AWS Certified Solutions Architect Practice Exams

¡Supera tus tareas y exámenes ahora con Quizwiz!

Your company maintains financial records for customers. These records are stored as PDF files on Amazon Simple Storage Service (Amazon S3). Compliance rules require that you record when any user accesses a PDF file. How can you meet this compliance goal? 1. Turn on Bucket Logging to generate access logs. 2. Add a security group to the Amazon S3 bucket. 3. Enable VPC Flow Logs. 4. Add an Amazon S3 lifecycle policy to the bucket.

1 A.<o:p></o:p> Bucket Logging will create access logs that list the time, IP address, and AWS Identity and Access Management (IAM) user identity of any access to an object in the bucket. None of the other options performs a similar function.<o:p></o:p>

Which of the following is the fundamental resource managed by AWS Key Management Service (KMS)? 1. Customer Master Key (CMK) 2. Data Key 3. Envelope Encryption 4. Encryption Context

1 A. AWS KMS manages CMKs.

Which of the following policies must be specified on an AWS CloudFormation resource in order to ensure that the resource is not deleted when the stack is deleted? 1. Deletion policy 2. Retention policy 3. Keep alive policy 4. Preserve policy

1 A. A deletion policy must be applied to an AWS CloudFormation resource in order to ensure that the resource is not deleted when the stack is deleted.

Your firm has just received 200 TB of TIF images that must be converted to GIF images. This conversion will occur only once. The primary requirement for the workload is to complete the work within a fixed budget, although the business would also appreciate a swift completion. What is an appropriate mix of Amazon Elastic Compute Cloud (Amazon EC2) instances to meet the business’s goals? 1. Launch the number of On-Demand Instances that fit within the project budget. Augment those with Spot Instances at a lower price to complete the task sooner for less compute cost. When all the images are converted, terminate all the instances. 2. Purchase Reserved Instances to run the conversion process. 3. Launch On-Demand t2.nano instances to run the conversion process. 4. Launch On-Demand instances at night to run the conversion process. Terminate the instances every morning and resume the process the following night until c

1 A. A fixed number of On-Demand Instances will ensure that the conversion is eventually completed, but the purchase of Spot Instances will increase the amount of compute at a lower price than the On-Demand Instances. This will allow the process to finish faster for a lower overall cost (since you will be able to terminate the more expensive On-Demand Instances that much sooner). Compute is linearly priced, so small instances will just take longer to complete the process without lowering the price. Reserved Instances are not appropriate as this is a short-term, one-time workload. On-Demand Instance prices are constant, so running only at night will not affect the overall cost and will postpone completion.

Which of the following best describes the shared responsibility model? 1. Customers are responsible for security in the cloud, and AWS is responsible for security of the cloud. 2. Customers are responsible for security of the cloud, and AWS is responsible for security in the cloud. 3. Customers are responsible for all security. 4. AWS is responsible for all security.

1 A. AWS is responsible for security of the cloud, and customers are responsible for security in the cloud.

How many AWS Trusted Advisor checks are available to all AWS customers? 1. 4 2. 5 3. 10 4. 12

1 A. All AWS customers have access to four Trusted Advisor checks.

Which of the following is true for Amazon Elastic Block Store (Amazon EBS)? 1. An Amazon Elastic Compute Cloud (Amazon EC2) instance can be associated with multiple Amazon EBS volumes. 2. An Amazon EBS volume can be associated with multiple Amazon EC2 instances. 3. Amazon EBS volumes are backed up nightly to tape. 4. Amazon EBS volumes are replicated across multiple availability zones.

1 A. Amazon EBS volumes are replicated at least once within a single availability zone and are not backed up to tape. A single instance can be attached to several Amazon EBS volumes, but an Amazon EBS volume can be attached to only one instance at a time.

Your company stores click stream logs from your website on Amazon Simple Storage Service (Amazon S3) nightly, averaging 20 TB of new data a night. Your data scientists would like to analyze this data to segment users and understand user preferences. Which service is well suited to meet their needs? 1. Amazon Elastic Map Reduce (Amazon EMR) 2. Amazon Kinesis Streams 3. AWS Cloud Trail 4. Amazon Cloud Watch

1 A. Amazon EMR is an excellent choice to analyze data at read, such as logs stored on Amazon S3. Amazon Kinesis Streams can analyze streams of data in real time, which is not the scenario here. Neither AWS Cloud Trail nor Amazon Cloud Watch are analysis services.

Your company receives information on every sale from thousands of Point-of-Sale (POS) machines, resulting in 5,000–10,000 messages per second and 20 TB of new data every day. Every night this information must be analyzed and summary results stored in a MySQL database for display in a management dashboard. What combination of services will address this use case? 1. Amazon Kinesis Firehose, Amazon Simple Storage Service (Amazon S3), Amazon Elastic MapReduce (Amazon EMR), AWS Data Pipeline, and Amazon Relational Database Service (Amazon RDS) 2. Amazon Kinesis Firehose, Amazon Elastic Block Store (Amazon EBS), Amazon EMR, AWS Data Pipeline, and Amazon RDS 3. AWS Direct Connect, Amazon Simple Storage Service (Amazon S3, Amazon EMR, AWS Data Pipeline, and Amazon RDS 4. Amazon Kinesis Firehose, Amazon Glacier, Amazon EMR, AWS Data Pipeline, and Amazon RDS

1 A. Amazon Kinesis Firehose can ingest the stream, saving it to Amazon S3. Amazon EMR can run MapReduce algorithms on the data stored in Amazon S3 and output the results to a different Amazon S3 bucket. AWS Data Pipeline can run regular ETL jobs to copy the resultant data into a MySQL database running on Amazon RDS. Amazon EBS has an upper limit of 16 TB, so it is a poor choice for the hundreds of TB of data that will be ingested and is significantly more expensive on top of that. AWS Direct Connect provides a private connection to your AWS infrastructure, but it has no ingestion functionality. Amazon Glacier requires 3–5 hours to retrieve requested objects and would not work in this scenario.

How long does it take AWS CloudTrail to deliver an event for an Application Programming Interface (API) call? 1. Typically within 15 minutes 2. Typically within 30 minutes 3. Always 15 minutes after the event occurred 4. Always 30 minutes after the event occurred

1 A. CloudTrail typically delivers an event within 15 minutes of the event occurring.

Which of the following is a primary benefit of using a dead letter queue? 1. The ability to sideline and isolate unsuccessfully processed messages. 2. The ability to determine quickly which messages are being processed the fastest. 3. The ability to replay messages that have been successfully processed and deleted from the source queue. 4. You don’t have to move dead letter messages to the trash.

1 A. Dead letter queues contain messages that have not been deleted from the source queue and, therefore, the dead letter queue contains message that are not being successfully processed.

Your company runs a monitoring application that retrieves server status information hourly from all of the servers in your data center and cloud infrastructure. The information is required to be maintained for 24 hours. When the information is retrieved, appending it to the end of the 200 GB file (and removing data older than 24 hours from the top of the file) requires 2,500 IOPs for one minute. Network administrators periodically display summary information and randomly accessed rows in a browser-based application, but this operation requires a negligible amount of IOPs. What type of storage is well suited for this workload? 1. An Amazon Elastic Block Store (Amazon EBS) General Purpose SSD volume 2. An Amazon EBS Provisioned IOPs SSD volume 3. An Amazon EBS Magnetic volume 4. Amazon Elastic Compute Cloud (Amazon EC2) Instance storage 5. Amazon Simple Storage Service (Amazon S3)

1 A. Either General Purpose SSD or Provisioned IOPs would work, but the bursty nature of the IO makes the General Purpose SSD the more cost-effective choice. The durability requirement eliminates the Instance Storage option. Magnetic volumes cannot achieve 2,500 IOPs. The random file access makes the workload block storage, so Amazon S3 will not meet the requirements.

Which of the following is the best description of an Auto Scaling cool-down period? 1. A period of time after an Auto Scaling event during which Auto Scaling waits before resuming Auto Scaling activities. 2. A period of time before an Auto Scaling event that allows the Auto Scaling group to cool before initiating an Auto Scaling event. 3. The period of time after an Auto Scaling group has been deleted. 4. The period of time after the desired capacity has been set equal to the maximum capacity.

1 A. The Auto Scaling cool-down period is a configurable setting for your Auto Scaling group that helps ensure that Auto Scaling doesn’t launch or terminate additional instances before the previous scaling activity takes effect. After the Auto Scaling group dynamically scales using a simple scaling policy, Auto Scaling waits for the cool-down period to complete before resuming scaling activities.

Which of the following is not a supported notification protocol for Amazon Simple Notification Service (Amazon SNS)? 1. Amazon Elasti Cache 2. HTTP 3. Amazon Simple Queue Service (Amazon SQS) 4. Email

1 A. The supported notification protocols for SNS are HTTP, HTTPS, Amazon SQS, Email, Short Message Service (SMS), and AWS Lambda.

How many availability zones may an Amazon Virtual Private Cloud (Amazon VPC) subnet span? 1. 1 2. 2 3. 3 4. 4

1 A. VPC subnets do not span availability zones. One subnet equals one availability zone.

Your company uses an architectural drawing program and stores the drawings on an on-premises server with an attached iSCSI drive. Your company wants to replicate all of the drawings to the cloud for a durable backup and disaster recovery. Since the users interact directly with the files, latency is critical and the files must all reside locally. What AWS Cloud service can meet your requirements? 1. Amazon Storage Gateway – Gateway Stored Volume 2. Amazon Simple Storage Service (Amazon S3) bucket 3. Amazon Storage Gateway – Gateway Cached Volume 4. Amazon Red shift

1 Answer: A Amazon Storage Gateway – Gateway Stored Volumes replicate all data to the cloud while storing it all locally to reduce latency. Amazon Storage Gateway – Gateway Cached Volumes provide an iSCSI interface to block storage, but copies all files to Amazon S3 for durability and retains only the recently used files locally. Neither Amazon S3 nor Amazon Red shift are block storage.

Which of the following are possible destinations for data ingested with Kinesis Firehose? (Choose 3 answers) 1. Amazon Simple Storage Service (Amazon S3) 2. Amazon Red shift 3. Amazon Glacier 4. Amazon Elastic search Service 5. Amazon Elastic Block Store (Amazon EBS)

1,2,4 A, B, and D. Amazon S3, Amazon Redshift, and Amazon Elastic search Service are the three possible destinations for Amazon Firehose data.

Which of the following can be configured as an origin for an Amazon Cloud Front distribution? (Choose 3 answers) 1. An on-premises HTTP server 2. An Amazon Simple Storage Service (Amazon S3) bucket 3. An Amazon Red shift cluster 4. An Amazon Elastic Load Balancer 5. An Amazon Relational Database Service (RDS) database 6. Amazon Dynamo DB

1,2,4 A, B, and D. Amazon Cloud Front can use any HTTP/S source as an origin, whether on AWS or on-premises. It's not made to work directly with databases like Amazon Red shift, Amazon Dynamo DB, or Amazon RDS.

Which of the following are differences between Amazon Simple Storage Service (Amazon S3) and Amazon Elastic Block Store (Amazon EBS)? (Choose 3 answers) 1. Amazon S3 buckets can hold a virtually unlimited amount of data; Amazon EBS volumes have a maximum size. 2. Amazon S3 is object storage; Amazon EBS is block storage. 3. Amazon S3 is block storage; Amazon EBS is object storage. 4. Amazon S3 is accessed via a REST API; Amazon EBS is accessed from an attached Amazon Elastic Compute Cloud (EC2) instance. 5. Amazon S3 can be encrypted using the Amazon Key Management Service (KMS); Amazon EBS cannot.

1,2,4 A, B, and D. These answers are factual. Response C reverses the nature of the storage between the two services. Response E is incorrect because both Amazon S3 and Amazon EBS can be encrypted using Amazon KMS.

Which of the following can be used to control access to objects in Amazon Simple Storage Service (Amazon S3)? (Choose 3 answers) 1. Amazon S3 bucket policies 2. AWS Identity and Access Management (IAM) policies 3. Linux Iptables 4. Amazon S3 Access Control List (ACL) 5. Amazon S3 firewalls 6. Security groups

1,2,4 A, B, and D. These are the three access control services for Amazon S3.

What does the Amazon Machine Image (AMI) define for a new Amazon Elastic Compute Cloud (Amazon EC2) instance? (Choose 2 answers) 1. The operating system version and configuration 2. The number of virtual CPUs 3. Software installed on the instance at launch 4. The external IP address 5. The pricing model for the instance

1,3 A and C. The AMI defines the software state of the instance upon launch. It has no impact on the hardware.

Which of the following is true for Amazon Elastic Block Store (Amazon EBS)? (Choose 2 answers) 1. Amazon EBS volumes are available in a variety of magnetic and SSD options 2. Amazon EBS volumes lose data when the associated instance is stopped 3. Amazon EBS volumes can be encrypted transparently to applications accessing the data 4. Amazon EBS volumes can be of unlimited size

1,3 A and C. There are multiple volume types for EBS instances, both SSD and magnetic, that provide cost-effective solutions to a variety of workloads. Amazon EBS volumes can be encrypted when launched and that encryption is transparent to applications on the associated instances. Amazon EBS volumes maintain data even when the associated instance is stopped or terminated. Amazon EBS volumes have an upper size limit that differs depending on the volume type.

What options are available for Server Side Encryption (SSE) on Amazon Simple Storage Service (Amazon S3)? (Choose 3 answers) 1. Use Amazon S3 Managed Keys 2. Use Amazon Identity and Access Management (IAM) access keys 3. Use AWS Key Management System (KMS) managed keys 4. Use customer-provided keys 5. Use Amazon Elastic Compute Cloud (Amazon EC2) key pairs

1,3,4 A, C, and D. Access keys are for authentication, not encryption. Amazon EC2 key pairs provide initial access to Amazon EC2 instances and are not integrated with Amazon S3.

What features are available to help you increase security on Amazon Identity and Access Management (IAM) User accounts? (Choose 3 answers) 1. Multi-Factor Authentication (MFA) 2. Amazon Cloud Watch 3. Conditions limiting authorization to calls from a particular Classless Inter-Domain Routing (CIDR) block 4. Password policies 5. Security groups

1,3,4 A, C, and D. MFA adds an authentication criterion that the user must possess a device providing one-time passwords. Conditions can limit access to a single IP address or group of IP addresses on your corporate network. Password policies can define complexity rules and password expiration. Amazon Cloud Watch is a monitoring service. Security groups control network traffic, not user access.

When you launch an Amazon Elastic MapReduce (Amazon EMR) cluster, what must you specify? (Choose 3 answers) 1. The instance type of the nodes in your cluster 2. The database connection string 3. The number of nodes in your cluster 4. A Domain Name Service (DNS) name for the cluster 5. The version of Hadoop you want to run

1,3,5 A, C, E. These are required values when you launch a cluster.

Which of the following services can be used together to create a highly available application with a resilient architecture on AWS? (Choose 3 answers) 1. Amazon CloudWatch 2. AWS CloudTrail 3. Elastic Load Balancing 4. AWS Config 5. Auto Scaling 6. AWS Directory Service

1,3,5 A, C, and E. Using Amazon CloudWatch, Elastic Load Balancing, and Auto Scaling together can create a highly available application with a resilient architecture on AWS.

Your company faces a compliance requirement dictating that none of your Amazon Elastic Compute Cloud (Amazon EC2) instances can be hosted on hardware shared with any other AWS customer. Which two services allow this? 1. Dedicated Instances 2. Placement groups 3. Security groups 4. Dedicated Hosts

1,4 A, D. Dedicated Instances run on hardware that’s dedicated to a single customer. As a customer runs more Dedicated Instances, more underlying hardware may be dedicated to their account. Dedicated Hosts are physical servers with Amazon EC2 instance capacity fully dedicated to a single customer’s use.

AWS Trusted Advisor is available through which AWS Application Programming Interface (API)? 1. AWS Trusted Advisor 2. AWS Support 3. Amazon Elastic Compute Cloud (Amazon EC2) 4. Amazon Relational Database Service (Amazon RDS)

2 B.<o:p></o:p> AWS Trusted Advisor data is available within the AWS Support API.<o:p></o:p>

What is the difference between an Amazon DynamoDB Query operation and an Amazon DynamoDB Scan operation? 1. A Query operation is restricted to only one table and a Scan operation can act on more than one table. 2. A Query operation finds items in a table or a secondary index using only primary key attribute values and a Scan operation reads every item in a table or a secondary index. 3. A Query operation finds items in an Amazon Dynamo DB table or Amazon Relational Database Service (Amazon RDS) table and a Scan operation reads every item in either an Amazon Dynamo DB table or Amazon RDS table. 4. A Query operation requires a Structured Query Language (SQL) input whereas a Scan operation does not require a SQL input.

2 B. Amazon DynamoDB supports Query operations that require an input value and Scan operations that do not require an input value when retrieving data from a table.

Which of the following is an AWS Directory Service offering that is powered by Samba 4 and is Microsoft Active Directory-compatible? 1. AD Connector 2. Simple AD 3. Seamless Domain Join 4. Mini Microsoft AD

2 B. Simple AD is powered by Samba 4 and is Microsoft Active Directory-compatible.

Which of the following best describes an Amazon Virtual Private Cloud (Amazon VPC) private subnet? 1. A subnet that resides within a public availability zone 2. A subnet with an associated route table that does not have a route directing all non-local traffic to the VPC’s Internet Gateway (IGW) 3. A subnet with an associated route table that does have a route directing all non-local traffic to the VPC’s IGW 4. A subnet with a route table that contains at least one private route

2 B. A private subnet is a subnet that does not have a route to the IGW.

Which component within an Amazon Virtual Private Cloud (Amazon VPC) controls how traffic is directed? 1. Network Access Control List (ACL) 2. Route table 3. Internet gateway 4. Security group

2 B. A route table contains a set of rules (called routes) that are used to determine where network traffic is directed.

Which of the following are not found in an AWS Identity and Access Management (IAM) policy? 1. Action 2. Temporary security token 3. Effect (deny/allow) 4. Source IP address

2 B. A temporary security token is a temporary principal with which a policy is associated through an IAM role. The Source IP address can be referenced in a condition.

Your company publishes an image library used by hundreds of customer websites. The site contains thousands of images and the library services over 100,000 requests per second. You would like to take advantage of the price and scalability of Amazon Simple Storage Service (Amazon S3) to implement this workload. What should you do to ensure the best performance? 1. Sort the images in alphabetical order. 2. Add a randomized prefix to every object name. 3. Store the images in a bucket in a single availability zone. 4. Configure the bucket for Server Access Logging.<o:p></o:p>

2 B. Adding a prefix will ensure the best performance. Sorting the objects is not possible. Amazon S3 is a regional service, and all data is automatically replicated across multiple availability zones for durability. Logging will have no effect on performance.

Which of the following Amazon Relational Database Service (Amazon RDS) database engines are compatible with MySQL? 1. Oracle 2. Amazon Aurora 3. Microsoft SQL Server 4. PostgreSQL

2 B. Amazon Aurora is compatible with MySQL.

You would like to set an alarm to notify you if the number of error messages in your Windows application log gets too high. How can you use Amazon Cloud Watch to accomplish this? 1. Enter a ticket with AWS Support to set up the monitoring 2. Use the Amazon Cloud Watch Logs agent to export the Windows Application Log to Amazon Cloud Watch 3. Monitor the Application Error metric under Amazon Cloud Watch 4. Use AWS Config to monitor the Windows Application Log

2 B. Amazon Cloud Watch cannot look inside your instance to monitor the errors in the Windows Application Log, but Amazon Cloud Watch Logs gives you the ability to install an agent that can export otherwise internal logs to Amazon Cloud Watch. AWS Support cannot see inside your instance and does not have a monitoring service offering. AWS Config tracks the configuration of your AWS infrastructure and does not monitor its health.

Your company has 1 PB of scientific research data that has been summarized and the results stored in a MySQL database. While there is no need to access the raw measurements, they must be retained indefinitely. Which of the following storage plans meets these needs in the most cost-efficient manner? 1. Store the data on Amazon Elastic Block Store (Amazon EBS) Magnetic volumes. 2. Store the data on Amazon Glacier. 3. Store the data on Amazon Simple Storage Service (Amazon S3). 4. Store the data on Amazon Simple Storage Service (Amazon S3) Reduced Redundancy Storage (RRS).

2 B. Amazon Glacier is the most cost-efficient AWS storage service, providing all the durability of Amazon S3. The 3–5 hour retrieval delay will not be a problem for raw data that is essentially never accessed.

How long does it take to retrieve an object from Amazon Glacier? 1. The object is available immediately upon request 2. Three to five hours 3. One to two days 4. Between overnight and one business week, depending on the class of the shipping service

2 B. Amazon Glacier objects are retrieved online (not shipped) and will be available in three to five hours.

Your company runs an application that relies on a legacy database system. The database requires two TB of block storage and 40,000 IOPS of storage capacity. What architecture will support the requirements for this database? 1. Store the database in an Amazon Simple Storage Service (Amazon S3) bucket 2. Two Amazon Elastic Block Store (Amazon EBS) Provisioned IOPS volumes, each provisioned for 20,000 IOPS in a RAID 0 configuration 3. A single Amazon EBS General Purpose SSD volume 4. AWS Storage Gateway

2 B. Amazon S3 is object storage, so it will not work for this example. Amazon EBS General Purpose SSD volumes have a maximum IOPS of 10,000. AWS Storage Gateway makes no IOPS claims, so it cannot be relied upon to provide this level of performance. Spreading the data across two Amazon EBS Provisioned IOPS volumes can spread the IOPS across two volumes, creating total IOPS for the volume of 40,000.

How many IP addresses does AWS reserve within a subnet for its own networking purposes? 1. None 2. Five 3. Three 4. One

2 B. Amazon reserves the first four IP addresses and the last IP address of every subnet for IP networking purposes.

What feature allows an application running on an Amazon Elastic Compute Cloud (Amazon EC2) instance to access Amazon Simple Storage Service (Amazon S3) without storing an access key on the instance? 1. Windows Active Directory credentials 2. An Amazon EC2 role 3. AWS Key Management Service (Amazon KMS) 4. An Amazon Identity and Access Management (IAM) User

2 B. An Amazon EC2 role allows an application to obtain a temporary security token with the permissions associated with the role. Windows Active Directory Credentials do not authorize AWS actions, AWS KMS deals with encryption keys, and an IAM User must be authenticated with an access key.

With which of the following is an Amazon Virtual Private Cloud (Amazon VPC) Elastic Network Interface (ENI) associated? 1. An Amazon Elastic Compute Cloud (Amazon EC2) instance 2. A VPC subnet 3. A VPC 4. A VPC’s Internet Gateway (IGW)

2 B. An ENI is associated with a VPC subnet.

What is a common pattern for implementing loose coupling between services? 1. Synchronous integration 2. Asynchronous integration 3. Exponential back off 4. Standard deviation

2 B. Asynchronous integration is a common pattern for loose coupling between services. It is suitable for interactions that do not need an immediate response and where an acknowledgement that a request has been registered will suffice.

How does identity federation work? 1. The user’s identity in an external Identity Provider (IdP) is directly granted access to AWS resources. 2. A temporary security token with specific permissions is provided for a console session based on the user’s identity in an external Identity Provider (IdP). 3. A new AWS Identity and Access Management (IAM) User is created dynamically based on a user’s identity in an external Identity Provider (IdP). 4. The user’s identity in an external Identity Provider (IdP) is added to an AWS Identity and Access Management (IAM) group.

2 B. Identity federation is based on temporary security tokens. Access cannot be granted directly to external identities, nor can they be added to IAM groups.

You downloaded a 25 GB video to the z:\ drive of your Amazon Elastic Compute Cloud (Amazon EC2) instance. To get more compute, you stopped the instance to change the instance type, then restarted the instance. When you connect to your instance again, you notice that the video is no longer on the z:\ drive. What is the likely cause? 1. The public IP address changed when the instance was stopped and started. 2. The z:\ is instance storage and data is lost when the instance is stopped. 3. Lifecycle policies on the z:\ volume automatically deleted the file after a set time period. 4. When the instance restarted, it did so on a different underlying host machine.

2 B. Instance storage is lost when an instance is stopped and started. The public IP address and underlying host have no impact on this. Lifecycle policies are an Amazon Simple Storage Service (Amazon S3) feature and do not apply to block storage like instance storage and Amazon Elastic Block Store (Amazon EBS) storage.

A shipping company tracks the location of every package using bar code readers that transfer over wireless back to the main tracking system. The resulting traffic averages 10,000 scans a second. What service will process the incoming stream of scans and update the data in the tracking system on a near real-time basis? 1. Kinesis Fire hose 2. Kinesis Stream 3. Amazon Data Pipeline 4. Amazon Elastic Map Reduce (Amazon EMR)

2 B. Kinesis Stream allows you to create custom applications to analyze big data streams in real time.

Which of the following must you leverage in your cloud applications in order to take advantage of the cloud’s parallelization quality? 1. Synchronicity 2. Multi-threading 3. Exponential backoff 4. Asynchronicity

2 B. Leveraging multiple threads for processing, as opposed to using a single thread, will take advantage of the cloud’s native parallelization quality.

What is the maximum visibility timeout for an Amazon Simple Queue Service (Amazon SQS) message? 1. 20 seconds 2. 12 hours 3. 1 day 4. 14 days

2 B. The maximum visibility timeout for an Amazon SQS message is 12 hours.

Your company maintains a photo library with 100 million photos available for licensing. The total storage requirement for the photos themselves is 200 GB. There is also a low-resolution version of each photo generated, with those versions taking up a total of 10 GB. Your company runs on very low margins, so minimizing cost is important. What is a cost-effective way to store all your photos? 1. Store the original photos on Amazon Simple Storage Service (Amazon S3) and the low-resolution versions on Amazon Elastic Block Store (Amazon EBS). 2. Store the original photos on Amazon Simple Storage Service (Amazon S3) and the low-resolution versions on Amazon S3 Reduced Redundancy Storage (RRS). 3. Store the original photos Amazon S3 Reduced Redundancy Storage (RRS) and the low-resolution versions on Amazon Simple Storage Service (Amazon S3). 4. Store the original versions on Amazon Glacier and the low-resolution versions on

2 B. The originals cannot be replaced, so they must be stored on Amazon S3 because it is the most durable. Nothing can be stored on Amazon Glacier as customers can’t wait 3–5 hours for their photos. Since the low-resolution versions can be recreated, using the less durable Amazon S3 RRS storage is a good cost-reducing option. Amazon EBS is a higher-cost storage service with capabilities not needed for this workload.

How many Internet Protocol Security (IPSec) tunnels are established when creating a Virtual Private Network (VPN) connection between a Customer Gateway (CGW) and Virtual Private Gateway (VPG)? 1. 1 2. 2 3. 3 4. 4

2 B. Two IPSec tunnels are established between the CGW and the VPG to provide higher availability of the VPN connection.

Your company has a legacy application running locally on a Virtual Machine (VM) on Windows 2008. The application is a compute workload that has no state. The original development team is no longer with the firm, and recreating the VM would be extremely difficult and time-consuming. To mitigate the risk, the company wants to create a Disaster Recovery installation for this application on AWS. What method accomplishes this in a straightforward and cost-effective manner? 1. Use VM Import/Export to load the VM on AWS as an Amazon Elastic Compute Cloud (Amazon EC2) Instance. Leave the instance running. 2. Use VM Import/Export to load the VM on AWS as an Amazon Machine Image (AMI). Launch an Amazon EC2 instance from the AMI to confirm operation, then terminate the Amazon EC2 instance until failover is needed. 3. Launch a proxy server on AWS that redirects calls to AWS to the local VM. 4. Use Amazon Route 53 to route reques

2 B. VM Import/Export is an excellent way to get the VM image into AWS, but there is no need to pay the compute costs of a running instance while the DR installation is not needed. Neither C nor D create a DR environment.

Which AWS Cloud service is designed to help web developers focus on writing code rather than spending time managing and configuring servers, databases, load balancers, firewalls, and networks? 1. AWS CloudFormation 2. AWS Elastic Beanstalk 3. AWS OpsWorks 4. AWS CodeDeploy

2 B. Web developers upload their application and AWS Elastic Beanstalk automatically handles the deployment details of capacity provisioning, load balancing, autoscaling, and application health monitoring.

Which Amazon Simple Queue Service (Amazon SQS) identifier must be used to delete a message from a queue? 1. Message ID 2. Receipt Handle 3. Queue URL 4. Deletion ID

2 B. You must provide the receipt handle for the message in order to delete it from a queue.

Which of the following AWS Cloud services are Multi-AZ by design? (Choose 2answers) 1. Amazon Relational Database Service (Amazon RDS) 2. Amazon Simple Storage Service (Amazon S3) 3. Amazon Dynamo DB 4. AWS Storage Gateway 5. Amazon Virtual Private Cloud (Amazon VPC)

2,3 B and C. Amazon S3 and Amazon DynamoDB are designed with a Multi-AZ architecture.

The Signature Version 4 digital signature calculation process provides which security benefits? (Choose 2 answers) 1. Data confidentiality 2. Message integrity 3. Replay attack prevention 4. Certification 5. Recertification

2,3 B and C. The Signature Version 4 digital signature calculation process provides message integrity and prevents against replay attacks.

Which of the following are appropriate use cases for Amazon Simple Storage Service (Amazon S3)? (Choose 2 answers) 1. Storing the data files for a MySQL database 2. Hosting a static website 3. Storing a library of video files 4. Storing CAD files being edited by multiple users at the same time 5. Implementing a cache in front of a database

2,3 B, C. Amazon S3 is object storage, so there is no interface that allows the random read/write block storage. Responses A and D both require block storage and are inappropriate workloads for Amazon S3.

Which of the following AWS Cloud services provide you the ability to manage your own symmetric and asymmetric keys? (Choose 2 answers) 1. AWS Identity and Access Management (IAM) 2. AWS Key Management Service (AWS KMS) 3. AWS Certificate Manager (AWS ACM) 4. Amazon Simple Storage Service (Amazon S3) 5. AWS CloudHSM

2,5 B and E.<o:p></o:p> AWS KMS is a managed service that makes it easy for you to create and control the symmetric encryption keys used to encrypt your data. AWS CloudHSM is a service that makes it easy for you to create and control both symmetric and asymmetric keys used to encrypt and decrypt data.<o:p></o:p>

Which of the following Open System Interconnection (OSI) layers are configurable on an Elastic Load Balancer? (Choose 2 answers) 1. Layer 3 2. Layer 4 3. Layer 5 4. Layer 6 5. Layer 7

2,5 B and D. Layer 4 is the transport layer that describes the Transmission Control Protocol (TCP) connection between the client and your back-end instance through the load balancer. Layer 7 is the application layer that describes the use of Hypertext Transfer Protocol (HTTP) and HTTPS (secure HTTP) connections from clients to the load balancer and from the load balancer to your back-end instance.

Which of the following characteristics does the instance type define for a new Amazon Elastic Compute Cloud (Amazon EC2) instance? (Choose 2 answers) 1. The operating system version and configuration 2. The number of virtual CPUs 3. Software installed on the instance at launch 4. The external IP address 5. The amount of internal memory

2,5 B and E. The instance type defines the virtual hardware allocated to the instance. Any external IP addresses are assigned by Amazon and are not controlled by the instance type.

Which of the following services is a proxy service for connecting your on-premises Microsoft Active Directory to the AWS Cloud? 1. AWS Directory Service for Microsoft Active Directory (Enterprise Edition) 2. Simple AD 3. AD Connector 4. AWS LDAP

3 C. AD Connector is a proxy service for connecting your on-premises Microsoft Active Directory to the AWS Cloud without requiring complex directory synchronization or the cost and complexity of hosting a federation infrastructure.

Which AWS service would you use to support an audit of Application Programming Interface (API) calls made to your account? 1. AWS Config 2. AWS Trusted Advisor 3. AWS Cloud Trail 4. AWS Lambda

3 C. AWS Cloud Trail is a web service that records API calls made on your account and delivers log files to your Amazon Simple Storage Service (Amazon S3) bucket.

Which of the following describes AWS OpsWorks components? 1. Stacks, layers, and apps 2. Stacks and layers 3. Stacks, layers, Chef recipes, instances, and apps 4. Stacks, layers, instances, and apps

3 C. AWS OpsWorks comprises stacks, layers, Chef recipes, instances, and apps.

Which IT automation language is supported by AWS OpsWorks? 1. Salt Stack 2. Slack 3. Chef 4. Ansible

3 C. AWS OpsWorks uses Chef cookbooks to handle tasks such as installing and configuring packages and deploying applications.

Which of the following best describes how AWS Signature Version 4 secures requests? 1. Verify the identity of the requestor. 2. Verify the identity of the requestor and protect data in transit. 3. Verify the identity of the requestor, protect data in transit, and protect against potential replay attacks. 4. Verify the identity of the requestor and protect against potential replay attacks.

3 C. AWS Signature Version 4 verifies the identity of the requestor, protects data in transit, and protects against potential replay attacks.

Your company publishes a high-definition photo library with subscribers located worldwide. Due to the level of definition, the photo files are very large and catalog pages are required to download large amounts of static images. Which service can be leveraged to provide your users with the most responsive experience? 1. AWS Direct Connect 2. Amazon Virtual Private Cloud (Amazon VPC) 3. Amazon CloudFront 4. AWS Storage Gateway

3 C. Amazon CloudFront will cache static images at edge locations around the world, creating a more responsive user experience.

Your company’s senior management wants to launch an e-commerce web application in the cloud. The application will be two-tiered and the data layer will receive hundreds of reads and writes per second due to customers searching for and purchasing items. Which of the following is the best service to use to deliver the data layer for the e-commerce application? 1. Amazon Elastic Block Store (Amazon EBS) 2. Amazon Simple Storage Service (Amazon S3) 3. Amazon Relational Database Service (Amazon RDS) 4. Amazon Redshift

3 C. Amazon RDS is the best service to use to deliver the data layer to the application because the activity is highly transactional in nature.

Which of the following AWS storage services is best suited for the following requirement:“Your web application needs large-scale storage capacity and performance.” 1. Amazon Glacier 2. Amazon Dynamo DB 3. Amazon Simple Storage Service (Amazon S3) 4. Amazon Elastic Block Store (Amazon EBS)

3 C. Amazon S3 is a highly-scalable, reliable, low-latency data storage infrastructure.

Which of the following services support the ability to push notifications directly to mobile applications? 1. AWS Mobile Hub 2. Amazon Mobile Push 3. Amazon Simple Notification Service (Amazon SNS) 4. Amazon Simple Queue Service (Amazon SQS)

3 C. Amazon SNS is the service that can push notifications to mobile applications.

Which of the following explains why referencing an Elastic Load Balancing load balancer by its Domain Name System (DNS) Canonical Name (CNAME) is a best practice? 1. Referencing an Elastic Load Balancing load balancer by its DNS CNAME is not a best practice. 2. An Elastic Load Balancing load balancer’s DNS CNAME will change over time, but a subsequent call to Amazon CloudWatch will return the current IP address for the load balancer. 3. An Elastic Load Balancing load balancer’s DNS CNAME will not change over time, providing you with a single fixed addressing entry, regardless of the pool of IPs referenced by the CNAME. 4. An Elastic Load Balancing load balancer’s DNS CNAME will not change over time, providing you with a single fixed addressing entry, and DNS queries will return the single IP address referenced by the CNAME.

3 C. An Elastic Load Balancing load balancer’s DNS CNAME provides you with a single DNS entry that references a dynamic set of IP addresses that are used by the load balancer based on traffic demand.

Your company needs to perform a tech refresh on 200 TB of on-premises storage and has decided to move the data to Amazon Simple Storage Service (Amazon S3). Your data center Internet connection has an average of 1 Gbps of available bandwidth. What is the best way to move your data to Amazon S3? 1. Use the Command Line Interface (CLI) to transfer the data over the Internet. 2. Write a custom program to transfer the data using multi-part upload. 3. Use three AWS Import/Export Snowball appliances. 4. Use AWS Data Pipeline.

3 C. Any transfer over the Internet is going to take nearly 20 days of continuous data transfer, constricting any peak traffic during the entire interval. Transferring data with three 80 GB Snowball appliances is simple, fast, secure, and can be as little as one-fifth the cost of high-speed Internet.

What is the result of enabling Proxy Protocol on an Elastic Load Balancer? 1. Nothing, an Elastic Load Balancer cannot be configured for Proxy Protocol. 2. The Elastic Load Balancer is configured to interoperate with a proxy. 3. A human-readable header is added to the request header with connection information such as the source IP address, destination IP address, and port numbers. 4. Three human-readable headers are added to the request header: IP address of the client, destination IP address, and destination port number.

3 C. By default, when you use Transmission Control Protocol (TCP) for both the front-end and back-end connections, your load balancer forwards requests to the back-end instances without modifying the request headers. If you enable Proxy Protocol, a human-readable header is added to the request header with connection information such as the source IP address, destination IP address, and port numbers.

What is the functional difference between an Amazon Simple Queue Service (Amazon SQS) delay queue and Amazon SQS visibility timeout? 1. There is no difference. 2. Delay queues make messages unavailable to specific consumers upon arrival to the queue and visibility timeouts make messages unavailable to specific consumers after being retrieved from the queue. 3. Delay queues make messages unavailable upon arrival to the queue and visibility timeouts make messages unavailable after being retrieved from the queue. 4. Delay queues are queues that are created after a configurable delay period and visibility timeouts are a configurable time period for no further messages to be retrieved from the queue.

3 C. Delay queues make messages unavailable upon arrival to the queue and visibility timeouts make messages unavailable after being retrieved from the queue.

The application you are running on your HPC cluster is very sensitive to network jitter between Amazon Elastic Compute Cloud (Amazon EC2) instances. What Amazon EC2 feature helps reduce jitter? 1. Amazon Elastic Block Store (Amazon EBS Optimized Amazon EC2 instances) 2. Dedicated instances 3. Enhanced networking 4. AWS Identity and Access Management (IAM) roles for Amazon EC2

3 C. Enhanced networking explicitly addresses network jitter as a benefit. Amazon EBS Optimized instances only affect IO to Amazon EBS storage. Dedicated instances just addresses tenancy—while there may be some impact on jitter, the feature makes no claims to that effect. IAM roles for Amazon EC2 are a security and authorization feature and have no impact on jitter.

You are running a photomontage application that takes many photo files from Amazon Simple Storage Service (Amazon S3), assembles them into a single large image that includes all of the photos, and stores the resulting image back on Amazon S3. As part of the processing, your application requires access to block storage for writing temporary files. What storage is well suited for this workload? 1. Amazon S3 2. Amazon Dynamo DB 3. Instance storage 4. Amazon Elastic Block Store (Amazon EBS)

3 C. Instance storage is free with the instance, and the SSD volumes have excellent performance. Since the data is temporary within the scope of creating a single large image, there is no concern about the lifetime of an instance storage volume. Amazon EBS would work, but it would cost more, especially to match the performance of an SSD instance volume. Neither Amazon DynamoDB nor Amazon S3 are block storage.

Issuance of temporary tokens to authenticated entities through federation, credential rotation, and assigning permissions to AWS Identity and Access Management (IAM) roles for Amazon Elastic Compute Cloud (Amazon EC2) instances is an example of adhering to which security principle? 1. Data integrity 2. Confidentiality 3. Least privilege 4. Non-repudiation

3 C. Least privilege security is delivered through the issuance of temporary tokens, rotating credentials, and using roles for Amazon EC2 instances instead of placing long-term IAM user credentials with code on the Amazon EC2 instance.

You have an application that indexes documents and makes them available via a browser-based interface. The documents are stored on a block storage device accessed by the application over an iSCSI interface, but time of retrieval is not a critical factor. As the number of documents grows, you have been tasked with increasing the capacity of the application, as well as providing durable backup for the documents. What service can meet your requirements? 1. AWS Storage Gateway – gateway-stored volume 2. Amazon Simple Storage Service (Amazon S3) bucket 3. AWS Storage Gateway – gateway-cached volume 4. Amazon Redshift

3 C. Neither Amazon S3 nor Amazon Redshift are block storage. AWS Storage Gateway – gateway-cached volumes provide an iSCSI interface to block storage and copy all files to Amazon S3 for durability. Gateway-cached volumes also store only the most frequently used files locally, allowing you to store more data on your AWS Storage Gateway than would fit on your local physical storage.

Your organization has a registration application that runs easily on two Amazon Elastic Compute Cloud (Amazon EC2) instances for the vast majority of the year. At the end of February there is a registration deadline when the traffic load increases by a factor of five. What is an appropriate mix of Amazon EC2 Instances for this situation? 1. Purchase 10 Reserved Instances to handle the load for the entire year. 2. Run two On-Demand Instances to handle the load for the entire year, and then add eight On-Demand Instances during the last two weeks of February. 3. Purchase two Reserved Instances to handle the load for the entire year, and then add eight On-Demand Instances during the last two weeks of February. 4. Purchase two Reserved Instances to handle the load for the entire year, and then scale the instance type up by a factor of five during the last two weeks of February.

3 C. Purchase Reserved Instances only for instances that will be running a very high percentage of the time and augment those with On-Demand Instances for short peaks in traffic. Scaling up is seldom a good option—in this case you would lose the benefit of your Reserved Instances during the last two weeks in February because Reserved Instances are specific to the instance type.

Your company website includes hundreds of product manuals. Your data center is full and there is no room for more servers or storage, so you have been instructed to reduce storage requirements, lower compute needs, and improve response time for the entire website. What architectural pattern will achieve this? 1. Add an Amazon CloudFront distribution in front of the entire site on-premises. 2. Migrate the product manuals to Amazon Simple Storage Service (Amazon S3), mount the Amazon S3 bucket as a drive from your web servers, and add an Amazon CloudFront distribution with one origin pointing to the web farm. 3. Migrate all product manuals to Amazon Simple Storage Service (Amazon S3), create an Amazon CloudFront distribution with two origins, and use path patterns to point one origin to the manuals on Amazon S3 and the other to your web farm. 4. Migrate all the product manuals to AWS Storage Gateway, have the web farm

3 C. Response A will improve user response time but will not reduce storage needs. Response B is impossible, as Amazon S3 cannot be mounted as a drive, and Response D will either not reduce storage (if it is a gateway-stored volume) or add latency to retrieve files from the cloud (if it is a gateway-cached volume). Response C will reduce storage needs by moving the manuals out of the data center, plus improve response and reduce server load by caching content at Amazon CloudFront edge locations.

Your company provides videos to registered customers that pay a monthly fee. You want to provide low-latency access to the content, but restrict access to only paid subscribers. Which Amazon Cloud Front feature will allow you to achieve this outcome? 1. Multiple Origins 2. RTMP Streaming 3. Signed URLs 4. Origin access identity

3 C. Signed URLs restrict access to content by providing paid subscribers with links that are valid for a limited period of time and, optionally, only valid from a particular IP address range.

Which one of the following is the most important benefit of using a cloud environment? 1. Avoiding the work of buying and racking computer hardware. 2. The ability to move applications into and out of data centers that you do not operate. 3. The ability to use the cloud’s Application Programming Interface (API) to automate deployment processes and to build self-healing systems. 4. The ability to submit a support case using the AWS Management Console.

3 C. The API is the most important benefit of cloud.

Which of the following measured values requires a custom metric to be logged by Amazon CloudWatch? 1. Network traffic 2. CPU utilization 3. Number of requests handled by a web server 4. Disk write operations

3 C. The shared responsibility model prevents Amazon CloudWatch from seeing values internal to your instances. Network traffic, CPU utilization, and disk IO can all be recorded without access to the operating system. Number of requests can only be seen within the operating system, so it requires a custom metric or CloudWatch Logs to view.

What method will allow you to log in to a new Amazon Elastic Compute Cloud (Amazon EC2) Linux instance using Secure Shell (SSH)? 1. Use an AWS Identity and Access Management (IAM) User with Amazon EC2 login permissions 2. Specify the root password as an input parameter upon launch 3. Launch SSH and provide the private half of the key pair associated with the instance 4. You cannot log in directly to an Amazon EC2 Linux instance

3 C. When Amazon EC2 Linux instances are launched, the public half of the key pair associated with the instance is stored on the instance. Providing the private half of the key pair allows SSH access. Logging in depends on Linux-based authentication/authorization, so IAM credentials will not work. There is no mechanism to specify the administrator password as an input parameter to the launch instance operation.

What method will allow you to log in to a new Amazon Elastic Compute Cloud (Amazon EC2) Windows instance using RDP? 1. Use an AWS Identity and Access Management (IAM) user with Amazon EC2 login permissions. 2. Specify the administrator password as an input parameter upon launch. 3. Decrypt the administrator password for the instance using the private half of the key pair associated with the instance. 4. You cannot log in directly to an Amazon EC2 Windows instance.

3 C. When Amazon EC2 Windows instances are launched, a randomized password for the administrator account is created and encrypted using the public half of the key pair associated with the instance. Decrypting this with the private half of the key pair allows you to log in. Logging in depends on Windows-based authentication/authorization, so IAM credentials will not work. There is no mechanism to specify the administrator password as an input parameter to the launch instance operation.

You are undergoing a Payment Card Industry Data Security Standard (PCI DSS) compliance audit, and your auditor needs to run a vulnerability scan on your AWS environment. Which of the following is true? 1. AWS runs these scans automatically for you. Contact AWS Support and ask for a copy of the most recent scan. 2. Vulnerability scans violate the AWS Acceptable Use Policy (AUP) and cannot be run under any circumstances. 3. You need to request permission from AWS before running a vulnerability scan. 4. You can do this using Amazon Cloud Watch; initiate a scan under the Vulnerability Scans section of the service's console.

3 C. You need to request permission from AWS prior to running a vulnerability scan.

Which of the following network actions are not possible within AWS? (Choose 2 answers) 1. Store and forward 2. Prerendering 3. IP spoofing 4. Promiscuous packet sniffing 5. Packet streaming

3,4 C and D.<o:p></o:p> Amazon Elastic Compute Cloud (Amazon EC2) instances cannot send spoofed network traffic and they can only receive packets that are destined for their IP address.<o:p></o:p>

Which of the following are true about temporary security tokens? (Choose 2 answers) 1. They are stored in the AWS Key Management Service (AWS KMS). 2. They control traffic between instances.<o:p></o:p> 3. They are only valid for a specified period of time. 4. They are the underlying implementation of AWS Identity and Access Management (IAM) roles for Amazon Elastic Compute Cloud (Amazon EC2). 5. They grant initial Secure Shell (SSH) access to Linux instances.

3,4 C, D. AWS KMS stores and manages encryption keys. Security groups, network Access Control Lists (ACLs), and operating system firewalls control traffic between instances. The duration of a temporary security token is passed when a token is requested. IAM roles for Amazon EC2 provide authorization to applications on an Amazon EC2 instance with a temporary security token.

Amazon Elastic Compute Cloud (Amazon EC2) supports which type of key pair? 1. X.509 certificate key pair 2. Symmetric key pair 3. RSA 1024 SSH-2 key pair 4. RSA 2048 SSH-2 key pair

4 D.<o:p></o:p> Amazon EC2 supports RSA 2048 SSH-2 key pairs.<o:p></o:p>

Your company’s senior management wants to query several data stores in order to obtain a “big picture” view of the business. The amount of data contained within the data stores is at least 2 TB in size. Which of the following is the best AWS service to deliver results to senior management? 1. Amazon Elastic Block Store (Amazon EBS) 2. Amazon Simple Storage Service (Amazon S3) 3. Amazon Relational Database Service (Amazon RDS) 4. Amazon Red shift

4 D. Amazon Redshift is the best choice for data warehouse workloads that typically span multiple data repositories and are at least two terabytes in size.

You are deploying a static website on Amazon Simple Storage Service (Amazon S3). After naming your bucket with a proper Domain Name Service (DNS) name, enabling and configuring website hosting, uploading your content, and redirecting your domain name to the bucket, users still cannot load the page. What is a possible problem? 1. An Amazon Elastic Compute Cloud (Amazon EC2) instance must be configured as a web server 2. Access Logs must be turned on for the bucket 3. A route must be added to the routing table for the Amazon S3 bucket 4. The website content was not set to publicly readable

4 D. A web server is not needed for a static website on Amazon S3. Access Logs have no effect on the visibility of Amazon S3 content. There are no routing tables for Amazon S3.

Your workload needs low network latency and high network throughput between Amazon Elastic Compute Cloud (Amazon EC2) instances. Which feature will help you achieve this? 1. Amazon Elastic Block Store (Amazon EBS)-Optimized Amazon EC2 instances 2. Amazon Virtual Private Cloud (Amazon VPC) 3. Security groups 4. Amazon EC2 placement groups

4 D. Amazon EC2 placement groups enable applications to participate in a low-latency, 10 Gbps network. Amazon VPC allows you to define network architecture but does not increase network performance. Amazon EBS-Optimized Amazon EC2 instances reserve network bandwidth for an instance to communicate with Amazon EBS storage, which is not the goal in this example. Security groups allow you to control traffic, but they do not increase network performance.

Which of the following describes the range of Classless Inter-Domain Routing (CIDR) addressing supported by Amazon Virtual Private Cloud (Amazon VPC)? 1. In CIDR notation, from /30 (8 IP addresses) to /24 (256 IP addresses) 2. In CIDR notation, from /30 (8 IP addresses) to /16 (65,536 IP addresses) 3. In CIDR notation, from /28 (16 IP addresses) to /24 (256 IP addresses) 4. In CIDR notation, from /28 (16 IP addresses) to /16 (65,536 IP addresses)

4 D. An Amazon VPC may be as small as 16 available IP addresses and as large as 65,536 IP addresses.

What function does an Amazon Virtual Private Cloud (Amazon VPC) Internet Gateway (IGW) serve? 1. An IGW provides a target in your VPC route tables for Internet-routable and VPN-routable traffic. 2. An IGW provides Port Address Translation (PAT) for instances that have been assigned public IP addresses. 3. An IGW serves two purposes: to provide a target in your VPC route tables for Internet-routable and VPN-routable traffic and to provide PAT for instances that have been assigned public IP addresses. 4. An IGW serves two purposes: to provide a target in your VPC route tables for Internet-routable traffic and to perform Network Address Translation (NAT) for instances that have been assigned public IP addresses.

4 D. An IGW provides a target for Internet-routable traffic, and it performs NAT for instances that have been assigned public IP addresses.

Which of the following Amazon Redshift components does a client application interact with directly? 1. All nodes in the cluster 2. Leader node and slave nodes 3. Leader node and the first slave node 4. Leader node

4 D. Client applications interact directly with the Amazon Redshift cluster leader node; the slave nodes are transparent to external applications.

How is data copied from an Amazon Relational Database Service (Amazon RDS) MySQL, MariaDB, or PostgreSQL source database to a Read Replica? 1. Store and forward 2. Immediately 3. Synchronously 4. Asynchronously

4 D. Data is copied asynchronously from the source database to the Read Replica.

Your company has a security policy stating that all new servers must include all of the latest Linux security updates when first configured. How can you comply with this policy when launching new Amazon Elastic Compute Cloud (Amazon EC2) instances in an Auto Scaling group on AWS? 1. Create an Amazon Machine Image (AMI) with all of the latest security patches at the beginning of every month and launch all instances from that AMI. 2. Log in to every new instance using Secure Shell (SSH) and manually install the latest security patches. 3. Use the current Amazon Linux AMI. 4. Launch all new instances with a bootstrapping script that installs all of the latest updates.

4 D. Downloading the patches with a bootstrapping script will ensure that it is run automatically when an instance is launched and is a very common bootstrap task. Creating a new image at the beginning of every month would launch instances that did not include any patches released since the beginning of the month. Because the instances are launched in an Auto Scaling group and can be launched at any time, manually connecting right at launch time is not feasible. AWS updates the current Linux AMI approximately twice a year, so the AMI will usually be missing the latest security patches.

What does AWS Identity and Access Management (IAM) control? 1. Database permissions 2. Operating system logon 3. Application authorization 4. Access to AWS resources

4 D. IAM is only for accessing the AWS Application Programming Interface (API) through the AWS Management Console, Command Line Interface (CLI), or Software Development Kit (SDK).

Your company’s web application recently had a service interruption when the CPU usage spiked. When reviewing the logs, you found that the five-minute interval between Amazon CloudWatch metrics prevented you from fully analyzing the problem. What can you do to ensure that you have more granular visibility in the future? 1. Set up an Amazon CloudWatch alarm on CPU utilization. 2. Deploy new instances of a larger instance type in the same instance family. 3. Use Dedicated Instances. 4. Deploy new instances with detailed monitoring enabled.

4 D. Instances with detailed monitoring report their metric values every minute instead of every five minutes.

Which of the following provides an automated way to send log data to CloudWatch Logs for Amazon Elastic Compute Cloud (Amazon EC2) instances running Amazon Linux or Ubuntu? 1. CloudLog 2. CloudLogs agent 3. AWS CloudTrail 4. CloudWatch Logs agent

4 D. The CloudWatch Logs agent is available to download and install on Amazon EC2 instances running Amazon Linux or Ubuntu that can be configured to send log file data to CloudWatch Logs.

Your company stores financial records in Amazon Simple Storage Service (Amazon S3), but wants to minimize costs. Once created, the records are accessed regularly for the first two months, then used rarely for summary reporting for up to one year. After that they must be retained for compliance reasons for seven years, but only accessed in response to discovery requests or other legal actions. What lifecycle policies should you implement? 1. Store data in Amazon S3, migrate to Amazon S3 Reduced Redundancy Storage (RRS) after two months, migrate to Amazon Glacier after one year, and then delete after seven years 2. Store data in Amazon S3, migrate to Amazon Glacier after two months, and then delete after seven years 3. Store data in Amazon S3 Infrequent Access (IA) after two months, migrate to Amazon Glacier after one year, and then delete after seven years 4. Store data in Amazon S3, migrate to Amazon S3 Infrequent Ac

4 D. The data must always be stored with the highest durability, so any Amazon S3 RRS option will not work. The access will be frequent for two months, so Amazon S3 IA will not be cost effective. If the data goes to Amazon Glacier too early (Response B) then the company will not be able to create summaries quickly.

Which of the following types of security credentials are supported within AWS? 1. Email address and password 2. AWS Identity and Access Management (IAM) user name and password 3. Multi-Factor Authentication (MFA) 4. Access keys 5. Key pairs 6. All of the above

6 F. AWS supports all of the security credentials listed.

Ver todos los conjuntos de estudio

AWS Certified Solutions Architect Practice Exams

Conjuntos de estudio relacionados

PATHO CH 28

Adaptive Learning Assignment 14

Macromolecules- Section 2.3

Chapter 8: Thinking, Language, and Intelligence

unit 4

OB / PEDS IRATs

Közigazgatási jog I.

Communications Summer Session 2 Quiz Chapters 1-5

Acc 201- Quiz 2

Endocrine

U.S. Presidents 1-45 (names,years, and party)

Common Derivatives (AB Calculus)

NR283 Ch.20

CSFA A&P

Patho Ch. 51 - Alterations in Musculoskeletal Function: Trauma, Infection, and Disease

ACA 111-112 Terminology of Academics & Degrees

CH6 Bone Tissue and the Skeletal System

LAW 231- Comprehensive Exam 2 (Part 1)

Factorial Design

Exam 1