AWS Certified Solutions Architect Professional - Free Practice Tests

This AWS practice test helps you to pass the following AWS exams and can also helps you to revise the AWS concepts if you are preparing for AWS interviews.

AWS Certified Solutions Architect Professional
AWS Certified Solutions Architect Associate
AWS Certified Cloud Practitioner

Below AWS practice tests has two different Modes

Learning Mode: 25 questions per test with answers and explanation, no time limit, repeat tests
Exam Mode: 75 questions per test (similar to real AWS exam), 180 minutes, repeat tests

AWS Certified Solutions Architect Professional – Learning Mode

/25

1 votes, 5 avg

AWS Certified Solutions Architect Professional - Learning Mode

1 / 25

Your company uses an on-premise identity system such as Active Directory to authenticate users locally. You would like to grant the same users access into the AWS console without requiring them to authenticate again. What possible solution below can be used to provide this type of access:

If your company's identity system is compatible with SAML 2.0, establish trust between your company's identity system and AWS

If your company's identity system is compatible with OAuth 2.0, establish trust between your company's identity system and AWS

If your company's identity system is compatible with Kerberos, establish trust between your company's identity system and AWS

If your company's identity system is compatible with OpenID Connect (OIDC), establish trust between your company's identity system and AWS

Explanation

Answer “If your company's identity system is compatible with SAML 2.0, establish trust between your company's identity system and AWS” is correct. AWS supports identity federation with SAML 2.0 (Security Assertion Markup Language 2.0), an open standard that many identity providers (IdPs) use. This feature enables federated single sign-on (SSO), so users can log into the AWS Management Console or call the AWS API operations without you having to create an IAM user for everyone in your organization.

Explanation

2 / 25

You are responsible for a web application where the web server instances are hosted in auto-scaling group. You discover the following after monitoring your application workload for the past year:

You need a minimum of nine EC2 instances to handle the lowest levels of activity during non-business hours.
During local business hours, you require between 12-16 instances.
Roughly 35 percent of non-business workload involves backend data processing and analysis.

With this information, what recommendations would you make to minimize operating costs while providing the required availability?

Purchase nine standard reserved instances to handle the minimum workload. Purchase three scheduled reserved instances to run during non-business hours. Purchase spot instances to handle additional capacity needs

Purchase 6 standard reserved instances to handle minimum workload. Purchase 6 convertible reserved instances to run during local business hours, and on-demand instances to handle additional capacity needs. Purchase scheduled reserved instances to handle the data processing workload

Purchase 6 standard reserved instances to handle minimum workload. Purchase 6 scheduled reserved instances to run during local business hours, and on-demand instances to handle additional capacity needs. Purchase spot instances to handle the data processing workload.

Purchase nine convertible reserved instances to handle the minimum workload. Purchase three scheduled reserved instances to run during local business hours. Purchase spot instances to handle additional capacity needs. Purchase scheduled reserved instances to handle the data processing workload

Explanation

The spot instances are ideal for the data processing workload during non-business hours, and deducting those instances from your minimum workload requirements leaves roughly six instances that are running all day. Purchase six standard reserved instances to meet this need with the greatest discount. You can then schedule reserved instances to run during business hours to meet the increase, and on-demand instances to scale as needed while providing necessary availability.

Explanation

3 / 25

You are creating a custom Virtual Private Cloud (VPC) which will host a mix of public and private instances. An EC2 instance has been deployed to one of the public subnets in this VPC. What are the configurations that have to be implemented to make this instance accessible from the internet? (Choose 3 answers)

Edit security group to allow traffic to and from the internet on required ports

Make sure the instance has a public IP address

Attach an Internet gateway to the VPC and add a default route to the IGW in public subnet's route table

Create a new record set and custom domain name for the new instance in Route 53

Explanation

Public and private subnets, except for the default VPC, do not automatically have Internet access enabled. To enable access to or from the Internet for instances in a VPC subnet, you must do the following:

Attach an Internet gateway to your VPC.
Ensure that your subnet's route table points to the Internet gateway.
Ensure that instances in your subnet have a globally unique IP address (public IPv4 address, Elastic IP address, or IPv6 address).
Ensure that your network access control and security group rules allow the relevant traffic to flow to and from your instance

Explanation

Attach an Internet gateway to your VPC.
Ensure that your subnet's route table points to the Internet gateway.
Ensure that instances in your subnet have a globally unique IP address (public IPv4 address, Elastic IP address, or IPv6 address).
Ensure that your network access control and security group rules allow the relevant traffic to flow to and from your instance

4 / 25

You’ve designed a public portal (with a MySQL database) featuring popular scientific journals. Due to its popularity, users are complaining it takes much longer to review selected journals than in the past. In addition, the popularity of your site is worldwide.

What are the first steps that you should take to resolve your performance issues? (Choose 2 answers)

Create a read replica of your master database

Redesign your database as a Multi-AZ solution

Deploy ElasticSearch for faster searching of available scientific journals

Place additional read replicas in AWS regions closer to your users

Explanation

Read replicas of your master database allow you to increase performance. Placing your read replicas in different AWS regions closer to your users will maximize performance and increase the availability of your database.

Explanation

5 / 25

Your engineers are concerned about application availability during in-place updates to a live Elastic Beanstalk stack. You advise them to consider a blue/green deployment and then list the necessary steps to carry out this deployment. Which steps are valid to include? (Choose 3 answers)

Deploy the new version of the application

Clone your current environment

From the new environment’s dashboard, swap environmental URLs and click Swap

From the new environment’s dashboard, choose Restart Environment

Explanation

Blue/green deployments resolve application unavailability during updates.

To perform a blue/green deployment:

Open the Elastic Beanstalk console.
Clone your current environment, or launch a new environment running the desired configuration.
Deploy the new application version to the new environment.
Test the new version in the new environment.
From the new environment's dashboard, choose Actions and then choose Swap Environment URLs.

Explanation

Blue/green deployments resolve application unavailability during updates.

To perform a blue/green deployment:

Open the Elastic Beanstalk console.
Clone your current environment, or launch a new environment running the desired configuration.
Deploy the new application version to the new environment.
Test the new version in the new environment.
From the new environment's dashboard, choose Actions and then choose Swap Environment URLs.

6 / 25

To provide adequate computer resources for your company portal during busy sales cycles, you have your instances assigned to an EC2 auto scaling group associated with an application load balancer. You are now configuring the health checks for the auto scaling group.

What statement regarding health check configuration options for your auto scaling group is correct?

You can use both EC2 Instance Status Checks and ALB health checks simultaneously for your auto scaling group

You can only use ALB health checks as a health check for your auto scaling group

You can only use EC2 Instance Status Checks as a health check for your auto scaling group

You can use either EC2 Instance Status Checks or ALB health checks for your auto scaling group., but not both simultaneously

Explanation

Both instance status checks and health checks must be enabled before unhealthy instances will be terminated. It is critical that you test not only the saturation and breaking points but also the "normal" traffic profile you expect

Explanation

7 / 25

Your team is setting up DynamoDB for a client. You need to explain to them how DynamoDB tables are partitioned. Which calculations are used to determine the number of partitions that will be created? (Choose 2 answers)

The total RCU divided by 5000 + total WCU divided by 1000

The total table size divided by 40 GB

The total table size divided by 10 GB

The total RCU divided by 3000 + total WCU divided by 1000

Explanation

DynamoDB tables are portioned based on the following: First, calculate total RCU/3000 + total WCU/1000. Then calculate the total size/10 GB. Then round up the higher of the two results

Explanation

DynamoDB tables are portioned based on the following: First, calculate total RCU/3000 + total WCU/1000. Then calculate the total size/10 GB. Then round up the higher of the two results

8 / 25

A user has configured ELB with two EBS backed EC2 instances. The user is trying to understand the DNS access and IP support for ELB. Which of the below mentioned statements may not help the user understand the IP mechanism supported by ELB?

The client can connect over IPV4 or IPV6 using Dualstack

The ELB supports either IPV4 or IPV6 but not both

Communication between the load balancer and back-end instances is always through IPV4

ELB DNS supports both IPV4 and IPV6

Explanation

Elastic Load Balancing supports both Internet Protocol version 6 (IPv6) and Internet Protocol version 4 (IPv4). Clients can connect to the user's load balancer using either IPv4 or IPv6 (in EC2-Classic) DNS. However, communication between the load balancer and its back-end instances uses only IPv4. The user can use the Dualstack-prefixed DNS name to enable IPv6 supportfor communications between the client and the load balancers. Thus, the clients are able to access the load balancer using either IPv4 or IPv6 as their individual connectivity needs dictate.

Explanation

9 / 25

Your team has found that a client's load balancer needs to be configured with support for SSL offload using the default security policy. When negotiating the SSL connections between the client and the load balancer, you want the load balancer to determine which cipher is used for the SSL connection. Which actions perform this process on the load balancer? (Choose 3 answers)

Select the default security policy.

Select a client configuration preference option

Choose the server order preference option

Enable SSL offload.

Explanation

Elastic Load Balancing uses a Secure Socket Layer (SSL) negotiation configuration, known as a security policy, to negotiate SSL connections between a client and the load balancer. A security policy is a combination of SSL protocols, SSL ciphers, and the Server Order Preference option.

Explanation

10 / 25

While monitoring your application servers hosted behind an elastic load balancer, you discover that the servers always operate at between 75 and 80% of their capacity after five minutes of operation. Also, there is a constant number of servers being marked as unhealthy very early in their initial lifecycle. Upon further analysis, you also discover that your servers are taking between three and four minutes to become operational after launch. What two tasks should you complete as soon as possible? (Choose 2 answers)

Increase the length of your scaling cool down period

Increase the size of instances in your launch configuration.

Increase the maximum number of instances in your auto-scaling group

Decrease the length of your scaling cool down period

Explanation

A prolonged grace period and a larger number of instances will solve these issues. You can use scaling policies to increase or decrease the number of running EC2 instances in your group automatically to meet changing conditions. When the scaling policy is in effect, the Auto Scaling group adjusts the desired capacity of the group and launches or terminates the instances as needed. If you manually scale or scale on a schedule, you must adjust the desired capacity of the group for the changes to take effect.

Explanation

11 / 25

You are leading a design meeting in your company to create an autoscaling group of EC2 instances behind an Application Load Balancer in your VPC. There are very specific requirements coming about based on traffic and cost. Your management wants to scale out when necessary and scale in when instances are no longer needed to save on cost and maintain optimum system performance based on CPU utilization.

What step can most effectively meet these requirements?

Create a scaling policy based on the Elastic Load Balancer latency metric

Create a scheduled scaling policy with Amazon EC2 Auto Scaling that scales out and in predefined patterns during normal business hours.

Create a target tracking scaling policy with Amazon EC2 Auto Scaling based on CPU utilization

Create a simple scaling policy with Amazon Application Auto Scaling that scales at different rates based on CPU utilization.

Explanation

You can associate more than one scaling policy with an autoscaling group. Having one policy to scale out and one policy to scale in is a viable option. Scaling out during business hours and scaling in during off hours could be fairly effective for performance and cost. But scaling out and in using CloudWatch metrics for CPU utilization would be much more precise for both performance and cost considerations.

Explanation

12 / 25

A legacy application in your company has been deployed in a single availability zone. It is used only sporadically but must be available nevertheless. Due to your heavy administrative workload, you wish to automate a process that will rebuild the application automatically if it fails. What action should you take?

Configure the server in an auto scaling group with a minimum and maximum size of one

Monitor the server availability using Cloud Watch metrics to receive alerts of health check failures.

Perform snapshots of EBS volumes on a set schedule.

Add an additional availability zone and a load balancer.

Explanation

Auto scaling provides redundancy for a single server with the option of launching a configuration using the attributes from a running instance. When you use this option, auto scaling copies the attributes from the specified instance into a template from which you can launch one or more auto scaling groups.

Note that if the specified instance has properties that are not currently supported by auto scaling, instances launched by auto scaling using the launch configuration created from the identified instance might not be identical to the identified instance.

Explanation

13 / 25

Your company has decided to use cloud methods for disaster recovery. The company is most concerned with RTO and RPO and is willing to accept the extra cost of Warm Standby over Pilot Light. When a disaster occurs, your top priority is to increase the processing capacity of your scaled-down environment. Once that is accomplished, you can then increase the environment's resilience and self-management capabilities.

What steps will help you accomplish your top priority when a disaster occurs? (Choose 2 answers)

Extend your auto scaling group across multiple availability zones

Re-size the small capacity servers to run on larger EC2 instances

Modify your Amazon RDS servers to a multi-AZ deployment

Explanation

The Warm Standby scenario uses a scaled-down version of a fully functional environment that is always running. Business-critical applications can always be running in the cloud. When a DR scenario comes about, the servers can be quickly scaled up, scaled out or both, but horizontal scaling is preferred over vertical scaling.

The two incorrect choices will increase your environment's resilience by adding availability

Explanation

The two incorrect choices will increase your environment's resilience by adding availability

14 / 25

You have deployed an application hosted on both a primary instance and a secondary standby instance. The instances are in the same subnet within a VPC.

If the primary instance fails, you would like to failover to the secondary instance without having to reconfigure the application. How can you accomplish this? (Choose 3 answers)

Add a second private IP address to the primary instance's ENI that can be moved to the secondary instance's ENI.

Attach elastic network interfaces to the primary and secondary instances

Use an additional elastic network interface for failover to another instance

Use load balancing to redirect traffic to the secondary instance

Explanation

The ENI can only be attached to an instance hosted in a VPC. When you move a network interface from one instance to another, network traffic is redirected to the new instance. Some network and security appliances, such as load balancers, network address translation (NAT) servers, and proxy servers prefer to be configured with multiple network interfaces. You can create and attach secondary network interfaces to instances in a VPC that are running these types of applications and configure the additional interfaces with their own public and private IP addresses, security groups, and source/destination checking

Explanation

15 / 25

What is one security benefit of utilizing the Elastic Load Balancer?

Providing encrypted data storage for use in application development

Blocking network traffic based on heuristic analysis

Performing network address translation

Providing TLS/SSL termination as well as centralized certificate management

Explanation

The Elastic Load Balancer can integrate with the AWS Certificate Manager to provide a central method of managing your TLS/SSL certificates. It allows you to renew, deploy and configure your TLS/SSL certificates for your application or website from a single location.

Explanation

16 / 25

You are an engineer at a large bank, responsible for managing your firm’s AWS infrastructure. Your finance team has approached you, indicating their concern over the growing EC2 budget. They have asked you to identify strategies to reduce the EC2 spend by at least 25% before the next monthly billing cycle. How choices below could assist in accomplishing this? (Choose 3 answers)

Consolidate AWS accounts for billing.

Reduce or eliminate over-provisioned or unused instances.

Look for opportunities to use reserved or spot instances.

Look for opportunities to use dedicated instances.

Explanation

You can reduce EC2 spend by migrating to reserved/spot instances, eliminating/shrinking unused resources, or consolidating AWS accounts (to qualify for volume discounts). The paying account's use of consolidated billing can benefit from volume pricing discounts gained thru aggregate account usage.

Explanation

17 / 25

Your account has 3 VPCs deployed in the same region.

The IPv4 address ranges of the VPCs are:

VPC A 172.22.0.0/16

VPC B 10.3.0.0/16

VPC C 10.4.0.0/16

VPC B and VPC C are already connected through VPC peering connection (PCX) named pcx-abcxyz. VPC A has resources that VPC B and VPC C must access. Which of the options below best achieves the objective of allowing VPC B and VPC C to access VPC A?

Create separate VPC Peering connections between VPC A & VPC B and VPC A & VPC C

Add static routes to VPC A with Targets of 10.3.0.0/16 and 10.4.0.0/16 and a Destination of pcx-abcxyz

Connect VPC A to VPC B using VPC Peering and allow VPC C to access VPC A through VPC B

Connect VPC A to pcx-abcxyz

Explanation

Creating separate VPC Peering connections between each VPC is required for Peering 3 VPCs together. Transitive routing is not supported in VPC Peering so VPC C could not reach VPC A through VPC B. A new VPC Peering connection is required for connecting additional VPCs, so connecting VPC A to pcx-abcxyz is not a viable option. Adding a static route to VPC A that points to pcx-abcxyz would not work as pcx-abcxyz is not connected to VPC A.

Explanation

18 / 25

One of your developers is creating an application that must upload large files to an S3 bucket. You suggest that they use the multipart upload feature. Which actions are required from the developer to complete a multipart upload? (Choose 2 answers)

Upload each part with an upload ID and a part number.

Construct the final object from the parts.

Create ordered ETag values to label each part.

Send a request to initiate a multipart upload

Explanation

When you send a request to initiate a multipart upload, Amazon S3 returns a response with an upload ID, which is a unique identifier for your multipart upload. You must include this upload ID whenever you upload parts, list the parts, complete an upload, or abort an upload. When uploading a part, in addition to the upload ID, you must specify a part number that uniquely identifies a part and its position in the object you are uploading. Amazon S3 returns an ETag header in its response. For each part upload, you must record the part number and the ETag value for use in each subsequent request.

Explanation

19 / 25

Which IAM role do you use to grant AWS Lambda permission to access a DynamoDB Stream?

Event Source role

Dynamic role

Execution role

Invocation role

Explanation

You grant AWS Lambda permission to access a DynamoDB Stream using an IAM role known as the "execution role".

Explanation

You grant AWS Lambda permission to access a DynamoDB Stream using an IAM role known as the "execution role".

20 / 25

Your company is considering migrating to AWS, but they are concerned about the initial and mid- to short-term costs due to the complexity of the migration cycle. To effectively calculate the total cost of ownership, certain costs must be understood and planned for.

What costs should be primary considerations? (Choose 3 answers)

The cost of using a Direct Link connection

The cost of running duplicate environments

The cost of running migration tools

The cost of outside consulting services

Explanation

Failing to accurately estimate your costs before migration and during the migration process is a recipe for disaster. To build a migration model for optimal efficiency, it is important to accurately understand the current costs of running on-premises applications, as well as the interim costs incurred during the transition

Explanation

21 / 25

Due to compliance rules and regulations, your company's workload has to run on dedicated instances. How can you make sure that all EC2 instances created for your workload now and in the future are dedicated instances? (Choose 2 answers)

Create a golden AMI of the dedicated instance and enforce this AMI as the base for any new instance in your environment. This guarantees that all instances created based on the AMI will be dedicated

Create your VPCs with instance tenancy of dedicated. This will ensure that all instances launched in VPC are dedicated

Create a dedicated Placement Group and associate all new instances with this placement group at launch time. All instances launched in a dedicated placement group will be dedicated

Create a CloudFormation template that has the EC2 Instance Tenancy attribute as dedicated and always use it to launch any new instance

Explanation

You can create a VPC with an instance tenancy of dedicated to ensure that all instances launched into the VPC are dedicated instances. Alternatively, you can specify the tenancy of the instance during launch

Explanation

22 / 25

Your company is migrating their environment to AWS. The legacy environment relied on Chef for automation, and your engineers are comfortable with that solution. In addition, your compliance officer has indicated that the new environment needs centralized, auditable configuration management for regulatory reasons. Which of the following AWS automation tools is most appropriate for this scenario?

Elastic Beanstalk

OpsWorks stacks

OpsWorks for Chef Automate

CloudFormation

Explanation

OpsWorks stacks will let you utilize your existing Chef recipes, but only OpsWorks for Chef Automate will provide you with centralized, continuous configuration management.

Explanation

OpsWorks stacks will let you utilize your existing Chef recipes, but only OpsWorks for Chef Automate will provide you with centralized, continuous configuration management.

23 / 25

The total table size divided by 40 GB

The total table size divided by 10 GB

The total RCU divided by 3000 + total WCU divided by 1000

The total RCU divided by 5000 + total WCU divided by 1000

Explanation

DynamoDB tables are portioned based on the following: First, calculate total RCU/3000 + total WCU/1000. Then calculate the total size/10 GB. Then round up the higher of the two results.

Explanation

DynamoDB tables are portioned based on the following: First, calculate total RCU/3000 + total WCU/1000. Then calculate the total size/10 GB. Then round up the higher of the two results.

24 / 25

Your web-based application has been launched publicly. Your design has implemented auto scaling and classic load balancing and your design is responding to the changes in demand as expected. Over the next few months, during the holiday season, demand is expected to be quite robust. You estimate that 100 EC2 instances will be required to meet your customers’ demand. How should you plan properly for growth? (Choose 2 answers)

Contact Amazon to pre-warm your elastic load balancer to match the expected demands.

Change your auto scaling configuration, setting a desired maximum capacity of 100 instances. Verify your limits allow for this capacity

Use AWS Trusted Advisor to analyze your workload requirements

Add a second load balancer for additional redundancy

Explanation

In certain scenarios, such as when flash traffic is expected, or in the case where a load test cannot be configured to gradually increase traffic, AWS recommends that you have your load balancer "pre-warmed". They will configure the load balancer to have the appropriate level of capacity based on the traffic that you expect. They also need to know the start and end dates of your tests or expected flash traffic, the expected request rate per second and the total size of the typical request/response that you will be testing

Explanation

25 / 25

A user is making a scalable web application with compartmentalization. The user wants the log module to be accessible by all the application functionalities in an asynchronous way. Each module of the application sends data to the log module, and based on the resource availability it will process the logs. Which AWS service helps achieving this functionality?

AWS Simple Email Service.

AWS Simple Queue Service.

AWS Simple Workflow Service.

AWS Simple Notification Service.

Explanation

Amazon Simple Queue Service (SQS) is a highly reliable distributed messaging system for storing messages as they travel between computers. By using Amazon SQS, developers can simply move data between distributed application components. It is used to achieve compartmentalization or loose coupling. In this case all the modules will send a message to the logger queue and the data will be processed by queue as per the resource availability.

Explanation

Your score is

LinkedIn Facebook Twitter

Please rate your experience to help us improve !

AWS Certified Solutions Architect Professional – Exam Mode

/75

0 votes, 0 avg

Click Start button to start exam !

Time Out !

1 / 75

What are the first steps that you should take to resolve your performance issues? (Choose 2 answers)

Redesign your database as a Multi-AZ solution

Place additional read replicas in AWS regions closer to your users

Deploy ElasticSearch for faster searching of available scientific journals

Create a read replica of your master database

Explanation

2 / 75

Your client wants to implement scalable but cost-effective storage while maintaining data security. You recommend using AWS Storage Gateway and set up an instance as a cached volume gateway for low latency. You immediately realize that you need to access the storage on the gateway. Which method would you use?

CIFS

NFS

iSCSI

Fibre

Explanation

AWS Storage Gateway enables applications that are clustered using Windows Server Failover Clustering (WSFC) to use the iSCSI initiator to access a gateway's volumes. However, connecting multiple hosts to the same iSCSI target is not supported. When using Red Hat Enterprise Linux (RHEL), you use the iscsi-initiator-utils RPM package to connect to your gateway iSCSI targets (volumes or VTL devices).

Explanation

3 / 75

You are leading the design of an AWS RDS database for a client's cloud environment. You have detailed the benefits of a multi-AZ configuration for high availability. You begin discussing scalability options. You again stress the importance of multi-AZ for a highly available, scalable environment. How does a multi-AZ configuration indirectly benefit scaling operations?

Read traffic can be offloaded to the multi-AZ standby instance.

Total IOPS is the sum of IOPS for the primary and standby servers

The standby instance can quickly be converted to a read replica.

There is minimal downtime when scaling up multi-AZ databases.

Explanation

To handle a higher load in your database, you can vertically scale up your master database with a simple push of a button. There are currently over 18 instance sizes that you can choose from when resizing your RDS MySQL, PostgreSQL, MariaDB, Oracle, or Microsoft SQL Server instance. For Amazon Aurora, you have 5 memory-optimized instance sizes to choose from. There is minimal downtime when you are scaling up on a Multi-AZ environment because the standby database gets upgraded first, then failover will occur to the newly sized database. A Single-AZ instance will be unavailable during the scale operation

Explanation

4 / 75

Add a second load balancer for additional redundancy

Change your auto scaling configuration, setting a desired maximum capacity of 100 instances. Verify your limits allow for this capacity

Contact Amazon to pre-warm your elastic load balancer to match the expected demands.

Use AWS Trusted Advisor to analyze your workload requirements

Explanation

5 / 75

You have configured an AWS cloud environment for an ecommerce company. This environment is heavily reliant upon being highly available as downtime will lose the company a great deal of money. You monitor this environment very closely with numerous CloudWatch alarms. Recently you are seeing 'InsufficientInstanceCapacity' errors during auto scaling attempts during peak hours from 4:00 - 9:00 pm EST. This is causing costly downtime. Which option will best handle this situation?

Increase the maximum size of you auto scaling group to add more capacity

Purchase Scheduled Reserved Instances for peak hours

Use spot instances in place of on-demand instances

Scale up your RDS instance for more capacity

Explanation

If you get an InsufficientInstanceCapacity error when you try to launch an instance or start a stopped instance, AWS does not currently have enough available capacity to service your request. In this situation, reserved instances offer the required reliability to avoid outages and loss of money. Reserved Instances are a long-term capacity reservation, and you will not have to rely on Amazon having enough on-demand capacity. Usually these capacity issues are short term, but due to the nature of the company even short outages can be very costly.

Explanation

6 / 75

You have taken over an implementation and deployment project that is in the early requirements phase. You review the requirements and have some concerns, specifically the use of a t2.micro instance to host a MySQL database because you have concerns about performance. What recommendations should you make to change these requirements and ensure optimal performance? (Choose 2 answers)

Create a RAID 0 configuration

Use a larger instance type to host the database.

Use SQL Server instead of MySQL

Offload seldom-used data to Amazon Glacier

Explanation

By upgrading to a larger t2 instance, you not only improve baseline compute power, you also improve the ability to handle bursts. Each T2 instance receives CPU Credits continuously at a set rate depending on the instance size. These credits provide the ability to handle bursts. You can also create a RAID 0 to maximize utilization of instance resources.

Explanation

7 / 75

You have been contracted to start building the latest and greatest mobile chat app. The schedule for this development and delivery is time critical. What correct mix of AWS services and components should you consider to ensure that your mobile chat app can be produced on time, ensuring that the mobile chat app can authenticate and authorize users?

Configure Amazon Cognito together with IAM Roles and Policies, leverage the AWS Mobile SDK within the mobile chat app to perform user authentication and authorization

Create an auto scaling group of EC2 instances with custom and specialized authentication and authorization logic using SSL and JWT tokens to perform user authentication and authorization.

Configure Amazon CloudFront in association with AWS WAF to perform user authentication and authorization

Create an auto scaling group of EC2 instances with SAML 2.0 service endpoint, setup and install a custom LDAP directory, configure SSO within the mobile app to use the SAML 2.0 service endpoint to perform user authentication and authorization

Explanation

Answer “Configure Amazon Cognito together with IAM Roles and Policies, leverage the AWS Mobile SDK within the mobile chat app to perform user authentication and authorization” is correct. The question highlights that the “development and delivery is time critical” - therefore the best approach time wise is to use the fit for purpose managed services provided by AWS - in this case, Amazon Cognito, IAM Roles and Policies, and the AWS Mobile SDK.

Explanation

8 / 75

To optimize the cost associated with your application's compute layer, your development team decided to integrate spot instances to support spikes in your workload. However, your auto scaling group should always contain eight (8) on-demand or reserved instances to process the normal amount of requests, and deploy a combination of spot and on-demand instances to manage spikes of activity requiring more than eight (8) instances.

How can you ensure there are always eight (8) on-demand instances to support your compute layers' typical workload?

Within your launch template, set the auto scaling group's optional on-demand base to eight (8) instances.

Within your launch template, set the instance weighting for on-demand instances to eight (8) instances.

Within your launch template, set the auto scaling group's desired capacity to eight (8) instances.

Within your launch template, set the auto scaling group's minimum capacity to eight (8) instances.

Explanation

When you want to include instances with multiple purchase types in the same auto scaling group, you have the ability to maintain a set number of on-demand instances will be deployed at all times, and then split the remaining instances between multiple purchase types as you see fit. To configure this, set a number of instances as your "optional on-demand base" within your launch template. This is not possible using a launch configuration.

Explanation

9 / 75

You have an application that is generating a log file every 5 minutes and you need to store these log files appropriately. The requirements for storing the log files are:

They should be quickly retrievable when needed, as they may be required only for verification in case of some major issue.
The logs will need to be accessed frequently, as all log data is retrieved and compiled from the files into a bi-monthly report.
The logs are essential to quarterly audits, so the storage solution must offer a high level of durability.
Cost should also be minimized for the storage service as much as possible.

Which of the storage options below is the best choice to meet these requirements?

Amazon S3 Standard - Infrequent Access (IA)

Amazon S3 OneZone-IA

Amazon S3 Standard

Amazon S3 Glacier

Explanation

Amazon S3 stores objects according to their storage class. There are technically four major storage classes: Standard, Standard - Infrequent Access, Reduced Redundancy Storage (RRS) and Glacier.

Standard is for Amazon S3 and provides very high durability. Standard - Infrequent Access is designed for with a minimum data amount required and paid storage for at least 30 days. Glacier is for archival and the files are not available over the internet. Reduced Redundancy Storage is for less critical files.

S3 OneZone IA is a variation of Standard-IA, which offers data archival at a reduced price, but also with less durability because the data within this class is stored within a single availability zone rather than spread throughout all availability zones within the S3 buckets region, as it is with S3 Standard storage.

Explanation

Amazon S3 stores objects according to their storage class. There are technically four major storage classes: Standard, Standard - Infrequent Access, Reduced Redundancy Storage (RRS) and Glacier.

10 / 75

You are an AWS Solutions Architect helping a client plan a migration to the AWS Cloud. The client has provided you with a detailed inventory of their current on-premises compute infrastructure, including metrics related to storage and bandwidth. What tool would you use to estimate the amount of money they will save by migrating to the AWS Cloud?

Trusted Advisor

TCO Calculator

Detailed Billing Reports

Cost Explorer

Explanation

The TCO (Total Cost of Ownership) Calculator is used to calculate savings given information about the user’s current environment.

Explanation

The TCO (Total Cost of Ownership) Calculator is used to calculate savings given information about the user’s current environment.

11 / 75

You want to configure DNS failover in Route 53 so that all of your resources are available for the majority of the time. Which of the following failover configurations would be most suited for this?

Enable failover

Disable failover

Passive-passive failover

Active-active failover

Explanation

You can configure DNS Failover in Route 53 in the following failover configurations:

Active-active failover: Use this failover configuration when you want all of your resources to be available the majority of the time.
Active-passive failover: Use this failover configuration when you want a primary group of resources to be available the majority of the time and you want a secondary group of resources to be on standby in case all of the primary resources become unavailable.
Active-active-passive and other mixed configurations: You can combine alias and non-alias resource record sets to produce a variety of Amazon Route 53 behaviors.

Explanation

You can configure DNS Failover in Route 53 in the following failover configurations:

Active-active failover: Use this failover configuration when you want all of your resources to be available the majority of the time.
Active-passive failover: Use this failover configuration when you want a primary group of resources to be available the majority of the time and you want a secondary group of resources to be on standby in case all of the primary resources become unavailable.
Active-active-passive and other mixed configurations: You can combine alias and non-alias resource record sets to produce a variety of Amazon Route 53 behaviors.

12 / 75

You are an engineer at a large bank, responsible for managing your firm’s AWS infrastructure. As the environment and number of active resources continue to grow, your finance team is having a difficult time attributing your AWS costs to the various business units. How can you help the finance team assign costs to the correct business units? (Choose 2 answers)

Give them access to TCO calculator.

Enable Cost and Usage reports.

Tag all resources with the appropriate business unit.

Set up consolidated billing

Explanation

By tagging all resources with the business unit and enabling detailed billing reports, you would enable the finance team to run cost reports by business unit.

Explanation

By tagging all resources with the business unit and enabling detailed billing reports, you would enable the finance team to run cost reports by business unit.

13 / 75

Your account has 3 VPCs deployed in the same region.

The IPv4 address ranges of the VPCs are:

VPC A 172.22.0.0/16

VPC B 10.3.0.0/16

VPC C 10.4.0.0/16

Add static routes to VPC A with Targets of 10.3.0.0/16 and 10.4.0.0/16 and a Destination of pcx-abcxyz

Connect VPC A to VPC B using VPC Peering and allow VPC C to access VPC A through VPC B

Create separate VPC Peering connections between VPC A & VPC B and VPC A & VPC C

Connect VPC A to pcx-abcxyz

Explanation

14 / 75

Perform snapshots of EBS volumes on a set schedule.

Configure the server in an auto scaling group with a minimum and maximum size of one

Monitor the server availability using Cloud Watch metrics to receive alerts of health check failures.

Add an additional availability zone and a load balancer.

Explanation

15 / 75

You are looking for a simple way to configure high availability for your EC2 instances. You need to create a plan for replacing unhealthy or failed instances. It is acceptable to have a short amount of downtime to keep costs down. Which process is appropriate for achieving this?

Create a custom AMI and use it to create an Auto Scaling Launch Configuration; then create a “Steady State” auto scaling policy using a minimum of 2 instances and a maximum of 2 instances.

Create a custom AMI of your EC2 instance, and configure a CloudWatch alarm based on StatusCheckFailed_Instance with an EC2 action of “Recover this instance.”

Create a custom AMI of your EC2 instance, and configure a CloudWatch alarm based on StatusCheckFailed_Instance with an EC2 action of “Reboot this instance.”

Create a custom AMI of your EC2 instances. Use the custom AMI to create a new EC2 instance if there are issues with a current EC2 instance, and move the EIP to the new instance.

Explanation

Creating a custom AMI of the instance for which you are trying to provide HA allows you to bring the instance online quickly with no build time. Moving the EIP from the instance, you are replacing to the new instance will send all traffic to the new instance without any change to DNS, which would take time to propagate. Using the AutoRecover option will not replace the unhealthy or failing instance. It will only try to restart it on another host. Creating a “Steady State” Auto Scaling Group would also be a good solution, although using two as a minimum would have a higher cost.

Explanation

16 / 75

You are an engineer at a large bank, responsible for managing your firm’s AWS infrastructure. The finance team has approached you, indicating their concern over the growing AWS budget, and has asked you to investigate ways to lower it. Since your firm has enterprise-level support, you decide to use the AWS Trusted Advisor tool for this effort. What are some of the cost optimization checks that Trusted Advisor will perform? (Choose 3 answers)

Underutilized Amazon EBS Volumes

EC2 Spot Instance Optimization

Idle Load Balancers

Underutilized Amazon Redshift Clusters

Explanation

Trusted Advisor checks for Amazon EC2 reserved instances optimization, low utilization of Amazon EC2 instances, idle Load Balancers, underutilized Amazon EBS Volumes, unassociated Elastic IP Addresses, Amazon RDS idle DB instances, Amazon Route 53 Latency Resource Record Sets, Amazon EC2 reserved instance lease expiration and underutilized Amazon Redshift Clusters

Explanation

17 / 75

You have begun your migration into Amazon Web Services using the AWS Database Migration Service. You are pleased that there are no errors; however, the migration tasks are running slowly. You review the resources that have been assigned to the AWS DMS replication instance, and they seem to be adequate. Which other task could you perform to help speed up the initial migration tasks?

Turn off all logging on the target database

Reduce the frequency of automatic backups.

Increase the IOPs on the replication instance.

Enable multi-availability zones on the target database instance.

Explanation

Turning off automatic backups or logging on the target database during the migration will help increase the speed of the initial migration load.

Explanation

Turning off automatic backups or logging on the target database during the migration will help increase the speed of the initial migration load.

18 / 75

Your team is developing an application using Elastic Beanstalk and discussing the most appropriate environment for deployment. What two types of environments can be created when using Elastic Beanstalk? (Choose 2 answers)

Web worker environment

Load-balancing and auto-scaling environment

Multi-region, multiple-instance environment

Single-instance environment

Explanation

In Elastic Beanstalk, you can create a load-balancing, autoscaling environment or a single-instance environment. The type of environment that you require depends on the application that you deploy. For example, you can develop and test an application in a single-instance environment to save costs and then upgrade that environment to a load-balancing, autoscaling environment when the application is ready for production.

Explanation

19 / 75

You are migrating your Oracle database using the AWS Database Migration Service. Due to a large amount of data being replicated, you need the replication process to be continuous. What must be changed on your replication instance to use ongoing replication?

Increase the number of tables that are cached in RAM.

Disable Multi-AZ on the target instance

Enable the Multi-AZ option on the replication instance.

Disable backups on the target instance

Explanation

Enabling the Multi-AZ option provides high availability and failover support for the replication instance

Explanation

Enabling the Multi-AZ option provides high availability and failover support for the replication instance

20 / 75

A customer needs to migrate several hundred terabytes of data into AWS. You typically use Amazon Snowball for these types of requests. What method does AWS recommend regarding data upload to the Snowball appliance? (Choose 2 answers)

Use a single workstation to avoid redundant data transfers to the same Snowball appliance

Use the latest Mac or Linux Snowball client.

Use multiple workstations to run the client software to expedite the transfer.

When testing data transfer, avoid long test commands in favor of short ones

Explanation

Uploading data to the Snowball Appliance requires a client application. The upload is CPU, memory, and networking intensive. If you are uploading large amounts of data, Amazon recommends that you run the client software on multiple workstations to distribute the load and thereby shorten the time the upload will take.

Explanation

21 / 75

A MySQL database currently contains 2 million records. Approximately 2000 new records are added every day, with an average of 80 queries per second. The database is running on a 4 core, 4 GB dedicated system in the local data center. Once a week, on average, the system has issues and resets. It is next on the list to be moved to the cloud. What step should be taken first before it is migrated?

Order an on-demand instance matching the on-premises architecture.

Use the AWS server migration service to migrate existing records

Fix all MySQL issues in the local data center.

Export all database records to S3.

Explanation

Issues that are not first solved locally will not be solved by moving to the cloud. Moving to the cloud is not a silver bullet. If there are inherent problems in the existing architecture there is no guarantee that they will be solved by moving to the cloud. Try to resolve any issues locally before migrating your architecture (and its existing issues) to the cloud.

Explanation

22 / 75

Increase the maximum number of instances in your auto-scaling group

Increase the size of instances in your launch configuration.

Decrease the length of your scaling cool down period

Increase the length of your scaling cool down period

Explanation

23 / 75

The total RCU divided by 3000 + total WCU divided by 1000

The total RCU divided by 5000 + total WCU divided by 1000

The total table size divided by 10 GB

The total table size divided by 40 GB

Explanation

DynamoDB tables are portioned based on the following: First, calculate total RCU/3000 + total WCU/1000. Then calculate the total size/10 GB. Then round up the higher of the two results.

Explanation

DynamoDB tables are portioned based on the following: First, calculate total RCU/3000 + total WCU/1000. Then calculate the total size/10 GB. Then round up the higher of the two results.

24 / 75

You are working for a rapidly growing company that is using EC2 instances to process customer requests. There have been many instances of latency related to the high demand for specific EC2 instances. You are designing changes to the environment, including an Application Load Balancer to manage traffic demands. What ELB characteristics and best practices should you keep in mind? (Choose 2 answers)

For instances behind an ELB, do not bind an application to the instances IP address

It is recommended to reference an ELB by its MAC address instead of its DNS address.

Note that ELB in a VPC supports both IPv4 and IPv6.

It is recommended to reference an ELB by its DNS name instead of its IP address

Explanation

The IP address for a load balancer can frequently change as the service scales up and down in a process managed by the service. What this means is that the IP address you reference may change as the service scales - the hardware technically behind the load balancing service may have been reallocated. By using the DNS name, ELB can reference and translate that to the current load balancer's IP address.

The same goes for the binding the application to an instance's IP address - the actual instances handling requests can change at a moment's notice in the cloud, so rather than tying requests to a specific IP address, reference a DNS name and this will be translated to the current instance IP address.

Explanation

25 / 75

You have been assigned to a client who has an existing AWS cloud environment. They are already using CloudFormation to deploy web dev, test, and production environments. You immediately recognize that they are using the same CloudFormation template for dev and production. The Project Plan calls for major performance testing at the end of the project and the client wants to cut cost wherever possible. You recommend using smaller EC2 instances for the Developers dev environments. What section of a CloudFormation template can you use to deploy variable sized instances depending on the environment?

Transform

Conditions

Mappings

Metadata

Explanation

The conditions section of a CloudFormation template defines conditions that control whether certain resources are created or whether certain resource properties are assigned a value during stack creation or update. For example, you could conditionally create a resource that depends on whether the stack is for a production or test environment

Explanation

26 / 75

Your company is migrating its infrastructure to AWS. When considering the migration level effort required, you determine there are a select number of VMs that fall under the “very low effort” category. After considering third-party migration options, you decide to utilize available AWS tools. What tools are available for migrating VMs to the AWS cloud? (Choose 2 answers)

AWS Snowmobile

AWS VM Import

AWS Snowball

AWS S3 Import

Explanation

Both Snowball and VM Import can be used to migrate VMs. Snowball mitigates any bandwidth issues that may occur when using VM Import with standard Internet connections.

Explanation

Both Snowball and VM Import can be used to migrate VMs. Snowball mitigates any bandwidth issues that may occur when using VM Import with standard Internet connections.

27 / 75

A client of yours has a huge amount of data stored on Amazon S3, but is concerned about someone stealing it while it is in transit. You know that all data is encrypted in transit on AWS, but which of the following is wrong when describing server-side encryption on AWS?

In server-side encryption, you manage encryption/decryption of your data, the encryption keys, and related tools.

Amazon S3 server-side encryption employs strong multi-factor encryption.

Amazon S3 server-side encryption uses one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256), to encrypt your data

Server-side encryption is about data encryption at rest--that is, Amazon S3 encrypts your data as it writes it to disks.

Explanation

Amazon S3 encrypts your object before saving it on disks in its data centers and decrypts it when you download the objects. You have two options depending on how you choose to manage the encryption keys: Server-side encryption and client-side encryption. Server-side encryption is about data encryption at rest--that is, Amazon S3 encrypts your data as it writes it to disks inits data centers and decrypts it for you when you access it. As long as you authenticate your request and you have access permissions, there is no difference in the way you access encrypted or unencrypted objects. Amazon S3 manages encryption and decryption for you. For example, if you share your objects using a pre-signed URL, that URL works the same way for both encrypted and unencrypted objects. In client-side encryption, you manage encryption/decryption of your data, the encryption keys, and related tools. Server-side encryption is an alternative to client-side encryption in which Amazon S3 manages the encryption of your data, freeing you from thetasks of managing encryption and encryption keys. Amazon S3 server-side encryption employs strong multi-factor encryption. Amazon S3 encrypts each object with a unique key. As an additional safeguard, it encrypts the key itself with a masterkey that it regularly rotates. Amazon S3 server-side encryption uses one of the strongest block ciphers available, 256- bit Advanced Encryption Standard (AES-256), to encrypt your data

Explanation

28 / 75

You are architecting for a hybrid cloud solution that will require continuous connectivity between on-premises servers and instances on AWS. You found that the connectivity between on-premises and AWS does not require high bandwidth for now so you decided to go with resilient VPN connectivity. Which of the following services are part of establishing a resilient VPN connection between on-premises networks and AWS? (Choose 3 answers)

Public VIFs

Customer gateway

Virtual private gateway

VPN connection

Explanation

A customer gateway CGW is the anchor on the customer side of that connection. It can be a physical or software appliance. The anchor on the AWS side of the VPN connection is called a virtual private gateway VGW. There are two lines between the customer gateway and virtual private gateway because the VPN connection consists of two tunnels in case of device failure. When you configure your customer gateway, it's important you configure both tunnels.

The VPN connection will connect VGW attached to certain VPC and CGW on AWS.

Public and Private Virtual Interfaces VIFs are part of configuring a Direct Connect between on-premises and AWS

Explanation

The VPN connection will connect VGW attached to certain VPC and CGW on AWS.

Public and Private Virtual Interfaces VIFs are part of configuring a Direct Connect between on-premises and AWS

29 / 75

A user has attached 1 EBS volume to a VPC instance. The user wants to achieve the best fault tolerance of data possible. Which of the below mentioned options can help achieve fault tolerance?

Attach one more volume with RAID 0 configuration.

Connect multiple volumes and stripe them with RAID 6 configuration.

Use the EBS volume as a root device

Attach one more volume with RAID 1 configuration

Explanation

The user can join multiple provisioned IOPS volumes together in a RAID 1 configuration to achieve better fault tolerance. RAID 1 does not provide a write performance improvement, it requires more bandwidth than non-RAID configurations since the data is written simultaneously to multiple volumes.

Explanation

30 / 75

Which type of IAM role is pre-defined, and can only be edited in a limited number of cases?

Cross-Account Access Roles

Identity Provider Access Roles

AWS Service Roles

AWS Service-Linked Roles

Explanation

The method that you use to edit a service-linked role depends on the service. Some services might allow you to edit the permissions for a service-linked role from the service console, API, or CLI. However, after you create a service-linked role, you cannot change the name of the role because various entities might reference the role. You can edit the description of any role from the IAM console, API, or CLI.

For information about which services support using service-linked roles, see AWS Services That Work with IAM and look for the services that have Yes in the Service-Linked Role column. To learn whether the service supports editing the service-linked role, choose the Yes link to view the service-linked role documentation for that service.

Explanation

31 / 75

An organization has launched five instances: two for production and three for testing. The organization wants a particular group of IAM users to access only the test instances and not the production ones. They want to deploy the instances in various locations based on the factors that will change from time to time, especially in the test group. They expect instances will often be deleted and replaced, especially in the testing group. This means the five instances they have created now will soon be replaced by a different set of five instances. The members of each group, production, and testing will not change in the foreseeable future.

Given the situation, what choice below is the most efficient and time-saving strategy to define the IAM policy? (Choose 2 answers)

Configure tags on the instances in each environment defining which are ‘test’ and which are ‘production’

Launch the test and production instances in separate regions and allowing region wise access to the group

Add a condition to the IAM policy that allows access to the configured tags for the ‘test’ environment

Define the IAM policy that allows access based on the instance ID

Explanation

AWS Identity and Access Management is a web service that allows organizations to manage users and user permissions for various AWS services. The user can add conditions as a part of the IAM policies. The condition can be set on AWS Tags, Time, and Client IP as well as on various parameters. If the organization wants the user to access only specific instances, he should define proper tags and add to the IAM policy condition. The sample policy is shown below.
"Statement": [ { "Action": "ec2:*", "Effect": "Allow", "Resource": "*", "Condition": { "StringEquals": { "ec2:ResourceTag/InstanceType": "Production" } } } ]

Explanation

32 / 75

You are assisting an IT administrator for a client company over the phone. The administrator has created a public subnet and had added two EC2 instances to this subnet. But he is unable to access the Internet from these new EC2 instances and is asking for your assistance. What general checks can he make to ensure proper configuration and Internet access? (Choose 3 answers)

He should check that an Internet Gateway is configured and that the route table routes Internet traffic to the Internet gateway.

He should check to ensure Network ACLs and Security Groups allow ingress and egress.

He should check that the EC2 instances have either a public IP address or an Elastic IP address.

He should check that an Virtual Private Gateway is configured and that the route table routes internet traffic to the Internet gateway.

Explanation

To enable access to or from the Internet for instances in a VPC subnet, you must do the following:

Attach an Internet gateway to your VPC.
Ensure that your subnet's route table points to the Internet gateway.
Ensure that instances in your subnet have a globally unique IP address (public IPv4 address, Elastic IP address, or IPv6 address).
Ensure that your network access control and security group rules allow the relevant traffic to flow to and from your instance.

Explanation

To enable access to or from the Internet for instances in a VPC subnet, you must do the following:

Attach an Internet gateway to your VPC.
Ensure that your subnet's route table points to the Internet gateway.
Ensure that instances in your subnet have a globally unique IP address (public IPv4 address, Elastic IP address, or IPv6 address).
Ensure that your network access control and security group rules allow the relevant traffic to flow to and from your instance.

33 / 75

If your company's identity system is compatible with OAuth 2.0, establish trust between your company's identity system and AWS

If your company's identity system is compatible with Kerberos, establish trust between your company's identity system and AWS

If your company's identity system is compatible with SAML 2.0, establish trust between your company's identity system and AWS

If your company's identity system is compatible with OpenID Connect (OIDC), establish trust between your company's identity system and AWS

Explanation

34 / 75

What costs should be primary considerations? (Choose 3 answers)

The cost of running duplicate environments

The cost of using a Direct Link connection

The cost of outside consulting services

The cost of running migration tools

Explanation

35 / 75

You are responsible for maintaining an RDS database deployed in a Multi-AZ deployment architecture. What would be the downtime and/or failover cycle associated with maintenance events on your database? (Choose 2 answers)

Maintenance will be applied to standby instance first.

Maintenance will be applied to the primary instance first

The old primary will be promoted back to the new primary after maintenance

Standby instance will become the new primary after maintenance

Explanation

Running a DB Instance as a Multi-AZ deployment can further reduce the impact of a maintenance event because Amazon RDS will conduct maintenance by following these steps: Perform maintenance on the standby.

Perform maintenance on the standby.
Promote the standby to primary.
Perform maintenance on the old primary, which becomes the new standby.

Explanation

Perform maintenance on the standby.
Promote the standby to primary.
Perform maintenance on the old primary, which becomes the new standby.

36 / 75

Your organization is migrating applications to AWS. Your new security policy mandates that all user accounts be created and managed through IAM. Currently, your corporation is using Active Directory as their on-premise LDAP service. Once applications go live at AWS, all users must access applications using temporary access credentials, and all IAM users must have passwords that are rotated on a set schedule. Which of the following actions will allow you to enforce this security policy? (Choose 3 answers)

Disable the root account for your AWS account.

Create required IAM user accounts

Create and enforce a password expiration policy option for all IAM users.

Deploy federation services that support the Security Token Service

Explanation

STS is the “glue” that supports temporary access credentials for federation. If you are running code, AWS CLI, or Tools for Windows PowerShell commands inside an EC2 instance, you can take advantage of roles for Amazon EC2. Otherwise, you can call an AWS STS API to get the temporary credentials, and then use them explicitly to make calls to AWS services.

Explanation

37 / 75

You are configuring Amazon Route 53 to route traffic destined for yourwebsite.com to an Application Load Balancer that is configured to distribute traffic in two availability zones in the same AWS region. Which record set should you edit to point traffic for yourwebsite.com to your Application Load Balancer? Select the answer that is the most cost-effective and scalable.

CNAME

Alias

Explanation

yourwebsite.com is a zone apex. Alias record sets can be used to set a zone apex, but CNAME records cannot. Additionally, queries to Alias records that are mapped to an ELB are free. A records are used to map IPv4 addresses to FQDNs, the IP address of the ELB may change. MX records are used for email servers.

Explanation

38 / 75

You are running a legacy application hosted in AWS on an Amazon EC2 instance. The legacy application has the EC2 instance's IP address hard-coded into its code. Which of the following scenarios would successfully provide a High Availability solution for the instance that is running the application? (Choose 2 answers)

Assign an elastic IP address to the EC2 instance and have a backup instance running. In the event of failure, move the Elastic IP from the primary instance to the backup instance.

You don't need to do anything as it is hard-coded and hence will always be highly available.

Have a backup instance running with Elastic Load Balancing and configure Amazon Route 53 to check the health of your resources and respond to DNS queries using only the healthy resources

Use spot instances to be allocated if the instance becomes unavailable

Explanation

Amazon Route 53 lets you configure DNS failover in active-active, active-passive, and mixed configurations to improve the availability of your application. When you have more than one resource performing the same function, you can configure Amazon Route 53 to check the health of your resources and respond to DNS queries using only the healthy resources.

Another solution would be to assign an elastic IP address to the EC2 instance and have a backup instance running. In the event of failure, move the Elastic IP from the primary instance to the backup instance.

Explanation

39 / 75

An international web journal hosted on AWS handles requests for technical publications. The front-end tier is hosted in a VPC with multiple availability zones, auto-scaling groups, and cross zone load-balancing. RDS hosts the application database responsible for indexing and searching the content, and technical journals are served from S3 buckets. At certain times, specific professional journals became quite popular, causing viewing delays. Which additional components could be utilized in your architecture to help improve performance? (Choose 2 answers)

Deploy CloudFront to help with content delivery to users in remote geographic locations

Add cross-region replication to S3 buckets hosting your journals

Utilize ElasticCache with Lazy Loading to cache popular searches and indexes

Utilize the SQS service to speed up response to requests

Explanation

Lazy loading keeps the cache up to date based only on requests, which avoids filling up the cache needlessly, but if data is only written to the cache when there is a cache miss, data in the cache can become stale since there are no updates to the cache when data is changed in the database. This issue is addressed by using lazy loading in conjunction with write through, which adds data or updates data in the cache whenever data is written to the database. You may also use CloudFront to optimize your caching. By default, CloudFront doesn't consider headers when caching your objects in edge locations. If your origin returns two objects and they differ only by the values in the request headers, CloudFront caches only one version of the object

Explanation

40 / 75

You are tasked with configuring Route 53 for use with EC2 instances across multiple regions that are used for a customer’s website. The customer would like to route traffic based upon the location of the website’s visitors so visitors from specific regions can be presented with specific content. Which of the following would be best suited to meet the requirement?

A geolocation routing policy

A region based routing policy

EDNS0

DynDNS

Explanation

A Geolocation routing policy would allow Route 53 to route queries based upon the location of users. DynDNS is used to automatically update DNS records. EDNS0 can be used to improve the accuracy of geolocation routing, but is not a routing policy in and of itself. Region based is not a valid Route 53 routing policy type.

Explanation

41 / 75

You need to change a deployed Elastic Beanstalk environment to provide additional performance for EC2 instances that a client is currently running on their application. To change your instance count for Elastic Beanstalk, select the necessary steps (in any order). (Choose 3 answers)

Choose Configuration and then choose Scaling.

Open a command prompt window and execute the command change-elastic-beanstock -env.

Change the Minimum Instance Count and then Apply

Open the Elastic Beanstalk console and navigate to the management page

Explanation

Elastic Beanstalk environments can be changed after creation. For example, if you have a compute-intensive application, you can change the type of Amazon EC2 instance that is running your application. To do this, you use the Scaling option in the management page of the Elastic Beanstalk console and change the minimum instance count.

Explanation

42 / 75

Choose the server order preference option

Select a client configuration preference option

Select the default security policy.

Enable SSL offload.

Explanation

43 / 75

A user has applied an S3 Bucket access control list (ACL) and a bucket policy to an S3 bucket. Then, the user enables cross-origin resource sharing (CORS) on the same bucket.

Which of the following statements is true in this context?

It is not possible to have all three applied to the same bucket.

With CORS, only an ACL can be applied

With CORS, only the policy can be applied

The ACLs and policies continue to apply when you enable CORS on the bucket

Explanation

The CORS specification gives a user the ability to build web applications that make requests to domains other than the one which supplied the primary content. The ACLs and policies continue to apply when you enable CORS on the bucket.

Explanation

44 / 75

A user has launched a large EBS-backed instance with AWS. The only other storage associated with it is ephemeral storage on instance store. What will happen if the user stops the instance?

No data will be lost.

All the data on ephemeral storage will be snapshotted.

All the data on ephemeral storage will be lost.

All the data on ephemeral storage will be automatically backed up in S3.

Explanation

In AWS, ephemeral storage is only temporary storage. If the instance is stopped and started back all the data on ephemeral storage will be lost.

Explanation

In AWS, ephemeral storage is only temporary storage. If the instance is stopped and started back all the data on ephemeral storage will be lost.

45 / 75

Regarding Amazon Route 53, if your application is running on Amazon EC2 instances in two or more Amazon EC2 regions and if you have more than one Amazon EC2 instance in one or more regions, you can useto route traffic to the correct region and then use to route traffic to instances within the region, based on probabilities that you specify

weighted-based routing, weighted resource record sets

latency-based routing, alias resource record sets

weighted-based routing, alias resource record sets

Latency-based routing, weighted resource record sets

Explanation

Regarding Amazon Route 53, if your application is running on Amazon EC2 instances in two or more Amazon EC2 regions, and if you have more than one Amazon EC2 instance in one or more regions, you can use latency-based routing to route traffic to the correct region and then use weighted resource record sets to route traffic to instances within the region based on weights that you specify

Explanation

46 / 75

A customer has a website which shows all the sales available in leading online and brick-and-mortar stores.

Currently, the website's web, application, and database tiers are hosted on five large, on-demand EC2 instances to manage day-to-day traffic. However, from late November through the end of December, the website traffic quadruples the normal rate for various periods, sometimes a few minutes, and sometimes a few hours. During the peaks in activity, the website requires up to 20 large instances.

The level of activity is not predictable. It is also prone to large, sudden spikes at random times based on when various temporary sales are available. The site's traffic can quadruple in a matter of minutes.

Which option is the most cost-effective and achieves better performance to handle these peaks in traffic reliably?

Purchase 5 Standard reserved instances immediately. Add ten on-demand instances to run continuously from late November through the end of December. Create an auto scaling group to scale out an additional five instances based on the workload metrics as needed.

Launch ten on-demand instances running continuously, and manually launch ten instances every day during office hours based on workload metrics as needed.

Purchase 5 Standard reserved instances immediately. Add five on-demand instances during the from late November through the end of December, and create an auto scaling group to scale out an additional ten instances based on the workload metrics as needed.

Purchase 5 Scheduled reserved instances immediately. Add 15 on-demand instances to run continuously from late November through the end of December.

Explanation

AWS provides an on-demand, scalable infrastructure. Amazon EC2 allows the user to launch On-Demand instances and the organization should create an AMI of the running instance. When the organization is experiencing varying loads and the time of the load is not known but it is higher than the routine traffic it is recommended that the organization launches a few instances beforehand and then setups AutoScaling with policies which scale up and down as per the EC2 metrics, such as Network I/O or CPU utilization.

If the organization keeps all ten additional instances as a part of the AutoScaling policy sometimes during a sudden higher load, it may take time to launch instances and may not give optimal performance. This is the reason it is recommended that the organization keeps an additional five instances running and the next five instances scheduled as per the AutoScaling policy for cost-effectiveness.

Additionally, the website has established a baseline of normal workload outside of the peak season, so they can invest in Standard reserved instances to manage this workload and save dramatically on compute resource costs.

Explanation

47 / 75

The total table size divided by 10 GB

The total table size divided by 40 GB

The total RCU divided by 3000 + total WCU divided by 1000

The total RCU divided by 5000 + total WCU divided by 1000

Explanation

DynamoDB tables are portioned based on the following: First, calculate total RCU/3000 + total WCU/1000. Then calculate the total size/10 GB. Then round up the higher of the two results

Explanation

DynamoDB tables are portioned based on the following: First, calculate total RCU/3000 + total WCU/1000. Then calculate the total size/10 GB. Then round up the higher of the two results

48 / 75

Your company is planning to deploy a hybrid environment linking their on-premise database to an application hosted at AWS. When considering performance rather than security, what are key concerns when designing a network between AWS and the on-site database? (Choose 2 answers)

Network bandwidth

Network latency

Private network access

Control of data resources

Explanation

Since the database is not located in the same location as the application servers, network latency and bandwidth could potentially be an issue

Explanation

Since the database is not located in the same location as the application servers, network latency and bandwidth could potentially be an issue

49 / 75

You are performing some testing of an application in development and wish to delete the parts of a multipart upload after a mistake is made with part numbering. Which command would you run to stop the upload and delete all the parts?

Remove multipart upload

Delete multipart upload

Abort multipart upload

Cancel multipart upload

Explanation

To delete the parts of a failed multipart upload so that you do not get charged for storage of those parts, you must use the command “Abort Multipart Upload” and provide the upload ID of upload you wish to abort. After aborting a multipart upload, you cannot upload any part using that upload ID again. All storage that any parts from the aborted multipart upload consumed is then freed.

Explanation

50 / 75

Your client has contacted you about an existing AWS cloud environment that they have. They have a large number of T2 large instances in a VPC but have statistics indicating they may need larger instances soon. Another consideration is the company's limited budget to add new instances and/or upgrade its current instances. However, they need to do something and are relying on you to provide a solution. This company has used its existing instances for over 3 years and expects a similar lifespan for any new solution.

What changes would best address the issues with their compute resources? (Choose 2 answers)

Upgrade to Enhanced Networking instances.

Use spot instances to supplement the existing instances.

Replace T2 large instances with large general purpose instances.

Upgrade to standard reserved instances

Explanation

T2 instances are Burstable Performance Instances that provide a baseline level of CPU performance with the ability to burst above the baseline. The baseline performance and ability to burst are governed by CPU Credits. M4 instances are the latest generation of General Purpose Instances. This family provides a balance of compute, memory, and network resources, and it is a good choice for many applications. In this instance, the only option which provides for growth while keeping costs in check is to upgrade to reserved M4 instances on a long term 3 year contract.

Explanation

51 / 75

Your company has recently discovered a massive security leak in which several users' access credentials were compromised. As a response, the Senior IT Security Manager has requested you to prevent all high-risk data from being modified or deleted by any users, including the root user.

What if the most efficient way to implement this security measure?

Migrate the high-risk data to new S3 buckets and enable object locks. Configure a retention mode of compliance mode.

Enable object locks for all existing buckets with high-risk data. Configure a retention mode of governance mode.

Migrate the high-risk data to new S3 buckets and enable object versioning. Enable MFA Delete for all buckets.

Enable object versioning for all existing buckets with high-risk data. Enable a default legal hold for the bucket

Explanation

There are a few key points to this question:

Object locks can prevent objects from modification or deletion; objection versioning does not - it only maintains versions of an object until those versions are deleted.
Users can only enable Object locks can on new S3 buckets.
Object locks have two retention modes - governance mode and compliance mode. Compliance mode prevents objects from being deleted or updated by users, including the root user. Governance mode allows objects to be modified, but prevents objects from being deleted.

Explanation

There are a few key points to this question:

Object locks can prevent objects from modification or deletion; objection versioning does not - it only maintains versions of an object until those versions are deleted.
Users can only enable Object locks can on new S3 buckets.
Object locks have two retention modes - governance mode and compliance mode. Compliance mode prevents objects from being deleted or updated by users, including the root user. Governance mode allows objects to be modified, but prevents objects from being deleted.

52 / 75

Which of the following is NOT a characteristic of Amazon Elastic Compute Cloud (Amazon EC2)?

It eliminates your need to invest in hardware up front, so you can develop and deploy applications faster.

It increases the need to forecast traffic by providing dynamic IP addresses for static cloud computing.

It can be used to launch as many or as few virtual servers as you need.

It offers scalable computing capacity in the Amazon Web Services (AWS) cloud.

Explanation

Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) cloud. Using Amazon EC2 eliminates your need to invest in hardware up front, so you can develop and deploy applications faster. You can use Amazon EC2 to launch as many or as few virtual servers as you need, configure security and networking, and manage storage. Amazon EC2 enables you to scale up or down to handle changes in requirements or spikes in popularity, reducing your need to forecast traffic

Explanation

53 / 75

Your company decided to create AWS Account and start moving some workloads to the cloud. The security team would like to utilize the existing identity and access management system which is based on Active Directory to manage access to the new AWS Account. For that reason you decided to use SAML federation to allow users in local identity and access management system access to AWS Services.

Which of the following are primary components in SAML Federation configuration for the new AWS account? (Choose 2 answers)

SAML-Based identity provider has to be available to be used with company's identity store (Active Directory)

IAM trust policy that allows external identity store like Active Directory to be used as the primary IDP for this AWS account

IAM Roles matching Active Directory groups that you would like to allow access to AWS

Direct Connect or VPN connectivity must be established between AWS and your company's data center

Explanation

To enable SAML-Based federation for AWS Account, the following actions are required

1- Inside your organization's network, you configure your identity store (such as Windows Active Directory) to work with a SAML-based identity provider (IdP) like Windows Active Directory Federation Services

2- In IAM, create a new SAML provider, which is an entity in IAM that holds information about your organization's identity provider.

3- You also need to create roles that will map to allowed groups in company's identity store, members of these groups will be presented with set of roles that map to their group membership to choose which role they would like to assume while logging in to AWS console

Explanation

To enable SAML-Based federation for AWS Account, the following actions are required

2- In IAM, create a new SAML provider, which is an entity in IAM that holds information about your organization's identity provider.

54 / 75

Within Elastic Load Balancing, the time-to-live ensures that the IP addresses can be remapped quickly in response to changing traffic. What is the default time-to-live (TTL) limit specified by a DNS entry?

90 seconds

30 seconds

10 seconds

60 seconds

Explanation

The DNS entry specifies the time-to-live (TTL) as 60 seconds, which ensures that the IP addresses can be remapped quickly in response to changing traffic.

Explanation

The DNS entry specifies the time-to-live (TTL) as 60 seconds, which ensures that the IP addresses can be remapped quickly in response to changing traffic.

55 / 75

You have determined specific instances will need to be resized by either scaling the instance(s) up or down.

What basic rules apply when resizing EC2 instances? (Choose 2 answers

You can only resize spot or on-demand instances but not reserved instances

Instances need to have the same virtualization type

Instances with limited storage compatibility require migration instead of resizing

Instances need to be from the same AMI

Explanation

When you resize an instance, you must select an instance type that is compatible with the configuration of the instance. If the instance type that you want is not compatible with the instance configuration you have, then you must migrate your application to a new instance with the instance type that you need. As your needs change, you might find that your instance is over-utilized (the instance type is too small) or under-utilized (the instance type is too large). If this is the case, you can change the size of your instance. For example, if your t2.micro instance is too small for its workload, you can change it to an m3. medium instance

Explanation

56 / 75

One of your customers is a large multi-national company whose infrastructure on AWS has grown significantly over the past year. The CIO has come to you asking how the huge amount of data that is being generated can be accessed in real-time which would give them a significant edge over all of their competitors. You know that AWS can provide a range of analytics but which of the following would be best to try and accomplish this?

AWS Data Pipeline

Amazon Elasticsearch

Amazon Kinesis

Amazon EMR

Explanation

Amazon Kinesis is a fully managed service for real-time processing of streaming data at massive scale. Amazon Kinesis can continuously capture and store terabytes of data per hour from hundreds of thousands of sources such as website clickstreams, financial transactions, social media feeds, IT logs, and location-tracking events. With Amazon Kinesis Client Library (KCL), you can build Amazon Kinesis Applications and use streaming data to power real-time dashboards, generate alerts, implement dynamic pricing and advertising, and more.

Explanation

57 / 75

Send a request to initiate a multipart upload

Upload each part with an upload ID and a part number.

Create ordered ETag values to label each part.

Construct the final object from the parts.

Explanation

58 / 75

You are developing a new application in which you need to transfer files over long distances between client-side storage and an S3 bucket. You decide to try sending data to the S3 bucket using S3 Transfer Acceleration. What must you do to achieve this? (Choose 2 answers)

Use the CLI S3 accelerate upload commands.

Use the SDK S3 accelerate upload commands

Use the new accelerate endpoints to transfer your data to S3.

Turn on S3 Transfer Acceleration for the bucket.

Explanation

After you turn on S3 Transfer Acceleration for a bucket, two new endpoints are created for the bucket: one for IPv4 and one for IPv6. You can use either the accelerate endpoints or the standard endpoints if you choose not to use the accelerate feature.

Explanation

59 / 75

Your company wants to migrate an on-premises SQL Server DB to AWS RDS SQL Server. As the DBA, you have determined that your database can be offline while the backup is created, copied, and restored. You decide to use native backup and restore. Which steps are required during setup? (Choose 3 answers)

Turn on compression for your backup files by running “exec rdsadmin..rds_set_configuration ‘S3 backup compression’, ‘true.’”

Create an AWS IAM role for access to the S3 bucket

Create an Amazon S3 bucket for your backup files

Add the SQLSERVER_BACKUP_RESTORE option to an option group on your DB instance.

Explanation

There are three components you'll need to set up for native backup and restore: an Amazon S3 bucket to store your backup files; an AWS Identity and Access Management (IAM) role to access the bucket, and the SQLSERVER_BACKUP_RESTORE option added to an option group on your DB instance.

Explanation

60 / 75

You are in the process of planning your backup strategy between an on-premises data center and AWS cloud. You are considering Storage Gateway technology for backup and restore in your hybrid environment. What are the primary factors that affect Backup and Recovery times when using Storage Gateways? (Choose 2 answers)

Amount of data required for backup each day after on-premise data deduplication and compression

Compute power of on-premises instances that need to be backed up

Net available bandwidth between on-premises and AWS over the public internet or Direct Connect line.

Amount of data required for backup each day before on-premise data deduplication and compression

Explanation

Storage gateways interact with AWS over the public Internet or direct connect. You will need to know the amount of data per day that needs to be transferred to Amazon S3 and the net available bandwidth of your network connection. Storage Gateway is capable of running data compression, and comparison so only changed data is being backed up.

Explanation

61 / 75

Your organization is thinking of running parts of their workload on AWS while keeping the critical and sensitive servers on-premises with continuous connectivity between instances in AWS and corporate data center. In such a hybrid cloud environment what are the minimum requirements to maintain resilient continuous connectivity between AWS and corporate data center?

A primary and a backup direct connect line connected to the primary router in the corporate data center

A primary direct connect line and a VPN connection for backup connected to the corporate primary router

A primary and a backup direct connect line and at least two routers in the corporate data center

A primary direct connect line connected to at least two routers in the corporate data center

Explanation

In Hybrid cloud environment where connectivity between AWS and Corporate datacenter is critical, redundant active/active or active/passive configurations should be implemented for connectivity resources. redundancy has to be on both sides (AWS and On-premises) hence the minimum requirements to implement this architecture is two direct connect lines and two customer devices (ideally in two different data centers)

Explanation

62 / 75

You have been assigned to design a new AWS RDS database for a pharmaceutical company. Their most important requirement is high availability. You have proposed a multi-AZ configuration for high availability. The discussion has progressed to failover scenarios. Which scenario will not cause an automatic failover?

Compute unit failure on primary

Long running resource intensive stored procedure

Loss of availability in primary Availability Zone

Loss of network connectivity to primary

Explanation

Amazon RDS detects and automatically recovers from the most common failure scenarios for Multi-AZ deployments so that you can resume database operations as quickly as possible without administrative intervention. Amazon RDS automatically performs a failover in the event of any of the following:

Loss of availability in primary Availability Zone
Loss of network connectivity to primary
Compute unit failure on primary
Storage failure on primary

Explanation

Loss of availability in primary Availability Zone
Loss of network connectivity to primary
Compute unit failure on primary
Storage failure on primary

63 / 75

You have started your own consulting business and have been contracted by a doctors office to help move their outdated scheduling and billing system to the cloud. One feature you have offered at low cost is a disaster recovery solution that will keep their offices operational with minimal downtime. You've configured a standby EC2 instance that can be spun up in minutes. What feature can be quickly attached to the standby EC2 instance in a failover situation, to get the standby operational as quickly as possible?

MAC address

IPv6 address

Elastic Network Interface

Elastic Load Balancer

Explanation

An elastic network interface is a virtual network interface that you can attach to an instance in a VPC. Network interfaces are available only for instances running in a VPC. If one of your instances serving a particular function fails, its network interface can be attached to a replacement or hot standby instance pre-configured for the same role to rapidly recover the service.

Explanation

64 / 75

Is it recommended to shutdown your EC2 instance when you create a snapshot of EBS volumes that serve as root devices?

No, you only need to shutdown an instance before deleting it.

No, the snapshot would turn off your instance automatically

Yes

Explanation

To create a snapshot for Amazon EBS volumes that serve as root devices, it is recommended to shutdown the instance before taking the snapshot.

Explanation

To create a snapshot for Amazon EBS volumes that serve as root devices, it is recommended to shutdown the instance before taking the snapshot.

65 / 75

What does Amazon DynamoDB provide?

A fast and reliable PL/SQL database cluster

A fast, highly scalable managed NoSQL database service

A standalone Cassandra database, managed by Amazon Web Services

A predictable and scalable MySQL database

Explanation

Amazon DynamoDB is a managed NoSQL database service offered by Amazon. It automatically manages tasks like scalability for you while it provides high availability and durability for your data, allowing you to concentrate in other aspects of your application

Explanation

66 / 75

You are managing cloud storage for your company, which wants the technical staff to have some latitude in managing the buckets under your supervision. In an effort to increase visibility and accountability on bucket management, you'd like to know who is accessing the buckets and to be notified of delete actions.

What features can provide this information for S3 buckets? (Choose 2 answers)

Enable CloudWatch Logs

View the S3 event logs

Turn on S3 Event Notifications for delete actions

Enable S3 Server Access Logs on the buckets

Explanation

S3 Event Notifications can be set up on objects stored in S3. An event could be set up to notify when a delete is performed. Logging is turned off by default but can be enabled. When enabled, they can track requests to your S3 bucket.

S3 Server Access Logging tracks detailed information not currently available with CloudWatch metrics or CloudTrail logs. To track requests for access to your bucket, you can enable access logging. Each access log record provides details about a single access request, such as the requester, bucket name, request time, request action, response status, and error code, if any. Access log information can be useful in security and access audits. It can also help you learn about your customer base and understand your Amazon S3 bill.

Explanation

67 / 75

You have deployed an application hosted on both a primary instance and a secondary standby instance. The instances are in the same subnet within a VPC.

If the primary instance fails, you would like to failover to the secondary instance without having to reconfigure the application. How can you accomplish this? (Choose 3 answers)

Attach elastic network interfaces to the primary and secondary instances

Use load balancing to redirect traffic to the secondary instance

Use an additional elastic network interface for failover to another instance

Add a second private IP address to the primary instance's ENI that can be moved to the secondary instance's ENI.

Explanation

68 / 75

Create a dedicated Placement Group and associate all new instances with this placement group at launch time. All instances launched in a dedicated placement group will be dedicated

Create your VPCs with instance tenancy of dedicated. This will ensure that all instances launched in VPC are dedicated

Create a golden AMI of the dedicated instance and enforce this AMI as the base for any new instance in your environment. This guarantees that all instances created based on the AMI will be dedicated

Create a CloudFormation template that has the EC2 Instance Tenancy attribute as dedicated and always use it to launch any new instance

Explanation

69 / 75

Which of the four storage options on Amazon S3 and Amazon Glacier charges per GB retrieval fees? (Choose 2 answers)

Amazon S3 Standard-Infrequent Access Storage

Amazon S3 Standard Storage

Amazon Glacier Storage

Amazon S3 Reduced Redundancy Storage

Explanation

Amazon Glacier and S3 Standard-IA are both designed for storing infrequently accessed data. This is why the data storage fees are roughly one-half to one-sixth the cost of Standard Storage. Retrieval fees will quickly add up if the data is retrieved too often, so planning or correctly setting your object lifecycle based on how often you or your company will need the data is important.

Explanation

70 / 75

Your database is very frequently receiving more read and write requests than it can handle. To process the higher loads more effectively you’ve decided to vertically scale your RDS database instance. You’ve confirmed that your licensing can handle the increased scale; next, you must determine when the changes will be applied. When can you apply the changes? (Choose 2 answers)

When changing the database storage type

Immediately, when choosing a larger instance size

When using CloudFront metrics

During the maintenance window for the database instances

Explanation

When scaling an RDS instance, changes can be applied immediately or during the maintenance window specified. It is also recommended that you before you scale, make sure you have the correct licensing in place for commercial engines (SQL Server, Oracle) especially if you Bring Your Own License (BYOL). One important thing to call out is that for commercial engines, you are restricted by the license, which is usually tied to the CPU sockets or cores.

Explanation

71 / 75

Select a true statement about Amazon EC2 Security Groups (EC2-Classic).

After you launch an instance in EC2-Classic, you can change its security groups only once.

After you launch an instance in EC2-Classic, you cannot add or remove rules from a security group.

After you launch an instance in EC2-Classic, you can't change its security groups.

After you launch an instance in EC2-Classic, you can only add rules to a security group.

Explanation

After you launch an instance in EC2-Classic, you can't change its security groups. However, you can add rules to or remove rules from a security group, and those changes are automatically applied to all instances that are associated with the security group

Explanation

72 / 75

Your developers have created a sales application that works in tandem with the no SQL database. To ensure the fastest response for the application in production, the developers wish to remove the need to wait for acknowledgments from the database to the application after data have been sent. The acknowledgments can be stored and accessed asynchronously. Which managed application would be the best choice for their design?

CloudWatch Logs

Simple Workflow Service

AWS Config

Simple Queue Service

Explanation

SQS allows you to quickly build hosted and scalable message queuing applications that can run on any computer. SQS stores messages in transit between diverse, distributed application components without losing messages and without requiring each component to be always available

Explanation

73 / 75

A user has enabled static website hosting on an S3 bucket, and configured and uploaded an index document.

An S3 bucket configured for static website hosting provides what additional capabilities?

The user can directly access the website using the region-specific endpoint

None. The website hosting feature only enables the user to point to the specific index file

None. The user can always access index.html without enabling static website hosting

It reduces costs related to I/O charges.

Explanation

To host a static website, the user needs to configure an Amazon S3 bucket for website hosting and then upload the website contents to the bucket. The website is then available at the region-specific website endpoint of the bucket.

If the user has an index.html object as part of the bucket, the user can always host it without the website hosting feature. However, it will require an absolute URL of the object. In this case the user can access the whole bucket as a website and need not refer individual objects separately.

Explanation

74 / 75

You are building a system to distribute confidential documents to employees. Using CloudFront, what method could be used to serve content that is stored in S3, but not publically accessible from S3 directly?

Add the CloudFront account security group "amazon-cf/amazon-cf-sg" to the appropriate S3 bucket policy.

Create an Origin Access Identity (OAI) for CloudFront and grant access to the objects in your S3 bucket to that OAI.

Create a S3 bucket policy that lists the CloudFront distribution ID as the Principal and the target bucket as the Amazon Resource Name (ARN).

Create an Identity and Access Management (IAM) User for CloudFront and grant access to the objects in your S3 bucket to that IAM User.

Explanation

You restrict access to Amazon S3 content by creating an origin access identity, which is a special CloudFront user. You change Amazon S3 permissions to give the origin access identity permission to access your objects, and to remove permissions from everyone else. When your users access your Amazon S3 objects using CloudFront URLs, the CloudFront origin access identity gets the objects on your users' behalf. If your users try to access objects using Amazon S3 URLs, they're denied access. The origin access identity has permission to access objects in your Amazon S3 bucket, but users don't.

Explanation

75 / 75

You are designing an AWS cloud environment for a new client. You will be responsible for designing and implementing the solution while also training their IT personnel to eventually take over administration of the environment. a major part of your task will be educating them on IAM and how to administer IAM moving forward. Which action can be authorized by IAM and is something for which you will have to prepare training material?

Querying a SQL Server database

Launching an EC2 instance

Connecting to on-premises Active Directory

Querying a DynamoDB database

Explanation

If an IAM user wants to launch an EC2 instance, you need to grant the EC2 RunInstance permission to that user. If the EC2 instance should include an instance profile—that is, if applications in the EC2 instance will be able to get temporary security credentials via an IAM role—the user who launches the EC2 instance must also have the IAM PassRole permission. Not only that, but the user might need PassRole permission to associate a specific role with the EC2 instance.

Explanation

Your score is

The average score is 14%

LinkedIn Facebook Twitter

Please rate your experience to help us improve !

Follow Us

Basic & Fundamentals

Recent Posts

Most Read

AWS Certified Solutions Architect Professional – Free Practice Tests

AWS Certified Solutions Architect Professional – Learning Mode

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

AWS Certified Solutions Architect Professional – Exam Mode

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation