Practice Test 4 CB

An application is generating a log file every 5 minutes. The log file is not critical but may be required only for verification in case of some major issue. The file should be accessible over the internet whenever required. Which of the below mentioned storage options satisfy our requirements and provide high durability, high throughput, and low latency with low cost? Please select : A. AWS S3 - Standard B. AWS S3 - IA C. AWS RRS D. AWS Glacier

B. AWS S3 - IA

Your organization is preparing for a security assessment of your use of AWS. In preparation for this assessment, which two IAM best practices should you consider implementing? Choose 2 answers Please select : A. Create individual IAM users for everyone in your organization B. Configure MFA on the root account and for privileged IAM users C. Assign IAM users and groups configured with policies granting least privilege access D. Ensure all users have been assigned and are frequently rotating a password, access ID/secret key, and X.509 certificate

B. Configure MFA on the root account and for privileged IAM users C. Assign IAM users and groups configured with policies granting least privilege access

You run a web application where web servers on EC2 instances are in an Auto scaling group. After monitoring the system for the last 6 months , it is noticed that 6 web servers are necessary to handle the minimum load. During the day, it seems that 12 servers are needed. During 5 to 6 days in the year, the number of web servers need might go to 15. What would you recommend to minimize costs while being able to provide high availability. Please select : A. 6 Reserved instances (heavy workload), 6 Reserved instances (medium workload), rest covered by On-Demand instances B. 6 Reserved instances (heavy workload), 6 On-Demand instances, rest covered by Spot Instances C. 6 Reserved instances (heavy workload), 6 Spot instances, rest covered by On-Demand instances D. 6 Reserved instances (heavy workload), 6 Reserved instances (medium workload), rest covered by Spot instances

A. 6 Reserved instances (heavy workload), 6 Reserved instances (medium workload), rest covered by On-Demand instances

A company has decided to deploy a "Pilot Light" AWS environment to keep minimal resources in AWS with the intention of rapidly expanding the environment in the event of a disaster in your on-premises Datacenter. Which of the following services will you likely not make use of? Choose the correct answer from the options below. Please select : A. A Gateway-Cached implementation of Storage Gateway for storing snapshot copies of on-premises data B. EC2 for storing updated AMI copies of on-premises VMs C. A Gateway-Stored implementation of Storage Gateway for storing snapshot copies of on-premises data D. RDS for replicating mission-critical databases to AWS

A. A Gateway-Cached implementation of Storage Gateway for storing snapshot copies of on-premises data

A company is very insistent on the fact they want to retain administrative privileges or the underlying EC2 instances? Choose 2 answers from the below options which allow this. Please select : A. AWS Elastic Beanstalk B. Amazon Elastic Map Reduce C. Amazon Relational Database Service D. Amazon Elastic Cache

A. AWS Elastic Beanstalk B. Amazon Elastic Map Reduce

Which method can be used to prevent an IP address block from accessing public objects in an S3 bucket? Please select : A. Create a bucket policy and apply it to the bucket B. Create a NACL and attach it to the VPC of the bucket C. Create an ACL and apply it to all objects in the bucket D. Modify the IAM policies of any users that would access the bucket

A. Create a bucket policy and apply it to the bucket

You have private video content in S3 that you want to serve to subscribed users on the Internet. User IDs, credentials, and subscriptions are stored in an Amazon RDS database. Which configuration will allow you to securely serve private content to your users? Please select : A. Generate pre-signed URLs for each user as they request access to protected S3 content B. Create an IAM user for each subscribed user and assign the GetObject permission to each IAM user C. Create an S3 bucket policy that limits access to your private content to only your subscribed users'credentials D. Create a CloudFront Origin Identity user for your subscribed users and assign the GetObject permission to this user

A. Generate pre-signed URLs for each user as they request access to protected S3 content

Which features can be used to restrict access to data in S3? Choose the 2 correct answers from the options below. Please select : A. Set an S3 bucket policy B. Create a CloudFront distribution for the bucket C. Set an S3 ACL on the bucket or the object D. Enable IAM Identity Federation

A. Set an S3 bucket policy C. Set an S3 ACL on the bucket or the object

A user has launched 10 instances from the same AMI ID using Auto Scaling. The user is trying to see the average CPU utilization across all instances of the last 2 weeks under the CloudWatch console. How can the user achieve this? Please select : A. View the Auto Scaling CPU metrics B. Aggregate the data over the instance AMI ID C. The user has to use the CloudWatch analyser to find the average data across instances D. It is not possible to see the average CPU utilization of the same AMI ID since the instance ID is different

A. View the Auto Scaling CPU metrics

A system admin wants to add more availability zones to the existing ELB. The system admin wants to perform this activity from CLI. Which of the below mentioned command helps the system admin to add new zones to the existing ELB? Please select : A. elb enable-availability-zones-for-load-balancer B. elb add-zones-for-load-balancer C. It is not possible to add more zones to the existing ELB D. elb configure-zones-for-load-balancer

A. elb enable-availability-zones-for-load-balancer

A user has configured an EC2 instance in the US-East-1a zone. The user has enabled detailed monitoring of the instance. The user is trying to get the data from CloudWatch using a CLI. Which of the below mentioned CloudWatch endpoint URLs should the user use? Please select : A. monitoring.us-east-1.amazonaws.com B. monitoring.us-east-1-a.amazonaws.com C. monitoring.us-east-1a.amazonaws.com D. cloudwatch.us-east-1a.amazonaws.com

A. monitoring.us-east-1.amazonaws.com

A user has enabled versioning on an S3 bucket. The user is using server side encryption for data at rest. If the user is supplying his own keys for encryption (SSE-C), what is recommended to the user for the purpose of security? Please select : A. The user should not use his own security key as it is not secure B. Configure S3 to rotate the user's encryption key at regular intervals C. Configure S3 to store the user's keys securely with SSL D. Keep rotating the encryption key manually at the client side

D. Keep rotating the encryption key manually at the client side

You are uploading 3 gigabytes of data every night to S3 from your on-premises data center. It takes 3 hours to upload and you are uploading it to Amazon S3. You are only using half of your available bandwidth through your internet provider. How might you decrease the amount of time to back up that 3GB of data from your on-premises data center to S3? Choose the 2 correct answers from the options below Please select : A. You could establish a Direct Connect connection between your on-premises data center and AWS VPC B. Increase your provisioned IOPS C. Increase your instance size D. You can use multipart upload to speed up the upload process

A. You could establish a Direct Connect connection between your on-premises data center and AWS VPC D. You can use multipart upload to speed up the upload process

In which of the following circumstances a deny action is taken precedence over an allow action. Select 2 options. Please select : A. S3 bucket access is implicitly denied for all users and an explicit allow is set on an S3 bucket via an S3 bucket policy. B. A NACL associated with subnet A defines two rules. Rule #100 explicitly denies TCP traffic on port 21 from 0.0.0.0/0 and rule #105 explicitly allows TCP traffic on port 21 from 0.0.0.0/0. C. An explicit allow is set in an IAM policy governing S3 access and an explicit deny is set on an S3 bucket via an S3 bucket policy. D. A NACL associated with subnet B defines two rules. Rule #105 explicitly denies TCP traffic on port 21 from 0.0.0.0/0 and rule #100 explicitly allows TCP traffic on port 21 from 0.0.0.0/0.

B. A NACL associated with subnet A defines two rules. Rule #100 explicitly denies TCP traffic on port 21 from 0.0.0.0/0 and rule #105 explicitly allows TCP traffic on port 21 from 0.0.0.0/0. C. An explicit allow is set in an IAM policy governing S3 access and an explicit deny is set on an S3 bucket via an S3 bucket policy.

A user has deployed an application on his Amazon Private Cloud. The user is using his own monitoring tool. He wants to configure that whenever there is an error, the monitoring tool should notify him via SMS. Which of the below mentioned AWS services will help in this scenario? Please select : A. None because the user infrastructure is in the private cloud B. AWS SNS C. AWS SES D. AWS SMS

B. AWS SNS

An organization has created a Queue named "modularqueue" with SQS. The organization is not performing any operations such as SendMessage, ReceiveMessage, DeleteMessage, GetQueueAttributes, SetQueueAttributes, AddPermission, and RemovePermission on the queue. What can happen in this scenario? Please select : A. AWS SQS sends notification after 15 days for inactivity on queue B. AWS SQS can delete queue after 30 days without notification C. AWS SQS marks queue inactive after 30 days D. AWS SQS notifies the user after 2 weeks and deletes the queue after 3 weeks.

B. AWS SQS can delete queue after 30 days without notification

Your application currently leverages AWS Auto Scaling to grow and shrink as load Increases/ decreases and has been performing well Your marketing team expects a steady ramp up in traffic to follow an upcoming campaign that will result in a 20x growth in traffic over 4 weeks Your forecast for the approximate number of Amazon EC2 instances necessary to meet the peak demand is 175. What should you do to avoid potential service disruptions during the ramp up in traffic? Please select : A. Ensure that you have pre-allocated 175 Elastic IP addresses so that each server will be able to obtain one as it launches B. Check the service limits in Trusted Advisor and adjust as necessary so the forecasted count remains within limits. C. Change your Auto Scaling configuration to set a desired capacity of 175 prior to the launch of the marketing campaign D. Pre-warm your Elastic Load Balancer to match the requests per second anticipated during peak demand prior to the marketing campaign

B. Check the service limits in Trusted Advisor and adjust as necessary so the forecasted count remains within limits.

You have a business-to-business web application running in a VPC consisting of an Elastic Load Balancer (ELB), web servers, application servers and a database. Your web application should only accept traffic from predefined customer IP addresses. Which two options meet this security requirement? Choose 2 answers Please select : A. Configure web server VPC security groups to allow traffic from your customers' IPs B. Configure your web servers to filter traffic based on the ELB's "X-forwarded-for" header C. Configure ELB security groups to allow traffic from your customers' IPs and deny all outbound traffic D. Configure a VPC NACL to allow web traffic from your customers' IPs and deny all outbound traffic

B. Configure your web servers to filter traffic based on the ELB's "X-forwarded-for" header C. Configure ELB security groups to allow traffic from your customers' IPs and deny all outbound traffic

Your website is hosted on 10 EC2 instances in five regions around the globe, with two instances per region. How could you configure your site to maintain availability with minimum downtime if one of the five regions was to lose network connectivity for an extended period? Choose the correct answer from the options given below. Please select : A. Establish VPN connections between the instances in each region. Rely on BGP to failover in the case of region-wide connectivity failure for an extended period. B. Create a Route 53 Latency Based Routing Record Set that resolves to an Elastic Load Balancer in each region and has the Evaluate Target Health flag set to true. C. Create a Route 53 Latency Based Routing Record Set that resolves to an Elastic Load Balancer in each region. Set an appropriate health check on each ELB. D. Create a Elastic Load Balancer to place in front of the EC2 instances. Set an appropriate health check on each ELB.

B. Create a Route 53 Latency Based Routing Record Set that resolves to an Elastic Load Balancer in each region and has the Evaluate Target Health flag set to true.

You are managing a legacy application Inside VPC with hard coded IP addresses in its configuration. Which two mechanisms will allow the application to failover to new instances without the need for reconfiguration? Choose 2 answers Please select : A. Create an ELB to reroute traffic to a failover instance B. Create a secondary ENI that can be moved to a failover instance C. Use Route53 health checks to fail traffic over to a failover instance D. Assign a secondary private IP address to the primary ENI that can be moved to a failover instance

B. Create a secondary ENI that can be moved to a failover instance D. Assign a secondary private IP address to the primary ENI that can be moved to a failover instance

A .NET application that you manage is running in Elastic Beanstalk. Your developers tell you they will need access to application log files to debug issues that arise. The infrastructure will scale up and down. How can you ensure the developers will be able to access only the log files? Please select : A. Access the log files directly from Elastic Beanstalk B. Enable log file rotation to S3 within the Elastic Beanstalk configuration C. Ask your developers to enable log file rotation in the applications web.config file D. Connect to each Instance launched by Elastic Beanstalk and create a Windows Scheduled task to rotate the log files to S3.

B. Enable log file rotation to S3 within the Elastic Beanstalk configuration

AWS is solely responsible for the security on the guest operating system. Choose the correct answer from the options below Please select : A. True B. False

B. False

We have terminated an instance which had a root EBS volume attached to it. What do we do now if we need to access the important data that was on this volume if we created this instance with the default storage options? Choose the correct answer from the options below. Please select : A. We can restore the data from a snapshot which is automatically created on instance termination by default B. If we did not first take a snapshot of the EBS volume we will not be able to access the data after an instance termination because the volume was deleted C. AWS has high availability so our data is still available D. Create multiple EBS volumes and replicate the data between them

B. If we did not first take a snapshot of the EBS volume we will not be able to access the data after an instance termination because the volume was deleted

What is the result of the following bucket policy? { "Statement":[ { "Sid":"Sid2", "Action":"s3:*", "Effect":"Allow", "Resource":"arn:AWS:s3:::mybucket/*.", "Condition":{ "ArnEquals":{ "s3:prefix":"accounts_" } }, "Principal":{ "AWS":[ "*" ] } } ] } Choose the correct answer from the options below. Please select : A. It allow all access objects in the accounts_ bucket name space B. It will allow all actions only against objects with the prefix accounts_ C. It will deny all actions if the object prefix is accounts_ D. It will allow all actions if the object is in the accounts subdirectory of mybucket

B. It will allow all actions only against objects with the prefix accounts_

A user has enabled termination protection on an EC2 instance. The user has also set Instance initiated shutdown behaviour to terminate. When the user shuts down the instance from the OS, what will happen? Please select : A. The OS will shutdown but the instance will not be terminated due to protection B. It will terminate the instance C. It will not allow the user to shutdown the instance from the OS D. It is not possible to set the termination protection when an Instance initiated shutdown is set to Terminate

B. It will terminate the instance

In AWS, which security aspects are the customer's responsibility? Choose 4 answers Please select : A. Controlling physical access to compute resources B. Patch management on the EC2 instances operating system C. Encryption of EBS (Elastic Block Storage) volumes D. Life-cycle management of IAM credentials E. Decommissioning storage devices F. Security Group and ACL (Access Control List) settingsII

B. Patch management on the EC2 instances operating system C. Encryption of EBS (Elastic Block Storage) volumes D. Life-cycle management of IAM credentials F. Security Group and ACL (Access Control List) settings

In order to optimize performance for a compute cluster that requires low inter-node latency, which feature in the following list should you use? Please select : A. AWS Direct Connect B. Placement Groups C. VPC private subnets D. EC2 Dedicated Instances E. Multiple Availability Zones

B. Placement Groups

A user has moved an object to Glacier using the life cycle rules. The user requests to restore the archive after 6 months. When the restore request is completed the user accesses that archive. Which of the below mentioned statements is not true in this condition? Please select : A. The archive will be available as an object for the duration specified by the user during the restoration request B. The restored object's storage class will be RRS C. The user can modify the restoration period only by issuing a new restore request with the updated period D. The user needs to pay storage for both RRS (restored. and Glacier (Archive. Rates

B. The restored object's storage class will be RRS

You run a stateless web application with the following components: an Elastic Load Balancer, three Web/Application servers on EC2, and a MySQL RDS database with 5000 Provisioned IOPS. Average response time for users is increasing. Looking at CloudWatch, you observe 95% CPU usage on the Web/Application servers and 20% CPU usage on the database. The average number of database disk operations varies between 2000 and 2500. How would you improve performance? Choose the 2 correct answers from the options given below Please select : A. Use Auto Scaling to add additional Web/Application servers based on a memory usage threshold B. Use Auto Scaling to add additional Web/Application servers based on CPU load threshold C. Choose a different EC2 instance type for the Web/Application servers with a more appropriate CPU/Memory ratio D. Increase the number of open TCP connections allowed per web/application EC2 instance

B. Use Auto Scaling to add additional Web/Application servers based on CPU load threshold C. Choose a different EC2 instance type for the Web/Application servers with a more appropriate CPU/Memory ratio

Assuming you have kept the default settings and have taken manual snapshots, which of the following manual snapshots will be retained? Choose the 2 correct answers from the options given below. Please select : A. A snapshot of an instance store root volume when the EC2 instance is terminated B. A snapshot of instance store root volume when the EC2 instance is stopped C. A snapshot of an EBS root volume when the EC2 instance is terminated D. A snapshot of an RDS database when the RDS instance is terminated

C. A snapshot of an EBS root volume when the EC2 instance is terminated D. A snapshot of an RDS database when the RDS instance is terminated

Your business is building a new application that will store its entire customer database on a RDS MySQL database, and will have various applications and users that will query that data for different purposes. Large analytics jobs on the database are likely to cause other applications to not be able to get the query results they need to, before time out. Also, as your data grows, these analytics jobs will start to take more time, increasing the negative effect on the other applications. How do you solve the contention issues between these different workloads on the same data? Please select : A. Enable Multi-AZ mode on the RDS instance B. Use ElastiCache to offload the analytics job data C. Create RDS Read-Replicas for the analytics work D. Run the RDS instance on the largest size possible

C. Create RDS Read-Replicas for the analytics work

We need to run a business intelligence application against our production database. This application requires near real time data from the database. How might we configure our RDS setup so that our application does not increase I/O load against our production database? Choose the correct answer from the options below. Please select : A. Copy the production instance and create a cron that dumps the RDS data into the secondary instance B. Point the application to the Multi-AZ failover instance C. Create a read replica from the production instance and point the application to the read replica D. In order to receive real time information the application must query the primary database

C. Create a read replica from the production instance and point the application to the read replica

What is the best practice when it comes to pre-warming (also called initialization for EC2)? Choose the correct answer from the options below. Please select : A. Elastic load balancers that recently experienced a large increase in traffic. B. EBS volumes that were created from scratch. Pre-warm using the read and then write back method. C. EBS volumes newly created from snapshots. Pre-warm by accessing each block once. D. Elastic load balancers that you are expecting to experience a large increase in traffic. Pre-warm using the read and write back method.

C. EBS volumes newly created from snapshots. Pre-warm by accessing each block once.

A user has created an ELB with three instances. How many security groups will ELB create by default? Please select : A. 3 B. 5 C. 2 D. 1

D. 1

An organization has setup Auto Scaling with ELB. Due to some manual error, one of the instances got rebooted. Thus, it failed the Auto Scaling health check. Auto Scaling has marked it for replacement. How can the system admin ensure that the instance does not get terminated? Please select : A. Update the Auto Scaling group to ignore the instance reboot event B. It is not possible to change the status once it is marked for replacement C. Manually add that instance to the Auto Scaling group after reboot to avoid replacement D. Change the health of the instance to healthy using the Auto Scaling commands

D. Change the health of the instance to healthy using the Auto Scaling commands

A user has created a launch configuration for Auto Scaling where CloudWatch detailed monitoring is disabled. The user wants to now enable detailed monitoring. How can the user achieve this? Please select : A. Update the Launch config with CLI to set InstanceMonitoringDisabled = false B. The user should change the Auto Scaling group from the AWS console to enable detailed monitoring C. Update the Launch config with CLI to set InstanceMonitoring.Enabled = true D. Create a new Launch Config with detail monitoring enabled and update the Auto Scaling group

D. Create a new Launch Config with detail monitoring enabled and update the Auto Scaling group

You have set up Individual AWS accounts for each project. You have been asked to make sure your AWS Infrastructure costs do not exceed the budget set per project for each month. Which of the following approaches can help ensure that you do not exceed the budget each month? Please select : A. Consolidate your accounts so you have a single bill for all accounts and projects B. Set up auto scaling with CloudWatch alarms using SNS to notify you when you are running too many Instances in a given account C. Set up CloudWatch billing alerts for all AWS resources used by each project, with a notification occurring when the amount for each resource tagged to a particular project matches the budget allocated to the project. D. Set up CloudWatch billing alerts for all AWS resources used by each account, with email notifications when it hits 50%, 80% and 90% of its budgeted monthly spend

D. Set up CloudWatch billing alerts for all AWS resources used by each account, with email notifications when it hits 50%, 80% and 90% of its budgeted monthly spend

An application you maintain consists of multiple EC2 instances in a default tenancy VPC. This application has undergone an internal audit and has been determined to require dedicated hardware for one instance. Your compliance team has given you a week to move this instance to single-tenant hardware. Which process will have minimal impact on your application while complying with this requirement? Please select : A. Create a new VPC with tenancy=dedicated and migrate to the new VPC B. Use ec2-reboot-instances command line and set the parameter "dedicated=true" C. Right click on the instance, select properties and check the box for dedicated tenancy D. Stop the instance, create an AMI, launch a new instance with tenancy=dedicated, and terminate the old instance

D. Stop the instance, create an AMI, launch a new instance with tenancy=dedicated, and terminate the old instance

A user has launched a Windows based EC2 instance. However, the instance has some issues and the user wants to check the log. When the user checks the Instance console output from the AWS console, what will it display? Please select : A. All the event logs since instance boot B. The last 10 system event log error C. The Windows instance does not support the console output D. The last three system events' log errors

D. The last three system events' log errors

A user has received a message from the support team that an issue occurred 1 week back between 3 AM to 4 AM and the EC2 server was not reachable. The user is checking the CloudWatch metrics of that instance. How can the user find the data easily using the CloudWatch console? Please select : A. The user can find the data by giving the exact values in the time Tab under CloudWatch metrics B. The user can find the data by filtering values of the last 1 week for a 1 hour period in the Relative tab under CloudWatch metrics C. It is not possible to find the exact time from the console. The user has to use CLI to provide the specific time D. The user can find the data by giving the exact values in the Absolute tab under CloudWatch metrics

D. The user can find the data by giving the exact values in the Absolute tab under CloudWatch metrics

Your team is excited about the use of AWS because now they have access to programmable infrastructure. You have been asked to manage your AWS infrastructure in a manner similar to the way you might manage application code. You want to be able to deploy exact copies of different versions of your infrastructure, stage changes into different environments, revert back to previous versions, and identify what versions are running at any particular time (development, test QA and production). Which approach addresses this requirement? Please select : A. Use cost allocation reports and AWS Opsworks to deploy and manage your infrastructure. B. Use AWS CloudWatch metrics and alerts along with resource tagging to deploy and manage your infrastructure. C. Use AWS Beanstalk and a version control system like GIT to deploy and manage your infrastructure. D. Use AWS CloudFormation and a version control system like GIT to deploy and manage your infrastructure.

D. Use AWS CloudFormation and a version control system like GIT to deploy and manage your infrastructure.

A user has created a VPC with two subnets: one public and one private. The user is planning to run the patch update for the instances in the private subnet. How can the instances in the private subnet connect to the internet? Please select : A. Use the internet gateway with a private IP B. Allow outbound traffic in the security group for port 80 to allow internet updates C. The private subnet can never connect to the internet D. Use NAT with an elastic IP

D. Use NAT with an elastic IP

How can you secure data at rest on an EBS volume? Please select : A. Encrypt the volume using the S3 server-side encryption service. B. Attach the volume to an instance using EC2's SSL interface. C. Create an IAM policy that restricts read and write access to the volume. D. Write the data randomly instead of sequentially. E. Use EBS encryption to encrypt the volume.

E. Use EBS encryption to encrypt the volume.

When an EC2 instance is backed by an S3-based AMI is terminated, what happens to the data on the root volume? Please select : A. Data is automatically deleted B. Data is automatically saved as an EBS snapshot. C. Data is unavailable until the instance is restarted D. Data is automatically saved as an EBS volume.

A. Data is automatically deleted

Amazon EBS snapshots have which of the following two characteristics? Choose 2 answers Please select : A. EBS snapshots only save incremental changes from snapshot to snapshot B. EBS snapshots can be created in real-time without stopping an EC2 instance C. EBS snapshots can only be restored to an EBS volume of the same size or smaller D. EBS snapshots can only be restored and mounted to an instance in the same Availability Zone as the original EBS volume

A. EBS snapshots only save incremental changes from snapshot to snapshot B. EBS snapshots can be created in real-time without stopping an EC2 instance

What would we need to attach to a Bastion host or NAT host for high availability in the event that the primary host went down and that we needed to send traffic to a secondary host? Choose the correct answer from the options below Please select : A. Elastic IP Address B. Secondary route table C. Direct Connect connection D. Secondary Network Interface

A. Elastic IP Address

You have a web application leveraging an Elastic Load Balancer (ELB). The ELB is in front of web servers deployed using an Auto Scaling Group. Your database is running on Relational Database Service (RDS). The web application serves technical articles and responses to them. In general, there are more views of an article than there are responses to the article. On occasion, an article on the site becomes extremely popular resulting in a significant traffic increase that causes the site to go down. What could you do to alleviate the load on the infrastructure and maintain availability during these events? Choose 3 answers Please select : A. Leverage CloudFront for the delivery of the articles. B. Add RDS read-replicas for the read traffic going to your relational database C. Leverage ElastiCache for caching the most frequently used data. D. Use SQS to queue up the requests for the technical posts and deliver them out of the queue. E. Use Route53 health checks to fail over to an S3 bucket for an error page.

A. Leverage CloudFront for the delivery of the articles. B. Add RDS read-replicas for the read traffic going to your relational database C. Leverage ElastiCache for caching the most frequently used data.

An organization has configured a VPC with an Internet Gateway (IGW) with pairs of public and private subnets each with one subnet per Availability Zone, and an Elastic Load Balancer (ELB) configured to use the public subnets. The application's web tier leverages the ELB, Auto Scaling and a multi AZ RDS database instance. The organization would like to eliminate any potential single point of failure in this design. What step should you take to achieve this objective of the Organization? Please select : A. Nothing, there are no single points of failure in this architecture. B. Create and attach a second IGW to provide redundant internet connectivity. C. Create and configure a second Elastic Load Balancer to provide a redundant load balancer. D. Create a second multi-AZ RDS instance in another Availability Zone and configure replication to provide a redundant database.

A. Nothing, there are no single points of failure in this architecture.

An organization is planning to create a user with IAM. They are trying to understand the limitations of IAM so that they can plan accordingly. Which of the below mentioned statements is not true with respect to the limitations of IAM? Please select : A. One IAM user can be a part of a maximum of 5 groups B. The organization can create 100 groups per AWS account C. One AWS account can have a maximum of 5000 IAM users D. One AWS account can have 250 roles

A. One IAM user can be a part of a maximum of 5 groups

How can software determine the public and private IP addresses of the Amazon EC2 instance that it is running on? Please select : A. Query the local instance metadata. B. Query the appropriate Amazon CloudWatch metric. C. Query the local instance userdata. D. Use ipconfig or ifconfig command.

A. Query the local instance metadata.

A user has configured ELB with Auto Scaling. The user suspended the Auto Scaling AddToLoadBalancer (which adds instances to the load balancer). process for a while. What will happen to the instances launched during the suspension period? Please select : A. The instances will not be registered with ELB and the user has to manually register when the process is resumed B. The instances will be registered with ELB only once the process has resumed C. Auto Scaling will not launch the instance during this period due to process suspension D. It is not possible to suspend only the AddToLoadBalancer process

A. The instances will not be registered with ELB and the user has to manually register when the process is resumed

A user has launched an EC2 instance and deployed a production application in it. The user wants to prohibit any mistakes from the production team to avoid accidental termination. How can the user achieve this? Please select : A. The user can the set DisableApiTermination attribute to avoid accidental termination B. It is not possible to avoid accidental termination C. The user can set the Deletion termination flag to avoid accidental termination D. The user can set the InstanceInitiatedShutdownBehavior flag to avoid accidental termination

A. The user can the set DisableApiTermination attribute to avoid accidental termination

You can configure an internal elastic load balancer to load balance internal traffic. Please select : A. True B. False

A. True

Your company is setting up an application that is used to share files. Because these files are important to the sales team, the application must be highly available. Which AWS-specific storage option would you set up for low cost, reliability, and security? Choose the correct answer from the options below. Please select : A. Use Amazon S3, which can be accessed by end users with signed URLs. B. Spin up EC2 with ephemeral type storage to keep the cost down. C. Create a Dropbox account to share your files. D. Attach an EBS volume to each of the EC2 servers where the files could be uploaded.

A. Use Amazon S3, which can be accessed by end users with signed URLs.

A user has launched an EC2 instance from an instance store backed AMI. The user has attached an additional instance store volume to the instance. The user wants to create an AMI from the running instance. Will the AMI have the additional instance store volume data? Please select : A. Yes, the block device mapping will have information about the additional instance store volume B. No, since the instance store backed AMI can have only the root volume bundled C. It is not possible to attach an additional instance store volume to the existing instance store backed AMI instance D. No, since this is ephermal storage it will not be a part of the AMI

A. Yes, the block device mapping will have information about the additional instance store volume

An application that you are managing has EC2 instances & Dynamo DB tables deployed to several AWS Regions In order to monitor the performance of the application globally, you would like to see two graphs 1) Avg CPU Utilization across all EC2 instances and 2) Number of Throttled Requests for all DynamoDB tables. How can you accomplish this? Please select : A. Tag your resources with the application name, and select the tag name as the dimension in the Cloudwatch Management console to view the respective graphs B. Use the Cloud Watch CLI tools to pull the respective metrics from each regional endpoint Aggregate the data offline & store it for graphing in CloudWatch. C. Add SNMP traps to each instance and DynamoDB table Leverage a central monitoring server to capture data from each instance and table Put the aggregate data into Cloud Watch for graphing. D. Add a CloudWatch agent to each instance and attach one to each DynamoDB table. When configuring the agent set the appropriate application name & view the graphs in CloudWatch.

B. Use the Cloud Watch CLI tools to pull the respective metrics from each regional endpoint Aggregate the data offline & store it for graphing in CloudWatch.

The compliance department within your multi-national organization requires that all data for your customers that reside in the European Union (EU) must not leave the EU and also data for customers that reside in the US must not leave the US without explicit authorization. What must you do to comply with this requirement for a web based profile management application running on EC2? Please select : A. Run EC2 instances in multiple AWS Availability Zones in single Region and leverage an Elastic Load Balancer with session stickiness to route traffic to the appropriate zone to create their profile B. Run EC2 instances in multiple Regions and leverage Route 53's Latency Based Routing capabilities to route traffic to the appropriate region to create their profile C. Run EC2 instances in multiple Regions and leverage a third party data provider to determine if a user needs to be redirect to the appropriate region to create their profile D. Run EC2 instances in multiple AWS Availability Zones in a single Region and leverage a third party data provider to determine if a user needs to be redirect to the appropriate zone to create their profile

C. Run EC2 instances in multiple Regions and leverage a third party data provider to determine if a user needs to be redirect to the appropriate region to create their profile

You run a web application with the following components Elastic Load Balancer (EL8), 3 Web/Application servers, 1 MySQL RDS database with read replicas, and Amazon Simple Storage Service (Amazon S3) for static content. Average response time for users is increasing slowly. Which CloudWatch RDS metrics will not allow you to identify if the database is the bottleneck? Please select : A. The number of outstanding IOs waiting to access the disk. B. The amount of write latency. C. The amount of disk space occupied by binary logs on the master. D. The amount of time a Read Replica DB Instance lags behind the source DB Instance E. The average number of disk I/O operations per second.

C. The amount of disk space occupied by binary logs on the master.

In the shared responsibility model at AWS, what two options are you responsible for in the case of an audit? Choose the 2 correct answers from the options below. Please select : A. The global infrastructure that hosts the virtualization hypervisors B. Physical security to AWS data centers C. The operating systems' administrators group D. An application that you have running within AWS EC2

C. The operating systems' administrators group D. An application that you have running within AWS EC2

Your entire AWS infrastructure lives inside of one Amazon VPC. You have an Infrastructure monitoring application running on an Amazon instance in Availability Zone (AZ) A of the region, and another application instance running on AZ B. The monitoring application needs to make use of ICMP ping to confirm network reachability of the instance hosting the application. Can you configure the security groups for these instances to only allow the ICMP ping to pass from the monitoring instance to the application instance and nothing else? If so, how? Please select : A. No Two instances in two different AZ's can't talk directly to each other via ICMP ping as that protocol is not allowed across subnet (i.e broadcast) boundaries B. Yes Both the monitoring instance and the application instance have to be a part of the same security group, and that security group needs to allow inbound ICMP C. Yes, the security group for the monitoring instance needs to allow outbound ICMP and the application instance's security group needs to allow Inbound ICMP D. Yes, Both the monitoring instance's security group and the application instance's security group need to allow both inbound and outbound ICMP ping packets since ICMP is not a connection-oriented protocol

C. Yes, the security group for the monitoring instance needs to allow outbound ICMP and the application instance's security group needs to allow Inbound ICMP