AWS Certified Solutions Architect Associate (SAA02) - Free Practice Tests

This AWS practice test helps you to pass the following AWS exams and can also helps you to revise the AWS concepts if you are preparing for AWS interviews.

AWS Certified Solutions Architect Associate
AWS Certified Cloud Practitioner

Below AWS practice tests has two different Modes

Learning Mode: 25 questions per test with answers and explanation, no time limit, repeat tests
Exam Mode: 65 questions per test (similar to real AWS exam), 130 minutes, repeat tests

AWS Certified Solutions Architect Associate (SAA) – Learning Mode

/25

10 votes, 4.5 avg

332

1 / 25

An accountant asks you to design a small VPC network for him and, due to the nature of his business, just needs something where the workload on the network will be low, and dynamic data will be accessed infrequently. Being an accountant, low cost is also a major factor. Which EBS volume type would best suit his requirements?

General Purpose (SSD)

Magnetic

Any, as they all perform the same and cost the same

Magnetic or Provisioned IOPS (SSD)

Explanation

You can choose between three EBS volume types to best meet the needs of their workloads: General Purpose (SSD), Provisioned IOPS (SSD), and Magnetic. General Purpose (SSD) is the new, SSD-backed, general purpose EBS volume type that we recommend as the default choice for customers. General Purpose (SSD) volumes are suitable for a broad range of workloads, including small to medium sized databases, development and test environments, and boot volumes. Provisioned IOPS (SSD) volumes offer storage with consistent and low-latency performance, and are designed for I/O intensive applications such as large relational or NoSQL databases. Magnetic volumes provide the lowest cost per gigabyte of all EBS volume types. Magnetic volumes are ideal for workloads where data is accessed infrequently, and applications where the lowest storage cost is important

Explanation

2 / 25

A user has launched an EBS-backed EC2 instance with a Windows operating system. Which statement is correct regarding how Windows instances are billed when rebooted or stopped and restarted?

For rebooting AWS charges extra only once, while for every stop/start the user will be charged as a separate hour

For rebooting AWS does not charge a new instance hour, while every stop or restart will be charged fee for a new instance hour as a separate hour

Every reboot is charged by AWS as a separate hour, while multiple start/stop actions during a single hour will be counted as a single hour.

For every reboot or start/stop, the user will be charged as a separate hour.

Explanation

For an EC2 instance launched with an EBS backed Windows AMI, each time the instance state is changed from stop to start/ running, AWS charges restart a new per-hour charge. Effective October 2, 2017, charges are calculated on a per-second basis for On-Demand, Spot and Reserved instances with Linux operating systems, with a minimum one-minute charge. Regardless of operating system, rebooting an instance AWS does not incur a charge an hour or one-minute minimum charge.

Explanation

3 / 25

Which of the following accurately describes Elastic Load Balancing? (Choose 3 answers)

Elastic Load Balancing ensures that only healthy Amazon EC2 instances receive traffic by detecting unhealthy instances and rerouting traffic across the remaining healthy instances.

Elastic Load Balancing delivers your content through a worldwide network of edge locations.

Elastic Load Balancing works with Amazon Virtual Private Cloud (VPC) to provide robust networking and security features.

Elastic Load Balancing automatically scales its request handling capacity to meet the demands of application traffic.

Explanation

Elastic Load Balancing works with Amazon Virtual Private Cloud (VPC) to provide robust networking and security features. Elastic Load Balancing ensures that only healthy Amazon EC2 instances receive traffic by detecting unhealthy instances and rerouting traffic across the remaining healthy instances. Elastic Load Balancing automatically scales its request handling capacity to meet the demands of application traffic.

CloudFront delivers your content through a worldwide network of edge locations. Using Elastic Beanstalk, you can quickly deploy and manage applications in the AWS Cloud without worrying about the infrastructure that runs those applications

Explanation

4 / 25

You have been assigned to work with a manufacturing company that wants to migrate to a Virtual Private Cloud. Their technical lead is very proactive and and would like to use EC2 Spot instances wherever possible for cost efficiency. He also wants to use Instance Stored volumes where possible. You need to educate the technical lead about EBS backed volumes versus Instance Stored volumes. What are some of the advantages of EBS volumes? (Choose 3 answers)

EBS instances boot faster

EBS based instances can be stopped and restarted.

If the instance is terminated, your data is not lost.

EBS volumes are more cost-effective

Explanation

An EBS volume is off-instance storage that can persist independently from the life of an instance. You continue to pay for the volume usage as long as the data persists. EBS instances can be stopped and re-started. And EBS volumes boot faster than instance store volumes often by an order of magnitude

Explanation

5 / 25

You are creating a custom Virtual Private Cloud (VPC) which will host a mix of public and private instances. An EC2 instance has been deployed to one of the public subnets in this VPC. What are the configurations that have to be implemented to make this instance accessible from the internet? (Choose 3 answers)

Edit security group to allow traffic to and from the internet on required ports

Attach an Internet gateway to the VPC and add a default route to the IGW in public subnet’s route table

Create a new record set and custom domain name for the new instance in Route 53

Make sure the instance has a public IP address

Explanation

Public and private subnets, except for the default VPC, do not automatically have Internet access enabled. To enable access to or from the Internet for instances in a VPC subnet, you must do the following:

Attach an Internet gateway to your VPC.
Ensure that your subnet’s route table points to the Internet gateway.
Ensure that instances in your subnet have a globally unique IP address (public IPv4 address, Elastic IP address, or IPv6 address).
Ensure that your network access control and security group rules allow the relevant traffic to flow to and from your instance

Explanation

Attach an Internet gateway to your VPC.
Ensure that your subnet’s route table points to the Internet gateway.
Ensure that instances in your subnet have a globally unique IP address (public IPv4 address, Elastic IP address, or IPv6 address).
Ensure that your network access control and security group rules allow the relevant traffic to flow to and from your instance

6 / 25

Your business is slowly migrating to the AWS cloud, but must continue to support its on-premises servers and networks while extending to the cloud. As a result, you are looking for every possible way to optimize costs while ensuring resources remain secure. In order to provide an extra layer of security, you would like for your servers hosted within your VPCs to communicate with other AWS services without leaving your VPC network. You would also like your on-premises servers to be able to connect to these same AWS services through your VPC instead of sending and receiving requests over the public internet. Which AWS networking service or component would satisfy these requirements?

VPC Gateway Endpoints

VPC Virtual Private Gateways

VPC Peering Connections

VPC Interface Endpoints

Explanation

With VPC Interface Endpoints, it is possible to connect to a number of AWS services both from resources within your Amazon VPC and from resources in your on-premises environment. This is not possible with VPC Gateway Endpoints.

Explanation

7 / 25

A bucket owner from Account Red allows Account Blue’s IAM users to upload and access objects in his bucket.

One of Account Blue’s IAM users tries to access an object in the bucket. The object is owned by an IAM user from Account Red who is not the bucket owner.

How will Amazon S3 process this request?

Amazon S3 only verifies permissions granted by the bucket owner and object owner

Amazon S3 verifies permissions granted by Account Blue’s IAM administrator, by the bucket owner, and by the object owner.

Amazon S3 only verifies permissions granted by the bucket owner

Amazon S3 only verifies permissions granted by the object owne

Explanation

If a IAM user is trying to perform some action on an object belonging to another AWS user’s bucket, S3 will verify whether the owner of the IAM user has given sufficient permission to him. It also verifies the policy for the bucket as well as the policy defined by the object owner.

Explanation

8 / 25

You are assisting an IT administrator for a client company over the phone. The administrator has created a public subnet and had added two EC2 instances to this subnet. But he is unable to access the Internet from these new EC2 instances and is asking for your assistance. What general checks can he make to ensure proper configuration and Internet access? (Choose 3 answers)

He should check that the EC2 instances have either a public IP address or an Elastic IP address.

He should check that an Internet Gateway is configured and that the route table routes Internet traffic to the Internet gateway.

He should check that an Virtual Private Gateway is configured and that the route table routes internet traffic to the Internet gateway.

He should check to ensure Network ACLs and Security Groups allow ingress and egress.

Explanation

To enable access to or from the Internet for instances in a VPC subnet, you must do the following:

Attach an Internet gateway to your VPC.
Ensure that your subnet’s route table points to the Internet gateway.
Ensure that instances in your subnet have a globally unique IP address (public IPv4 address, Elastic IP address, or IPv6 address).
Ensure that your network access control and security group rules allow the relevant traffic to flow to and from your instance.

Explanation

To enable access to or from the Internet for instances in a VPC subnet, you must do the following:

Attach an Internet gateway to your VPC.
Ensure that your subnet’s route table points to the Internet gateway.
Ensure that instances in your subnet have a globally unique IP address (public IPv4 address, Elastic IP address, or IPv6 address).
Ensure that your network access control and security group rules allow the relevant traffic to flow to and from your instance.

9 / 25

As the Senior Architect assigned to your team, you must decide how to best maintain your application’s availability and ensure optimum service as the level of customer activity changes. As your business has grown an increasing international presence, the previous methods for tracking activity are no longer working. However, reviewing performance logs for the past several days, you’ve noticed that users experience connectivity issues once the CPU utilization rate increases beyond 70 percent. You would like to maintain optimum performance, you need to ensure CPU utilization remains at 50 percent.

What choice below will best address the issue and help maintain optimum performance? (Choose 2 answers)

Create a Target Tracking policy using AWS EC2 Auto Scaling

Enable CloudWatch monitoring for your EC2 auto scaling group with detailed monitoring

Enable CloudWatch monitoring for your EC2 auto scaling group with basic monitoring

Create a CloudWatch Event to trigger a scaling activity once CPU utilization passes 50 percent

Explanation

With target tracking scaling policies, you select a scaling metric and set a target value. Amazon EC2 Auto Scaling creates and manages the CloudWatch alarms that trigger the scaling policy and calculates the scaling adjustment based on the metric and the target value. The scaling policy adds or removes capacity as required to keep the metric at, or close to, the specified target value. In addition to keeping the metric close to the target value, a target tracking scaling policy also adjusts to the changes in the metric due to a changing load pattern.

Explanation

10 / 25

Your database is very frequently receiving more read and write requests than it can handle. To process the higher loads more effectively you’ve decided to vertically scale your RDS database instance. You’ve confirmed that your licensing can handle the increased scale; next, you must determine when the changes will be applied. When can you apply the changes? (Choose 2 answers)

When changing the database storage type

During the maintenance window for the database instances

When using CloudFront metrics

Immediately, when choosing a larger instance size

Explanation

When scaling an RDS instance, changes can be applied immediately or during the maintenance window specified. It is also recommended that you before you scale, make sure you have the correct licensing in place for commercial engines (SQL Server, Oracle) especially if you Bring Your Own License (BYOL). One important thing to call out is that for commercial engines, you are restricted by the license, which is usually tied to the CPU sockets or cores.

Explanation

11 / 25

You have multiple VPN connections and want to provide secure communication between sites using the AWS VPN CloudHub. Which statement is the most accurate in describing what you must do to set this up correctly?

Create a virtual private gateway with multiple customer gateways, each with unique Border Gateway Protocol (BGP) Autonomous System Numbers (ASNs)

Create a virtual private gateway with multiple customer gateways, each with a unique set of keys

Create a virtual public gateway with multiple customer gateways, each with a unique Private subnet

Create a virtual private gateway with multiple customer gateways, each with unique subnet id

Explanation

If you have multiple VPN connections, you can provide secure communication between sites using the AWS VPN CloudHub. The VPN CloudHub operates on a simple hub-and-spoke model that you can use with or without a VPC. This design is suitable for customers with multiple branch offices and existing Internet connections who’d like to implement a convenient, potentially low-cost hub-and-spoke model for primary or backup connectivity between these remote offices. To use the AWS VPN CloudHub, you must create a virtual private gateway with multiple customer gateways, each with unique Border Gateway Protocol (BGP) Autonomous System Numbers (ASNs). Customer gateways advertise the appropriate routes (BGP prefixes) over their VPN connections. These routing advertisements are received and re-advertised to each BGP peer, enabling each site to send data to and receive data from the other sites. The routes for each spoke must have unique ASNs and the sites must not have overlapping IP ranges. Each site can also send and receive data from the VPC as if they were using a standard VPN connection

Explanation

12 / 25

You are configuring Amazon Route 53 to route traffic destined for yourwebsite.com to an Application Load Balancer that is configured to distribute traffic in two availability zones in the same AWS region. Which record set should you edit to point traffic for yourwebsite.com to your Application Load Balancer? Select the answer that is the most cost-effective and scalable.

Alias

CNAME

Explanation

yourwebsite.com is a zone apex. Alias record sets can be used to set a zone apex, but CNAME records cannot. Additionally, queries to Alias records that are mapped to an ELB are free. A records are used to map IPv4 addresses to FQDNs, the IP address of the ELB may change. MX records are used for email servers.

Explanation

13 / 25

You are preparing a proposal for a prospective new client. They would like their cloud application environment to be highly scalable. Your proposal includes the benefits of scalability on AWS. Which statements regarding scaling are correct? (Choose 2 answers)

More EC2 instances will ultimately pay for themselves in performance.

Dynamic scaling is always the best option.

Increasing resources will have a proportional increase in performance.

The environment becomes more cost effective as it grows

Explanation

Dynamic scaling can provide a very robust scaling option. But it is not the only option and not always the best option in all scenarios. Manual scaling and scheduled scaling also have use cases where they may be a better choice than dynamic scaling. Increasing resources to improve performance is certainly the most common use case for scaling. However, it is important also to be aware of the effects of scaling on cost. Utilizing auto scaling in conjunction with Cloudwatch monitoring can help insure that resources are scaled in and out appropriately and that money is not wasted on idle or underused resources

Explanation

14 / 25

You have taken on a client that has been configured for AWS cloud and is fully operational. Your investigation of the environment reveals that your predecessor was a highly skilled AWS Architect. You view one instance that handles Internet traffic but also handles back end database traffic in a private subnet. This one instance is configured as a full management network attached to both a public subnet and a private subnet. What AWS device will enable such a configuration for a single instance?

Elastic ip address

Elastic Network Interface

Auto scaling group

Elastic Load Balancer

Explanation

You can create a management network using network interfaces. In this scenario, the secondary network interface on the instance handles public-facing traffic and the primary network interface handles back-end management traffic and is connected to a separate subnet in your VPC that has more restrictive access controls. The public-facing interface, which may or may not be behind a load balancer, has an associated security group that allows access to the server from the Internet while the private facing interface has an associated security group allowing SSH access only from an allowed range of IP addresses either within the VPC or from the Internet, a private subnet within the VPC or a virtual private gateway.

Explanation

15 / 25

Regarding Amazon Route 53, if your application is running on Amazon EC2 instances in two or more Amazon EC2 regions and if you have more than one Amazon EC2 instance in one or more regions, you can use _______ to route traffic to the correct region for fastest response and then use ________to route traffic to instances within the region, based on weights that you specify.

weighted-based routing; alias resource record sets

latency-based routing; alias resource record sets

weighted-based routing; weighted resource record sets

latency-based routing; weighted resource record sets

Explanation

Regarding Amazon Route 53, if your application is running on Amazon EC2 instances in two or more regions, and if you have more than one Amazon EC2 instance in one or more regions, you can use latency-based routing to route traffic to the correct region and then use weighted resource record sets to route traffic to instances within the region based on weights that you specify

Explanation

16 / 25

You’ve been assigned to assist a client in the creation of their AWS Virtual Private Cloud (VPC). You are shadowing their IT admin to allow the admin to create the VPC, learn, and benefit from your guidance. Which VPC components come automatically upon creation of a default VPC? (Choose 3 answers)

a default subnet

a main route table

a default elastic IP address (EIP)

a default VPC security group

Explanation

When you create a default VPC, the following components are created with it:

default subnet in each Availability Zone.
main route table
default security group
default network access control list (ACL)
Associate the default DHCP options set for your AWS account with your default VPC.

Explanation

When you create a default VPC, the following components are created with it:

default subnet in each Availability Zone.
main route table
default security group
default network access control list (ACL)
Associate the default DHCP options set for your AWS account with your default VPC.

17 / 25

You are configuring a new nondefault VPC for a client’s cloud migration project with the following components:

one public subnet
a default network access control list with no custom rules
an internet gateway
a main route table with a local route for your VPC

You then launch an instance to support the client’s migration which includes the following:

an AWS assigned DNS hostname
an AWS assigned private IP address
an AWS assigned public IP address
associated with a default security group with no custom rules.

You want to connect to the public internet through your instance, but cannot. What could you do to resolve this?

Add a route with 0.0.0.0/0 as the destination and the internet gateway as the target.

Attach a secondary ENI to the instance and connect via the ENI.

You should modify your NACL to allow all inbound and outbound traffic

Create a NAT instance, and forward all traffic to the NAT instance

Explanation

Default security groups and NACLs allow inbound and outbound traffic. All traffic should be routed via internet gateway, so a route should be created with 0.0.0.0/0 as a source, and with your Internet Gateway as the target.

Explanation

18 / 25

You have determined specific instances will need to be resized by either scaling the instance(s) up or down.

What basic rules apply when resizing EC2 instances? (Choose 2 answers

Instances with limited storage compatibility require migration instead of resizing

Instances need to be from the same AMI

You can only resize spot or on-demand instances but not reserved instances

Instances need to have the same virtualization type

Explanation

When you resize an instance, you must select an instance type that is compatible with the configuration of the instance. If the instance type that you want is not compatible with the instance configuration you have, then you must migrate your application to a new instance with the instance type that you need. As your needs change, you might find that your instance is over-utilized (the instance type is too small) or under-utilized (the instance type is too large). If this is the case, you can change the size of your instance. For example, if your t2.micro instance is too small for its workload, you can change it to an m3. medium instance

Explanation

19 / 25

A user is aware that a huge download is occurring on his instance. He has already set the Auto Scaling policy to increase the instance count when the network I/O increases beyond a certain limit. How can the user ensure that this temporary event does not result in scaling?

The policy cannot be set on the network I/O

Suspend scaling

There is no way the user can stop scaling as it is already configured

The network I/O are not affected during data download

Explanation

The user may want to stop the automated scaling processes on the Auto Scaling groups either to perform manual operations or during emergency situations. To perform this, the user can suspend one or more scaling processes at any time. Once it is completed, the user can resume all the suspended processes.

Explanation

20 / 25

You are running an Amazon EC2 EBS-backed instance with a Windows operating system. The hourly instance charge for your instance is $14. You’ve asked your team to stop the instance when they aren’t using it in an effort to save money. However, when the bill comes, you’re surprised to realize that there was an hour where you were charged $42 for the instance. How could this be?

No one ever stopped the instance like they were supposed to when they weren’t using it.

That instance was stopped and restarted twice within that hour.

Too many people attempted to access that instance in that particular hour, resulting in a higher bill.

That instance was stopped and never started again, resulting in a premature termination fee.

Explanation

When an Amazon EBS-backed instance is stopped, you’re not charged for instance usage; however, you’re still charged for volume storage. Amazon charges a full instance hour for every transition from a stopped state to a running state, even if you transition the instance multiple times within a single hour. In this scenario, the charge was $42, which is three times more than $14. This suggests that you stopped and restarted that instance twice during that hour (the initial $14, plus 2 x $14 for each restart).

Although some instances now have per-second billing available, this new billing structure does not apply to Windows instances at this point.

Explanation

Although some instances now have per-second billing available, this new billing structure does not apply to Windows instances at this point.

21 / 25

Name the disk storage supported by Amazon Elastic Compute Cloud (EC2).

Amazon Instance Store

None of these

Amazon SNS store

Amazon AppStream store

Explanation

Amazon EC2 supports the following storage options: Amazon Elastic Block Store (Amazon EBS) Amazon EC2 Instance Store Amazon Simple Storage Service (Amazon S3) Reference:

Explanation

Amazon EC2 supports the following storage options: Amazon Elastic Block Store (Amazon EBS) Amazon EC2 Instance Store Amazon Simple Storage Service (Amazon S3) Reference:

22 / 25

Your company is migrating their environment to AWS. The legacy environment relied on Chef for automation, and your engineers are comfortable with that solution. In addition, your compliance officer has indicated that the new environment needs centralized, auditable configuration management for regulatory reasons. Which of the following AWS automation tools is most appropriate for this scenario?

OpsWorks stacks

Elastic Beanstalk

OpsWorks for Chef Automate

CloudFormation

Explanation

OpsWorks stacks will let you utilize your existing Chef recipes, but only OpsWorks for Chef Automate will provide you with centralized, continuous configuration management.

Explanation

OpsWorks stacks will let you utilize your existing Chef recipes, but only OpsWorks for Chef Automate will provide you with centralized, continuous configuration management.

23 / 25

You are deploying a two-tiered web application with web servers in a public subnet of your VPC and your database isolated in a private subnet. Your requirements call for the web tier to be highly available. Which services listed will be needed to make the web-tier highly available? (Choose 3 answers)

Auto Scaling

Route 53

Cross-region replication

Elastic Load Balancer

Explanation

The key is that the requirement is for high availability at the web-tier. While multi-AZ deployments and cross-region replication can contribute to high availability, they are each at the storage tier. Route 53 with Health Checks and Failover, Elastic Load Balancer (with health checks and various forms of load balancing, and auto scaling groups create high availability at the web tier.

Explanation

24 / 25

An EC2 instance has one additional EBS volume attached to it. How can a user attach the same volume to another running instance in the same availability zone?

No need to detach. Just select the volume and attach it to the new instance, it will take care of mapping internally.

Attach the volume as read-only to the second instance

Terminate the first instance and only then attach it to the new instance

Detach the volume first and attach it to new instance

Explanation

If an EBS volume is attached to a running EC2 instance, the user needs to detach the volume from the original instance and then attach it to a new running instance. The user doesn’t need to stop or terminate the original instance.

Explanation

25 / 25

Select a true statement about Amazon EC2 Security Groups (EC2-Classic).

After you launch an instance in EC2-Classic, you cannot add or remove rules from a security group.

After you launch an instance in EC2-Classic, you can’t change its security groups.

After you launch an instance in EC2-Classic, you can only add rules to a security group.

After you launch an instance in EC2-Classic, you can change its security groups only once.

Explanation

After you launch an instance in EC2-Classic, you can’t change its security groups. However, you can add rules to or remove rules from a security group, and those changes are automatically applied to all instances that are associated with the security group

Explanation

Your score is

The average score is 55%

LinkedIn Facebook Twitter

Please rate your experience to help us improve !

Ready to take AWS Certified Solutions Architect Associate (SAA) – Exam mode ?

AWS Certified Solutions Architect Associate (SAA) – Exam Mode

/65

5 votes, 4.8 avg

148

Click Start button to start exam !

Time Out !

1 / 65

Your new client is a federal agency utilizing a hybrid cloud environment. The agency distributes large amounts of sensitive data throughout the world. Your task is to ensure that the data is secure using various encryption techniques as well as security groups and access control lists.

One of the requirements is to distribute content utilizing CloudFront for optimal performance but to completely restrict access from within certain blacklisted countries. What service can you use with CloudFront to fulfill this requirement?

Server-side encryption

IAM roles

Geo-restriction

firewall rules

Explanation

You can use geo restriction, also known as geoblocking, to prevent users in specific geographic locations from accessing content that you’re distributing through a CloudFront web distribution.

To use geo restriction, you have two options:

Use the CloudFront geo restriction feature. Use this option to restrict access to all of the files that are associated with a distribution and to restrict access at the country level.
Use a third-party geolocation service. Use this option to restrict access to a subset of the files that are associated with a distribution or to restrict access at a finer granularity than the country level

Explanation

You can use geo restriction, also known as geoblocking, to prevent users in specific geographic locations from accessing content that you’re distributing through a CloudFront web distribution.

To use geo restriction, you have two options:

Use the CloudFront geo restriction feature. Use this option to restrict access to all of the files that are associated with a distribution and to restrict access at the country level.
Use a third-party geolocation service. Use this option to restrict access to a subset of the files that are associated with a distribution or to restrict access at a finer granularity than the country level

2 / 65

You have been placed in charge of your company’s existing AWS cloud environment. Your company is very large and you have a team of 5 engineers. You are managing IAM with one of your team members as a backup. You will assign two team members to manage the RDS databases and will need two team members managing the VPC and the EC2 instances within it. How can you give your team members the ability to administer the EC2 instances? (Choose 2 answers)

Create cross-account access to the VPC which houses the EC2 instances.

Create a login key pair for the EC2 instances and provide this to your team.

Create a role with permissions that grant EC2:* actions on all resources.

Ensure permissions are in place to allow the intended team members to assume the role.

Explanation

Using IAM, you apply permissions to IAM users, groups, and roles by creating policies. You can create two types of IAM policies: Managed Policies and Inline Policies. Managed policies are standalone policies that you can attach to multiple users, groups, and roles in your AWS account. Managed policies apply only to identities (users, groups, and roles) – not resources. Inline policies are policies that you create and manage, and that are embedded directly into a single user, group, or role.

Explanation

3 / 65

In Amazon Route 53, _______ lets you use DNS to route end-user requests to the EC2 region that will give your users the fastest response

simple-based routing

failover-based routing

latency-based routing

weighted-based routing

Explanation

In Amazon Route 53, if your application is hosted on Amazon EC2 instances in multiple EC2 regions, you can reduce latency for your end users by serving their requests from the Amazon EC2 region for which network latency is lowest. Amazon Route 53 latency-based routing lets you use DNS to route user requests to the Amazon EC2 region that will give your users the fastest response

Explanation

4 / 65

You need to design secure administrative access to application servers residing in private subnets in multiple availability zones. You require a select group of administrators to have access from specific IP addresses. You also want the solution to be automated and repeatable. Which of the following options could achieve your goals? (Choose 2 answers)

Cloud Formation

Elastic Beanstalk

NAT Gateway

Quick Start

Explanation

Quick Start is a new solution that is worth checking out. You can use IAM with AWS CloudFormation to control what users can do with AWS CloudFormation. Amazon provides Amazon Linux AMIs that are configured to run as NAT instances. Elastic Beanstalk is primarily for web applications only

Explanation

5 / 65

EBS based instances can be stopped and restarted.

EBS volumes are more cost-effective

If the instance is terminated, your data is not lost.

EBS instances boot faster

Explanation

6 / 65

Which one of the following answers is not a possible state of Amazon CloudWatch Alarm?

ALARM

INSUFFICIENT_DATA

STATUS_CHECK_FAILED

Explanation

Amazon CloudWatch Alarms have three possible states: OK: The metric is within the defined threshold ALARM: The metric is outside of the defined threshold INSUFFICIENT_DATA: The alarm has just started, the metric is not available, or not enough data is available for the metric to determine the alarm state

Explanation

7 / 65

Select the correct statement: Within Amazon EC2, when using Linux instances, the device name /dev/sda1 is .

reserved for EBS volumes

recommended for EBS volumes

reserved for the root device

recommended for instance store volumes

Explanation

Within Amazon EC2, when using a Linux instance, the device name /dev/sda1 is reserved for the root device.

Explanation

Within Amazon EC2, when using a Linux instance, the device name /dev/sda1 is reserved for the root device.

8 / 65

You are an AWS Solutions Architect helping a client plan a migration to the AWS cloud. The client is very cost-conscious and needs to understand the budget implications of any design decisions prior to signing off. Now that you’ve identified the resources that must be created in the AWS environment to support the migration, what tool could you use to help project future costs given this information?

Cost Explorer

Simple Monthly Calculator

Detailed Billing Reports

TCO Calculator

Explanation

The Simple Monthly Calculator is used to calculate projected costs, assuming you know what AWS resources you’ll be consuming.

Explanation

The Simple Monthly Calculator is used to calculate projected costs, assuming you know what AWS resources you’ll be consuming.

9 / 65

A user has launched a large EBS-backed instance with AWS. The only other storage associated with it is ephemeral storage on instance store. What will happen if the user stops the instance?

All the data on ephemeral storage will be lost.

All the data on ephemeral storage will be snapshotted.

All the data on ephemeral storage will be automatically backed up in S3.

No data will be lost.

Explanation

In AWS, ephemeral storage is only temporary storage. If the instance is stopped and started back all the data on ephemeral storage will be lost.

Explanation

In AWS, ephemeral storage is only temporary storage. If the instance is stopped and started back all the data on ephemeral storage will be lost.

10 / 65

You are designing a VPC for a small legal firm. The firm only has 6 users who will need instances, and the firm does not expect any growth. When creating the VPC, you will need to specify an IPv4 address range by choosing a CIDR block. What is the smallest size CIDR block that could be used for this network?

/24

/16

/28

Explanation

When you create a VPC, you must specify a range of IPv4 addresses for the VPC in the form of a Classless Inter-Domain Routing (CIDR) block; for example, 10.0.0.0/16. The first four IP addresses and the last IP address in each subnet CIDR block are not available for you to use, and cannot be assigned to an instance. AWS reserves the first four addresses and the last address in a CIDR block, so be sure to subtract five to give the number of addresses in a CIDR block available for use

Explanation

11 / 65

You are deploying over 50 EC2 in separate regions to support your new mobile photo editing app. All have implemented health checks for all Application Load Balancers, as well as CloudWatch alarms for key performance metrics. You have also created Route 53 endpoint health checks for each individual instance. You are growing concerned about the number of SNS notifications you will receive for each of these health checks.

Your ELB health checks can monitor individual instances, but how can you quickly determine whether enough instances in your production environment are unhealthy that it will negatively impact your application’s availability?

Integrate with Amazon QuickSight, to display overall Route 53 Health Check status in a dashboard

Monitor instance health using CloudWatch and set a CloudWatch alarm based on the number of unhealthy instances

Implement a Route 53 Calculated Health Check for your EC2 instance endpoints and create an SNS notification

Create a CloudTrail trail related to Route 53 health checks to a CloudWatch Logs log group, and create an alarm based on a threshold of unhealthy health check results.

Explanation

Implementing a Route 53 Calculated Health Check is the best solution in this case because it aggregates all of the individual health checks. Integrating QuickSight and CloudTrail will create an effective dashboard, but this is not an automated solution because someone has to continuously check the dashboard.

You can also create a CloudWatch Log log alarm, but this would be overly complex compared to the Calculated Health Checks.

For example, let’s say you have deployed 15 EC2 instances, and created 15 separate Route 53 health checks to monitor each one. While you are concerned about each instance’s performance, you essentially need 10 of the 15 instances to be healthy for your system to run properly. Rather than setting up SNS notifications for each individual health check, you can create a calculated health check that collects the results of each health check into a single count between 0-15, and compares that count to a threshold you’ve set. In this case, the threshold could be 10. Now, if 10 instances are healthy, the calculated health check comes back healthy. If less than 10 instances are healthy, the health check comes back unhealthy.For example, let’s say you have deployed 15 EC2 instances, and created 15 separate Route 53 health checks to monitor each one. While you are concerned about each instance’s performance, you essentially need 10 of the 15 instances to be healthy for your system to run properly. Rather than setting up SNS notifications for each individual health check, you can create a calculated health check that collects the results of each health check into a single count between 0-15, and compares that count to a threshold you’ve set. In this case, the threshold could be 10. Now, if 10 instances are healthy, the calculated health check comes back healthy. If less than 10 instances are healthy, the health check comes back unhealthy.

Explanation

You can also create a CloudWatch Log log alarm, but this would be overly complex compared to the Calculated Health Checks.

12 / 65

Which of the following are IAM best practices (Choose 3 answers)

Create privileged users and enable multi-factor authentication.

Discontinue use of the root access key.

Assign permissions to IAM groups instead of IAM users

Designate a backup administrator to use the root access key

Explanation

You use an access key (consisting of an access key ID and secret access key) to make programmatic requests to AWS. However, do not use your AWS account (root) access key. Create groups that relate to job functions so that you can make changes for everyone in a group in just one place.

Explanation

13 / 65

A user has launched an EC2 instance into a VPC with several private and public subnets. The VPC and EC2 instance have the following configurations in place:

A database server is hosted on a Linux EC2 instance located in a private subnet.
A hardened bastion host is launched in a separate public subnet. You have enabled SSH-agent forwarding, and the bastion host’s security group has been configured to allows traffic via Port 22.
A custom security group has been added and associated with the Linux EC2 instance in the private subnet. The custom security group has not updated from its default settings.

With these configurations in place, the user is not able to access the database instance in the private subnet via the bastion host.

What can be the possible reason for this failure?

The security group of the database instance is not configured to allow incoming traffic.

The EC2 instance needs an elastic IP address to communicate with the bastion host.

The bastion host needs to be replaced with a NAT gateway.

The bastion host needs to be placed in the same subnet as the EC2 instance.

Explanation

For the SSH agent forwarding to be successful, both security groups need to allow connection via port 22. Custom security groups by default allow all outbound traffic, but deny all inbound traffic.

Explanation

For the SSH agent forwarding to be successful, both security groups need to allow connection via port 22. Custom security groups by default allow all outbound traffic, but deny all inbound traffic.

14 / 65

You are migrating on-premise legal files to the AWS Cloud in Amazon S3 buckets. The corporate audit team will review all legal files within the next year, but until that review is completed, you need to ensure that the legal files are neither updated or deleted in the next 18 months. What steps will ensure the files can be uploaded efficiently but have the required protection for the specific time period of 18 months? (Choose 2 answers)

Enable object locks on all relevant S3 buckets with a retention mode of compliance mode.

Set a retention period of 18 months on all relevant object versions via a batch operation

Set a default retention period of 18 months on all related S3 buckets.

Set a default legal hold on all related S3 buckets

Explanation

The key points of this question are:

the difference between compliance mode and governance mode – compliance prevents objects from being updated or deleted, governance only prevents deletion.
Default Retention periods can be set at bucket level and then applied to all objects uploaded into the bucket. Otherwise they have to set at an object version level.
Legal holds have no specific time frame associated with them, and cannot be configured at a bucket level. They must be configured at an object version level.
Object lock setting cannot be configured via batch operations.

Explanation

The key points of this question are:

the difference between compliance mode and governance mode – compliance prevents objects from being updated or deleted, governance only prevents deletion.
Default Retention periods can be set at bucket level and then applied to all objects uploaded into the bucket. Otherwise they have to set at an object version level.
Legal holds have no specific time frame associated with them, and cannot be configured at a bucket level. They must be configured at an object version level.
Object lock setting cannot be configured via batch operations.

15 / 65

What choice below will best address the issue and help maintain optimum performance? (Choose 2 answers)

Create a CloudWatch Event to trigger a scaling activity once CPU utilization passes 50 percent

Create a Target Tracking policy using AWS EC2 Auto Scaling

Enable CloudWatch monitoring for your EC2 auto scaling group with basic monitoring

Enable CloudWatch monitoring for your EC2 auto scaling group with detailed monitoring

Explanation

16 / 65

Which use cases would be best served by an S3 bucket ACL? (Choose 2 answers)

Hosting databases

Making a bucket world readable for static web hosting

Enabling bucket logging

Implementing client-side encrypted data

Explanation

S3 bucket access control lists are a legacy access control mechanism, created before IAM existed. S3 bucket ACLs are best used for a limited set of use cases

Explanation

S3 bucket access control lists are a legacy access control mechanism, created before IAM existed. S3 bucket ACLs are best used for a limited set of use cases

17 / 65

What would be the best way to retrieve the public IP address of your EC2 instance using the CLI?

Using instance metadata

Using tags

Using ipconfig

Using traceroute

Explanation

To determine your instance’s public IP address from within the instance, you can use instance metadata. Use the following command to access the public IP address: For Linux use, $ curl http://169.254.169.254/latest/meta-data/public-ipv4, and for Windows use, $ wget http://169.254.169.254/latest/meta-data/public-ipv4.

Explanation

18 / 65

A user has enabled versioning on an S3 bucket. The user applies server side encryption for data at rest. If the user is supplying his own keys for encryption (SSE-C), which of the below mentioned statements is true?

Amazon S3 does not allow the user to upload his own keys for server side encryption

The user should use the same encryption key for all versions of the same object

The SSE-C does not work when versioning is enabled

It is possible to have different encryption keys for different versions of the same object

Explanation

Amazon S3 supports client side or server side encryption to encrypt all data at rest. The server side encryption can either have the S3 supplied AES-256 encryption key, or the user can send the key along with each API call to supply his own encryption key (SSE-C). If the bucket is versioning-enabled, each object version uploaded by the user using the SSE-C feature can have its own encryption key. The user is responsible for tracking which encryption key was used for which object’s version

Explanation

19 / 65

To ensure secure services, AWS offers shared responsibility models for each of the different type of services that they offer which you need to be aware of. Which of the following services are the responsibility of AWS? (Choose 3 answers)

Network infrastructure

Virtualization infrastructure

Physical security of hardware

Amazon Machine Images (AMIs)

Explanation

AWS is responsible for what is known as Security ‘of’ the Cloud. This covers their global infrastructure elements – Regions, Availability Zones, and Edge Locations, and also the foundations of their services covering Compute, Storage, Database, and Network

Explanation

20 / 65

Magnetic

Magnetic or Provisioned IOPS (SSD)

Any, as they all perform the same and cost the same

General Purpose (SSD)

Explanation

21 / 65

You notice that your administrator has not created a security group. He created 3 EC2 instances and they were launched into the default security group. No changes were made to the default security group. What characteristics will the default security group provide? (Choose 3 answers)

No outbound traffic will be allowed from the EC2 instances

All outbound traffic from the EC2 instances will be allowed.

No inbound traffic will be allowed to the EC2 instances.

The EC2 instances will be able to communicate with each other.

Explanation

Your VPC automatically comes with a default security group. Each EC2 instance that you launch in your VPC is automatically associated with the default security group if you don’t specify a different security group when you launch the instance. The default security group disallows all inbound traffic and allows all outbound traffic. However, the rules for a default security group can be changed.

Explanation

22 / 65

You are a DBA at a rapidly growing company and you want to shorten failover time for your Amazon RDS SQL Server database. Which strategies will shorten failover time? (Choose 2 answers)

Use smaller transactions

Ensure you have provisioned sufficient IOPS.

Configure the health check using shorter intervals.

Use larger transactions.

Explanation

Recovery takes IOPS; therefore, insufficient IOPS will slow down failover time. Database recovery relies on transactions; therefore, smaller transactions will shorten failover time.

Explanation

Recovery takes IOPS; therefore, insufficient IOPS will slow down failover time. Database recovery relies on transactions; therefore, smaller transactions will shorten failover time.

23 / 65

A user wants to achieve High Availability with PostgreSQL DB. Which of the below mentioned functionalities helps achieve HA?

PostgreSQL does not support HA

Read Replica

Multi region

Multi AZ

The Multi AZ feature allows the user to achieve High Availability. For Multi AZ, Amazon RDS automatically provisions and maintains a synchronous “standby” replica in a different Availability Zone.

24 / 65

Your company uses multiple Amazon VPCs and is setting up a new office. The company is deciding on the best way to connect this new, remote office network with the company’s Amazon VPC environment.

Due to the fact it is a new office, no VPN equipment or internet connections exist yet, so this office can design any connection design it desires. The highest priorities are:

A predictable network performance
A private connection avoiding the public internet
Reduced bandwidth costs
Minimal administration required to maintain the high availability of network endpoints

Which VPC connection option best fit your requirements to connect your new office to one of your VPCs?

Connect via AWS Direct Connect.

Configure a VPN connection with a hardware VPN

Configure a VPN connection with a software VPN

Use a hub-and-spoke model with AWS VPN CloudHub

Explanation

Establish a private connection from your new office’s network to your Amazon VPC using AWS Direct Connect is the most suitable option in this case. This option provides predictable network performance, reduces bandwidth costs, and doesn’t require that customers be responsible for implementing high availability solutions for all VPN endpoints. The downside of this option (possible requiring additional telecom and hosting provider relationships) is mitigated in this instance because the office is new and would need to provision a whole new network anyway.

Explanation

25 / 65

You are asked to add an application to an EC2 instance within your company’s VPC. Because it is a Windows 2012 instance, you will RDP into it. When you attempt to connect via RDP, you receive the following message: Error connecting to your instance: Connection timed out.

How could you fix this issue? (Choose 3 answers)

Add a security group rule to allow inbound traffic from your public IPv4 address on port 3389.

Add a route to your Internet gateway for the VPC

Make sure network ACLs allow inbound/outbound traffic from your local IP address on port 3389.

Disable the source/destination check on your Internet gateway.

Explanation

Check the network access control list (ACL) for the subnet. The network ACLs must allow inbound and outbound traffic from your local IP address on the proper port. The default network ACL allows all inbound and outbound traffic. To enable Internet access for the EC2 instances in a VPC, you must create an Internet Gateway as well as a route to it in the router table.

Explanation

26 / 65

A user has launched two EBS backed EC2 instances in the us-east-1a availability zone. The user wants to change the availability zone of one of the instances. How can the user change it?

From the AWS EC2 console, select the Actions – > Change zones and specify the new zone

The zone can only be modified using the AWS CLI

It is not possible to change the zone of an instance after it is launched

Stop one of the instances and change the availability zone

Explanation

With AWS EC2, when a user is launching an instance he can select the availability zone (AZ) at the time of launch. If the zone is not selected, AWS selects it on behalf of the user. Once the instance is launched, the user cannot change the zone of that instance unless he/she creates an AMI of that instance and launches a new instance from it

Explanation

27 / 65

Your company is considering migrating to AWS, but they are concerned about the initial and mid- to short-term costs due to the complexity of the migration cycle. To effectively calculate the total cost of ownership, certain costs must be understood and planned for.

What costs should be primary considerations? (Choose 3 answers)

The cost of running duplicate environments

The cost of outside consulting services

The cost of using a Direct Link connection

The cost of running migration tools

Explanation

Failing to accurately estimate your costs before migration and during the migration process is a recipe for disaster. To build a migration model for optimal efficiency, it is important to accurately understand the current costs of running on-premises applications, as well as the interim costs incurred during the transition

Explanation

28 / 65

In a design meeting with your Senior AWS Architect you are asked to create a dual homed network. The client has been using AWS cloud for a few years and has staff who are fairly well versed in AWS technology. They have offered a preliminary design, which calls for dual homed web servers attached to an application server. This setup is also dual homed to connect to a backend database server. Which AWS device will enable such a dual homed scenario?

Elastic Load Balancer

Elastic IP Address

Dual Channel VPN

Elastic Network Interface

Explanation

You can place a network interface on each of your web servers that connects to a mid-tier network where an application server resides. The application server can also be dual-homed to a back-end network (subnet) where the database server resides. Instead of routing network packets through the dual-homed instances, each dual-homed instance receives and processes requests on the front end, initiates a connection to the back end, and then sends requests to the servers on the back-end network.

Explanation

29 / 65

If your AWS data must meet specific regulations such as the EU Data protection laws, what must you do?

Keep that data on-premise and do not move it to the cloud under any circumstance

Be aware that they exist and comply with them when and if you have time to do so

Architect your environment to meet these security requirements

Move your data somewhere else so you don’t have to worry about extra security

Explanation

Some laws require specific security controls, retention requirements, etc, dependent on the data being stored. Other legislations exist where certain data may have to remain within a specific region and can not be transferred out of those boundaries. You need to architect your environment to meet these security requirement and mitigate the risk of data being stored in a geographic location that’s restricted. Breaches to this legislation could have a legal impact and lead to additional risks against your organization, so it’s fundamental that you are aware of your data privacy and storage location laws and regulations.

Explanation

30 / 65

You are managing a static blog site on a MySQL database hosted on an EC2 instance. When an article goes viral, the increased traffic strains your DB server. What is the simplest and most cost-effective way to resolve this issue and make the blog post infinitely scaleable?

Use spot EC2 instances to increase your capacity.

Migrate your blog site to DynamoDB to increase scalability to match the increased traffic.

Migrate your blog site to an Amazon RDS instance. Create a database read replica and route read queries from your primary DB instance to the read replica

Enable and configure static web hosting for your blog on Amazon S3. Use Route 53 to point the DNS to the static S3 bucket.

Explanation

You can host a static website on Amazon S3. On a static website, individual web pages include static content. They may also contain client-side scripts. Because your storage on Amazon S3 is virtually unlimited you can scale infinitely. You also do not need to service dynamic content so a database is not needed.

Using spot instances would not necessarily work because of how spot instance pricing affects the instance availability. As soon as your the instance cost exceeds your bid price, the instances will be terminated and the traffic will once again exceed your MySQL database’s capabilities.

The other options would fix the problem – you can host the site on RDS or DynamoDB. However, they would not be as cost effective as Amazon S3.

Explanation

The other options would fix the problem – you can host the site on RDS or DynamoDB. However, they would not be as cost effective as Amazon S3.

31 / 65

You are in a company meeting serving as Lead Architect. Your company wants to expand into the cloud by creating an area for low latency and high throughput of up to 10 Gbps. You recommend using a cluster placement group. What features in your design should be in place to take full advantage of a cluster placement group? (Choose 2 answers)

Instances in multiple Availability Zones for fault tolerance

EC2 instances that support enhanced networking

Reserved instances that provide highest availability

All instances grouped in a single Availability Zone

Explanation

A placement group is a logical grouping of instances within a single Availability Zone. Cluster placement groups are recommended for applications that benefit from low network latency, high network throughput, or both. To provide the lowest latency, and the highest packet-per-second network performance for your cluster placement group, choose an instance type that supports enhanced networking

Explanation

32 / 65

You are designing an AWS cloud environment for a new client. You will be responsible for designing and implementing the solution while also training their IT personnel to eventually take over administration of the environment. a major part of your task will be educating them on IAM and how to administer IAM moving forward. Which action can be authorized by IAM and is something for which you will have to prepare training material?

Querying a SQL Server database

Launching an EC2 instance

Querying a DynamoDB database

Connecting to on-premises Active Directory

Explanation

If an IAM user wants to launch an EC2 instance, you need to grant the EC2 RunInstance permission to that user. If the EC2 instance should include an instance profile—that is, if applications in the EC2 instance will be able to get temporary security credentials via an IAM role—the user who launches the EC2 instance must also have the IAM PassRole permission. Not only that, but the user might need PassRole permission to associate a specific role with the EC2 instance.

Explanation

33 / 65

You are leading the design of an AWS RDS database for a client’s cloud environment. You have detailed the benefits of a multi-AZ configuration for high availability. You begin discussing scalability options. You again stress the importance of multi-AZ for a highly available, scalable environment. How does a multi-AZ configuration indirectly benefit scaling operations?

The standby instance can quickly be converted to a read replica.

Total IOPS is the sum of IOPS for the primary and standby servers

Read traffic can be offloaded to the multi-AZ standby instance.

There is minimal downtime when scaling up multi-AZ databases.

Explanation

To handle a higher load in your database, you can vertically scale up your master database with a simple push of a button. There are currently over 18 instance sizes that you can choose from when resizing your RDS MySQL, PostgreSQL, MariaDB, Oracle, or Microsoft SQL Server instance. For Amazon Aurora, you have 5 memory-optimized instance sizes to choose from. There is minimal downtime when you are scaling up on a Multi-AZ environment because the standby database gets upgraded first, then failover will occur to the newly sized database. A Single-AZ instance will be unavailable during the scale operation

Explanation

34 / 65

You are responsible for maintaining an RDS database deployed in a Multi-AZ deployment architecture. What would be the downtime and/or failover cycle associated with maintenance events on your database? (Choose 2 answers)

Maintenance will be applied to the primary instance first

Maintenance will be applied to standby instance first.

The old primary will be promoted back to the new primary after maintenance

Standby instance will become the new primary after maintenance

Explanation

Running a DB Instance as a Multi-AZ deployment can further reduce the impact of a maintenance event because Amazon RDS will conduct maintenance by following these steps: Perform maintenance on the standby.

Perform maintenance on the standby.
Promote the standby to primary.
Perform maintenance on the old primary, which becomes the new standby.

Explanation

Perform maintenance on the standby.
Promote the standby to primary.
Perform maintenance on the old primary, which becomes the new standby.

35 / 65

A gaming company comes to you and asks you to build infrastructure for their site. They are not sure how big they will be because, as with all startups, they have limited money and big ideas. What they do tell you is that if the game becomes successful, like one of their previous games, it may rapidly grow to millions of users and generate tens (or even hundreds) of thousands of writes and reads per second. After considering all of this, you decide that they need a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability and persistent storage. Which of the following databases do you think would best fit their needs?

Amazon Aurora

Amazon Redshift

Amazon DynamoDB

Amazon Elasticache

Explanation

Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. Amazon DynamoDB enables customers to offload the administrative burdens of operating and scaling distributed databases to AWS, so they don’t have to worry about hardware provisioning, setup and configuration, replication, software patching, or cluster scaling.

Today’s web-based applications generate and consume massive amounts of data. For example, an online game might start out with only a few thousand users and a light database workload consisting of 10 writes per second and 50 reads per second. However, if the game becomes successful, it may rapidly grow to millions of users and generate tens (or even hundreds) of thousands of writes and reads per second. It may also create terabytes or more of data per day. Developing your applications against Amazon DynamoDB enables you to start small and simply dial-up your request capacity for a table as your requirements scale, without incurring downtime. You pay highly cost-efficient rates for the request capacity you provision, and let Amazon DynamoDB do the work over partitioning your data and traffic over sufficient server capacity to meet your needs. Amazon DynamoDB does the database management and administration, and you simply store and request your data. Automatic replication and failover provides built-in fault tolerance, high availability, and data durability. Amazon DynamoDB gives you the peace of mind that your database is fully managed and can grow with your application requirements.

Explanation

36 / 65

Your company is planning to deploy a hybrid environment linking their on-premise database to an application hosted at AWS. When considering performance rather than security, what are key concerns when designing a network between AWS and the on-site database? (Choose 2 answers)

Network latency

Network bandwidth

Control of data resources

Private network access

Explanation

Since the database is not located in the same location as the application servers, network latency and bandwidth could potentially be an issue

Explanation

Since the database is not located in the same location as the application servers, network latency and bandwidth could potentially be an issue

37 / 65

You have a lot of data stored in the AWS Storage Gateway and your manager has come to you asking about how the billing is calculated, specifically the Virtual Tape Shelf usage. What would be a correct response to this?

You are billed for the virtual tape data you store in Amazon S3 and billed for the portion of virtual tape capacity that you use, not for the size of the virtual tape.

You are billed for the virtual tape data you store in Amazon Glacier and billed for the portion of virtual tape capacity that you use, not for the size of the virtual tape.

You are billed for the virtual tape data you store in Amazon S3 and are billed for the size of the virtual tape.

You are billed for the virtual tape data you store in Amazon Glacier and are billed for the size of the virtual tape

Explanation

The AWS Storage Gateway is a service connecting an on-premises software appliance with cloud-based storage to provide seamless and secure integration between an organization’s on-premises IT environment and AWS’s storage infrastructure. AWS Storage Gateway billing is as follows. Volume storage usage (per GB per month): You are billed for the Cached volume data you store in Amazon S3. You are only billed for volume capacity you use, not for the size of the volume you create. Snapshot Storage usage (per GB per month): You are billed for the snapshots your gateway stores in Amazon S3. These snapshots are stored and billed as Amazon EBS snapshots. Snapshots are incremental backups, reducing your storage charges. When taking a new snapshot, only the data that has changed since your last snapshot is stored. Virtual Tape Library usage (per GB per month): You are billed for the virtual tape data you store in Amazon S3. You are only billed for the portion of virtual tape capacity that you use, not for the size of the virtual tape. Virtual Tape Shelf usage (per GB per month): You are billed for the virtual tape data you store in Amazon Glacier. You are only billed for the portion of virtual tape capacity that you use, not for the size of the virtual tape

Explanation

38 / 65

You create a two-tiered web application for a client with Elastic Load Balancer, two Web Servers, and a MySQL database. You begin getting complaints of poor response times and notice that the requests to the database are increasing weekly. The result is queries that are taking longer and longer. What steps can you take to speed up database performance? (Choose 2 answers)

Create a read replica and offload some read traffic to it

Scale your web-tier horizontally

Scale your web-tier vertically

Use ElastiCache to cache queries

Explanation

Read replicas can be used to offload some read requests from the main DB server. Even more effective in improving performance is to use ElastiCache to cache frequently requested queries. Another effective technique is to shard the database and distribute the load between shards.

Explanation

39 / 65

You are working as a Solutions Architect for a civil engineering company. You’ve been tasked with creating a Virtual Private Cloud to support a hybrid cloud solution. The cloud environment will need to connect to an on-premises application that cannot be migrated to the VPC. Your requirements are to get the connection setup as quickly as possible. Which option can you use to connect the VPC to the on-premise environment as quickly as possible?

AWS-managed VPN

NAT Gateway

Direct Connect

Virtual Private Gateway

Explanation

You can connect your VPC to remote networks by using a VPN connection. You can create an IPsec, hardware VPN connection between your VPC and your remote network. On the AWS side of the VPN connection, a virtual private gateway provides two VPN endpoints for automatic failover. You configure your customer gateway, which is the physical device or software application on the remote side of the VPN connection. A VPN connection is the fastest way to complete the connection between on-premises computing and your VPC. However, VPN is not as reliable or as fast as Direct Connect.

Explanation

40 / 65

You are configuring your application’s compute layer using AWS EC2 Auto Scaling. When configuring the group’s capacity, you have set the auto scaling group’s minimum capacity to four, the desired capacity to 8, and the maximum capacity to 16. When you deploy your auto scaling group, and the instances have completely deployed, how many instances will there be within your group?

Explanation

You configure the size of your Auto Scaling group by setting the minimum, maximum, and desired capacity. The minimum and maximum capacity are required to create an Auto Scaling group, while the desired capacity is optional. If you do not define your desired capacity upfront, it defaults to your minimum capacity.

By default, the minimum, maximum, and desired capacity are set to one instance when you create an Auto Scaling group from the console. If you change the desired capacity, the capacity that you specify will be the total number of instances launched right after creating your Auto Scaling group.

An Auto Scaling group is elastic as long as it has different values for minimum and maximum capacity. All requests to change the Auto Scaling group’s desired capacity (either by manual scaling or automatic scaling) must fall within these limits.

If you choose to automatically scale your group, the maximum limit lets Amazon EC2 Auto Scaling scale out the number of instances as needed to handle an increase in demand. The minimum limit helps ensure that you always have a certain number of instances running at all times

Explanation

41 / 65

You are contracted to manage cloud storage for a multi-national media company. During your informational analysis, you note a few crucial requirements: the need to upload very large files (greater than 5 GB), concerns about latency across continents, and a compliance requirement about storing backup data 1000 miles from the source.

Which Amazon S3 features will handle these requirements? (Choose 2 answers)

Pre-signed URLs

Cross-region replication

Multi-part upload

Read replicas

Explanation

Multipart uploads must be used for files greater than 5 GB. Cross-region replication is used to reduce latency by placing objects closer to users. This would address the issue of having users in different continents. Another use case for cross-region replication is to meet compliance requirements of storing backup data a certain distance from their origin.

Explanation

42 / 65

You are leading a design meeting in your company to create an autoscaling group of EC2 instances behind an Application Load Balancer in your VPC. There are very specific requirements coming about based on traffic and cost. Your management wants to scale out when necessary and scale in when instances are no longer needed to save on cost and maintain optimum system performance based on CPU utilization.

What step can most effectively meet these requirements?

Create a target tracking scaling policy with Amazon EC2 Auto Scaling based on CPU utilization

Create a scaling policy based on the Elastic Load Balancer latency metric

Create a scheduled scaling policy with Amazon EC2 Auto Scaling that scales out and in predefined patterns during normal business hours.

Create a simple scaling policy with Amazon Application Auto Scaling that scales at different rates based on CPU utilization.

Explanation

You can associate more than one scaling policy with an autoscaling group. Having one policy to scale out and one policy to scale in is a viable option. Scaling out during business hours and scaling in during off hours could be fairly effective for performance and cost. But scaling out and in using CloudWatch metrics for CPU utilization would be much more precise for both performance and cost considerations.

Explanation

43 / 65

AWS CloudFormation is a service that helps you model and set up your Amazon Web Services resources so that you can spend less time managing those resources and more time focusing on your applications that run in AWS. You create a template that describes all the AWS resources that you want (like Amazon EC2 instances or Amazon RDS DB instances), and AWS CloudFormation takes care of provisioning and configuring those resources for you. What formatting is required for this template?

XML-formatted document

JSON-formatted document

CSS-formatted document

HTML-formatted document

Explanation

You can write an AWS CloudFormation template (a JSON-formatted document) in a text editor or pick an existing template. The template describes the resources you want and their settings. For example, suppose you want to create an Amazon EC2. Your template can declare an instance Amazon EC2 and describe its properties

Explanation

44 / 65

You are in the process of planning your backup strategy between an on-premises data center and AWS cloud. You are considering Storage Gateway technology for backup and restore in your hybrid environment. What are the primary factors that affect Backup and Recovery times when using Storage Gateways? (Choose 2 answers)

Compute power of on-premises instances that need to be backed up

Amount of data required for backup each day before on-premise data deduplication and compression

Amount of data required for backup each day after on-premise data deduplication and compression

Net available bandwidth between on-premises and AWS over the public internet or Direct Connect line.

Explanation

Storage gateways interact with AWS over the public Internet or direct connect. You will need to know the amount of data per day that needs to be transferred to Amazon S3 and the net available bandwidth of your network connection. Storage Gateway is capable of running data compression, and comparison so only changed data is being backed up.

Explanation

45 / 65

A user wants to use an EBS-backed Amazon EC2 instance for a temporary job. Based on the input data, the job is most likely to finish within a week. Which one of the following is the best way to terminate the instance automatically once the job is finished?

Configure an Auto Scaling scheduled activity to terminate the instance after seven days.

Associate the EC2 instance with an ELB to terminate the instance when it remains idle

Configure the EC2 instance with a stop instance to terminate it.

Configure a CloudWatch alarm to terminate the instance once it is idle

Explanation

Auto Scaling can start and stop the instance at a pre-defined time. Here, the total running time is unknown. Thus, the user has to use the CloudWatch alarm, which monitors the CPU utilization. The user can create an alarm that is triggered when the average CPU utilization percentage has been lower than 10 percent for 24 hours, signaling that it is idle and no longer in use. When the utilization is below the threshold limit, it will terminate the instance as a part of the instance action

Explanation

46 / 65

You have been assigned as a technical lead to a client that has their own development team. The team is relatively new to developing in the cloud. In a design meeting the developers begin discussing developing a messaging queue for data that does not need processed immediately. You begin telling them about the merits of Amazon SQS. What are the benefits of SQS over an in-house developed messaging queue? (Choose 3 answers)

You can work with AWS in developing your SQS message queue

SQS also provides extremely high message durability

You can scale the amount of traffic you send to Amazon SQS up or down without any configuration.

SQS requires no administrative overhead and little configuration

Explanation

SQS provides several advantages over building your own software for managing message queues that require significant up-front time for development and configuration. Homegrown solutions require ongoing hardware maintenance and system administration resources. The complexity of configuring and managing these systems is compounded by the need for redundant storage of messages that ensures messages are not lost if hardware fails. In contrast, Amazon SQS requires no administrative overhead and little configuration. SQS works on a massive scale, processing billions of messages per day. You can scale the amount of traffic you send to Amazon SQS up or down without any configuration. Amazon SQS also provides extremely high message durability.

Explanation

47 / 65

You have implemented multipart uploading in your company’s AWS cloud storage environment. The overall performance has been good but there is some concern about network utilization. Your CFO has also raised concerns about greater than expected storage costs. What steps can you take to address each of these issues with cost as a primary concern? (Choose 2 answers)

Compress data for faster upload times.

Pause uploads during high traffic periods.

Use Direct Connect for greater throughput

Abort incomplete uploads after a specified time with an object lifecycle policy.

Explanation

The ability to pause multipart uploads offers great flexibility in its usage. A pause could be initiated for a number of reasons but pausing to relieve network traffic is a prime use case. If a multipart upload aborts, it is good practice to have a lifecycle policy, which will delete incomplete uploads after a predetermined number of days. This will reduce storage costs.

Explanation

48 / 65

Your team is developing an application using Elastic Beanstalk and discussing the most appropriate environment for deployment. What two types of environments can be created when using Elastic Beanstalk? (Choose 2 answers)

Single-instance environment

Multi-region, multiple-instance environment

Web worker environment

Load-balancing and auto-scaling environment

Explanation

In Elastic Beanstalk, you can create a load-balancing, autoscaling environment or a single-instance environment. The type of environment that you require depends on the application that you deploy. For example, you can develop and test an application in a single-instance environment to save costs and then upgrade that environment to a load-balancing, autoscaling environment when the application is ready for production.

Explanation

49 / 65

You are pulled in on a redesign of a client’s AWS VPC. The client was an early adopter of AWS but wants to improve their overall security in the VPC. The budget allocated for this redesign is very limited and you need to optimize your time. You’ve created new security groups for the VPC. What’s the most expedient way to associate these new security groups with the instances in the VPC?

Shutdown the instances and attach to the new security groups then re-start the instances.

Delete the instances, create new instances, attach to the security groups, then launch the instances.

Associate the instances with the new security groups while the instances are running.

Create a snapshot of the instance, launch new instances from the snapshot, which are attached to the new security groups.

Explanation

A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a VPC, you can assign the instance to up to five security groups. Security groups act at the instance level, not the subnet level. Therefore, each instance in a subnet in your VPC could be assigned to a different set of security groups. If you don’t specify a particular group at launch time, the instance is automatically assigned to the default security group for the VPC. If an instance is running in an Amazon VPC you can change which security groups are associated with an instance while the instance is running.

Explanation

50 / 65

An existing client comes to you and says that he has heard that launching instances into a VPC (virtual private cloud) is a better strategy than launching instances into a EC2-classic which he knows is what you currently do. You suspect that he is correct and he has asked you to do some research about this and get back to him. Which of the following statements is true in regards to what ability launching your instances into a VPC instead of EC2-Classic gives you?

All of the things listed here

Assign static private IP addresses to your instances that persist across starts and stops

Change security group membership for your instances while they’re running

Define network interfaces, and attach one or more network interfaces to your instances

Explanation

By launching your instances into a VPC instead of EC2-Classic, you gain the ability to: Assign static private IP addresses to your instances that persist across starts andstops Assign multiple IP addresses to your instances. Define network interfaces, and attach one or more network interfaces to your instances Change security group membership for your instances while they’re running Control the outbound traffic from your instances (egress filtering) in addition to controlling the inbound traffic to them (ingress filtering). Add an additional layer of access control to your instances in the form of network access control lists (ACL). Run your instances on single-tenant hardware

Explanation

51 / 65

Select a true statement about Amazon EC2 Security Groups (EC2-Classic).

After you launch an instance in EC2-Classic, you cannot add or remove rules from a security group.

After you launch an instance in EC2-Classic, you can change its security groups only once.

After you launch an instance in EC2-Classic, you can’t change its security groups.

After you launch an instance in EC2-Classic, you can only add rules to a security group.

Explanation

52 / 65

A client has requested additional compute power for end-of-year transaction processing. You estimate that they will need an additional 10 servers during a three-day period. You begin creating the servers by specifying the instance type and selecting an AMI. What two key features do the instance type and AMI encapsulate? (Choose 2 answers)

The software loaded on the instance

The number of virtual licenses for software provided

The amount of virtual hardware dedicated to the instance

The key pair for the instance

Explanation

When creating an EC2 instance, by selecting the instance type and the Amazon Machine Image (AMI), you are selecting the the hardware type of the machine and the type of software you want on the machine, respectively. Various Linux types as well as Windows operating systems are available. In certain instances, you can also choose an AMI that comes with a database.

Explanation

53 / 65

Under the shared responsibility model, which aspects of security in the AWS cloud are the responsibility of the user rather than AWS? (Choose 3 answers)

Network hardware maintenance

EC2 instance security

Data encryption

Installation of EC2 security patches

Explanation

AWS is responsible for the security of the cloud in general, in areas such data security and protection against IP spoofing. The customer is responsible for security in the cloud in areas such as data encryption, installing security patches on EC2 instances, and IAM best practices. It is very important to understand this concept to avoid any lapses in your security measures.

Explanation

54 / 65

Your company is in the process of designing an Amazon cloud environment. You have been placed in charge of the design and begin reviewing the design artifacts. You notice that the proposed route table has two routes in it: 10.0.0.0/16 and 0.0.0.0/0. What do you know about these routes? (Choose 3 answers)

0.0.0.0/0 is the route to the internet gateway to route internet traffic

10.0.0.0/16 is the local route for communication within the VPC

10.0.0.0/16 is the route to the internet gateway to route internet traffic

0.0.0.0/0 is very permissive and routes all internet traffic

Explanation

Any traffic destined for a target within the VPC (10.0.0.0/16) is covered by the local route, and therefore routed within the VPC. All other traffic from the subnet uses the Internet gateway. A route in the route table of 0.0.0.0/0 routes traffic to the internet gateway. This will route all traffic and is very permissive. A more secure approach would be to route traffic only within the address range of the company ip block

Explanation

55 / 65

After setting up an EC2 security group with a cluster of 20 EC2 instances, you find an error in the security group settings. You quickly make changes to the security group settings. When will the changes to the settings be effective?

The settings will be effective immediately for all the instances in the security group.

The settings will be effective for all the instances only after 30 minutes

The settings will be effective only for the new instances added to the security group.

The settings will be effective only when all the instances are restarted

Explanation

Amazon Redshift applies changes to a cluster security group immediately. So if you have associated the cluster security group with a cluster, inbound cluster access rules in the updated cluster security group apply immediately.

Explanation

56 / 65

Alias

CNAME

Explanation

57 / 65

You want to configure DNS failover in Route 53 so that all of your resources are available for the majority of the time. Which of the following failover configurations would be most suited for this?

Passive-passive failover

Active-active failover

Enable failover

Disable failover

Explanation

You can configure DNS Failover in Route 53 in the following failover configurations:

Active-active failover: Use this failover configuration when you want all of your resources to be available the majority of the time.
Active-passive failover: Use this failover configuration when you want a primary group of resources to be available the majority of the time and you want a secondary group of resources to be on standby in case all of the primary resources become unavailable.
Active-active-passive and other mixed configurations: You can combine alias and non-alias resource record sets to produce a variety of Amazon Route 53 behaviors.

Explanation

You can configure DNS Failover in Route 53 in the following failover configurations:

Active-active failover: Use this failover configuration when you want all of your resources to be available the majority of the time.
Active-passive failover: Use this failover configuration when you want a primary group of resources to be available the majority of the time and you want a secondary group of resources to be on standby in case all of the primary resources become unavailable.
Active-active-passive and other mixed configurations: You can combine alias and non-alias resource record sets to produce a variety of Amazon Route 53 behaviors.

58 / 65

A user has configured ELB with two EBS backed EC2 instances. The user is trying to understand the DNS access and IP support for ELB. Which of the below mentioned statements may not help the user understand the IP mechanism supported by ELB?

ELB DNS supports both IPV4 and IPV6

The client can connect over IPV4 or IPV6 using Dualstack

Communication between the load balancer and back-end instances is always through IPV4

The ELB supports either IPV4 or IPV6 but not both

Explanation

Elastic Load Balancing supports both Internet Protocol version 6 (IPv6) and Internet Protocol version 4 (IPv4). Clients can connect to the user’s load balancer using either IPv4 or IPv6 (in EC2-Classic) DNS. However, communication between the load balancer and its back-end instances uses only IPv4. The user can use the Dualstack-prefixed DNS name to enable IPv6 supportfor communications between the client and the load balancers. Thus, the clients are able to access the load balancer using either IPv4 or IPv6 as their individual connectivity needs dictate.

Explanation

59 / 65

True or False: In Amazon Route 53, you can create a hosted zone for a top-level domain (TLD).

TRUE

FALSE

True, only if you send an XML document with a CreateHostedZoneRequest element for TL

False, Amazon Route 53 automatically creates it for you.

Explanation

In Amazon Route 53, you cannot create a hosted zone for a top-level domain (TLD).

Explanation

In Amazon Route 53, you cannot create a hosted zone for a top-level domain (TLD).

60 / 65

A user is uploading a backup of data to S3 Glacier for the purpose of disaster recovery (DR). The data stored in S3 Glacier is part of a larger data recovery plan that involves other AWS services. There is a relatively small set of data (100 MB) that needs to be restored immediately when a DR plan is executed, and the organization is planning RTO of 1 hour. Assuming the data size meets the requirements for any of the given retrieval options below, which S3 Glacier data retrieval option would you plan in a DR situation?

Use Standard retrievals

Use Expedited Retrievals with Provisioned Capacity

Use Bulk retrievals

Use Expedited retrievals without Provisioned Capacity

Explanation

There are three retrieval options with Amazon S3 Glacier:

Expedited — There are two types of Expedited retrievals: On-Demand and Provisioned. On-Demand requests are similar to EC2 On-Demand instances and are available most of the time. Provisioned requests are guaranteed to be available when you need them, which is recommended for a DR plan.
Standard — Standard retrievals allow you to access any of your archives within several hours.
Bulk — Bulk retrievals are Amazon S3 Glacier’s lowest-cost retrieval option, which you can use to retrieve large amounts, even petabytes, of data inexpensively in a day. Bulk retrievals typically complete within 5–12 hours.

Explanation

There are three retrieval options with Amazon S3 Glacier:

Expedited — There are two types of Expedited retrievals: On-Demand and Provisioned. On-Demand requests are similar to EC2 On-Demand instances and are available most of the time. Provisioned requests are guaranteed to be available when you need them, which is recommended for a DR plan.
Standard — Standard retrievals allow you to access any of your archives within several hours.
Bulk — Bulk retrievals are Amazon S3 Glacier’s lowest-cost retrieval option, which you can use to retrieve large amounts, even petabytes, of data inexpensively in a day. Bulk retrievals typically complete within 5–12 hours.

61 / 65

A web application hosted on 40 EC2 instances allows traffic on port 80. The 40 EC2 instances are assigned to the same security group, and located in different subnets within the same VPC. The organization is planning to use one of these 40 instances for testing an application running on port 8080. You have created a new security group that allows inbound and outbound traffic on port 8080.

What additional steps can allow you to test the new application with minimal additional cost or disruption to your current infrastructure? (Choose 2 answers)

Attach an ENI with port 8080 opened to an existing instance.

Assign the new security group to the newly attached ENI.

Launch an instance in a new subnet.

Assign the instance’s primary network interface to the new security group.

Explanation

A Virtual Private Cloud (VPC) is a virtual network dedicated to the user’s AWS account. It enables the user to launch AWS resources into a virtual network that the user has defined. An Elastic Network Interface (ENI) is a virtual network interface that the user can attach to an instance in a VPC.

The ENI allows the user to change the security group of a running instance. Thus, in the present scenario when the organization wants to have a separate security group for one of the instances, it should change the security group of that ENI. This avoids the cost and time of deploying a new instance or configuring a new subnet, or changing the configuration of an existing security group.

Explanation

62 / 65

You are tasked with configuring Route 53 for use with EC2 instances across multiple regions that are used for a customer’s website. The customer would like to route traffic based upon the location of the website’s visitors so visitors from specific regions can be presented with specific content. Which of the following would be best suited to meet the requirement?

A geolocation routing policy

A region based routing policy

EDNS0

DynDNS

Explanation

A Geolocation routing policy would allow Route 53 to route queries based upon the location of users. DynDNS is used to automatically update DNS records. EDNS0 can be used to improve the accuracy of geolocation routing, but is not a routing policy in and of itself. Region based is not a valid Route 53 routing policy type.

Explanation

63 / 65

An organization is planning to implement a scalable web application with Amazon EC2. The organization is planning to achieve high availability with Multi-AZ features. A single deployment of your application requires 8 vCPUs and 16 GiB total memory. The application workload is very stable, and does not experience spikes in activity. It is possible to divide the workload across separate instances.

Which configuration is the best choice for high availability, disaster recovery, and cost-effectiveness in this scenario?

Launch four instances with 4 vCPUs and 8 GiB memory each. Associated all four instances with one auto scaling group, and deploy the instances into two separate availability zones, and then load balance them with an elastic load balancer

Launch two instances with 8 vCPUs and 16 GiB memory each. Associate both instances with one auto scaling group, and deploy them in separate availability zones. Finally, load balance them with an elastic load balancer

Launch eight instances with 4 vCPUs and 8 GiB memory each. Divide the instances into separate availability zones, and also divide the instances into two separate auto scaling groups across the two availability zones. Deploy a separate load balancer for each group of instances within an availability zone

Launch four instances with 8 vCPUs and 16 GiB memory each. Associate all four instances with one auto scaling group, and deploy them into two separate availability zones. Finally, load balancer them with an elastic load balancer.

Explanation

The organization can always launch multiple EC2 instances in the same region across multiple availability zones for high availability and disaster recovery. It is recommended that the application should be load balanced for better load distribution. When the organization must support a workload that could be met with a small number of large instances, it is recommended to distribute the load by creating four small instances across availability zones. The two large instances give only 50% redundancy while the four small instances give 75% redundancy. As for cost, both the scenarios are the same it is recommended to run four small instances across availability zones

Explanation

64 / 65

A user is implementing resources for a group of separate batch processes to be completed during non-business hours. The process is predicted to take 6 hours to complete. This group of batch processing will require a compute-optimized instance, which is a different instance family than any deployed within your production environment. Which option is the right instance type and purchase option in this case, assuming the user performs the same task for the next twelve months?

A convertible reserved instance

An instance on an EC2 instance savings plan

A spot instance

An instance on a compute savings plan

Explanation

A spot instance is not the right instance type for this scenario. Spot instances would very likely be interrupted before a 6 hour job would be complete.

A convertible instance and a compute savings plan both offer up to 66 percent off, but an EC2 instance savings plan offers up to 72 percent discount.

Explanation

A spot instance is not the right instance type for this scenario. Spot instances would very likely be interrupted before a 6 hour job would be complete.

A convertible instance and a compute savings plan both offer up to 66 percent off, but an EC2 instance savings plan offers up to 72 percent discount.

65 / 65

Which statement regarding Elastic Load Balancing is incorrect?

ELB can associate the load balancer with your domain name

ELB is free as you only pay for EC2 instances.

ELB supports the use of both the Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6).

ELB can distribute the requests to Amazon EC2 instances (servers) in multiple Availability Zones.

Explanation

As with all Amazon Web Services, you pay only for what you use. For Elastic Load Balancing, you pay for each hour or portion of an hour that the service is running, and you pay for each gigabyte of data that is transferred through your load balancer.

Explanation

Your score is

The average score is 44%

LinkedIn Facebook Twitter

Please rate your experience to help us improve !

Need more practice ? take the AWS Certified Solutions Architect Associate (SAA) – Learning mode

Follow Us

Basic & Fundamentals

Recent Posts

Most Read

AWS Certified Solutions Architect Associate (SAA02) – Free Practice Tests

AWS Certified Solutions Architect Associate (SAA) – Learning Mode

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

AWS Certified Solutions Architect Associate (SAA) – Exam Mode

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation