More AWS

¡Supera tus tareas y exámenes ahora con Quizwiz!

For which of the following use cases are Simple Workflow Service (SWF) and Amazon EC2 an appropriate solution? Choose 2 answers a. Using as an endpoint to collect thousands of data points per hour from a distributed fleet of sensors b. Managing a multi-step and multi-decision checkout process of an e-commerce website c. Orchestrating the execution of distributed and auditable business processes d. Using as an SNS (Simple Notification Service) endpoint to trigger execution of video transcoding jobs e. Using as a distributed session store for your web application

B,C

Which of the following are characteristics of Amazon VPC subnets? Choose 2 answers A. Each subnet spans at least 2 Availability Zones to provide a high-availability environment. B. Each subnet maps to a single Availability Zone. C. CIDR block mask of/25 is the smallest range supported. D. By default, all subnets can route between each other, whether they are private or public. E. Instances in a private subnet can communicate with the Internet only if they have an Elastic IP.

B,C

You are running a database on an EC2 instance, with the data stored on Elastic Block Store (EBS) for persistence At times throughout the day, you are seeing large variance in the response times of the database queries Looking into the instance with the isolate command you see a lot of wait time on the disk volume that the database's data is stored on. What two ways can you improve the performance of the database's storage while maintaining the current persistence of the data? Choose 2 answers a. Move to an SSD backed instance b. Move the database to an EBS-Optimized Instance c. Use Provisioned IOPs EBS d. Use the ephemeral storage on an m2.4xLarge Instance Instead

B,C

Your organization is preparing for a security assessment of your use of AWS. In preparation for this assessment, which two IAM best practices should you consider implementing? Choose 2 answers a. Create individual IAM users for everyone in your organization (May not be needed as can use Roles as well) b. Configure MFA on the root account and for privileged IAM users c. Assign IAM users and groups configured with policies granting least privilege access d. Ensure all users have been assigned and are frequently rotating a password, access ID/secret key, and X.509 certificate (Must be assigned only if using console or through command line)

B,C

A user has created a VPC with public and private subnets. The VPC has CIDR 20.0.0.0/16. The private subnet uses CIDR 20.0.1.0/24 and the public subnet uses CIDR 20.0.0.0/24. The user is planning to host a web server in the public subnet (port 80) and a DB server in the private subnet (port 3306). The user is configuring a security group of the NAT instance. Which of the below mentioned entries is not required for the NAT security group? a. For Inbound allow Source: 20.0.1.0/24 on port 80 b. For Outbound allow Destination: 0.0.0.0/0 on port 80 c. For Inbound allow Source: 20.0.0.0/24 on port 80 d. For Outbound allow Destination: 0.0.0.0/0 on port 443

9. Updates made to the source DB are ASYNCHRONOUSLY or synchronously copied to the read replica a. ASYNCHRONOUS b. synchronous

A company is building a two-tier web application to serve dynamic transaction-based content. The data tier is leveraging an Online Transactional Processing (OLTP) database. What services should you leverage to enable an elastic and scalable web tier? a. Elastic Load Balancing, Amazon EC2, and Auto Scaling Elastic Load Balancing, Amazon RDS with Multi-AZ, and b. Amazon S3 c. Amazon RDS with Multi-AZ and Auto Scaling d. Amazon EC2, Amazon DynamoDB, and Amazon S3

A user has a refrigerator plant. The user is measuring the temperature of the plant every 15 minutes. If the user wants to send the data to CloudWatch to view the data visually, which of the below mentioned statements is true with respect to the information given above? a. The user needs to use AWS CLI or API to upload the data b. The user can use the AWS Import Export facility to import data to CloudWatch c. The user will upload data from the AWS console d. The user cannot upload data to CloudWatch since it is not an AWS service metric

A user has configured CloudWatch monitoring on an EBS backed EC2 instance. If the user has not attached any additional device, which of the below mentioned metrics will always show a 0 value? a. DiskReadBytes b. NetworkIn c. NetworkOut d. CPUUtilization

A user has configured ELB with Auto Scaling. The user suspended the Auto Scaling AddToLoadBalancer, which adds instances to the load balancer. process for a while. What will happen to the instances launched during the suspension period? a. The instances will not be registered with ELB and the user has to manually register when the process is resumed b. The instances will be registered with ELB only once the process has resumed c. Auto Scaling will not launch the instance during this period due to process suspension d. It is not possible to suspend only the AddToLoadBalancer process

A user has configured ELB with three instances. The user wants to achieve High Availability as well as redundancy with ELB. Which of the below mentioned AWS services helps the user achieve this for ELB? a. Route 53 b. AWS Mechanical Turk c. Auto Scaling d. AWS EMR

A company is building software on AWS that requires access to various AWS services. Which configuration should be used to ensure that AWS credentials (i.e., Access Key ID/Secret Access Key combination) are not compromised? a. Enable Multi-Factor Authentication for your AWS root account. b. Assign an IAM role to the Amazon EC2 instance. c. Store the AWS Access Key ID/Secret Access Key combination in software comments. d. Assign an IAM user to the Amazon EC2 Instance.

A customer has a 10 GB AWS Direct Connect connection to an AWS region where they have a web application hosted on Amazon Elastic Computer Cloud (EC2). The application has dependencies on an on-premises mainframe database that uses a BASE (Basic Available. Sort stale Eventual consistency) rather than an ACID (Atomicity. Consistency isolation. Durability) consistency model. The application is exhibiting undesirable behavior because the database is not able to handle the volume of writes. How can you reduce the load on your on-premises database resources in the most cost-effective way? a. Use an Amazon Elastic Map Reduce (EMR) S3DistCp as a synchronization mechanism between the onpremises database and a Hadoop cluster on AWS. b. Modify the application to write to an Amazon SQS queue and develop a worker process to flush the queue to the on-premises database c. Modify the application to use DynamoDB to feed an EMR cluster which uses a map function to write to the on-premises database. d. Provision an RDS read-replica database on AWS to handle the writes and synchronize the two databases using Data Pipeline. An organization has created a Queue named "modularqueue" with SQS.

A customer needs to capture all client connection information from their load balancer every five minutes. The company wants to use this data for analyzing traffic patterns and troubleshooting their applications. Which of the following options meets the customer requirements? a. Enable AWS CloudTrail for the load balancer. b. Enable access logs on the load balancer. (Refer link) c. Install the Amazon CloudWatch Logs agent on the load balancer.

A user has a weighing plant. The user measures the weight of some goods every 5 minutes and sends data to AWS CloudWatch for monitoring and tracking. Which of the below mentioned parameters is mandatory for the user to include in the request list? a. Value b. Namespace c. Metric Name d. Timezone

A user has created a VPC with CIDR 20.0.0.0/24. The user has used all the IPs of CIDR and wants to increase the size of the VPC. The user has two subnets: public (20.0.0.0/28. and private (20.0.1.0/28.. How can the user change the size of the VPC? a. The user can delete all the instances of the subnet. Change the size of the subnets to 20.0.0.0/32 and 20.0.1.0/32, respectively. Then the user can increase the size of the VPC using CLI b. It is not possible to change the size of the VPC once it has been created c. User can add a subnet with a higher range so that it will automatically increase the size of the VPC d. User can delete the subnets first and then modify the size of the VPC

A user has created a VPC with public and private subnets using the VPC wizard. Which of the below mentioned statements is true in this scenario? a. AWS VPC will automatically create a NAT instance with the micro size b. VPC bounds the main route table with a private subnet and a custom route table with a public subnet c. User has to manually create a NAT instance d. VPC bounds the main route table with a public subnet and a custom route table with a private subnet

A user has created a queue named "myqueue" with SQS. There are four messages published to queue, which are not received by the consumer yet. If the user tries to delete the queue, what will happen? a. A user can never delete a queue manually. AWS deletes it after 30 days of inactivity on queue b. It will delete the queue c. It will initiate the delete but wait for four days before deleting until all messages are deleted automatically. d. It will ask user to delete the messages first

A user has launched 10 instances from the same AMI ID using Auto Scaling. The user is trying to see the average CPU utilization across all instances of the last 2 weeks under the CloudWatch console. How can the user achieve this? a. View the Auto Scaling CPU metrics b. Aggregate the data over the instance AMI ID c. The user has to use the CloudWatchanalyser to find the average data across instances d. It is not possible to see the average CPU utilization of the same AMI ID since the instance ID is different

A user has two EC2 instances running in two separate regions. The user is running an internal memory management tool, which captures the data and sends it to CloudWatch in US East, using a CLI with the same namespace and metric. Which of the below mentioned options is true with respect to the above statement? a. The setup will not work as CloudWatch cannot receive data across regions b. CloudWatch will receive and aggregate the data based on the namespace and metric c. CloudWatch will give an error since the data will conflict due to two sources d. CloudWatch will take the data of the server, which sends the data first

A user is publishing custom metrics to CloudWatch. Which of the below mentioned statements will help the user understand the functionality better? a. The user can use the CloudWatch Import tool b. The user should be able to see the data in the console after around 15 minutes c. If the user is uploading the custom data, the user must supply the namespace, timezone, and metric name as part of the command d. The user can view as well as upload data using the console, CLI and APIs

An organization has created a Queue named "modularqueue" with SQS. The organization is not performing any operations such as SendMessage, ReceiveMessage, DeleteMessage, GetQueueAttributes, SetQueueAttributes, AddPermission, and RemovePermission on the queue. What can happen in this scenario? a. AWS SQS sends notification after 15 days for inactivity on queue b. AWS SQS can delete queue after 30 days without notification c. AWS SQS marks queue inactive after 30 days d. AWS SQS notifies the user after 2 weeks and deletes the queue after 3 weeks.

Changes to the backup window take effect ______. from the next billing cycle a. after 30 minutes b. immediately c. after 24 hours

A user has created a VPC with two subnets: one public and one private. The user is planning to run the patch update for the instances in the private subnet. How can the instances in the private subnet connect to the internet? a. Use the internet gateway with a private IP b. Allow outbound traffic in the security group for port 80 to allow internet updates c. The private subnet can never connect to the internet d. Use NAT with an elastic IP

A user has created a photo editing software and hosted it on EC2. The software accepts requests from the user about the photo format and resolution and sends a message to S3 to enhance the picture accordingly. Which of the below mentioned AWS services will help make a scalable software with the AWS infrastructure in this scenario? a. AWS Glacier b. AWS Elastic Transcoder c. AWS Simple Notification Service d. AWS Simple Queue Service

A user has scheduled the maintenance window of an RDS DB on Monday at 3 AM. Which of the below mentioned events may force to take the DB instance offline during the maintenance window? a. Enabling Read Replica b. Making the DB Multi AZ c. DB password change d. Security patching

A user is using the AWS SQS to decouple the services. Which of the below mentioned operations is not supported by SQS? a. SendMessageBatch b. DeleteMessageBatch c. CreateQueue d. DeleteMessageQueue

Amazon SWF is designed to help users... a. ... Design graphical user interface interactions b. ... Manage user identification and authorization c. ... Store Web content d. ... Coordinate synchronous and asynchronous tasks which are distributed and fault tolerant.

An AWS account owner has setup multiple IAM users. One IAM user only has CloudWatch access. He has setup the alarm action, which stops the EC2 instances when the CPU utilization is below the threshold limit. What will happen in this case? a. It is not possible to stop the instance using the CloudWatch alarm b. CloudWatch will stop the instance when the action is executed c. The user cannot set an alarm on EC2 since he does not have the permission d. The user can setup the action but it will not be executed if the user does not have EC2 rights

An application is generating a log file every 5 minutes. The log file is not critical but may be required only for verification in case of some major issue. The file should be accessible over the internet whenever required. Which of the below mentioned options is a best possible storage solution for it? a. AWS S3 b. AWS Glacier c. AWS RDS d. AWS S3 RRS

Does Amazon Route 53 support NS Records? a. Yes, it supports Name Service records b. No c. It supports only MX records. d. Yes, it supports Name Server records.

How can the domain's zone apex for example "myzoneapexdomain com" be pointed towards an Elastic Load Balancer? a. By using an AAAA record b. By using an A record c. By using an Amazon Route 53 CNAME record d. By using an Amazon Route 53 Alias record

What does RRS stand for when talking about S3? a. Redundancy Removal System b. Relational Rights Storage c. Regional Rights Standard d. Reduced Redundancy Storage

In the basic monitoring package for EC2, Amazon CloudWatch provides the following metrics: a. Web server visible metrics such as number failed b. transaction requests b. Operating system visible metrics such as memory utilization c. Database visible metrics such as number of connections d. Hypervisor visible metrics such as CPU utilization

A user has created a VPC with the public and private subnets using the VPC wizard. The VPC has CIDR 20.0.0.0/16. The public subnet uses CIDR 20.0.1.0/24. The user is planning to host a web server in the public subnet (port 80) and a DB server in the private subnet (port 3306). The user is configuring a security group for the public subnet (WebSecGrp) and the private subnet (DBSecGrp). Which of the below mentioned entries is required in the web server security group (WebSecGrp)? a. Configure Destination as DB Security group ID (DbSecGrp) for port 3306 Outbound b. Configure port 80 for Destination 0.0.0.0/0 Outbound c. Configure port 3306 for source 20.0.0.0/24 InBound d. Configure port 80 InBound for source 20.0.0.0/16

A user has created a queue named "awsmodule" with SQS. One of the consumers of queue is down for 3 days and then becomes available. Will that component receive message from queue? a. Yes, since SQS by default stores message for 4 days b. No, since SQS by default stores message for 1 day only c. No, since SQS sends message to consumers who are available that time d. Yes, since SQS will not delete message until it is delivered to all consumers

A user has created a queue named "queue2" in US-East region with AWS SQS. The user's AWS account ID is 123456789012. If the user wants to perform some action on this queue, which of the below Queue URL should he use? a. http://sqs.us-east-1.amazonaws.com/123456789012/queue2 b. http://sqs.amazonaws.com/123456789012/queue2 c. http://sqs. 123456789012.us-east-1.amazonaws.com/queue2 d. http://123456789012.sqs.us-east-1.amazonaws.com/queue2

A user has created an application which will be hosted on EC2. The application makes calls to DynamoDB to fetch certain data. The application is using the DynamoDB SDK to connect with from the EC2 instance. Which of the below mentioned statements is true with respect to the best practice for security in this scenario? a. The user should attach an IAM role with DynamoDB access to the EC2 instance b. The user should create an IAM user with DynamoDB access and use its credentials within the application to connect with DynamoDB c. The user should create an IAM role, which has EC2 access so that it will allow deploying the application d. The user should create an IAM user with DynamoDB and EC2 access. Attach the user with the application so that it does not use the root account credentials

A user has launched an EC2 instance. The user is planning to setup the CloudWatch alarm. Which of the below mentioned actions is not supported by the CloudWatch alarm? a. Notify the Auto Scaling launch config to scale up b. Send an SMS using SNS c. Notify the Auto Scaling group to scale down d. Stop the EC2 instance

A user is running a batch process on EBS backed EC2 instances. The batch process starts a few instances to process Hadoop Map reduce jobs, which can run between 50 - 600 minutes or sometimes for more time. The user wants to configure that the instance gets terminated only when the process is completed. How can the user configure this with CloudWatch? a. Setup the CloudWatch action to terminate the instance when the CPU utilization is less than 5% b. Setup the CloudWatch with Auto Scaling to terminate all the instances c. Setup a job which terminates all instances after 600 minutes d. It is not possible to terminate instances automatically

A user is sending the data to CloudWatch using the CloudWatch API. The user is sending data 90 minutes in the future. What will CloudWatch do in this case? a. CloudWatch will accept the data b. It is not possible to send data of the future c. It is not possible to send the data manually to CloudWatch d. The user cannot send data for more than 60 minutes in the future

A user is trying to aggregate all the CloudWatch metric data of the last 1 week. Which of the below mentioned statistics is not available for the user as a part of data aggregation? a. Aggregate b. Sum c. Sample data d. Average

Amazon RDS DB snapshots and automated backups are stored in a. Amazon S3 b. Amazon EBS Volume c. Amazon RDS d. Amazon EMR

Amazon RDS automated backups and DB Snapshots are currently supported for only the __________ storage engine a. InnoDB b. MyISAM

Does Route 53 support MX Records? a. Yes b. It supports CNAME records, but not MX records. c. No d. Only Primary MX records. Secondary MX records are not supported.

How many relational database engines does RDS currently support? a. MySQL, Postgres, MariaDB, Oracle and Microsoft SQL Server b. Just two: MySQL and Oracle. c. Five: MySQL, PostgreSQL, MongoDB, Cassandra and SQLite. d. Just one: MySQL.

What happens to the I/O operations while you take a database snapshot? a. I/O operations to the database are suspended for a few minutes while the backup is in progress. b. I/O operations to the database are sent to a Replica (if available) for a few minutes while the backup is in progress. c. I/O operations will be functioning normally d. I/O operations to the database are suspended for an hour while the backup is in progress

What is the Reduced Redundancy option in Amazon S3? a. Less redundancy for a lower cost b. It doesn't exist in Amazon S3, but in Amazon EBS. c. It allows you to destroy any copy of your files outside a specific jurisdiction. d. It doesn't exist at all

What is the durability of S3 RRS? a. 99.99% b. 99.95% b. 99.995% c. 99.999999999%

What is the name of licensing model in which I can use your existing Oracle Database licenses to run Oracle deployments on Amazon RDS? a. Bring Your Own License b. Role Bases License c. Enterprise License d. License Included

Which of the following requires a custom CloudWatch metric to monitor? a. Memory Utilization of an EC2 instance b. CPU Utilization of an EC2 instance c. Disk usage activity of an EC2 instance d. Data transfer of an EC2 instance

You have a web application leveraging an Elastic Load Balancer (ELB) In front of the web servers deployed using an Auto Scaling Group Your database is running on Relational Database Service (RDS) The application serves out technical articles and responses to them in general there are more views of an article than there are responses to the article. On occasion, an article on the site becomes extremely popular resulting in significant traffic Increases that causes the site to go down. What could you do to help alleviate the pressure on the infrastructure while maintaining availability during these events? Choose 3 answers A. Leverage CloudFront for the delivery of the articles. B. Add RDS read-replicas for the read traffic going to your relational database C. Leverage ElastiCache for caching the most frequently used data. D. Use SOS to queue up the requests for the technical posts and deliver them out of the queue. E. Use Route53 health checks to fail over to an S3 bucket for an error page.

A,B,C

Your fortune 500 company has under taken a TCO analysis evaluating the use of Amazon S3 versus acquiring more hardware The outcome was that all employees would be granted access to use Amazon S3 for storage of their personal documents Which of the following will you need to consider so you can set up a solution that incorporates single sign-on from your corporate AD or LDAP directory and restricts access for each user to a designated user folder in a bucket? (Choose 3 Answers) a. Setting up a federation proxy or identity provider b. Using AWS Security Token Service to generate temporary tokens c. Tagging each folder in the bucket Configuring IAM role d. Setting up a matching IAM user for every user in your corporate directory that needs access to a folder in the bucket

A,B,D

Which of the following statements are true about Amazon Route 53 resource records? Choose 2 answers a. An Alias record can map one DNS name to another Amazon Route 53 DNS name. b. A CNAME record can be created for your zone apex. c. An Amazon Route 53 CNAME record can point to any DNS record hosted anywhere. d. TTL can be set for an Alias record in Amazon Route 53. e. An Amazon Route 53 Alias record can point to any DNS record hosted anywhere.

A,C

You have a business-to-business web application running in a VPC consisting of an Elastic Load Balancer (ELB), web servers, application servers and a database. Your web application should only accept traffic from predefined customer IP addresses. Which two options meet this security requirement? Choose 2 answers a. Configure web server VPC security groups to allow traffic from your customers' IPs b. Configure your web servers to filter traffic based on the ELB's "X-forwarded-for" header c. Configure ELB security groups to allow traffic from your customers' IPs and deny all outbound traffic d. Configure a VPC NACL to allow web traffic from your customers' IPs and deny all outbound traffic

A,C

A company is preparing to give AWS Management Console access to developers. Company policy mandates identity federation and role-based access control. Roles are currently assigned using groups in the corporate Active Directory. What combination of the following will give developers access to the AWS console? (Select 2) Choose 2 answers a. AWS Directory Service AD Connector b. AWS Directory Service Simple AD c. AWS Identity and Access Management groups d. AWS identity and Access Management roles e. AWS identity and Access Management users

A,D

A company needs to monitor the read and write IOPs metrics for their AWS MySQL RDS instance and send real-time alerts to their operations team. Which AWS services can accomplish this? Choose 2 answers a. Amazon Simple Email Service (Cannot be integrated with CloudWatch directly) b. Amazon CloudWatch c. Amazon Simple Queue Service d. Amazon Route 53 e. Amazon Simple Notification Service

A,E

Which of the following items are required to allow an application deployed on an EC2 instance to write data to a DynamoDB table? Assume that no security keys are allowed to be stored on the EC2 instance. (Choose 2 answers) a. Create an IAM Role that allows write access to the DynamoDB table b. Add an IAM Role to a running EC2 instance. c. Create an IAM User that allows write access to the DynamoDB table. d. Add an IAM User to a running EC2 instance. e. Launch an EC2 Instance with the IAM Role included in the launch configuration

A,E

Company B is launching a new game app for mobile devices. Users will log into the game using their existing social media account to streamline data capture. Company B would like to directly save player data and scoring information from the mobile app to a DynamoDB table named Score Data When a user saves their game the progress data will be stored to the Game state S3 bucket. what is the best approach for storing data to DynamoDB and S3? a. Use an EC2 Instance that is launched with an EC2 role providing access to the Score Data DynamoDB table and the GameState S3 bucket that communicates with the mobile app via web services. b. Use temporary security credentials that assume a role providing access to the Score Data DynamoDB table and the Game State S3 bucket using web identity federation c. Use Login with Amazon allowing users to sign in with an Amazon account providing the mobile app with access to the Score Data DynamoDB table and the Game State S3 bucket. d. Use an IAM user with access credentials assigned a role providing access to the Score Data DynamoDB table and the Game State S3 bucket for distribution with the mobile app.

True or False: Manually created DB Snapshots are deleted after the DB Instance is deleted. a. TRUE b. FALSE

True or False: When you perform a restore operation to a point in time or from a DB Snapshot, a new DB Instance is created with a new endpoint. a. FALSE b. TRUE

What are the two types of licensing options available for using Amazon RDS for Oracle? a. BYOL and Enterprise License b. BYOL and License Included c. Enterprise License and License Included d. Role based License and License Included

What does Amazon RDS stand for? a. Regional Data Server. b. Relational Database Service c. Regional Database Service.

What does Amazon SWF stand for? a. Simple Web Flow b. Simple Work Flow c. Simple Wireless Forms d. Simple Web Form

What is the minimum charge for the data transferred between Amazon RDS and Amazon EC2 Instances in the same Availability Zone? a. USD 0.10 per GB b. No charge. It is free. c. USD 0.02 per GB d. USD 0.01 per GB

Will I be charged if the DB instance is idle? a. No b. Yes c. Only is running in GovCloud d. Only if running in VPC

You are building an online store on AWS that uses SQS to process your customer orders. Your backend system needs those messages in the same sequence the customer orders have been put in. How can you achieve that? a. It is not possible to do this with SQS b. You can use sequencing information on each message c. You can do this with SQS but you also need to use SWF d. Messages will arrive in the same order by default

You are designing a photo sharing mobile app the application will store all pictures in a single Amazon S3 bucket. Users will upload pictures from their mobile device directly to Amazon S3 and will be able to view and download their own pictures directly from Amazon S3. You want to configure security to handle potentially millions of users in the most secure manner possible. What should your server-side application do when a new user registers on the photo-sharing mobile application? a. Create a set of long-term credentials using AWS Security Token Service with appropriate permissions Store these credentials in the mobile app and use them to access Amazon S3. b. Record the user's Information in Amazon RDS and create a role in IAM with appropriate permissions. When the user uses their mobile app create temporary credentials using the AWS Security Token Service 'AssumeRole' function Store these credentials in the mobile app's memory and use them to access Amazon S3 Generate new credentials the next time the user runs the mobile app. c. Record the user's Information In Amazon DynamoDB. When the user uses their mobile app create temporary credentials using AWS Security Token Service with appropriate permissions Store these credentials in the mobile app's memory and use them to access Amazon S3 Generate new credentials the next time the user runs the mobile app. d. Create IAM user. Assign appropriate permissions to the IAM user Generate an access key and secret key for the IAM user, store them in the mobile app and use these credentials to access Amazon S3. e. Create an IAM user. Update the bucket policy with appropriate permissions for the IAM user Generate an access Key and secret Key for the IAM user, store them In the mobile app and use these credentials to access Amazon S3.

You can modify the backup retention period; valid values are 0 (for no backup retention) to a maximum of ___________ days. a. 45 b. 35 c. 15 d. 5

You have an Auto Scaling group associated with an Elastic Load Balancer (ELB). You have noticed that instances launched via the Auto Scaling group are being marked unhealthy due to an ELB health check, but these unhealthy instances are not being terminated. What do you need to do to ensure trial instances marked unhealthy by the ELB will be terminated and replaced? a. Change the thresholds set on the Auto Scaling group health check b. Add an Elastic Load Balancing health check to your Auto Scaling group c. Increase the value for the Health check interval set on the Elastic Load Balancer d. Change the health check set on the Elastic Load Balancer to use TCP rather than HTTP checks

Your company plans to host a large donation website on Amazon Web Services (AWS). You anticipate a large and undetermined amount of traffic that will create many database writes. To be certain that you do not drop any writes to a database hosted on AWS. Which service should you use? a. Amazon RDS with provisioned IOPS up to the anticipated peak write throughput. b. Amazon Simple Queue Service (SQS) for capturing the writes and draining the queue to write to the database c. Amazon ElastiCache to store the writes until the writes are committed to the database. d. Amazon DynamoDB with provisioned write throughput up to the anticipated peak write throughput.

A customer needs corporate IT governance and cost oversight of all AWS resources consumed by its divisions. The divisions want to maintain administrative control of the discrete AWS resources they consume and keep those resources separate from the resources of other divisions. Which of the following options, when used together will support the autonomy/control of divisions while enabling corporate IT to maintain governance and cost oversight? Choose 2 answers a. Use AWS Consolidated Billing and disable AWS root account access for the child accounts. b. Enable IAM cross-account access for all corporate IT administrators in each child account. c. Create separate VPCs for each division within the corporate IT AWS account. d. Use AWS Consolidated Billing to link the divisions' accounts to a parent corporate account. e. Write all child AWS CloudTrail and Amazon CloudWatch logs to each child account's Amazon S3 'Log' bucket.

B,D

A user has created a mobile application which makes calls to DynamoDB to fetch certain data. The application is using the DynamoDB SDK and root account access/secret access key to connect to DynamoDB from mobile. Which of the below mentioned statements is true with respect to the best practice for security in this scenario? a. User should create a separate IAM user for each mobile application and provide DynamoDB access with it b. User should create an IAM role with DynamoDB and EC2 access. Attach the role with EC2 and route all calls from the mobile through EC2 c. The application should use an IAM role with web identity federation which validates calls to DynamoDB with identity providers, such as Google, Amazon, and Facebook d. Create an IAM Role with DynamoDB access and attach it with the mobile application

A user has setup a CloudWatch alarm on an EC2 action when the CPU utilization is above 75%. The alarm sends a notification to SNS on the alarm state. If the user wants to simulate the alarm action how can he achieve this? a. Run activities on the CPU such that its utilization reaches above 75% b. From the AWS console change the state to 'Alarm' c. The user can set the alarm state to 'Alarm' using CLI d. Run the SNS action manually

A user is having data generated randomly based on a certain event. The user wants to upload that data to CloudWatch. It may happen that event may not have data generated for some period due to randomness. Which of the below mentioned options is a recommended option for this case? a. For the period when there is no data, the user should not send the data at all b. For the period when there is no data the user should send a blank value c. For the period when there is no data the user should send the value as 0 (Refer User Guide) d. The user must upload the data to CloudWatch as having no data for some period will cause an error at CloudWatch monitoring

An administrator is using Amazon CloudFormation to deploy a three tier web application that consists of a web tier and application tier that will utilize Amazon DynamoDB for storage when creating the CloudFormation template which of the following would allow the application instance access to the DynamoDB tables without exposing API credentials? a. Create an Identity and Access Management Role that has the required permissions to read and write from the required DynamoDB table and associate the Role to the application instances by referencing an instance profile. b. Use the Parameter section in the Cloud Formation template to nave the user input Access and Secret Keys from an already created IAM user that has me permissions required to read and write from the required DynamoDB table. c. Create an Identity and Access Management Role that has the required permissions to read and write from the required DynamoDB table and reference the Role in the instance profile property of the application instance. d. Create an identity and Access Management user in the CloudFormation template that has permissions to read and write from the required DynamoDB table, use the GetAtt function to retrieve the Access and secret keys and pass them to the application instance through user-data.

An enterprise wants to use a third-party SaaS application. The SaaS application needs to have access to issue several API commands to discover Amazon EC2 resources running within the enterprise's account. The enterprise has internal security policies that require any outside access to their environment must conform to the principles of least privilege and there must be controls in place to ensure that the credentials used by the SaaS vendor cannot be used by any other third party. Which of the following would meet all of these conditions? a. From the AWS Management Console, navigate to the Security Credentials page and retrieve the access and secret key for your account. b. Create an IAM user within the enterprise account assign a user policy to the IAM user that allows only the actions required by the SaaS application create a new access and secret key for the user and provide these credentials to the SaaS provider. c. Create an IAM role for cross-account access allows the SaaS provider's account to assume the role and assign it a policy that allows only the actions required by the SaaS application. d. Create an IAM role for EC2 instances, assign it a policy mat allows only the actions required tor the Saas application to work, provide the role ARM to the SaaS provider to use when launching their application instances.

Can I control if and when MySQL based RDS Instance is upgraded to new supported versions? a. No b. Only in VPC c. Yes

Disabling automated backups ______ disable the point-in-time recovery. a. if configured to can b. will never c. will

The majority of your Infrastructure is on premises and you have a small footprint on AWS Your company has decided to roll out a new application that is heavily dependent on low latency connectivity to LOAP for authentication Your security policy requires minimal changes to the company's existing application user management processes. What option would you implement to successfully launch this application1? A. Create a second, independent LOAP server in AWS for your application to use for authentication B. Establish a VPN connection so your applications can authenticate against your existing on-premises LDAP servers C. Establish a VPN connection between your data center and AWS create a LDAP replica on AWS and configure your application to use the LDAP replica for authentication D. Create a second LDAP domain on AWS establish a VPN connection to establish a trust relationship between your new and existing domains and use the new domain for authentication

What does Amazon Route53 provide? a. A global Content Delivery Network. b. None of these. c. A scalable Domain Name System d. An SSH endpoint for Amazon EC2.

What does a "Domain" refer to in Amazon SWF? a. A security group in which only tasks inside can communicate with each other b. A special type of worker c. A collection of related Workflows d. The DNS record for the Amazon SWF service

Which technique can be used to integrate AWS IAM (Identity and Access Management) with an on-premise LDAP (Lightweight Directory Access Protocol) directory service? a. Use an IAM policy that references the LDAP account identifiers and the AWS credentials. b. Use SAML (Security Assertion Markup Language) to enable single sign-on between AWS and LDAP c. Use AWS Security Token Service from an identity broker to issue short-lived AWS credentials. — d. Use IAM roles to automatically rotate the IAM credentials when LDAP credentials are updated. e. Use the LDAP credentials to restrict a group of users from launching specific EC2 instance types.

You are looking to migrate your Development (Dev) and Test environments to AWS. You have decided to use separate AWS accounts to host each environment. You plan to link each accounts bill to a Master AWS account using Consolidated Billing. To make sure you Keep within budget you would like to implement a way for administrators in the Master account to have access to stop, delete and/or terminate resources in both the Dev and Test accounts. Identify which option will allow you to achieve this goal. a. Create IAM users in the Master account with full Admin permissions. Create cross-account roles in the Dev and Test accounts that grant the Master account access to the resources in the account by inheriting permissions from the Master account. b. Create IAM users and a cross-account role in the Master account that grants full Admin permissions to the Dev and Test accounts. c. Create IAM users in the Master account Create cross-account roles in the Dev and Test accounts that have full Admin permissions and grant the Master account access d. Link the accounts using Consolidated Billing. This will give IAM users in the Master account access to resources in the Dev and Test accounts

You have an application running on an EC2 Instance which will allow users to download flies from a private S3 bucket using a pre-assigned URL. Before generating the URL the application should verify the existence of the file in S3. How should the application use AWS credentials to access the S3 bucket securely? a. Use the AWS account access Keys the application retrieves the credentials from the source code of the application. b. Create a IAM user for the application with permissions that allow list access to the S3 bucket launch the instance as the IAM user and retrieve the IAM user's credentials from the EC2 instance user data. c. Create an IAM role for EC2 that allows list access to objects in the S3 bucket. Launch the instance with the role, and retrieve the role's credentials from the EC2 Instance metadata d. Create an IAM user for the application with permissions that allow list access to the S3 bucket. The application retrieves the IAM user credentials from a temporary directory with permissions that allow read access only to the application user.

Your application provides data transformation services. Files containing data to be transformed are first uploaded to Amazon S3 and then transformed by a fleet of spot EC2 instances. Files submitted by your premium customers must be transformed with the highest priority. How should you implement such a system? A. Use a DynamoDB table with an attribute defining the priority level. Transformation instances will scan the table for tasks, sorting the results by priority level. B. Use Route 53 latency based-routing to send high priority tasks to the closest transformation instances. C. Use two SQS queues, one for high priority messages, the other for default priority. Transformation instances first poll the high priority queue; if there is no message, they poll the default priority queue. D. Use a single SQS queue. Each message contains the priority level. Transformation instances poll high-priority messages first.

Your application provides data transformation services. Files containing data to be transformed are first uploaded to Amazon S3 and then transformed by a fleet of spot EC2 instances. Files submitted by your premium customers must be transformed with the highest priority. How should you implement such a system? a. Use a DynamoDB table with an attribute defining the priority level. Transformation instances will scan the table for tasks, sorting the results by priority level. b. Use Route 53 latency based-routing to send high priority tasks to the closest transformation instances. c. Use two SQS queues, one for high priority messages, and the other for default priority. Transformation instances first poll the high priority queue; if there is no message, they poll the default priority queue d. Use a single SQS queue. Each message contains the priority level. Transformation instances poll high-priority messages first.

Your company has recently extended its datacenter into a VPC on AWS to add burst computing capacity as needed Members of your Network Operations Center need to be able to go to the AWS Management Console and administer Amazon EC2 instances as necessary You don't want to create new IAM users for each NOC member and make those users sign in again to the AWS Management Console Which option below will meet the needs for your NOC members? a. Use OAuth 2 0 to retrieve temporary AWS security credentials to enable your NOC members to sign in to the AVVS Management Console. b. Use web Identity Federation to retrieve AWS temporary security credentials to enable your NOC members to sign in to the AWS Management Console. c. Use your on-premises SAML 2.O-compliant identity provider (IDP) to grant the NOC members federated access to the AWS Management Console via the AWS single sign-on (SSO) endpoint. d. Use your on-premises SAML 2.0-compliant identity provider (IDP) to retrieve temporary security credentials to enable NOC members to sign in to the AWS Management Console

A company has a workflow that sends video files from their on-premise system to AWS for transcoding. They use EC2 worker instances that pull transcoding jobs from SQS. Why is SQS an appropriate service for this scenario? a. SQS guarantees the order of the messages. b. SQS synchronously provides transcoding output. c. SQS checks the health of the worker instances. d. SQS helps to facilitate horizontal scaling of encoding tasks

A customer is hosting their company website on a cluster of web servers that are behind a public-facing load balancer. The customer also uses Amazon Route 53 to manage their public DNS. How should the customer configure the DNS zone apex record to point to the load balancer? a. Create an A record pointing to the IP address of the load balancer b. Create a CNAME record pointing to the load balancer DNS name. c. Create a CNAME record aliased to the load balancer DNS name. d. Create an A record aliased to the load balancer DNS name

A photo-sharing service stores pictures in Amazon Simple Storage Service (S3) and allows application sign-in using an OpenID Connect-compatible identity provider. Which AWS Security Token Service approach to temporary access should you use for the Amazon S3 operations? a. SAML-based Identity Federation b. Cross-Account Access c. AWS IAM users d. Web Identity Federation

A user has created a VPC with public and private subnets using the VPC Wizard. The VPC has CIDR 20.0.0.0/16. The private subnet uses CIDR 20.0.0.0/24. Which of the below mentioned entries are required in the main route table to allow the instances in VPC to communicate with each other? a. Destination : 20.0.0.0/24 and Target : VPC b. Destination : 20.0.0.0/16 and Target : ALL c. Destination : 20.0.0.0/0 and Target : ALL d. Destination : 20.0.0.0/16 and Target : Local

You are managing the AWS account of a big organization. The organization has more than 1000+ employees and they want to provide access to the various services to most of the employees. Which of the below mentioned options is the best possible solution in this case? a. The user should create a separate IAM user for each employee and provide access to them as per the policy b. The user should create an IAM role and attach STS with the role. The user should attach that role to the EC2 instance and setup AWS authentication on that server c. The user should create IAM groups as per the organization's departments and add each user to the group for better access control d. Attach an IAM role with the organization's authentication service to authorize each user for various AWS services

You receive a frantic call from a new DBA who accidentally dropped a table containing all your customers. Which Amazon RDS feature will allow you to reliably restore your database to within 5 minutes of when the mistake was made? a. Multi-AZ RDS b. RDS snapshots c. RDS read replicas d. RDS automated backup

A corporate web application is deployed within an Amazon Virtual Private Cloud (VPC) and is connected to the corporate data center via an iPsec VPN. The application must authenticate against the on-premises LDAP server. After authentication, each logged-in user can only access an Amazon Simple Storage Space (S3) keyspace specific to that user. Which two approaches can satisfy these objectives? (Choose 2 answers) a. Develop an identity broker that authenticates against IAM security Token service to assume a IAM role in order to get temporary AWS security credentials The application calls the identity broker to get AWS temporary security credentials with access to the appropriate S3 bucket. b. The application authenticates against LDAP and retrieves the name of an IAM role associated with the user. The application then calls the IAM Security Token Service to assume that IAM role The application can use the temporary credentials to access the appropriate S3 bucket. — c. Develop an identity broker that authenticates against LDAP and then calls IAM Security Token Service to get IAM federated user credentials The application calls the identity broker to get IAM federated user credentials with access to the appropriate S3 bucket. d. The application authenticates against LDAP the application then calls the AWS identity and Access Management (IAM) Security Token service to log in to IAM using the LDAP credentials the application can use the IAM temporary credentials to access the appropriate S3 bucket. e. The application authenticates against IAM Security Token Service using the LDAP credentials the application uses those temporary AWS security credentials to access the appropriate S3 bucket.

More AWS

Conjuntos de estudio relacionados

Es muy stupido

*Chapter 14

Struc Sys Analysis

Symmetric Encryption

See Pee Dee

Chemistry Chapter 17

modules 6, 7, 8

WordPress

3G - Truth in Savings Act - Reg DD - OPERATIONS

Module 9: Monitoring for Health Problems

Qué o Cuál(es)

Pharm exam 4

CH 55

American Government Exam 2

Week 8

exam 1

Law Final

Evolve Urinary/Reproductive Systems

Chapter 48 Obesity LEARNING OBJECTIVES

physical science