AWS Developer Associate Exam Questions
How much Cloudformation does cost per hour? Choose the correct answer from the options below Please select : A. 0.05$ B. 0.10$ C. 0.15$ D. There is no cost
D. There is no cost
How many requests in SQS are available in the free tier? Choose the correct answer from the options below Please select : A. 1000 B. 1 million C. 10,000 D. 10 million
B. 1 million
What is the hourly rate to run a VPC? Choose the correct answer from the options below Please select : A. .002/hour B. .01/hour C. Free D. .05/hour
C. Free
For how long can a SWF workflow task or task execution can live up to? Choose the correct answer from the options below. Please select : A. 14 days B. 24 hours C. 1 year D. 3 days
C. 1 year Each workflow execution can run for a maximum of 1 year. Each workflow execution history can grow up to 25,000 events. If your use case requires you to go beyond these limits, you can use features Amazon SWF provides to conmtinue executions and structure your applications using child workflow executions
Can a VPC subnet can have multiple route tables. Choose the correct answer from the options below Please select : A. True B. False
B. False
Once a message has been published to SNS, can it be recalled? Choose one answer from the options below Please select : A. True B. False
B. False
What are the different programming language SDK's available for SWF. Choose 3 correct answer from the options below. Please select : A. .Net B. PHP C. Erlang D. Java
A. .Net B. PHP D. Java
How many global secondary indexes are allowed per table? Choose the correct answer from the options below. Please select : A. 5 B. 1 C. 10 D. 15
A. 5
Is it possible to use IAM to manage access to SWF? Choose the correct answer from the options below. Please select : A. True B. False
A. True
To enable a VPC EC2 instance to be publicly accessible without a NAT instance or NAT Gateway, it must have a public IP address inside of a subnet that has a route to an internet gateway. Choose the correct answer from the options below Please select : A. True B. False
A. True
What is maximum limit for the size of an item collection in DynamoDB? Choose an answer from the options below Please select : A. 1 GB B. 10MB C. 10 GB D. 100 MB
C. 10 GB Every item collection in DynamoDB is subject to a maximum size limit of 10 Gb. For any distinct partition key value, the sum of the item sizes in the table plus the sum of the item sizes across all of the table's local secondary indexes must not exceed 10 GB
In regard to Dynamo DB, can I modify the index once it is created? Yes, if it is a Global secondary index Yes, if it is a primary hash key index Yes, if it is a local secondary index No
No
Which of the following are subject to eventual consistency? Choose the correct answer from the options below Please select : A. S3 objects in the US-East-1 region B. Reads of a DynamoDB table, unless you specify otherwise C. All reads of a DynamoDB table D. S3 objects in the US-Standard region
Reads of a DynamoDB table, unless you specify otherwise
Which DynamoDB limits can be raised by contacting AWS support? Choose 2 answers The number of hash keys per account The maximum storage used per account The number of provisioned throughput units per account The number of tables per account The number of local secondary indexes per account
The number of provisioned throughput units per account The number of tables per account
When uploading an object, what request header can be explicitly specified in a request to Amazon S3 to encrypt object data when saved on the server side? x-amz-security-token x-amz-server-side-encryption x-amz-storage-class Content-MD5
x-amz-server-side-encryption If you want the target object encrypted using server-side encryption with AWS-managed keys, you must provide the x-amz-server-side-encryption request header.
will be cheapest and easy to use? AWS EC2 AWS RRS AWS S3 AWS Glacier
AWS RRS AWS RRS provides the same functionality as AWS S3, but at a cheaper rate. It is ideally suited for non mission critical applications. It provides less durability than S3, but is a cheaper option
A t2.medium EC2 instance type must be launched with what type of Amazon Machine Image (AMI)? An Instance store Paravirtual AMI An Instance store Hardware Virtual Machine AMI An Amazon EBS-backed Hardware Virtual Machine AMI An Amazon EBS-backed Paravirtual AMI
An Amazon EBS-backed Hardware Virtual Machine AMI
If you are connecting to AWS from a computer, not an EC2 instance, you need to create an AWS user, attach permissions, and use the API access key and secret access key in your code. Choose the correct answer from the options below Please select : A. True B. False
Answer - A Users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI), Tools for Windows PowerShell, the AWS SDKs, or direct HTTP calls using the APIs for individual AWS services. To fill this need, you can create, modify, view, or rotate access keys (access key IDs and secret access keys) for IAM users.
You have an environment that consists of a public subnet using Amazon VPC and 3 instances that are running in this subnet. These three instances can successfully communicate with other hosts on the Internet. You launch a fourth instance in the same subnet, using the same AMI and security group configuration you used for the others, but find that this instance cannot be accessed from the internet. What should you do to enable Internet access? Configure a publically routable IP Address in the host OS of the fourth instance. Assign an Elastic IP address to the fourth instance. Deploy a NAT instance into the public subnet. Modify the routing table for the public subnet.
Assign an Elastic IP address to the fourth instance. Using an Elastic IP address (EIP) enables an instance in a VPC, which is otherwise private, to be reached from the Internet through an Internet gateway (for example, it could act as a web server).
A user is planning to host MS SQL on an EBS volume. It was recommended to use the AWS RDS. What advantages will the user have if he uses RDS in comparison to an EBS based DB? Automated backup Better throughput with PIOPS MS SQL is not supported with RDS High availability with multi AZs
Automated backup
Which of the following is an incorrect S3 bucket name? Choose 2 correct answer from the options below Please select : A. 1-demo.com B. 10.2.181.2 C. 1Demo.com D. 1demo.com
B. 10.2.181.2 C. 1Demo.com Below are the naming conventions for S3 buckets The bucket name can be between 3 and 63 characters long, and can contain only lower-case characters, numbers, periods, and dashes. Each label in the bucket name must start with a lowercase letter or number. The bucket name cannot contain underscores, end with a dash, have consecutive periods, or use dashes adjacent to periods. The bucket name cannot be formatted as an IP address (198.51.100.24).
What is the maximum number of SWF domains allowed in an AWS account? Choose the correct answer from the options below. Please select : A. 50 B. 100 C. 200 D. 1000
B. 100 You can have a maximum of 10,000 workflow and activity types (in total) that are either registered or deprecated in each domain. You can have a maximum of 100 Amazon SWF domains (including registered and deprecated domains) in your AWS account.
Company B is writing 10 items to the products table every second. Each item is 15.5Kb in size. What would be the required provisioned write throughput for best performance? Choose the correct answer from the options below. Please select : A. 10 B. 160 C. 155 D. 16
B. 160 For write capacity , the rule is to divide the item size by 1KB. Hence we need to divide 15.5 by 1 which gives us 16 to the nearest 1KB. Since we are writing 10 items per second , we need to multiply 10*16 = 160.
What is the limit to the number of characters for a topic name in sns? Choose one answer from the options below Please select : A. 128 B. 256 C. 512 D. 1024
B. 256 Topic names are limited to 256 characters. Alphanumeric characters plus hyphens (-) and underscores (_) are allowed. Topic names must be unique within an AWS account.
When a subscriber subscribes to a topic in SNS, what is the time period available for confirmation? Choose one answer from the options below Please select : A. 1 day B. 3 Days C. 5 Days D. 10 Days
B. 3 Days
A DynamoDB table can contain ____ local secondary indexes on a table. Choose a correct answer from the options below Please select : A. 3 B. 5 C. 10 D. 2
B. 5
What is the maximum size of an S3 object? Choose an answer from the options below Please select : A. 5GB B. 5TB C. 1TB D. 500MB
B. 5TB
Which command line commands list all current stacks in your CloudFormation service? Choose the 2 correct answers from the options below Please select : A. AWS cloudformation create-stack B. AWS cloudformation list-stacks C. AWS cloudformation describe-stack-resources D. AWS cloudformation describe-stacks
B. AWS cloudformation list-stacks D. AWS cloudformation describe-stacks The AWS cloudformation list-stacks command enables you to get a list of any of the stacks you have created (even those which have been deleted up to 90 days). You can use an option to filter results by stack status, such as CREATE_COMPLETE and DELETE_COMPLETE. The AWS cloudformation list-stackscommand returns summary information about any of your running or deleted stacks, including the name, stack identifier, template, and status. The AWS cloudformation describe-stacks command provides information on your running stacks. You can use an option to filter results on a stack name. This command returns information about the stack, including the name, stack identifier, and status.
While working with the S3 API you receive the error: 403 forbidden. What is the most likely cause of this? Choose a correct answer from the options below Please select : A. BucketAlreadyExists B. AccessDenied C. BadDigest D. NoSuchBucket
B. AccessDenied 403 Forbiden is an AccessDenied Error code
You have multiple instances behind private and public subnets. None of the instances have an EIP assigned to them. How can you connect them to the internet to download system updates? Choose the correct answer from the options below Please select : A. Assign EIP to each instance B. Create a NAT instance C. Connect to a VPN D. Use both a NAT instance and a VPN
B. Create a NAT instance You can use a network address translation (NAT) instance in a public subnet in your VPC to enable instances in the private subnet to initiate outbound IPv4 traffic to the Internet or other AWS services, but prevent the instances from receiving inbound traffic initiated by someone on the Internet.
You have created a mobile application that relies on reading data from DynamoDB. How could you give each mobile device permissions to read from DynamoDB? Choose an answer from the options below Please select : A. Connect to an EC2 instance which will pull the data from DynamoDB securely B. Create an IAM role that can be assumed by an app that allows federated users C. Add the username and password into the app code D. Create an IAM user
B. Create an IAM role that can be assumed by an app that allows federated users
Which API call would best be used to describe an Amazon Machine Image? Choose the correct answer from the options below Please select : A. DescribeImage B. DescribeImages C. ami-describe-image D. ami-describe-images
B. DescribeImages Describes one or more of the images (AMIs, AKIs, and ARIs) available to you. Images available to you include public images, private images that you own, and private images owned by other AWS accounts but for which you have explicit launch permissions.
Which statement about DynamoDB is true? Choose a correct answer from the options below Please select : A. DynamoDB does not support conditional writes. B. DynamoDB uses optimistic concurrency control. C. DynamoDB is a relational database service. D. None of the above
B. DynamoDB uses optimistic concurrency control. Optimistic locking is a strategy to ensure that the client-side item that you are updating (or deleting) is the same as the item in DynamoDB. If you use this strategy, then your database writes are protected from being overwritten by the writes of others — and vice-versa
Server-side encryption is about data encryption at rest. That is, Amazon S3 encrypts your data at the object level as it writes it to disk in its data centers and decrypts it for you when you go to access it. There are a few different options depending on how you choose to manage the encryption keys. One of the options is called 'Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)'. Which of the following best describes how this encryption method works? Choose the correct answer from the options below Please select : A. There are separate permissions for the use of an envelope key (that is, a key that protects your data's encryption key) that provides added protection against unauthorized access of your objects in S3 and also provides you with an audit trail of when your key was used and by whom. B. Each object is encrypted with a unique key employing strong encryption. As an additional safeguard, it encrypts the key itself with a master key that it regularly rotates. C. You manage the encryption keys and Amazon S3 manages the encryption, as it writes to disk, and decryption, when you access your objects. D. A randomly generated data encryption key is returned from Amazon S3, which is used by the client to encrypt the object data.
B. Each object is encrypted with a unique key employing strong encryption. As an additional safeguard, it encrypts the key itself with a master key that it regularly rotates. S3 provide many encryption techniques. Use Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3) - Each object is encrypted with a unique key employing strong multi-factor encryption. As an additional safeguard, it encrypts the key itself with a master key that it regularly rotates. Amazon S3 server-side encryption uses one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256), to encrypt your data.
10.2.181.56 is a valid S3 bucket name. Choose a correct answer from the options below Please select : A. True B. False
B. False Below are the naming conventions for S3 buckets The bucket name can be between 3 and 63 characters long, and can contain only lower-case characters, numbers, periods, and dashes. Each label in the bucket name must start with a lowercase letter or number. The bucket name cannot contain underscores, end with a dash, have consecutive periods, or use dashes adjacent to periods. The bucket name cannot be formatted as an IP address (198.51.100.24).
S3 Bucket ownership is transferable. Choose a correct answer from the options below Please select : A. True B. False
B. False By default, all Amazon S3 resources—buckets, objects, and related subresources (for example, lifecycleconfiguration and website configuration)—are private: only the resource owner, an AWS account that created it, can access the resource. The resource owner can optionally grant access permissions to others by writing an access policy.
AWSTemplateFormatVersion declaration is required for the template to work inside CloudFormation. Choose an answer from the options below Please select : A. True B. False
B. False The AWSTemplateFormatVersion section (optional) identifies the capabilities of the template. The latest template format version is 2010-09-09 and is currently the only valid value.
The only SNS notification event supported by S3 is S3:ReducedRedundancyLostObject. Choose the correct answer from the options below Please select : A. True B. False
B. False Currently, Amazon S3 can publish the following events: A new object created event—Amazon S3 supports multiple APIs to create objects. You can request notification when only a specific API is used (e.g., s3:ObjectCreated:Put) or you can use a wildcard (e.g., s3:ObjectCreated:*) to request notification when an object is created regardless of the API used. An object removal event—Amazon S3 supports deletes of versioned and unversioned objects. You can request notification when an object is deleted or a versioned object is permanently deleted by using the s3:ObjectRemoved:Delete event type. Or you can request notification when a delete marker is created for a versioned object by usings3:ObjectRemoved:DeleteMarkerCreated. You can also use a wildcards3:ObjectRemoved:* to request notification anytime an object is deleted. A Reduced Redundancy Storage (RRS) object lost event—Amazon S3 sends a notification message when it detects that an object of the RRS storage class has been lost.
S3 does not generally handle error codes with HTTP responses. Choose the correct answer from the options below Please select : A. True B. False
B. False When there is an error, the header information contains: Content-Type: application/xml An appropriate 3xx, 4xx, or 5xx HTTP status code
You have created an Elastic Load Balancer with Duration-Based sticky sessions enabled in front of your six EC2 web application instances in US-West-2. For High Availability, there are three web application instances in Availability Zone 1 and three web application instances in Availability Zone 2. To load test, you set up a software-based load tester in Availability Zone 2 to send traffic to the Elastic Load Balancer, as well as letting several hundred users browse to the ELB's hostname. After a while, you notice that the users' sessions are spread evenly across the EC2 instances in both AZ's, but the software-based load tester's traffic is hitting only the instances in Availability Zone 2. What steps can you take to resolve this problem? Choose the 2 correct answer from the options below Please select : A. Create a software-based load tester in US-East-1 and test from there B. Force the software-based load tester to re-resolve DNS before every request C. Use a third party load-testing service to send requests from globally distributed clients D. Switch to Application-Controlled sticky sessions
B. Force the software-based load tester to re-resolve DNS before every request C. Use a third party load-testing service to send requests from globally distributed clients "If you do not ensure that DNS is re-resolved or use multiple test clients to simulate increased load, the test may continue to hit a single IP address when Elastic Load Balancing has actually allocated many more IP addresses. Because your end users will not all be resolving to that single IP address, your test will not be a realistic sampling of real-world behavior."
You have just set up a push notification service to send a message to an app installed on a device with the Apple Push Notification Service. It seems to work fine. You now want to send a message to an app installed on devices for multiple platforms, those being the Apple Push Notification Service(APNS) and Google Cloud Messaging for Android (GCM). What do you need to do first for this to be successful? Choose the correct answer from the options below Please select : A. Create a Platform Application Object which will connect all of the mobile devices with your app to the correct SNS topic. B. Get a set of credentials in order to be able to connect to the push notification service you are trying to setup. C. Request a Token from Mobile Platforms, so that each device has the correct access control policies to access the SNS publisher. D. Request Credentials from Mobile Platforms, so that each device has the correct access control policies to access the SNS publisher.
B. Get a set of credentials in order to be able to connect to the push notification service you are trying to setup. For Amazon SNS to send notification messages to mobile endpoints, whether it is direct or with subscriptions to a topic, you first need to register the app with AWS. To register your mobile app with AWS, enter a name to represent your app, select the platform that will be supported, and provide your credentials for the notification service platform. After the app is registered with AWS, the next step is to create an endpoint for the app and mobile device. The endpoint is then used by Amazon SNS for sending notification messages to the app and device.
If an application is storing hourly log files from thousands of instances from a high traffic web site, which naming scheme would give optimal performance on S3? A. Sequential B. HH-DD-MM-YYYY-log_instanceID C. instanceID_log-HH-DD-MM-YYYY D. instanceID_log-YYYY-MM-DD-HH E. YYYY-MM-DD-HH-log_instanceID
B. HH-DD-MM-YYYY-log_instanceID
You're creating a forum DynamoDB database for hosting web forums. Your "thread" table contains the forum name and each "forum name" can have one or more "subjects". What primary key type would you give the thread table in order to allow more than one subject to be tied to the forum primary key name? Choose an answer from the options below Please select : A. Primary and range B. Hash and Range C. Hash D. Range and Hash
B. Hash and Range The partition key of an item is also known as its hash attribute. The term hash attribute derives from DynamoDB's usage of an internal hash function to evenly distribute data items across partitions, based on their partition key values. The sort key of an item is also known as its range attribute. The term range attribute derives from the way DynamoDB stores items with the same partition key physically close together, in sorted order by the sort key value.
Which of the following is not a benefit of a query over a scan? Choose the correct answer from the options below. Please select : A. Returns all attributes on an item B. It does not do consistent reads C. Much more efficient because it searches indexes only D. Returns the items matching the primary key search
B. It does not do consistent reads Query and Scan both support eventual consistent reads. Where A, C and D are advantages of Query over Scan. Query over Scan Returns the item matching the primary key search. Returns all attributes of an item, or only the ones you want Much more efficiency because it searches indexes only Is eventually consistent by default but can request a consistent read
By default, what event occurs if your CloudFormation receives an error during creation? Choose a correct answer from the options below Please select : A. DELETE_IN_PROGRESS B. ROLLBACK_IN_PROGRESS C. DELETE_COMPLETE D. CREATION_IN_PROGRESS
B. ROLLBACK_IN_PROGRESS By default, the "automatic rollback on error" feature is enabled. This will cause all AWS resources that AWS CloudFormation created successfully for a stack up to the point where an error occurred to be deleted
fn:GetAtt is used on a CloudFormation template to: Choose an answer from the options below Please select : A. Conditionally create stack resources B. Return the value of an attribute from a resource on the template C. Appends a set of values into a single value which can include resources on the template D. Returns the value corresponding to keys into a two-level map declared in the mappings section
B. Return the value of an attribute from a resource on the template The intrinsic function Fn::GetAtt returns the value of an attribute from a resource in the template.
You define the following S3 bucket policy to grant users access to your bucket, but the S3 bucket policy editor will not allow you to submit it. Why is this policy not working? Choose the correct answer from the options below { "Id": "Policy1441839160967", "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1441839157568", "Action": [ "s3:ListBucket" ], "Effect": "Allow", "Resource": "arn:AWS:s3:::demo.testbucket.2 " } ] } Please select : A. This is a NACL B. S3 bucket policies require a Principal be defined C. The Resource name is incorrect - S3 bucket names cannot contain periods D. This is an IAM policy
B. S3 bucket policies require a Principal be defined In its most basic sense, a policy contains the following elements: Resources - Buckets and objects are the Amazon S3 resources for which you can allow or deny permissions. In a policy, you use the Amazon Resource Name (ARN) to identify the resource. Actions - For each resource, Amazon S3 supports a set of operations. You identify resource operations you will allow (or deny) by using action keywords Effect - What the effect will be when the user requests the specific action—this can be either allow or deny. Principal - The account or user who is allowed access to the actions and resources in the statement. You specify a principal only in a bucket policy. It is the user, account, service, or other entity who is the recipient of this permission. In a user policy, the user to which the policy is attached is the implicit principal.
What is the main advantage of using Amazon SQS? Choose the correct answer from the options below Please select : A. SQS allows time-critical messages to be sent through a push mechanism eliminating the need to poll for data B. SQS is used by distributed applications and can be used to decouple sending and receiving components without requiring each application component to be concurrently available C. SQS is the only method available that interacts with workers D. None of the above
B. SQS is used by distributed applications and can be used to decouple sending and receiving components without requiring each application component to be concurrently available Amazon Simple Queue Service (SQS) is a fast, reliable, scalable, fully managed message queuing service. Amazon SQS makes it simple and cost-effective to decouple the components of a cloud application. You can use Amazon SQS to transmit any volume of data, without losing messages or requiring other services to be always available.
Company B provides an online image recognition service and utilizes SQS to decouple system components for scalability. The SQS consumers poll the imaging queue as often as possible to keep end-to-end throughput as high as possible. However, Company B is realizing that polling in tight loops is burning CPU cycles and increasing costs with empty responses. How can Company B reduce the number empty responses? Choose the correct answer from the options below Please select : A. Set the imaging queue VisibilityTimeout attribute to 20 seconds B. Set the imaging queue ReceiveMessageWaitTimeSeconds Attribute to 20 seconds C. Set the DelaySeconds parameter of a message to 20 seconds D. Set the imaging queue MessageRetentionPeriod attribute to 20 seconds
B. Set the imaging queue ReceiveMessageWaitTimeSeconds Attribute to 20 seconds Amazon SQS long polling is a way to retrieve messages from your Amazon SQS queues. While the regular short polling returns immediately, even if the message queue being polled is empty, long polling doesn't return a response until a message arrives in the message queue, or the long poll times out. Long polling makes it inexpensive to retrieve messages from your Amazon SQS queue as soon as the messages are available. Using long polling might reduce the cost of using SQS, because you can reduce the number of empty receives To enable long polling u need to set the value of ReceiveMessageWaitTimeSeconds to greater than 0 and less than or equal to 20 seconds.
Your app is using SQS to create distributed applications. Your messages need to contain more information than the 256KB SQS limit size allowed. How could you solve this problem? Choose a correct answer from the options below Please select : A. Contact Amazon and request an increase to the message size for your account B. Store the information in S3 and attach retrieval information to the message for the application to process C. Compress the information inside of SQS messages D. Use DynamoDB instead of SQS
B. Store the information in S3 and attach retrieval information to the message for the application to process
Your supervisor calls you wanting to know why she has not been receiving email notifications for AWS billing alerts. What do you suspect the problem might be and how can you find out? Choose 3 correct answer from the options below Please select : A. The SNS queue is not AutoScaling properly. Verify by viewing Performance Statistics in SNS. B. The SNS Subscription is not configured for Email notifications. Verify by viewing Subscriptions for the appropriate Topic in SNS C. Your supervisor has not responded to the confirmation email sent from SNS when you added a subscription for her email address. Verify by viewing Subscriptions for the appropriate Topic in SNS D. Billing alerts are not configured. Verify by viewing Billing Alerts in Account Preferences
B. The SNS Subscription is not configured for Email notifications. Verify by viewing Subscriptions for the appropriate Topic in SNS C. Your supervisor has not responded to the confirmation email sent from SNS when you added a subscription for her email address. Verify by viewing Subscriptions for the appropriate Topic in SNS D. Billing alerts are not configured. Verify by viewing Billing Alerts in Account Preferences To receive messages published to a topic, you have to subscribe an endpoint to that topic. An endpoint is a mobile app, web server, email address, or an Amazon SQS queue that can receive notification messages from Amazon SNS. Once you subscribe an endpoint to a topic and the subscription is confirmed, the endpoint will receive all messages published to that topic. For more information on Topic subscription please visit the below link: http://docs.aws.amazon.com/sns/latest/dg/SubscribeTopic.html Before you create a billing alarm, you must enable billing alerts. You need to do this only once. After you enable billing alerts, you can't turn them off. For more information on the billing alerts please visit the below link: http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/free-tier-alarms.html
You attempt to create a new S3 bucket "Demo-Bucket-1234-US-East-2-Production-Envrionment-12.25.14" in the US-EAST-2 region and the bucket creation fails. Why? Choose the correct answer from the options below. Please select : A. The bucket name uses the dash character ("-") B. The bucket name uses capital letters. C. The length of the bucket name is longer than the limit of 63 characters. D. The bucket name uses the period character (".")
B. The bucket name uses capital letters. Below are the naming conventions for S3 buckets The bucket name can be between 3 and 63 characters long, and can contain only lower-case characters, numbers, periods, and dashes. Each label in the bucket name must start with a lowercase letter or number. The bucket name cannot contain underscores, end with a dash, have consecutive periods, or use dashes adjacent to periods. The bucket name cannot be formatted as an IP address (198.51.100.24).
When using the Ref function in CloudFormation, what do we get back if we pass in the logical ID of an AWS::EC2::Instance object? Choose the correct answer from the options below Please select : A. The object's creation status B. The object's InstanceId C. Nothing, the AWS::EC2::Instance is not a valid resource type D. All of the attributes associated with that EC2 instance resource
B. The object's InstanceId Ref: When you pass the logical ID of an AWS::EC2::Instance object to the intrinsic Ref function, the object's InstanceID is returned. For example: i=636be302
You decide to create a bucket on AWS S3 called 'bucketever' and then perform the following actions in the order that they are listed here. - You upload a file to the bucket called 'file1' - You enable versioning on the bucket - You upload a file called 'file2' - You upload a file called 'file3' - You upload another file called 'file2' Which of the following is true for your bucket 'bucketever'? Please select : A. There will be 1 version ID for file1, there will be 2 version IDs for file2 and 1 version ID for file3 B. The version ID for file1 will be null, there will be 2 version IDs for file2 and 1 version ID for file3 C. There will be 1 version ID for file1, the version ID for file2 will be null and there will be 1 version ID for file3 D. All file version ID's will be null because versioning must be enabled before uploading objects to 'bucketever'
B. The version ID for file1 will be null, there will be 2 version IDs for file2 and 1 version ID for file3
Company B is using Amazon SQS to decouple their systems for scaleability. However, they need to send messages up to 456Kb in size. What might Company B do in order to send more than 256KB of data? Choose the correct answer from the options below Please select : A. Set the MaximumMessageSize attribute to 456KB B. Use the Amazon SQS Extended Client Library for Java C. Any of the above D. Request an increase of the message limit by contacting Amazon
B. Use the Amazon SQS Extended Client Library for Java
Your application is trying to upload a 6 GB file to Simple Storage Service and receive a "Your proposed upload exceeds the maximum allowed object size." error message. What is a possible solution for this? Choose the correct answer from the options below Please select : A. None, Simple Storage Service objects are limited to 5 GB B. Use the multipart upload API for this object C. Use the large object upload API for this object D. Contact support to increase your object size limit
B. Use the multipart upload API for this object The Multipart upload API enables you to upload large objects in parts. You can use this API to upload new large objects or make a copy of an existing object (see Operations on Objects). Multipart uploading is a three-step process: You initiate the upload, you upload the object parts, and after you have uploaded all the parts, you complete the multipart upload. Upon receiving the complete multipart upload request, Amazon S3 constructs the object from the uploaded parts, and you can then access the object just as you would any other object in your bucket.
What is one of the major use cases for using SWF? Choose the correct answer from the options below. Please select : A. Storing files In S3. B. Video encoding. C. Storing files In database. D. Provisioning servers.
B. Video encoding.
You are deploying your first EC2 instance in AWS and are using the AWS console to do this. You have chosen your AMI and your instance type and have now come to the screen where you configure your instance details. One of the things that you need to decide is whether you want to auto-assign a public IP address or not. You assume that if you do not choose this option you will be able to assign an Elastic IP address later, which happens to be a correct assumption. Which of the below options best describes why an Elastic IP address would be preferable to a public IP address? Choose the correct answer from the options below Please select : A. An Elastic IP address is free, whilst you must pay for a public IP address. B. With an Elastic IP address, you can mask the failure of an instance or software by rapidly remapping the address to another instance in your account. C. You can have an unlimited amount of Elastic IP addresses, however public IP addresses are limited in number. D. An Elastic IP address cannot be accessed from the internet like a public IP address and hence is safer from a security standpoint.
B. With an Elastic IP address, you can mask the failure of an instance or software by rapidly remapping the address to another instance in your account.
One of your requirements is to setup an S3 bucket to store your files like documents and images. However, those objects should not be directly accessible via the S3 URL, they should ONLY be accessible from pages on your website so that only your paying customers can see them. How could you implement this? Choose the correct answer from the options below Please select : A. Use HTTPS endpoints to encrypt your data B. You can use a bucket policy and check for the AWS:Referer key in a condition, where that key matches your domain C. You can't. The S3 URL must be public in order to use it on your website. D. You can use server-side and client-side encryption, where only your application can decrypt the objects
B. You can use a bucket policy and check for the AWS:Referer key in a condition, where that key matches your domain Suppose you have a website with domain name (www.example.com or example.com) with links to photos and videos stored in your S3 bucket, examplebucket. By default, all the S3 resources are private, so only the AWS account that created the resources can access them. To allow read access to these objects from your website, you can add a bucket policy that allows s3:GetObject permission with a condition, using theAWS:referer key, that the get request must originate from specific webpages.
You are writing an AWS CloudFormation template and you want to assign values to properties that will not be available until runtime. You know that you can use intrinsic functions to do this but are unsure as to which part of the template they can be used in. Which of the following is correct in describing how you can currently use intrinsic functions in an AWS CloudFormation template? Choose an answer from the options below Please select : A. You can use intrinsic functions in any part of a template. B. You can use intrinsic functions only in specific parts of a template. Currently, you can use intrinsic functions in resource properties, outputs, metadata attributes, and update policy attributes. You can also use intrinsic functions to conditionally create stack resources C. You can use intrinsic functions only in the resource properties part of a template. D. You can use intrinsic functions in any part of a template, except AWSTemplateFormatVersion and Description
B. You can use intrinsic functions only in specific parts of a template. Currently, you can use intrinsic functions in resource properties, outputs, metadata attributes, and update policy attributes. You can also use intrinsic functions
Which of the following is a valid S3 bucket name? Choose the correct answer from the options below Please select : A. .demo.com B. demo.com C. -demo.com D. demo.-com
B. demo.com Some of the naming restrictions for buckets are given below Bucket names must be at least 3 and no more than 63 characters long. Bucket names must be a series of one or more labels. Adjacent labels are separated by a single period (.). Bucket names can contain lowercase letters, numbers, and hyphens. Each label must start and end with a lowercase letter or a number. Bucket names must not be formatted as an IP address (e.g., 192.168.5.4). When using virtual hosted-style buckets with SSL, the SSL wildcard certificate only matches buckets that do not contain periods. To work around this, use HTTP or write your own certificate verification logic. We recommend that you do not use periods (".") in bucket names.
Company B has a DynamoDB table where the average item size is 10KB. Company B anticipates the application will read 100 items from the table per second using eventually consistent reads. How much read capacity throughput should they provision? Choose the correct answer from the options below. Please select : A. 200 B. 300 C. 150 D. 100
C. 150 For read capacity, the rule is to divide the item size by 4KB. Hence we need to divide 10 by 4 which gives us 3 to the nearest 4KB. Since we are writing 100 items per second, we need to multiply 100*3 =300. Since it is eventual consistency , we need to divide by 2 which gives us 150.
Company B is using strongly consistent reads to request 50 items per second from their customer table. Each item is 20KB in size. What throughout would be required to efficiently handle the read throughput of the table ? Please select : A. 150 B. 50 C. 250 D. 125
C. 250 For read capacity, the rule is to divide the item size by 4KB. Hence we need to divide 20 by 4 which gives us 5 to the nearest 4KB. Since we are writing 50 items per second, we need to multiply 50*5 = 250.
You have items in your table that are 12KB in size and you want to have 10 strongly consistent reads per second. How many read capacity units would you need to provision? Choose a correct answer from the options below Please select : A. 300 B. 10 C. 30 D. 1
C. 30 Since we the item size is 12KB , hence if we near it the nearest 4KB , we get 3. And since we need 10 reads, its 3*10 = 30.
How many secondary indexes are allowed per table? Choose the correct answer from the options below. Please select : A. There is no limit B. 10 C. 5 D. 1
C. 5
Amazon S3 can use what type of server side encryption? Choose the correct answer from the options below Please select : A. MARS B. RC6 C. AES256 D. TKIP256
C. AES256
Which of the following is a default limit in S3? Choose the correct answer from the options below Please select : A. Objects have no size limitation B. Objects can have a maximum size of 5 GB C. Accounts can have a maximum of 100 buckets D. Buckets can have a maximum size of 5 TB
C. Accounts can have a maximum of 100 buckets
When can you add a secondary index to a table? Choose the correct answer from the options below. Please select : A. Anytime but a request to AWS is required so they do it for you B. Anytime as long as it is done with the AWS console C. Anytime if it is a global index D. Only at table creation time
C. Anytime if it is a global index
While working with the AWS API you receive the following error message: 409 Conflict. What might be the cause of this error? Please select : A. BadDigest B. User does not have proper permissions to make the API call C. Bucket already exists D. Bucket name does not exist
C. Bucket already exists
Your "forums" table has a primary key of "id". Using DynamoDB, you're able to query the data based on the id primary key. You need to be able to query the forums table by userId. What would you add to the table during table creation time? Choose a correct answer from the options below Please select : A. Create a second table that contains all the information by userId. B. Create a hash and range primary key. C. Create a secondary index. D. None of the above
C. Create a secondary index. Some applications might need to perform many kinds of queries, using a variety of different attributes as query criteria. To support these requirements, you can create one or more global secondary indexes and issue Query requests against these indexes
You want to find out what AMIs are available for you to use in a given region. Which API call is most appropriate? Choose an answer from the options below Please select : A. ListInstances B. ListAMIs C. DescribeImages D. DescribeAMIs
C. DescribeImages Describes one or more of the images (AMIs, AKIs, and ARIs) available to you. Images available to you include public images, private images that you own, and private images owned by other AWS accounts but for which you have explicit launch permissions.
A corporate web application is deployed within an Amazon VPC, and is connected to the corporate data center via IPSec VPN. The application must authenticate against the on-premise LDAP server. Once authenticated, logged-in users can only access an S3 keyspace specific to the user. Choose 2 answer from the options below Please select : A. The application authenticates against LDAP. The application then calls the IAM Security Service to login to IAM using the LDAP credentials. The application can use the IAM temporary credentials to access the appropriate S3 bucket. B. Develop an identity broker which authenticates against IAM Security Token Service to assume an IAM Role to get temporary AWS security credentials. The application calls the identity broker to get AWS temporary security credentials with access to the app C. Develop an identity broker which authenticates against LDAP, and then calls IAM Security Token Service to get IAM federated user credentials. The application calls the identity broker to get IAM federated user credentials. D. The application authenticates against LDAP, and retrieves the name of an IAM role associated with the user. The application then calls the IAM Security Token Service to assume that IAM Role. The application can use the temporary credentials to access the app.
C. Develop an identity broker which authenticates against LDAP, and then calls IAM Security Token Service to get IAM federated user credentials. The application calls the identity broker to get IAM federated user credentials. D. The application authenticates against LDAP, and retrieves the name of an IAM role associated with the user. The application then calls the IAM Security Token Service to assume that IAM Role. The application can use the temporary credentials to access the app. If you already manage user identities outside of AWS, you can use IAM identity providers instead of creating IAM users in your AWS account. With an identity provider , you can manage your user identities outside of AWS and give these external user identities permissions to use AWS resources in your account. This is useful if your organization already has its own identity system, such as a corporate user directory. It is also useful if you are creating a mobile app or web application that requires access to AWS resources.
Which statement about DynamoDB is true? Choose the correct answer from the options below Please select : A. DynamoDB uses a pessimistic locking model. B. DynamoDB restricts item access during reads. C. DynamoDB uses conditional writes for consistency. D. DynamoDB restricts item access during writes.
C. DynamoDB uses conditional writes for consistency. To help clients coordinate writes to data items, DynamoDB supports conditional writes for PutItem,DeleteItem, and UpdateItem operations. With a conditional write, an operation succeeds only if the item attributes meet one or more expected conditions; otherwise it returns an error.
Which API call would you use to query an item by it's primary hash key? Choose the correct answer from the options below Please select : A. PutItem B. Scan C. GetItem D. query
C. GetItem The GetItem operation returns a set of attributes for the item with the given primary key. If there is no matching item, GetItem does not return any data and there will be no Item element in the response. GetItem provides an eventually consistent read by default. If your application requires a strongly consistent read, set ConsistentRead to true. Although a strongly consistent read might take more time than an eventually consistent read, it always returns the last updated value.
You have created a VPC that has just one subnet with an internet gateway attached and required route table entry set. Which of the following is true with regards to the connection of an EC2 instance located in the VPC? Choose the correct answer from the options below. Please select : A. It can connect. B. It does not need a NAT instance or an EIP to communicate with the internet. C. It needs an EIP or public IP assigned to it in order to connect to the internet and send data in or out. D. None of the above
C. It needs an EIP or public IP assigned to it in order to connect to the internet and send data in or out.
The following code snippet is the parameters section of a CloudFormation template that you have written. "Parameters" : { "KeyName": { "Description" : "answer to the question", "Type": "AWS::EC2::KeyPair::KeyName", ... } } Which of the the following is the best description of what this section will do once you run your CloudFormation template? Please select : A. It will ask you if you want to create a new key pair to use. B. It will ask you to input any name and that name will then be the name of the new key pair it will generate. C. It will ask you to provide the name of an existing EC2 KeyPair to use. D. It will create a new key pair automatically for you named KeyName.
C. It will ask you to provide the name of an existing EC2 KeyPair to use. When you use AWS-specific parameter types, anyone who uses your template to create or update a stack must specify existing AWS values that are in his account and in the region for the current stack. AWS-specific parameter types help ensure that input values for these types exist and are correct before AWS CloudFormation creates or updates any resources. For example, if you use the AWS::EC2::KeyPair::KeyName parameter type, AWS CloudFormation validates the input value against users' existing key pair names before it creates any resources, such as Amazon EC2 instances.
Which of the following statements is true about SQS standard queues? Choose the correct answer from the options below. Please select : A. Messages will be delivered one or more times and messages will be delivered in First in, First out order B. Messages will be delivered exactly once and message delivery order is indeterminate C. Messages will be delivered one or more times and message delivery order is indeterminate D. Messages will be delivered exactly once and messages will be delivered in First in, First out order
C. Messages will be delivered one or more times and message delivery order is indeterminate
For best performance when retrieving data from a table, what "type" of API call should you perform? Choose the correct answer from the options below. Please select : A. Filtered B. Scan C. Query D. Query then Scan
C. Query A Query operation uses the primary key of a table or a secondary index to directly access items from that table or index. Use the KeyConditionExpression parameter to provide a specific value for the partition key. The Queryoperation will return all of the items from the table or index with that partition key value. You can optionally narrow the scope of the Query operation by specifying a sort key value and a comparison operator in KeyConditionExpression. You can use the ScanIndexForward parameter to get results in forward or reverse order, by sort key.
You run an ad-supported photo sharing website using S3 to serve photos to visitors of your site. At some point you find out that other sites have been linking to the photos on your site, causing loss to your business. What is an effective method to mitigate this? Choose the correct answer from the options below Please select : A. Use CloudFront distributions for static content. B. Store photos on an EBS volume of the web server. C. Remove public read access and use signed URLs with expiry dates. D. Block the IPs of the offending websites in Security Groups.
C. Remove public read access and use signed URLs with expiry dates. You can distribute private content using a signed URL that is valid for only a short time—possibly for as little as a few minutes. Signed URLs that are valid for such a short period are good for distributing content on-the-fly to a user for a limited purpose, such as distributing movie rentals or music downloads to customers on demand.
Someone on your team configured a Virtual Private Cloud with two public subnets in two separate AZs and two private subnets in two separate AZs. Each public subnet AZ has a matching private subnet AZ. The VPC and its subnets are properly configured. You also notice that there are multiple webserver instances in the private subnet, and you've been charged with setting up a public-facing Elastic Load Balancer which will accept requests from clients and distribute those requests to the webserver instances. How can you set this up? Choose the correct answer from the options below Please select : A. Select both of the private subnets which contain the webserver instances when configuring the ELB. B. Select both of the public subnets which contain the webserver instances when configuring the ELB. C. Select both of the public subnets when configuring the ELB. D. You can't. Webserver instances must be in public subnets in order for this to work.
C. Select both of the public subnets when configuring the ELB. When you create a load balancer in a VPC, you can make it an internal load balancer or an Internet-facing load balancer. You create an Internet-facing load balancer in a public subnet. Load balancers in EC2-Classic are always Internet-facing load balancers.
You successfully upload a new item to the US-STANDARD region. You then immediately make another API call and attempt to read the object. What will happen? Choose the correct answer from the options below Please select : A. US-STANDARD uses eventual consistency and it can take time for an object to be readable in a bucket, so you will receive an HTTP 404 error B. Objects in Amazon S3 do not become visible until they are replicated to a second region. You will receive an HTTP 404 error C. US-STANDARD has read-after-write consistency, so you will be able to retrieve the object immediately D. US-STANDARD imposes a 1 second delay before new objects are readable, but after that you will successfully retrieve the object
C. US-STANDARD has read-after-write consistency, so you will be able to retrieve the object immediately
What is the best method for maintaining application session state when using an Elastic Load Balancer? Choose the correct answer from the options below Please select : A. Enable Load Balancer Generated Cookie Stickiness B. Enable Application Generated Cookie Stickiness C. Use ElastiCache D. Disable Stickiness
C. Use ElastiCache Amazon ElastiCache is a web service that makes it easy to deploy and run Memcached or Redis protocol-compliant server nodes in the cloud. Amazon ElastiCache improves the performance of web applications by allowing you to retrieve information from a fast, managed, in-memory system, instead of relying entirely on slower disk-based databases. The service simplifies and offloads the management, monitoring and operation of in-memory environments, enabling your engineering resources to focus on developing applications. Using Amazon ElastiCache, you can not only improve load and response times to user actions and queries, but also reduce the cost associated with scaling web applications.
Since S3 object are stored lexicographically, by introducing "randomness" to your S3 names it helps S3 storage distribute the I/O load across more than one partition. Given the following examples, how could you add a hashed prefix to the naming convention to increase I/O performance? Choose the correct answer from the options below Please select : A. bucket/8761-2010-26-05-15-00-00/8761/myfolder234234/photo1.jpg B. 8761bucket/2010-26-05-15-00-00/myfolder234234/photo1.jpg C. bucket/8761-2010-26-05-15-00-00/myfolder234234/photo1.jpg D. bucket/2010-26-05-15-00-00/bucket/myfolder234234/photo1.jpg
C. bucket/8761-2010-26-05-15-00-00/myfolder234234/photo1.jpg One way to introduce randomness to key names is to add a hash string as prefix to the key name. For example, you can compute an MD5 hash of the character sequence that you plan to assign as the key name. From the hash, pick a specific number of characters, and add them as the prefix to the key name. An example is shown below examplebucket/232a-2013-26-05-15-00-00/cust1234234/photo1.jpg
What is the key feature of SWF? Choose the correct answer from the options below. Please select : A. attempts to deliver tasks/messages in order but does not guarantee delivery order B. does not guarantee delivery order of messages/tasks C. guarantees delivery order of messages/tasks D. can deliver tasks in order only if the developer programmatically instructs the application to do so
C. guarantees delivery order of messages/tasks One of the main differences between SWF and SQS is the guarantee of delivery of messages and tasks. Amazon SWF keeps track of all tasks and events in an application. Amazon SQS requires you to implement your own application-level tracking, especially if your application uses multiple queues.
Which of the following request headers, when specified in an API call, will cause an object to be SSE? Choose the correct answer from the options below Please select : A. AES256 B. amz-server-side-encryption C. x-amz-server-side-encryption D. server-side-encryption
C. x-amz-server-side-encryption Server-side encryption is about protecting data at rest. Server-side encryption with Amazon S3-managed encryption keys (SSE-S3) employs strong multi-factor encryption. Amazon S3 encrypts each object with a unique key. As an additional safeguard, it encrypts the key itself with a master key that it regularly rotates. Amazon S3 server-side encryption uses one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256), to encrypt your data. The object creation REST APIs (see Specifying Server-Side Encryption Using the REST API) provide a request header, x-amz-server-side-encryption that you can use to request server-side encryption.
You are providing AWS consulting services for a company developing a new mobile application that will be leveraging Amazon SNS Mobile Push for push notifications. In order to send direct notification messages to individual devices each device registration identifier or token needs to be registered with SNS; however the developers are not sure of the best way to do this. You advise them to: Bulk upload the device tokens contained in a CSV file via the AWS Management Console. Call the CreatePlatformEndPoint API function to register multiple device tokens. Let the push notification service (e.g. Amazon Device Messaging) handle the registration. Implement a token vending service to handle the registration.
Call the CreatePlatformEndPoint API function to register multiple device tokens. You can migrate existing tokens contained in a CSV file. The CSV file cannot be larger than 2MB. When migrating several tokens, it is recommended to use the CreatePlatformEndpoint API. Each of the tokens in the CSV file must be followed by a newline
When creation of an EBS snapshot is initiated, but not completed, the EBS volume: Can be used in read-only mode while the snapshot is in progress Can be used while the snapshot is in progress Cannot be detached or attached to an EC2 instance until the snapshot completes Can be used but there should be a delay in IO operations
Can be used while the snapshot is in progress Snapshots occur asynchronously; the point-in-time snapshot is created immediately, but the status of the snapshot is pending until the snapshot is complete (when all of the modified blocks have been transferred to Amazon S3), which can take several hours for large initial snapshots or subsequent snapshots where many blocks have changed. While it is completing, an in-progress snapshot is not affected by ongoing reads and writes to the volume.
You are creating a CloudFormation template in the Singapore region which will create an S3 website bucket. You have created a parameter "demo" which is used to store the name of your S3 bucket, and you are hoping to create output from your template which will list the URL of the S3 website. Which of the following Join statements will provide the URL of your S3 website? Choose a correct answer from the options below Please select : A. "Fn::Join" : ["", ["http://",{"Ref":"demo"},".s3",".amazonaws.com"]] B. "Fn::Join" : ["", ["http://",{"GetAtt":"demo"},".s3-bucket-","Singapore-1",".amazon.com"]] C. "Fn::Join" : ["", ["http://",{"GetAtt":"demo"},".s3-website-","ap-southeast-1",".amazonaws.com"]] D. "Fn::Join" : ["", ["http://",{"Ref":"demo"},".s3-website-",{"Ref":"AWS::Region"},".amazonaws.com"]]
D. "Fn::Join" : ["", ["http://",{"Ref":"demo"},".s3-website-",{"Ref":"AWS::Region"},".amazonaws.com"]] AWS CloudFormation provides several built-in functions that help you manage your stacks. Use intrinsic functions in your templates to assign values to properties that are not available until runtime. The website is then available at the region-specific website endpoint of the bucket: <bucket-name>.s3-website-<AWS-region>.amazonaws.com Hence Option A and B are wrong. Also you need to use the Ref function and not the GetAtt function hence Option C is wrong. For more information CloudFormation intrinsic functions on the please visit the below link:
A taxi company uses a mobile GPS application to track the location of each of their 60 cabs. The application records the taxi's location to a DynamoDB table every 6 seconds. Each transmission is just under 1 KB, and throughput is spread evenly within that minute. How many units of write capacity should you specify for this table? Choose a correct answer from the options below Please select : A. 6 B. 60 C. 600 D. 10
D. 10 Since we the item size is 1KB , hence if we near it the nearest 1KB , we get 1. And since we have 60 cabs it becomes 1*60 = 60 Since we have a sample every 6 seconds , per second it comes to 60/6 = 10
our items are 6KB in size and you want to have 100 strongly consistent reads per second. How many read capacity units do you need to provision? Choose the correct answer from the options below Please select : A. 50 B. 100 C. 80 D. 200
D. 200 Since each item is 6KB and if we near it to the nearest 4KB , we get 2. Since we need 100 strongly consistent , it becomes (100*2) = 200.
What is Amazon SQS max message size? Choose the correct answer from the options below Please select : A. 64KB B. 128KB C. 16 KB D. 256KB
D. 256KB
One unit of read capacity is ____ in size? Choose the correct answer from the options below Please select : A. 5 KB B. 3 KB C. 2 KB D. 4 KB
D. 4 KB
What is the primary difference between a global secondary index and a local secondary index? Choose the correct answer from the options below. Please select : A. A global secondary index has the same partition key as the primary key and the local secondary index has a different partition and sort key B. The global secondary index is not region specific C. There are no differences D. A local secondary index has the same partition key as the primary key and the global secondary index has a different partition and sort key
D. A local secondary index has the same partition key as the primary key and the global secondary index has a different partition and sort key Global secondary index — an index with a partition key and a sort key that can be different from those on the base table. A global secondary index is considered "global" because queries on the index can span all of the data in the base table, across all partitions. Local secondary index — an index that has the same partition key as the base table, but a different sort key. A local secondary index is "local" in the sense that every partition of a local secondary index is scoped to a base table partition that has the same partition key value.
What are some of the benefits of using AWS SWF? Choose the correct answer from the options below. Please select : A. Centralize the coordination of steps in the application. B. Automate workflows that include human tasks C. Manage the flow of work between application components D. All of the above
D. All of the above Amazon SWF can be used to address many challenges that arise while building applications with distributed components. For example, you can use Amazon SWF and the accompanying AWS Flow Framework for: Writing your applications as asynchronous programs using simple programming constructs that abstract details such as initiating tasks to run remotely and tracking the program's runtime state. Maintaining your application's execution state (e.g. which steps have completed, which ones are running, etc.). You do not have to use databases, custom systems, or ad hoc solutions to keep execution state. Communicating and managing the flow of work between your application components. With Amazon SWF, you do not need to design a messaging protocol or worry about lost and duplicated tasks. Centralizing the coordination of steps in your application. Your coordination logic does not have to be scattered across different components, but can be encapsulated in a single program. Integrating a range of programs and components, including legacy systems and 3rd party cloud services, into your applications. By allowing your application flexibility in where and in what combination the application components are deployed, Amazon SWF helps you gradually migrate application components from private data centers to public cloud infrastructure without disrupting the application availability or performance. Automating workflows that include long-running human tasks (e.g. approvals, reviews, investigations, etc.) Amazon SWF reliably tracks the status of processing steps that run up to several days or months.
What is one key difference between an Amazon EBS-backed and an instance-store backed instance? Choose the correct answer from the options below Please select : A. Instance-store backed instances can be stopped and restarted B. Auto scaling requires using Amazon EBS-backed instances C. Virtual Private Cloud requires EBS backed instances D. Amazon EBS-backed instances can be stopped and restarted
D. Amazon EBS-backed instances can be stopped and restarted
How many messages queues can be created in SQS? Choose the correct answer from the options below Please select : A. 50 B. 100 C. 200 D. Any number
D. Any number
Which API call would you use to attach an EBS volume to an EC2 instance? Choose a correct answer from the options below Please select : A. AttachInstanceVolume B. AttachVolumeInstance C. AttachEBSVolume D. AttachVolume
D. AttachVolume Attaches an EBS volume to a running or stopped instance and exposes it to the instance with the specified device name.
{ "AWSTemplateFormatVersion" : "2010-09-09", "Description" : "My CloudFormation Template", "Resources" : { "MyInstance" : { "Type" : "AWS::EC2::Instance", "Properties" : { "InstanceType" : "t2.micro", "ImageId" : "ami-030f4133", "NetworkInterfaces" : [{ "AssociatePublicIpAddress" : "true", "DeviceIndex" : "0", "DeleteOnTermination" : "true", "SubnetId" : "subnet-0c2c0855", "GroupSet" : ["sg-53a4e434"] } ] } } } Please select : A. Domain Controller B. Log collection server C. Database server D. Bastion host
D. Bastion host The bastion host needs a minimum configuration and a public IP address. The above cloudformation template best fits this.
You have reached your account limit for the number of CloudFormation stacks in a region. How do you increase your limit? Choose an answer from the options below Please select : A. Make an API call B. Change Limit Settings in AWS CloudFormation Console C. Cloudformation limit cannot be increased D. Contact AWS
D. Contact AWS There are no limits to the number of templates. Each AWS CloudFormation account is limited to max of 200 stacks. But more can be requested
"SNSTopic" : { "Type" : "AWS::SNS::Topic", "Properties" : { "Subscription" : [{ "Protocol" : "sqs", "Endpoint" : { "Fn::GetAtt" : [ "SQSQueue", "Arn" ] } }] } Please select : A. Creates an SNS topic which allows SQS subscription endpoints to be added as a parameter on the template B. Creates an SNS topic that allow SQS subscription endpoints C. Creates an SNS topic and then invokes the call to create an SQS queue with a logical resource name of SQSQueue D. Creates an SNS topic and adds a subscription ARN endpoint for the SQS resource created under the logical name SQSQueue
D. Creates an SNS topic and adds a subscription ARN endpoint for the SQS resource created under the logical name SQSQueue The intrinsic function Fn::GetAtt returns the value of an attribute from a resource in the template. This has nothing to do with adding parameters (Option A is wrong) or allowing endpoints (Option B is wrong) or invoking relevant calls (Option C is wrong)
Which API call is used to list all resources that belong to a CloudFormation Stack? Choose an answer from the options below Please select : A. GetTemplate B. DescribeStackResources C. describe-stacks D. ListStackResources
D. ListStackResources Returns descriptions of all resources of the specified stack. For deleted stacks, list-stack-resources returns resource information for up to 90 days after the stack has been deleted.
Which one of the following S3 error code does not have a corresponding HTTP 404 Status code? Choose a correct answer from the options below Please select : A. NoSuchBucket B. NoSuchUpload C. NoSuchVersion D. MissingSecurityHeader
D. MissingSecurityHeader MissignSecurityHeader is a 400 code not 404
How much data can be stored in S3? Choose the correct answer from the options below Please select : A. 500 TB B. 500 GB C. 5GB D. No limits to the amount of data
D. No limits to the amount of data
While working with the S3 API you receive the error message: 404 Not Found. What is the most likely cause for this error? Choose a correct answer from the options below Please select : A. AccessDenied B. BucketAlreadyExists C. NoSuchService D. NoSuchBucket
D. NoSuchBucket
You are writing an AWS CloudFormation Template to create a static S3 website configuration. The resources section of this template will be used for access control of the bucket and is defined in the 5th line of the below code snippet. What should the value of "AccessControl" be so that the owner of the bucket gets full control and all users get READ access only. "Resources" : { "S3Bucket" : { "Type" : "AWS::S3::Bucket", "Properties" : { "AccessControl" : "ANSWER TO THE QUESTION", "BucketName": { "Ref" : "BucketName" }, "WebsiteConfiguration" : { "IndexDocument" : "index.html", "ErrorDocument" : "error.html" } } } Please select : A. BucketOwnerRead B. BucketOwnerFullControl C. AuthenticatedRead D. PublicRead
D. PublicRead Since the question states that all users need read access, then by default we need to assign the public read permission For static website, it needs to be publicly readable only permissions for all users to access the site.
Your application utilizes Amazon S3 reduced redundancy storage and you have configured the s3:ReducedRedundancyLostObject notification on your Amazon S3 Bucket. What services might you use to create a "distributed" platform that replaces lost RRS objects on Amazon S3 automatically? Choose the correct answer from the options below Please select : A. SNS with an SMS subscription endpoint B. SNS with a website subscription endpoint as the worker instance C. SNS with subscription endpoints D. SNS with SQS subscription endpoint with a worker instance
D. SNS with SQS subscription endpoint with a worker instance Amazon Simple Queue Service (SQS) is a fast, reliable, scalable, fully managed message queuing service. Amazon SQS makes it simple and cost-effective to decouple the components of a cloud application. You can use Amazon SQS to transmit any volume of data, without losing messages or requiring other services to be always available.
You receive a call from a potential client who explains that one of the many services they offer is a website running on a t2.micro EC2 instance where users can submit requests for customized e-cards to be sent to their friends and family. The e-card website administrator was on a cruise and was shocked when he returned to the office in mid-January to find hundreds of angry emails complaining that customers' loved ones had not received their Christmas cards. He also had several emails from CloudWatch alerting him that the SQS queue for the e-card application had grown to over 500 messages on December 25th. You investigate and find that the problem was caused by a crashed EC2 instance which serves as an application server. What do you advise your client to do first? Choose the correct answer from the options below Please select : A. Use an autoscaling group to create as many application servers as needed to process all of the Christmas card SQS messages. B. Reboot the application server immediately so that it begins processing the Christmas card SQS messages. C. Redeploy the application server as a larger instance type so that it can process the Christmas card SQS messages faster. D. Send an apology to the customers notifying them that their cards will not be delivered.
D. Send an apology to the customers notifying them that their cards will not be delivered. Maximum retention period for SQS messages is 14 days.
You have an EBS root device on /dev/sda1 on one of your EC2 instances. You are having trouble with this particular instance and you want to either Stop/Start, Reboot or Terminate the instance but you do NOT want to lose any data that you have stored on /dev/sda1. Hence you are unsure as to what would be best and if you will lose this data using any of these methods to change your instance state. Which of the below statements best describes the effect each change of instance state would have on the data you have stored on /dev/sda1? Choose the correct answer from the options below Please select : A. Whether you stop/start, reboot or terminate the instance it does not matter because data on an EBS volume is not ephemeral and the data will not be lost regardless of what method is used. B. Whether you stop/start, reboot or terminate the instance it does not matter because data on an EBS volume is ephemeral and it will be lost no matter what method is used. C. If you stop/start the instance the data will not be lost. However if you either terminate or reboot the instance the data will be lost. D. The data in an instance store is not permanent - it persists only during the lifetime of the instance. The data will be lost if you terminate the instance, however the data will remain on /dev/sda1 if you reboot or stop/start the instance because data on an EBS volume is not ephemeral.
D. The data in an instance store is not permanent - it persists only during the lifetime of the instance. The data will be lost if you terminate the instance, however the data will remain on /dev/sda1 if you reboot or stop/start the instance because data on an EBS volume is not ephemeral.
Which of the following is true if long polling is enabled? Choose the correct answer from the options below Please select : A. If long polling is enabled, then each poll only polls a subset of SQS servers; in order for all messages to be received, polling must continuously occur B. Increases costs because each request lasts longer C. The reader will listen to the queue until timeout D. The reader will listen to the queue until a message is available or until timeout
D. The reader will listen to the queue until a message is available or until timeout Amazon SQS long polling is a way to retrieve messages from your Amazon SQS queues. While the regular short polling returns immediately, even if the message queue being polled is empty, long polling doesn't return a response until a message arrives in the message queue, or the long poll times out. Long polling makes it inexpensive to retrieve messages from your Amazon SQS queue as soon as the messages are available. Using long polling might reduce the cost of using SQS, because you can reduce the number of empty receives
You are creating several DynamoDB tables for a new project. While doing so, you receive the error message, "LimitExceededException." You are well below the maximum number of tables per account and there is no read or write activity on the tables yet. Why have you received this error? Choose a correct answer from the options below Please select : A. You attempted to create global indexes at the same time you created the tables B. You attempted to create local indexes at the same time you created the tables C. You failed to pre-warm the tables D. You attempted to create more than one table with a secondary index at a time
D. You attempted to create more than one table with a secondary index at a time There are too many concurrent control plane operations. The cumulative number of tables and indexes in the CREATING, DELETING or UPDATING state cannot exceed 10.
EC2 instances are launched from Amazon Machine Images (AMIs). Which of the below options are true for a given public AMI. Please select : A. can only be used to launch EC2 instances in the same AWS availability zone as the AMI is stored B. can only be used to launch EC2 instances in the same country as the AMI is stored C. can be used to launch EC2 instances in any AWS region D. can only be used to launch EC2 instances in the same AWS region as the AMI is stored
D. can only be used to launch EC2 instances in the same AWS region as the AMI is stored AMI's can only be shared within a region. To make them available across regions , you need to copy them across regions. You can copy an Amazon Machine Image (AMI) within or across an AWS region using the AWS Management Console, the AWS command line tools or SDKs, or the Amazon EC2 API, all of which support the CopyImageaction. You can copy both Amazon EBS-backed AMIs and instance store-backed AMIs. You can copy AMIs with encrypted snapshots and encrypted AMIs.
What would you set in your CloudFormation template to fire up different instance sizes based off of environment type? i.e. (If this is for prod, use m1.large instead of t1.micro) Choose a correct answer from the options below Please select : A. Outputs B. Resources C. Mappings D. conditions
D. conditions The optional Conditions section includes statements that define when a resource is created or when a property is defined. For example, you can compare whether a value is equal to another value. Based on the result of that condition, you can conditionally create resources. If you have multiple conditions, separate them with commas.
What result would you expect from the Fn::Join function in the following line in a CloudFormation template? Choose an answer from the options below "Fn::Join" : [ "/", [ "list-a","list-b","list-c"] ] Please select : A. lista-listb-listc B. list-c/list-b/list-a C. list-a:list-b:list-c D. list-a/list-b/list-c
D. list-a/list-b/list-c The intrinsic function Fn::Join appends a set of values into a single value, separated by the specified delimiter. If a delimiter is the empty string, the set of values are concatenated with no delimiter.
A user is trying to configure access with S3. Which of the following options is not possible to provide access to the S3 bucket / object? Define the policy for the IAM user Define the policy for the bucket Define the ACL for the object Define the policy for the object
Define the policy for the object Amazon S3 offers access policy options broadly categorized as resource-based policies and user policies. Access policies, such as ACL and resource policy can be attached to the bucket. Withthe object the user can only have ACL and not an object policy. The user can also attach access policies to the IAM users in the account. These are called user policies
Which API would you use to get information(status, primary key schema, indexes) about the table with Amazon DynamoDB? DetailsTable DescTable GetTableMetaData DescribeTable
DescribeTable
Which statements about DynamoDB are true? Choose 2 answers DynamoDB restricts item access during writes DynamoDB uses conditional writes for consistency DynamoDB restricts item access during reads DynamoDB uses optimistic concurrency control DynamoDB uses a pessimistic locking model
DynamoDB uses conditional writes for consistency DynamoDB uses optimistic concurrency control
A root account owner is trying to setup an additional level of security for all his IAM users. Which of the below mentioned options is a recommended solution for the account owner? Enable MFA for the root account Enable access key and secret access key for all the IAM users Enable MFA for all IAM users Enable the password for all the IAM users
Enable MFA for all IAM users Multi-Factor Authentication adds an extra level of security for all the users. The user can enable MFA for all IAM users which ensures that each user has to provide an extra six digit code for authentication
When Auto Scaling is launching a new instance based on condition, which of the below mentioned policies will it follow? Launch an instance which has the highest load distribution Launch an instance in the AZ with the fewest instances Based on the criteria defined with cross zone Load balancing Launch an instance in the AZ which has the highest instances
Launch an instance in the AZ with the fewest instances Auto Scaling attempts to distribute instances evenly between the Availability Zones that are enabled for the user's Auto Scaling group. Auto Scaling does this by attempting to launch new instances in the Availability Zone with the fewest instances.
What happens, by default, when one of the resources in a CloudFormation stack cannot be created? Previously-created resources are deleted and the stack creation terminates. CloudFormation templates are parsed in advance so stack creation is guaranteed to succeed. Previously-created resources are kept but the stack creation terminates. The stack creation continues, and the final results indicate which steps failed.
Previously-created resources are deleted and the stack creation terminates. By default, the "automatic rollback on error" feature is enabled. This will cause all AWS resources that AWS CloudFormation created successfully for a stack up to the point where an error occurred to be deleted. This is useful when, for example, you accidentally exceed your default limit of Elastic IP addresses, or you don't have access to an EC2 AMI you're trying to run. This feature enables you to rely on the fact that stacks are either fully created, or not at all, which simplifies system administration and layered solutions built on top of AWS CloudFormation.
All Amazon EC2 instances are assigned two IP addresses at launch, out of which one can only be reached from within the Amazon EC2 network? Multiple IP address Elastic IP Address Private IP address Public IP address
Private IP address Private IPv4 addresses (also referred to as private IP addresses in this topic) are not reachable over the Internet, and can be used for communication between the instances in your VPC. When you launch an instance into a VPC, a primary private IP address from the IPv4 address range of the subnet is assigned to the default network interface (eth0) of the instance. Each instance is also given a private (internal) DNS hostname that resolves to the private IP address of the instance. If you don't specify a primary private IP address, we select an available IP address in the subnet range for you. You can assign additional private IP addresses, known as secondary private IP addresses, to instances that are running in a VPC. Unlike a primary private IP address, you can reassign a secondary private IP address from one network interface to another. A private IP address remains associated with the network interface when the instance is stopped and restarted, and is released when the instance is terminated
What does the following command do with respect to the Amazon EC2 security groups? ec2-revoke RevokeSecurityGroupIngress Removes a security group from our account. Removes one or more rules from a security group. Removes one or more security groups from an Amazon EC2 instance. Removes one or more security groups from a rule.
Removes one or more rules from a security group. Removes one or more ingress rules from a security group. The values that you specify in the revoke request (for example, ports) must match the existing rule's values for the rule to be removed. Each rule consists of the protocol and the CIDR range or source security group. For the TCP and UDP protocols, you must also specify the destination port or range of ports. For the ICMP protocol, you must also specify the ICMP type and code.
You are inserting 1000 new items every second in a DynamoDB table. Once an hour these items are analyzed and then are no longer needed. You need to minimize provisioned throughput, storage, and API calls. Given these requirements, what is the most efficient way to manage these Items after the analysis? Delete the table and create a new table per hour Delete items individually over a 24 hour period Retain the items in a single table Create a new table per hour
Retain the items in a single table
You have been asked to propose a multi-region deployment of a web-facing application where a controlled portion of your traffic is being processed by an alternate region. Which configuration would achieve that goal? Auto Scaling with scheduled scaling actions set Route53 record sets with weighted routing policy Route53 record sets with latency based routing policy Elastic Load Balancing with health checks enabled
Route53 record sets with weighted routing policy
A user has enabled server side encryption with S3. The user downloads the encrypted object from S3. How can the user decrypt it? S3 does not support server side encryption S3 provides a server side key to decrypt the object S3 manages encryption and decryption automatically The user needs to decrypt the object using their own private key
S3 manages encryption and decryption automatically
When using a large Scan operation in DynamoDB, what technique can be used to minimize the impact of a scan on a table's provisioned throughput? Define a range index on the table Prewarm the table by updating all items Use parallel scans Set a smaller page size for the scan
Set a smaller page size for the scan A parallel scan with a large number of workers can easily consume all of the provisioned throughput for the table or index being scanned. It is best to avoid such scans if the table or index is also incurring heavy read or write activity from other applications. To control the amount of data returned per request, use the Limit parameter. This can help prevent situations where one worker consumes all of the provisioned throughput, at the expense of all other workers. For more information, see "Reduce Page Size" in Avoid Sudden Bursts of Read Activity.
You need to configure an Amazon S3 bucket to serve static assets for your public-facing web application. Which methods ensure that all objects uploaded to the bucket are set to public read? Choose 2 answers Set permissions on the object to public read during upload Configure the bucket ACL to set all objects to public read Use AWS Identity and Access Management roles to set the bucket to public read Configure the bucket policy to set all objects to public read Amazon S3 objects default to public read, so no action is needed
Set permissions on the object to public read during upload Configure the bucket policy to set all objects to public read You can use ACLs to grant permissions to individual AWS accounts; however, it is strongly recommended that you do not grant public access to your bucket using an ACL. So the recommended approach is create bucket policy, but not ACL. You must grant read permission on the specific objects to make them publicly accessible so that your users can view them on your website. You make objects publicly readable by using either the object ACL or by writing a bucket policy
Company XYZ provides an online image recognition service and utilizes SQS to decouple system components for scalability. The SQS consumers poll the imaging queue as often as possible to keep end-to-end throughput as high as possible. However, Company XYZ is realizing that polling in tight loops is burning CPU cycles and increasing costs with empty responses. How can Company XYZ reduce the number of empty responses? Set the Imaging queue ReceiveMessageWaitTimeSeconds attribute to 20 seconds Set the DelaySeconds parameter of a message to 20 seconds Set the imaging queue visibility Timeout attribute to 20 seconds Set the imaging queue MessageRetentionPeriod attribute to 20 seconds
Set the Imaging queue ReceiveMessageWaitTimeSeconds attribute to 20 seconds There are three different API action calls you can use to enable long polling in Amazon SQS, ReceiveMessage, CreateQueue, and SetQueueAttributes. For ReceiveMessage, you configure the WaitTimeSeconds parameter, and for CreateQueue and SetQueueAttributes, you configure the ReceiveMessageWaitTimeSeconds attribute.
Regarding Amazon SQS, what happens if there is no activity against a queue for more than 30 consecutive days? The queue may be deleted Your account will be suspended Nothing The queue will be deleted
The queue will be deleted AWS reserve the right to delete a queue if none of the following requests have been issued against the queue for more than 30 consecutive days: SendMessage ReceiveMessage DeIeteMessage GetQueueAttributes SetQueueAttributes
ompany XYZ is currently hosting their corporate site in an Amazon S3 bucket with Static Website Hosting enabled. Currently, when visitors go to thecertschool.com the index.html page is returned. Company XYZ now would like a new page welcome.html to be returned when a visitor enters thecertschool.com in the browser. Which of the following steps will allow Company XYZ to meet this requirement? Choose 2 answers Upload an html page named welcome.html to their S3 bucket Create a welcome subfolder in their S3 bucket Set the Error Document property to welcome.html Move the index.html page to a welcome subfolder Set the Index Document property to welcome.html
Upload an html page named welcome.html to their S3 bucket Set the Index Document property to welcome.html To upload an index document 1.Create a document. The file name must be same as the name that you provided for the index document earlier. 2.Using the console, upload the index document to your bucket.
An organization has 10000 employees. The organization wants to give restricted AWS access to each employee. How can the organization achieve this? Use STS and create the users' run time Create an IAM user for each employee and make them a part of the group It is not recommended to support 10000 users with IAM Use Identity federation with SSO
Use Identity federation with SSO Identity federation enables users from an existing directory to access resources within your AWS account, making it easier to manage your users by maintaining their identities in a single place. In this case, the federated user is the only solution since AWS does not allow creating more than 5000 IAM users.
Which header received at the EC2 instance identifies the port used by the client while requesting ELB? X-Requested-Proto X-Forwarded-Proto X-Requested-Port X-Forwarded-Port
X-Forwarded-Port The X-Forwarded-Port request header helps the user identify the port used by the client while sending a request to ELB
Is it possible to create an S3 bucket accessible only by a certain IAM user, using policies in a CloudFormation template? No, you can only create the S3 bucket but not the IAM user S3 is not supported by CIoudFormation Yes, all these resources can be created using a CIoudFormation template No, in the same template you can only create the S3 bucket and the relative policy.
Yes, all these resources can be created using a CIoudFormation template With AWS Identity and Access Management (IAM), you can create IAM users to control who has access to which resources in your AWS account. You can use IAM with AWS CIoudFormation to control what AWS CIoudFormation actions users can perform, such as view stack templates, create stacks, or delete stacks. In addition to AWS CIoudFormation actions, you can manage what AWS services and resources are available to each user.
How do you configure SQS to support longer message retention? Set the lVIessageRetentionPeriod attribute using the SetQueueAttributes method You need to request it from AWS Using a Lambda function You can't. It is set to 14 days and cannot be changed
You can't. It is set to 14 days and cannot be changed
You are writing to a DynamoDB table and receive the following exception:"ProvisionedThroughputExceededException". though according to your Cloudwatch metrics for the table, you are not exceeding your provisioned throughput. What could be an explanation for this? You're exceeding your capacity on a particular Hash Key You're exceeding your capacity on a particular Range Key You haven't provisioned enough DynamoDB storage instances You're exceeding your capacity on a particular Sort Key You haven't configured DynamoDB Auto Scaling triggers
You're exceeding your capacity on a particular Hash Key ProvisionedThroughputExceededException Message: You exceeded your maximum allowed provisioned throughput for a table or for one or more global secondary indexes. To view performance metrics for provisioned throughput vs. consumed throughput
AWS Elastic Beanstalk will change the health status of a web server environment tier to grey colour when: Your application hasn't responded to the application health check URL within the last one hour Your application hasn't responded to the application health check URL within the last five minutes. AWS Elastic Beanstalk detects other problems with the environment that are known to make the application unavailable Your application's health status is unknown because status is reported when the application is not in the ready state.
Your application's health status is unknown because status is reported when the application is not in the ready state.
EC2 instances are launched from Amazon Machine images (AMIS). A given public AMI can: only be used to launch EC2 instances in the same AWS availability zone as the AMI is stored be used to launch EC2 Instances in any AWS region only be used to launch EC2 instances in the same country as the AMI is stored only be used to launch EC2 instances in the same AWS region as the AMI is stored.
only be used to launch EC2 instances in the same AWS region as the AMI is stored. AMIs are a regional resource. Therefore, sharing an AMI makes it available in that region. To make an AMI available in a different region, copy the AMI to the region and then share it
The user has configured Auto Scaling based on the dynamic policy. Which of the following is not the right command to specify a change in capacity as a part of the policy? "adjustment=3" (type is ExactCapacity) "adjustment=-8" (type is ExactCapacity) "adjustment=-50" (type is PercentChangeInCapacity) "adjustment=-1" (type is ChangeInCapacity)
"adjustment=-8" (type is ExactCapacity) The user can configure the Auto Scaling group to automatically scale up and then scale down based on the various specified CIoudWatch monitoring conditions. The user needs to provide the adjustment value and the adjustment type. A positive adjustment value increases the current capacity and a negative adjustment value decreases the current capacity. The user can express the change to the current size as an absolute number, an increment or as a percentage of the current group size. In this option specifying the exact capacity with the adjustment value = -8 will not work as when type is exact capacity the adjustment value cannot be negative.
What is the maximum number of tags that a user can assign to an EC2 instance? 5 10 25 50
10
Which of these CloudFormation snippets of code will return an address that can be used to access our application from our browser if we're using a resource type of AWS::ElasticLoadBalancing::LoadBalancer with Logical ID "ElasticLoadBalancer"? Choose an answer from the options below Please select : A. "Fn::Join" : [ "", [ "http://", { "Fn::GetAtt" : [ "ElasticLoadBalancer", "DNSName" ]}]] B. "Fn::Join" : [ "", [ "http://", { "Ref" : ["ElasticLoadBalancer" }]] C. "Fn::Join" : [ "http://", [ ".", { "Fn::GetAtt" : [ "ElasticLoadBalancer", "DNSName" ]}]] D. "Fn::Join" : [ "", [ "http://", { "Fn::GetAtt" : [ "ElasticLoadBalancer", "URL" ]}]]
A . "Fn::Join" : [ "", [ "http://", { "Fn::GetAtt" : [ "ElasticLoadBalancer", "DNSName" ]}]] We have to use the Fn::GetAtt to get the DNSName of the Elastic load balancer. Hence option B and D are wrong. Then we don't need any delimiter, hence Option C is wrong.
Regarding the evaluation logic when managing Access to Your Amazon SNS Topics, the following things can be stated. The goal at evaluation time is to decide whether a given request should be allowed or denied. The evaluation logic follows several basic rules: - By default, all requests to use your resource coming from anyone but you are denied - An allow overrides any default denies - An explicit deny overrides any allows - The order in which the policies are evaluated is not important - A policy results in a default deny if it doesn't directly apply to the request. Keeping the above in mind, what will be the policy result, if a user requests to use Amazon SNS, but the policy on the topic doesn't refer to the user's AWS account at all? Please select : A. A default deny B. An explicit deny C. An allow D. An explicit allow
A. A default deny
Elastic Load Balancing uses what technologies for request routing? Choose the 2 correct answer from the options below Please select : A. DNS B. Route 53 C. RDS D. EC2
A. DNS B. Route 53 When you use ELB, you are given a DNS host name - any request sent to this host name are delegated to a pool of Amazon EC2 instances. Route 53 is Amazon's DNS service that handles DNS on the backend.
Which of the following bucket names is invalid? Choose 2 correct answer from the options below Please select : A. Demo.com B. demo-com C. demo.com D. .demo.com
A. Demo.com D. .demo.com Below are the naming conventions for S3 buckets The bucket name can be between 3 and 63 characters long, and can contain only lower-case characters, numbers, periods, and dashes. Each label in the bucket name must start with a lowercase letter or number. The bucket name cannot contain underscores, end with a dash, have consecutive periods, or use dashes adjacent to periods. The bucket name cannot be formatted as an IP address (198.51.100.24).
You can define up to 5 local secondary indexes and 5 global secondary indexes per table. How can you increase your DynamoDB secondary indexes limit in a region? Please select : A. DynamoDB does not allow secondary index limit increase B. By contacting AWS and requesting a limit increase C. By calling the UpdateLimit API call D. DynamoDB can't increase secondary index limit, so you increase it by writing code that uses multiple regions
A. DynamoDB does not allow secondary index limit increase
Which of the following can be increased by contacting AWS? Choose 2 correct answer from the options below Please select : A. DynamoDB tables per account B. DynamoDB secondary indexes per table C. S3 buckets per account D. S3 buckets per region
A. DynamoDB tables per account C. S3 buckets per account
The following code snippet is the resources section of a CloudFormation template that you have written. "Resources" : { "EC2Instance" : { "Type" : "AWS::EC2::Instance", "Properties" : { "InstanceType" : { "Ref" : "InstanceType" }, "SecurityGroups" : [ { "Ref" : "InstanceSecurityGroup" } ], "KeyName" : { "Ref" : "KeyName" }, "ImageId" : { "Fn::FindInMap" : [ "AWSRegionArch2AMI", { "Ref" : "AWS::Region" }, { "Fn::FindInMap" : [ "AWSInstanceType2Arch", { "Ref" : "InstanceType" }, "Arch" ] } ] } } }, You have used the reference function to define your instance type as follows. "InstanceType" : { "Ref" : "InstanceType" }, The referencing function is referencing the instance type. Where is this value most likely coming from? Please select : A. From the parameters section of your CloudFormation template. B. From the mappings section of your CloudFormation template. C. From the second line of this resources section. D. From the conditions section of your CloudFormation template.
A. From the parameters section of your CloudFormation template. The Instance type is mostly coming from the parameters section. Within the same template, you can use the Ref intrinsic function to specify the parameter value in other parts of the template. The following snippet uses the InstanceTypeParameter parameter to specify the instance type for an EC2 instance resource
In regards to their data consistency model, AWS states that "Amazon S3 buckets in all Regions provide read-after-write consistency for PUTS of new objects and eventual consistency for overwrite PUTS and DELETES." What does AWS actually mean when they say Read-after-write consistency for PUTS of new objects? Choose the correct answer from the options below Please select : A. If you write a new key to S3, you will be able to retrieve any object immediately afterwards. Also, any newly created object or file will be visible immediately, without any delay. B. If you write a new key to S3, a subsequent read might return the old data or the updated data. Your applications should be built with this uncertainty in mind. C. If you write a new key to S3, it may write corrupted or partial data. D. You cannot write a new key to S3 unless there has been a read done prior to the write
A. If you write a new key to S3, you will be able to retrieve any object immediately afterwards. Also, any newly created object or file will be visible immediately, without any delay.
You have an EC2 instance deployed with an IAM role with write access permissions to an SQS queue. The instance is attempting to write a 512 KB message to an SQS queue. What will the result of this attempt be? Choose the correct answer from the options below Please select : A. It will fail because it is greater than the 256 KB limit for SQS messages. B. It will fail because SQS requires the EC2 instance to use API keys with permissions to write to the queue. C. It will succeed as a single message request. D. It will succeed but be considered as 8 message requests because SQS measures message requests in 64 KB chunks.
A. It will fail because it is greater than the 256 KB limit for SQS messages.
You're using CloudFormation templates to build out staging environments. What section of the CloudFormation would you edit in order to allow the user to specify the PEM key-name at start time? Choose a correct answer from the options below Please select : A. Parameters Section B. Declaration Section C. Mappings Section D. Resources Section
A. Parameters Section You can use the optional Parameters section to pass values into your template when you create a stack. With parameters, you can create templates that are customized each time you create a stack. Each parameter must contain a value when you create a stack. You can specify a default value to make the parameter optional so that you don't need to pass in a value when creating a stack.
What is the default behavior of a CloudFormation stack if creation fails? Choose the correct answers from the options below Please select : A. Rollback B. Delete C. Undo D. None of the above; the stack continues creating and the failed resource is ignored
A. Rollback By default, the "automatic rollback on error" feature is enabled. This will cause all AWS resources that AWS CloudFormation created successfully for a stack up to the point where an error occurred to be deleted. This is useful when, for example, you accidentally exceed your default limit of Elastic IP addresses, or you don't have access to an EC2 AMI you're trying to run. This feature enables you to rely on the fact that stacks are either fully created, or not at all, which simplifies system administration and layered solutions built on top of AWS CloudFormation.
Which of the following cannot be used inside a CloudFormation template? Choose a correct answer from the options below Please select : A. Ruby statements B. Parameters C. Intrinsic function D. Regular expression
A. Ruby statements Parameters - Specifies values that you can pass in to your template at runtime (when you create or update a stack). You can refer to parameters in the Resources and Outputs sections of the template.
Which of the following datatypes can be indexed in DynamoDB. Choose 3 answers from the options given below Please select : A. String B. Number C. List D. Boolean Feedback Your answer is correct.
A. String B. Number D. Boolean
What are the consistency models available for Local Secondary Indexes in DynamoDB? Choose 2 answers from the options given below Please select : A. Strong consistent reads B. Primary reads C. Secondary reads D. Eventual consistent reads
A. Strong consistent reads D. Eventual consistent reads
Describe the process of registering a mobile device with SNS push notification service using GCM. Choose the correct answer from the options below Please select : A. Submit GCM notification credentials to Amazon SNS, then receive the Registration ID for each mobile device. After that, pass the device token to SNS, and SNS then creates a mobile subscription endpoint for each device and communicates with the GCM service on your behalf B. Pass device token to SNS to create mobile subscription endpoint for each mobile device, then request the device token from each mobile device. SNS then communicates on your behalf to the GCM service C. Receive Registration ID and token for each mobile device. Then, register the mobile application with Amazon SNS, and pass the GCM token credentials to Amazon SNS D. None of the above
A. Submit GCM notification credentials to Amazon SNS, then receive the Registration ID for each mobile device. For Amazon SNS to send notification messages to mobile endpoints, whether it is direct or with subscriptions to a topic, you first need to register the app with AWS. To register your mobile app with AWS, enter a name to represent your app, select the platform that will be supported, and provide your credentials for the notification service platform. After the app is registered with AWS, the next step is to create an endpoint for the app and mobile device. The endpoint is then used by Amazon SNS for sending notification messages to the app and device.
You have developed an application that sends an Amazon SNS message to a topic whenever an order is placed for one of your products on an online store you have just created. Any Amazon SQS queues that are subscribed to that topic would receive identical notifications when a new order is placed. This method of message deliver is called the "fanout" scenario. Which of the below descriptions is the closest in describing the common attributes of this scenario? Choose the correct answer from the options below Please select : A. The Amazon SNS message is sent to a topic and then replicated and pushed to multiple Amazon SQS queues, HTTP endpoints, or email addresses, which allows for parallel asynchronous processing. B. It enables you to send messages directly to mobile apps, HTTP endpoints, or email addresses, which allows for parallel synchronous processing. C. The Amazon SNS message is sent to a topic and then replicated and pushed to multiple Amazon SQS queues, HTTP endpoints, or email addresses, which allows for parallel synchronous processing. D. The application and system alerts are notifications, triggered by predefined thresholds, sent to specified users by SMS and/or email.
A. The Amazon SNS message is sent to a topic and then replicated and pushed to multiple Amazon SQS queues, The Amazon Simple Queue Service (SQS) and the Amazon Simple Notification Service (SNS) are important "glue" components for scalable, cloud-based applications (see the Reference Architectures in the AWS Architecture Center to learn more about how to put them to use in your own applications). One common design pattern is called "fanout." In this pattern, a message published to an SNS topic is distributed to a number of SQS queues in parallel. By using this pattern, you can build applications that take advantage parallel, asynchronous processing
If you're executing .Net code against AWS on an EC2 instance that is assigned an IAM role, which of the following is a true statement? Choose the correct answer from the options below Please select : A. The code will assume the same permissions as the IAM role B. The code must have AWS access keys in order to execute C. Only .Net code can assume IAM roles D. None of the above
A. The code will assume the same permissions as the IAM role
Which of the following will not make a CloudFormation stack deployment to 'rollback'? Choose a correct answer from the options below. Please select : A. The template contains invalid JSON syntax B. A subnet specified in the template does not exist C. An AMI specified in the template exists in a different region than the one in which the stack is being deployed. D. The template specifies an instance-store backed AMI and an incompatible EC2 instance type.
A. The template contains invalid JSON syntax If a template contains invalid JSON , then it will not even continue with the stack deployment.
What is the default limit for CloudFormation templates per region? Choose the correct answer from the options below Please select : A. There are no limits to the number of templates B. 200 C. 20 D. 40
A. There are no limits to the number of templates Only a limit on stacks
A global secondary index is an index with a hash and range key that can be different from those on the table. Choose a correct answer from the options below Please select : A. True B. False
A. True
AMIs can be shared to individual AWS accounts. Choose the correct answer from the options below Please select : A. True B. False
A. True
Can Cloudformation be used with Chef and Puppet? Choose the correct answer from the options below Please select : A. True B. False
A. True
Is SQS PCI DSS certified? Choose the correct answer from the options below Please select : A. True B. False
A. True
One DynamoDB read capacity unit represents one strongly consistent read per second, for an item up to 4 KB in size. Choose the correct answer from the options below. Please select : A. True B. False
A. True
AWS CloudFormation provides a set of Python helper scripts that you can use to install software and start services on an Amazon EC2 instance in your stack. You can call the helper scripts directly from your template. Choose an answer from the options below. Please select : A. True B. False
A. True AWS CloudFormation provides a set of Python helper scripts that you can use to install software and start services on an Amazon EC2 instance that you create as part of your stack. You can call the helper scripts directly from your template. The scripts work in conjunction with resource metadata that you define in the same template. The helper scripts run on the Amazon EC2 instance as part of the stack creation process.
A DynamoDB item is a collection of name and value attributes. Choose a correct answer from the options below Please select : A. True B. False
A. True In DynamoDB, an item is a collection of attributes. Each attribute has a name and a value. An attribute value can be a scalar, a set, or a document type.
Multi-part upload API allows you to stop and resume uploads. Choose a correct answer from the options below Please select : A. True B. False
A. True Using multipart upload provides the following advantages: Improved throughput—You can upload parts in parallel to improve throughput. Quick recovery from any network issues—Smaller part size minimizes the impact of restarting a failed upload due to a network error. Pause and resume object uploads—You can upload object parts over time. Once you initiate a multipart upload there is no expiry; you must explicitly complete or abort the multipart upload. Begin an upload before you know the final object size—You can upload an object as you are creating it.
Can software's be installed at stack creation process in Cloudformation? Choose the correct answers from the options below Please select : A. True B. False
A. True AWS CloudFormation provides a set of application bootstrapping scripts that enable you to install packages, files, and services on your EC2 instances by simply describing them in your CloudFormation template
In DynamoDB, an atomic counter allows all write requests to be applied in the order they are received by incrementing or decrementing the attribute value. Please select : A. True B. False
A. True DynamoDB supports atomic counters, where you use the UpdateItem operation to increment or decrement the value of an existing attribute without interfering with other write requests. (All write requests are applied in the order in which they were received.) For example, a web application might want to maintain a counter per visitor to their site. In this case, the application would need to increment this counter regardless of its current value.
True or False: A core benefit of using a SQS subscription endpoint with Amazon SNS is that SQS Messages can be delivered to applications that require immediate notification of an event and messages are also persistent in an Amazon SQS queue for other applications to process later in time (considering the SQS limitation on how long the messages can be stored in SQS queue). Please select : A. True B. False
A. True The Amazon Simple Queue Service (SQS) and the Amazon Simple Notification Service (SNS) are important "glue" components for scalable, cloud-based applications (see the Reference Architectures in the AWS Architecture Center to learn more about how to put them to use in your own applications). One common design pattern is called "fanout." In this pattern, a message published to an SNS topic is distributed to a number of SQS queues in parallel. By using this pattern, you can build applications that take advantage parallel, asynchronous processing
An IAM role, when assigned to an EC2 instance, will allow code to be executed on that instance without API access keys. Choose the correct answer from the options below Please select : A. True B. False
A. True The best practise for IAM is to create roles which has specific access to an AWS service and then give the user permission to the AWS service via the role.
All operations on elastic IP addresses can be performed programmatically through the API, or manually from the AWS Management Console. Choose the correct answer from the options below Please select : A. True B. False
A. True To allocate an Elastic IP address for use in EC2-VPC using the console Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/. In the navigation pane, choose Elastic IPs. Choose Allocate new address. (EC2-Classic accounts) Choose VPC, and then choose Allocate. Close the confirmation screen. (VPC-only accounts) Choose Allocate, and close the confirmation screen. To allocate via the CLI use the command - allocate-address
Buckets can contain both encrypted and non-encrypted objects. Choose the correct answer from the options below Please select : A. True B. False
A. True When objects are uploaded to S3 , they can either be encrypted or non-encrypted. There are various ways to encrypt objects is S3. Use Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3) - Each object is encrypted with a unique key employing strong multi-factor encryption. As an additional safeguard, it encrypts the key itself with a master key that it regularly rotates. Amazon S3 server-side encryption uses one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256), to encrypt your data. Use Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS) - Similar to SSE-S3, but with some additional benefits along with some additional charges for using this service. There are separate permissions for the use of an envelope key (that is, a key that protects your data's encryption key) that provides added protection against unauthorized access of your objects in S3. SSE-KMS also provides you with an audit trail of when your key was used and by whom. Additionally, you have the option to create and manage encryption keys yourself, or use a default key that is unique to you, the service you're using, and the region you're working in. Use Server-Side Encryption with Customer-Provided Keys (SSE-C) - You manage the encryption keys and Amazon S3 manages the encryption, as it writes to disks, and decryption, when you access your objects.
You are having trouble maintaining session states on some of your applications that are using an Elastic Load Balancer(ELB). As well as that there does not seem to be an even distribution of sessions across your ELB. To overcome this problem which of the following is the recommended method by AWS to try and rectify the issues that you are having? Choose the correct answer from the options below Please select : A. Use ElastiCache, which is a web service that makes it easy to set up, manage, and scale a distributed in-memory cache environment in the cloud. B. Use a special cookie to track the instance for each request to each listener. When the load balancer receives a request, it will then check to see if this cookie is present in the request. C. Use the sticky session feature (also known as session affinity), which enables the load balancer to bind a user's session to a specific instance. This ensures that all requests from the user during the session are sent to the same instance. D. If your application does not have its own session cookie, then you can configure Elastic Load Balancing to create a session cookie by specifying your own stickiness duration.
A. Use ElastiCache, which is a web service that makes it easy to set up, manage, and scale a distributed in-memory cache environment in the cloud. Answer A suggests use of AWS Elasticache which is an in-memory key-value store. This is required for improving session management. All other answers suggest use of sticky sessions. The scenario described here needs to avoid non-even distribution of sessions across ELB which most probably is a result of ELB sticky sessions. Under sticky sessions, ELB must send every request from a specific user to the same web server. This greatly limits elasticity. First, the ELB cannot distribute traffic evenly, often sending a disproportionate amount of traffic to one server. Second, auto scaling cannot terminate web servers without losing some user's session state. The suggested solution is to use an external in-memory cache like Elasticache to store transient session data. It can further improve application performance by storing critical pieces of data in memory for low-latency access. By moving the session state to a central location, all the web servers can share a single copy of session state. This allows ELB to send requests to any web server, better distributing load across all the web servers. In addition, auto scaling can terminate individual web servers without losing session state information. On architectural point of view, this sort of a solution is scalable and makes your applications stateless. Using Amazon ElastiCache, you can add a caching or in-memory layer to your application architecture in a matter of minutes via a few clicks of the AWS Management Console. ElastiCache makes it easy to deploy and run Memcached or Redis protocol-compliant server nodes in the cloud. It improves the performance of web applications by allowing you to retrieve information from a fast, managed, in-memory system, instead of relying entirely on slower disk-based databases. ElastiCache is an AWS managed service which simplifies and offloads the management, monitoring and operation of in-memory environments, enabling your engineering resources to focus on developing applications. With ElastiCache, you can not only improve load and response times to user actions and queries, but also reduce the cost associated with scaling web applications.
Your supervisor is upset about the fact that SNS topics that he subscribed to are now cluttering up his email inbox. How can he stop receiving email from SNS without disrupting other users' ability to receive email from SNS? Choose 2 answers from the options below Please select : A. You can delete the subscription from the SNS topic responsible for the emails B. You can delete the endpoint from the SNS subscription responsible for the emails C. You can delete the SNS topic responsible for the emails D. He can use the unsubscribe information provided in the emails Feedback Your answer is correct.
A. You can delete the subscription from the SNS topic responsible for the emails D. He can use the unsubscribe information provided in the emails Every request has a unsubscribe URL which can be used. Also from the aws console , one can just delete the subscription
You've enabled website hosting on a bucket named "demo.com" in the US-East-1 (US standard region). Select the URL you'll receive from AWS as the URL for the bucket. Choose a correct answer from the options below Please select : A. demo.com.s3-website-us-east-1.amazonaws.com B. demo-com.s3-website-us-east-1.amazonaws.com C. demo.com.s3-website.amazonaws.com D. demo.com.us-east-1-s3-website.amazonaws.com
A. demo.com.s3-website-us-east-1.amazonaws.com To host your static website, you configure an Amazon S3 bucket for website hosting and then upload your website content to the bucket. The website is then available at the region-specific website endpoint of the bucket: <bucket-name>.s3-website-<AWS-region>.amazonaws.com
What is the Amazon SNS endpoint for The US East (Northern Virginia)? Choose one answer from the options below Please select : A. http://sns.us-east-1.amazonaws.com B. http://sns.us-east-1a.amazonaws.com C. http://sns.us-east-1b.amazonaws.com D. http://sns.ap-southeast-1.amazonaws.com
A. http://sns.us-east-1.amazonaws.com The various SNS endpoints for AWS are given below. The US East (Northern Virginia) end-point is: http://sns.us-east-1.amazonaws.com The US West (Oregon) end-point is: http://sns.us-west-2.amazonaws.com The US West (Northern California) end-point is: http://sns.us-west-1.amazonaws.com The EU(Ireland) end-point is: http://sns.eu-west-1.amazonaws.com The EU(Frankfurt) end-point is: http://sns.eu-central-1.amazonaws.com The Asia Pacific (Singapore) end-point is: http://sns.ap-southeast-1.amazonaws.com The Asia Pacific (Tokyo) end-point is: http://sns.ap-northeast-1.amazonaws.com The Asia Pacific (Sydney) end-point is: http://sns.ap-southeast-2.amazonaws.com The South America (Sao Paulo) end-point is: http://sns.sa-east-1.amazonaws.com
In AWS CloudFormation, the intrinsic function Fn::Join appends a set of values into a single value, separated by the specified delimiter. If a delimiter is the empty string, the set of values are concatenated with no delimiter. Keeping the above in mind what value will the following example return? "Fn::Join" : [ "-", [ "the", "demo", "app" ] ] Please select : A. the-demo-app B. -thedemoapp C. -the-demo-app D. -the-demo-app-
A. the-demo-app The intrinsic function Fn::Join appends a set of values into a single value, separated by the specified delimiter. If a delimiter is the empty string, the set of values are concatenated with no delimiter.
Company B has created an e-commerce site using DynamoDB and is designing a products table that includes items purchased and the users who purchased the item. When creating a primary key on a table which of the following would be the best attribute for the primary key? Select the BEST possible answer. Please select : A. user_id where there are many users to few products B. product_id where there are few products to many users C. category_id where there are few categories to many products D. None of the above
A. user_id where there are many users to few products When defining primary keys , you should always use a many to few principle and only Option A follows that principle. When designing tables it is important for the data to be distributed evenly across the entire table. It is best practice for performance to set your primary key where there are many primary keys to few rows. Example would be many users to few products. An example of bad design would be a primary key of product_id where there are few products but many users
A user has configured ELB. Which of the below mentioned protocols the user can configure for ELB health checks while setting up ELB? HTTPS TCP All of the options SSL
All of the options An ELB performs a health check on its instances to ensure that it diverts traffic only to healthy instances. The ELB can perform a health check on HTTP, HTTPS, TCP and SSL protocols.
Which Amazon service is not used by Elastic Beanstalk? Amazon ELB Amazon S3 Auto scaling Amazon EMR
Amazon EMR Elastic Beanstalk leverages AWS services such as Amazon Elastic Cloud Compute (Amazon EC2), Amazon Simple Storage Service(AmazonS3), Amazon Simple Notification Service(Amazon SNS),Elastic Load Balancing and Auto Scaling to deliver the same highly reliable, scalable, and cost-effective infrastructure that hundreds of thousands of businesses depend on today.
In regards to Amazon SQS how can you secure the messages in your queues? You can't Amazon SQS uses either your Access Key ID or an X.509 certificate to authenticate your identity Through your IAM access keys Don't use root access
Amazon SQS uses either your Access Key ID or an X.509 certificate to authenticate your identity Authentication mechanisms are provided to ensure that messages stored in Amazon SQS queues are secured against unauthorized access. Only the AWS account owners can access the queues they create. Amazon SQS uses proven cryptographic methods to authenticate your identity, either through the use of your Access Key ID and request signature, or through the use of an X.509 certificate.
When computing the read capacity for a scan operations, to what KB is the number of bytes rounded off to? Please select : A. 1 KB B. 4 KB C. 2 KB D. 8 KB
B. 4KB The read units required is the number of bytes fetched by the scan operation, rounded to the nearest 4KB, divided by 4KB. Scanning a table with consistent reads consumes twice the read capacity as a scan with eventually consistent reads.
In SWF what are the containers called for segregating application resources. Choose the correct answer from the options below. Please select : A. Dockers B. Domains C. Namespaces D. Metrics
B. Domains
Which DynamoDB API call does not consume capacity units? Choose the correct answer from the options below Please select : A. DeleteItem B. UpdateTable C. GetItem D. UpdateItem
B. UpdateTable Modifies the provisioned throughput settings, global secondary indexes, or DynamoDB Streams settings for a given table. All of the other commands access the items of the table and hence consumes capacity units
After having created a new Linux instance on Amazon EC2, and downloaded the .pem file (called LAfile.pem) you try and SSH into your IP address (52.2.222.22) using the following command. ssh -i LAfile.pem [email protected] However you receive the following error. WARNING: UNPROTECTED PRIVATE KEY FILE! What is the most probable reason for this and how can you fix it? Please select : A. You do not have root access on your terminal and need to use the sudo option for this to work as follows. "sudo ssh -i LAfile.pem [email protected]" B. Your key file must not be publicly viewable for SSH to work. You need to modify your pem file as follows "chmod 400 LAfile.pem" C. Your key file is not encrypted. You need to use the -u option for unencypted not the -i option as follows. "ssh -u LAfile.pem [email protected]" D. Your key file does not have the correct permissions for you to run the command. You need to modify your pem file as follows "chmod 644 LAfile.pem"
B. Your key file must not be publicly viewable for SSH to work. You need to modify your pem file as follows "chmod 400 LAfile.pem"
In DynamoDB, what type of HTTP response codes indicate that a problem was found with the client request sent to the service? 200 HTTP response code 500 HTTP response code 700 HTTP response code 400 HTTP response code
400 HTTP response code
That is the maximum number of S3 buckets by default allowed per AWS account? Choose the correct answer from the options below. Please select : A. 100 B. 50 C. 1000 D. 150
A. 100
What is the smallest amount of reserved capacity that can be purchased for DynamoDB? Choose an answer from the options below Please select : A. 100 B. 10 C. 1000 D. 10,000
A. 100
In DynamoDB, how many tables can an AWS account have per region? Choose the correct answer from the options below. Please select : A. 126 B. 256 C. 282 D. 255
A. 126
What is the default timeout for visibility queue in SQS in seconds? Choose the correct answer from the options below Please select : A. 30 B. 14 C. 10 D. 60
A. 30 Each queue starts with a default setting of 30 seconds for the visibility timeout. You can change that setting for the entire queue. Typically, you'll set the visibility timeout to the average time it takes to process and delete a message from the queue. When receiving messages, you can also set a special visibility timeout for the returned messages without changing the overall queue timeout.
What is the maximum size of an item in DynamoDB? Choose an answer from the options below Please select : A. 400KB B. 100KB C. 1 MB D. 5 MB
A. 400KB
ow is the coordination between worker processes done in SWF? Choose the correct answer from the options below. Please select : A. By writing a program called the decider B. By using SQS C. By using a master worker process D. This is not possible
A. By writing a program called the decider
Company B has many users updating the same table. At times it is not uncommon for multiple users to update the same item and attribute of an item at the same time. If user A calls an item in a table to update an attribute at the same time as user B and user B updates the table first, what can we deploy in DynamoDB to ensure User A is not updating an item that was updated since User A's table read? Choose the correct answer from the options below. Please select : A. Conditional Writes B. Eventual Consistency C. Extra API read calls to determine if the data was updated before the update call is made D. Atomic Counters
A. Conditional Writes To help clients coordinate writes to data items, DynamoDB supports conditional writes for PutItem, DeleteItem, and UpdateItem operations. With a conditional write, an operation succeeds only if the item attributes meet one or more expected conditions; otherwise it returns an error
What are the API's available for DynamoDB? Choose 3 answers from the options below Please select : A. CreateTable B. UpdateTable C. ListAllTables D. UpdateItem
A. CreateTable B. UpdateTable D. UpdateItem
While hosting a static website with Amazon S3, your static JavaScript code attempts to include resources from another S3 bucket but permission is denied. How might you solve the problem? Choose the correct answer from the options below Please select : A. Enable CORS Configuration B. Disable Public Object Permissions C. Move the object to the main bucket D. None of the above
A. Enable CORS Configuration Cross-origin resource sharing (CORS) defines a way for client web applications that are loaded in one domain to interact with resources in a different domain. With CORS support in Amazon S3, you can build rich client-side web applications with Amazon S3 and selectively allow cross-origin access to your Amazon S3 resources.
Any local secondary index in a DynamoDB table can be updated once it is created. Please select : A. False B. True
A. False
Which of the following statements is true about DynamoDB? Choose the correct answer from the options below Please select : A. Requests are eventually consistent unless otherwise specified. B. Requests are strongly consistent. C. Tables do not contain primary keys. D. None of the above
A. Requests are eventually consistent unless otherwise specified.
Does SNS guarantee message delivery to SQS? Choose one answer from the options below Please select : A. True B. False
A. True Amazon SNS gurantees each messaged deleived to SQS at least once
Does AWS CloudFormation assume default template version if one is not explicitly mentioned in a CloudFormation template? Please select : A. True B. False
A. True The AWSTemplateFormatVersion section (optional) identifies the capabilities of the template. The latest template format version is 2010-09-09 and is currently the only valid value. The value for the template format version declaration must be a literal string. You cannot use a parameter or function to specify the template format version. If you don't specify a value, AWS CloudFormation assumes the latest template format version.
Your application is trying to upload a 7 GB file to Simple Storage Service and receive a "Your proposed upload exceeds the maximum allowed object size." error message. What is a feasible solution for this? A. Use the multi-part upload API for this object B. Use "resume on failure" feature. C. Simple Storage Service objects are limited to 2 GB D. Use thirty party tool to split the objects into multiple pieces for easy upload
A. Use the multi-part upload API for this object
Which method can be used to prevent an IP address block from accessing public objects in an S3 bucket? Create a bucket policy and apply it to the bucket Create a NACL and attach it to the VPC of the bucket Create an ACL and apply it to all objects in the bucket Modify the IAM policies of any users that would access the bucket
Create a bucket policy and apply it to the bucket
A user is creating a new EBS volume from an existing snapshot. The snapshot size shows 10GB. Can the user create a volume of 30 GB from that snapshot? Provided the snapshot has the modify size attribute set as true Yes Provided the original volume has set the change size attribute to true No
Yes A user can always create a new EBS volume of a higher size than the original snapshot size. The user cannot create a volume of a lower size. When the new volume is created the size in the instance will be shown as the original size. The user needs to change the size of the device with resize2fs or other OS specific commands.
Does Amazon Dynamo DB support both increment and decrement atomic operations? Only increment, since decrement are inherently impossible with Dynamo DB's data model. No, neither increment nor decrement operations. Yes, both increment and decrement operations. Only decrement, since increment are inherently impossible with Dynamo DB's data model.
Yes, both increment and decrement operations.
Can a user associate and use his own DNS with ELB instead of the DNS provided by AWS ELB? Yes, by creating a CNAME with the existing domain name provider No Yes, only through Route 53 by mapping ELB and DNS Yes, by configuring DNS in the AWS Console
Yes, by creating a CNAME with the existing domain name provider The AWS ELB allows mapping a custom domain name with ELB. The user can map ELB with DNS in two ways: 1)By creating CNAME with the existing domain name service provider or 2)By creating a record with Route 53
You cannot access your AWS console, so you revert to using the CLI that you are not familiar with. Which of the following commands is not a valid CLI command for EC2 instances? ec2-allocate-interface ec2-allocate-address ec2-attach-internet-gateway ec2-associate-route-table
ec2-allocate-interface You can use the CLI tools to manage your AmazonEC2resources(such as instances, security groups, and volumes) and your Amazon VPC resources (such as VPCs, subnets, route tables, and Internet gateways). Before you can start using the tools, you must download and configure them. The following are valid CLI commands for EC2 instances: ec2-accept-vpc-peering-connection ec2-allocate-address ec2-assign-private-ip-addresses ec2-associate-address ec2-associate-dhcp-options ec2-associate-route-table ec2-attach-internet-gateway ec2-attach-network-interface (not ec2-allocate-interface)
While performing the volume status checks, if the status is insufficient-data, what does it mean? the check has passed the checks may still be in progress on the volume the check has failed the checks is not yet started
the checks may still be in progress on the volume Volume status checks are automated tests that run every 5 minutes and return a pass or fail status. If all checks pass, the status of the volume is ok. If a check fails, the status of the volume is impaired. If the status is insufficient-data, the checks may still be in progress on the volume. You can view the results of volume status checks to identify any impaired volumes and take any necessary actions.
What happens if the application component fails before deleting the message in SQS? If your system doesn't call DeleteMessage for that message before the visibility timeout expires? the message will be deleted automatically by AWS system APIs the message again becomes visible to the ReceiveMessage calls placed by the components in your system and it will be received again the message again becomes visible in the queue, however it wont be available for ReceiveMessage calls the message will be moved to dead letter queue and no longer will be available for component access
the message again becomes visible to the ReceiveMessage calls placed by the components in your system and it will be received again The visibility timeout clock starts ticking once Amazon SQS returns the message. During that time, the component processes and deletes the message. But what happens if the component fails before deleting the message? If your system doesn't call DeleteMessage for that message before the visibility timeout expires, the message again becomes visible to the ReceiveMessage calls placed by the components in your system and it will be received again. If a message should only be received once, your system should delete it within the duration of the visibility timeout.
Which of the following is chosen as the default region when making an API call with an AWS SDK? us-west-2 eu-west-1 ap-northeast-1 us-east-1 us-central-1
us-east-1 AWS clients created using the client constructor will not automatically determine region from the environment and will, instead, use the default SDK region (USEast1).
When you use the AWS Elastic Beanstalk console to deploy a new application you'II need to upload a source bundle you'II need to upload each file separately. you'II need to create each file and path you'II need to create each file
you'II need to upload a source bundle When you use the AWS Elastic Beanstalk console to deploy a new application or an application version, you'II need to upload a source bundle
Amazon Simple Notification Service (Amazon SNS) provides support for delivery of message attributes to Amazon SQS endpoints and each message attribute consists of the following items: Name, Type and Value. Which of the following is TRUE, regarding message attributes? Choose the correct answer from the options below Please select : A. Name, type, and value can be empty or null but the message body cannot be empty or null. B. Name, type, and value must not be empty or null but the message body can be empty or null. C. Name, type, and value can be empty or null and the message body can be empty or null. D. Name, type, and value must not be empty or null and the message body shouldn't be empty or null either.
D. Name, type, and value must not be empty or null and the message body shouldn't be empty or null either. Amazon Simple Notification Service (Amazon SNS) provides support for delivery of message attributes to Amazon SQS endpoints. Message attributes allow you to provide structured metadata items (such as timestamps, geospatial data, signatures, and identifiers) about the message Also the requirement for each attribute to be not NULL in addition to the message body is given in the AWS documentation.
What is the limit on the number of attributes an item can have in DynamoDB? Choose an answer from the options below Please select : A. 100 B. 200 C. 1000 D. No limit
D. No limit Only limit is the size of an item, 400kb
Of the 6 available sections on a CloudFormation template (Template Description Declaration, Template Format Version Declaration, Parameters, Resources, Mappings, Outputs), which is the only one required for a CloudFormation template to be accepted? Choose an answer from the options below Please select : A. Parameters B. Template Declaration C. Mappings D. Resources
D. Resources If you refer to the documentation, you will see that Resources is the only mandatory field Specifies the stack resources and their properties, such as an Amazon Elastic Compute Cloud instance or an Amazon Simple Storage Service bucket.
You need to announce an emergency downtime for a production AWS web application. This downtime notification will require different sets of instructions for different devices. All of the application users signed up to receive SNS notifications from the "mywebapp" topic when they began using the application and they are currently subscribed to this topic. What are appropriate ways for you to provide timely, device-specific instructions to end users when announcing this downtime? Choose an answer from the options below Please select : A. Create a different topic for each subscription type and send a message to SMS endpoints to one topic and a message to email endpoints to another topic B. Send multiple messages to the topic and ask users to ignore the messages that do not pertain to their device C. SNS is for automated notifications and you cannot send messages manually via SNS. The best option is to export the endpoints to a csv and send notifications to customers via your email client or SMS device. D. Send a single message, but customize the text in the SNS message field so that each device gets only the information that is appropriate for them
D. Send a single message, but customize the text in the SNS message field so that each device gets only the information that is appropriate for them
A user is planning to use the AWS RDS with MySQL. Which of the below mentioned services the user is not going to pay? RDS Cloudwatch metrics Data storage I/O requests per month Data transfer
RDS Cloudwatch metrics RDS charges the user on a pay as you go basis. It charges the user based on the instance type, number of hours that the instance is running, data transfer, storage cost as well for the I/O requests. The monitoring is free of cost.
Which of the below mentioned options is a must to have an element as a part of the IAM policy? ID Condition Statement Version
Statement The statement is the main element of the IAM policy and it is a must for a policy. Elements such as condition, version and ID are not required
Which of the below mentioned options can be a good use case for storing content in AWS RRS? Storing a video file which is not reproducible Storing mission critical data Files Storing infrequently used log files Storing image thumbnails
Storing image thumbnails AWS RRS provides the same functionality as AWSS3, but at a cheaper rate. It is ideally suited for non-mission, critical applications, such as files which can be reproduced.
In Dynamo DB, What item operation allows to edit an existing item's attributes, or adds a new item to the table if it does not already exist? UpdateTable GetItem UpdateItem DeleteItem
UpdateItem
In S3 what can be used to delete a large number of objects Please select : A. QuickDelete B. Multi-Object Delete C. Multi-S3 Delete D. There is no such option available
B. Multi-Object Delete
In relation to Amazon Simple Workflow Service (Amazon SWF),what is an "Activity Worker"? The automation of a business process An individual task undertaken by a workflow All answers listed are correct A piece of software that implements tasks
A piece of software that implements tasks In relation to Amazon Simple Workflow Service (Amazon SWF), an activity worker is a program that receives activity tasks, performs them, and provides results back. Which translates to a piece of software that implements tasks
Which API call can be used to retrieve up to 100 items at a time or 1MB of data from a DynamoDB table? Choose the correct answer from the options below. Please select : A. BatchGetItem B. GetItem C. BatchItem D. ChunkGetItem
A. BatchGetItem The BatchGetItem operation returns the attributes of one or more items from one or more tables. You identify requested items by primary key. A single operation can retrieve up to 16 MB of data, which can contain as many as 100 items. BatchGetItem will return a partial result if the response size limit is exceeded, the table's provisioned throughput is exceeded, or an internal processing failure occurs. If a partial result is returned, the operation returns a value for UnprocessedKeys
Can one configure anonymous access to a queue? Choose the correct answer from the options below Please select : A. True B. False
A. True
Can data be saved when a stack is deleted in Cloudformation? Choose the correct answer from the options below Please select : A. True B. False
A. True AWS CloudFormation allows you to define deletion policies for resources in the template. You can specify that snapshots be created for Amazon EBS volumes or Amazon RDS database instances before they are deleted. You can also specify that a resource should be preserved and not deleted when the stack is deleted. This is useful for preserving Amazon S3 buckets when the stack is deleted.
SQS guarantees delivery but there can be duplicates. Choose the correct answer from the options below. Please select : A. True B. False
A. True Amazon SWF keeps track of all tasks and events in an application. Amazon SQS requires you to implement your own application-level tracking, especially if your application uses multiple queues.
Can expressions be used as part of the Query API call in DynamoDB? Choose an answer from the options below Please select : A. True B. False
A. True Can filter based on KeyConditionExpression Parameter
Which of the following would you expect to see in the body of an SNS notification? Choose the correct answer from the options below Please select : A. UnsubscribeURL B. MessageBody C. SignatureId D. Subjects
A. UnsubscribeURL
To connect your remote office to your VPC for internal network access, what would you need to use? Choose the correct answer from the options below Please select : A. VPN B. Server C. Elastic IP Address D. None of the above
A. VPN
can be used to bootstrap both the Chef Server and Chef Client software on your EC2 instances AWS Elastic Beanstalk AWS CIoudFormation Amazon Glacier AWS OpsWorks
AWS CIoudFormation AWS CIoud Formation can be used to bootstrap both the Chef Server and Chef Client software on your EC2 instances.
A user is running a webserver on EC2. The user wants to receive the SMS when the EC2 instance utilization is above the threshold limit. Which AWS services should the user configure in this case? AWS CIoudWatch+ AWS SQS. AWS CIoudWatch + AWS SES AWS CIoudWatch + AWS SNS. AWS EC2 + AWSCloudwatch.
AWS CIoudWatch + AWS SNS. Amazon SNS makes it simple and cost-effective to push to mobile devices, such as iPhone, iPad, Android, Kindle Fire, and internet connected smart devices, as well as pushing to other distributed services. In this case, the user can configure that Cloudwatch sends an alarm on when the threshold is crossed to SNS which will trigger an SMS.
A user has developed an application which is required to send the data to a NoSQL database. The user wants to decouple the data sending such that the application keeps processing and sending data but does not wait for an acknowledgement of DB. Which of the below mentioned applications helps in this scenario? AWS Simple Query Service AWS Simple Notification Service AWS Simple Workflow AWS Simple Queue Service
AWS Simple Queue Service Amazon Simple Queue Service (SQS) is a fast, reliable, scalable, and fully managed message queuing service. SQS provides a simple and cost-effective way to decouple the components of an application. In this case, the user can use AWSSQS to send messages which are received from an application and sent to DB. The application can continue processing data without waiting for any acknowledgement from DB. The user can use SQS to transmit any volume of data without losing messages or requiring other services to always be available.
Which services allow the customer to retain full administrative privileges of the underlying EC2 instances? Choose 2 answers Amazon ElastiCache Amazon Relational Database Service Amazon Elastic Map Reduce Amazon DynamoDB AWS Elastic Beanstalk
Amazon Elastic Map Reduce AWS Elastic Beanstalk AWS provides the root or system privileges only for a limited set of services, which includes Elastic Cloud Compute (EC2) Elastic MapReduce (EMR) Elastic BeanStalk Opswork AWS does not provide root privileges for managed services like RDS, DynamoDB, S3, Glacier etc
What is the format of structured notification messages sent by Amazon SNS? An JSON object containing MessageId, unsubscribeURL, Subject, Message and other values An XML object containing MessageId, DuplicateFlag, Message and other values An JSON object containing MessageId, DuplicateFlag, Message and other values An JSON object containing MessageId, DuplicateFlag, Message, Host, IP address and other values
An JSON object containing MessageId, unsubscribeURL, Subject, Message and other values
In regards to Amazon SQS how many times will you receive each message? Exactly once At least twice At least once As many times as you want
At least once Amazon SQS is engineered to provide "at least once" delivery of all messages in its queues. Although most of the time, each message will be delivered to your application exactly once, you should design your system so that processing a message more than once does not create any errors or inconsistencies
A user has launched a MySQL RDS. The user wants to plan for the DR and automate the snapshot. Which of the below mentioned functionality offers this option with RDS? Snapshot Automated synchronization Copy snapshot Automated backup
Automated backup Amazon RDS provides two different methods for backing up and restoring the Amazon DB instances: automated backups and DB snapshots. Automated backups automatically back up the DB instance during a specific, user-definable backup window, and keep the backups for a limited, user-specified period of time.
Which of the following is not true about SWF? Choose the correct answer from the options below Please select : A. Decision tasks occur when the state of the workflow changes. B. EC2 instances can perform a worker task. C. Humans can perform a decision task. D. A server residing outside of an AWS datacenter can perform a worker task.
C. Humans can perform a decision task. Humans can perform an activity task, but not a decision task.
Which API call occurs in the final process of creating an AMI? Choose the correct answer from the options below Please select : A. ami-create-image B. CreateImage C. RegisterImage D. ami-register-image
C. RegisterImage
You created three S3 buckets - "mydomain.com", "downloads.mydomain.com", and "www.mydomain.com". You uploaded your files, enabled static website hosting, specified both of the default documents under the "enable static website hosting" header, and set the "Make Public" permission for the objects in each of the three buckets. All that's left for you to do is to create the Route 53 Aliases for the three buckets. You are going to have your end users test your websites by browsing to http://mydomain.com/error.html, http://downloads.mydomain.com/index.html, and http://www.mydomain.com. What problems will your testers encounter? Choose an answer from the options below Please select : A. http://mydomain.com/error.html will not work because you did not set a value for the error.html file B. http://www.mydomain.com will not work because the URL does not include a file name at the end of it. C. There will be no problems, all three sites should work. D. http://downloads.mydomain.com/index.html will not work because the "downloads" prefix is not a supported prefix for S3 websites using Route 53 aliases
C. There will be no problems, all three sites should work. AWS S3 coupled with Route53 ALIAS records supports all above. As the question lists all the required steps correctly, users should have no issues in accessing all three websites.
whenever the CPU utilization is below 10%, Auto Scaling should remove one instance. How can the user configure this? Use CloudWatch to monitor the data and Auto Scaling to remove the instances using scheduled actions The user can get an email using SNS when the CPU utilization is less than 10%. The user can use the desired capacity of Auto Scaling to remove the instance Configure CloudWatch to send a notification to the Auto Scaling group when the CPU Utilization is less than 10% and configure the Auto Scaling policy to remove the instance Configure CloudWatch to send a notification to Auto Scaling Launch configuration when the CPU utilization is less than 10% and configure the Auto Scaling policy to remove the instance
Configure CloudWatch to send a notification to the Auto Scaling group when the CPU Utilization is less than 10% and configure the Auto Scaling policy to remove the instance
A user wants to access RDS from an EC2 instance using IP addresses. Both RDS and EC2 are in the same region, but different AZs. Which of the below mentioned options help configure that the instance is accessed faster? Configuring the elastic IP of the instance in RDS security group Security group of EC2 allowed in the RDS security group Configure the Private IP of the Instance in RDS security group Configure the Public IP of the instance in RDS security group
Configure the Private IP of the Instance in RDS security group If the user is going to specify an IP range in RDS security group, AWS recommends using the private IP address of the Amazon EC2 instance. This provides a more direct network route from the Amazon EC2 instance to the Amazon RDS DB instance, and does not incur network charges for the data sent outside of the Amazon network
An organization has 20 employees. The organization wants to give all the users access to the organization AWS account. Which of the below mentioned options is the right solution? Create an IAM user for each employee and provide access to them Share the root credentials with all the users It is not advisable to give AWS access to so many users Use the IAM role to allow access based on STS
Create an IAM user for each employee and provide access to them AWS Identity and Access Management is a web service that enables the AWS customers to manage users and user permissions in AWS. The IAM is targeted at organization with multiple users or systems that use AWS products such as Amazon EC2, Amazon RDS, and the AWS Management Console. With IAM, the organization can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users can access.
You have an application running on an EC2 Instance which will allow users to download flies from a private S3 bucket using a pre-assigned URL. Before generating the URL the application should verify the existence of the file in S3. How should the application use AWS credentials to access the S3 bucket securely? Use the AWS account access Keys the application retrieves the credentials from the source code of the application. Create an IAM user for the application with permissions that allow list access to the S3 bucket. The application retrieves the IAM user credentials from a temporary directory with permissions that allow read access only to the application user. Create a IAM user for the application with permissions that allow list access to the S3 bucket launch the instance as the IAM user and retrieve the IAM user's credentials from the EC2 instance user data. Create an IAM role for EC2 that allows list access to objects in the S3 bucket. Launch the instance with the role, and retrieve the role's credentials from the EC2 Instance metadata
Create an IAM user for the application with permissions that allow list access to the S3 bucket. The application retrieves the IAM user credentials from a temporary directory with permissions that allow read access only to the application user. If there is an IAM role associated with the instance at launch, role-name is the name of the role, and role-name contains the temporary security credentials associated with the role. Otherwise, not present.
You decide to configure a bucket for static website hosting. As per the AWS documentation, you create a bucket named 'mybucket.com' and then you enable website hosting with an index document of 'index.html' and you leave the error document as blank. You then upload a file named 'index.html' to the bucket. After clicking on the endpoint of mybucket.com.s3-website-us-east-1.amazonAWS.com you receive 403 Forbidden error. You then change the CORS configuration on the bucket so that everyone has access, however you still receive the 403 Forbidden error. What additional step do you need to do so that the endpoint is accessible to everyone? Choose the correct answer from the options below Please select : A. Register mybucket.com on Route53 B. Wait for the DNS change to propagate C. You need to add a name for the error document, because it is a required field. D. Change the permissions on the index.html file also, so that everyone has access.
D. Change the permissions on the index.html file also, so that everyone has access.
Which of the following would you not expect to see in an SNS message body? Please select : A. Signature B. MessageId C. SigningCertURL D. SubjectId
D. SubjectId
As you retrieve information from DynamoDB, you receive this error: "ProvisionedThroughputExceededException", but upon investigation you notice that you're not exceeding your table read capacity throughput. What is causing this error? Choose the correct answer from the options below Please select : A. DynamoDB needs a short amount of time to pre-warm before being able to handle a spike in demand, even if a table has enough throughput capacity configured B. Metrics reported by AWS are not always real-time and could take a minute or so to appear C. This happens when using sort keys because they consume an extra read capacity for each call which doubles throughput D. We are exceeding a partition's throughput capacity, even if we're not exceeding the table throughput capacity
D. We are exceeding a partition's throughput capacity, even if we're not exceeding the table throughput capacity You exceeded your maximum allowed provisioned throughput for a table or for one or more global secondary indexes.
Which EC2 API call would you use to retrieve a list of Amazon Machine Images? A. DescribeInstances B. GetAMls C. DescribeImages D. escribeAMls
DescribeImages
You manually launch a NAT AMI in a public subnet. The network is properly configured. Security groups and network access control lists are property configured. Instances in a private subnet can access the NAT. The NAT can access the Internet. However, private instances cannot access the Internet. What additional step is required to allow access from the private instances? Disable Source/Destination Check on the private instances. Disable Source/Destination Check on the NAT instance. Enable Source/Destination Check on the private Instances. Enable Source/Destination Check on the NAT instance
Disable Source/Destination Check on the NAT instance Each EC2 instance performs source/destination checks by default. This means that the instance must be the source or destination of any traffic it sends or receives. However, a NAT instance must be able to send and receive traffic when the source or destination is not itself. Therefore, you must disable source/destination checks on the NAT instance.You can disable the SrcDestCheck attribute for a NAT instance that's either running or stopped using the console or the command line. To disable source/destination checking using the console 1.Open the Amazon EC2 console. 2.In the navigation pane, choose Instances. 3.Select the NAT instance, choose Actions, select Networking, and then select Change Source/Dest. Check. 4.For the NAT instance, verify that this attribute is disabled. Otherwise, choose Yes, Disable.
If I want an instance to have a public IP address, which IP address should I use? Elastic IP Address Host IP Address Domain IP Address Dynamic IP Address
Elastic IP Address An Elastic IP address is a public IP address, which is reachable from the Internet. If your instance does not have a public IP address, you can associate an Elastic IP address with your instance to enable communication with the Internet; for example, to connect to your instance from your local computer.
A company is building a two-tier web application to serve dynamic transaction-based content. The data tier is leveraging an Online Transactional Processing(OLTP)database. What services should you leverage to enable an elastic and scalable web tier? Elastic Load Balancing , Amazon EC2, and Auto Scaling AmazonEC2,Amazon Dynamo DB, and Amazon S3 Elastic Load Balancing, Amazon EC2, and Amazon RDS Amazon RDS with Multi-AZ and Auto Scaling
Elastic Load Balancing , Amazon EC2, and Auto Scaling
A user is creating multiple IAM users. What advice should be given to him to enhance the security? Grant all higher privileges to the group Grant least privileges to the individual user Grant less privileges for user, but higher privileges for the group Grant more privileges to the user, but least privileges to the group
Grant least privileges to the individual user It is a recommended rule that the root user should grant the least privileges to the IAM user or the group. The higher the privileges, the more problems it can create
A user is setting up an Elastic Load Balancer(ELB). Which of the below parameters should the user consider so as the instance gets registered with the ELB? ELB DNS IP address ELB IP Security group
IP address The EC2 instances are registered with the load balancer using the IP addresses associated with the instances. When an instance is stopped and then started, the IP address associated with the instance changes. This prevents the load balancer from routing traffic to the restarted instance. When the user stops and then starts registered EC2 instances, it is recommended that to de-register the stopped instance from load balancer, and then register the restarted instance. Failure to do so may prevent the load balancer from performing health checks and routing the traffic to the restarted instance
You are using Amazon SQS and are getting a "Queue Deleted Recently" error. What is wrong? You have incorrect permissions Another user has deleted the queue If you delete a queue, you need to wait for at least 60 seconds before creating a queue with the same name The message is too big
If you delete a queue, you need to wait for at least 60 seconds before creating a queue with the same name
ou have an EC2 Security Group with several running EC2 instances. You change the Security Group rules to allow inbound traffic on a new port and protocol, and launch several new instances in the same Security Group. The new rules apply: To all instances, but it may take several minutes for old instances to see the changes. Immediately to the new instances only. Immediately to all instances in the security group. Immediately to the new instances, but old instances must be stopped and restarted before the new rules apply.
Immediately to all instances in the security group.
A user has setup an EBS backed instance and attached 2 EBS volumes to it. The user has setup a CloudWatch alarm on each volume for the disk data. The user has stopped the EC2 instance and detached the EBS volumes. What will be the status of the alarms on the EBS volume? Alarm Insufficient Data OK The EBS cannot be detached until all the alarms are removed
Insufficient Data INSUFFICIENT_DATA—The alarm has just started, the metric is not available, or not enough data is available for the metric to determine the alarm state
A user is creating a snapshot of an EBS volume. Which of the below statements is incorrect in relation to the creation of an EBS snapshot? It is stored in the same AZ as the volume It can be used to launch a new instance Its incremental It is a point in time backup of the EBS volume
It is stored in the same AZ as the volume The EBS snapshots are a point in time backup of the EBS volume. It is an incremental snapshot, but is always specific to the region and never specific to a single AZ. Hence the statement "it is stored in the same AZ as the volume" is incorrect.
A user has set an IAM policy where it allows all requests if a request from IP 10.10.10.1/32. Another policy allows all the requests between 5 PM to 7 PM. What will happen when a user is requesting access from IP 10.10.10.1/32 at 6PM? It is not possible to set a policy based on the time or IP It will deny access IAM will throw an error for policy conflict It will allow access
It will allow access With regard to IAM, when a request is made, the AWS service decides whether a given request should be allowed or denied. The evaluation logic follows these rules: By default, all requests are denied. (In general, requests made using the account credentials for resources in the account are always allowed.) An explicit allow policy overrides this default. An explicit deny policy overrides any allows
A user is part of a group which has a policy allowing him just read only access toEC2. The user is part of another group which has full access to EC2. What happens when the user tries to launch an instance? It will allow or deny based on the group under which the user has logged into EC2 It will fail since the user has just read only access It will allow the user to launch the instance It will not allow the user to add to the conflicting groups
It will allow the user to launch the instance The IAM group policy is always aggregated. In this case, if the user does not have permission for one group, but has permission for another group, he will have full access to EC2. Unless there is specific deny policy, the user will be able to access EC2.
A user has created a public subnet with VPC and launched an EC2 instance within it. The user is trying to delete the subnet. What will happen in this scenario? It will not allow the user to delete the subnet until the instances are terminated It will delete the subnet as well as terminate the instances The subnet can never be deleted independently, but the user has to delete the VPC first It will delete the subnet and make the EC2 instance as a part of the default subnet
It will not allow the user to delete the subnet until the instances are terminated Deleting Your VPC You can delete your VPC at any time (for example, if you decide it's too small). However, you must terminate all instances in the VPC first. When you delete a VPC using the Amazon VPC console, we delete all its components, such as subnets, security groups, network ACLs, route tables, Internet gateways, VPC peering connections, and DHCP options.
A user is configuring the HTTPS protocol on a front end ELB and the SSL protocol for the back-end listener in ELB. What will ELB do? Receives requests on HTTPS and sends it to the back end instance on SSL It will allow you to create the configuration, but the instance will not pass the health check It will not allow you to create this configuration It will allow you to create the configuration, but ELB will not work as expected
It will not allow you to create this configuration If a user is configuring HTTPS on the front end and TCP on the back end, ELB will not allow saving these listeners and will respond with the message. "Load Balancer protocol is an application layer protocol, but instance protocol is not. Both the Load Balancer protocol and the instance protocol should be at the same layer. Please fix."
Per the AWS Acceptable Use Policy, penetration testing of EC2 instances: May be performed by AWS, and will be performed by AWS upon customer request. May be performed by the customer on their own instances with prior authorization from AWS. May be performed by AWS, and is periodically performed by AWS. Are expressly prohibited under all circumstances. May be performed by the customer on their own instances, only if performed from EC2 instances
May be performed by the customer on their own instances with prior authorization from AWS.
Which of the following statements about SQS is true? Messages will be delivered one or more times and message delivery order is indeterminate Messages will be delivered exactly once and messages will be delivered in First in, First out order Messages will be delivered exactly once and message delivery order is indeterminate Messages will be delivered exactly once and messages will be delivered in Last in, First out order
Messages will be delivered one or more times and message delivery order is indeterminate mazon SQS ensures delivery of each message at least once. Amazon SQS is engineered to always be available and deliver messages. One of the resulting trade-offs is that SQS does not guarantee first in, first out delivery of messages
A user has configured ELB with two instances running in separate AZs of the same region? Which of the below mentioned statements is true? Multi AZ instances will provide HA with ELB Multi AZ instances will provide scalability with ELB Multi AZ instances are not possible with a single ELB The user can achieve both HA and scalability with ELB
Multi AZ instances will provide HA with ELB If a user is running two instances in separate AZs, it will provide HA with ELB since ELB will automatically stop routing the traffic to unhealthy instances and send it to healthy instances only.
A user has created a new EBS volume from an existing snapshot. The user mounts the volume on the instance to which it is attached. Which of the below mentioned options is a required step before the user can mount the volume? Run a cyclic check on the device for data consistency Resize the volume as per the original snapshot size Create the file system of the volume No step is required. The user can directly mount the device
No step is required. The user can directly mount the device When a user is trying to mount a blank EBS volume, it is required that the user first creates a file system within the volume. If the volume is created from an existing snapshot then the user needs not to create a file system on the volume as it will wipe out the existing data
Which of the following platforms are supported by Elastic Beanstalk?(Select 3 answers) Node JS EXT JS PHP Scala Python Pascal
Node JS PHP Python
What are characteristics of Amazon S3? Choose 2 answers S3 offers Provisioned IOPS. S3 allows you to store objects of virtually unlimited size. Objects are directly accessible via a URL. S3 should be used to host a relational database. S3 allows you to store unlimited amounts of data.
Objects are directly accessible via a URL. S3 allows you to store unlimited amounts of data.
Please select all relational database engines RDS currently support(Select 3 answers) PostgreSQL MariaDB Amazon Aurora MongoDB Cassandra SQLite
PostgreSQL MariaDB Amazon Aurora
A user is enabling logging on a particular bucket. Which of the below mentioned options may be best suitable to allow access to the log bucket? Create an IAM policy and allow log access It is not possible to enable logging on the S3 bucket Provide ACL for the logging group Create an IAM Role which has access to the log bucket
Provide ACL for the logging group The only recommended use case for the S3 bucket ACL is to grant the write permission to the Amazon S3 Log Delivery group to write access log objects to the user's bucket
Games-R-Us is launching a new game app for mobile devices. Users will log into the game using their existing Facebook account and the game will record player data and scoring information directly to a DynamoDB table. What is the most secure approach for signing requests to the DynamoDB API? Distribute the AWS root account access credentials with the mobile app to sign the requests Create an IAM user with access credentials that are distributed with the mobile app to sign the requests Request temporary security credentials using web identity federation to sign the requests Establish cross account access between the mobile app and the DynamoDB table to sign the requests
Request temporary security credentials using web identity federation to sign the requests With web identity federation, you don't need to create custom sign-in code or manage your own user identities. Instead, users of your app can sign in using a well-known identity provider (IdP) —such as Login with Amazon, Facebook, Google, or any other OpenID Connect (OIDC)-compatible IdP, receive an authentication token, and then exchange that token for temporary security credentials in AWS that map to an IAM role with permissions to use the resources in your AWS account. Using an IdP helps you keep your AWS account secure, because you don't have to embed and distribute long-term security credentials with your application.
When a Simple Queue Service message triggers a task that takes 5 minutes to complete, which process below will result in successful processing of the message and remove it from the queue while minimizing the chances of duplicate processing? Retrieve the message with increased DelaySeconds, process the message, delete the message from the queue Retrieve the message with an increased visibility timeout, delete the message from the queue, process the message Retrieve the message with an increased visibility timeout, process the message, delete the message from the queue Retrieve the message with increased DelaySeconds, delete the message from the queue, process the message
Retrieve the message with an increased visibility timeout, process the message, delete the message from the queue When you receive a message for a queue and begin to process it, the visibility timeout for the queue may be insufficient (for example, more time might be needed to process and delete the message). You can shorten or extend a message's visibility by specifying a new timeout value using the ChangeMessageVisibility action.
What AWS products and features can be deployed by elastic beanstalk?(Select 3 answers) Route 53 S3 EC2 SNS Dynamo DB SQS
Route 53 S3 EC2 AWS Elastic Beanstalk uses proven AWS features and services, such as Amazon EC2, Amazon RDS, Elastic Load Balancing, Auto Scaling, Amazon S3, and Amazon SNS, to create an environment that runs your application. The current version of AWS Elastic Beanstalk uses the Amazon Linux AMI or the Windows Server 2012 R2 AMI.
The user has created multiple Auto Scaling groups. The user is trying to create a new AS group but it fails. How can the user know that he has reached the AS group limit specified by Auto Scaling in that region? Run the command: as-max-account-limits Run the command: as-describe-group-limits Run the command: as-describe-account-limits Run the command: as-list-account-limits
Run the command: as-describe-account-limits
In AWS Elastic Beanstalk, if the application returns any response other than 200 ,OK or there is no response within the configured Inactivity Timeout period, . SQS sends a message to the application with the lVIessageID and pending status SQS waits for another timeout SQS once again makes the message visible in the queue and available for another attempt at processing SQS run DeIeteMessagecaII and deletes the message from the queue
SQS once again makes the message visible in the queue and available for another attempt at processing In AWS Elastic Beanstalk, if the application returns any response other than 200, OK or there is no response within the configured Inactivity Timeout period, SQS once again makes the message visible in the queue and available for another attempt at processing
A user has created an EBS instance in the US-East-1a AZ. The user has a volume of 30 GB in the US-East-1 b zone. How can the user attach the volume to an instance? Use the volume migrate function to move the volume from one AZ to another and attach to the instance Take a snapshot of the volume. Create a new volume in the USEast-1a and attach that to the instance Since both the volume and the instance are in the same region, the user can attach the volume Use the volume replicate function to create a new volume in the US-East-1a and attach that to the volume
Take a snapshot of the volume. Create a new volume in the USEast-1a and attach that to the instance If an EBS volume is not in the same AZ of an EC2 instance, it cannot be attached to the instance. The only option is to take a snapshot of the volume and create a new volume in the instance's AZ
Your manager has requested you to tag EC2 instances to organize and manage a load balancer. Which of the following statements about tag restrictions is incorrect? The maximum value length is 255 Unicode characters The maximum key length is 127 Unicode characters. The maximum number of tags per load balancer is 20. Tag keys and values are case sensitive.
The maximum number of tags per load balancer is 20.
An organization is having an application which can start and stop an EC2 instance as per schedule. The organization needs the MAC address of the instance to be registered with its software. The instance is launched in EC2-CLASSIC. How can the organization update the MAC registration every time an instance is booted? The instance MAC address never changes. Thus, it is not required to register the MAC address every time. The organization should write a boot strapping script which will get the MAC address from the instance metadata and use that script to register with the application. AWS never provides a MAC address to an instance; instead the instance ID is used for identifying the instance for any software registration. The organization should provide a MAC address as a part of the user data. Thus, when ever the instance is booted the script assigns the fixed MAC address to that instance.
The organization should write a boot strapping script which will get the MAC address from the instance metadata and use that script to register with the application. AWS provides an on demand, scalable infrastructure. AWSEC2 allows the user to launch On-Demand instances. AWS does not provide a fixed MAC address to the instances launched in EC2-CLASSIC. If the instance is launched as apart of EC2-VPC, it can have an ENI which can have a fixed MAC. However, with EC2-CLASSIC, every time the instance is started or stopped it will have a new MAC address. To get this MAC, the organization can run a script on boot which can fetch the instance metadata and get the MAC address from that instance metadata. Once the MAC is received, the organization can register that MAC with the software
A user has created an RDS instance with MySQL. The user is using the Heidi SQL client to connect with the RDS DB. The client is unable to connect to DB from his home machine. What is a possible reason for the failure? You can never connect to RDS from your desktop The security group is not configured to allow a request from the user's IP on port 3306 The user has to open port 80 in the RDS security group to connect with RDS DNS The user has to open port 22 in the RDS security group to connect with RDS DNS
The security group is not configured to allow a request from the user's IP on port 3306 If the user needs to connect to RDS then he has to open port 3306 in the RDS security group for his IP address.
A user has launched an RDS instance. The user has created 3databases on the same server. What can the maximum size be for each database? The total instance storage size cannot be more than 3 TB It is not possible to have more than one DB on a single instance The size of each DB cannot be more than 3 TB The size of each DB cannot be more than 1 TB
The total instance storage size cannot be more than 3 TB The AWS RDS DB instance is an isolated DB environment provided by AWS in which the user can create more than 1database. The maximum size of the instance should be between 5 GB and 3 TB. The size of each DB can be anything in this range
A user is planning to use EBS for his DB requirement. The user already has an EC2 instance running in the VPC private subnet. How can the user attach the EBS volume to a running instance? The user can create EBS in the same zone as the subnet of instance and attach that EBS to instance. The user must create EBS within the same VPC and then attach it to a running instance The user can specify the same subnet while creating EBS and then attach it to a running instance It is not possible to attach an EBS to an instance running in VPC until the instance is stopped
The user can create EBS in the same zone as the subnet of instance and attach that EBS to instance.
A user is trying to connect to a running EC2 instance using SSH. However, the user gets a Host key not found error. Which of the below mentioned options is a possible reason for rejection? The user has provided the wrong user name for the OS login The security group is not configured properly The access key to connect to the instance is wrong The instance CPU is heavily loaded
The user has provided the wrong user name for the OS login Error: Host key not found, Permission denied (public key), or Authentication failed, permission denied If you connect to your instance using SSH and get any of the following errors, Host key not found in [directory], Permission denied (public key), or Authentication failed, permission denied, verify that you are connecting with the appropriate user name for your AMI and that you have specified the proper private key (.pem) file for your instance.
A user is using an EBS backed instance. Which of the below mentioned statements is true? The user will be charged only for the instance running cost The user will be charged for volume and instance only when the instance is running The user will not be charged for the volume if the instance is stopped The user will be charged for the volume even if the instance is stopped
The user will be charged for the volume even if the instance is stopped If a user has launched an EBS backed instance, the user will be charged for the EBS volume even though the instance is in a stopped state. The instance will be charged for the EC2 hourly cost only when it is running.
How can you secure data at rest on an EBS volume? Use an encrypted file system on top of the EBS volume. Encrypt the volume using the S3 server-side encryption service. Attach the volume to an instance using EC2's SSL interface. Create an IAM policy that restricts read and write access to the volume.
Use an encrypted file system on top of the EBS volume.
A user is trying to create a policy for an IAM user from the AWS console. Which of the below mentioned options is not available to the user while configuring policy? Use policy simulator to create policy Use custom policy to create policy Use policy generator to create policy Assign No permission
Use policy simulator to create policy When a user is trying to create a policy from the AWS console, it will have options such as create policy from templates or use a policy generator. The user can also define a custom policy or chose the option to have no permission. The policy simulator is not available in the console.
When you register an activity in Amazon SWF, you provide the following information, except a name a domain timeout values version
a domain When designing an Amazon SWF workflow, you precisely define each of the required activities. You then register each activity with Amazon SWF as an activity type. When you register the activity, you provide information such as a name and version, and some timeout values based on how long you expect the activity to take
Which of the below mentioned commands allows the user to share the AMI with his peers using the AWS EC2 CLI? ec2-share-image-public ec2-share-image-account ec2-share-image ec2-modify-image-attribute
ec2-modify-image-attribute A user can share an AMI with another user / peer using the command: ec2-modify-image-attribute <AMI-ID> -| -a <AWSAccount |D>
In Amazon SWF, How long can a worker take to process(run for a maximum) a task? maximum of 1 month maximum of 1 day maximum of 1 week maximum of 1 year
maximum of 1 year Amazon SWF does not impose a specific limit on how long a worker can take to process a task. It enforces the timeout that you specify for the maximum duration for the activity task. Note that since Amazon SWF limits an execution to run for a maximum of 1 year, a worker cannot take longer than that to process a task.
A user is trying to find the state of an S3 bucket with respect to versioning. Which of the below mentioned states AWS will not return when queried? versioned unversioned versioning-enabled versioning-suspended
versioned S3 buckets can be in one of the three states: unversioned (the default), versioning-enabled or versioning-suspended. The bucket owner can configure the versioning state of a bucket. The versioning state applies to all (never some) of the objects in that bucket. The first time owner enables a bucket for versioning, objects in it are thereafter always versioned and given a unique version ID