AWS Certified Solutions Architect Professional - Free Practice Tests

This AWS practice test helps you to pass the following AWS exams and can also helps you to revise the AWS concepts if you are preparing for AWS interviews.

AWS Certified Solutions Architect Professional
AWS Certified Solutions Architect Associate
AWS Certified Cloud Practitioner

Below AWS practice tests has two different Modes

Learning Mode: 25 questions per test with answers and explanation, no time limit, repeat tests
Exam Mode: 75 questions per test (similar to real AWS exam), 180 minutes, repeat tests

AWS Certified Solutions Architect Professional – Learning Mode

/25

1 votes, 5 avg

AWS Certified Solutions Architect Professional - Learning Mode

1 / 25

After setting up an EC2 security group with a cluster of 20 EC2 instances, you find an error in the security group settings. You quickly make changes to the security group settings. When will the changes to the settings be effective?

The settings will be effective only for the new instances added to the security group.

The settings will be effective for all the instances only after 30 minutes

The settings will be effective only when all the instances are restarted

The settings will be effective immediately for all the instances in the security group.

Explanation

Amazon Redshift applies changes to a cluster security group immediately. So if you have associated the cluster security group with a cluster, inbound cluster access rules in the updated cluster security group apply immediately.

Explanation

2 / 25

You are performing some testing of an application in development and wish to delete the parts of a multipart upload after a mistake is made with part numbering. Which command would you run to stop the upload and delete all the parts?

Delete multipart upload

Cancel multipart upload

Remove multipart upload

Abort multipart upload

Explanation

To delete the parts of a failed multipart upload so that you do not get charged for storage of those parts, you must use the command “Abort Multipart Upload” and provide the upload ID of upload you wish to abort. After aborting a multipart upload, you cannot upload any part using that upload ID again. All storage that any parts from the aborted multipart upload consumed is then freed.

Explanation

3 / 25

After reviewing the reports from AWS Trusted Advisor, your company has decided to enable multi-factor authentication for IAM users and the root account. Which of the following MFA options can be used for both account types? (Choose 2 answers)

AWS Security Token Service

SNS Notification Service

A software-based Virtual MFA device

Hardware MFA Device

Explanation

For increased security, AWS recommends that you configure multi-factor authentication (MFA) to help protect your AWS resources. MFA adds extra security because it requires users to enter a unique authentication code from an approved authentication device or SMS text message when they access AWS websites or services. This type of MFA requires you to assign an MFA device (hardware or virtual) to the IAM user or the AWS root account.

Explanation

4 / 25

You are responsible for a web application where the web server instances are hosted in auto-scaling group. You discover the following after monitoring your application workload for the past year:

You need a minimum of nine EC2 instances to handle the lowest levels of activity during non-business hours.
During local business hours, you require between 12-16 instances.
Roughly 35 percent of non-business workload involves backend data processing and analysis.

With this information, what recommendations would you make to minimize operating costs while providing the required availability?

Purchase 6 standard reserved instances to handle minimum workload. Purchase 6 convertible reserved instances to run during local business hours, and on-demand instances to handle additional capacity needs. Purchase scheduled reserved instances to handle the data processing workload

Purchase 6 standard reserved instances to handle minimum workload. Purchase 6 scheduled reserved instances to run during local business hours, and on-demand instances to handle additional capacity needs. Purchase spot instances to handle the data processing workload.

Purchase nine convertible reserved instances to handle the minimum workload. Purchase three scheduled reserved instances to run during local business hours. Purchase spot instances to handle additional capacity needs. Purchase scheduled reserved instances to handle the data processing workload

Purchase nine standard reserved instances to handle the minimum workload. Purchase three scheduled reserved instances to run during non-business hours. Purchase spot instances to handle additional capacity needs

Explanation

The spot instances are ideal for the data processing workload during non-business hours, and deducting those instances from your minimum workload requirements leaves roughly six instances that are running all day. Purchase six standard reserved instances to meet this need with the greatest discount. You can then schedule reserved instances to run during business hours to meet the increase, and on-demand instances to scale as needed while providing necessary availability.

Explanation

5 / 25

You are an AWS Solutions Architect helping a client plan a migration to the AWS Cloud. The client has provided you with a detailed inventory of their current on-premises compute infrastructure, including metrics related to storage and bandwidth. What tool would you use to estimate the amount of money they will save by migrating to the AWS Cloud?

Detailed Billing Reports

Trusted Advisor

Cost Explorer

TCO Calculator

Explanation

The TCO (Total Cost of Ownership) Calculator is used to calculate savings given information about the user’s current environment.

Explanation

The TCO (Total Cost of Ownership) Calculator is used to calculate savings given information about the user’s current environment.

6 / 25

You are a DBA at a rapidly growing company and you want to shorten failover time for your Amazon RDS SQL Server database. Which strategies will shorten failover time? (Choose 2 answers)

Configure the health check using shorter intervals.

Use smaller transactions

Ensure you have provisioned sufficient IOPS.

Use larger transactions.

Explanation

Recovery takes IOPS; therefore, insufficient IOPS will slow down failover time. Database recovery relies on transactions; therefore, smaller transactions will shorten failover time.

Explanation

Recovery takes IOPS; therefore, insufficient IOPS will slow down failover time. Database recovery relies on transactions; therefore, smaller transactions will shorten failover time.

7 / 25

Your team is developing an application using Elastic Beanstalk and discussing the most appropriate environment for deployment. What two types of environments can be created when using Elastic Beanstalk? (Choose 2 answers)

Single-instance environment

Multi-region, multiple-instance environment

Load-balancing and auto-scaling environment

Web worker environment

Explanation

In Elastic Beanstalk, you can create a load-balancing, autoscaling environment or a single-instance environment. The type of environment that you require depends on the application that you deploy. For example, you can develop and test an application in a single-instance environment to save costs and then upgrade that environment to a load-balancing, autoscaling environment when the application is ready for production.

Explanation

8 / 25

You are creating a custom Virtual Private Cloud (VPC) which will host a mix of public and private instances. An EC2 instance has been deployed to one of the public subnets in this VPC. What are the configurations that have to be implemented to make this instance accessible from the internet? (Choose 3 answers)

Attach an Internet gateway to the VPC and add a default route to the IGW in public subnet's route table

Make sure the instance has a public IP address

Edit security group to allow traffic to and from the internet on required ports

Create a new record set and custom domain name for the new instance in Route 53

Explanation

Public and private subnets, except for the default VPC, do not automatically have Internet access enabled. To enable access to or from the Internet for instances in a VPC subnet, you must do the following:

Attach an Internet gateway to your VPC.
Ensure that your subnet's route table points to the Internet gateway.
Ensure that instances in your subnet have a globally unique IP address (public IPv4 address, Elastic IP address, or IPv6 address).
Ensure that your network access control and security group rules allow the relevant traffic to flow to and from your instance

Explanation

Attach an Internet gateway to your VPC.
Ensure that your subnet's route table points to the Internet gateway.
Ensure that instances in your subnet have a globally unique IP address (public IPv4 address, Elastic IP address, or IPv6 address).
Ensure that your network access control and security group rules allow the relevant traffic to flow to and from your instance

9 / 25

Your client wants to implement scalable but cost-effective storage while maintaining data security. You recommend using AWS Storage Gateway and set up an instance as a cached volume gateway for low latency. You immediately realize that you need to access the storage on the gateway. Which method would you use?

Fibre

iSCSI

NFS

CIFS

Explanation

AWS Storage Gateway enables applications that are clustered using Windows Server Failover Clustering (WSFC) to use the iSCSI initiator to access a gateway's volumes. However, connecting multiple hosts to the same iSCSI target is not supported. When using Red Hat Enterprise Linux (RHEL), you use the iscsi-initiator-utils RPM package to connect to your gateway iSCSI targets (volumes or VTL devices).

Explanation

10 / 25

You have determined specific instances will need to be resized by either scaling the instance(s) up or down.

What basic rules apply when resizing EC2 instances? (Choose 2 answers

Instances need to be from the same AMI

You can only resize spot or on-demand instances but not reserved instances

Instances with limited storage compatibility require migration instead of resizing

Instances need to have the same virtualization type

Explanation

When you resize an instance, you must select an instance type that is compatible with the configuration of the instance. If the instance type that you want is not compatible with the instance configuration you have, then you must migrate your application to a new instance with the instance type that you need. As your needs change, you might find that your instance is over-utilized (the instance type is too small) or under-utilized (the instance type is too large). If this is the case, you can change the size of your instance. For example, if your t2.micro instance is too small for its workload, you can change it to an m3. medium instance

Explanation

11 / 25

You are designing monitoring and operation management for your environment on AWS and in the process of deciding which metrics to start with for your monitoring. Which of the following metrics should be included in your initial monitoring plan at a minimum? (Choose 3 answers)

Volume Queue Length

CPU Utilization

Memory Utilization

Disk Performance (Read and Write OPS)

Explanation

To establish a baseline you should, at a minimum, monitor the following items:

CPU Utilization
Memory Utilization
Network Utilization
Disk Performance
Disk Space.

Explanation

To establish a baseline you should, at a minimum, monitor the following items:

CPU Utilization
Memory Utilization
Network Utilization
Disk Performance
Disk Space.

12 / 25

You are an administrator managing Windows File Servers in Amazon Web Services. You need to set up a fault-tolerant system to protect your shared files. You decide to use DFS Namespaces and DFS Replication.

Which of the following are prerequisites? (Choose 2 answers)

File servers running Windows Server 2008 R2

The File Server Resource Manager role installed by your domain controllers

An Active Directory Schema of 2008 R2 or later

File servers running Windows Server 2012 R2

Explanation

The technical requirements are file servers running Windows Server 2012 R2 and an Active Directory Schema of at least Server 2008 R2.

Explanation

The technical requirements are file servers running Windows Server 2012 R2 and an Active Directory Schema of at least Server 2008 R2.

13 / 25

You are migrating your Oracle database using the AWS Database Migration Service. Due to a large amount of data being replicated, you need the replication process to be continuous. What must be changed on your replication instance to use ongoing replication?

Disable Multi-AZ on the target instance

Enable the Multi-AZ option on the replication instance.

Disable backups on the target instance

Increase the number of tables that are cached in RAM.

Explanation

Enabling the Multi-AZ option provides high availability and failover support for the replication instance

Explanation

Enabling the Multi-AZ option provides high availability and failover support for the replication instance

14 / 25

You have started your own consulting business and have been contracted by a doctors office to help move their outdated scheduling and billing system to the cloud. One feature you have offered at low cost is a disaster recovery solution that will keep their offices operational with minimal downtime. You've configured a standby EC2 instance that can be spun up in minutes. What feature can be quickly attached to the standby EC2 instance in a failover situation, to get the standby operational as quickly as possible?

MAC address

IPv6 address

Elastic Load Balancer

Elastic Network Interface

Explanation

An elastic network interface is a virtual network interface that you can attach to an instance in a VPC. Network interfaces are available only for instances running in a VPC. If one of your instances serving a particular function fails, its network interface can be attached to a replacement or hot standby instance pre-configured for the same role to rapidly recover the service.

Explanation

15 / 25

You are in the process of planning your backup strategy between an on-premises data center and AWS cloud. You are considering Storage Gateway technology for backup and restore in your hybrid environment. What are the primary factors that affect Backup and Recovery times when using Storage Gateways? (Choose 2 answers)

Amount of data required for backup each day after on-premise data deduplication and compression

Compute power of on-premises instances that need to be backed up

Net available bandwidth between on-premises and AWS over the public internet or Direct Connect line.

Amount of data required for backup each day before on-premise data deduplication and compression

Explanation

Storage gateways interact with AWS over the public Internet or direct connect. You will need to know the amount of data per day that needs to be transferred to Amazon S3 and the net available bandwidth of your network connection. Storage Gateway is capable of running data compression, and comparison so only changed data is being backed up.

Explanation

16 / 25

One of your customers is a large multi-national company whose infrastructure on AWS has grown significantly over the past year. The CIO has come to you asking how the huge amount of data that is being generated can be accessed in real-time which would give them a significant edge over all of their competitors. You know that AWS can provide a range of analytics but which of the following would be best to try and accomplish this?

Amazon EMR

Amazon Kinesis

Amazon Elasticsearch

AWS Data Pipeline

Explanation

Amazon Kinesis is a fully managed service for real-time processing of streaming data at massive scale. Amazon Kinesis can continuously capture and store terabytes of data per hour from hundreds of thousands of sources such as website clickstreams, financial transactions, social media feeds, IT logs, and location-tracking events. With Amazon Kinesis Client Library (KCL), you can build Amazon Kinesis Applications and use streaming data to power real-time dashboards, generate alerts, implement dynamic pricing and advertising, and more.

Explanation

17 / 25

Your developers have created a sales application that works in tandem with the no SQL database. To ensure the fastest response for the application in production, the developers wish to remove the need to wait for acknowledgments from the database to the application after data have been sent. The acknowledgments can be stored and accessed asynchronously. Which managed application would be the best choice for their design?

CloudWatch Logs

Simple Queue Service

AWS Config

Simple Workflow Service

Explanation

SQS allows you to quickly build hosted and scalable message queuing applications that can run on any computer. SQS stores messages in transit between diverse, distributed application components without losing messages and without requiring each component to be always available

Explanation

18 / 25

Which of the following strategies can be used to control access to your Amazon EC2 instances?

None of the above

DB security groups

EC2 security groups

IAM Policies

Explanation

IAM policies allow you to specify what actions your IAM users are allowed to perform against your EC2 Instances. However, when it comes to access control, security groups are what you need in order to define and control the way you want your instances to be accessed, and whether or not certain kind of communications are allowed or not.

Explanation

19 / 25

Your organization is thinking of running parts of their workload on AWS while keeping the critical and sensitive servers on-premises with continuous connectivity between instances in AWS and corporate data center. In such a hybrid cloud environment what are the minimum requirements to maintain resilient continuous connectivity between AWS and corporate data center?

A primary and a backup direct connect line connected to the primary router in the corporate data center

A primary and a backup direct connect line and at least two routers in the corporate data center

A primary direct connect line connected to at least two routers in the corporate data center

A primary direct connect line and a VPN connection for backup connected to the corporate primary router

Explanation

In Hybrid cloud environment where connectivity between AWS and Corporate datacenter is critical, redundant active/active or active/passive configurations should be implemented for connectivity resources. redundancy has to be on both sides (AWS and On-premises) hence the minimum requirements to implement this architecture is two direct connect lines and two customer devices (ideally in two different data centers)

Explanation

20 / 25

You have 4 Direct Connect (DX) connections to your VPC from your Chicago, Boston, Houston, and Orlando offices. Your VPC’s address range is 10.20.0.0/16. You are using BGP routing. You would like to ensure AWS uses the Chicago connection to reach the IP addresses ranging from 10.20.30.0-10.20.30.127 on your network. The other three locations are currently advertising the following routes:

Boston: 10.20.0.0/16 AS 65000

Houston: 10.20.30.0/24 AS 65000 65000

Orlando: 10.20.30.254/32 AS 65000 65000 65000

Which of the following routes could you advertise from your Chicago connection to ensure AWS uses it to access IP addresses ranging from 10.20.30.0-10.20.30.127?

10.20.30.128/26 AS 65000

10.20.128.0/17 AS 65000

10.20.30.0/25 AS 65000 65000 65000

10.20.30.0/23 AS 65000 65000

Explanation

AWS will choose the most specific route first. If routes are equal after checking for the most specific routes, AWS will use AS path prepending to determine which route is preferred. In this example, 10.20.30.0/25 is more specific than 10.20.30.0/24 and 10.20.0.0/16, so AS path prepending will not matter. The other options are either outside of the address range in question (10.20.30.128/26 and 10.20.128.0/17) or less specific than the route advertised by Houston (10.20.30.0/23). The route advertised from Orlando, 10.20.30.254/32, identifies a single IPv4 address that is outside of the range in question

Explanation

21 / 25

You are responsible for maintaining an RDS database deployed in a Multi-AZ deployment architecture. What would be the downtime and/or failover cycle associated with maintenance events on your database? (Choose 2 answers)

Maintenance will be applied to standby instance first.

Maintenance will be applied to the primary instance first

The old primary will be promoted back to the new primary after maintenance

Standby instance will become the new primary after maintenance

Explanation

Running a DB Instance as a Multi-AZ deployment can further reduce the impact of a maintenance event because Amazon RDS will conduct maintenance by following these steps: Perform maintenance on the standby.

Perform maintenance on the standby.
Promote the standby to primary.
Perform maintenance on the old primary, which becomes the new standby.

Explanation

Perform maintenance on the standby.
Promote the standby to primary.
Perform maintenance on the old primary, which becomes the new standby.

22 / 25

Which statements below correctly describe how a security group functions in the AWS cloud? (Choose 2 answers)

Security groups are stateless

If there are multiple security groups, the most restrictive one is used

Every instance must have at least one assigned security group.

Security groups control traffic at the instance level

Explanation

Security Groups are essentially stateful firewalls at the instance level. Security Groups are associated with instances at launch time, and restrict or allow traffic based on port, protocol, and source/destination.

Explanation

23 / 25

You are an engineer at a large bank, responsible for managing your firm’s AWS infrastructure. As the environment and number of active resources continue to grow, your finance team is having a difficult time attributing your AWS costs to the various business units. How can you help the finance team assign costs to the correct business units? (Choose 2 answers)

Tag all resources with the appropriate business unit.

Set up consolidated billing

Give them access to TCO calculator.

Enable Cost and Usage reports.

Explanation

By tagging all resources with the business unit and enabling detailed billing reports, you would enable the finance team to run cost reports by business unit.

Explanation

By tagging all resources with the business unit and enabling detailed billing reports, you would enable the finance team to run cost reports by business unit.

24 / 25

Which type of IAM role is pre-defined, and can only be edited in a limited number of cases?

AWS Service Roles

AWS Service-Linked Roles

Identity Provider Access Roles

Cross-Account Access Roles

Explanation

The method that you use to edit a service-linked role depends on the service. Some services might allow you to edit the permissions for a service-linked role from the service console, API, or CLI. However, after you create a service-linked role, you cannot change the name of the role because various entities might reference the role. You can edit the description of any role from the IAM console, API, or CLI.

For information about which services support using service-linked roles, see AWS Services That Work with IAM and look for the services that have Yes in the Service-Linked Role column. To learn whether the service supports editing the service-linked role, choose the Yes link to view the service-linked role documentation for that service.

Explanation

25 / 25

You receive a bill from AWS but are confused because you see you are incurring different costs for the exact same storage size in different regions on Amazon S3. You ask AWS why this is so. What response would you expect to receive from AWS?

It must be a mistake

We charge less in different time zones.

This will balance out next bill.

We charge less where our costs are less.

Explanation

Amazon S3 is storage for the Internet. It's a simple storage service that offers software developers a highly-scalable, reliable, and low-latency data storage infrastructure at very low costs. AWS charges less where their costs are less. For example, their costs are lower in the US Standard Region than in the US West (Northern California) Region.

Explanation

Your score is

LinkedIn Facebook Twitter

Please rate your experience to help us improve !

AWS Certified Solutions Architect Professional – Exam Mode

/75

0 votes, 0 avg

Click Start button to start exam !

Time Out !

1 / 75

Which statements below correctly describe how a security group functions in the AWS cloud? (Choose 2 answers)

Security groups are stateless

If there are multiple security groups, the most restrictive one is used

Every instance must have at least one assigned security group.

Security groups control traffic at the instance level

Explanation

2 / 75

Your company is planning to deploy a hybrid environment linking their on-premise database to an application hosted at AWS. When considering performance rather than security, what are key concerns when designing a network between AWS and the on-site database? (Choose 2 answers)

Control of data resources

Network latency

Network bandwidth

Private network access

Explanation

Since the database is not located in the same location as the application servers, network latency and bandwidth could potentially be an issue

Explanation

Since the database is not located in the same location as the application servers, network latency and bandwidth could potentially be an issue

3 / 75

You need to design secure administrative access to application servers residing in private subnets in multiple availability zones. You require a select group of administrators to have access from specific IP addresses. You also want the solution to be automated and repeatable. Which of the following options could achieve your goals? (Choose 2 answers)

Cloud Formation

Elastic Beanstalk

NAT Gateway

Quick Start

Explanation

Quick Start is a new solution that is worth checking out. You can use IAM with AWS CloudFormation to control what users can do with AWS CloudFormation. Amazon provides Amazon Linux AMIs that are configured to run as NAT instances. Elastic Beanstalk is primarily for web applications only

Explanation

4 / 75

One of your developers is creating an application that must upload large files to an S3 bucket. You suggest that they use the multipart upload feature. Which actions are required from the developer to complete a multipart upload? (Choose 2 answers)

Upload each part with an upload ID and a part number.

Create ordered ETag values to label each part.

Construct the final object from the parts.

Send a request to initiate a multipart upload

Explanation

When you send a request to initiate a multipart upload, Amazon S3 returns a response with an upload ID, which is a unique identifier for your multipart upload. You must include this upload ID whenever you upload parts, list the parts, complete an upload, or abort an upload. When uploading a part, in addition to the upload ID, you must specify a part number that uniquely identifies a part and its position in the object you are uploading. Amazon S3 returns an ETag header in its response. For each part upload, you must record the part number and the ETag value for use in each subsequent request.

Explanation

5 / 75

You are managing cloud storage for your company, which wants the technical staff to have some latitude in managing the buckets under your supervision. In an effort to increase visibility and accountability on bucket management, you'd like to know who is accessing the buckets and to be notified of delete actions.

What features can provide this information for S3 buckets? (Choose 2 answers)

Enable S3 Server Access Logs on the buckets

Enable CloudWatch Logs

Turn on S3 Event Notifications for delete actions

View the S3 event logs

Explanation

S3 Event Notifications can be set up on objects stored in S3. An event could be set up to notify when a delete is performed. Logging is turned off by default but can be enabled. When enabled, they can track requests to your S3 bucket.

S3 Server Access Logging tracks detailed information not currently available with CloudWatch metrics or CloudTrail logs. To track requests for access to your bucket, you can enable access logging. Each access log record provides details about a single access request, such as the requester, bucket name, request time, request action, response status, and error code, if any. Access log information can be useful in security and access audits. It can also help you learn about your customer base and understand your Amazon S3 bill.

Explanation

6 / 75

Your team has found that a client's load balancer needs to be configured with support for SSL offload using the default security policy. When negotiating the SSL connections between the client and the load balancer, you want the load balancer to determine which cipher is used for the SSL connection. Which actions perform this process on the load balancer? (Choose 3 answers)

Enable SSL offload.

Select the default security policy.

Select a client configuration preference option

Choose the server order preference option

Explanation

Elastic Load Balancing uses a Secure Socket Layer (SSL) negotiation configuration, known as a security policy, to negotiate SSL connections between a client and the load balancer. A security policy is a combination of SSL protocols, SSL ciphers, and the Server Order Preference option.

Explanation

7 / 75

You have determined specific instances will need to be resized by either scaling the instance(s) up or down.

What basic rules apply when resizing EC2 instances? (Choose 2 answers

You can only resize spot or on-demand instances but not reserved instances

Instances with limited storage compatibility require migration instead of resizing

Instances need to have the same virtualization type

Instances need to be from the same AMI

Explanation

8 / 75

You need to create a JSON-formatted text file for AWS CloudFormation. This is your first template and the only thing you know is that the templates include several major sections but there is only one that is required for it to work. What is the only section required?

Resources

Mappings

Conditions

Outputs

Explanation

AWS CloudFormation is a service that helps you model and set up your Amazon Web Services resources so that you can spend less time managing those resources and more time focusing on your applications that run in AWS. You create a template that describes all the AWS resources that you want (like Amazon EC2 instances or Amazon RDS DB instances), and AWS CloudFormation takes care of provisioning and configuring those resources for you. A template is a JSON-formatted text file that describes your AWS infrastructure. Templates include several major sections. The Resources section is the only section that is required. The first character in the template must be an open brace ({), and the last character must be a closed brace (}). The following template fragment shows the template structure and sections

Explanation

9 / 75

You have been charged with investigating cloud security options for your company in light of recent suspected threats. You are aware that certain AWS services can help mitigate DDoS attacks, and you are specifically looking for a service that provides protection from counterfeit requests (Layer 7) or SYN floods (Layer 4). Which services provide this protection? (Choose 2 answers)

CloudFront with AWS Shield

Route 53

Amazon API Gateway

VPC Security Groups

Explanation

Amazon API Gateway automatically protects your backend systems from distributed denial-of-service (DDoS) attacks, whether attacked with counterfeit requests (Layer 7) or SYN floods (Layer 3). Additional reading is available here (https://aws.amazon.com/api-gateway/faqs/).

AWS Shield Advanced includes intelligent DDoS attack detection and mitigation for not only for the network layer (layer 3) and transport layer (layer 4) attacks but also for application layer (layer 7) attacks.

NACLs do not provide DDoS mitigation. They are used to control ingress and egress into a subnet based on port and source IP range. Route 53 can protect against DNS based DDoS attacks but does not protect entire layers. Elastic Load Balancing can protect EC2 instances specifically, but not other AWS resources.

Explanation

10 / 75

You are a DBA at a rapidly growing company and you want to shorten failover time for your Amazon RDS SQL Server database. Which strategies will shorten failover time? (Choose 2 answers)

Configure the health check using shorter intervals.

Use larger transactions.

Use smaller transactions

Ensure you have provisioned sufficient IOPS.

Explanation

Recovery takes IOPS; therefore, insufficient IOPS will slow down failover time. Database recovery relies on transactions; therefore, smaller transactions will shorten failover time.

Explanation

Recovery takes IOPS; therefore, insufficient IOPS will slow down failover time. Database recovery relies on transactions; therefore, smaller transactions will shorten failover time.

11 / 75

Cancel multipart upload

Remove multipart upload

Delete multipart upload

Abort multipart upload

Explanation

12 / 75

You have begun your migration into Amazon Web Services using the AWS Database Migration Service. You are pleased that there are no errors; however, the migration tasks are running slowly. You review the resources that have been assigned to the AWS DMS replication instance, and they seem to be adequate. Which other task could you perform to help speed up the initial migration tasks?

Increase the IOPs on the replication instance.

Enable multi-availability zones on the target database instance.

Reduce the frequency of automatic backups.

Turn off all logging on the target database

Explanation

Turning off automatic backups or logging on the target database during the migration will help increase the speed of the initial migration load.

Explanation

Turning off automatic backups or logging on the target database during the migration will help increase the speed of the initial migration load.

13 / 75

A root account owner has created an S3 bucket named 'testmycloud'. The account owner wants to allow separate AWS accounts to upload objects, and require the separate accounts to manage permissions for their uploaded objects.

Which choice is the easiest way to achieve this?

The root account owner should create an S3 bucket policy allowing other account owners to set the object permissions for that bucket.

The root account owner should create an S3 bucket policy allowing specified IAM users with separate AWS accounts to upload content to the bucket.

The root account should create an S3 Bucket Access Control List (ACL) for the bucket allowing separate AWS accounts to upload content to the bucket.

The root account should create the IAM users for separate AWS accounts, and provide them the permission to upload content to the bucket.

Explanation

Each Amazon S3 bucket and object has an ACL (Access Control List) associated with it. An ACL is a list of grants identifying the grantee and the permission granted. The user can use ACLs to grant basic read/write permissions to other AWS accounts. ACLs use an Amazon S3–specific XML schema. The user cannot grant permissions to other users in his account. ACLs are suitable for specific scenarios. For example, if a bucket owner allows other AWS accounts to upload objects, permissions to these objects can only be managed using the object ACL by the AWS account that owns the object

Explanation

14 / 75

You are assisting an IT administrator for a client company over the phone. The administrator has created a public subnet and had added two EC2 instances to this subnet. But he is unable to access the Internet from these new EC2 instances and is asking for your assistance. What general checks can he make to ensure proper configuration and Internet access? (Choose 3 answers)

He should check that an Internet Gateway is configured and that the route table routes Internet traffic to the Internet gateway.

He should check that an Virtual Private Gateway is configured and that the route table routes internet traffic to the Internet gateway.

He should check that the EC2 instances have either a public IP address or an Elastic IP address.

He should check to ensure Network ACLs and Security Groups allow ingress and egress.

Explanation

To enable access to or from the Internet for instances in a VPC subnet, you must do the following:

Attach an Internet gateway to your VPC.
Ensure that your subnet's route table points to the Internet gateway.
Ensure that instances in your subnet have a globally unique IP address (public IPv4 address, Elastic IP address, or IPv6 address).
Ensure that your network access control and security group rules allow the relevant traffic to flow to and from your instance.

Explanation

To enable access to or from the Internet for instances in a VPC subnet, you must do the following:

Attach an Internet gateway to your VPC.
Ensure that your subnet's route table points to the Internet gateway.
Ensure that instances in your subnet have a globally unique IP address (public IPv4 address, Elastic IP address, or IPv6 address).
Ensure that your network access control and security group rules allow the relevant traffic to flow to and from your instance.

15 / 75

Making use of a(n) ____ when creating instances in Amazon EC2 is your best solution for providing the lowest latency network communication between multiple instances in EC2.

virtual cluster

virtual private cloud

isolated network

cluster placement group

Explanation

A cluster placement group is a logical grouping of instances within a single AWS Availability Zone. Placement groups are recommended for applications that benefit from low network latency, high network throughput, or both. To provide the lowest latency, and the highest packet-per-second network performance for your placement group, choose an instance type that supports enhanced networking.

Explanation

16 / 75

A user has suspended the Auto Scaling process and updates the desired capacity of the Auto Scaling group. Which statements below is correct regarding this update?

The desired capacity will not get updated as scaling is frozen

The Auto Scaling will not allow modification of the desired capacity during the suspended process state

The scaling activity will happen as this is manual scaling

The desired capacity will get updated, but the scaling activity will not happen

Explanation

The user may want to stop the automated scaling processes on the Auto Scaling groups either to perform manual operations or during emergency situations. To perform this, the user can suspend one or more scaling processes at any time. When the process is suspended and the user changes the desired capacity, the changes will take effect, but Auto Scaling will not be executed. Thus, the scaling activity will not happen even though there is a difference between the desired capacity and the current capacity.

Explanation

17 / 75

A scope has been handed to you to set up a super-fast gaming server and you decide that you will use Amazon DynamoDB as your database. For efficient access to data in a table, Amazon DynamoDB creates and maintains indexes for the primary key attributes. A secondary index is a data structure that contains a subset of attributes from a table, along with an alternate key to support Query operations. How many types of secondary indexes does DynamoDB support?

As many as you need

Explanation

DynamoDB supports two types of secondary indexes: Local secondary index --an index that has the same hash key as the table, but a different range key. A local secondary index is "local" in the sense that every partition of a local secondary index is scoped to a table partition that has the same hash key. Global secondary index --an index with a hash and range key that can be different from those on the table. A global secondary index is considered "global" because queries on the index can span all of the data in a table, across all partitions

Explanation

18 / 75

You work for a company that automatically tags photographs using artificial neural networks (ANNs), which run on GPUs using C++. You receive millions of images in one batch, with an average of 3 batches per day. These images are loaded into an Amazon S3 bucket you control for you in a batch, and then the customer publishes a JSON-formatted manifest into another S3 bucket you control as well. Each image takes 10 milliseconds to process using a full GPU. Your neural network software requires 5 minutes to bootstrap. Image tags are JSON objects, and you must publish them to an S3 bucket.

Which of these is the best system architectures for this system?

Make an S3 notification configuration which publishes to AWS Lambda on the manifest bucket. Make the Lambda create a CloudFormation Stack which contains the logic to construct an autoscaling worker tier of EC2 G2 instances with the ANN code on each instance. Create an SQS queue of the images in the manifest. Tear the stack down when the queue is empty.

Create an Auto Scaling, Load Balanced Elastic Beanstalk worker tier Application, and Environment. Deploy the ANN code to G2 instances in this tier. Set the desired capacity to 1. Make the code periodically check S3 for new manifests. When a new manifest is detected, push all of the images in the manifest into the SQS queue associated with the Elastic Beanstalk worker tier.

Create an OpsWorks Stack with two Layers. The first contains lifecycle scripts for launching and bootstrapping an HTTP API on G2 instances for ANN image processing, and the second has an always-on instance which monitors the S3 manifest bucket for new files. When a new file is detected, request instances to boot on the ANN layer. When the instances are booted and the HTTP APIs are up, submit processing requests to individual instances

Deploy your ANN code to AWS Lambda as a bundled binary for the C++ extension. Make an S3 notification configuration on the manifest, which publishes to another AWS Lambda running controller code. This controller code publishes all the images in the manifest to AWS Kinesis. Your ANN code Lambda Function uses the Kinesis as an Event Source. The system automatically scales when the stream contains image events

Explanation

The Elastic Beanstalk option is incorrect because it requires a constantly-polling instance, which may break and costs money.

The Lambda fleet option is incorrect because AWS Lambda does not support GPU usage.

The OpsWorks stack option both requires a constantly-polling instance, and also requires complex timing and capacity planning logic.

The CloudFormation option requires no polling, has no always-on instances, and allows arbitrarily fast processing by simply setting the instance count as high as needed.

Explanation

The Elastic Beanstalk option is incorrect because it requires a constantly-polling instance, which may break and costs money.

The Lambda fleet option is incorrect because AWS Lambda does not support GPU usage.

The OpsWorks stack option both requires a constantly-polling instance, and also requires complex timing and capacity planning logic.

The CloudFormation option requires no polling, has no always-on instances, and allows arbitrarily fast processing by simply setting the instance count as high as needed.

19 / 75

After monitoring your online sales application for the last two weeks of holiday sales, it is apparent that your database tier’s current architectural design is not sufficient. Your database is currently managed within Amazon RDS. The decision is made to scale your instance to a greater size based on database recommendations from the vendor. Your current database storage type is magnetic, and storage usage is currently at 70%.

Which modifications could potentially improve the performance of your database? (Choose 2 answers)

Increase the currently allocated storage space

Decrease the currently allocated storage space

Increase the number of read replicas.

Change the storage type to general-purpose SSD.

Explanation

When scaling a database, you can increase the storage capacity of a DB Instance up to a maximum of 64 terabytes (TiB). Please note that scaling the storage allocation with Amazon RDS does not incur a database outage. The performance will be increased as well.

Explanation

20 / 75

Your client has contacted you about an existing AWS cloud environment that they have. They have a large number of T2 large instances in a VPC but have statistics indicating they may need larger instances soon. Another consideration is the company's limited budget to add new instances and/or upgrade its current instances. However, they need to do something and are relying on you to provide a solution. This company has used its existing instances for over 3 years and expects a similar lifespan for any new solution.

What changes would best address the issues with their compute resources? (Choose 2 answers)

Replace T2 large instances with large general purpose instances.

Upgrade to Enhanced Networking instances.

Use spot instances to supplement the existing instances.

Upgrade to standard reserved instances

Explanation

T2 instances are Burstable Performance Instances that provide a baseline level of CPU performance with the ability to burst above the baseline. The baseline performance and ability to burst are governed by CPU Credits. M4 instances are the latest generation of General Purpose Instances. This family provides a balance of compute, memory, and network resources, and it is a good choice for many applications. In this instance, the only option which provides for growth while keeping costs in check is to upgrade to reserved M4 instances on a long term 3 year contract.

Explanation

21 / 75

You are developing a new application in which you need to transfer files over long distances between client-side storage and an S3 bucket. You decide to try sending data to the S3 bucket using S3 Transfer Acceleration. What must you do to achieve this? (Choose 2 answers)

Use the CLI S3 accelerate upload commands.

Use the SDK S3 accelerate upload commands

Turn on S3 Transfer Acceleration for the bucket.

Use the new accelerate endpoints to transfer your data to S3.

Explanation

After you turn on S3 Transfer Acceleration for a bucket, two new endpoints are created for the bucket: one for IPv4 and one for IPv6. You can use either the accelerate endpoints or the standard endpoints if you choose not to use the accelerate feature.

Explanation

22 / 75

A customer needs to migrate several hundred terabytes of data into AWS. You typically use Amazon Snowball for these types of requests. What method does AWS recommend regarding data upload to the Snowball appliance? (Choose 2 answers)

When testing data transfer, avoid long test commands in favor of short ones

Use a single workstation to avoid redundant data transfers to the same Snowball appliance

Use the latest Mac or Linux Snowball client.

Use multiple workstations to run the client software to expedite the transfer.

Explanation

Uploading data to the Snowball Appliance requires a client application. The upload is CPU, memory, and networking intensive. If you are uploading large amounts of data, Amazon recommends that you run the client software on multiple workstations to distribute the load and thereby shorten the time the upload will take.

Explanation

23 / 75

While monitoring your application servers hosted behind an elastic load balancer, you discover that the servers always operate at between 75 and 80% of their capacity after five minutes of operation. Also, there is a constant number of servers being marked as unhealthy very early in their initial lifecycle. Upon further analysis, you also discover that your servers are taking between three and four minutes to become operational after launch. What two tasks should you complete as soon as possible? (Choose 2 answers)

Decrease the length of your scaling cool down period

Increase the maximum number of instances in your auto-scaling group

Increase the size of instances in your launch configuration.

Increase the length of your scaling cool down period

Explanation

A prolonged grace period and a larger number of instances will solve these issues. You can use scaling policies to increase or decrease the number of running EC2 instances in your group automatically to meet changing conditions. When the scaling policy is in effect, the Auto Scaling group adjusts the desired capacity of the group and launches or terminates the instances as needed. If you manually scale or scale on a schedule, you must adjust the desired capacity of the group for the changes to take effect.

Explanation

24 / 75

Your team is setting up DynamoDB for a client. You need to explain to them how DynamoDB tables are partitioned. Which calculations are used to determine the number of partitions that will be created? (Choose 2 answers)

The total RCU divided by 5000 + total WCU divided by 1000

The total RCU divided by 3000 + total WCU divided by 1000

The total table size divided by 10 GB

The total table size divided by 40 GB

Explanation

DynamoDB tables are portioned based on the following: First, calculate total RCU/3000 + total WCU/1000. Then calculate the total size/10 GB. Then round up the higher of the two results.

Explanation

DynamoDB tables are portioned based on the following: First, calculate total RCU/3000 + total WCU/1000. Then calculate the total size/10 GB. Then round up the higher of the two results.

25 / 75

Your client's AWS environment contains several EBS-backed EC2 instances for a project that needs to be postponed.

What choices below will allow you to avoid charges for these on-demand instances, but retain data currently stored within these instances? (Choose 2 answers)

Terminate all the instances.

Stop all the instances

Take a snapshot of all the instances and then terminate all the instances.

Terminate all the instances and then make an image of all the instances.

Explanation

If you stop the instances you will not be charged and the data will still be kept. If you terminate the instances you will lose all your data. If you take a snapshot of all the instances and then terminate all the instances you will not be charged but will still have all your data in the snapshot which can be restored later.

Explanation

26 / 75

Elastic Network Interface

Elastic Load Balancer

IPv6 address

MAC address

Explanation

27 / 75

A major customer has asked you to set up his AWS infrastructure so that it will be easy to recover in the case of a disaster of some sort. Which of the following is important when thinking about being able to quickly launch resources in AWS to ensure business continuity in case of a disaster?

Regularly run your servers, test them, and apply any software updates and configuration changes.

Ensure that you have all supporting custom software packages available in AWS.

Create and maintain AMIs of key servers where fast recovery is required

All items listed here are important when thinking about disaster recovery.

Explanation

In the event of a disaster to your AWS infrastructure you should be able to quickly launch resources in Amazon Web Services (AWS) to ensure business continuity. The following are some key steps you should have in place for preparation: 1. Set up Amazon EC2 instances to replicate or mirror data. 2. Ensure that you have all supporting custom software packages available in AWS. 3. Create and maintain AMIs of key servers where fast recovery is required. 4. Regularly run these servers, test them, and apply any software updates and configuration changes. 5. Consider automating the provisioning of AWS resources.

Explanation

28 / 75

Select the correct statement: Within Amazon EC2, when using Linux instances, the device name /dev/sda1 is .

recommended for EBS volumes

recommended for instance store volumes

reserved for the root device

reserved for EBS volumes

Explanation

Within Amazon EC2, when using a Linux instance, the device name /dev/sda1 is reserved for the root device.

Explanation

Within Amazon EC2, when using a Linux instance, the device name /dev/sda1 is reserved for the root device.

29 / 75

Your company decided to create AWS Account and start moving some workloads to the cloud. The security team would like to utilize the existing identity and access management system which is based on Active Directory to manage access to the new AWS Account. For that reason you decided to use SAML federation to allow users in local identity and access management system access to AWS Services.

Which of the following are primary components in SAML Federation configuration for the new AWS account? (Choose 2 answers)

SAML-Based identity provider has to be available to be used with company's identity store (Active Directory)

IAM trust policy that allows external identity store like Active Directory to be used as the primary IDP for this AWS account

Direct Connect or VPN connectivity must be established between AWS and your company's data center

IAM Roles matching Active Directory groups that you would like to allow access to AWS

Explanation

To enable SAML-Based federation for AWS Account, the following actions are required

1- Inside your organization's network, you configure your identity store (such as Windows Active Directory) to work with a SAML-based identity provider (IdP) like Windows Active Directory Federation Services

2- In IAM, create a new SAML provider, which is an entity in IAM that holds information about your organization's identity provider.

3- You also need to create roles that will map to allowed groups in company's identity store, members of these groups will be presented with set of roles that map to their group membership to choose which role they would like to assume while logging in to AWS console

Explanation

To enable SAML-Based federation for AWS Account, the following actions are required

2- In IAM, create a new SAML provider, which is an entity in IAM that holds information about your organization's identity provider.

30 / 75

Your web-based application has been launched publicly. Your design has implemented auto scaling and classic load balancing and your design is responding to the changes in demand as expected. Over the next few months, during the holiday season, demand is expected to be quite robust. You estimate that 100 EC2 instances will be required to meet your customers’ demand. How should you plan properly for growth? (Choose 2 answers)

Use AWS Trusted Advisor to analyze your workload requirements

Change your auto scaling configuration, setting a desired maximum capacity of 100 instances. Verify your limits allow for this capacity

Add a second load balancer for additional redundancy

Contact Amazon to pre-warm your elastic load balancer to match the expected demands.

Explanation

In certain scenarios, such as when flash traffic is expected, or in the case where a load test cannot be configured to gradually increase traffic, AWS recommends that you have your load balancer "pre-warmed". They will configure the load balancer to have the appropriate level of capacity based on the traffic that you expect. They also need to know the start and end dates of your tests or expected flash traffic, the expected request rate per second and the total size of the typical request/response that you will be testing

Explanation

31 / 75

Your engineers are concerned about application availability during in-place updates to a live Elastic Beanstalk stack. You advise them to consider a blue/green deployment and then list the necessary steps to carry out this deployment. Which steps are valid to include? (Choose 3 answers)

From the new environment’s dashboard, choose Restart Environment

From the new environment’s dashboard, swap environmental URLs and click Swap

Deploy the new version of the application

Clone your current environment

Explanation

Blue/green deployments resolve application unavailability during updates.

To perform a blue/green deployment:

Open the Elastic Beanstalk console.
Clone your current environment, or launch a new environment running the desired configuration.
Deploy the new application version to the new environment.
Test the new version in the new environment.
From the new environment's dashboard, choose Actions and then choose Swap Environment URLs.

Explanation

Blue/green deployments resolve application unavailability during updates.

To perform a blue/green deployment:

Open the Elastic Beanstalk console.
Clone your current environment, or launch a new environment running the desired configuration.
Deploy the new application version to the new environment.
Test the new version in the new environment.
From the new environment's dashboard, choose Actions and then choose Swap Environment URLs.

32 / 75

Your company is migrating its infrastructure to AWS. When considering the migration level effort required, you determine there are a select number of VMs that fall under the “very low effort” category. After considering third-party migration options, you decide to utilize available AWS tools. What tools are available for migrating VMs to the AWS cloud? (Choose 2 answers)

AWS VM Import

AWS Snowmobile

AWS S3 Import

AWS Snowball

Explanation

Both Snowball and VM Import can be used to migrate VMs. Snowball mitigates any bandwidth issues that may occur when using VM Import with standard Internet connections.

Explanation

Both Snowball and VM Import can be used to migrate VMs. Snowball mitigates any bandwidth issues that may occur when using VM Import with standard Internet connections.

33 / 75

Boston: 10.20.0.0/16 AS 65000

Houston: 10.20.30.0/24 AS 65000 65000

Orlando: 10.20.30.254/32 AS 65000 65000 65000

Which of the following routes could you advertise from your Chicago connection to ensure AWS uses it to access IP addresses ranging from 10.20.30.0-10.20.30.127?

10.20.30.128/26 AS 65000

10.20.128.0/17 AS 65000

10.20.30.0/25 AS 65000 65000 65000

10.20.30.0/23 AS 65000 65000

Explanation

34 / 75

You need to change a deployed Elastic Beanstalk environment to provide additional performance for EC2 instances that a client is currently running on their application. To change your instance count for Elastic Beanstalk, select the necessary steps (in any order). (Choose 3 answers)

Change the Minimum Instance Count and then Apply

Open a command prompt window and execute the command change-elastic-beanstock -env.

Choose Configuration and then choose Scaling.

Open the Elastic Beanstalk console and navigate to the management page

Explanation

Elastic Beanstalk environments can be changed after creation. For example, if you have a compute-intensive application, you can change the type of Amazon EC2 instance that is running your application. To do this, you use the Scaling option in the management page of the Elastic Beanstalk console and change the minimum instance count.

Explanation

35 / 75

Amazon Kinesis

Amazon Elasticsearch

AWS Data Pipeline

Amazon EMR

Explanation

36 / 75

Detailed Billing Reports

Trusted Advisor

Cost Explorer

TCO Calculator

Explanation

The TCO (Total Cost of Ownership) Calculator is used to calculate savings given information about the user’s current environment.

Explanation

The TCO (Total Cost of Ownership) Calculator is used to calculate savings given information about the user’s current environment.

37 / 75

Which of the following are prerequisites? (Choose 2 answers)

An Active Directory Schema of 2008 R2 or later

File servers running Windows Server 2008 R2

The File Server Resource Manager role installed by your domain controllers

File servers running Windows Server 2012 R2

Explanation

The technical requirements are file servers running Windows Server 2012 R2 and an Active Directory Schema of at least Server 2008 R2.

Explanation

The technical requirements are file servers running Windows Server 2012 R2 and an Active Directory Schema of at least Server 2008 R2.

38 / 75

The IAM administrator is trying to create IAM groups and IAM users for employees within numerous separate company departments. The owner has created groups for each department, but needs even further separation between department subgroups within IAM groups. For example, two users from different department subgroups should be identified separately and have separate permissions.

How can the IAM administrator configure this?

Create a nested IAM group

It is not possible to subdivide IAM users within an IAM group

Use the paths to separate IAM users within the same IAM group

Create a hierarchy of separate IAM users based on their department

Explanation

The path functionality within an IAM group and user allows them to delineate by further levels. In this case, the user needs to use the path with each user or group so that the ARN of the user will look similar to:

arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/user1
arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/user2

Explanation

arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/user1
arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/user2

39 / 75

_____ is a useful and powerful tool within Billing and Cost Management. It allows you to view historical billing information in a graphical format giving you greater insight to your AWS spend.

Consolidated Billing

AWS Budgets

AWS Cost Explorer

Cost Allocation Tags

Explanation

Cost Explorer, this is a useful and powerful tool within Billing and Cost Management. It allows you to view historical billing information in a graphical format giving you greater insight to your AWS spend. A valuable tool that can help to identify where you should be focusing your cost optimization efforts. It also can forecast your estimated spend up to two months ahead using existing data as a reference. If you can see that your estimated future bills are becoming too high, you have the time now to identify where you can make and initiate cost reduction mechanisms to help mitigate the risk.

Cost Explorer comes configured with three pre-defined views which are commonly used to analyze spending across your account:

Monthly Spend by Service view - this covers the current and previous two months and is grouped by AWS services
Monthly Spend by Linked Account View - this covers the current and previous two months and is grouped by linked accounts
Daily Spend view - this covers the daily spend over the previous sixty days

Explanation

Cost Explorer comes configured with three pre-defined views which are commonly used to analyze spending across your account:

Monthly Spend by Service view - this covers the current and previous two months and is grouped by AWS services
Monthly Spend by Linked Account View - this covers the current and previous two months and is grouped by linked accounts
Daily Spend view - this covers the daily spend over the previous sixty days

40 / 75

A bucket owner from Account Red allows Account Blue's IAM users to upload and access objects in his bucket.

One of Account Blue's IAM users tries to access an object in the bucket. The object is owned by an IAM user from Account Red who is not the bucket owner.

How will Amazon S3 process this request?

Amazon S3 only verifies permissions granted by the object owne

Amazon S3 verifies permissions granted by Account Blue's IAM administrator, by the bucket owner, and by the object owner.

Amazon S3 only verifies permissions granted by the bucket owner and object owner

Amazon S3 only verifies permissions granted by the bucket owner

Explanation

If a IAM user is trying to perform some action on an object belonging to another AWS user’s bucket, S3 will verify whether the owner of the IAM user has given sufficient permission to him. It also verifies the policy for the bucket as well as the policy defined by the object owner.

Explanation

41 / 75

You have been contracted to start building the latest and greatest mobile chat app. The schedule for this development and delivery is time critical. What correct mix of AWS services and components should you consider to ensure that your mobile chat app can be produced on time, ensuring that the mobile chat app can authenticate and authorize users?

Create an auto scaling group of EC2 instances with custom and specialized authentication and authorization logic using SSL and JWT tokens to perform user authentication and authorization.

Configure Amazon CloudFront in association with AWS WAF to perform user authentication and authorization

Create an auto scaling group of EC2 instances with SAML 2.0 service endpoint, setup and install a custom LDAP directory, configure SSO within the mobile app to use the SAML 2.0 service endpoint to perform user authentication and authorization

Configure Amazon Cognito together with IAM Roles and Policies, leverage the AWS Mobile SDK within the mobile chat app to perform user authentication and authorization

Explanation

Answer “Configure Amazon Cognito together with IAM Roles and Policies, leverage the AWS Mobile SDK within the mobile chat app to perform user authentication and authorization” is correct. The question highlights that the “development and delivery is time critical” - therefore the best approach time wise is to use the fit for purpose managed services provided by AWS - in this case, Amazon Cognito, IAM Roles and Policies, and the AWS Mobile SDK.

Explanation

42 / 75

You are migrating on-premise legal files to the AWS Cloud in Amazon S3 buckets. The corporate audit team will review all legal files within the next year, but until that review is completed, you need to ensure that the legal files are neither updated or deleted in the next 18 months. What steps will ensure the files can be uploaded efficiently but have the required protection for the specific time period of 18 months? (Choose 2 answers)

Set a default retention period of 18 months on all related S3 buckets.

Set a default legal hold on all related S3 buckets

Enable object locks on all relevant S3 buckets with a retention mode of compliance mode.

Set a retention period of 18 months on all relevant object versions via a batch operation

Explanation

The key points of this question are:

the difference between compliance mode and governance mode - compliance prevents objects from being updated or deleted, governance only prevents deletion.
Default Retention periods can be set at bucket level and then applied to all objects uploaded into the bucket. Otherwise they have to set at an object version level.
Legal holds have no specific time frame associated with them, and cannot be configured at a bucket level. They must be configured at an object version level.
Object lock setting cannot be configured via batch operations.

Explanation

The key points of this question are:

the difference between compliance mode and governance mode - compliance prevents objects from being updated or deleted, governance only prevents deletion.
Default Retention periods can be set at bucket level and then applied to all objects uploaded into the bucket. Otherwise they have to set at an object version level.
Legal holds have no specific time frame associated with them, and cannot be configured at a bucket level. They must be configured at an object version level.
Object lock setting cannot be configured via batch operations.

43 / 75

Increase the number of tables that are cached in RAM.

Disable backups on the target instance

Disable Multi-AZ on the target instance

Enable the Multi-AZ option on the replication instance.

Explanation

Enabling the Multi-AZ option provides high availability and failover support for the replication instance

Explanation

Enabling the Multi-AZ option provides high availability and failover support for the replication instance

44 / 75

You are responsible for a web application where the web server instances are hosted in auto-scaling group. You discover the following after monitoring your application workload for the past year:

You need a minimum of nine EC2 instances to handle the lowest levels of activity during non-business hours.
During local business hours, you require between 12-16 instances.
Roughly 35 percent of non-business workload involves backend data processing and analysis.

With this information, what recommendations would you make to minimize operating costs while providing the required availability?

Explanation

45 / 75

An organization has launched five instances: two for production and three for testing. The organization wants a particular group of IAM users to access only the test instances and not the production ones. They want to deploy the instances in various locations based on the factors that will change from time to time, especially in the test group. They expect instances will often be deleted and replaced, especially in the testing group. This means the five instances they have created now will soon be replaced by a different set of five instances. The members of each group, production, and testing will not change in the foreseeable future.

Given the situation, what choice below is the most efficient and time-saving strategy to define the IAM policy? (Choose 2 answers)

Launch the test and production instances in separate regions and allowing region wise access to the group

Configure tags on the instances in each environment defining which are ‘test’ and which are ‘production’

Define the IAM policy that allows access based on the instance ID

Add a condition to the IAM policy that allows access to the configured tags for the ‘test’ environment

Explanation

AWS Identity and Access Management is a web service that allows organizations to manage users and user permissions for various AWS services. The user can add conditions as a part of the IAM policies. The condition can be set on AWS Tags, Time, and Client IP as well as on various parameters. If the organization wants the user to access only specific instances, he should define proper tags and add to the IAM policy condition. The sample policy is shown below.
"Statement": [ { "Action": "ec2:*", "Effect": "Allow", "Resource": "*", "Condition": { "StringEquals": { "ec2:ResourceTag/InstanceType": "Production" } } } ]

Explanation

46 / 75

A user manages a running MySQL RDS instance that will not be used for the next three months. What is the most effective way to avoid costs for the database, and allow it to be used in three months time? (Choose 2 answers)

Create a manual snapshot of the DB instance

Delete the DB instance

Stop the RDS instance

Save the most recent snapshot from RDS automated backup

Explanation

Because the user needs to stop the instance for 3 months, the most cost-effective option is to create a manual snapshot of the RDS instance to launch later, and terminate the current RDS instance. Stopping the instance is not ideal in this case because the instance will be restarted automatically by Amazon after seven days. Amazon will also charge for provisioned and backup storage.

The best option is to create a manual snapshot of the instance, which can be stored for any length of time, and will not be deleted if the original instance is deleted. Note an automatic snapshot has a limited retention period, and will be deleted if the original instance is deleted. The user will only be charged for storage in this case if the user exceeds his/her default storage space

Explanation

47 / 75

You have a number of image files to encode. In an Amazon SQS worker queue, you create an Amazon SQS message for each file specifying the command (jpeg-encode) and the location of the file in Amazon S3. Which of the following statements best describes the functionality of Amazon SQS?

Amazon SQS is a distributed queuing system that is optimized for vertical scalability and for single-threaded sending or receiving speeds

Amazon SQS is a distributed queuing system that is optimized for horizontal scalability, not for single-threaded sending or receiving speeds.

Amazon SQS is a non-distributed queuing system.

Amazon SQS is for single-threaded sending or receiving speeds.

Explanation

Amazon SQS is a distributed queuing system that is optimized for horizontal scalability, not for single-threaded sending or receiving speeds. A single client can send or receive Amazon SQS messages at a rate of about 5 to 50 messages per second. Higher receive performance can be achieved by requesting multiple messages (up to 10) in a single call. It may take several seconds before a message that has been to a queue is available to be received.

Explanation

48 / 75

You've taken over management of your company's AWS cloud environment. You know very little about the environment and have been provided very little documentation. You have been given access to the environment and begin a discovery and documentation process. You begin by looking at the route table. Without seeing the specific route table, what information do you know it contains about the subnets in the VPC? (Choose 2 answers)

The subnets region is indicated

Subnets that do not direct traffic to an Internet Gateway are private

Subnets that direct traffic to an Internet Gateway are public

The default mask of the subnet can be identified.

Explanation

A route table contains a set of rules, called routes, that are used to determine where network traffic is directed.

Each subnet in your VPC must be associated with a route table; the table controls the routing for the subnet. A subnet can only be associated with one route table at a time, but you can associate multiple subnets with the same route table. When you add an Internet gateway, an egress-only Internet gateway, a virtual private gateway, a NAT device, a peering connection, or a VPC endpoint in your VPC, you must update the route table for any subnet that uses these gateways or connections.

Explanation

A route table contains a set of rules, called routes, that are used to determine where network traffic is directed.

49 / 75

A user has launched an EBS-backed EC2 instance with a Windows operating system. Which statement is correct regarding how Windows instances are billed when rebooted or stopped and restarted?

For every reboot or start/stop, the user will be charged as a separate hour.

Every reboot is charged by AWS as a separate hour, while multiple start/stop actions during a single hour will be counted as a single hour.

For rebooting AWS does not charge a new instance hour, while every stop or restart will be charged fee for a new instance hour as a separate hour

For rebooting AWS charges extra only once, while for every stop/start the user will be charged as a separate hour

Explanation

For an EC2 instance launched with an EBS backed Windows AMI, each time the instance state is changed from stop to start/ running, AWS charges restart a new per-hour charge. Effective October 2, 2017, charges are calculated on a per-second basis for On-Demand, Spot and Reserved instances with Linux operating systems, with a minimum one-minute charge. Regardless of operating system, rebooting an instance AWS does not incur a charge an hour or one-minute minimum charge.

Explanation

50 / 75

Amount of data required for backup each day after on-premise data deduplication and compression

Net available bandwidth between on-premises and AWS over the public internet or Direct Connect line.

Amount of data required for backup each day before on-premise data deduplication and compression

Compute power of on-premises instances that need to be backed up

Explanation

51 / 75

You have been contracted by a company to design and implement their AWS cloud environment. The company has a very tight budget and would like to maximize savings wherever possible. They've gotten a 5-year government contract and the workload is expected to remain steady throughout the length of the contract. What type of instance will best meet their computing needs while providing maximum savings?

Convertible reserved instances, one-year commitment, no upfront

Standard reserved instances, one-year commitment, no upfront

Convertible reserved instances, three-year term commitment, all upfront

Standard reserved instances, three-year term commitment, all upfront

Explanation

When you purchase a Reserved Instance, choose a payment option, term, and an offering class that suits your needs. Generally speaking, you can save more money choosing Reserved Instances with a higher upfront payment. There are three payment options (No Upfront, Partial Upfront, All Upfront), two-term lengths (one-year or three-years), and two offering classes (Convertible and Standard). Convertible RIs offer up to a 55% discount, while Standard offers up to a 75% discount. No Upfront and Partial Upfront Reserved Instances are billed for usage on an hourly basis, regardless of whether they are being used. All Upfront Reserved Instances have no additional hourly charges

Explanation

52 / 75

Your company wants to migrate an on-premises SQL Server DB to AWS RDS SQL Server. As the DBA, you have determined that your database can be offline while the backup is created, copied, and restored. You decide to use native backup and restore. Which steps are required during setup? (Choose 3 answers)

Create an AWS IAM role for access to the S3 bucket

Create an Amazon S3 bucket for your backup files

Turn on compression for your backup files by running “exec rdsadmin..rds_set_configuration ‘S3 backup compression’, ‘true.’”

Add the SQLSERVER_BACKUP_RESTORE option to an option group on your DB instance.

Explanation

There are three components you'll need to set up for native backup and restore: an Amazon S3 bucket to store your backup files; an AWS Identity and Access Management (IAM) role to access the bucket, and the SQLSERVER_BACKUP_RESTORE option added to an option group on your DB instance.

Explanation

53 / 75

Your company has decided to use cloud methods for disaster recovery. The company is most concerned with RTO and RPO and is willing to accept the extra cost of Warm Standby over Pilot Light. When a disaster occurs, your top priority is to increase the processing capacity of your scaled-down environment. Once that is accomplished, you can then increase the environment's resilience and self-management capabilities.

What steps will help you accomplish your top priority when a disaster occurs? (Choose 2 answers)

Re-size the small capacity servers to run on larger EC2 instances

Extend your auto scaling group across multiple availability zones

Modify your Amazon RDS servers to a multi-AZ deployment

Explanation

The Warm Standby scenario uses a scaled-down version of a fully functional environment that is always running. Business-critical applications can always be running in the cloud. When a DR scenario comes about, the servers can be quickly scaled up, scaled out or both, but horizontal scaling is preferred over vertical scaling.

The two incorrect choices will increase your environment's resilience by adding availability

Explanation

The two incorrect choices will increase your environment's resilience by adding availability

54 / 75

CloudWatch Logs

AWS Config

Simple Workflow Service

Simple Queue Service

Explanation

55 / 75

A customer has a website which shows all the sales available in leading online and brick-and-mortar stores.

Currently, the website's web, application, and database tiers are hosted on five large, on-demand EC2 instances to manage day-to-day traffic. However, from late November through the end of December, the website traffic quadruples the normal rate for various periods, sometimes a few minutes, and sometimes a few hours. During the peaks in activity, the website requires up to 20 large instances.

The level of activity is not predictable. It is also prone to large, sudden spikes at random times based on when various temporary sales are available. The site's traffic can quadruple in a matter of minutes.

Which option is the most cost-effective and achieves better performance to handle these peaks in traffic reliably?

Purchase 5 Standard reserved instances immediately. Add ten on-demand instances to run continuously from late November through the end of December. Create an auto scaling group to scale out an additional five instances based on the workload metrics as needed.

Purchase 5 Scheduled reserved instances immediately. Add 15 on-demand instances to run continuously from late November through the end of December.

Purchase 5 Standard reserved instances immediately. Add five on-demand instances during the from late November through the end of December, and create an auto scaling group to scale out an additional ten instances based on the workload metrics as needed.

Launch ten on-demand instances running continuously, and manually launch ten instances every day during office hours based on workload metrics as needed.

Explanation

AWS provides an on-demand, scalable infrastructure. Amazon EC2 allows the user to launch On-Demand instances and the organization should create an AMI of the running instance. When the organization is experiencing varying loads and the time of the load is not known but it is higher than the routine traffic it is recommended that the organization launches a few instances beforehand and then setups AutoScaling with policies which scale up and down as per the EC2 metrics, such as Network I/O or CPU utilization.

If the organization keeps all ten additional instances as a part of the AutoScaling policy sometimes during a sudden higher load, it may take time to launch instances and may not give optimal performance. This is the reason it is recommended that the organization keeps an additional five instances running and the next five instances scheduled as per the AutoScaling policy for cost-effectiveness.

Additionally, the website has established a baseline of normal workload outside of the peak season, so they can invest in Standard reserved instances to manage this workload and save dramatically on compute resource costs.

Explanation

56 / 75

A client has contacted you about designing their AWS cloud environment. They want to fully migrate their compute environment to the cloud. Their biggest requirement is that they need high availability at both the web and database tiers. Their current database is MySQL. How might you best design high availability for their environment with cost being a consideration as well?

Multi-AZ Deployment

Cross-region replication

Read Replicas

Auto scaling

Explanation

Amazon RDS provides high availability and failover support for DB instances using Multi-AZ deployments. Amazon RDS uses several different technologies to provide failover support. Multi-AZ deployments for Oracle, PostgreSQL, MySQL, and MariaDB DB instances use Amazon's failover technology. SQL Server DB instances use SQL Server Mirroring. Amazon Aurora instances stores copies of the data in a DB cluster across multiple Availability Zones in a single region, regardless of whether the instances in the DB cluster span multiple Availability Zones.

Explanation

57 / 75

A legacy application in your company has been deployed in a single availability zone. It is used only sporadically but must be available nevertheless. Due to your heavy administrative workload, you wish to automate a process that will rebuild the application automatically if it fails. What action should you take?

Configure the server in an auto scaling group with a minimum and maximum size of one

Add an additional availability zone and a load balancer.

Perform snapshots of EBS volumes on a set schedule.

Monitor the server availability using Cloud Watch metrics to receive alerts of health check failures.

Explanation

Auto scaling provides redundancy for a single server with the option of launching a configuration using the attributes from a running instance. When you use this option, auto scaling copies the attributes from the specified instance into a template from which you can launch one or more auto scaling groups.

Note that if the specified instance has properties that are not currently supported by auto scaling, instances launched by auto scaling using the launch configuration created from the identified instance might not be identical to the identified instance.

Explanation

58 / 75

Your on-premise bare-metal servers are over five years old. You’re considering moving to AWS. The offerings of virtual instances far surpass what you can access on-premises. Before you choose your test instance at AWS, what questions should you ask? (Choose 3 answers)

How much network bandwidth do you need?

When peak load occurs, how much over-provisioning is required?

What is the cost of over-provisioning?

What is the average server utilization?

Explanation

On-premises data centers have costs associated with the servers, storage, networking, power, cooling, physical space, and IT labor required to support applications and services running in the production environment. For servers, these questions are most applicable: What is your average server utilization? How much do you overprovision for peak load? What is the cost of over-provisioning?

Explanation

59 / 75

Memory Utilization

CPU Utilization

Volume Queue Length

Disk Performance (Read and Write OPS)

Explanation

To establish a baseline you should, at a minimum, monitor the following items:

CPU Utilization
Memory Utilization
Network Utilization
Disk Performance
Disk Space.

Explanation

To establish a baseline you should, at a minimum, monitor the following items:

CPU Utilization
Memory Utilization
Network Utilization
Disk Performance
Disk Space.

60 / 75

An EC2 instance has one additional EBS volume attached to it. How can a user attach the same volume to another running instance in the same availability zone?

Detach the volume first and attach it to new instance

No need to detach. Just select the volume and attach it to the new instance, it will take care of mapping internally.

Terminate the first instance and only then attach it to the new instance

Attach the volume as read-only to the second instance

Explanation

If an EBS volume is attached to a running EC2 instance, the user needs to detach the volume from the original instance and then attach it to a new running instance. The user doesn't need to stop or terminate the original instance.

Explanation

61 / 75

To provide adequate computer resources for your company portal during busy sales cycles, you have your instances assigned to an EC2 auto scaling group associated with an application load balancer. You are now configuring the health checks for the auto scaling group.

What statement regarding health check configuration options for your auto scaling group is correct?

You can only use ALB health checks as a health check for your auto scaling group

You can use both EC2 Instance Status Checks and ALB health checks simultaneously for your auto scaling group

You can only use EC2 Instance Status Checks as a health check for your auto scaling group

You can use either EC2 Instance Status Checks or ALB health checks for your auto scaling group., but not both simultaneously

Explanation

Both instance status checks and health checks must be enabled before unhealthy instances will be terminated. It is critical that you test not only the saturation and breaking points but also the "normal" traffic profile you expect

Explanation

62 / 75

You are configuring Amazon Route 53 to route traffic destined for yourwebsite.com to an Application Load Balancer that is configured to distribute traffic in two availability zones in the same AWS region. Which record set should you edit to point traffic for yourwebsite.com to your Application Load Balancer? Select the answer that is the most cost-effective and scalable.

CNAME

Alias

Explanation

yourwebsite.com is a zone apex. Alias record sets can be used to set a zone apex, but CNAME records cannot. Additionally, queries to Alias records that are mapped to an ELB are free. A records are used to map IPv4 addresses to FQDNs, the IP address of the ELB may change. MX records are used for email servers.

Explanation

63 / 75

You wish to perform detailed monitoring on servers that are marked as unhealthy before they are terminated. After researching the issue, you find that lifecycle hooks can be deployed as necessary. Which strategies could you use to perform detailed monitoring? (Choose 2 answers)

Define a notification target for the lifecycle hook

Query 160.254.169.254 when instances are first marked as unhealthy

Use a CloudWatch event to invoke a Lambda function

Create a longer cooldown period in the launch configuration

Explanation

Lifecycle hooks allow customization of existing auto-scaling groups

Explanation

Lifecycle hooks allow customization of existing auto-scaling groups

64 / 75

Which choice correctly describes the differences between security groups and Network Access Control Lists (NACLs)? (Choose 2 answers)

Security Groups operate at the instance level and support allow rules only.

Security Groups operate at the subnet level, and they support allow rules only

NACLs operate at the subnet level and support allow and deny rules

NACLs operate at the subnet level and support deny rules only.

Explanation

You can secure your VPC instances using only security groups; however, you can add NACLs as a second layer of defense. Security groups — Act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level . Network access control lists (NACLs) — Act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level . Security Groups supports allow rules only while Network Access Control Lists support allow and deny rules.

Explanation

65 / 75

Create a new record set and custom domain name for the new instance in Route 53

Make sure the instance has a public IP address

Edit security group to allow traffic to and from the internet on required ports

Attach an Internet gateway to the VPC and add a default route to the IGW in public subnet's route table

Explanation

Attach an Internet gateway to your VPC.
Ensure that your subnet's route table points to the Internet gateway.
Ensure that instances in your subnet have a globally unique IP address (public IPv4 address, Elastic IP address, or IPv6 address).
Ensure that your network access control and security group rules allow the relevant traffic to flow to and from your instance

Explanation

Attach an Internet gateway to your VPC.
Ensure that your subnet's route table points to the Internet gateway.
Ensure that instances in your subnet have a globally unique IP address (public IPv4 address, Elastic IP address, or IPv6 address).
Ensure that your network access control and security group rules allow the relevant traffic to flow to and from your instance

66 / 75

You have been asked to create a new S3 Bucket that will be used by the financial auditing team to store and share some files. There are a lot of different permissions between listing only, read-only and read-write access. You have decided to use resource-based permissions for the flexibility of it. Which statements below are correct with regards to resource-based permissions on your S3 bucket? (Choose 2 answers)

An explicit deny in resource-based permissions will overwrite an allow permissions the user might have for the same resource

Resource-based permissions could be attached to a user, role or group

Resource-based permissions are managed policies you can apply directly to your bucket

With resource-based permissions, you can define permissions for sub-directories of your bucket separately

Explanation

Resource-based permissions are permissions you attach directly to a resource. Resource-level permissions refer to the ability to specify not just what actions users can perform, but which resources they're allowed to perform those actions on. Resource-based policies are inline only, not managed. You can specify resource-based permissions for Amazon S3 buckets, Amazon Glacier vaults, Amazon SNS topics, Amazon SQS queues, and AWS Key Management Service encryption keys.

Explanation

67 / 75

Your company is considering migrating to AWS, but they are concerned about the initial and mid- to short-term costs due to the complexity of the migration cycle. To effectively calculate the total cost of ownership, certain costs must be understood and planned for.

What costs should be primary considerations? (Choose 3 answers)

The cost of running duplicate environments

The cost of using a Direct Link connection

The cost of running migration tools

The cost of outside consulting services

Explanation

Failing to accurately estimate your costs before migration and during the migration process is a recipe for disaster. To build a migration model for optimal efficiency, it is important to accurately understand the current costs of running on-premises applications, as well as the interim costs incurred during the transition

Explanation

68 / 75

A user has launched one EC2 instance in the US East region and one in the US West region. The user has launched an RDS instance in the US East region. ow can the user configure access from both the EC2 instances to RDS?

Configure the US West region's security group to allow a request from the US East region's instance and configure the RDS security group's ingress rule for the US East EC2 group

Configure the security group of the US East region to allow traffic from the US West region's instance and configure the RDS security group's ingress rule for the US East EC2 group

Configure the security group of both instances in the ingress rule of the RDS security group

It is not possible to access RDS of the US East region from the US West region

Explanation

The user cannot authorize an Amazon EC2 security group if it is in a different AWS Region than the RDS DB instance. The user can authorize an IP range or specify an Amazon EC2 security group in the same region that refers to an IP address in another region. In this case allow IP of US West inside US East's security group and open the RDS security group for US East region.

Explanation

69 / 75

A client of yours has a huge amount of data stored on Amazon S3, but is concerned about someone stealing it while it is in transit. You know that all data is encrypted in transit on AWS, but which of the following is wrong when describing server-side encryption on AWS?

Amazon S3 server-side encryption employs strong multi-factor encryption.

Server-side encryption is about data encryption at rest--that is, Amazon S3 encrypts your data as it writes it to disks.

In server-side encryption, you manage encryption/decryption of your data, the encryption keys, and related tools.

Amazon S3 server-side encryption uses one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256), to encrypt your data

Explanation

Amazon S3 encrypts your object before saving it on disks in its data centers and decrypts it when you download the objects. You have two options depending on how you choose to manage the encryption keys: Server-side encryption and client-side encryption. Server-side encryption is about data encryption at rest--that is, Amazon S3 encrypts your data as it writes it to disks inits data centers and decrypts it for you when you access it. As long as you authenticate your request and you have access permissions, there is no difference in the way you access encrypted or unencrypted objects. Amazon S3 manages encryption and decryption for you. For example, if you share your objects using a pre-signed URL, that URL works the same way for both encrypted and unencrypted objects. In client-side encryption, you manage encryption/decryption of your data, the encryption keys, and related tools. Server-side encryption is an alternative to client-side encryption in which Amazon S3 manages the encryption of your data, freeing you from thetasks of managing encryption and encryption keys. Amazon S3 server-side encryption employs strong multi-factor encryption. Amazon S3 encrypts each object with a unique key. As an additional safeguard, it encrypts the key itself with a masterkey that it regularly rotates. Amazon S3 server-side encryption uses one of the strongest block ciphers available, 256- bit Advanced Encryption Standard (AES-256), to encrypt your data

Explanation

70 / 75

Due to compliance rules and regulations, your company's workload has to run on dedicated instances. How can you make sure that all EC2 instances created for your workload now and in the future are dedicated instances? (Choose 2 answers)

Create your VPCs with instance tenancy of dedicated. This will ensure that all instances launched in VPC are dedicated

Create a golden AMI of the dedicated instance and enforce this AMI as the base for any new instance in your environment. This guarantees that all instances created based on the AMI will be dedicated

Create a dedicated Placement Group and associate all new instances with this placement group at launch time. All instances launched in a dedicated placement group will be dedicated

Create a CloudFormation template that has the EC2 Instance Tenancy attribute as dedicated and always use it to launch any new instance

Explanation

You can create a VPC with an instance tenancy of dedicated to ensure that all instances launched into the VPC are dedicated instances. Alternatively, you can specify the tenancy of the instance during launch

Explanation

71 / 75

You have an application that is generating a log file every 5 minutes and you need to store these log files appropriately. The requirements for storing the log files are:

They should be quickly retrievable when needed, as they may be required only for verification in case of some major issue.
The logs will need to be accessed frequently, as all log data is retrieved and compiled from the files into a bi-monthly report.
The logs are essential to quarterly audits, so the storage solution must offer a high level of durability.
Cost should also be minimized for the storage service as much as possible.

Which of the storage options below is the best choice to meet these requirements?

Amazon S3 Standard - Infrequent Access (IA)

Amazon S3 Glacier

Amazon S3 Standard

Amazon S3 OneZone-IA

Explanation

Amazon S3 stores objects according to their storage class. There are technically four major storage classes: Standard, Standard - Infrequent Access, Reduced Redundancy Storage (RRS) and Glacier.

Standard is for Amazon S3 and provides very high durability. Standard - Infrequent Access is designed for with a minimum data amount required and paid storage for at least 30 days. Glacier is for archival and the files are not available over the internet. Reduced Redundancy Storage is for less critical files.

S3 OneZone IA is a variation of Standard-IA, which offers data archival at a reduced price, but also with less durability because the data within this class is stored within a single availability zone rather than spread throughout all availability zones within the S3 buckets region, as it is with S3 Standard storage.

Explanation

Amazon S3 stores objects according to their storage class. There are technically four major storage classes: Standard, Standard - Infrequent Access, Reduced Redundancy Storage (RRS) and Glacier.

72 / 75

You are designing a AWS cloud environment for a client who has a contract with a federal government agency. The cloud environment will have multiple VPCs and be in multiple regions. The government agency wants to whitelist only a handful of instances in your organization. This will dictate that these instances have static IP addresses. Elastic ip addresses can be used to keep a fixed set of IP addresses. How can the Elastic IP addresses (EIP) be used in this environment?

EIPs can be moved from one instance to another in multiple VPCs and multiple regions

EIPs are attached to an instance and exist only for the life of that instance

EIPs can be moved from one instance to another within the same Availability Zone

EIPs can be moved from one instance to another in multiple VPCs within the same region

Explanation

An Elastic IP address is associated with your AWS account. With an Elastic IP address, you can mask the failure of an instance or software by rapidly remapping the address to another instance in your account. You can disassociate an Elastic IP address from a resource, and reassociate it with a different resource. A disassociated Elastic IP address remains allocated to your account until you explicitly release it. An Elastic IP address is for use in a specific region only.

Explanation

73 / 75

A user has deployed an application on his private cloud. The user is using his own monitoring tool. He wants to configure it so that whenever there is an error, the monitoring tool will notify him via SMS. Which of the below mentioned AWS services will help in this scenario?

AWS SMS

AWS SNS

AWS SES

None because the user infrastructure is in the private cloud.

Explanation

Amazon Simple Notification Service (Amazon SNS) is a fast, flexible, and fully managed push messaging service. Amazon SNS can be used to make push notifications to mobile devices. Amazon SNS can deliver notifications by SMS text message or email to the Amazon Simple Queue Service (SQS) queues or to any HTTP endpoint. In this case user can use the SNS apis to send SMS.

Explanation

74 / 75

You’ve designed a public portal (with a MySQL database) featuring popular scientific journals. Due to its popularity, users are complaining it takes much longer to review selected journals than in the past. In addition, the popularity of your site is worldwide.

What are the first steps that you should take to resolve your performance issues? (Choose 2 answers)

Place additional read replicas in AWS regions closer to your users

Create a read replica of your master database

Redesign your database as a Multi-AZ solution

Deploy ElasticSearch for faster searching of available scientific journals

Explanation

Read replicas of your master database allow you to increase performance. Placing your read replicas in different AWS regions closer to your users will maximize performance and increase the availability of your database.

Explanation

75 / 75

Your organization is migrating applications to AWS. Your new security policy mandates that all user accounts be created and managed through IAM. Currently, your corporation is using Active Directory as their on-premise LDAP service. Once applications go live at AWS, all users must access applications using temporary access credentials, and all IAM users must have passwords that are rotated on a set schedule. Which of the following actions will allow you to enforce this security policy? (Choose 3 answers)

Disable the root account for your AWS account.

Create and enforce a password expiration policy option for all IAM users.

Create required IAM user accounts

Deploy federation services that support the Security Token Service

Explanation

STS is the “glue” that supports temporary access credentials for federation. If you are running code, AWS CLI, or Tools for Windows PowerShell commands inside an EC2 instance, you can take advantage of roles for Amazon EC2. Otherwise, you can call an AWS STS API to get the temporary credentials, and then use them explicitly to make calls to AWS services.

Explanation

Your score is

The average score is 14%

LinkedIn Facebook Twitter

Please rate your experience to help us improve !

Follow Us

Basic & Fundamentals

Recent Posts

Most Read

AWS Certified Solutions Architect Professional – Free Practice Tests

AWS Certified Solutions Architect Professional – Learning Mode

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

AWS Certified Solutions Architect Professional – Exam Mode

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation

Explanation