AWS Certified Solutions Architect Associate (SAA02) - Free Practice Tests

This AWS practice test helps you to pass the following AWS exams and can also helps you to revise the AWS concepts if you are preparing for AWS interviews.

AWS Certified Solutions Architect Associate
AWS Certified Cloud Practitioner

Below AWS practice tests has two different Modes

Learning Mode: 25 questions per test with answers and explanation, no time limit, repeat tests
Exam Mode: 65 questions per test (similar to real AWS exam), 130 minutes, repeat tests

AWS Certified Solutions Architect Associate (SAA) – Learning Mode

/25

10 votes, 4.5 avg

332

1 / 25

You are designing a VPC for a small legal firm. The firm only has 6 users who will need instances, and the firm does not expect any growth. When creating the VPC, you will need to specify an IPv4 address range by choosing a CIDR block. What is the smallest size CIDR block that could be used for this network?

/28

/24

/16

Explanation

When you create a VPC, you must specify a range of IPv4 addresses for the VPC in the form of a Classless Inter-Domain Routing (CIDR) block; for example, 10.0.0.0/16. The first four IP addresses and the last IP address in each subnet CIDR block are not available for you to use, and cannot be assigned to an instance. AWS reserves the first four addresses and the last address in a CIDR block, so be sure to subtract five to give the number of addresses in a CIDR block available for use

Explanation

2 / 25

If you determine that the resources on a launched Amazon EC2 instance are insufficient to handle the workload of an application, you can resize the instance without performing any migration as long as your root device is a(n) ____________.

EFS filesystem

EBS volume

S3 bucket

instance store

Explanation

As your needs change, you might find that your instance is over-utilized (the instance type is too small) or under-utilized (the instance type is too large). If the root device for your instance is an Elastic Block Store (EBS) volume, you can change the size of the instance simply by changing its instance type, which is known as resizing it. If the root device for your instance is an instance store volume, you must migrate your application to a new instance with the instance type that you want

Explanation

3 / 25

Your company is migrating into Amazon Web Services and has selected the US East region in which to operate. The majority of your work involves interfacing with government departments in the United States and Germany. Your company expects the deployment into the cloud to be up and running in a minimum of time. Before deploying any resources in the European region, what should be your first consideration?

Industry rules and standards

The number of web servers to deploy

European privacy laws

The pre-warming storage and load balancers

Explanation

Privacy laws in foreign countries will dictate compliance rules and regulations. AWS customers remain responsible for complying with applicable compliance laws and regulations.

Explanation

Privacy laws in foreign countries will dictate compliance rules and regulations. AWS customers remain responsible for complying with applicable compliance laws and regulations.

4 / 25

A national auto parts chain contracted your firm to design and implement their AWS environment. It is a very large-scale system that handles order processing, accounting, stocking, and logistics. This system spans multiple availability zones and requires a multi-AZ environment for high availability. The system has been implemented and you need to test the database failover mechanism. It is imperative that the failover occurs within the specified RTO. How can you consistently test database failover?

Reboot the primary database instance

Contact Amazon to conduct a failover test.

Backup then delete the primary database instance

Amazon has thoroughly tested failover and customers can not test failover.

Explanation

If you are looking to use replication to increase database availability while protecting your latest database updates against unplanned outages, consider running your DB instance as a Multi-AZ deployment. When you create or modify your DB instance to run as a Multi-AZ deployment, Amazon RDS will automatically provision and manage a “standby” replica in a different Availability Zone (independent infrastructure in a physically separate location). In the event of planned database maintenance, DB instance failure, or an Availability Zone failure, Amazon RDS will automatically failover to the standby so that database operations can resume quickly without administrative intervention. Multi-AZ deployments utilize synchronous replication, making database writes concurrently on both the primary and standby so that the standby will be up-to-date in the event a failover occurs.

Explanation

5 / 25

In Amazon Route 53, _______ lets you use DNS to route end-user requests to the EC2 region that will give your users the fastest response

latency-based routing

weighted-based routing

failover-based routing

simple-based routing

Explanation

In Amazon Route 53, if your application is hosted on Amazon EC2 instances in multiple EC2 regions, you can reduce latency for your end users by serving their requests from the Amazon EC2 region for which network latency is lowest. Amazon Route 53 latency-based routing lets you use DNS to route user requests to the Amazon EC2 region that will give your users the fastest response

Explanation

6 / 25

You have 4 Direct Connect (DX) connections to your VPC from your Chicago, Boston, Houston, and Orlando offices. Your VPC’s address range is 10.20.0.0/16. You are using BGP routing. You would like to ensure AWS uses the Chicago connection to reach the IP addresses ranging from 10.20.30.0-10.20.30.127 on your network. The other three locations are currently advertising the following routes:

Boston: 10.20.0.0/16 AS 65000

Houston: 10.20.30.0/24 AS 65000 65000

Orlando: 10.20.30.254/32 AS 65000 65000 65000

Which of the following routes could you advertise from your Chicago connection to ensure AWS uses it to access IP addresses ranging from 10.20.30.0-10.20.30.127?

10.20.30.0/23 AS 65000 65000

10.20.30.128/26 AS 65000

10.20.128.0/17 AS 65000

10.20.30.0/25 AS 65000 65000 65000

Explanation

AWS will choose the most specific route first. If routes are equal after checking for the most specific routes, AWS will use AS path prepending to determine which route is preferred. In this example, 10.20.30.0/25 is more specific than 10.20.30.0/24 and 10.20.0.0/16, so AS path prepending will not matter. The other options are either outside of the address range in question (10.20.30.128/26 and 10.20.128.0/17) or less specific than the route advertised by Houston (10.20.30.0/23). The route advertised from Orlando, 10.20.30.254/32, identifies a single IPv4 address that is outside of the range in question

Explanation

7 / 25

You are architecting for a hybrid cloud solution that will require continuous connectivity between on-premises servers and instances on AWS. You found that the connectivity between on-premises and AWS does not require high bandwidth for now so you decided to go with resilient VPN connectivity. Which of the following services are part of establishing a resilient VPN connection between on-premises networks and AWS? (Choose 3 answers)

Public VIFs

VPN connection

Virtual private gateway

Customer gateway

Explanation

A customer gateway CGW is the anchor on the customer side of that connection. It can be a physical or software appliance. The anchor on the AWS side of the VPN connection is called a virtual private gateway VGW. There are two lines between the customer gateway and virtual private gateway because the VPN connection consists of two tunnels in case of device failure. When you configure your customer gateway, it’s important you configure both tunnels.

The VPN connection will connect VGW attached to certain VPC and CGW on AWS.

Public and Private Virtual Interfaces VIFs are part of configuring a Direct Connect between on-premises and AWS

Explanation

The VPN connection will connect VGW attached to certain VPC and CGW on AWS.

Public and Private Virtual Interfaces VIFs are part of configuring a Direct Connect between on-premises and AWS

8 / 25

A user has suspended the Auto Scaling process and updates the desired capacity of the Auto Scaling group. Which statements below is correct regarding this update?

The desired capacity will not get updated as scaling is frozen

The Auto Scaling will not allow modification of the desired capacity during the suspended process state

The scaling activity will happen as this is manual scaling

The desired capacity will get updated, but the scaling activity will not happen

Explanation

The user may want to stop the automated scaling processes on the Auto Scaling groups either to perform manual operations or during emergency situations. To perform this, the user can suspend one or more scaling processes at any time. When the process is suspended and the user changes the desired capacity, the changes will take effect, but Auto Scaling will not be executed. Thus, the scaling activity will not happen even though there is a difference between the desired capacity and the current capacity.

Explanation

9 / 25

A bucket owner from Account Red allows Account Blue’s IAM users to upload and access objects in his bucket.

One of Account Blue’s IAM users tries to access an object in the bucket. The object is owned by an IAM user from Account Red who is not the bucket owner.

How will Amazon S3 process this request?

Amazon S3 only verifies permissions granted by the object owne

Amazon S3 only verifies permissions granted by the bucket owner and object owner

Amazon S3 only verifies permissions granted by the bucket owner

Amazon S3 verifies permissions granted by Account Blue’s IAM administrator, by the bucket owner, and by the object owner.

Explanation

If a IAM user is trying to perform some action on an object belonging to another AWS user’s bucket, S3 will verify whether the owner of the IAM user has given sufficient permission to him. It also verifies the policy for the bucket as well as the policy defined by the object owner.

Explanation

10 / 25

A user is running a batch process which runs for 1 hour every day. Which of the below mentioned options is the right instance type and costing model in this case if the user performs the same task for the whole year?

Instance store backed instance with spot instance pricing.

EBS backed instance with low utilized reserved instance pricing

EBS backed instance with heavy utilized reserved instance pricing

EBS backed instance with on-demand instance pricing.

Explanation

For Amazon Web Services, the reserved instance helps the user save money if the user is going to run the same instance for a longer period. Generally, if the user uses the instances around 30-40% annually it is recommended to use RI. Here as the instance runs only for 1 hour daily it is not recommended to have RI as it will be costlier. The user should use on-demand with EBS in this case.

Explanation

11 / 25

You have a client in the financial industry who is moving to AWS for their IT infrastructure and applications. They need to become PCI compliant to protect their client’s card information. Amazon has many processes in place for PCI compliance. What steps do you need to take to help them become compliant? (Choose 3 answers)

Monitor access with CloudTrail and VPC Flow Logs

Encrypt data in transit.

Secure private subnets with ACLs and Security Groups

Use server side encryption to protect card holder data.

Explanation

AWS provides customers with a PCI-compliant environment and the necessary tools to secure their environment. PCI compliance falls very much in line with the shared responsibility model. But ultimately, it is the customers responsibility to build and maintain a PCI-compliant environment.

Explanation

12 / 25

You are designing a cloud implementation for a client. They have requested a database that will serve data to a website as well as perform some complex reporting in a Data Warehouse. They are also looking for a durable location to store session state. Which design choices would meet the client’s requirements? (Choose 3 answers)

Amazon Redshift for Data Warehousing/Reporting

MySQL database to serve data to the website

Amazon Glacier for Data Warehousing/Reporting

DynamoDB for session state

Explanation

An RDS database such as MySQL is a good choice as the back end for a web server. Amazon Redshift is often paired with RDS to offload Data Warehousing/Reporting traffic. DynamoDB is a good choice for managing session state, shopping cart data, or time-series data.

Explanation

13 / 25

You have just set up a large site for a client which involved a huge database which you set up with Amazon RDS to run as a Multi-AZ deployment. You now start to worry about what will happen if the database instance fails. Which statement best describes how this database will function if there is a database failure?

Updates to your DB Instance are synchronously replicated across S3 to the standby in order to keep both in sync and protect your latest database updates against DB Instance failure.

Your database will not resume operation without manual administrative intervention.

Updates to your DB Instance are asynchronously replicated across Availability Zones to the standby in order to keep both in sync and protect your latest database updates against DB Instance failure.

Updates to your DB Instance are synchronously replicated across Availability Zones to the standby in order to keep both in sync and protect your latest database updates against DB Instance failure.

Explanation

Amazon Relational Database Service (Amazon RDS) is a managed service that makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity, while managing time-consuming database administration tasks, freeing you up to focus on your applications and business. When you create or modify your DB Instance to run as a Multi-AZ deployment, Amazon RDS automatically provisions and maintains a synchronous “standby” replica in a different Availability Zone. Updates to your DB Instance are synchronously replicated across Availability Zones to the standby in order to keep both in sync and protect your latest database updates against DB Instance failure. During certain types of planned maintenance, or in the unlikely event of DB Instance failure or Availability Zone failure, Amazon RDS will automatically failover to the standby so that you can resume database writes and reads as soon as the standby is promoted. Since the name record for your DB Instance remains the same, your application can resume database operation without the need for manual administrative intervention. With Multi-AZ deployments, replication is transparent: you do not interact directly with the standby, and it cannot be used to serve read traffic. If you are using Amazon RDS for MySQL and are looking to scale read traffic beyond the capacity constraints of a single DB Instance, you can deploy one or more Read Replicas

Explanation

14 / 25

You have been assigned to a client who has an existing AWS cloud environment. They are already using CloudFormation to deploy web dev, test, and production environments. You immediately recognize that they are using the same CloudFormation template for dev and production. The Project Plan calls for major performance testing at the end of the project and the client wants to cut cost wherever possible. You recommend using smaller EC2 instances for the Developers dev environments. What section of a CloudFormation template can you use to deploy variable sized instances depending on the environment?

Metadata

Conditions

Transform

Mappings

Explanation

The conditions section of a CloudFormation template defines conditions that control whether certain resources are created or whether certain resource properties are assigned a value during stack creation or update. For example, you could conditionally create a resource that depends on whether the stack is for a production or test environment

Explanation

15 / 25

You have been using T2 instances as your CPU requirements have not been that intensive. However, you now start to think about larger instance types and start looking at M1 and M3 instances. You are a little confused as to the differences between them as they both seem to have the same ratio of CPU and memory. Which statement below is incorrect as to why you would use one over the other?

M3 instances also offer SSD-based instance storage that delivers higher I/O performance.

M3 instances are configured with more swap memory than M1 instances.

M3 instances are less expensive than M1 instances

M3 instances provide better, more consistent performance that M1 instances for most use-cases

Explanation

Amazon EC2 allows you to set up and configure everything about your instances from your operating system up to your applications. An Amazon Machine Image (AMI) is simply a packaged-up environment that includes all the necessary bits to set up and boot your instance. M1 and M3 Standard instances have the same ratio of CPU and memory, some reasons below as to why you would use one over the other. M3 instances provide better, more consistent performance that M1 instances for most use-cases. M3 instances also offer SSD-based instance storage that delivers higher I/O performance. M3 instances are also less expensive than M1 instances. Due to these reasons, we recommend M3 for applications that require general purpose instances with a balance of compute, memory, and network resources. However, if you need more disk storage than what is provided in M3 instances, you may still find M1 instances useful for running your applications

Explanation

16 / 25

The average traffic to your online business has quadrupled since you expanded your targeted marketing campaigns. Your web servers are handling the traffic, but you are closely monitoring your database layer, which consists of multiple Amazon RDS MySQL Databases.

You are monitoring key custom metrics related to read and write throughput and latency using Amazon CloudWatch. You have configured CloudWatch alarms to monitor these custom metrics against optimal performance thresholds, but want to ensure these alarms based on these specific metrics are as responsive as possible.

How can you increase the responsiveness of CloudWatch alarms for the specific custom metrics you have already implemented for your RDS MySQL databases? (Choose 2 answers)

Enable RDS Performance Insights

Enable Detailed Monitoring on CloudWatch

Configure Route 53 CloudWatch Alarm health checks

Enable RDS Enhanced Monitoring

Explanation

Most of these choices improve the responsiveness of CloudWatch in some way, but the aspect of this question is improving the responsiveness of CloudWatch alarms you have already implemented. This means you are not interested in additional metric information outside of the custom metrics you’ve already created in CloudWatch, and any features that increase responsiveness to metrics other than what you want will not be beneficial.

So, creating CloudWatch Log metric filters for default RDS metrics will not help, even though this can provide 1-second granularity, it is unlikely the logs will indicate overall latency and throughput of reads and writes, as these performance metrics are not related to specific API calls, but rather general database performance.

Performance Insights allow you to review and analyze your RDS database performance overall, but is not ideal for identifying a performance issue in real-time.

Enabling Enhanced monitoring does provide increased insight into RDS database performance, and with the increased granularity of 5 seconds instead of 60 seconds, or potentially even 1-second granularity through CloudWatch Log Streams. However, Enhanced Monitoring provides specific operating system metrics and other performance metrics, and would not apply to the custom metric you have created using CloudWatch.

Enabling Detailed Monitoring will increase the delivery of average metrics from every 5 minutes to every minute, and this will apply to your custom metrics as well.

In addition, creating a Route 53 CloudWatch Alarm Health Check will monitor the transmission of data to CloudWatch, and can effectively alert you before the CloudWatch alarm is even triggered.

Explanation

Performance Insights allow you to review and analyze your RDS database performance overall, but is not ideal for identifying a performance issue in real-time.

Enabling Detailed Monitoring will increase the delivery of average metrics from every 5 minutes to every minute, and this will apply to your custom metrics as well.

In addition, creating a Route 53 CloudWatch Alarm Health Check will monitor the transmission of data to CloudWatch, and can effectively alert you before the CloudWatch alarm is even triggered.

17 / 25

Which choice correctly describes the differences between security groups and Network Access Control Lists (NACLs)? (Choose 2 answers)

NACLs operate at the subnet level and support deny rules only.

Security Groups operate at the subnet level, and they support allow rules only

NACLs operate at the subnet level and support allow and deny rules

Security Groups operate at the instance level and support allow rules only.

Explanation

You can secure your VPC instances using only security groups; however, you can add NACLs as a second layer of defense. Security groups — Act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level . Network access control lists (NACLs) — Act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level . Security Groups supports allow rules only while Network Access Control Lists support allow and deny rules.

Explanation

18 / 25

You need to create a JSON-formatted text file for AWS CloudFormation. This is your first template and the only thing you know is that the templates include several major sections but there is only one that is required for it to work. What is the only section required?

Outputs

Resources

Conditions

Mappings

Explanation

AWS CloudFormation is a service that helps you model and set up your Amazon Web Services resources so that you can spend less time managing those resources and more time focusing on your applications that run in AWS. You create a template that describes all the AWS resources that you want (like Amazon EC2 instances or Amazon RDS DB instances), and AWS CloudFormation takes care of provisioning and configuring those resources for you. A template is a JSON-formatted text file that describes your AWS infrastructure. Templates include several major sections. The Resources section is the only section that is required. The first character in the template must be an open brace ({), and the last character must be a closed brace (}). The following template fragment shows the template structure and sections

Explanation

19 / 25

You have designed an application that does the following:

It runs hourly checks for new items in an S3 bucket.
If new items exist, a message is added to an SQS queue.
It has several EC2 instances which retrieve messages from the SQS queue, parse the file, and send you an email containing the relevant information from the file.

You upload a test file to the bucket, wait a couple of hours and find that you have hundreds of emails from the application.
Which of the following is the most likely cause for this volume of email? (Choose 2 answers)

You are being spammed

You should be checking for messages every 10 minutes.

Messages are not being deleted following processing.

To keep multiple instances from processing the same SQS message, your application must delete the SQS message after processing it.

Explanation

Many instances can poll a single queue, but to keep multiple instances from processing the same SQS message, your application must delete the SQS message after processing it. While SQS does not guarantee a message will be processed only once, the same message being processed many times is probably an indication that the message is not being deleted following processing.

Explanation

20 / 25

A user has enabled versioning on an S3 bucket. The user applies server side encryption for data at rest. If the user is supplying his own keys for encryption (SSE-C), which of the below mentioned statements is true?

It is possible to have different encryption keys for different versions of the same object

The user should use the same encryption key for all versions of the same object

Amazon S3 does not allow the user to upload his own keys for server side encryption

The SSE-C does not work when versioning is enabled

Explanation

Amazon S3 supports client side or server side encryption to encrypt all data at rest. The server side encryption can either have the S3 supplied AES-256 encryption key, or the user can send the key along with each API call to supply his own encryption key (SSE-C). If the bucket is versioning-enabled, each object version uploaded by the user using the SSE-C feature can have its own encryption key. The user is responsible for tracking which encryption key was used for which object’s version

Explanation

21 / 25

A media company has contracted you to design its AWS cloud environment. They host websites and have many well known bloggers who post daily and weekly blogs as well as podcasts. Your analysis of their existing traffic reveals that their database traffic will be nearly 90% read traffic. From this analysis, your design will include read replicas in regions outside the primary DB region, so you know that you have to choose a database engine that supports this.

Which AWS RDS engines does not support read replicas located in a separate AWS region from the primary DB?

Amazon Aurora

SQL Server

MariaDB

MySQL

Explanation

Amazon RDS Read Replicas provide enhanced performance and durability for database (DB) instances. This replication feature makes it easy to elastically scale out beyond the capacity constraints of a single DB Instance for read-heavy database workloads. You can create one or more replicas of a given source DB Instance and serve high-volume application read traffic from multiple copies of your data, thereby increasing aggregate read throughput. Read replicas can also be promoted when needed to become standalone DB instances.

Read replicas in different regions are available in Amazon RDS for MYSQL, MariaDB, PostgreSQL, Oracle, and Aurora

Explanation

Read replicas in different regions are available in Amazon RDS for MYSQL, MariaDB, PostgreSQL, Oracle, and Aurora

22 / 25

A user is making a scalable web application with compartmentalization. The user wants the log module to be accessible by all the application functionalities in an asynchronous way. Each module of the application sends data to the log module, and based on the resource availability it will process the logs. Which AWS service helps achieving this functionality?

AWS Simple Queue Service.

AWS Simple Notification Service.

AWS Simple Email Service.

AWS Simple Workflow Service.

Explanation

Amazon Simple Queue Service (SQS) is a highly reliable distributed messaging system for storing messages as they travel between computers. By using Amazon SQS, developers can simply move data between distributed application components. It is used to achieve compartmentalization or loose coupling. In this case all the modules will send a message to the logger queue and the data will be processed by queue as per the resource availability.

Explanation

23 / 25

A legacy application in your company has been deployed in a single availability zone. It is used only sporadically but must be available nevertheless. Due to your heavy administrative workload, you wish to automate a process that will rebuild the application automatically if it fails. What action should you take?

Perform snapshots of EBS volumes on a set schedule.

Configure the server in an auto scaling group with a minimum and maximum size of one

Add an additional availability zone and a load balancer.

Monitor the server availability using Cloud Watch metrics to receive alerts of health check failures.

Explanation

Auto scaling provides redundancy for a single server with the option of launching a configuration using the attributes from a running instance. When you use this option, auto scaling copies the attributes from the specified instance into a template from which you can launch one or more auto scaling groups.

Note that if the specified instance has properties that are not currently supported by auto scaling, instances launched by auto scaling using the launch configuration created from the identified instance might not be identical to the identified instance.

Explanation

24 / 25

Amazon RDS provides high availability and failover support for DB instances using .

customized deployments

Multi-AZ deployments

log events

Appstream customizations

Explanation

Amazon RDS provides high availability and failover support for DB instances using Multi-AZ deployments. Multi-AZ deployments for Oracle, PostgreSQL, MySQL, and MariaDB DB instances use Amazon technology, while SQL Server DB instances use SQL Server Mirroring.

Explanation

25 / 25

Can we attach an EBS volume to more than one EC2 instance at the same time?

Yes, all types of EBS volumes can attach to multiple instances

Yes, all but one type of EBS volumes can attach to multiple instances

Yes, but only one type of EBS volume can be attached to multiple instances

Explanation

With the new EBS multi-attach feature for Provisioned IOPS volumes, you can attach EBS volumes (of this type only) to more than one EC2 instance. So, yes it is possible, but not for all EBS volume types.

Explanation

Your score is

The average score is 55%

LinkedIn Facebook Twitter

Please rate your experience to help us improve !

Ready to take AWS Certified Solutions Architect Associate (SAA) – Exam mode ?

AWS Certified Solutions Architect Associate (SAA) – Exam Mode

/65

5 votes, 4.8 avg

148

Click Start button to start exam !

Time Out !

1 / 65

You have been assigned to work with a manufacturing company that wants to migrate to a Virtual Private Cloud. Their technical lead is very proactive and and would like to use EC2 Spot instances wherever possible for cost efficiency. He also wants to use Instance Stored volumes where possible. You need to educate the technical lead about EBS backed volumes versus Instance Stored volumes. What are some of the advantages of EBS volumes? (Choose 3 answers)

If the instance is terminated, your data is not lost.

EBS based instances can be stopped and restarted.

EBS instances boot faster

EBS volumes are more cost-effective

Explanation

An EBS volume is off-instance storage that can persist independently from the life of an instance. You continue to pay for the volume usage as long as the data persists. EBS instances can be stopped and re-started. And EBS volumes boot faster than instance store volumes often by an order of magnitude

Explanation

2 / 65

While monitoring your application servers hosted behind an elastic load balancer, you discover that the servers always operate at between 75 and 80% of their capacity after five minutes of operation. Also, there is a constant number of servers being marked as unhealthy very early in their initial lifecycle. Upon further analysis, you also discover that your servers are taking between three and four minutes to become operational after launch. What two tasks should you complete as soon as possible? (Choose 2 answers)

Increase the maximum number of instances in your auto-scaling group

Decrease the length of your scaling cool down period

Increase the length of your scaling cool down period

Increase the size of instances in your launch configuration.

Explanation

A prolonged grace period and a larger number of instances will solve these issues. You can use scaling policies to increase or decrease the number of running EC2 instances in your group automatically to meet changing conditions. When the scaling policy is in effect, the Auto Scaling group adjusts the desired capacity of the group and launches or terminates the instances as needed. If you manually scale or scale on a schedule, you must adjust the desired capacity of the group for the changes to take effect.

Explanation

3 / 65

You are designing an AWS RDS environment for a new client. You have designed in high availability for this environment and now you are reviewing scalability options and will meet with the client to review. You need to make them aware of vertical scaling options and considerations when choosing larger instance sizes. They are using a commercial database (SQL Server). What commercial consideration is required when vertically scaling the database?

Make sure you understand multi-AZ for SQL Server.

Make sure you have the correct database vendor licensing in place before scaling vertically.

Make sure automatic backups have run before scaling vertically.

Make sure end users are signed out before scaling vertically.

Explanation

To handle a higher load in your database, you can vertically scale up your master database. Before you scale, make sure you have the correct licensing in place for commercial engines (SQL Server, Oracle) especially if you Bring Your Own License (BYOL). One important thing to call out is that for commercial engines, you are restricted by the license, which is usually tied to the CPU sockets or cores.

Explanation

4 / 65

Select the correct statement: Within Amazon EC2, when using Linux instances, the device name /dev/sda1 is .

recommended for instance store volumes

recommended for EBS volumes

reserved for the root device

reserved for EBS volumes

Explanation

Within Amazon EC2, when using a Linux instance, the device name /dev/sda1 is reserved for the root device.

Explanation

Within Amazon EC2, when using a Linux instance, the device name /dev/sda1 is reserved for the root device.

5 / 65

instance store

EFS filesystem

EBS volume

S3 bucket

Explanation

6 / 65

A user is implementing resources for a group of separate batch processes to be completed during non-business hours. The process is predicted to take 6 hours to complete. This group of batch processing will require a compute-optimized instance, which is a different instance family than any deployed within your production environment. Which option is the right instance type and purchase option in this case, assuming the user performs the same task for the next twelve months?

An instance on an EC2 instance savings plan

A convertible reserved instance

A spot instance

An instance on a compute savings plan

Explanation

A spot instance is not the right instance type for this scenario. Spot instances would very likely be interrupted before a 6 hour job would be complete.

A convertible instance and a compute savings plan both offer up to 66 percent off, but an EC2 instance savings plan offers up to 72 percent discount.

Explanation

A spot instance is not the right instance type for this scenario. Spot instances would very likely be interrupted before a 6 hour job would be complete.

A convertible instance and a compute savings plan both offer up to 66 percent off, but an EC2 instance savings plan offers up to 72 percent discount.

7 / 65

Which of the following are IAM best practices (Choose 3 answers)

Assign permissions to IAM groups instead of IAM users

Discontinue use of the root access key.

Create privileged users and enable multi-factor authentication.

Designate a backup administrator to use the root access key

Explanation

You use an access key (consisting of an access key ID and secret access key) to make programmatic requests to AWS. However, do not use your AWS account (root) access key. Create groups that relate to job functions so that you can make changes for everyone in a group in just one place.

Explanation

8 / 65

You have implemented multipart uploading in your company’s AWS cloud storage environment. The overall performance has been good but there is some concern about network utilization. Your CFO has also raised concerns about greater than expected storage costs. What steps can you take to address each of these issues with cost as a primary concern? (Choose 2 answers)

Abort incomplete uploads after a specified time with an object lifecycle policy.

Pause uploads during high traffic periods.

Use Direct Connect for greater throughput

Compress data for faster upload times.

Explanation

The ability to pause multipart uploads offers great flexibility in its usage. A pause could be initiated for a number of reasons but pausing to relieve network traffic is a prime use case. If a multipart upload aborts, it is good practice to have a lifecycle policy, which will delete incomplete uploads after a predetermined number of days. This will reduce storage costs.

Explanation

9 / 65

Which statements below correctly describe how a security group functions in the AWS cloud? (Choose 2 answers)

If there are multiple security groups, the most restrictive one is used

Security groups are stateless

Every instance must have at least one assigned security group.

Security groups control traffic at the instance level

Explanation

Security Groups are essentially stateful firewalls at the instance level. Security Groups are associated with instances at launch time, and restrict or allow traffic based on port, protocol, and source/destination.

Explanation

10 / 65

True or False: In Amazon Route 53, you can create a hosted zone for a top-level domain (TLD).

TRUE

False, Amazon Route 53 automatically creates it for you.

True, only if you send an XML document with a CreateHostedZoneRequest element for TL

FALSE

Explanation

In Amazon Route 53, you cannot create a hosted zone for a top-level domain (TLD).

Explanation

In Amazon Route 53, you cannot create a hosted zone for a top-level domain (TLD).

11 / 65

You are migrating on-premise legal files to the AWS Cloud in Amazon S3 buckets. The corporate audit team will review all legal files within the next year, but until that review is completed, you need to ensure that the legal files are neither updated or deleted in the next 18 months. What steps will ensure the files can be uploaded efficiently but have the required protection for the specific time period of 18 months? (Choose 2 answers)

Set a retention period of 18 months on all relevant object versions via a batch operation

Enable object locks on all relevant S3 buckets with a retention mode of compliance mode.

Set a default retention period of 18 months on all related S3 buckets.

Set a default legal hold on all related S3 buckets

Explanation

The key points of this question are:

the difference between compliance mode and governance mode – compliance prevents objects from being updated or deleted, governance only prevents deletion.
Default Retention periods can be set at bucket level and then applied to all objects uploaded into the bucket. Otherwise they have to set at an object version level.
Legal holds have no specific time frame associated with them, and cannot be configured at a bucket level. They must be configured at an object version level.
Object lock setting cannot be configured via batch operations.

Explanation

The key points of this question are:

the difference between compliance mode and governance mode – compliance prevents objects from being updated or deleted, governance only prevents deletion.
Default Retention periods can be set at bucket level and then applied to all objects uploaded into the bucket. Otherwise they have to set at an object version level.
Legal holds have no specific time frame associated with them, and cannot be configured at a bucket level. They must be configured at an object version level.
Object lock setting cannot be configured via batch operations.

12 / 65

You configured a VPC with web servers hosted on EC2 instances in an EC2 Auto Scaling group in a public subnet. You then create a private subnet and deploy your Amazon RDS database servers in it. You granted a database administrator access in IAM to the RDS database instance, who is now attempting to connect from a secure, company-managed on-premise IP address range. However, she is unable to connect to the RDS instance. You have reviewed IAM permissions for the administrator and AWS resources that need to connect to the database, and they appear correctly configured. All application instances are able to connect to the RDS instance, but other employees on the same approved IP address range cannot connect to the database. What steps is a recommended first step to troubleshoot the issue?

Create a key pair for your database administrator to log into the environment’s EC2 instances

Configure single sign-on for your database administrator.

Enable multi-factor authentication for your database administrator.

Check the database security group’s specific ingress and egress rules.

Explanation

When you are unable to connect to a new database, it is often because the DB instance creation is still in progress and is not available yet. A reasonable amount of time to wait (at most) is 20 to 30 minutes. Beyond that, there is likely a problem. A common pattern in DB implementation involves placing databases in private subnets for additional security. If you follow this practice, make sure that the Security Groups provide appropriate ingress and egress to the DB instance.

Explanation

13 / 65

Can Amazon RDS manage synchronous data replication across Availability Zones?

Yes

Yes, Amazon RDS can manage this but only for certain DB instance types.

No, Amazon RDS does so only for certain AZs.

Explanation

Yes, in the Multi-AZ Deployment option, Amazon RDS manages synchronous data replication across Availability Zones and automatic failover.

Explanation

Yes, in the Multi-AZ Deployment option, Amazon RDS manages synchronous data replication across Availability Zones and automatic failover.

14 / 65

You are an engineer at a large bank, responsible for managing your firm’s AWS infrastructure. Your finance team has approached you, indicating their concern over the growing S3 budget. They have asked you to identify strategies to reduce the S3 spend by at least 25% before the next monthly billing cycle.

How could you accomplish this? (Choose 2 answers)

Enable object compression to reduce object sizes

Implement lifecycle to archive older objects to Glacier

Use Snowball for large data objects to avoid data transfer rates

Utilize Infrequent Access storage for objects that are not requested so frequently

Explanation

You can use the infrequent access to reduce the cost of certain classes of objects, as well as send older objects to Glacier for archiving at a much lower cost.

Note that data transfer into S3 is always free. So if you want to reduce your cost, using Snowball might speed up moving large data sets however it will not reduce your cost

Explanation

You can use the infrequent access to reduce the cost of certain classes of objects, as well as send older objects to Glacier for archiving at a much lower cost.

Note that data transfer into S3 is always free. So if you want to reduce your cost, using Snowball might speed up moving large data sets however it will not reduce your cost

15 / 65

Your company is migrating its infrastructure to AWS. When considering the migration level effort required, you determine there are a select number of VMs that fall under the “very low effort” category. After considering third-party migration options, you decide to utilize available AWS tools. What tools are available for migrating VMs to the AWS cloud? (Choose 2 answers)

AWS Snowmobile

AWS Snowball

AWS VM Import

AWS S3 Import

Explanation

Both Snowball and VM Import can be used to migrate VMs. Snowball mitigates any bandwidth issues that may occur when using VM Import with standard Internet connections.

Explanation

Both Snowball and VM Import can be used to migrate VMs. Snowball mitigates any bandwidth issues that may occur when using VM Import with standard Internet connections.

16 / 65

Amazon S3 allows you to set per-file permissions to grant read and/or write access. However, you have decided that you want an entire bucket with 100 files already in it to be accessible to the public. You don’t want to go through 100 files individually and set permissions. What would be the best way to do this?

Use Amazon EBS instead of S3

Move the files to a new bucket.

Add a bucket policy to the bucket.

Move the bucket to a new region

Explanation

Amazon S3 supports several mechanisms that give you flexibility to control who can access your data as well as how, when, and where they can access it. Amazon S3 provides four different access control mechanisms: AWS Identity and Access Management (IAM) policies, Access Control Lists (ACLs), bucket policies, and query string authentication. IAM enables organizationsto create and manage multiple users under a single AWS account. With IAM policies, you can grant IAM users fine-grained control to your Amazon S3 bucket or objects. You can use ACLs to selectively add (grant) certain permissions on individual objects. Amazon S3 bucket policies can be used to add or deny permissions across some or all of the objects within a single bucket. With Query string authentication, you have the ability to share Amazon S3 objects through URLs that are valid for a specified period of time.

Explanation

17 / 65

You must configure a number of CloudWatch alarms to terminate and/or recover EC2 instances based on their performance metrics, and to receive an alert when such an action is triggered. Which of the following services will you need to integrate with CloudWatch to configure the alarms and alerts? (Choose 2 answers)

AWS Identity and Access Management (IAM)

AWS Config

Amazon Simple Notification Service (Amazon SNS)

Amazon EC2 System Manager

Explanation

You will need to ensure the correct permissions have been assigned to the CloudWatch service, which means working with IAM permissions. You will also need to configure a notification via SNS.

Explanation

You will need to ensure the correct permissions have been assigned to the CloudWatch service, which means working with IAM permissions. You will also need to configure a notification via SNS.

18 / 65

Which use cases would be best served by an S3 bucket ACL? (Choose 2 answers)

Implementing client-side encrypted data

Hosting databases

Making a bucket world readable for static web hosting

Enabling bucket logging

Explanation

S3 bucket access control lists are a legacy access control mechanism, created before IAM existed. S3 bucket ACLs are best used for a limited set of use cases

Explanation

S3 bucket access control lists are a legacy access control mechanism, created before IAM existed. S3 bucket ACLs are best used for a limited set of use cases

19 / 65

A client has contracted you to review their existing AWS cloud environment and recommend and implement best practice changes. You begin by reviewing existing users and Identity Access Management. You immediately notice improvements that can be made with the use of the root account and Identity Access Management. What are the best practice guidelines for use of the root account?

Never use the root account.

Use the root account to create your first IAM user and then lock away the root account.

Use the root account to create all other accounts, and share the root account with one backup administrator.

Use the root account only to create administrator accounts.

Explanation

Don’t use your AWS root account credentials to access AWS, and don’t give your credentials to anyone else. Instead, create individual users for anyone who needs access to your AWS account. Create an IAM user for yourself as well, give that user administrative privileges, and use that IAM user for all your work.

Explanation

20 / 65

Making use of a(n) ____ when creating instances in Amazon EC2 is your best solution for providing the lowest latency network communication between multiple instances in EC2.

virtual cluster

virtual private cloud

cluster placement group

isolated network

Explanation

A cluster placement group is a logical grouping of instances within a single AWS Availability Zone. Placement groups are recommended for applications that benefit from low network latency, high network throughput, or both. To provide the lowest latency, and the highest packet-per-second network performance for your placement group, choose an instance type that supports enhanced networking.

Explanation

21 / 65

You have been contracted to start building the latest and greatest mobile chat app. The schedule for this development and delivery is time critical. What correct mix of AWS services and components should you consider to ensure that your mobile chat app can be produced on time, ensuring that the mobile chat app can authenticate and authorize users?

Create an auto scaling group of EC2 instances with SAML 2.0 service endpoint, setup and install a custom LDAP directory, configure SSO within the mobile app to use the SAML 2.0 service endpoint to perform user authentication and authorization

Configure Amazon CloudFront in association with AWS WAF to perform user authentication and authorization

Create an auto scaling group of EC2 instances with custom and specialized authentication and authorization logic using SSL and JWT tokens to perform user authentication and authorization.

Configure Amazon Cognito together with IAM Roles and Policies, leverage the AWS Mobile SDK within the mobile chat app to perform user authentication and authorization

Explanation

Answer “Configure Amazon Cognito together with IAM Roles and Policies, leverage the AWS Mobile SDK within the mobile chat app to perform user authentication and authorization” is correct. The question highlights that the “development and delivery is time critical” – therefore the best approach time wise is to use the fit for purpose managed services provided by AWS – in this case, Amazon Cognito, IAM Roles and Policies, and the AWS Mobile SDK.

Explanation

22 / 65

You have begun your migration into Amazon Web Services using the AWS Database Migration Service. You are pleased that there are no errors; however, the migration tasks are running slowly. You review the resources that have been assigned to the AWS DMS replication instance, and they seem to be adequate. Which other task could you perform to help speed up the initial migration tasks?

Reduce the frequency of automatic backups.

Increase the IOPs on the replication instance.

Turn off all logging on the target database

Enable multi-availability zones on the target database instance.

Explanation

Turning off automatic backups or logging on the target database during the migration will help increase the speed of the initial migration load.

Explanation

Turning off automatic backups or logging on the target database during the migration will help increase the speed of the initial migration load.

23 / 65

Which AWS RDS engines does not support read replicas located in a separate AWS region from the primary DB?

MySQL

MariaDB

Amazon Aurora

SQL Server

Explanation

Read replicas in different regions are available in Amazon RDS for MYSQL, MariaDB, PostgreSQL, Oracle, and Aurora

Explanation

Read replicas in different regions are available in Amazon RDS for MYSQL, MariaDB, PostgreSQL, Oracle, and Aurora

24 / 65

When CloudWatch detailed monitoring is enabled, what is the minimum duration of a CloudWatch alarm?

5 minutes

30 minutes

10 minutes

1 minute

Explanation

When creating an alarm, select a period that is greater than or equal to the frequency of the metric to be monitored. For example, basic monitoring for Amazon EC2 provides metrics for your instances every 5 minutes. When setting an alarm on a basic monitoring metric, select a period of at least 300 seconds (5 minutes). Detailed monitoring for Amazon EC2 provides metrics for your instances every 1 minute. When setting an alarm on a detailed monitoring metric, select a period of at least 60 seconds (1 minute).

Explanation

25 / 65

Your organization is migrating applications to AWS. Your new security policy mandates that all user accounts be created and managed through IAM. Currently, your corporation is using Active Directory as their on-premise LDAP service. Once applications go live at AWS, all users must access applications using temporary access credentials, and all IAM users must have passwords that are rotated on a set schedule. Which of the following actions will allow you to enforce this security policy? (Choose 3 answers)

Disable the root account for your AWS account.

Create required IAM user accounts

Deploy federation services that support the Security Token Service

Create and enforce a password expiration policy option for all IAM users.

Explanation

STS is the “glue” that supports temporary access credentials for federation. If you are running code, AWS CLI, or Tools for Windows PowerShell commands inside an EC2 instance, you can take advantage of roles for Amazon EC2. Otherwise, you can call an AWS STS API to get the temporary credentials, and then use them explicitly to make calls to AWS services.

Explanation

26 / 65

You are managing a group of EC2 instances in your company’s VPC. Your VPC has been experiencing much higher network traffic than expected and it is not expected to subside. You are considering using EC2 instances with enhanced networking capability. What benefits can enhanced networking instances provide? (Choose 3 answers)

Enhanced network security

Less jitter

More packets per second

Lower latency

Explanation

Enhanced networking uses single root I/O virtualization (SR-IOV) to provide high-performance networking capabilities on supported instance types. SR-IOV is a method of device virtualization that provides higher I/O performance and lower CPU utilization when compared to traditional virtualized network interfaces. Enhanced networking provides higher bandwidth, higher packet per second (PPS) performance, and consistently lower inter-instance latencies.

Explanation

27 / 65

You are building a system to distribute confidential documents to employees across the world. Using CloudFront, what method could be used to serve content that is stored in S3, but not publically accessible from S3 directly?

Create an Identity and Access Management (IAM) User for CloudFront and grant access to the objects in your S3 bucket to that IAM User.

Add the CloudFront account security group “amazon-cf/amazon-cf-sg” to the appropriate S3 bucket policy.

Create a S3 bucket policy that lists the CloudFront distribution ID as the Principal and the target bucket as the Amazon Resource Name (ARN).

Create an Origin Access Identity (OAI) for CloudFront and grant access to the objects in your S3 bucket to that OAI.

Explanation

You restrict access to Amazon S3 content by creating an origin access identity, which is a special CloudFront user. You change Amazon S3 permissions to give the origin access identity permission to access your objects, and to remove permissions from everyone else. When your users access your Amazon S3 objects using CloudFront URLs, the CloudFront origin access identity gets the objects on your users’ behalf. If your users try to access objects using Amazon S3 URLs, they’re denied access. The origin access identity has permission to access objects in your Amazon S3 bucket, but users don’t.

Explanation

28 / 65

You’ve been assigned to assist a client in the creation of their AWS Virtual Private Cloud (VPC). You are shadowing their IT admin to allow the admin to create the VPC, learn, and benefit from your guidance. Which VPC components are optional and should be created at the discretion of the customer? (Choose 3 answers)

NAT Gateways

Route Tables

Internet Gateways

Virtual Private Gateways

Explanation

The optional components of a VPC are available for situational use in the VPC. An internet gateway needs to be created to give instances within the VPC internet access. By creating the Internet Gateway and creating a route in the route table to the Internet Gateway the instances will be able to access the internet. NAT Gateway perform a similar function to Internet Gateways but they are used for instances within private subnets. Virtual Private Gateways facilitate connectivity between the VPC and an on-premises network.

Explanation

29 / 65

A user manages a running MySQL RDS instance that will not be used for the next three months. What is the most effective way to avoid costs for the database, and allow it to be used in three months time? (Choose 2 answers)

Save the most recent snapshot from RDS automated backup

Stop the RDS instance

Create a manual snapshot of the DB instance

Delete the DB instance

Explanation

Because the user needs to stop the instance for 3 months, the most cost-effective option is to create a manual snapshot of the RDS instance to launch later, and terminate the current RDS instance. Stopping the instance is not ideal in this case because the instance will be restarted automatically by Amazon after seven days. Amazon will also charge for provisioned and backup storage.

The best option is to create a manual snapshot of the instance, which can be stored for any length of time, and will not be deleted if the original instance is deleted. Note an automatic snapshot has a limited retention period, and will be deleted if the original instance is deleted. The user will only be charged for storage in this case if the user exceeds his/her default storage space

Explanation

30 / 65

A user comes to you and wants access to Amazon CloudWatch but only wants to monitor a specific LoadBalancer. Is it possible to give him access to a specific set of instances or a specific LoadBalancer?

Yes. You can use IAM to control access to CloudWatch data for specific resources

Yes. Any user can see all CloudWatch data and needs no access rights.

No because you can’t use IAM to control access to CloudWatch data for specific resources

No because you need to be Sysadmin to access CloudWatch data.

Explanation

Amazon CloudWatch integrates with AWS Identity and Access Management (IAM) so that you can specify which CloudWatch actions a user in your AWS Account can perform. For example, you could create an IAM policy that gives only certain users in your organization permission to use GetMetricStatistics. They could then use the action to retrieve data about your cloud resources. You can’t use IAM to control access to CloudWatch data for specific resources. For example, you can’t give a user accessto CloudWatch data for only a specific set of instances or a specific LoadBalancer. Permissions granted using IAM coverall the cloud resources you use with CloudWatch. In addition, you can’t use IAM roles with the Amazon CloudWatch command line tools. Using Amazon CloudWatch with IAM doesn’t change how you use CloudWatch. There are no changes to CloudWatch actions, and no new CloudWatch actions related to users and access control.

Explanation

31 / 65

Your company has a VPC with one public and one private subnet. The EC2 instances in the private subnet are configured to access the internet via a network access translation (NAT) instance.

However, the EC2 instances in the private subnet are currently unable to connect to the internet, and you need to troubleshoot the issue.

First, you verify that the security groups are configured correctly, and that the EC2 instances in the public subnet can connect to destinations on the Internet via the VPC’s internet gateway. It also appears that the NAT instance can access the Internet. The access control list (ACL) for the public subnet has one line allowing inbound HTTP traffic.

What steps can you take to enable the private EC2 instances to access the Internet? (Choose 2 answers)

Enable Source/Destination checks on the NAT instance.

Disable Source/Destination checks on the EC2 instances.

Add an ACL rule allowing outbound HTTP traffic

Disable Source/Destination checks on the NAT instance.

Explanation

There are some issues that could cause EC2 instances in a VPC to be unable to reach the Internet, including the following. An Internet Gateway must be attached to the VPC for a public subnet. Ingress and egress for Security Groups and Access Control Lists must be correct. EC2 instances in a private subnet need a NAT instance or a NAT Gateway, and for a NAT instance’s source/destination checks must be turned off. EC2 instances in a public subnet must have a route to the Internet Gateway in the route table

Explanation

32 / 65

What is the network performance offered by the c4.8xlarge instance in Amazon EC2?

10 Gigabit

Very High but variable

20 Gigabit

5 Gigabit

Explanation

Networking performance offered by the c4.8xlarge instance is 10 Gigabit

Explanation

Networking performance offered by the c4.8xlarge instance is 10 Gigabit

33 / 65

You are designing a AWS cloud environment for a client who has a contract with a federal government agency. The cloud environment will have multiple VPCs and be in multiple regions. The government agency wants to whitelist only a handful of instances in your organization. This will dictate that these instances have static IP addresses. Elastic ip addresses can be used to keep a fixed set of IP addresses. How can the Elastic IP addresses (EIP) be used in this environment?

EIPs can be moved from one instance to another in multiple VPCs within the same region

EIPs can be moved from one instance to another in multiple VPCs and multiple regions

EIPs can be moved from one instance to another within the same Availability Zone

EIPs are attached to an instance and exist only for the life of that instance

Explanation

An Elastic IP address is associated with your AWS account. With an Elastic IP address, you can mask the failure of an instance or software by rapidly remapping the address to another instance in your account. You can disassociate an Elastic IP address from a resource, and reassociate it with a different resource. A disassociated Elastic IP address remains allocated to your account until you explicitly release it. An Elastic IP address is for use in a specific region only.

Explanation

34 / 65

An organization has set up an application on AWS. The organization wants to achieve scalability and high availability for the application, which should scale up and down to address workload changes on the application.

Which configuration step is not required in this scenario?

Set up a schedule to shut off the instance when the instance is not in use.

Create an AMI of a running instance and configure that AMI with Auto Scaling

Set up EC2 instance bootstrapping to start the web and DB servers on instance boot.

Set up an ELB load balancer with instances to distribute the load on the web server

Explanation

Amazon EC2 allows the user to launch On-Demand instances. Auto Scaling offers automation which can scale up or down resources as per the configured policy.

To set up Auto Scaling, the organization must first create an AMI. The organization should set up bootstrapping for the AMI so that when the instance is launched, it will automatically start the app server and DB server.

The organization should also setup ELB with instances to distribute the incoming load. Auto Scaling should be configured to scale up and down based on the application load and not on a particular schedule.

Explanation

Amazon EC2 allows the user to launch On-Demand instances. Auto Scaling offers automation which can scale up or down resources as per the configured policy.

35 / 65

Your company wants to migrate an on-premises SQL Server DB to AWS RDS SQL Server. As the DBA, you have determined that your database can be offline while the backup is created, copied, and restored. You decide to use native backup and restore. Which steps are required during setup? (Choose 3 answers)

Create an Amazon S3 bucket for your backup files

Add the SQLSERVER_BACKUP_RESTORE option to an option group on your DB instance.

Create an AWS IAM role for access to the S3 bucket

Turn on compression for your backup files by running “exec rdsadmin..rds_set_configuration ‘S3 backup compression’, ‘true.’”

Explanation

There are three components you’ll need to set up for native backup and restore: an Amazon S3 bucket to store your backup files; an AWS Identity and Access Management (IAM) role to access the bucket, and the SQLSERVER_BACKUP_RESTORE option added to an option group on your DB instance.

Explanation

36 / 65

AWS Simple Email Service.

AWS Simple Queue Service.

AWS Simple Notification Service.

AWS Simple Workflow Service.

Explanation

37 / 65

You are setting up some EBS volumes for a customer who has requested a setup which includes a RAID (redundant array of inexpensive disks). AWS has some recommendations for RAID setups. Which RAID setup is not recommended for Amazon EBS?

RAID 5 and RAID 6

RAID 1 only

RAID 1 and RAID 6

RAID 5 only

Explanation

With Amazon EBS, you can use any of the standard RAID configurations that you can use with a traditional bare metal server, as long as that particular RAID configuration is supported by the operating system for your instance. This is because all RAID is accomplished at the software level. For greater I/O performance than you can achieve with a single volume, RAID 0 can stripe multiple volumes together, for on-instance redundancy, RAID 1 can mirror two volumes together. RAID 5 and RAID 6 are not recommended for Amazon EBS because the parity write operations of these RAID modes consume some of the IOPS available to your volumes

Explanation

38 / 65

You are designing your company’s new RDS database environment. Your design include multi-AZ for high availability and you have intentions of reviewing scalability options. But first, you need to determine which storage option meets your performance and cost requirements. You expect to have a small database that could grow to medium sized over time. You also want to have burst performance to meet short term spikes. Which storage option is best for you?

Magnetic

Provisioned IOPS (SSD)

Dual core processors

General Purpose (SSD)

Explanation

Amazon RDS provides three storage types: magnetic, General Purpose (SSD), and Provisioned IOPS (input/output operations per second). They differ in performance characteristics and price, allowing you to tailor your storage performance and cost to the needs of your database workload. General purpose is good for small to medium sized databases and has the burst to handle spikes.

Explanation

39 / 65

You need to create an Amazon Machine Image (AMI) for a customer for an application which does not appear to be part of the standard AWS AMI template that you can see in the AWS console. What are the alternative possibilities for creating an AMI on AWS ?

Only AWS can create AMIs and you need to request them to create one for you.

Only AWS can create AMIs and you need to wait till it becomes available.

You can purchase an AMIs from a third party but cannot create your own AMI

You can purchase an AMIs from a third party or can create your own AMI.

Explanation

You can purchase an AMIs from a third party, including AMIs that come with service contracts from organizations such as Red Hat. You can also create an AMI and sell it to other Amazon EC2 users. After you create an AMI, you can keep it private so that only you can use it, or you can share it with a specified list of AWS accounts. You can also make your custom AMI public so that the community can use it. Building a safe, secure, usable AMI for public consumption is a fairly straightforward process, if you follow a few simple guidelines.

Explanation

40 / 65

Your company is concerned with EBS volume backup on Amazon EC2 and wants to ensure they have proper backups that are scheduled once a day and that the data is durable. Which of the following options would be best for this? (Choose 2 answers)

Write a Lambda function to take a snapshot of production EBS volumes

Use the AWS Console to take a snapshot of production EBS volumes

Write a cronjob and implement it via CloudWatch Events to take a snapshot of production EBS volumes

Use the AWS Console to stop the instance, copy it to AWS Glacier and then start the instance again.

Explanation

The data is durable because EBS snapshots are stored on the Amazon S3 standard storage class.
You cannot schedule snaphots in the AWS Console.

Explanation

The data is durable because EBS snapshots are stored on the Amazon S3 standard storage class.
You cannot schedule snaphots in the AWS Console.

41 / 65

Updates to your DB Instance are synchronously replicated across S3 to the standby in order to keep both in sync and protect your latest database updates against DB Instance failure.

Your database will not resume operation without manual administrative intervention.

Updates to your DB Instance are asynchronously replicated across Availability Zones to the standby in order to keep both in sync and protect your latest database updates against DB Instance failure.

Updates to your DB Instance are synchronously replicated across Availability Zones to the standby in order to keep both in sync and protect your latest database updates against DB Instance failure.

Explanation

42 / 65

What features of VPC security groups are correct? (Choose 2 answers)

You can change the security group that an instance is associated with after launch and the changes will take effect immediately.

Security Groups are stateless.

You can specify only deny rules, not allow rules.

Instances associated with the same security group can not talk to each other unless rules are added specifically allowing communication.

Explanation

Instances associated with a security group can’t talk to each other unless you add rules allowing it (exception: the default security group has these rules by default). By default, a security group includes an outbound rule that allows all outbound traffic. You can remove the rule and add outbound rules that allow specific outbound traffic only. If your security group has no outbound rules, no outbound traffic is allowed.

Explanation

43 / 65

You have configured an AWS cloud environment for an ecommerce company. This environment is heavily reliant upon being highly available as downtime will lose the company a great deal of money. You monitor this environment very closely with numerous CloudWatch alarms. Recently you are seeing ‘InsufficientInstanceCapacity’ errors during auto scaling attempts during peak hours from 4:00 – 9:00 pm EST. This is causing costly downtime. Which option will best handle this situation?

Use spot instances in place of on-demand instances

Scale up your RDS instance for more capacity

Purchase Scheduled Reserved Instances for peak hours

Increase the maximum size of you auto scaling group to add more capacity

Explanation

If you get an InsufficientInstanceCapacity error when you try to launch an instance or start a stopped instance, AWS does not currently have enough available capacity to service your request. In this situation, reserved instances offer the required reliability to avoid outages and loss of money. Reserved Instances are a long-term capacity reservation, and you will not have to rely on Amazon having enough on-demand capacity. Usually these capacity issues are short term, but due to the nature of the company even short outages can be very costly.

Explanation

44 / 65

_____ is a useful and powerful tool within Billing and Cost Management. It allows you to view historical billing information in a graphical format giving you greater insight to your AWS spend.

AWS Cost Explorer

Consolidated Billing

AWS Budgets

Cost Allocation Tags

Explanation

Cost Explorer, this is a useful and powerful tool within Billing and Cost Management. It allows you to view historical billing information in a graphical format giving you greater insight to your AWS spend. A valuable tool that can help to identify where you should be focusing your cost optimization efforts. It also can forecast your estimated spend up to two months ahead using existing data as a reference. If you can see that your estimated future bills are becoming too high, you have the time now to identify where you can make and initiate cost reduction mechanisms to help mitigate the risk.

Cost Explorer comes configured with three pre-defined views which are commonly used to analyze spending across your account:

Monthly Spend by Service view – this covers the current and previous two months and is grouped by AWS services
Monthly Spend by Linked Account View – this covers the current and previous two months and is grouped by linked accounts
Daily Spend view – this covers the daily spend over the previous sixty days

Explanation

Cost Explorer comes configured with three pre-defined views which are commonly used to analyze spending across your account:

Monthly Spend by Service view – this covers the current and previous two months and is grouped by AWS services
Monthly Spend by Linked Account View – this covers the current and previous two months and is grouped by linked accounts
Daily Spend view – this covers the daily spend over the previous sixty days

45 / 65

An EC2 instance has one additional EBS volume attached to it. How can a user attach the same volume to another running instance in the same availability zone?

Detach the volume first and attach it to new instance

Attach the volume as read-only to the second instance

Terminate the first instance and only then attach it to the new instance

No need to detach. Just select the volume and attach it to the new instance, it will take care of mapping internally.

Explanation

If an EBS volume is attached to a running EC2 instance, the user needs to detach the volume from the original instance and then attach it to a new running instance. The user doesn’t need to stop or terminate the original instance.

Explanation

46 / 65

You have a number of image files to encode. In an Amazon SQS worker queue, you create an Amazon SQS message for each file specifying the command (jpeg-encode) and the location of the file in Amazon S3. Which of the following statements best describes the functionality of Amazon SQS?

Amazon SQS is a distributed queuing system that is optimized for vertical scalability and for single-threaded sending or receiving speeds

Amazon SQS is for single-threaded sending or receiving speeds.

Amazon SQS is a distributed queuing system that is optimized for horizontal scalability, not for single-threaded sending or receiving speeds.

Amazon SQS is a non-distributed queuing system.

Explanation

Amazon SQS is a distributed queuing system that is optimized for horizontal scalability, not for single-threaded sending or receiving speeds. A single client can send or receive Amazon SQS messages at a rate of about 5 to 50 messages per second. Higher receive performance can be achieved by requesting multiple messages (up to 10) in a single call. It may take several seconds before a message that has been to a queue is available to be received.

Explanation

47 / 65

Your web-based application has been launched publicly. Your design has implemented auto scaling and classic load balancing and your design is responding to the changes in demand as expected. Over the next few months, during the holiday season, demand is expected to be quite robust. You estimate that 100 EC2 instances will be required to meet your customers’ demand. How should you plan properly for growth? (Choose 2 answers)

Contact Amazon to pre-warm your elastic load balancer to match the expected demands.

Add a second load balancer for additional redundancy

Change your auto scaling configuration, setting a desired maximum capacity of 100 instances. Verify your limits allow for this capacity

Use AWS Trusted Advisor to analyze your workload requirements

Explanation

In certain scenarios, such as when flash traffic is expected, or in the case where a load test cannot be configured to gradually increase traffic, AWS recommends that you have your load balancer “pre-warmed”. They will configure the load balancer to have the appropriate level of capacity based on the traffic that you expect. They also need to know the start and end dates of your tests or expected flash traffic, the expected request rate per second and the total size of the typical request/response that you will be testing

Explanation

48 / 65

A user is planning to make a mobile game which can be played online over the internet with multiplayer functionality or played offline individually, this game will be hosted on EC2. The user wants to ensure that if someone breaks the highest score or they achieve some milestone they can inform all their colleagues through emails. Which of the below mentioned AWS services would be best suited to achieve this goal?

Amazon Cognito

AWS Simple Email Service.

AWS Simple Workflow Service

AWS Simple Queue Service

Explanation

Amazon Simple Email Service (Amazon SES) is a highly scalable and cost-effective email-sending service for businesses and developers. It integrates with other AWS services, making it easy to send emails from applications that are hosted on AWS

Explanation

49 / 65

In Amazon Route 53, which of the following failover configurations should be used when you want a primary group of resources to be available the majority of the time and you want a secondary group of resources to be on standby in case all of the primary resources become unavailable?

Active-active-passive failover

Active-active failover

Active-passive failover

Passive-passive failover

Explanation

In Amazon Route 53, you can use the active-passive failover configuration when you want a primary group of resources to be available the majority of the time and you want a secondary group of resources to be on standby in case all of the primary resources become unavailable. When responding to queries, Amazon Route 53 includes only the healthy primary resources. If all of the primary resources are unhealthy, Amazon Route 53 begins to include only the healthy secondary resources in response to DNS queries.

Explanation

50 / 65

The user should use the same encryption key for all versions of the same object

Amazon S3 does not allow the user to upload his own keys for server side encryption

It is possible to have different encryption keys for different versions of the same object

The SSE-C does not work when versioning is enabled

Explanation

51 / 65

A user has created a subnet in VPC and launched an EC2 instance within it. The user has not selected the option to assign the IP address while launching the instance. The user has 3 elastic IPs and is trying to assign one of the Elastic IPs to the VPC instance from the console. The console does not show any instance in the IP assignment screen. What is a possible reason thatthe instance is unavailable in the assigned IP console?

The IP address belongs to a different zone than the subnet zone

The IP address may be attached to one of the instances

The user has not created an internet gateway

The IP addresses belong to EC2 Classic, so they cannot be assigned to VPC

Explanation

A Virtual Private Cloud (VPC) is a virtual network dedicated to the user’s AWS account. A user can create a subnet with VPC and launch instances inside that subnet. When the user is launching an instance he needs to select an option which attaches a public IP to the instance. If the user has not selected the option to attach the public IP, then it will only have a private IP when launched. If the user wants to connect to an instance from the Internet, he should create an elastic IP with VPC. If the elastic IP isa part of EC2 Classic, it cannot be assigned to a VPC instance.

Explanation

52 / 65

Your company is considering migrating to AWS, but they are concerned about the initial and mid- to short-term costs due to the complexity of the migration cycle. To effectively calculate the total cost of ownership, certain costs must be understood and planned for.

What costs should be primary considerations? (Choose 3 answers)

The cost of running duplicate environments

The cost of using a Direct Link connection

The cost of outside consulting services

The cost of running migration tools

Explanation

Failing to accurately estimate your costs before migration and during the migration process is a recipe for disaster. To build a migration model for optimal efficiency, it is important to accurately understand the current costs of running on-premises applications, as well as the interim costs incurred during the transition

Explanation

53 / 65

Does AWS CloudFormation support Amazon EC2 tagging?

No, it doesn’t support Amazon EC2 tagging.

It depends if the Amazon EC2 tagging has been defined in the template.

No, CloudFormation doesn’t support any tagging

Yes, AWS CloudFormation supports Amazon EC2 tagging

Explanation

In AWS CloudFormation, Amazon EC2 resources that support the tagging feature can also be tagged in an AWS template. The tag values can refer to template parameters, other resource names, resource attribute values (e.g. addresses), or values computed by simple functions (e.g., a concatenated list of strings).

Explanation

54 / 65

You run a stateless web application with the following components:

An Application Load Balancer (ALB)
A two-tier application with frontend instances processing user requests, and backend RDS MySQL instances
The MySQL RDS database offers a maximum of 3000 IOPS with Provisioned IOPS

You notice that the average response time for users is increasing. Looking at CloudWatch, you observe 85% CPU usage on the web and application servers and 20% CPU usage on the database. The average number of database disk operations varies between 1000 and 1500. How would you improve performance? (Choose 2 answers)

Use Amazon RDS Read Replicas to improve your throughput

Use EC2 Auto Scaling to add additional frontend instances based on the CPU load threshold

Replace the backend RDS database instances with Aurora database engine

Choose a different EC2 instance type for the frontend servers with a more appropriate CPU/Memory ratio

Explanation

Because of the 97% CPU usage on the Web/Application servers using larger instance types or using auto scaling to add more servers will alleviate this problem.

You have 3000 provisioned IOPS and the average number of database disk operations varies between 1000 and 1500 so you do not need to change your database at all.

Explanation

Because of the 97% CPU usage on the Web/Application servers using larger instance types or using auto scaling to add more servers will alleviate this problem.

You have 3000 provisioned IOPS and the average number of database disk operations varies between 1000 and 1500 so you do not need to change your database at all.

55 / 65

A company needs to maintain system access logs for a minimum of 2 years due to financial compliance policies. Logs are rarely accessed, and access must be requested at least 12 hours in advance. What is the most cost-effective method to store logs that satisfies the compliance requirement, and delivers logs as requested in a timely manner?

Store the logs in Amazon S3 in the S3 One Zone-IA storage class. Configure a lifecycle policy to delete the logs after 2 years.

Store the logs in CloudWatch logs and configure a 2 years retention period.

Store the logs in Amazon S3 in the Intelligent-Tiering storage class. Configure a lifecycle policy to delete the logs after 2 years.

Store the logs in Amazon S3 in the S3 Glacier Deep Archive storage class. Configure a lifecycle policy that deletes the logs after 2 years.

Explanation

Amazon S3 Glacier Deep Archive storage class is the cheapest storage class in AWS, and the information can be retrieved within 12 hours.

The other options offer some cost savings compared to Amazon S3 Standard storage class, but Intelligent tiering would not cycle the files to an archive storage class for roughly 120 days, and the One Zone-IA storage class would provide some cost savings, but offers less durable storage, so the likelihood of losing logs is higher.

Explanation

Amazon S3 Glacier Deep Archive storage class is the cheapest storage class in AWS, and the information can be retrieved within 12 hours.

56 / 65

Your company is migrating their environment to AWS. The legacy environment relied on Chef for automation, and your engineers are comfortable with that solution. In addition, your compliance officer has indicated that the new environment needs centralized, auditable configuration management for regulatory reasons. Which of the following AWS automation tools is most appropriate for this scenario?

CloudFormation

OpsWorks stacks

OpsWorks for Chef Automate

Elastic Beanstalk

Explanation

OpsWorks stacks will let you utilize your existing Chef recipes, but only OpsWorks for Chef Automate will provide you with centralized, continuous configuration management.

Explanation

OpsWorks stacks will let you utilize your existing Chef recipes, but only OpsWorks for Chef Automate will provide you with centralized, continuous configuration management.

57 / 65

You are assisting an IT administrator for a client company over the phone. The administrator has created a public subnet and had added two EC2 instances to this subnet. But he is unable to access the Internet from these new EC2 instances and is asking for your assistance. What general checks can he make to ensure proper configuration and Internet access? (Choose 3 answers)

He should check to ensure Network ACLs and Security Groups allow ingress and egress.

He should check that the EC2 instances have either a public IP address or an Elastic IP address.

He should check that an Internet Gateway is configured and that the route table routes Internet traffic to the Internet gateway.

He should check that an Virtual Private Gateway is configured and that the route table routes internet traffic to the Internet gateway.

Explanation

To enable access to or from the Internet for instances in a VPC subnet, you must do the following:

Attach an Internet gateway to your VPC.
Ensure that your subnet’s route table points to the Internet gateway.
Ensure that instances in your subnet have a globally unique IP address (public IPv4 address, Elastic IP address, or IPv6 address).
Ensure that your network access control and security group rules allow the relevant traffic to flow to and from your instance.

Explanation

To enable access to or from the Internet for instances in a VPC subnet, you must do the following:

Attach an Internet gateway to your VPC.
Ensure that your subnet’s route table points to the Internet gateway.
Ensure that instances in your subnet have a globally unique IP address (public IPv4 address, Elastic IP address, or IPv6 address).
Ensure that your network access control and security group rules allow the relevant traffic to flow to and from your instance.

58 / 65

A gaming company comes to you and asks you to build infrastructure for their site. They are not sure how big they will be because, as with all startups, they have limited money and big ideas. What they do tell you is that if the game becomes successful, like one of their previous games, it may rapidly grow to millions of users and generate tens (or even hundreds) of thousands of writes and reads per second. After considering all of this, you decide that they need a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability and persistent storage. Which of the following databases do you think would best fit their needs?

Amazon Elasticache

Amazon Redshift

Amazon Aurora

Amazon DynamoDB

Explanation

Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. Amazon DynamoDB enables customers to offload the administrative burdens of operating and scaling distributed databases to AWS, so they don’t have to worry about hardware provisioning, setup and configuration, replication, software patching, or cluster scaling.

Today’s web-based applications generate and consume massive amounts of data. For example, an online game might start out with only a few thousand users and a light database workload consisting of 10 writes per second and 50 reads per second. However, if the game becomes successful, it may rapidly grow to millions of users and generate tens (or even hundreds) of thousands of writes and reads per second. It may also create terabytes or more of data per day. Developing your applications against Amazon DynamoDB enables you to start small and simply dial-up your request capacity for a table as your requirements scale, without incurring downtime. You pay highly cost-efficient rates for the request capacity you provision, and let Amazon DynamoDB do the work over partitioning your data and traffic over sufficient server capacity to meet your needs. Amazon DynamoDB does the database management and administration, and you simply store and request your data. Automatic replication and failover provides built-in fault tolerance, high availability, and data durability. Amazon DynamoDB gives you the peace of mind that your database is fully managed and can grow with your application requirements.

Explanation

59 / 65

Your company allows technical personnel to manage their own S3 buckets. But there have been too many instances of users deleting important project related data. What additional steps can you take to prevent accidental deletion or overwriting of data? (Choose 3 answers)

Add versioning

Create read replicas.

Add cross-region replication

Add MFA Delete

Explanation

Amazon S3 storage offers very high durability, but it is still a best practice to protect against user level deletion or overwriting of data using versioning, cross-region replication, and MFA Delete.

Explanation

60 / 65

You have been put in charge of your company’s AWS RDS environment. You have begun designing a highly available RDS database using MySQL. You’ve designed the failover solution using multi-AZ. Additionally, you would like to design a proactive environment that self corrects before a failover occurs. You are reviewing ways to increase the I/O capacity of a DB instance. Which method is not an appropriate way to increase I/O for a database?

Convert the database from MySQL to MariaDB

If you are already using Provisioned IOPS storage, provision additional throughput capacity.

Migrate to a DB instance class with High I/O capacity.

Convert from standard storage to either General Purpose or Provisioned IOPS storage

Explanation

If your database workload requires more I/O than you have provisioned, recovery after a failover or database failure will be slow. To increase the I/O capacity of a DB instance, do any or all of the following:

Migrate to a DB instance class with High I/O capacity.
Convert from standard storage to either General Purpose or Provisioned IOPS storage, depending on how much of an increase you need.
If you convert to Provisioned IOPS storage, make sure you also use a DB instance class that is optimized for Provisioned IOPS.
If you are already using Provisioned IOPS storage, provision additional throughput capacity.

Explanation

Migrate to a DB instance class with High I/O capacity.
Convert from standard storage to either General Purpose or Provisioned IOPS storage, depending on how much of an increase you need.
If you convert to Provisioned IOPS storage, make sure you also use a DB instance class that is optimized for Provisioned IOPS.
If you are already using Provisioned IOPS storage, provision additional throughput capacity.

61 / 65

You are designing an AWS cloud environment for a new client. You will be responsible for designing and implementing the solution while also training their IT personnel to eventually take over administration of the environment. a major part of your task will be educating them on IAM and how to administer IAM moving forward. Which action can be authorized by IAM and is something for which you will have to prepare training material?

Querying a DynamoDB database

Querying a SQL Server database

Launching an EC2 instance

Connecting to on-premises Active Directory

Explanation

If an IAM user wants to launch an EC2 instance, you need to grant the EC2 RunInstance permission to that user. If the EC2 instance should include an instance profile—that is, if applications in the EC2 instance will be able to get temporary security credentials via an IAM role—the user who launches the EC2 instance must also have the IAM PassRole permission. Not only that, but the user might need PassRole permission to associate a specific role with the EC2 instance.

Explanation

62 / 65

What is the default maximum number of Access Keys per user?

The default maximum number of Access Keys per user is 2

63 / 65

You have a lot of data stored in the AWS Storage Gateway and your manager has come to you asking about how the billing is calculated, specifically the Virtual Tape Shelf usage. What would be a correct response to this?

You are billed for the virtual tape data you store in Amazon Glacier and are billed for the size of the virtual tape

You are billed for the virtual tape data you store in Amazon Glacier and billed for the portion of virtual tape capacity that you use, not for the size of the virtual tape.

You are billed for the virtual tape data you store in Amazon S3 and billed for the portion of virtual tape capacity that you use, not for the size of the virtual tape.

You are billed for the virtual tape data you store in Amazon S3 and are billed for the size of the virtual tape.

Explanation

The AWS Storage Gateway is a service connecting an on-premises software appliance with cloud-based storage to provide seamless and secure integration between an organization’s on-premises IT environment and AWS’s storage infrastructure. AWS Storage Gateway billing is as follows. Volume storage usage (per GB per month): You are billed for the Cached volume data you store in Amazon S3. You are only billed for volume capacity you use, not for the size of the volume you create. Snapshot Storage usage (per GB per month): You are billed for the snapshots your gateway stores in Amazon S3. These snapshots are stored and billed as Amazon EBS snapshots. Snapshots are incremental backups, reducing your storage charges. When taking a new snapshot, only the data that has changed since your last snapshot is stored. Virtual Tape Library usage (per GB per month): You are billed for the virtual tape data you store in Amazon S3. You are only billed for the portion of virtual tape capacity that you use, not for the size of the virtual tape. Virtual Tape Shelf usage (per GB per month): You are billed for the virtual tape data you store in Amazon Glacier. You are only billed for the portion of virtual tape capacity that you use, not for the size of the virtual tape

Explanation

64 / 65

You are the DevOps engineer at a mid-sized technology firm, responsible for the automated disaster recovery of your company’s AWS infrastructure. Your supervisor has recently learned about the EC2 Auto Recovery feature, and she has asked you to evaluate whether or not it would be a good fit for your environment. She is particularly interested in the types of failures it can detect. Which conditions would be detectable by EC2 Auto Recovery? (Choose 3 answers)

Software or hardware issues on the physical host (hypervisor)

Application errors or crashes

Loss of system power

Loss of network connectivity

Explanation

EC2 Auto Recovery can detect any condition that will cause a system status check to fail, including hypervisor problems or loss of power/network connectivity.

Explanation

EC2 Auto Recovery can detect any condition that will cause a system status check to fail, including hypervisor problems or loss of power/network connectivity.

65 / 65

As the lead architect managing the migration from an on-premises data center to the AWS cloud, you are currently considering the most effective network configuration to meet your requirements.

You want your application servers, which will be hosted within Amazon VPC on multiple EC2 instances in a private subnet, to be able to send read and write requests to specific DynamoDB tables without sending HTTP requests over the public internet or VPN.

How can you allow EC2 to connect with your DynamoDB tables given these requirements?

Create a VPC peering connection

Create a VPC Gateway Endpoint

Create a dedicated network connection with Direct Connect

Create a VPC Interface Endpoint

Explanation

You can create a VPC Gateway Endpoint to allow resources within a VPC to connect to DynamoDB without network communication extending outside your own VPC.

Explanation

You can create a VPC Gateway Endpoint to allow resources within a VPC to connect to DynamoDB without network communication extending outside your own VPC.

Your score is

The average score is 44%

LinkedIn Facebook Twitter

Please rate your experience to help us improve !

Need more practice ? take the AWS Certified Solutions Architect Associate (SAA) – Learning mode

Follow Us

Basic & Fundamentals

Recent Posts

Most Read

AWS Certified Solutions Architect Associate (SAA02) – Free Practice Tests

AWS Certified Solutions Architect Associate (SAA) – Learning Mode

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

AWS Certified Solutions Architect Associate (SAA) – Exam Mode

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation