AWS Certified Solutions Architect Associate (SAA02) - Free Practice Tests

This AWS practice test helps you to pass the following AWS exams and can also helps you to revise the AWS concepts if you are preparing for AWS interviews.

AWS Certified Solutions Architect Associate
AWS Certified Cloud Practitioner

Below AWS practice tests has two different Modes

Learning Mode: 25 questions per test with answers and explanation, no time limit, repeat tests
Exam Mode: 65 questions per test (similar to real AWS exam), 130 minutes, repeat tests

AWS Certified Solutions Architect Associate (SAA) – Learning Mode

/25

10 votes, 4.5 avg

337

1 / 25

A client has contracted you to review their existing AWS cloud environment and recommend and implement best practice changes. You begin by reviewing existing users and Identity Access Management. You immediately notice improvements that can be made with the use of the root account and Identity Access Management. What are the best practice guidelines for use of the root account?

Use the root account to create all other accounts, and share the root account with one backup administrator.

Use the root account to create your first IAM user and then lock away the root account.

Use the root account only to create administrator accounts.

Never use the root account.

Explanation

Don’t use your AWS root account credentials to access AWS, and don’t give your credentials to anyone else. Instead, create individual users for anyone who needs access to your AWS account. Create an IAM user for yourself as well, give that user administrative privileges, and use that IAM user for all your work.

Explanation

2 / 25

When CloudWatch detailed monitoring is enabled, what is the minimum duration of a CloudWatch alarm?

1 minute

5 minutes

30 minutes

10 minutes

Explanation

When creating an alarm, select a period that is greater than or equal to the frequency of the metric to be monitored. For example, basic monitoring for Amazon EC2 provides metrics for your instances every 5 minutes. When setting an alarm on a basic monitoring metric, select a period of at least 300 seconds (5 minutes). Detailed monitoring for Amazon EC2 provides metrics for your instances every 1 minute. When setting an alarm on a detailed monitoring metric, select a period of at least 60 seconds (1 minute).

Explanation

3 / 25

A user needs to run a batch process which runs for 10 minutes. This will only be run once, or at maximum twice, in the next month, so the processes will be temporary only. The process needs 15 X-Large instances. The process downloads the code fromS3 on each instance when it is launched, and then generates a temporary log file. Once the instance is terminated, all the data will be lost. Which of the below mentioned pricing models should the user choose in this case?

Spot instance

Reserved instance

On-demand instance

EBS optimized instance

Explanation

In Amazon Web Services, the spot instance is useful when the user wants to run a process temporarily. The spot instance can terminate the instance if the other user outbids the existing bid. In this case all storage is temporary and the data is not required to be persistent. Thus, the spot instance is a good option to save money

Explanation

4 / 25

You are tasked with configuring Route 53 for use with EC2 instances across multiple regions that are used for a customer’s website. The customer would like to route traffic based upon the location of the website’s visitors so visitors from specific regions can be presented with specific content. Which of the following would be best suited to meet the requirement?

A geolocation routing policy

EDNS0

A region based routing policy

DynDNS

Explanation

A Geolocation routing policy would allow Route 53 to route queries based upon the location of users. DynDNS is used to automatically update DNS records. EDNS0 can be used to improve the accuracy of geolocation routing, but is not a routing policy in and of itself. Region based is not a valid Route 53 routing policy type.

Explanation

5 / 25

You are the lead architect for an online educational content streaming service. You currently have hundreds of Apple HLS video files formated and packaged using AWS Elemental MediaConvert, and hosted in Amazon S3 buckets. You are streaming content via HTTPS. After an extended loss of availability due to a regional Amazon S3 outage, you need to optimize your CloudFront distributions using origin groups. Which types of origin servers could you configure as your secondary origins, in case another Amazon S3 outage occurs? (Choose 3 answers)

On-premise HTTP servers

Amazon EC2 instances

RTMP distributions

An Amazon S3 bucket in a different region

Explanation

When you configure an origin group, you can pair two AWS origins or custom origins. This means all three of the choices would be possible, but RTMP distributions are not compatible because they do not transfer over HTTPS. You also want to select an Amazon S3 bucket in a different region from your primary origin, so that failover is possible

Explanation

6 / 25

Which choice below accurately describes the ‘warm standby’ disaster recovery method?

Keeping data backed up to tape and sent offsite regularly, from which all data can be restored in the event of a disaster.

Storing critical systems as a template, from which resources can be scaled out in the event of a disaster.

A duplicate version of only your business-critical systems that is always running, in case you need to divert your workloads to them in the event of a disaster.

A complete duplicate of your entire system, to which all traffic can be directed in the event of a disaster.

Explanation

Warm standby is essentially ready to go with all key services running in the most minimal possible way, essentially a smaller version of the production environment. In the event of a disaster, the standby environment will be scaled up for production load quickly and easily. DNS records will be changed to route all traffic to the AWS environment.

Explanation

7 / 25

A user has launched an EBS-backed EC2 instance with a Windows operating system. Which statement is correct regarding how Windows instances are billed when rebooted or stopped and restarted?

For rebooting AWS does not charge a new instance hour, while every stop or restart will be charged fee for a new instance hour as a separate hour

For every reboot or start/stop, the user will be charged as a separate hour.

Every reboot is charged by AWS as a separate hour, while multiple start/stop actions during a single hour will be counted as a single hour.

For rebooting AWS charges extra only once, while for every stop/start the user will be charged as a separate hour

Explanation

For an EC2 instance launched with an EBS backed Windows AMI, each time the instance state is changed from stop to start/ running, AWS charges restart a new per-hour charge. Effective October 2, 2017, charges are calculated on a per-second basis for On-Demand, Spot and Reserved instances with Linux operating systems, with a minimum one-minute charge. Regardless of operating system, rebooting an instance AWS does not incur a charge an hour or one-minute minimum charge.

Explanation

8 / 25

You are involved in the design of a client’s AWS cloud environment. A requirements meeting regarding storage leads to the need for EBS volumes in the design. Much of the design will require standard storage but there is a critical business application, which requires sustained IOPs performance. Which EBS storage option is best for critical apps that need high performance?

Magnetic volumes

General-purpose SSD

Provisioned IOPs SSD

High IOPs SSD

Explanation

Amazon RDS provides three storage types: magnetic, General Purpose (SSD), and Provisioned IOPS (input/output operations per second). Provisioned IOPS storage is designed to meet the needs of I/O-intensive workloads, particularly database workloads, that are sensitive to storage performance and consistency in random access I/O throughput. Provisioned IOPS volumes can range in size from 100 GB to 6 TB for MySQL, MariaDB, PostgreSQL, and Oracle DB engines.

Explanation

9 / 25

You have been placed in charge of your company’s existing AWS cloud environment. Your company is very large and you have a team of 5 engineers. You are managing IAM with one of your team members as a backup. You will assign two team members to manage the RDS databases and will need two team members managing the VPC and the EC2 instances within it. How can you give your team members the ability to administer the EC2 instances? (Choose 2 answers)

Create a login key pair for the EC2 instances and provide this to your team.

Create cross-account access to the VPC which houses the EC2 instances.

Create a role with permissions that grant EC2:* actions on all resources.

Ensure permissions are in place to allow the intended team members to assume the role.

Explanation

Using IAM, you apply permissions to IAM users, groups, and roles by creating policies. You can create two types of IAM policies: Managed Policies and Inline Policies. Managed policies are standalone policies that you can attach to multiple users, groups, and roles in your AWS account. Managed policies apply only to identities (users, groups, and roles) – not resources. Inline policies are policies that you create and manage, and that are embedded directly into a single user, group, or role.

Explanation

10 / 25

In which circumstance would a bucket owner pay for the data transfers instead of the Requester Pays bucket?

When the request is 202 Accepted

When the request is a known request

When the request is a HTTP request

When the request is anonymous

Explanation

The charge for successful Requester Pays requests is straightforward: the requester pays for the data transfer and the request; the bucket owner pays for the data storage. However, the bucket owner is charged for the anonymous request.

Explanation

11 / 25

Which use cases would be best served by an S3 bucket ACL? (Choose 2 answers)

Hosting databases

Making a bucket world readable for static web hosting

Implementing client-side encrypted data

Enabling bucket logging

Explanation

S3 bucket access control lists are a legacy access control mechanism, created before IAM existed. S3 bucket ACLs are best used for a limited set of use cases

Explanation

S3 bucket access control lists are a legacy access control mechanism, created before IAM existed. S3 bucket ACLs are best used for a limited set of use cases

12 / 25

After reviewing the reports from AWS Trusted Advisor, your company has decided to enable multi-factor authentication for IAM users and the root account. Which of the following MFA options can be used for both account types? (Choose 2 answers)

Hardware MFA Device

AWS Security Token Service

A software-based Virtual MFA device

SNS Notification Service

Explanation

For increased security, AWS recommends that you configure multi-factor authentication (MFA) to help protect your AWS resources. MFA adds extra security because it requires users to enter a unique authentication code from an approved authentication device or SMS text message when they access AWS websites or services. This type of MFA requires you to assign an MFA device (hardware or virtual) to the IAM user or the AWS root account.

Explanation

13 / 25

A user has launched an EC2 instance into a VPC with several private and public subnets. The VPC and EC2 instance have the following configurations in place:

A database server is hosted on a Linux EC2 instance located in a private subnet.
A hardened bastion host is launched in a separate public subnet. You have enabled SSH-agent forwarding, and the bastion host’s security group has been configured to allows traffic via Port 22.
A custom security group has been added and associated with the Linux EC2 instance in the private subnet. The custom security group has not updated from its default settings.

With these configurations in place, the user is not able to access the database instance in the private subnet via the bastion host.

What can be the possible reason for this failure?

The EC2 instance needs an elastic IP address to communicate with the bastion host.

The bastion host needs to be replaced with a NAT gateway.

The bastion host needs to be placed in the same subnet as the EC2 instance.

The security group of the database instance is not configured to allow incoming traffic.

Explanation

For the SSH agent forwarding to be successful, both security groups need to allow connection via port 22. Custom security groups by default allow all outbound traffic, but deny all inbound traffic.

Explanation

For the SSH agent forwarding to be successful, both security groups need to allow connection via port 22. Custom security groups by default allow all outbound traffic, but deny all inbound traffic.

14 / 25

A user is aware that a huge download is occurring on his instance. He has already set the Auto Scaling policy to increase the instance count when the network I/O increases beyond a certain limit. How can the user ensure that this temporary event does not result in scaling?

Suspend scaling

The network I/O are not affected during data download

The policy cannot be set on the network I/O

There is no way the user can stop scaling as it is already configured

Explanation

The user may want to stop the automated scaling processes on the Auto Scaling groups either to perform manual operations or during emergency situations. To perform this, the user can suspend one or more scaling processes at any time. Once it is completed, the user can resume all the suspended processes.

Explanation

15 / 25

You are an engineer at a large bank, responsible for managing your firm’s AWS infrastructure. The finance team has approached you, indicating their concern over the growing AWS budget, and has asked you to investigate ways to lower it. Since your firm has enterprise-level support, you decide to use the AWS Trusted Advisor tool for this effort. What are some of the cost optimization checks that Trusted Advisor will perform? (Choose 3 answers)

Underutilized Amazon Redshift Clusters

Idle Load Balancers

Underutilized Amazon EBS Volumes

EC2 Spot Instance Optimization

Explanation

Trusted Advisor checks for Amazon EC2 reserved instances optimization, low utilization of Amazon EC2 instances, idle Load Balancers, underutilized Amazon EBS Volumes, unassociated Elastic IP Addresses, Amazon RDS idle DB instances, Amazon Route 53 Latency Resource Record Sets, Amazon EC2 reserved instance lease expiration and underutilized Amazon Redshift Clusters

Explanation

16 / 25

You have been checking some Amazon EC2 Auto Scaling events that you previously configured. You notice that an application is scaling up and down multiple times within the hour. Which of the following design changes could optimize cost while preserving elasticity? (Choose 2 answers)

Create a Lambda function to handle Auto Scaling events to launch reserved instances

Add a lifecycle hook to the Auto Scaling group

Change the scale down CloudWatch metric to a higher threshold

Add more EC2 instances

Explanation

Each CloudWatch alarm watches a single metric and sends messages to Auto Scaling when the metric breaches a threshold that you specify in your policy. Changing the scale down the CloudWatch metric to a higher threshold will not cost any more.

Auto Scaling also supports adding life-cycle hooks to Auto Scaling groups. These hooks enable you to control how instances launch and terminate within an Auto Scaling group; you can perform actions on the instance before it is put into service or before it is terminated. This is also cost-efficient and hence also a correct answer.

All the other answers will not optimize costs.

Explanation

All the other answers will not optimize costs.

17 / 25

Your client is a legal firm with offices in New York and Boston. You have gathered all of the requirements and have started designing their AWS cloud environment. The design calls for a VPC for the New York office and a VPC for the Boston office. The client wants this separation for billing purposes and other considerations. But they have a need for interoperability between the two VPCs. How can you best meet this requirement?

Set up a VPC Peering connection

Place an Internet Gateway between the two VPCs.

Set up Direct Connect between the two VPCs.

Set up a vpn between the two VPCs.

Explanation

A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses. Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account.

Explanation

18 / 25

What is one security benefit of utilizing the Elastic Load Balancer?

Performing network address translation

Providing TLS/SSL termination as well as centralized certificate management

Providing encrypted data storage for use in application development

Blocking network traffic based on heuristic analysis

Explanation

The Elastic Load Balancer can integrate with the AWS Certificate Manager to provide a central method of managing your TLS/SSL certificates. It allows you to renew, deploy and configure your TLS/SSL certificates for your application or website from a single location.

Explanation

19 / 25

You are setting up your company’s Virtual Private Cloud (VPC). It is time to select the virtual hardware and the software to be provisioned for the instances you will launch within the VPC. You will do this by selecting the Instance Types and Amazon Machine Images (AMI). Which item is not defined by the AMI?

Virtual CPUs

Operating system

The initial state of any patches

Application or System Software

Explanation

An Amazon Machine Image (AMI) is a template that contains a software configuration (for example, an operating system, an application server, and applications). The AMI includes the operating system, initial state of any patches, and any application software. For example, you can select an AMI that has SQL Server. The virtual CPUs are not part of the AMI but are defined by the instance type.

Explanation

20 / 25

You have taken on a client that has been configured for AWS cloud and is fully operational. Your investigation of the environment reveals that your predecessor was a highly skilled AWS Architect. You view one instance that handles Internet traffic but also handles back end database traffic in a private subnet. This one instance is configured as a full management network attached to both a public subnet and a private subnet. What AWS device will enable such a configuration for a single instance?

Elastic ip address

Auto scaling group

Elastic Load Balancer

Elastic Network Interface

Explanation

You can create a management network using network interfaces. In this scenario, the secondary network interface on the instance handles public-facing traffic and the primary network interface handles back-end management traffic and is connected to a separate subnet in your VPC that has more restrictive access controls. The public-facing interface, which may or may not be behind a load balancer, has an associated security group that allows access to the server from the Internet while the private facing interface has an associated security group allowing SSH access only from an allowed range of IP addresses either within the VPC or from the Internet, a private subnet within the VPC or a virtual private gateway.

Explanation

21 / 25

A legacy application in your company has been deployed in a single availability zone. It is used only sporadically but must be available nevertheless. Due to your heavy administrative workload, you wish to automate a process that will rebuild the application automatically if it fails. What action should you take?

Monitor the server availability using Cloud Watch metrics to receive alerts of health check failures.

Configure the server in an auto scaling group with a minimum and maximum size of one

Add an additional availability zone and a load balancer.

Perform snapshots of EBS volumes on a set schedule.

Explanation

Auto scaling provides redundancy for a single server with the option of launching a configuration using the attributes from a running instance. When you use this option, auto scaling copies the attributes from the specified instance into a template from which you can launch one or more auto scaling groups.

Note that if the specified instance has properties that are not currently supported by auto scaling, instances launched by auto scaling using the launch configuration created from the identified instance might not be identical to the identified instance.

Explanation

22 / 25

A non-root EC2 instance store volume is added to an EBS-backed EC2 instance. Then the instance is somehow accidentally terminated or failed. What happened to the data on the non-root EC2 instance store volume?

The data is deleted

The volume data is saved in S3

The data is automatically copied to another instance store volume

The data persists.

Explanation

EC2 instance store volumes can be added as additional volumes to certain EBS-backed EC2 Instance types. Any data on the instance store volumes persists as long as the instance is running, but this data is deleted when the instance is terminated or if it fails (such as if an underlying drive has issues).

Explanation

23 / 25

After monitoring your online sales application for the last two weeks of holiday sales, it is apparent that your database tier’s current architectural design is not sufficient. Your database is currently managed within Amazon RDS. The decision is made to scale your instance to a greater size based on database recommendations from the vendor. Your current database storage type is magnetic, and storage usage is currently at 70%.

Which modifications could potentially improve the performance of your database? (Choose 2 answers)

Increase the currently allocated storage space

Change the storage type to general-purpose SSD.

Increase the number of read replicas.

Decrease the currently allocated storage space

Explanation

When scaling a database, you can increase the storage capacity of a DB Instance up to a maximum of 64 terabytes (TiB). Please note that scaling the storage allocation with Amazon RDS does not incur a database outage. The performance will be increased as well.

Explanation

24 / 25

You are running an Amazon EC2 EBS-backed instance with a Windows operating system. The hourly instance charge for your instance is $14. You’ve asked your team to stop the instance when they aren’t using it in an effort to save money. However, when the bill comes, you’re surprised to realize that there was an hour where you were charged $42 for the instance. How could this be?

Too many people attempted to access that instance in that particular hour, resulting in a higher bill.

No one ever stopped the instance like they were supposed to when they weren’t using it.

That instance was stopped and restarted twice within that hour.

That instance was stopped and never started again, resulting in a premature termination fee.

Explanation

When an Amazon EBS-backed instance is stopped, you’re not charged for instance usage; however, you’re still charged for volume storage. Amazon charges a full instance hour for every transition from a stopped state to a running state, even if you transition the instance multiple times within a single hour. In this scenario, the charge was $42, which is three times more than $14. This suggests that you stopped and restarted that instance twice during that hour (the initial $14, plus 2 x $14 for each restart).

Although some instances now have per-second billing available, this new billing structure does not apply to Windows instances at this point.

Explanation

Although some instances now have per-second billing available, this new billing structure does not apply to Windows instances at this point.

25 / 25

You are managing cloud storage for your company, which wants the technical staff to have some latitude in managing the buckets under your supervision. In an effort to increase visibility and accountability on bucket management, you’d like to know who is accessing the buckets and to be notified of delete actions.

What features can provide this information for S3 buckets? (Choose 2 answers)

Turn on S3 Event Notifications for delete actions

Enable S3 Server Access Logs on the buckets

Enable CloudWatch Logs

View the S3 event logs

Explanation

S3 Event Notifications can be set up on objects stored in S3. An event could be set up to notify when a delete is performed. Logging is turned off by default but can be enabled. When enabled, they can track requests to your S3 bucket.

S3 Server Access Logging tracks detailed information not currently available with CloudWatch metrics or CloudTrail logs. To track requests for access to your bucket, you can enable access logging. Each access log record provides details about a single access request, such as the requester, bucket name, request time, request action, response status, and error code, if any. Access log information can be useful in security and access audits. It can also help you learn about your customer base and understand your Amazon S3 bill.

Explanation

Your score is

The average score is 54%

LinkedIn Facebook Twitter

Please rate your experience to help us improve !

Ready to take AWS Certified Solutions Architect Associate (SAA) – Exam mode ?

AWS Certified Solutions Architect Associate (SAA) – Exam Mode

/65

5 votes, 4.8 avg

154

Click Start button to start exam !

Time Out !

1 / 65

You are leading a design meeting in your company to create an autoscaling group of EC2 instances behind an Application Load Balancer in your VPC. There are very specific requirements coming about based on traffic and cost. Your management wants to scale out when necessary and scale in when instances are no longer needed to save on cost and maintain optimum system performance based on CPU utilization.

What step can most effectively meet these requirements?

Create a scheduled scaling policy with Amazon EC2 Auto Scaling that scales out and in predefined patterns during normal business hours.

Create a target tracking scaling policy with Amazon EC2 Auto Scaling based on CPU utilization

Create a scaling policy based on the Elastic Load Balancer latency metric

Create a simple scaling policy with Amazon Application Auto Scaling that scales at different rates based on CPU utilization.

Explanation

You can associate more than one scaling policy with an autoscaling group. Having one policy to scale out and one policy to scale in is a viable option. Scaling out during business hours and scaling in during off hours could be fairly effective for performance and cost. But scaling out and in using CloudWatch metrics for CPU utilization would be much more precise for both performance and cost considerations.

Explanation

2 / 65

You are an engineer at a large bank, responsible for managing your firm’s AWS infrastructure. As the environment and number of active resources continue to grow, your finance team is having a difficult time attributing your AWS costs to the various business units. How can you help the finance team assign costs to the correct business units? (Choose 2 answers)

Give them access to TCO calculator.

Set up consolidated billing

Enable Cost and Usage reports.

Tag all resources with the appropriate business unit.

Explanation

By tagging all resources with the business unit and enabling detailed billing reports, you would enable the finance team to run cost reports by business unit.

Explanation

By tagging all resources with the business unit and enabling detailed billing reports, you would enable the finance team to run cost reports by business unit.

3 / 65

You are designing the compute resources for a cloud-native application that you will host on AWS. You want to configure auto scaling groups, to increase the compute layer’s resilience and responsiveness. However, your IT management team has one concern. They want the ability to optimize the Amazon EC2 instances within an auto scaling group as easily and with as little downtime as possible after it has been launched. What is the best way to meet this requirement?

Associate the auto scaling group with a launch template. When you need to update the instances within the autoscaling group, delete the existing template and create and attach a new launch template

Associate the auto scaling group with a launch template. When you need to update the instances within the autoscaling group, create a new version of the launch template and assign it to the autoscaling group

Associate the auto scaling group with a launch template. When you need to update the instances within the autoscaling group, stop the instances, modify them, and restart them

Associate the Auto Scaling Group with a launch configuration. When you need to update the instances within the autoscaling group, create and attach a new launch configuration to the Auto Scaling Group

Explanation

A launch configuration is a template that the Auto Scaling group uses to launch Amazon EC2 instances. You create the launch configuration by including information such as the Amazon Machine Image ID to use for launching the EC2 instance, the instance type, key pairs, security groups, and block device mappings, among other configuration settings. When you create your Auto Scaling group, you must associate it with a launch configuration. You can attach only one launch configuration to an Auto Scaling group at a time.

Launch configurations cannot be modified. They are immutable.

If you want to change the launch configuration of your Auto Scaling group, you have to first create a new launch configuration and then update your Auto Scaling group by attaching the new launch configuration.

When you attach a new launch configuration to your Auto Scaling group, any new instances are launched using the new configuration parameters. Existing instances are not affected.

Launch templates work very differently. You can have multiple versions of a launch template saved, and disassociate one version from an auto scaling group and replace it with another without deleting any existing templates or stop and restarting your auto scaling group

Explanation

Launch configurations cannot be modified. They are immutable.

When you attach a new launch configuration to your Auto Scaling group, any new instances are launched using the new configuration parameters. Existing instances are not affected.

4 / 65

You have been assigned to work with a manufacturing company that wants to migrate to a Virtual Private Cloud. Their technical lead is very proactive and and would like to use EC2 Spot instances wherever possible for cost efficiency. He also wants to use Instance Stored volumes where possible. You need to educate the technical lead about EBS backed volumes versus Instance Stored volumes. What are some of the advantages of EBS volumes? (Choose 3 answers)

EBS based instances can be stopped and restarted.

If the instance is terminated, your data is not lost.

EBS instances boot faster

EBS volumes are more cost-effective

Explanation

An EBS volume is off-instance storage that can persist independently from the life of an instance. You continue to pay for the volume usage as long as the data persists. EBS instances can be stopped and re-started. And EBS volumes boot faster than instance store volumes often by an order of magnitude

Explanation

5 / 65

When CloudWatch detailed monitoring is enabled, what is the minimum duration of a CloudWatch alarm?

30 minutes

5 minutes

1 minute

10 minutes

Explanation

6 / 65

You are setting up your first Amazon Virtual Private Cloud (Amazon VPC) so you decide to use the VPC wizard in the AWS console to help make it easier for you. Which of the following statements is correct regarding instances that you launch into a default subnet via the VPC wizard?

Instances that you launch into a default subnet receive a public IP address and 10 private IP addresses.

Instances that you launch into a default subnet receive both a public IP address and a private IP address.

Instances that you launch into a default subnet don’t receive any ip addresses and you need to define them manually.

Instances that you launch into a default subnet receive a public IP address and 5 private IP addresses.

Explanation

Instances that you launch into a default subnet receive both a public IP address and a private IP address. Instances in a default subnet also receive both public and private DNS hostnames. Instances that you launch into a nondefault subnet in a default VPC don’t receive a public IP address or a DNS hostname. You can change your subnet’s default public IP addressing behavior

Explanation

7 / 65

The common use cases for DynamoDB Fine-Grained Access Control (FGAC) are cases in which the end user wants .

to change the hash keys of the table directly

to read or modify any codecommit key of the table directly, without a middle-tier service

to read or modify the table directly, without a middle-tier service

to check if an IAM policy requires the hash keys of the tables directly

Explanation

FGAC can benefit any application that tracks information in a DynamoDB table, where the end user (or application client acting on behalf of an end user) wants to read or modify the table directly, without a middle-tier service. For instance, a developer of a mobile app named Acme can use FGAC to track the top score of every Acme user in a DynamoDB table. FGAC allows the application client to modify only the top score for the user that is currently running the application

Explanation

8 / 65

A user has created a subnet in VPC and launched an EC2 instance within it. The user has not selected the option to assign the IP address while launching the instance. The user has 3 elastic IPs and is trying to assign one of the Elastic IPs to the VPC instance from the console. The console does not show any instance in the IP assignment screen. What is a possible reason thatthe instance is unavailable in the assigned IP console?

The IP address belongs to a different zone than the subnet zone

The IP addresses belong to EC2 Classic, so they cannot be assigned to VPC

The IP address may be attached to one of the instances

The user has not created an internet gateway

Explanation

A Virtual Private Cloud (VPC) is a virtual network dedicated to the user’s AWS account. A user can create a subnet with VPC and launch instances inside that subnet. When the user is launching an instance he needs to select an option which attaches a public IP to the instance. If the user has not selected the option to attach the public IP, then it will only have a private IP when launched. If the user wants to connect to an instance from the Internet, he should create an elastic IP with VPC. If the elastic IP isa part of EC2 Classic, it cannot be assigned to a VPC instance.

Explanation

9 / 65

You have been put in charge of your company’s Virtual Private Cloud (VPC). The environment lacks sufficient documentation. You are investigating the VPC in an effort to document the environment. Your review includes the route tables. What relationships between route tables and subnets can you count on being present in the environment? (Choose 2 answers)

Subnets are not related to route tables

If a route table is not associated with a subnet, the subnet will be associated with the main route table

All subnets must be associated with the default route table

Each subnet must be associated with a route table

Explanation

Each subnet must be associated with a route table, which controls the routing for the subnet. If you don’t explicitly associate a subnet with a particular route table, the subnet is implicitly associated with the main route table. A route in the route table to an Internet Gateway marks the subnet as a public subnet and no route to an Internet Gateway marks the subnet as private.

Explanation

10 / 65

You have multiple VPN connections and want to provide secure communication between sites using the AWS VPN CloudHub. Which statement is the most accurate in describing what you must do to set this up correctly?

Create a virtual private gateway with multiple customer gateways, each with unique Border Gateway Protocol (BGP) Autonomous System Numbers (ASNs)

Create a virtual public gateway with multiple customer gateways, each with a unique Private subnet

Create a virtual private gateway with multiple customer gateways, each with a unique set of keys

Create a virtual private gateway with multiple customer gateways, each with unique subnet id

Explanation

If you have multiple VPN connections, you can provide secure communication between sites using the AWS VPN CloudHub. The VPN CloudHub operates on a simple hub-and-spoke model that you can use with or without a VPC. This design is suitable for customers with multiple branch offices and existing Internet connections who’d like to implement a convenient, potentially low-cost hub-and-spoke model for primary or backup connectivity between these remote offices. To use the AWS VPN CloudHub, you must create a virtual private gateway with multiple customer gateways, each with unique Border Gateway Protocol (BGP) Autonomous System Numbers (ASNs). Customer gateways advertise the appropriate routes (BGP prefixes) over their VPN connections. These routing advertisements are received and re-advertised to each BGP peer, enabling each site to send data to and receive data from the other sites. The routes for each spoke must have unique ASNs and the sites must not have overlapping IP ranges. Each site can also send and receive data from the VPC as if they were using a standard VPN connection

Explanation

11 / 65

What is the Total Cost of Ownership (TCO) calculator?

A dashboard that allows you to monitor costs for your on-premise or hybrid configurations.

A service that helps you select the most cost-effective EC2 instance types based on your specific application use case.

A free service that allows you to compare the cost of AWS with an on-premise data center.

A free AWS calculator that shows you the cost of hosting your AWS services in different availability zones or regions.

Explanation

The Total Cost of Ownership (TCO) Calculator is a free service offered by AWS to allow you to compare the cost of on-premises servers and AWS cloud services. It requires users to answer a short series of questions and then provides a detailed report on the potential AWS cloud environment that would mirror their on-premise systems.

Explanation

12 / 65

You are troubleshooting issues in an AWS Auto Scaling group. The Auto Scaling group is behind an application load balancer (ALB) and is not replacing a faulty instance.

What must you ensure that Auto Scaling is checking so that instances in your Auto Scaling group are properly marked as unhealthy? (Choose 2 answers)

Instance Status Check

Event Viewer

Cloudtrail Logs

ELB Health Check

Explanation

Auto Scaling uses EC2 status checks to detect hardware and software issues with the instances, but the load balancer performs health checks by sending a request to the instance and then waiting for a 200 response code, or by establishing a TCP connection (for a TCP-based health check) with the instance. Even if you’ve configured an Elastic Load Balancer, the autoscaler does not automatically check the ELBs health checks. You must add the ELB Health Check to your autoscaling policy.

Explanation

13 / 65

Your organization is thinking of running parts of their workload on AWS while keeping the critical and sensitive servers on-premises with continuous connectivity between instances in AWS and corporate data center. In such a hybrid cloud environment what are the minimum requirements to maintain resilient continuous connectivity between AWS and corporate data center?

A primary direct connect line connected to at least two routers in the corporate data center

A primary direct connect line and a VPN connection for backup connected to the corporate primary router

A primary and a backup direct connect line and at least two routers in the corporate data center

A primary and a backup direct connect line connected to the primary router in the corporate data center

Explanation

In Hybrid cloud environment where connectivity between AWS and Corporate datacenter is critical, redundant active/active or active/passive configurations should be implemented for connectivity resources. redundancy has to be on both sides (AWS and On-premises) hence the minimum requirements to implement this architecture is two direct connect lines and two customer devices (ideally in two different data centers)

Explanation

14 / 65

You are helping a client design a static website which will potentially grow exponentially in the first few years of existence. You outline the benefits of using S3 to host this Website. What characteristics of S3 elasticity and scalability can you feature? (Choose 2 answers)

S3 supports an unlimited number of files in a bucket

S3 synchronously replicates information to all availability zones within a region

S3 bucket names can be replicated in multiple regions.

S3 asynchronously replicates information to all availability zones within a region

Explanation

With Amazon S3, you can store as much data as you want and access it when needed. S3 supports and unlimited number of files in a bucket so it is not necessary to know your storage needs up front or try to estimate. S3 can be scaled quickly and appropriately to meet the storage demands of your environment. S3 asynchronously replicates information to all availability zones within a region. Amazon S3 scales to support very high request rates. If your request rate grows steadily, Amazon S3 automatically partitions your buckets as needed to support higher request rates

Explanation

15 / 65

General Purpose SSD volumes smaller than 1 TB provide the ability to burst to __________ IOPS per volume, independent of volume size, to meet the performance needs of most applications.

2500

3000

5000

10000

Explanation

Amazon EBS provides three volume types: General Purpose SSD, Provisioned IOPS SSD, and Magnetic.

General Purpose SSD volumes are the default EBS volume type for Amazon EC2 instances.

GP2 volumes smaller than 1 TB can burst up to 3,000 IOPS. I/O is included in the price of gp2, so you pay only for each GB of storage you provision. GP2 is designed to deliver the provisioned performance 99% of the time. If you need a greater number of IOPS than gp2 can provide, or if you have a workload where low latency is critical or you need better performance consistency, we recommend that you use io1.

Explanation

Amazon EBS provides three volume types: General Purpose SSD, Provisioned IOPS SSD, and Magnetic.

General Purpose SSD volumes are the default EBS volume type for Amazon EC2 instances.

16 / 65

A user wants to use an EBS-backed Amazon EC2 instance for a temporary job. Based on the input data, the job is most likely to finish within a week. Which one of the following is the best way to terminate the instance automatically once the job is finished?

Associate the EC2 instance with an ELB to terminate the instance when it remains idle

Configure an Auto Scaling scheduled activity to terminate the instance after seven days.

Configure the EC2 instance with a stop instance to terminate it.

Configure a CloudWatch alarm to terminate the instance once it is idle

Explanation

Auto Scaling can start and stop the instance at a pre-defined time. Here, the total running time is unknown. Thus, the user has to use the CloudWatch alarm, which monitors the CPU utilization. The user can create an alarm that is triggered when the average CPU utilization percentage has been lower than 10 percent for 24 hours, signaling that it is idle and no longer in use. When the utilization is below the threshold limit, it will terminate the instance as a part of the instance action

Explanation

17 / 65

Which one of the following answers is not a possible state of Amazon CloudWatch Alarm?

STATUS_CHECK_FAILED

ALARM

INSUFFICIENT_DATA

Explanation

Amazon CloudWatch Alarms have three possible states: OK: The metric is within the defined threshold ALARM: The metric is outside of the defined threshold INSUFFICIENT_DATA: The alarm has just started, the metric is not available, or not enough data is available for the metric to determine the alarm state

Explanation

18 / 65

You are contacted by a client to troubleshoot an issue with their instances in a VPC. An initial review of an architectural diagram calls for an Internet-facing application load balancer (ALB) and two EC2 Auto Scaling groups within a VPC.

After logging in, you verify the health checks for the instances are acceptable. However, the instances are not receiving traffic from the ALB.

What steps should you take to resolve this issue? (Choose 2 answers)

Edit the load balancer’s security group to allow traffic to subnets and EC2 instances

Attach an Elastic Network Interface (ENI) to the ALB

Create an Access Control List (ACL) for your ALB

Edit the load balancer’s security group to allow traffic to subnets and EC2 instances

Explanation

These types of issues can be investigated in a checklist type manner. First, it’s important to verify manually that the EC2 instances are properly functioning. If so, it becomes a network issue. Are the Security Groups configured properly? Are the ACLs configured properly? Once the instances are verified, it is most likely that a Security Group or ACL is not configured properly.

Explanation

19 / 65

You are deploying over 50 EC2 in separate regions to support your new mobile photo editing app. All have implemented health checks for all Application Load Balancers, as well as CloudWatch alarms for key performance metrics. You have also created Route 53 endpoint health checks for each individual instance. You are growing concerned about the number of SNS notifications you will receive for each of these health checks.

Your ELB health checks can monitor individual instances, but how can you quickly determine whether enough instances in your production environment are unhealthy that it will negatively impact your application’s availability?

Monitor instance health using CloudWatch and set a CloudWatch alarm based on the number of unhealthy instances

Implement a Route 53 Calculated Health Check for your EC2 instance endpoints and create an SNS notification

Integrate with Amazon QuickSight, to display overall Route 53 Health Check status in a dashboard

Create a CloudTrail trail related to Route 53 health checks to a CloudWatch Logs log group, and create an alarm based on a threshold of unhealthy health check results.

Explanation

Implementing a Route 53 Calculated Health Check is the best solution in this case because it aggregates all of the individual health checks. Integrating QuickSight and CloudTrail will create an effective dashboard, but this is not an automated solution because someone has to continuously check the dashboard.

You can also create a CloudWatch Log log alarm, but this would be overly complex compared to the Calculated Health Checks.

For example, let’s say you have deployed 15 EC2 instances, and created 15 separate Route 53 health checks to monitor each one. While you are concerned about each instance’s performance, you essentially need 10 of the 15 instances to be healthy for your system to run properly. Rather than setting up SNS notifications for each individual health check, you can create a calculated health check that collects the results of each health check into a single count between 0-15, and compares that count to a threshold you’ve set. In this case, the threshold could be 10. Now, if 10 instances are healthy, the calculated health check comes back healthy. If less than 10 instances are healthy, the health check comes back unhealthy.For example, let’s say you have deployed 15 EC2 instances, and created 15 separate Route 53 health checks to monitor each one. While you are concerned about each instance’s performance, you essentially need 10 of the 15 instances to be healthy for your system to run properly. Rather than setting up SNS notifications for each individual health check, you can create a calculated health check that collects the results of each health check into a single count between 0-15, and compares that count to a threshold you’ve set. In this case, the threshold could be 10. Now, if 10 instances are healthy, the calculated health check comes back healthy. If less than 10 instances are healthy, the health check comes back unhealthy.

Explanation

You can also create a CloudWatch Log log alarm, but this would be overly complex compared to the Calculated Health Checks.

20 / 65

You have implemented multipart uploading in your company’s AWS cloud storage environment. The overall performance has been good but there is some concern about network utilization. Your CFO has also raised concerns about greater than expected storage costs. What steps can you take to address each of these issues with cost as a primary concern? (Choose 2 answers)

Abort incomplete uploads after a specified time with an object lifecycle policy

Use Direct Connect for greater throughput

Pause uploads during high traffic periods.

Compress data for faster upload times.

Explanation

The ability to pause multipart uploads offers great flexibility in its usage. A pause could be initiated for a number of reasons but pausing to relieve network traffic is a prime use case. If a multipart upload aborts, it is good practice to have a lifecycle policy, which will delete incomplete uploads after a predetermined number of days. This will reduce storage costs.

Explanation

21 / 65

Set up Direct Connect between the two VPCs.

Set up a VPC Peering connection

Place an Internet Gateway between the two VPCs.

Set up a vpn between the two VPCs.

Explanation

22 / 65

A user has launched an EC2 instance into a VPC with several private and public subnets. The VPC and EC2 instance have the following configurations in place:

A database server is hosted on a Linux EC2 instance located in a private subnet.
A hardened bastion host is launched in a separate public subnet. You have enabled SSH-agent forwarding, and the bastion host’s security group has been configured to allows traffic via Port 22.
A custom security group has been added and associated with the Linux EC2 instance in the private subnet. The custom security group has not updated from its default settings.

With these configurations in place, the user is not able to access the database instance in the private subnet via the bastion host.

What can be the possible reason for this failure?

The EC2 instance needs an elastic IP address to communicate with the bastion host.

The security group of the database instance is not configured to allow incoming traffic.

The bastion host needs to be placed in the same subnet as the EC2 instance.

The bastion host needs to be replaced with a NAT gateway.

Explanation

For the SSH agent forwarding to be successful, both security groups need to allow connection via port 22. Custom security groups by default allow all outbound traffic, but deny all inbound traffic.

Explanation

For the SSH agent forwarding to be successful, both security groups need to allow connection via port 22. Custom security groups by default allow all outbound traffic, but deny all inbound traffic.

23 / 65

Configure an Auto Scaling scheduled activity to terminate the instance after seven days

Configure the EC2 instance with a stop instance to terminate it.

Configure a CloudWatch alarm to terminate the instance once it is idle.

Associate the EC2 instance with an ELB to terminate the instance when it remains idle

Explanation

24 / 65

Does AWS CloudFormation support Amazon EC2 tagging?

No, CloudFormation doesn’t support any tagging

It depends if the Amazon EC2 tagging has been defined in the template.

No, it doesn’t support Amazon EC2 tagging.

Yes, AWS CloudFormation supports Amazon EC2 tagging

Explanation

In AWS CloudFormation, Amazon EC2 resources that support the tagging feature can also be tagged in an AWS template. The tag values can refer to template parameters, other resource names, resource attribute values (e.g. addresses), or values computed by simple functions (e.g., a concatenated list of strings).

Explanation

25 / 65

You have just set up a large site for a client which involved a huge database which you set up with Amazon RDS to run as a Multi-AZ deployment. You now start to worry about what will happen if the database instance fails. Which statement best describes how this database will function if there is a database failure?

Updates to your DB Instance are synchronously replicated across S3 to the standby in order to keep both in sync and protect your latest database updates against DB Instance failure.

Updates to your DB Instance are asynchronously replicated across Availability Zones to the standby in order to keep both in sync and protect your latest database updates against DB Instance failure.

Updates to your DB Instance are synchronously replicated across Availability Zones to the standby in order to keep both in sync and protect your latest database updates against DB Instance failure.

Your database will not resume operation without manual administrative intervention.

Explanation

Amazon Relational Database Service (Amazon RDS) is a managed service that makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity, while managing time-consuming database administration tasks, freeing you up to focus on your applications and business. When you create or modify your DB Instance to run as a Multi-AZ deployment, Amazon RDS automatically provisions and maintains a synchronous “standby” replica in a different Availability Zone. Updates to your DB Instance are synchronously replicated across Availability Zones to the standby in order to keep both in sync and protect your latest database updates against DB Instance failure. During certain types of planned maintenance, or in the unlikely event of DB Instance failure or Availability Zone failure, Amazon RDS will automatically failover to the standby so that you can resume database writes and reads as soon as the standby is promoted. Since the name record for your DB Instance remains the same, your application can resume database operation without the need for manual administrative intervention. With Multi-AZ deployments, replication is transparent: you do not interact directly with the standby, and it cannot be used to serve read traffic. If you are using Amazon RDS for MySQL and are looking to scale read traffic beyond the capacity constraints of a single DB Instance, you can deploy one or more Read Replicas

Explanation

26 / 65

You are running a legacy application hosted in AWS on an Amazon EC2 instance. The legacy application has the EC2 instance’s IP address hard-coded into its code. Which of the following scenarios would successfully provide a High Availability solution for the instance that is running the application? (Choose 2 answers)

You don’t need to do anything as it is hard-coded and hence will always be highly available.

Assign an elastic IP address to the EC2 instance and have a backup instance running. In the event of failure, move the Elastic IP from the primary instance to the backup instance.

Use spot instances to be allocated if the instance becomes unavailable

Have a backup instance running with Elastic Load Balancing and configure Amazon Route 53 to check the health of your resources and respond to DNS queries using only the healthy resources

Explanation

Amazon Route 53 lets you configure DNS failover in active-active, active-passive, and mixed configurations to improve the availability of your application. When you have more than one resource performing the same function, you can configure Amazon Route 53 to check the health of your resources and respond to DNS queries using only the healthy resources.

Another solution would be to assign an elastic IP address to the EC2 instance and have a backup instance running. In the event of failure, move the Elastic IP from the primary instance to the backup instance.

Explanation

27 / 65

In a design meeting with your Senior AWS Architect you are asked to create a dual homed network. The client has been using AWS cloud for a few years and has staff who are fairly well versed in AWS technology. They have offered a preliminary design, which calls for dual homed web servers attached to an application server. This setup is also dual homed to connect to a backend database server. Which AWS device will enable such a dual homed scenario?

Dual Channel VPN

Elastic Network Interface

Elastic Load Balancer

Elastic IP Address

Explanation

You can place a network interface on each of your web servers that connects to a mid-tier network where an application server resides. The application server can also be dual-homed to a back-end network (subnet) where the database server resides. Instead of routing network packets through the dual-homed instances, each dual-homed instance receives and processes requests on the front end, initiates a connection to the back end, and then sends requests to the servers on the back-end network.

Explanation

28 / 65

If you determine that the resources on a launched Amazon EC2 instance are insufficient to handle the workload of an application, you can resize the instance without performing any migration as long as your root device is a(n) ____________.

instance store

EFS filesystem

EBS volume

S3 bucket

Explanation

As your needs change, you might find that your instance is over-utilized (the instance type is too small) or under-utilized (the instance type is too large). If the root device for your instance is an Elastic Block Store (EBS) volume, you can change the size of the instance simply by changing its instance type, which is known as resizing it. If the root device for your instance is an instance store volume, you must migrate your application to a new instance with the instance type that you want

Explanation

29 / 65

Which of the following types of Amazon S3 metadata or subresources can be tracked by AWS Usage and Cost Reports?

S3 Bucket tags

S3 Object tags

System-defined object metadata

User-defined object metadata

Explanation

S3 Bucket tags are one of several AWS resources in numerous services that fall within the group of cost allocation tags. These tags can be tracked and included within AWS Usage and Billing Reports.

Explanation

S3 Bucket tags are one of several AWS resources in numerous services that fall within the group of cost allocation tags. These tags can be tracked and included within AWS Usage and Billing Reports.

30 / 65

You need to set up security for your VPC and you know that Amazon VPC provides two features that you can use to increase security for your VPC: security groups and network access control lists (ACLs). You have already looked into security groups and you are now trying to understand ACLs. Which statement below is incorrect in relation to ACLs?

Supports allow rules and deny rules.

Is stateful: Return traffic is automatically allowed, regardless of any rules.

Processes rules in number order when deciding whether to allow traffic.

Operates at the subnet level (second layer of defense).

Explanation

Amazon VPC provides two features that you can use to increase security for your VPC: Security groups–Act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level. Network access control lists (ACLs)–Act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level. Security groups are stateful: (Return traffic is automatically allowed, regardless of any rules) Network ACLs are stateless: (Return traffic must be explicitly allowed by rules)

Explanation

31 / 65

What features of VPC security groups are correct? (Choose 2 answers)

Security Groups are stateless.

You can specify only deny rules, not allow rules.

You can change the security group that an instance is associated with after launch and the changes will take effect immediately.

Instances associated with the same security group can not talk to each other unless rules are added specifically allowing communication.

Explanation

Instances associated with a security group can’t talk to each other unless you add rules allowing it (exception: the default security group has these rules by default). By default, a security group includes an outbound rule that allows all outbound traffic. You can remove the rule and add outbound rules that allow specific outbound traffic only. If your security group has no outbound rules, no outbound traffic is allowed.

Explanation

32 / 65

Which of the following accurately describes Elastic Load Balancing? (Choose 3 answers)

Elastic Load Balancing ensures that only healthy Amazon EC2 instances receive traffic by detecting unhealthy instances and rerouting traffic across the remaining healthy instances.

Elastic Load Balancing works with Amazon Virtual Private Cloud (VPC) to provide robust networking and security features.

Elastic Load Balancing delivers your content through a worldwide network of edge locations.

Elastic Load Balancing automatically scales its request handling capacity to meet the demands of application traffic.

Explanation

Elastic Load Balancing works with Amazon Virtual Private Cloud (VPC) to provide robust networking and security features. Elastic Load Balancing ensures that only healthy Amazon EC2 instances receive traffic by detecting unhealthy instances and rerouting traffic across the remaining healthy instances. Elastic Load Balancing automatically scales its request handling capacity to meet the demands of application traffic.

CloudFront delivers your content through a worldwide network of edge locations. Using Elastic Beanstalk, you can quickly deploy and manage applications in the AWS Cloud without worrying about the infrastructure that runs those applications

Explanation

33 / 65

Use the root account to create all other accounts, and share the root account with one backup administrator.

Use the root account to create your first IAM user and then lock away the root account.

Never use the root account.

Use the root account only to create administrator accounts.

Explanation

34 / 65

Name the disk storage supported by Amazon Elastic Compute Cloud (EC2).

None of these

Amazon AppStream store

Amazon Instance Store

Amazon SNS store

Explanation

Amazon EC2 supports the following storage options: Amazon Elastic Block Store (Amazon EBS) Amazon EC2 Instance Store Amazon Simple Storage Service (Amazon S3) Reference:

Explanation

Amazon EC2 supports the following storage options: Amazon Elastic Block Store (Amazon EBS) Amazon EC2 Instance Store Amazon Simple Storage Service (Amazon S3) Reference:

35 / 65

You are responsible for a web application where the web server instances are hosted in auto-scaling group. You discover the following after monitoring your application workload for the past year:

You need a minimum of nine EC2 instances to handle the lowest levels of activity during non-business hours.
During local business hours, you require between 12-16 instances.
Roughly 35 percent of non-business workload involves backend data processing and analysis.

With this information, what recommendations would you make to minimize operating costs while providing the required availability?

Purchase nine standard reserved instances to handle the minimum workload. Purchase three scheduled reserved instances to run during non-business hours. Purchase spot instances to handle additional capacity needs

Purchase 6 standard reserved instances to handle minimum workload. Purchase 6 scheduled reserved instances to run during local business hours, and on-demand instances to handle additional capacity needs. Purchase spot instances to handle the data processing workload.

Purchase 6 standard reserved instances to handle minimum workload. Purchase 6 convertible reserved instances to run during local business hours, and on-demand instances to handle additional capacity needs. Purchase scheduled reserved instances to handle the data processing workload

Purchase nine convertible reserved instances to handle the minimum workload. Purchase three scheduled reserved instances to run during local business hours. Purchase spot instances to handle additional capacity needs. Purchase scheduled reserved instances to handle the data processing workload

Explanation

The spot instances are ideal for the data processing workload during non-business hours, and deducting those instances from your minimum workload requirements leaves roughly six instances that are running all day. Purchase six standard reserved instances to meet this need with the greatest discount. You can then schedule reserved instances to run during business hours to meet the increase, and on-demand instances to scale as needed while providing necessary availability.

Explanation

36 / 65

Which choice below accurately describes the ‘warm standby’ disaster recovery method?

Keeping data backed up to tape and sent offsite regularly, from which all data can be restored in the event of a disaster.

A duplicate version of only your business-critical systems that is always running, in case you need to divert your workloads to them in the event of a disaster.

Storing critical systems as a template, from which resources can be scaled out in the event of a disaster.

A complete duplicate of your entire system, to which all traffic can be directed in the event of a disaster.

Explanation

37 / 65

An organization has set up an application on AWS. The organization wants to achieve scalability and high availability for the application, which should scale up and down to address workload changes on the application.

Which configuration step is not required in this scenario?

Set up an ELB load balancer with instances to distribute the load on the web server

Create an AMI of a running instance and configure that AMI with Auto Scaling

Set up EC2 instance bootstrapping to start the web and DB servers on instance boot.

Set up a schedule to shut off the instance when the instance is not in use.

Explanation

Amazon EC2 allows the user to launch On-Demand instances. Auto Scaling offers automation which can scale up or down resources as per the configured policy.

To set up Auto Scaling, the organization must first create an AMI. The organization should set up bootstrapping for the AMI so that when the instance is launched, it will automatically start the app server and DB server.

The organization should also setup ELB with instances to distribute the incoming load. Auto Scaling should be configured to scale up and down based on the application load and not on a particular schedule.

Explanation

Amazon EC2 allows the user to launch On-Demand instances. Auto Scaling offers automation which can scale up or down resources as per the configured policy.

38 / 65

A user is running a batch process which runs for 1 hour every day. Which of the below mentioned options is the right instance type and costing model in this case if the user performs the same task for the whole year?

EBS backed instance with on-demand instance pricing.

EBS backed instance with heavy utilized reserved instance pricing

EBS backed instance with low utilized reserved instance pricing

Instance store backed instance with spot instance pricing.

Explanation

For Amazon Web Services, the reserved instance helps the user save money if the user is going to run the same instance for a longer period. Generally, if the user uses the instances around 30-40% annually it is recommended to use RI. Here as the instance runs only for 1 hour daily it is not recommended to have RI as it will be costlier. The user should use on-demand with EBS in this case.

Explanation

39 / 65

A user is observing the EC2 CPU utilization metric on CloudWatch. The user has observed some interesting patterns while filtering over the 1-week period for a particular hour. The user wants to zoom that data point to a more granular period. How can the user do that easily with CloudWatch?

The user can zoom a particular period by specifying the period in the Time Range

The user can zoom a particular period by specifying the aggregation data for that period

The user can zoom a particular period by double clicking on that period with the mouse

The user can zoom a particular period by selecting that period with the mouse and then releasing the mouse

Explanation

Amazon CloudWatch provides the functionality to graph the metric data generated either by the AWS services or the custom metric to make it easier for the user to analyse. The AWS CloudWatch console provides the option to change the granularity of a graph and zoom in to see data over a shorter time period. To zoom, the user has to click in the graph details pane, drag on the graph area for selection, and then release the mouse button.

Explanation

40 / 65

You are managing a static blog site on a MySQL database hosted on an EC2 instance. When an article goes viral, the increased traffic strains your DB server. What is the simplest and most cost-effective way to resolve this issue and make the blog post infinitely scaleable?

Migrate your blog site to DynamoDB to increase scalability to match the increased traffic.

Enable and configure static web hosting for your blog on Amazon S3. Use Route 53 to point the DNS to the static S3 bucket.

Migrate your blog site to an Amazon RDS instance. Create a database read replica and route read queries from your primary DB instance to the read replica

Use spot EC2 instances to increase your capacity.

Explanation

You can host a static website on Amazon S3. On a static website, individual web pages include static content. They may also contain client-side scripts. Because your storage on Amazon S3 is virtually unlimited you can scale infinitely. You also do not need to service dynamic content so a database is not needed.

Using spot instances would not necessarily work because of how spot instance pricing affects the instance availability. As soon as your the instance cost exceeds your bid price, the instances will be terminated and the traffic will once again exceed your MySQL database’s capabilities.

The other options would fix the problem – you can host the site on RDS or DynamoDB. However, they would not be as cost effective as Amazon S3.

Explanation

The other options would fix the problem – you can host the site on RDS or DynamoDB. However, they would not be as cost effective as Amazon S3.

41 / 65

Your throughput-optimized HDD (st1) EBS volumes do not seem to be performing as expected and your team leader has requested you look into improving their performance.

Which statement regarding the performance of your EBS volumes is incorrect?

Frequent snapshots provide a higher level of data durability and will not degrade the IOPS performance of your application while the snapshot is in progress.

General Purpose (SSD) and Provisioned IOPS (SSD) volumes throughput limit can go from 128 MB/s to 320 MB/s per volume.

Amazon Web Services provides performance metrics for EBS that you can analyze and view with Amazon CloudWatch.

You can benchmark your storage and compute configuration to make sure you achieve the level of performance you expect to see before taking your application live.

Explanation

When you create a snapshot of a Throughput Optimized HDD (st1) or Cold HDD (sc1) volume, performance may drop as far as the volume’s baseline value while the snapshot is in progress. This behavior is specific to these volume types.

Explanation

42 / 65

You have been asked to create a new S3 Bucket that will be used by the financial auditing team to store and share some files. There are a lot of different permissions between listing only, read-only and read-write access. You have decided to use resource-based permissions for the flexibility of it. Which statements below are correct with regards to resource-based permissions on your S3 bucket? (Choose 2 answers)

Resource-based permissions could be attached to a user, role or group

An explicit deny in resource-based permissions will overwrite an allow permissions the user might have for the same resource

Resource-based permissions are managed policies you can apply directly to your bucket

With resource-based permissions, you can define permissions for sub-directories of your bucket separately

Explanation

Resource-based permissions are permissions you attach directly to a resource. Resource-level permissions refer to the ability to specify not just what actions users can perform, but which resources they’re allowed to perform those actions on. Resource-based policies are inline only, not managed. You can specify resource-based permissions for Amazon S3 buckets, Amazon Glacier vaults, Amazon SNS topics, Amazon SQS queues, and AWS Key Management Service encryption keys.

Explanation

43 / 65

A gaming company comes to you and asks you to build infrastructure for their site. They are not sure how big they will be because, as with all startups, they have limited money and big ideas. What they do tell you is that if the game becomes successful, like one of their previous games, it may rapidly grow to millions of users and generate tens (or even hundreds) of thousands of writes and reads per second. After considering all of this, you decide that they need a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability and persistent storage. Which of the following databases do you think would best fit their needs?

Amazon Aurora

Amazon Elasticache

Amazon DynamoDB

Amazon Redshift

Explanation

Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. Amazon DynamoDB enables customers to offload the administrative burdens of operating and scaling distributed databases to AWS, so they don’t have to worry about hardware provisioning, setup and configuration, replication, software patching, or cluster scaling.

Today’s web-based applications generate and consume massive amounts of data. For example, an online game might start out with only a few thousand users and a light database workload consisting of 10 writes per second and 50 reads per second. However, if the game becomes successful, it may rapidly grow to millions of users and generate tens (or even hundreds) of thousands of writes and reads per second. It may also create terabytes or more of data per day. Developing your applications against Amazon DynamoDB enables you to start small and simply dial-up your request capacity for a table as your requirements scale, without incurring downtime. You pay highly cost-efficient rates for the request capacity you provision, and let Amazon DynamoDB do the work over partitioning your data and traffic over sufficient server capacity to meet your needs. Amazon DynamoDB does the database management and administration, and you simply store and request your data. Automatic replication and failover provides built-in fault tolerance, high availability, and data durability. Amazon DynamoDB gives you the peace of mind that your database is fully managed and can grow with your application requirements.

Explanation

44 / 65

Your company is planning to deploy a hybrid environment linking their on-premise database to an application hosted at AWS. When considering performance rather than security, what are key concerns when designing a network between AWS and the on-site database? (Choose 2 answers)

Network bandwidth

Network latency

Control of data resources

Private network access

Explanation

Since the database is not located in the same location as the application servers, network latency and bandwidth could potentially be an issue

Explanation

Since the database is not located in the same location as the application servers, network latency and bandwidth could potentially be an issue

45 / 65

A MySQL database currently contains 2 million records. Approximately 2000 new records are added every day, with an average of 80 queries per second. The database is running on a 4 core, 4 GB dedicated system in the local data center. Once a week, on average, the system has issues and resets. It is next on the list to be moved to the cloud. What step should be taken first before it is migrated?

Use the AWS server migration service to migrate existing records

Fix all MySQL issues in the local data center.

Export all database records to S3.

Order an on-demand instance matching the on-premises architecture.

Explanation

Issues that are not first solved locally will not be solved by moving to the cloud. Moving to the cloud is not a silver bullet. If there are inherent problems in the existing architecture there is no guarantee that they will be solved by moving to the cloud. Try to resolve any issues locally before migrating your architecture (and its existing issues) to the cloud.

Explanation

46 / 65

You have taken over an implementation and deployment project that is in the early requirements phase. You review the requirements and have some concerns, specifically the use of a t2.micro instance to host a MySQL database because you have concerns about performance. What recommendations should you make to change these requirements and ensure optimal performance? (Choose 2 answers)

Use SQL Server instead of MySQL

Create a RAID 0 configuration

Use a larger instance type to host the database.

Offload seldom-used data to Amazon Glacier

Explanation

By upgrading to a larger t2 instance, you not only improve baseline compute power, you also improve the ability to handle bursts. Each T2 instance receives CPU Credits continuously at a set rate depending on the instance size. These credits provide the ability to handle bursts. You can also create a RAID 0 to maximize utilization of instance resources.

Explanation

47 / 65

You are in a company meeting serving as Lead Architect. Your company wants to expand into the cloud by creating an area for low latency and high throughput of up to 10 Gbps. You recommend using a cluster placement group. What features in your design should be in place to take full advantage of a cluster placement group? (Choose 2 answers)

Reserved instances that provide highest availability

Instances in multiple Availability Zones for fault tolerance

EC2 instances that support enhanced networking

All instances grouped in a single Availability Zone

Explanation

A placement group is a logical grouping of instances within a single Availability Zone. Cluster placement groups are recommended for applications that benefit from low network latency, high network throughput, or both. To provide the lowest latency, and the highest packet-per-second network performance for your cluster placement group, choose an instance type that supports enhanced networking

Explanation

48 / 65

You are working as a Solutions Architect for a healthcare company. You’ve been tasked with creating a Virtual Private Cloud to create a hybrid cloud solution. The cloud environment will need to connect to on-premises applications which can not be migrated to the VPC. Your requirements are to use the most reliable connection with the highest throughput possible. Which option can you use to get the hybrid environment operational to meet these requirements?

AWS Direct Connect

AWS Cloudfront

Internet Gateway

VPN

Explanation

Using AWS Direct Connect, you can establish private connectivity between AWS and your datacenter, office, or colocation environment, which in many cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections. Network latency over the Internet can vary given that the Internet is constantly changing how data gets from point A to B. With AWS Direct Connect, you choose the data that utilizes the dedicated connection and how that data is routed which can provide a more consistent network experience over Internet-based connections

Explanation

49 / 65

Your business is slowly migrating to the AWS cloud, but must continue to support its on-premises servers and networks while extending to the cloud. As a result, you are looking for every possible way to optimize costs while ensuring resources remain secure. In order to provide an extra layer of security, you would like for your servers hosted within your VPCs to communicate with other AWS services without leaving your VPC network. You would also like your on-premises servers to be able to connect to these same AWS services through your VPC instead of sending and receiving requests over the public internet. Which AWS networking service or component would satisfy these requirements?

VPC Virtual Private Gateways

VPC Gateway Endpoints

VPC Interface Endpoints

VPC Peering Connections

Explanation

With VPC Interface Endpoints, it is possible to connect to a number of AWS services both from resources within your Amazon VPC and from resources in your on-premises environment. This is not possible with VPC Gateway Endpoints.

Explanation

50 / 65

You are an engineer at a large bank, responsible for managing your firm’s AWS infrastructure. Your finance team has approached you, indicating their concern over the growing S3 budget. They have asked you to identify strategies to reduce the S3 spend by at least 25% before the next monthly billing cycle.

How could you accomplish this? (Choose 2 answers)

Enable object compression to reduce object sizes

Utilize Infrequent Access storage for objects that are not requested so frequently

Implement lifecycle to archive older objects to Glacier

Use Snowball for large data objects to avoid data transfer rates

Explanation

You can use the infrequent access to reduce the cost of certain classes of objects, as well as send older objects to Glacier for archiving at a much lower cost.

Note that data transfer into S3 is always free. So if you want to reduce your cost, using Snowball might speed up moving large data sets however it will not reduce your cost

Explanation

You can use the infrequent access to reduce the cost of certain classes of objects, as well as send older objects to Glacier for archiving at a much lower cost.

Note that data transfer into S3 is always free. So if you want to reduce your cost, using Snowball might speed up moving large data sets however it will not reduce your cost

51 / 65

You need to set up a high level of security for an Amazon Relational Database Service (RDS) you have just built in order to protect the confidential information stored in it. What are all the possible security groups that RDS uses?

DB Security groups only

EC2 security groups only

DB security groups, VPC security groups, and EC2 security groups.

VPC security groups, and EC2 security groups.

Explanation

A security group controls the access to a DB instance. It does so by allowing access to IP address ranges or Amazon EC2 instances that you specify. Amazon RDS uses DB security groups, VPC security groups, and EC2 security groups. In simple terms, a DB security group controls access to a DB instance that is not in a VPC, a VPC security group controls access to a DB instance inside a VPC, and an Amazon EC2 security group controls access to an EC2 instance and can be used with a DB instance.

Explanation

52 / 65

An international web journal hosted on AWS handles requests for technical publications. The front-end tier is hosted in a VPC with multiple availability zones, auto-scaling groups, and cross zone load-balancing. RDS hosts the application database responsible for indexing and searching the content, and technical journals are served from S3 buckets. At certain times, specific professional journals became quite popular, causing viewing delays. Which additional components could be utilized in your architecture to help improve performance? (Choose 2 answers)

Utilize ElasticCache with Lazy Loading to cache popular searches and indexes

Utilize the SQS service to speed up response to requests

Add cross-region replication to S3 buckets hosting your journals

Deploy CloudFront to help with content delivery to users in remote geographic locations

Explanation

Lazy loading keeps the cache up to date based only on requests, which avoids filling up the cache needlessly, but if data is only written to the cache when there is a cache miss, data in the cache can become stale since there are no updates to the cache when data is changed in the database. This issue is addressed by using lazy loading in conjunction with write through, which adds data or updates data in the cache whenever data is written to the database. You may also use CloudFront to optimize your caching. By default, CloudFront doesn’t consider headers when caching your objects in edge locations. If your origin returns two objects and they differ only by the values in the request headers, CloudFront caches only one version of the object

Explanation

53 / 65

In Elastic Load Balancing, what parameters determine the cost for the Application Load Balancer (ALB)? (Choose 2 answers)

Only hours that an ELB is running and the amount of storage the instance takes

Each hour or partial hour that an ELB is running

Load Capacity Units (LCUs) used per hour

GB of data transferred

Explanation

Application Load Balancer
You are charged for each hour or partial hour that an Application Load Balancer is running and the number of Load Balancer Capacity Units (LCU) used per hour.

Network Load Balancer
You are charged for each hour or partial hour that a Network Load Balancer is running and the number of Load Balancer Capacity Units (LCU) used by Network Load Balancer per hour.

Classic Load Balancer
You are charged for each hour or partial hour that a Classic Load Balancer is running and for each GB of data transferred through your load balancer.

Explanation

Application Load Balancer
You are charged for each hour or partial hour that an Application Load Balancer is running and the number of Load Balancer Capacity Units (LCU) used per hour.

Classic Load Balancer
You are charged for each hour or partial hour that a Classic Load Balancer is running and for each GB of data transferred through your load balancer.

54 / 65

While monitoring your application servers hosted behind an elastic load balancer, you discover that the servers always operate at between 75 and 80% of their capacity after five minutes of operation. Also, there is a constant number of servers being marked as unhealthy very early in their initial lifecycle. Upon further analysis, you also discover that your servers are taking between three and four minutes to become operational after launch. What two tasks should you complete as soon as possible? (Choose 2 answers)

Increase the size of instances in your launch configuration.

Increase the length of your scaling cool down period

Increase the maximum number of instances in your auto-scaling group

Decrease the length of your scaling cool down period

Explanation

A prolonged grace period and a larger number of instances will solve these issues. You can use scaling policies to increase or decrease the number of running EC2 instances in your group automatically to meet changing conditions. When the scaling policy is in effect, the Auto Scaling group adjusts the desired capacity of the group and launches or terminates the instances as needed. If you manually scale or scale on a schedule, you must adjust the desired capacity of the group for the changes to take effect.

Explanation

55 / 65

A user has enabled static website hosting on an S3 bucket, and configured and uploaded an index document.

An S3 bucket configured for static website hosting provides what additional capabilities?

The user can directly access the website using the region-specific endpoint

It reduces costs related to I/O charges.

None. The website hosting feature only enables the user to point to the specific index file

None. The user can always access index.html without enabling static website hosting

Explanation

To host a static website, the user needs to configure an Amazon S3 bucket for website hosting and then upload the website contents to the bucket. The website is then available at the region-specific website endpoint of the bucket.

If the user has an index.html object as part of the bucket, the user can always host it without the website hosting feature. However, it will require an absolute URL of the object. In this case the user can access the whole bucket as a website and need not refer individual objects separately.

Explanation

56 / 65

You’ve been contracted by a client to improve the resiliency of their VPC in preparation for increased Disaster Recovery requirements with shorter RTO and RPOs. One thing you’d like to improve upon is resource and application monitoring. Which services used together will allow for the monitoring of application logs on EC2, notification of users managing the services, and the overall health of AWS resources? (Choose 2 answers)

CloudFront

Trusted Advisor

Cloudwatch

SNS

Explanation

Amazon SNS and CloudWatch are integrated so you can collect, view, and analyze metrics for every active Amazon SNS notification. By configuring CloudWatch for Amazon SNS, you can gain better insight into the performance of your Amazon SNS topics, push notifications, and SMS deliveries.

Explanation

57 / 65

A user has launched one EC2 instance in the US East region and one in the US West region. The user has launched an RDS instance in the US East region. ow can the user configure access from both the EC2 instances to RDS?

Configure the security group of both instances in the ingress rule of the RDS security group

It is not possible to access RDS of the US East region from the US West region

Configure the US West region’s security group to allow a request from the US East region’s instance and configure the RDS security group’s ingress rule for the US East EC2 group

Configure the security group of the US East region to allow traffic from the US West region’s instance and configure the RDS security group’s ingress rule for the US East EC2 group

Explanation

The user cannot authorize an Amazon EC2 security group if it is in a different AWS Region than the RDS DB instance. The user can authorize an IP range or specify an Amazon EC2 security group in the same region that refers to an IP address in another region. In this case allow IP of US West inside US East’s security group and open the RDS security group for US East region.

Explanation

58 / 65

The average traffic to your online business has quadrupled since you expanded your targeted marketing campaigns. Your web servers are handling the traffic, but you are closely monitoring your database layer, which consists of multiple Amazon RDS MySQL Databases.

You are monitoring key custom metrics related to read and write throughput and latency using Amazon CloudWatch. You have configured CloudWatch alarms to monitor these custom metrics against optimal performance thresholds, but want to ensure these alarms based on these specific metrics are as responsive as possible.

How can you increase the responsiveness of CloudWatch alarms for the specific custom metrics you have already implemented for your RDS MySQL databases? (Choose 2 answers)

Enable RDS Enhanced Monitoring

Configure Route 53 CloudWatch Alarm health checks

Enable Detailed Monitoring on CloudWatch

Enable RDS Performance Insights

Explanation

Most of these choices improve the responsiveness of CloudWatch in some way, but the aspect of this question is improving the responsiveness of CloudWatch alarms you have already implemented. This means you are not interested in additional metric information outside of the custom metrics you’ve already created in CloudWatch, and any features that increase responsiveness to metrics other than what you want will not be beneficial.

So, creating CloudWatch Log metric filters for default RDS metrics will not help, even though this can provide 1-second granularity, it is unlikely the logs will indicate overall latency and throughput of reads and writes, as these performance metrics are not related to specific API calls, but rather general database performance.

Performance Insights allow you to review and analyze your RDS database performance overall, but is not ideal for identifying a performance issue in real-time.

Enabling Enhanced monitoring does provide increased insight into RDS database performance, and with the increased granularity of 5 seconds instead of 60 seconds, or potentially even 1-second granularity through CloudWatch Log Streams. However, Enhanced Monitoring provides specific operating system metrics and other performance metrics, and would not apply to the custom metric you have created using CloudWatch.

Enabling Detailed Monitoring will increase the delivery of average metrics from every 5 minutes to every minute, and this will apply to your custom metrics as well.

In addition, creating a Route 53 CloudWatch Alarm Health Check will monitor the transmission of data to CloudWatch, and can effectively alert you before the CloudWatch alarm is even triggered.

Explanation

Performance Insights allow you to review and analyze your RDS database performance overall, but is not ideal for identifying a performance issue in real-time.

Enabling Detailed Monitoring will increase the delivery of average metrics from every 5 minutes to every minute, and this will apply to your custom metrics as well.

In addition, creating a Route 53 CloudWatch Alarm Health Check will monitor the transmission of data to CloudWatch, and can effectively alert you before the CloudWatch alarm is even triggered.

59 / 65

Your company uses an on-premise identity system such as Active Directory to authenticate users locally. You would like to grant the same users access into the AWS console without requiring them to authenticate again. What possible solution below can be used to provide this type of access:

If your company’s identity system is compatible with Kerberos, establish trust between your company’s identity system and AWS

If your company’s identity system is compatible with OAuth 2.0, establish trust between your company’s identity system and AWS

If your company’s identity system is compatible with OpenID Connect (OIDC), establish trust between your company’s identity system and AWS

If your company’s identity system is compatible with SAML 2.0, establish trust between your company’s identity system and AWS

Explanation

Answer “If your company’s identity system is compatible with SAML 2.0, establish trust between your company’s identity system and AWS” is correct. AWS supports identity federation with SAML 2.0 (Security Assertion Markup Language 2.0), an open standard that many identity providers (IdPs) use. This feature enables federated single sign-on (SSO), so users can log into the AWS Management Console or call the AWS API operations without you having to create an IAM user for everyone in your organization.

Explanation

60 / 65

AWS can be used as a disaster recovery solution for on-premises infrastructure, and AWS offerings can be deployed to meet a variety of disaster recovery requirements. When deploying disaster recovery in AWS, which strategy incorporates traditional off-site backups to AWS, but has the longest recovery time?

Pilot light

Active/active

Backup and restore

Multi-region

Explanation

Backup and restore, as defined in the “Using Amazon Web Services for Disaster Recovery” white paper, is most like traditional off-site backup replication. You can leverage services such as Amazon S3 or Amazon Storage Gateway to provide a backup replication target and Amazon EC2 can be used to restore access to your applications. This strategy for disaster recovery is the slowest of all AWS DR strategies.

Explanation

61 / 65

Having set up a website to automatically be redirected to a backup website if it fails, you realize that there are different types of failovers that are possible. You need all your resources to be available the majority of the time. Using Amazon Route 53 which configuration would best suit this requirement?

None. Route 53 can’t failover.

Active-active-passive and other mixed configurations.

Active-active failover.

Active-passive failover

Explanation

You can set up a variety of failover configurations using Amazon Route 53 alias: weighted, latency, geolocation routing, and failover resource record sets. Active-active failover: Use this failover configuration when you want all of your resources to be available the majority of the time. When a resource becomes unavailable, Amazon Route 53 can detect that it’s unhealthy and stop including it when responding to queries. Active-passive failover: Use this failover configuration when you want a primary group of resources to be available the majority of the time and you want a secondary group of resources to be on standby in case all of the primary resources become unavailable. When responding to queries, Amazon Route 53 includes only the healthy primary resources. If allof the primary resources are unhealthy, Amazon Route 53 begins to include only the healthy secondary resources in response to DNS queries. Active-active-passive and other mixed configurations: You can combine alias and non-alias resource record sets to produce a variety of Amazon Route 53 behaviors.

Explanation

62 / 65

A user has configured ELB with two EBS backed EC2 instances. The user is trying to understand the DNS access and IP support for ELB. Which of the below mentioned statements may not help the user understand the IP mechanism supported by ELB?

Communication between the load balancer and back-end instances is always through IPV4

The client can connect over IPV4 or IPV6 using Dualstack

The ELB supports either IPV4 or IPV6 but not both

ELB DNS supports both IPV4 and IPV6

Explanation

Elastic Load Balancing supports both Internet Protocol version 6 (IPv6) and Internet Protocol version 4 (IPv4). Clients can connect to the user’s load balancer using either IPv4 or IPv6 (in EC2-Classic) DNS. However, communication between the load balancer and its back-end instances uses only IPv4. The user can use the Dualstack-prefixed DNS name to enable IPv6 supportfor communications between the client and the load balancers. Thus, the clients are able to access the load balancer using either IPv4 or IPv6 as their individual connectivity needs dictate.

Explanation

63 / 65

You are architecting for a hybrid cloud solution that will require continuous connectivity between on-premises servers and instances on AWS. You found that the connectivity between on-premises and AWS does not require high bandwidth for now so you decided to go with resilient VPN connectivity. Which of the following services are part of establishing a resilient VPN connection between on-premises networks and AWS? (Choose 3 answers)

Virtual private gateway

VPN connection

Public VIFs

Customer gateway

Explanation

A customer gateway CGW is the anchor on the customer side of that connection. It can be a physical or software appliance. The anchor on the AWS side of the VPN connection is called a virtual private gateway VGW. There are two lines between the customer gateway and virtual private gateway because the VPN connection consists of two tunnels in case of device failure. When you configure your customer gateway, it’s important you configure both tunnels.

The VPN connection will connect VGW attached to certain VPC and CGW on AWS.

Public and Private Virtual Interfaces VIFs are part of configuring a Direct Connect between on-premises and AWS

Explanation

The VPN connection will connect VGW attached to certain VPC and CGW on AWS.

Public and Private Virtual Interfaces VIFs are part of configuring a Direct Connect between on-premises and AWS

64 / 65

A client has called you about an auto scaling group behind an Application Load Balancer your company had configured for them over a year ago. Their company is being featured on national news and they are expecting a very large spike to their website within several hours. What immediate steps can you take to prepare for this spike? (Choose 2 answers)

Enable slow start mode for your ALB.

Add read replicas to your RDS.

Increase the maximum setting of your autoscaling group.

Create a VPN for higher network throughput.

Explanation

By default, a target starts to receive its full share of requests as soon as it is registered with a target group and passes an initial health check. Using slow start mode gives targets time to warm up before the load balancer sends them a full share of requests.

Increasing the maximum threshold for your auto scaling group will allow you to process more requests.

Explanation

Increasing the maximum threshold for your auto scaling group will allow you to process more requests.

65 / 65

The data is automatically copied to another instance store volume

The data persists.

The data is deleted

The volume data is saved in S3

Explanation

Your score is

The average score is 43%

LinkedIn Facebook Twitter

Please rate your experience to help us improve !

Need more practice ? take the AWS Certified Solutions Architect Associate (SAA) – Learning mode

Follow Us

Basic & Fundamentals

Recent Posts

Most Read

AWS Certified Solutions Architect Associate (SAA02) – Free Practice Tests

AWS Certified Solutions Architect Associate (SAA) – Learning Mode

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

AWS Certified Solutions Architect Associate (SAA) – Exam Mode

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation