offered by the c4.8xlarge instance is 10 Gigabit

15 / 75

Which of the four storage options on Amazon S3 and Amazon Glacier charges per GB retrieval fees? (Choose 2 answers)

Amazon S3 Reduced Redundancy Storage

Amazon Glacier Storage

Amazon S3 Standard-Infrequent Access Storage

Amazon S3 Standard Storage

Explanation

Amazon Glacier and S3 Standard-IA are both designed for storing infrequently accessed data. This is why the data storage fees are roughly one-half to one-sixth the cost of Standard Storage. Retrieval fees will quickly add up if the data is retrieved too often, so planning or correctly setting your object lifecycle based on how often you or your company will need the data is important.

Explanation

16 / 75

Maintenance will be applied to standby instance first.

The old primary will be promoted back to the new primary after maintenance

Maintenance will be applied to the primary instance first

Standby instance will become the new primary after maintenance

Explanation

Perform maintenance on the standby.
Promote the standby to primary.
Perform maintenance on the old primary, which becomes the new standby.

Explanation

Perform maintenance on the standby.
Promote the standby to primary.
Perform maintenance on the old primary, which becomes the new standby.

17 / 75

Amount of data required for backup each day before on-premise data deduplication and compression

Net available bandwidth between on-premises and AWS over the public internet or Direct Connect line.

Compute power of on-premises instances that need to be backed up

Amount of data required for backup each day after on-premise data deduplication and compression

Explanation

18 / 75

You are the DevOps engineer at a mid-sized technology firm, responsible for the automated disaster recovery of your company’s AWS infrastructure. Your supervisor has recently learned about the EC2 Auto Recovery feature, and she has asked you to evaluate whether or not it would be a good fit for your environment. She is particularly interested in the types of failures it can detect. Which conditions would be detectable by EC2 Auto Recovery? (Choose 3 answers)

Software or hardware issues on the physical host (hypervisor)

Application errors or crashes

Loss of network connectivity

Loss of system power

Explanation

EC2 Auto Recovery can detect any condition that will cause a system status check to fail, including hypervisor problems or loss of power/network connectivity.

Explanation

EC2 Auto Recovery can detect any condition that will cause a system status check to fail, including hypervisor problems or loss of power/network connectivity.

19 / 75

Your developers have created a sales application that works in tandem with the no SQL database. To ensure the fastest response for the application in production, the developers wish to remove the need to wait for acknowledgments from the database to the application after data have been sent. The acknowledgments can be stored and accessed asynchronously. Which managed application would be the best choice for their design?

CloudWatch Logs

Simple Workflow Service

AWS Config

Simple Queue Service

Explanation

SQS allows you to quickly build hosted and scalable message queuing applications that can run on any computer. SQS stores messages in transit between diverse, distributed application components without losing messages and without requiring each component to be always available

Explanation

20 / 75

What features can provide this information for S3 buckets? (Choose 2 answers)

Enable CloudWatch Logs

Turn on S3 Event Notifications for delete actions

View the S3 event logs

Enable S3 Server Access Logs on the buckets

Explanation

21 / 75

You are an engineer at a large bank, responsible for managing your firm’s AWS infrastructure. Your finance team has approached you, indicating their concern over the growing EC2 budget. They have asked you to identify strategies to reduce the EC2 spend by at least 25% before the next monthly billing cycle. How choices below could assist in accomplishing this? (Choose 3 answers)

Reduce or eliminate over-provisioned or unused instances.

Consolidate AWS accounts for billing.

Look for opportunities to use reserved or spot instances.

Look for opportunities to use dedicated instances.

Explanation

You can reduce EC2 spend by migrating to reserved/spot instances, eliminating/shrinking unused resources, or consolidating AWS accounts (to qualify for volume discounts). The paying account's use of consolidated billing can benefit from volume pricing discounts gained thru aggregate account usage.

Explanation

22 / 75

Your throughput-optimized HDD (st1) EBS volumes do not seem to be performing as expected and your team leader has requested you look into improving their performance.

Which statement regarding the performance of your EBS volumes is incorrect?

Amazon Web Services provides performance metrics for EBS that you can analyze and view with Amazon CloudWatch.

Frequent snapshots provide a higher level of data durability and will not degrade the IOPS performance of your application while the snapshot is in progress.

You can benchmark your storage and compute configuration to make sure you achieve the level of performance you expect to see before taking your application live.

General Purpose (SSD) and Provisioned IOPS (SSD) volumes throughput limit can go from 128 MB/s to 320 MB/s per volume.

Explanation

When you create a snapshot of a Throughput Optimized HDD (st1) or Cold HDD (sc1) volume, performance may drop as far as the volume's baseline value while the snapshot is in progress. This behavior is specific to these volume types.

Explanation

23 / 75

You work for a company that automatically tags photographs using artificial neural networks (ANNs), which run on GPUs using C++. You receive millions of images in one batch, with an average of 3 batches per day. These images are loaded into an Amazon S3 bucket you control for you in a batch, and then the customer publishes a JSON-formatted manifest into another S3 bucket you control as well. Each image takes 10 milliseconds to process using a full GPU. Your neural network software requires 5 minutes to bootstrap. Image tags are JSON objects, and you must publish them to an S3 bucket.

Which of these is the best system architectures for this system?

Create an OpsWorks Stack with two Layers. The first contains lifecycle scripts for launching and bootstrapping an HTTP API on G2 instances for ANN image processing, and the second has an always-on instance which monitors the S3 manifest bucket for new files. When a new file is detected, request instances to boot on the ANN layer. When the instances are booted and the HTTP APIs are up, submit processing requests to individual instances

Create an Auto Scaling, Load Balanced Elastic Beanstalk worker tier Application, and Environment. Deploy the ANN code to G2 instances in this tier. Set the desired capacity to 1. Make the code periodically check S3 for new manifests. When a new manifest is detected, push all of the images in the manifest into the SQS queue associated with the Elastic Beanstalk worker tier.

Make an S3 notification configuration which publishes to AWS Lambda on the manifest bucket. Make the Lambda create a CloudFormation Stack which contains the logic to construct an autoscaling worker tier of EC2 G2 instances with the ANN code on each instance. Create an SQS queue of the images in the manifest. Tear the stack down when the queue is empty.

Deploy your ANN code to AWS Lambda as a bundled binary for the C++ extension. Make an S3 notification configuration on the manifest, which publishes to another AWS Lambda running controller code. This controller code publishes all the images in the manifest to AWS Kinesis. Your ANN code Lambda Function uses the Kinesis as an Event Source. The system automatically scales when the stream contains image events

Explanation

The Elastic Beanstalk option is incorrect because it requires a constantly-polling instance, which may break and costs money.

The Lambda fleet option is incorrect because AWS Lambda does not support GPU usage.

The OpsWorks stack option both requires a constantly-polling instance, and also requires complex timing and capacity planning logic.

The CloudFormation option requires no polling, has no always-on instances, and allows arbitrarily fast processing by simply setting the instance count as high as needed.

Explanation

The Elastic Beanstalk option is incorrect because it requires a constantly-polling instance, which may break and costs money.

The Lambda fleet option is incorrect because AWS Lambda does not support GPU usage.

The OpsWorks stack option both requires a constantly-polling instance, and also requires complex timing and capacity planning logic.

The CloudFormation option requires no polling, has no always-on instances, and allows arbitrarily fast processing by simply setting the instance count as high as needed.

24 / 75

You have been assigned to a client who has an existing AWS cloud environment. They are already using CloudFormation to deploy web dev, test, and production environments. You immediately recognize that they are using the same CloudFormation template for dev and production. The Project Plan calls for major performance testing at the end of the project and the client wants to cut cost wherever possible. You recommend using smaller EC2 instances for the Developers dev environments. What section of a CloudFormation template can you use to deploy variable sized instances depending on the environment?

Transform

Metadata

Mappings

Conditions

Explanation

The conditions section of a CloudFormation template defines conditions that control whether certain resources are created or whether certain resource properties are assigned a value during stack creation or update. For example, you could conditionally create a resource that depends on whether the stack is for a production or test environment

Explanation

25 / 75

You need to change a deployed Elastic Beanstalk environment to provide additional performance for EC2 instances that a client is currently running on their application. To change your instance count for Elastic Beanstalk, select the necessary steps (in any order). (Choose 3 answers)

Open the Elastic Beanstalk console and navigate to the management page

Change the Minimum Instance Count and then Apply

Choose Configuration and then choose Scaling.

Open a command prompt window and execute the command change-elastic-beanstock -env.

Explanation

Elastic Beanstalk environments can be changed after creation. For example, if you have a compute-intensive application, you can change the type of Amazon EC2 instance that is running your application. To do this, you use the Scaling option in the management page of the Elastic Beanstalk console and change the minimum instance count.

Explanation

26 / 75

Idle Load Balancers

Underutilized Amazon EBS Volumes

EC2 Spot Instance Optimization

Underutilized Amazon Redshift Clusters

Explanation

27 / 75

Your account has 3 VPCs deployed in the same region.

The IPv4 address ranges of the VPCs are:

VPC A 172.22.0.0/16

VPC B 10.3.0.0/16

VPC C 10.4.0.0/16

VPC B and VPC C are already connected through VPC peering connection (PCX) named pcx-abcxyz. VPC A has resources that VPC B and VPC C must access. Which of the options below best achieves the objective of allowing VPC B and VPC C to access VPC A?

Connect VPC A to pcx-abcxyz

Add static routes to VPC A with Targets of 10.3.0.0/16 and 10.4.0.0/16 and a Destination of pcx-abcxyz

Connect VPC A to VPC B using VPC Peering and allow VPC C to access VPC A through VPC B

Create separate VPC Peering connections between VPC A & VPC B and VPC A & VPC C

Explanation

Creating separate VPC Peering connections between each VPC is required for Peering 3 VPCs together. Transitive routing is not supported in VPC Peering so VPC C could not reach VPC A through VPC B. A new VPC Peering connection is required for connecting additional VPCs, so connecting VPC A to pcx-abcxyz is not a viable option. Adding a static route to VPC A that points to pcx-abcxyz would not work as pcx-abcxyz is not connected to VPC A.

Explanation

28 / 75

Construct the final object from the parts.

Send a request to initiate a multipart upload

Upload each part with an upload ID and a part number.

Create ordered ETag values to label each part.

Explanation

29 / 75

Can we attach an EBS volume to more than one EC2 instance at the same time?

Yes, all types of EBS volumes can attach to multiple instances

Yes, but only one type of EBS volume can be attached to multiple instances

Yes, all but one type of EBS volumes can attach to multiple instances

Explanation

With the new EBS multi-attach feature for Provisioned IOPS volumes, you can attach EBS volumes (of this type only) to more than one EC2 instance. So, yes it is possible, but not for all EBS volume types.

Explanation

30 / 75

Your business is slowly migrating to the AWS cloud, but must continue to support its on-premises servers and networks while extending to the cloud. As a result, you are looking for every possible way to optimize costs while ensuring resources remain secure. In order to provide an extra layer of security, you would like for your servers hosted within your VPCs to communicate with other AWS services without leaving your VPC network. You would also like your on-premises servers to be able to connect to these same AWS services through your VPC instead of sending and receiving requests over the public internet. Which AWS networking service or component would satisfy these requirements?

VPC Virtual Private Gateways

VPC Gateway Endpoints

VPC Interface Endpoints

VPC Peering Connections

Explanation

With VPC Interface Endpoints, it is possible to connect to a number of AWS services both from resources within your Amazon VPC and from resources in your on-premises environment. This is not possible with VPC Gateway Endpoints.

Explanation

31 / 75

You have started your own consulting business and have been contracted by a doctors office to help move their outdated scheduling and billing system to the cloud. One feature you have offered at low cost is a disaster recovery solution that will keep their offices operational with minimal downtime. You've configured a standby EC2 instance that can be spun up in minutes. What feature can be quickly attached to the standby EC2 instance in a failover situation, to get the standby operational as quickly as possible?

MAC address

Elastic Network Interface

IPv6 address

Elastic Load Balancer

Explanation

An elastic network interface is a virtual network interface that you can attach to an instance in a VPC. Network interfaces are available only for instances running in a VPC. If one of your instances serving a particular function fails, its network interface can be attached to a replacement or hot standby instance pre-configured for the same role to rapidly recover the service.

Explanation

32 / 75

You have been asked to create a new S3 Bucket that will be used by the financial auditing team to store and share some files. There are a lot of different permissions between listing only, read-only and read-write access. You have decided to use resource-based permissions for the flexibility of it. Which statements below are correct with regards to resource-based permissions on your S3 bucket? (Choose 2 answers)

With resource-based permissions, you can define permissions for sub-directories of your bucket separately

An explicit deny in resource-based permissions will overwrite an allow permissions the user might have for the same resource

Resource-based permissions could be attached to a user, role or group

Resource-based permissions are managed policies you can apply directly to your bucket

Explanation

Resource-based permissions are permissions you attach directly to a resource. Resource-level permissions refer to the ability to specify not just what actions users can perform, but which resources they're allowed to perform those actions on. Resource-based policies are inline only, not managed. You can specify resource-based permissions for Amazon S3 buckets, Amazon Glacier vaults, Amazon SNS topics, Amazon SQS queues, and AWS Key Management Service encryption keys.

Explanation

33 / 75

After reviewing the reports from AWS Trusted Advisor, your company has decided to enable multi-factor authentication for IAM users and the root account. Which of the following MFA options can be used for both account types? (Choose 2 answers)

AWS Security Token Service

A software-based Virtual MFA device

SNS Notification Service

Hardware MFA Device

Explanation

For increased security, AWS recommends that you configure multi-factor authentication (MFA) to help protect your AWS resources. MFA adds extra security because it requires users to enter a unique authentication code from an approved authentication device or SMS text message when they access AWS websites or services. This type of MFA requires you to assign an MFA device (hardware or virtual) to the IAM user or the AWS root account.

Explanation

34 / 75

You are developing a static website using S3 for your company’s clients. Your team is configuring the site and has granted public read access. What other steps must they take? (Choose 2 answers)

Enable static website hosting.

Specify a default index document

Create a website page hierarchy

Enable server-side scripting

Explanation

To configure a bucket for static website hosting, you add a website configuration to your bucket. The configuration includes an index document, error documents, redirects of all requests that are intended for the index page, and any conditional redirects. Amazon S3 does not support server-side scripting.

Explanation

35 / 75

Your company is migrating its infrastructure to AWS. When considering the migration level effort required, you determine there are a select number of VMs that fall under the “very low effort” category. After considering third-party migration options, you decide to utilize available AWS tools. What tools are available for migrating VMs to the AWS cloud? (Choose 2 answers)

AWS Snowball

AWS Snowmobile

AWS VM Import

AWS S3 Import

Explanation

Both Snowball and VM Import can be used to migrate VMs. Snowball mitigates any bandwidth issues that may occur when using VM Import with standard Internet connections.

Explanation

Both Snowball and VM Import can be used to migrate VMs. Snowball mitigates any bandwidth issues that may occur when using VM Import with standard Internet connections.

36 / 75

Disable Multi-AZ on the target instance

Increase the number of tables that are cached in RAM.

Enable the Multi-AZ option on the replication instance.

Disable backups on the target instance

Explanation

Enabling the Multi-AZ option provides high availability and failover support for the replication instance

Explanation

Enabling the Multi-AZ option provides high availability and failover support for the replication instance

37 / 75

Which statement regarding Elastic Load Balancing is incorrect?

ELB can associate the load balancer with your domain name

ELB supports the use of both the Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6).

ELB can distribute the requests to Amazon EC2 instances (servers) in multiple Availability Zones.

ELB is free as you only pay for EC2 instances.

Explanation

As with all Amazon Web Services, you pay only for what you use. For Elastic Load Balancing, you pay for each hour or portion of an hour that the service is running, and you pay for each gigabyte of data that is transferred through your load balancer.

Explanation

38 / 75

Which IAM role do you use to grant AWS Lambda permission to access a DynamoDB Stream?

Event Source role

Invocation role

Dynamic role

Execution role

Explanation

You grant AWS Lambda permission to access a DynamoDB Stream using an IAM role known as the "execution role".

Explanation

You grant AWS Lambda permission to access a DynamoDB Stream using an IAM role known as the "execution role".

39 / 75

Can Amazon RDS manage synchronous data replication across Availability Zones?

No, Amazon RDS does so only for certain AZs.

Yes

Yes, Amazon RDS can manage this but only for certain DB instance types.

Explanation

Yes, in the Multi-AZ Deployment option, Amazon RDS manages synchronous data replication across Availability Zones and automatic failover.

Explanation

Yes, in the Multi-AZ Deployment option, Amazon RDS manages synchronous data replication across Availability Zones and automatic failover.

40 / 75

Your organization is migrating applications to AWS. Your new security policy mandates that all user accounts be created and managed through IAM. Currently, your corporation is using Active Directory as their on-premise LDAP service. Once applications go live at AWS, all users must access applications using temporary access credentials, and all IAM users must have passwords that are rotated on a set schedule. Which of the following actions will allow you to enforce this security policy? (Choose 3 answers)

Deploy federation services that support the Security Token Service

Disable the root account for your AWS account.

Create required IAM user accounts

Create and enforce a password expiration policy option for all IAM users.

Explanation

STS is the “glue” that supports temporary access credentials for federation. If you are running code, AWS CLI, or Tools for Windows PowerShell commands inside an EC2 instance, you can take advantage of roles for Amazon EC2. Otherwise, you can call an AWS STS API to get the temporary credentials, and then use them explicitly to make calls to AWS services.

Explanation

41 / 75

A client of yours has a huge amount of data stored on Amazon S3, but is concerned about someone stealing it while it is in transit. You know that all data is encrypted in transit on AWS, but which of the following is wrong when describing server-side encryption on AWS?

In server-side encryption, you manage encryption/decryption of your data, the encryption keys, and related tools.

Amazon S3 server-side encryption employs strong multi-factor encryption.

Server-side encryption is about data encryption at rest--that is, Amazon S3 encrypts your data as it writes it to disks.

Amazon S3 server-side encryption uses one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256), to encrypt your data

Explanation

Amazon S3 encrypts your object before saving it on disks in its data centers and decrypts it when you download the objects. You have two options depending on how you choose to manage the encryption keys: Server-side encryption and client-side encryption. Server-side encryption is about data encryption at rest--that is, Amazon S3 encrypts your data as it writes it to disks inits data centers and decrypts it for you when you access it. As long as you authenticate your request and you have access permissions, there is no difference in the way you access encrypted or unencrypted objects. Amazon S3 manages encryption and decryption for you. For example, if you share your objects using a pre-signed URL, that URL works the same way for both encrypted and unencrypted objects. In client-side encryption, you manage encryption/decryption of your data, the encryption keys, and related tools. Server-side encryption is an alternative to client-side encryption in which Amazon S3 manages the encryption of your data, freeing you from thetasks of managing encryption and encryption keys. Amazon S3 server-side encryption employs strong multi-factor encryption. Amazon S3 encrypts each object with a unique key. As an additional safeguard, it encrypts the key itself with a masterkey that it regularly rotates. Amazon S3 server-side encryption uses one of the strongest block ciphers available, 256- bit Advanced Encryption Standard (AES-256), to encrypt your data

Explanation

42 / 75

You are an AWS Solutions Architect helping a client plan a migration to the AWS Cloud. The client has provided you with a detailed inventory of their current on-premises compute infrastructure, including metrics related to storage and bandwidth. What tool would you use to estimate the amount of money they will save by migrating to the AWS Cloud?

Cost Explorer

Detailed Billing Reports

Trusted Advisor

TCO Calculator

Explanation

The TCO (Total Cost of Ownership) Calculator is used to calculate savings given information about the user’s current environment.

Explanation

The TCO (Total Cost of Ownership) Calculator is used to calculate savings given information about the user’s current environment.

43 / 75

Industry rules and standards

European privacy laws

The pre-warming storage and load balancers

The number of web servers to deploy

Explanation

Privacy laws in foreign countries will dictate compliance rules and regulations. AWS customers remain responsible for complying with applicable compliance laws and regulations.

Explanation

Privacy laws in foreign countries will dictate compliance rules and regulations. AWS customers remain responsible for complying with applicable compliance laws and regulations.

44 / 75

You have created an S3 bucket where project managers can upload their projects' files. Project files change frequently, so retaining multiple copies of files when changes occur is essential. Each project is also considered confidential, each project file must be encrypted at rest when stored in S3.

How could you meet these requirements for your bucket and contents?

Each PM should compress project files and assign a password for compressed files, and encryption needs to be enabled on the bucket

Enable versioning for the S3 bucket, and encrypt project files using client-side or server-side encryption

Delete all prior versions after a certain timestamp alert is met

Server-side encryption should be enabled on the S3 bucket

Explanation

Versioning provides redundancy as it keeps multiple variants of an object in the same bucket. You can use versioning to preserve, retrieve, and restore every version of every object stored in your Amazon S3 bucket. With versioning, you can easily recover from both unintended user actions and application failures.

Explanation

45 / 75

Your client has submitted a change request to improve security on their S3 buckets. You have decided to allow two administrators to manage the buckets, and are setting up an IAM role for the admins. Your client approves of the two admins having some access, but does not want them to be able to review potentially valuable business information stored within the files. Which operations would you allow this admin role to perform? (Choose 3 answers)

List keys in a bucket

Delete an object

Create and delete a bucket

Get an object

Explanation

The Amazon S3 API is intentionally simple with only a handful of common operations. They include: create/delete a bucket, write an object, read an object, delete an object, and list keys in a bucket.

Explanation

The Amazon S3 API is intentionally simple with only a handful of common operations. They include: create/delete a bucket, write an object, read an object, delete an object, and list keys in a bucket.

46 / 75

What are the first steps that you should take to resolve your performance issues? (Choose 2 answers)

Create a read replica of your master database

Place additional read replicas in AWS regions closer to your users

Redesign your database as a Multi-AZ solution

Deploy ElasticSearch for faster searching of available scientific journals

Explanation

47 / 75

Alias

CNAME

Explanation

48 / 75

Which choice below accurately describes the 'warm standby' disaster recovery method?

Keeping data backed up to tape and sent offsite regularly, from which all data can be restored in the event of a disaster.

A complete duplicate of your entire system, to which all traffic can be directed in the event of a disaster.

A duplicate version of only your business-critical systems that is always running, in case you need to divert your workloads to them in the event of a disaster.

Storing critical systems as a template, from which resources can be scaled out in the event of a disaster.

Explanation

Warm standby is essentially ready to go with all key services running in the most minimal possible way, essentially a smaller version of the production environment. In the event of a disaster, the standby environment will be scaled up for production load quickly and easily. DNS records will be changed to route all traffic to the AWS environment.

Explanation

49 / 75

You are managing a VPC environment that is spread across two Availability Zones, and contains EC2 instances in an auto scaling group. CloudWatch monitoring shows the following data on EC2 utilization.

Only two servers are needed during low-utilization off hours.
During normal business hours, four additional servers are needed.
During a five-day end of the year processing period, you may need for an additional 10 servers.

Which choices will best meet the needs of these three scenarios while providing high availability and cost control? (Choose 2 answers)

Launch four reserved instances (standard) for the day to day processing

Modify your existing Auto scaling group to allow up to ten additional servers using Reserved instances (standard) for year-end processing.

Modify the existing Auto scaling group to allow of up to ten additional On-demand instances for year-end processing

Launch two on-demand (convertible) instances for day-to-day processing.

Explanation

Reserved instances are the best and cheapest option when you are able to make a long-term commitment to use the instances. Typical contract lengths are one or three years. On-demand instances are best when you need instances for a short time period but their end of life needs to be decided by you. Spot instances are a good option when you can afford to lose an instance on very short notice. This happens when the current price of the spot instance exceeds the price you had bid on it. In the case of year-end processing over a short time period, it would not be advisable to use spot instances. A good example of using spot instances would be in mass producing bar codes where you can easily pick up where you left off in processing.

Explanation

50 / 75

Export all database records to S3.

Order an on-demand instance matching the on-premises architecture.

Fix all MySQL issues in the local data center.

Use the AWS server migration service to migrate existing records

Explanation

51 / 75

You are an AWS Solutions Architect helping a client plan a migration to the AWS cloud. The client is very cost-conscious and needs to understand the budget implications of any design decisions prior to signing off. Now that you’ve identified the resources that must be created in the AWS environment to support the migration, what tool could you use to help project future costs given this information?

Cost Explorer

Detailed Billing Reports

TCO Calculator

Simple Monthly Calculator

Explanation

The Simple Monthly Calculator is used to calculate projected costs, assuming you know what AWS resources you’ll be consuming.

Explanation

The Simple Monthly Calculator is used to calculate projected costs, assuming you know what AWS resources you’ll be consuming.

52 / 75

Having set up a website to automatically be redirected to a backup website if it fails, you realize that there are different types of failovers that are possible. You need all your resources to be available the majority of the time. Using Amazon Route 53 which configuration would best suit this requirement?

Active-active failover

Active-active-passive and other mixed configurations

Active-passive failover

None. Route 53 can't failover

Explanation

You can set up a variety of failover configurations using Amazon Route 53 alias: weighted, latency, geolocation routing, and failover resource record sets.

Active-active failover: Use this failover configuration when you want all of your resources to be available the majority of the time. When a resource becomes unavailable, Amazon Route 53 can detect that it's unhealthy and stop including it when responding to queries.
Active-passive failover: Use this failover configuration when you want a primary group of resources to be available the majority of the time and you want a secondary group of resources to be on standby in case all of the primary resources become unavailable. When responding to queries, Amazon Route 53 includes only the healthy primary resources. If all of the primary resources are unhealthy, Amazon Route 53 begins to include only the healthy secondary resources in response to DNS queries.
Active-active-passive and other mixed configurations: You can combine alias and non-alias resource record sets to produce a variety of Amazon Route 53 behaviors.

Explanation

You can set up a variety of failover configurations using Amazon Route 53 alias: weighted, latency, geolocation routing, and failover resource record sets.

Active-active failover: Use this failover configuration when you want all of your resources to be available the majority of the time. When a resource becomes unavailable, Amazon Route 53 can detect that it's unhealthy and stop including it when responding to queries.
Active-passive failover: Use this failover configuration when you want a primary group of resources to be available the majority of the time and you want a secondary group of resources to be on standby in case all of the primary resources become unavailable. When responding to queries, Amazon Route 53 includes only the healthy primary resources. If all of the primary resources are unhealthy, Amazon Route 53 begins to include only the healthy secondary resources in response to DNS queries.
Active-active-passive and other mixed configurations: You can combine alias and non-alias resource record sets to produce a variety of Amazon Route 53 behaviors.

53 / 75

Your team is developing an application using Elastic Beanstalk and discussing the most appropriate environment for deployment. What two types of environments can be created when using Elastic Beanstalk? (Choose 2 answers)

Multi-region, multiple-instance environment

Web worker environment

Load-balancing and auto-scaling environment

Single-instance environment

Explanation

In Elastic Beanstalk, you can create a load-balancing, autoscaling environment or a single-instance environment. The type of environment that you require depends on the application that you deploy. For example, you can develop and test an application in a single-instance environment to save costs and then upgrade that environment to a load-balancing, autoscaling environment when the application is ready for production.

Explanation

54 / 75

Configure Amazon Cognito together with IAM Roles and Policies, leverage the AWS Mobile SDK within the mobile chat app to perform user authentication and authorization

Configure Amazon CloudFront in association with AWS WAF to perform user authentication and authorization

Create an auto scaling group of EC2 instances with custom and specialized authentication and authorization logic using SSL and JWT tokens to perform user authentication and authorization.

Explanation

55 / 75

You are setting up your first Amazon Virtual Private Cloud (Amazon VPC) so you decide to use the VPC wizard in the AWS console to help make it easier for you. Which of the following statements is correct regarding instances that you launch into a default subnet via the VPC wizard?

Instances that you launch into a default subnet don't receive any ip addresses and you need to define them manually.

Instances that you launch into a default subnet receive both a public IP address and a private IP address.

Instances that you launch into a default subnet receive a public IP address and 5 private IP addresses.

Instances that you launch into a default subnet receive a public IP address and 10 private IP addresses.

Explanation

Instances that you launch into a default subnet receive both a public IP address and a private IP address. Instances in a default subnet also receive both public and private DNS hostnames. Instances that you launch into a nondefault subnet in a default VPC don't receive a public IP address or a DNS hostname. You can change your subnet's default public IP addressing behavior

Explanation

56 / 75

You've been assigned to assist a client in the creation of their AWS Virtual Private Cloud (VPC). You are shadowing their IT admin to allow the admin to create the VPC, learn, and benefit from your guidance. Which VPC components come automatically upon creation of a default VPC? (Choose 3 answers)

a default elastic IP address (EIP)

a default VPC security group

a default subnet

a main route table

Explanation

When you create a default VPC, the following components are created with it:

default subnet in each Availability Zone.
main route table
default security group
default network access control list (ACL)
Associate the default DHCP options set for your AWS account with your default VPC.

Explanation

When you create a default VPC, the following components are created with it:

default subnet in each Availability Zone.
main route table
default security group
default network access control list (ACL)
Associate the default DHCP options set for your AWS account with your default VPC.

57 / 75

Your company is migrating their environment to AWS. The legacy environment relied on Chef for automation, and your engineers are comfortable with that solution. In addition, your compliance officer has indicated that the new environment needs centralized, auditable configuration management for regulatory reasons. Which of the following AWS automation tools is most appropriate for this scenario?

CloudFormation

Elastic Beanstalk

OpsWorks stacks

OpsWorks for Chef Automate

Explanation

OpsWorks stacks will let you utilize your existing Chef recipes, but only OpsWorks for Chef Automate will provide you with centralized, continuous configuration management.

Explanation

OpsWorks stacks will let you utilize your existing Chef recipes, but only OpsWorks for Chef Automate will provide you with centralized, continuous configuration management.

58 / 75

You are responsible for a web application where the web server instances are hosted in auto-scaling group. You discover the following after monitoring your application workload for the past year:

You need a minimum of nine EC2 instances to handle the lowest levels of activity during non-business hours.
During local business hours, you require between 12-16 instances.
Roughly 35 percent of non-business workload involves backend data processing and analysis.

With this information, what recommendations would you make to minimize operating costs while providing the required availability?

Purchase nine standard reserved instances to handle the minimum workload. Purchase three scheduled reserved instances to run during non-business hours. Purchase spot instances to handle additional capacity needs

Purchase 6 standard reserved instances to handle minimum workload. Purchase 6 scheduled reserved instances to run during local business hours, and on-demand instances to handle additional capacity needs. Purchase spot instances to handle the data processing workload.

Purchase nine convertible reserved instances to handle the minimum workload. Purchase three scheduled reserved instances to run during local business hours. Purchase spot instances to handle additional capacity needs. Purchase scheduled reserved instances to handle the data processing workload

Purchase 6 standard reserved instances to handle minimum workload. Purchase 6 convertible reserved instances to run during local business hours, and on-demand instances to handle additional capacity needs. Purchase scheduled reserved instances to handle the data processing workload

Explanation

The spot instances are ideal for the data processing workload during non-business hours, and deducting those instances from your minimum workload requirements leaves roughly six instances that are running all day. Purchase six standard reserved instances to meet this need with the greatest discount. You can then schedule reserved instances to run during business hours to meet the increase, and on-demand instances to scale as needed while providing necessary availability.

Explanation

59 / 75

You are pulled in on a redesign of a client's AWS VPC. The client was an early adopter of AWS but wants to improve their overall security in the VPC. The budget allocated for this redesign is very limited and you need to optimize your time. You've created new security groups for the VPC. What's the most expedient way to associate these new security groups with the instances in the VPC?

Delete the instances, create new instances, attach to the security groups, then launch the instances.

Associate the instances with the new security groups while the instances are running.

Create a snapshot of the instance, launch new instances from the snapshot, which are attached to the new security groups.

Shutdown the instances and attach to the new security groups then re-start the instances.

Explanation

A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a VPC, you can assign the instance to up to five security groups. Security groups act at the instance level, not the subnet level. Therefore, each instance in a subnet in your VPC could be assigned to a different set of security groups. If you don't specify a particular group at launch time, the instance is automatically assigned to the default security group for the VPC. If an instance is running in an Amazon VPC you can change which security groups are associated with an instance while the instance is running.

Explanation

60 / 75

You are an engineer at a large bank, responsible for managing your firm’s AWS infrastructure. As the environment and number of active resources continue to grow, your finance team is having a difficult time attributing your AWS costs to the various business units. How can you help the finance team assign costs to the correct business units? (Choose 2 answers)

Tag all resources with the appropriate business unit.

Enable Cost and Usage reports.

Give them access to TCO calculator.

Set up consolidated billing

Explanation

By tagging all resources with the business unit and enabling detailed billing reports, you would enable the finance team to run cost reports by business unit.

Explanation

By tagging all resources with the business unit and enabling detailed billing reports, you would enable the finance team to run cost reports by business unit.

61 / 75

Your team has found that a client's load balancer needs to be configured with support for SSL offload using the default security policy. When negotiating the SSL connections between the client and the load balancer, you want the load balancer to determine which cipher is used for the SSL connection. Which actions perform this process on the load balancer? (Choose 3 answers)

Select the default security policy.

Choose the server order preference option

Select a client configuration preference option

Enable SSL offload.

Explanation

Elastic Load Balancing uses a Secure Socket Layer (SSL) negotiation configuration, known as a security policy, to negotiate SSL connections between a client and the load balancer. A security policy is a combination of SSL protocols, SSL ciphers, and the Server Order Preference option.

Explanation

62 / 75

To provide adequate computer resources for your company portal during busy sales cycles, you have your instances assigned to an EC2 auto scaling group associated with an application load balancer. You are now configuring the health checks for the auto scaling group.

What statement regarding health check configuration options for your auto scaling group is correct?

You can only use EC2 Instance Status Checks as a health check for your auto scaling group

You can only use ALB health checks as a health check for your auto scaling group

You can use both EC2 Instance Status Checks and ALB health checks simultaneously for your auto scaling group

You can use either EC2 Instance Status Checks or ALB health checks for your auto scaling group., but not both simultaneously

Explanation

Both instance status checks and health checks must be enabled before unhealthy instances will be terminated. It is critical that you test not only the saturation and breaking points but also the "normal" traffic profile you expect

Explanation

63 / 75

Customer gateway

Public VIFs

VPN connection

Virtual private gateway

Explanation

The VPN connection will connect VGW attached to certain VPC and CGW on AWS.

Public and Private Virtual Interfaces VIFs are part of configuring a Direct Connect between on-premises and AWS

Explanation

The VPN connection will connect VGW attached to certain VPC and CGW on AWS.

Public and Private Virtual Interfaces VIFs are part of configuring a Direct Connect between on-premises and AWS

64 / 75

You have configured an AWS cloud environment for an ecommerce company. This environment is heavily reliant upon being highly available as downtime will lose the company a great deal of money. You monitor this environment very closely with numerous CloudWatch alarms. Recently you are seeing 'InsufficientInstanceCapacity' errors during auto scaling attempts during peak hours from 4:00 - 9:00 pm EST. This is causing costly downtime. Which option will best handle this situation?

Use spot instances in place of on-demand instances

Purchase Scheduled Reserved Instances for peak hours

Scale up your RDS instance for more capacity

Increase the maximum size of you auto scaling group to add more capacity

Explanation

If you get an InsufficientInstanceCapacity error when you try to launch an instance or start a stopped instance, AWS does not currently have enough available capacity to service your request. In this situation, reserved instances offer the required reliability to avoid outages and loss of money. Reserved Instances are a long-term capacity reservation, and you will not have to rely on Amazon having enough on-demand capacity. Usually these capacity issues are short term, but due to the nature of the company even short outages can be very costly.

Explanation

65 / 75

Making use of a(n) ____ when creating instances in Amazon EC2 is your best solution for providing the lowest latency network communication between multiple instances in EC2.

cluster placement group

isolated network

virtual cluster

virtual private cloud

Explanation

A cluster placement group is a logical grouping of instances within a single AWS Availability Zone. Placement groups are recommended for applications that benefit from low network latency, high network throughput, or both. To provide the lowest latency, and the highest packet-per-second network performance for your placement group, choose an instance type that supports enhanced networking.

Explanation

66 / 75

Your company uses multiple Amazon VPCs and is setting up a new office. The company is deciding on the best way to connect this new, remote office network with the company’s Amazon VPC environment.

Due to the fact it is a new office, no VPN equipment or internet connections exist yet, so this office can design any connection design it desires. The highest priorities are:

A predictable network performance
A private connection avoiding the public internet
Reduced bandwidth costs
Minimal administration required to maintain the high availability of network endpoints

Which VPC connection option best fit your requirements to connect your new office to one of your VPCs?

Configure a VPN connection with a software VPN

Use a hub-and-spoke model with AWS VPN CloudHub

Connect via AWS Direct Connect.

Configure a VPN connection with a hardware VPN

Explanation

Establish a private connection from your new office’s network to your Amazon VPC using AWS Direct Connect is the most suitable option in this case. This option provides predictable network performance, reduces bandwidth costs, and doesn’t require that customers be responsible for implementing high availability solutions for all VPN endpoints. The downside of this option (possible requiring additional telecom and hosting provider relationships) is mitigated in this instance because the office is new and would need to provision a whole new network anyway.

Explanation

67 / 75

You are leading the design of your company's AWS cloud environment. The majority of the traffic on the cloud network will be between virtual servers hosted on EC2 instances within each department. The key priorities are low network latency and high network throughput. What choices below are best-suited to the traffic patterns, and address the organizational requirements? (Choose 3 answers)

Using cluster placement groups

Use spread placement groups

Use instances with enhanced networking capability

Only use instance types offering at least 10 GBPS network connectivity

Explanation

A placement group is a logical grouping of instances within a single Availability Zone. Placement groups are recommended for applications that benefit from low network latency, high network throughput, or both. To provide the lowest latency, and the highest packet-per-second network performance for your placement group, choose an instance type that supports enhanced networking

Explanation

68 / 75

You need to design secure administrative access to application servers residing in private subnets in multiple availability zones. You require a select group of administrators to have access from specific IP addresses. You also want the solution to be automated and repeatable. Which of the following options could achieve your goals? (Choose 2 answers)

Cloud Formation

Elastic Beanstalk

NAT Gateway

Quick Start

Explanation

Quick Start is a new solution that is worth checking out. You can use IAM with AWS CloudFormation to control what users can do with AWS CloudFormation. Amazon provides Amazon Linux AMIs that are configured to run as NAT instances. Elastic Beanstalk is primarily for web applications only

Explanation

69 / 75

A customer has a website which shows all the sales available in leading online and brick-and-mortar stores.

Currently, the website's web, application, and database tiers are hosted on five large, on-demand EC2 instances to manage day-to-day traffic. However, from late November through the end of December, the website traffic quadruples the normal rate for various periods, sometimes a few minutes, and sometimes a few hours. During the peaks in activity, the website requires up to 20 large instances.

The level of activity is not predictable. It is also prone to large, sudden spikes at random times based on when various temporary sales are available. The site's traffic can quadruple in a matter of minutes.

Which option is the most cost-effective and achieves better performance to handle these peaks in traffic reliably?

Purchase 5 Standard reserved instances immediately. Add ten on-demand instances to run continuously from late November through the end of December. Create an auto scaling group to scale out an additional five instances based on the workload metrics as needed.

Purchase 5 Standard reserved instances immediately. Add five on-demand instances during the from late November through the end of December, and create an auto scaling group to scale out an additional ten instances based on the workload metrics as needed.

Launch ten on-demand instances running continuously, and manually launch ten instances every day during office hours based on workload metrics as needed.

Purchase 5 Scheduled reserved instances immediately. Add 15 on-demand instances to run continuously from late November through the end of December.

Explanation

AWS provides an on-demand, scalable infrastructure. Amazon EC2 allows the user to launch On-Demand instances and the organization should create an AMI of the running instance. When the organization is experiencing varying loads and the time of the load is not known but it is higher than the routine traffic it is recommended that the organization launches a few instances beforehand and then setups AutoScaling with policies which scale up and down as per the EC2 metrics, such as Network I/O or CPU utilization.

If the organization keeps all ten additional instances as a part of the AutoScaling policy sometimes during a sudden higher load, it may take time to launch instances and may not give optimal performance. This is the reason it is recommended that the organization keeps an additional five instances running and the next five instances scheduled as per the AutoScaling policy for cost-effectiveness.

Additionally, the website has established a baseline of normal workload outside of the peak season, so they can invest in Standard reserved instances to manage this workload and save dramatically on compute resource costs.

Explanation

70 / 75

An organization is planning to implement a scalable web application with Amazon EC2. The organization is planning to achieve high availability with Multi-AZ features. A single deployment of your application requires 8 vCPUs and 16 GiB total memory. The application workload is very stable, and does not experience spikes in activity. It is possible to divide the workload across separate instances.

Which configuration is the best choice for high availability, disaster recovery, and cost-effectiveness in this scenario?

Launch four instances with 4 vCPUs and 8 GiB memory each. Associated all four instances with one auto scaling group, and deploy the instances into two separate availability zones, and then load balance them with an elastic load balancer

Launch two instances with 8 vCPUs and 16 GiB memory each. Associate both instances with one auto scaling group, and deploy them in separate availability zones. Finally, load balance them with an elastic load balancer

Launch eight instances with 4 vCPUs and 8 GiB memory each. Divide the instances into separate availability zones, and also divide the instances into two separate auto scaling groups across the two availability zones. Deploy a separate load balancer for each group of instances within an availability zone

Launch four instances with 8 vCPUs and 16 GiB memory each. Associate all four instances with one auto scaling group, and deploy them into two separate availability zones. Finally, load balancer them with an elastic load balancer.

Explanation

The organization can always launch multiple EC2 instances in the same region across multiple availability zones for high availability and disaster recovery. It is recommended that the application should be load balanced for better load distribution. When the organization must support a workload that could be met with a small number of large instances, it is recommended to distribute the load by creating four small instances across availability zones. The two large instances give only 50% redundancy while the four small instances give 75% redundancy. As for cost, both the scenarios are the same it is recommended to run four small instances across availability zones

Explanation

71 / 75

While monitoring your application servers hosted behind an elastic load balancer, you discover that the servers always operate at between 75 and 80% of their capacity after five minutes of operation. Also, there is a constant number of servers being marked as unhealthy very early in their initial lifecycle. Upon further analysis, you also discover that your servers are taking between three and four minutes to become operational after launch. What two tasks should you complete as soon as possible? (Choose 2 answers)

Increase the size of instances in your launch configuration.

Increase the length of your scaling cool down period

Decrease the length of your scaling cool down period

Increase the maximum number of instances in your auto-scaling group

Explanation

A prolonged grace period and a larger number of instances will solve these issues. You can use scaling policies to increase or decrease the number of running EC2 instances in your group automatically to meet changing conditions. When the scaling policy is in effect, the Auto Scaling group adjusts the desired capacity of the group and launches or terminates the instances as needed. If you manually scale or scale on a schedule, you must adjust the desired capacity of the group for the changes to take effect.

Explanation

72 / 75

Add an additional availability zone and a load balancer.

Perform snapshots of EBS volumes on a set schedule.

Configure the server in an auto scaling group with a minimum and maximum size of one

Monitor the server availability using Cloud Watch metrics to receive alerts of health check failures.

Explanation

73 / 75

A user has enabled a CloudWatch alarm. The alarm has a $50 threshold for total AWS charges in the US East (N. Virginia) region. When does CloudWatch trigger the alarm for this threshold?

When the total charges for the US East (N. Virginia) region reach $49

When the total AWS charges exceed $50

When the total charges for the US East (N. Virginia) region exceeds $50

When the total AWS charges reach $49

Explanation

You can choose to receive alerts by email when charges have exceeded a certain threshold. These alerts are triggered by CloudWatch and messages are sent using Amazon Simple Notification Service (Amazon SNS). In this case, when the usage exceeds $50, CloudWatch triggers the alarm.

The metric isn't specific to US East (N. Virginia) because billing is a worldwide metric, not specific to any region.

Explanation

The metric isn't specific to US East (N. Virginia) because billing is a worldwide metric, not specific to any region.

74 / 75

The IAM administrator is trying to create IAM groups and IAM users for employees within numerous separate company departments. The owner has created groups for each department, but needs even further separation between department subgroups within IAM groups. For example, two users from different department subgroups should be identified separately and have separate permissions.

How can the IAM administrator configure this?

It is not possible to subdivide IAM users within an IAM group

Create a hierarchy of separate IAM users based on their department

Create a nested IAM group

Use the paths to separate IAM users within the same IAM group

Explanation

The path functionality within an IAM group and user allows them to delineate by further levels. In this case, the user needs to use the path with each user or group so that the ARN of the user will look similar to:

arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/user1
arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/user2

Explanation

arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/user1
arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/user2

75 / 75

A primary and a backup direct connect line and at least two routers in the corporate data center

A primary and a backup direct connect line connected to the primary router in the corporate data center

A primary direct connect line connected to at least two routers in the corporate data center

A primary direct connect line and a VPN connection for backup connected to the corporate primary router

Explanation

Your score is

The average score is 14%

LinkedIn Facebook Twitter

Please rate your experience to help us improve !

Follow Us

Basic & Fundamentals

Recent Posts

Most Read

AWS Certified Solutions Architect Professional – Free Practice Tests

AWS Certified Solutions Architect Professional – Learning Mode

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

AWS Certified Solutions Architect Professional – Exam Mode

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation