z
A company is storing data on Amazon Simple Storage Service (S3). The company's security policy mandates that data is encrypted at rest. Which of the following methods can achieve this? (Choose three.) A. Use Amazon S3 server-side encryption with AWS Key Management Service managed keys. B. Use Amazon S3 server-side encryption with customer-provided keys. C. Use Amazon S3 server-side encryption with EC2 key pair. D. Use Amazon S3 bucket policies to restrict access to the data at rest. E. Encrypt the data on the client-side before ingesting to Amazon S3 using their own master key. F. Use SSL to encrypt the data while in transit to Amazon S3.
A. Use Amazon S3 server-side encryption with AWS Key Management Service managed keys. B. Use Amazon S3 server-side encryption with customer-provided keys. E. Encrypt the data on the client-side before ingesting to Amazon S3 using their own master key.
You receive a Spot Instance at a bid of $0.05/hr. After 30 minutes, the Spot Price increases to $0.06/hr and your Spot Instance is terminated by AWS. What was the total EC2 compute cost of running your Spot Instance? A. $0.00 B. $0.02 C. $0.03 D. $0.05 E. $0.06
A. $0.00
What is the default maximum number of MFA devices in use per AWS account (at the root account level)? A. 1 B. 5 C. 15 D. 10
A. 1
In the Amazon RDS which uses the SQL Server engine, what is the maximum size for a Microsoft SQL Server DB Instance with SQL Server Express edition? A. 10 GB per DB B. 100 GB per DB C. 2 TB per DB D. 1TB per DB
A. 10 GB per DB
How many types of block devices does Amazon EC2 support? A. 2 B. 3 C. 4 D. 1
A. 2
MySQL installations default to port _____. A. 3306 B. 443 C. 80 D. 1158
A. 3306
Using Amazon CloudWatch's Free Tier, what is the frequency of metric updates which you receive? A. 5 minutes B. 500 milliseconds. C. 30 seconds D. 1 minute
A. 5 minutes
What is the default VPC security group limit? A. 500 B. 50 C. 5 D. There is no limit
A. 500
What is the durability of S3 RRS? A. 99.99% B. 99.95% C. 99.995% D. 99.999999999%
A. 99.99%
What is the durability of S3 RRS? A. 99.99% B. 99.95% C. 99.995% D. 99.999999999%
A. 99.99%
When you put objects in Amazon S3, what is the indication that an object was successfully stored? A. A HTTP 200 result code and MD5 checksum, taken together, indicate that the operation was successful. B. Amazon S3 is engineered for 99.999999999% durability. Therefore there is no need to confirm that data was inserted. C. A success code is inserted into the S3 object metadata. D. Each S3 account has a special bucket named _s3_logs. Success codes are written to this bucket with a timestamp and checksum.
A. A HTTP 200 result code and MD5 checksum, taken together, indicate that the operation was successful.
A company is preparing to give AWS Management Console access to developers Company policy mandates identity federation and role-based access control. Roles are currently assigned using groups in the corporate Active Directory. What combination of the following will give developers access to the AWS console? (Select 2) A. AWS Directory Service AD Connector B. AWS Directory Service Simple AD C. AWS Identity and Access Management groups D. AWS identity and Access Management roles E. AWS identity and Access Management users
A. AWS Directory Service AD Connector D. AWS identity and Access Management roles
Which of the following services natively encrypts data at rest within an AWS region? (Choose two.) A. AWS Storage Gateway B. Amazon DynamoDB C. Amazon CloudFront D. Amazon Glacier E. Amazon Simple Queue Service
A. AWS Storage Gateway D. Amazon Glacier
HTTP Query-based requests are HTTP requests that use the HTTP verb GET or POST and a Query parameter named _____. A. Action B. Value C. Reset D. Retrieve
A. Action
Select the correct set of options. The initial settings for the default security group are: A. Allow no inbound traffic, Allow all outbound traffic and Allow instances associated with this security group to talk to each other B. Allow all inbound traffic, Allow no outbound traffic and Allow instances associated with this security group to talk to each other C. Allow no inbound traffic, Allow all outbound traffic and Does NOT allow instances associated with this security group to talk to each other D. Allow all inbound traffic, Allow all outbound traffic and Does NOT allow instances associated with this security group to talk to each other
A. Allow no inbound traffic, Allow all outbound traffic and Allow instances associated with this security group to talk to each other
What is one key difference between an Amazon EBS-backed and an instance-store backed instance? A. Amazon EBS-backed instances can be stopped and restarted. B. Instance-store backed instances can be stopped and restarted. C. Auto scaling requires using Amazon EBS-backed instances. D. Virtual Private Cloud requires EBS backed instances.
A. Amazon EBS-backed instances can be stopped and restarted.
You are deploying an application to track GPS coordinates of delivery trucks in the United States. Coordinates are transmitted from each delivery truck once every three seconds. You need to design an architecture that will enable real-time processing of these coordinates from multiple consumers. Which service should you use to implement data ingestion? A. Amazon Kinesis B. AWS Data Pipeline C. Amazon AppStream D. Amazon Simple Queue Service
A. Amazon Kinesis
Amazon RDS DB snapshots and automated backups are stored in A. Amazon S3 B. Amazon ECS Volume C. Amazon RDS D. Amazon EMR
A. Amazon S3
Which of the following is a durable key-value store? A. Amazon Simple Storage Service B. Amazon Simple Workflow Service C. Amazon Simple Queue Service D. Amazon Simple Notification Service
A. Amazon Simple Storage Service
Which Amazon service can I use to define a virtual network that closely resembles a traditional data center? A. Amazon VPC B. Amazon ServiceBus C. Amazon EMR D. Amazon RDS
A. Amazon VPC
Which of the following statements are true about Amazon Route 53 resource records? Choose 2 answers A. An Alias record can map one DNS name to another Amazon Route 53 DNS name. B. A CNAME record can be created for your zone apex. C. An Amazon Route 53 CNAME record can point to any DNS record hosted anywhere. D. TTL can be set for an Alias record in Amazon Route 53. E. An Amazon Route 53 Alias record can point to any DNS record hosted anywhere.
A. An Alias record can map one DNS name to another Amazon Route 53 DNS name. C. An Amazon Route 53 CNAME record can point to any DNS record hosted anywhere.
What does Amazon Elastic Beanstalk provide? A. An application container on top of Amazon Web Services. B. A scalable storage appliance on top of Amazon Web Services. C. A scalable cluster of EC2 instances. D. A service by this name doesn't exist.
A. An application container on top of Amazon Web Services.
EBS Snapshots occur _____ A. Asynchronously B. Synchronously C. Weekly
A. Asynchronously
Regarding the attaching of ENI to an instance, what does 'warm attach' refer to? A. Attaching an ENI to an instance when it is stopped. B. This question doesn't make sense. C. Attaching an ENI to an instance when it is running D. Attaching an ENI to an instance during the launch process
A. Attaching an ENI to an instance when it is stopped.
What is the type of monitoring data (for Amazon EBS volumes) which is available automatically in 5-minute periods at no charge called? A. Basic B. Primary C. Detailed D. Local
A. Basic
What are the four levels of AWS Premium Support? A. Basic, Developer, Business, Enterprise B. Basic, Startup, Business, Enterprise C. Free, Bronze, Silver, Gold D. All support is free
A. Basic, Developer, Business, Enterprise
What is the name of licensing model in which I can use your existing Oracle Database licenses to run Oracle deployments on Amazon RDS? A. Bring Your Own License B. Role Bases License C. Enterprise License D. License Included
A. Bring Your Own License
How can the domain's zone apex, for example, "myzoneapexdomain.com", be pointed towards an Elastic Load Balancer? A. By using an Amazon Route 53 Alias record B. By using an AAAA record C. By using an Amazon Route 53 CNAME record D. By using an A record
A. By using an Amazon Route 53 Alias record
How can I change the security group membership for interfaces owned by other AWS, such as Elastic Load Balancing? A. By using the service specific console or API\CLI commands B. None of these C. Using Amazon EC2 API/CLI D. Using all these methods
A. By using the service specific console or API\CLI commands
When creation of an EBS snapshot is initiated, but not completed, the EBS volume: A. Can be used while the snapshot is in progress. B. Cannot be detached or attached to an EC2 instance until the snapshot completes C. Can be used in read-only mode while the snapshot is in progress. D. Cannot be used until the snapshot completes.
A. Can be used while the snapshot is in progress.
Which of the following are true regarding AWS CloudTrail? (Choose three.) A. CloudTrail is enabled globally B. CloudTrail is enabled by default C. CloudTrail is enabled on a per-region basis D. CloudTrail is enabled on a per-service basis. E. Logs can be delivered to a single Amazon S3 bucket for aggregation. F. CloudTrail is enabled for all available services within a region. G. Logs can only be processed and delivered to the region in which they are generated.
A. CloudTrail is enabled globally C. CloudTrail is enabled on a per-region basis E. Logs can be delivered to a single Amazon S3 bucket for aggregation. Not all services support cloudtrail. They can go to a bucket in any region.
In order to enable encryption at rest using EC2 and Elastic Block Store you need to A. Configure encryption when creating the EBS volume B. Configure encryption using the appropriate Operating Systems file system C. Configure encryption using X.509 certificates D. Mount the EBS volume in to S3 and then encrypt the bucket using a bucket policy.
A. Configure encryption when creating the EBS volume
A company has an AWS account that contains three VPCs (Dev, Test, and Prod) in the same region. Test is peered to both Prod and Dev. All VPCs have non-overlapping CIDR blocks. The company wants to push minor code releases from Dev to Prod to speed up time to market. Which of the following options helps the company accomplish this? A. Create a new peering connection Between Prod and Dev along with appropriate routes. B. Create a new entry to Prod in the Dev route table using the peering connection as the target. C. Attach a second gateway to Dev. Add a new entry in the Prod route table identifying the gateway as the target. D. The VPCs have non-overlapping CIDR blocks in the same account. The route tables contain local routes for all VPCs.
A. Create a new peering connection Between Prod and Dev along with appropriate routes. Connections are not transitive between VPCs.
Which of the following items are required to allow an application deployed on an EC2 instance to write data to a DynamoDB table? Assume that no security keys are allowed to be stored on the EC2 instance. (Choose two.) A. Create an IAM Role that allows write access to the DynamoDB table. B. Add an IAM Role to a running EC2 instance. C. Create an IAM User that allows write access to the DynamoDB table. D. Add an IAM User to a running EC2 instance. E. Launch an EC2 Instance with the IAM Role included in the launch configuration.
A. Create an IAM Role that allows write access to the DynamoDB table. B. Add an IAM Role to a running EC2 instance. A and E if prior to 2017
You are building a system to distribute confidential training videos to employees. Using CloudFront, what method could be used to serve content that is stored in S3, but not publicly accessible from S3 directly? A. Create an Origin Access Identity (OAI) for CloudFront and grant access to the objects in your S3 bucket to that OAI. B. Add the CloudFront account security group "amazon-cf/amazon-cf-sg" to the appropriate S3 bucket policy. C. Create an Identity and Access Management (IAM) User for CloudFront and grant access to the objects in your S3 bucket to that IAM User. D. Create a S3 bucket policy that lists the CloudFront distribution ID as the Principal and the target bucket as the Amazon Resource Name (ARN).
A. Create an Origin Access Identity (OAI) for CloudFront and grant access to the objects in your S3 bucket to that OAI.
What is an isolated database environment running in the cloud (Amazon RDS) called? A. DB Instance B. DB Unit C. DB Server D. DB Volume
A. DB Instance
By default, EBS volumes that are created and attached to an instance at launch are deleted when that instance is terminated. You can modify this behavior by changing the value of the flag _____ to false when you launch the instance. A. DeleteOnTermination B. RemoveOnDeletion C. RemoveOnTermination D. TerminateOnDeletion
A. DeleteOnTermination
You work for a cosmetic company which has their production website on AWS. The site itself is in a two-tier configuration with web servers in the front end and database servers at the back end. The site uses using Elastic Load Balancing and Auto Scaling. The databases maintain consistency by replicating changes to each other as and when they occur. This requires the databases to have extremely low latency. Your website needs to be highly redundant and must be designed so that if one availability zone goes offline and Auto Scaling cannot launch new instances in the remaining Availability Zones the site will not go offline. How can the current architecture be enhanced to ensure this? A. Deploy your site in three different AZ's within the same region. Configure the Auto Scaling minimum to handle 50 percent of the peak load per zone. B. Deploy your website in 2 different regions. Configure Route53 with a failover routing policy and set up health checks on the primary site. C. Deploy your site in three different AZ's within the same region. Configure the Auto Scaling minimum to handle 33 percent of the peak load per zone. D. Deploy your website in 2 different regions. Configure Route53 with Weighted Routing. Assign a weight of 25% to region 1 and a weight of 75% to region 2.
A. Deploy your site in three different AZ's within the same region. Configure the Auto Scaling minimum to handle 50 percent of the peak load per zone.
Which route must be added to your routing table in order to allow connections to the Internet from your subnet? A. Destination: 0.0.0.0/0 --> Target: your Internet gateway B. Destination: 192.168.1.257/0 --> Target: your Internet gateway C. Destination: 0.0.0.0/33 --> Target: your virtual private gateway D. Destination: 0.0.0.0/0 --> Target: 0.0.0.0/24 E. Destination: 10.0.0.0/32 --> Target: your virtual private gateway
A. Destination: 0.0.0.0/0 --> Target: your Internet gateway
After launching an instance that you intend to serve as a NAT (Network Address Translation) device in a public subnet you modify your route tables to have the NAT device be the target of internet bound traffic of your private subnet. When you try and make an outbound connection to the internet from an instance in the private subnet, you are not successful. Which of the following steps could resolve the issue? A. Disabling the Source/Destination Check attribute on the NAT instance B. Attaching an Elastic IP address to the instance in the private subnet C. Attaching a second Elastic Network Interface (ENI) to the NAT instance, and placing it in the private subnet D. Attaching a second Elastic Network Interface (ENI) to the instance in the private subnet, and placing it in the public subnet
A. Disabling the Source/Destination Check attribute on the NAT instance
If I want an instance to have a public IP address, which IP address should I use? A. Elastic IP Address B. Class B IP Address C. Class A IP Address D. Dynamic IP Address
A. Elastic IP Address
A company is building a two-tier web application to serve dynamic transaction-based content. The data tier is leveraging an Online Transactional Processing (OLTP) database. What services should you leverage to enable an elastic and scalable web tier? A. Elastic Load Balancing, Amazon EC2, and Auto Scaling B. Elastic Load Balancing, Amazon RDS with Multi-AZ, and Amazon S3 C. Amazon RDS with Multi-AZ and Auto Scaling D. Amazon EC2, Amazon DynamoDB, and Amazon S3
A. Elastic Load Balancing, Amazon EC2, and Auto Scaling
Which of the following notification endpoints or clients are supported by Amazon Simple Notification Service? (Choose two.) A. Email B. CloudFront distribution C. File Transfer Protocol D. Short Message Service E. Simple Network Management Protocol
A. Email D. Short Message Service
What combination of the following options will protect S3 objects from both accidental deletion and accidental overwriting? A. Enable S3 versioning on the bucket. B. Access S3 data using only signed URLs. C. Disable S3 delete using an IAM bucket policy. D. Enable S3 Reduced Redundancy Storage. E. Enable multi-factor authentication (MFA) protected access.
A. Enable S3 versioning on the bucket. E. Enable multi-factor authentication (MFA) protected access.
Your company has decided to set up a new AWS account for test and dev purposes. They already use AWS for production, but would like a new account dedicated for test and dev so as to not accidentally break the production environment. You launch an exact replica of your production environment using a CloudFormation template that your company uses in production. However CloudFormation fails. You use the exact same CloudFormation template in production, so the failure is something to do with your new AWS account. The CloudFormation template is trying to launch 60 new EC2 instances in a single AZ. After some research you discover that the problem is; A. For all new AWS accounts there is a soft limit of 20 EC2 instances per region. You should submit the limit increase form and retry the template after your limit has been increased. B. For all new AWS accounts there is a soft limit of 20 EC2 instances per availability zone. You should submit the limit increase form and retry the template after your limit has been increased. C. You cannot launch more than 20 instances in your default VPC, instead reconfigure the CloudFormation template to provision the instances in a custom VPC. D. Your CloudFormation template is configured to use the parent account and not the new account. Change the account number in the CloudFormation template and relaunch the template. Submit
A. For all new AWS accounts there is a soft limit of 20 EC2 instances per region. You should submit the limit increase form and retry the template after your limit has been increased.
A customer has a single 3-TB volume on-premises that is used to hold a large repository of images and print layout files. This repository is growing at 500 GB a year and must be presented as a single logical volume. The customer is becoming increasingly constrained with their local storage capacity and wants an off-site backup of this data, while maintaining low-latency access to their frequently accessed data. Which AWS Storage Gateway configuration meets the customer requirements? A. Gateway-Cached volumes with snapshots scheduled to Amazon S3 B. Gateway-Stored volumes with snapshots scheduled to Amazon S3 C. Gateway-Virtual Tape Library with snapshots to Amazon S3 D. Gateway-Virtual Tape Library with snapshots to Amazon Glacier
A. Gateway-Cached volumes with snapshots scheduled to Amazon S3
Which of the following is not a valid configuration type for AWS Storage gateway. A. Gateway-accessed volumes B. Gateway-cached volumes C. Gateway-stored volumes D. Gateway-Virtual Tape Library
A. Gateway-accessed volumes
Which of the following instance types are available as Amazon EBS-backed only? (Choose two.) A. General purpose T2 B. General purpose M3 C. Compute-optimized C4 D. Compute-optimized C3 E. Storage-optimized 12
A. General purpose T2 C. Compute-optimized C4
A VPC public subnet is one that: A. Has at least one route in its associated routing table that uses an Internet Gateway (IGW). B. Includes a route in its associated routing table via a Network Address Translation (NAT) instance. C. Has a Network Access Control List (NACL) permitting outbound traffic to 0.0.0.0/0. D. Has the Public Subnet option selected in its configuration.
A. Has at least one route in its associated routing table that uses an Internet Gateway (IGW).
What happens to the I/O operations while you take a database snapshot in a single AZ database? A. I/O operations to the database are suspended for a few minutes while the backup is in progress. B. I/O operations to the database are sent to a Replica (if available) for a few minutes while the backup is in progress. C. I/O operations will be functioning normally D. I/O operations to the database are suspended for an hour while the backup is in progress
A. I/O operations to the database are suspended for a few minutes while the backup is in progress.
When should I choose Provisioned IOPS over Standard RDS storage? A. If you use production online transaction processing (OLTP) workloads. B. If you have batch-oriented workloads C. If you have workloads that are not sensitive to consistent performance
A. If you use production online transaction processing (OLTP) workloads.
You have an EC2 Security Group with several running EC2 instances. You change the Security Group rules to allow inbound traffic on a new port and protocol, and launch several new instances in the same Security Group. The new rules apply: A. Immediately to all instances in the security group. B. Immediately to the new instances only. C. Immediately to the new instances, but old instances must be stopped and restarted before the new rules apply. D. To all instances, but it may take several minutes for old instances to see the changes.
A. Immediately to all instances in the security group.
You have an EC2 security group with several running EC2 instances. You change the security group rules to allow inbound traffic on a new port and protocol, and launch several new instances in the same security group. The new rules apply: A. Immediately to all instances in the security group. B. Immediately to the new instances only. C. Immediately to the new instances, but old instances must be stopped and restarted before the new rules apply. D. To all instances, but it may take several minutes for old instances to see the changes.
A. Immediately to all instances in the security group.
By definition a public subnet within a VPC is one that; A. In it's routing table it has at least one route that uses an Internet Gateway (IGW). B. Has at least one route in it's routing table that routes via a Network Address Translation (NAT) instance. C. Where the the Network Access Control List (NACL) permitting outbound traffic to 0.0.0.0/0. D. Has had the public subnet check box ticked when setting up this subnet in the VPC console.
A. In it's routing table it has at least one route that uses an Internet Gateway (IGW).
You are a student currently learning about the different AWS services. Your employer asks you to tell him a bit about Amazon's glacier service. Which of the following best describes the use cases for Glacier? A. Infrequently accessed data & data archives B. Hosting active databases C. Replicating Files across multiple availability zones and regions D. Frequently Accessed Data
A. Infrequently accessed data & data archives
Amazon RDS automated backups and DB Snapshots are currently supported for only the ______ storage engine A. InnoDB B. MyISAM
A. InnoDB
What does the AWS Storage Gateway provide? A. Integration of on-premises IT environments with Cloud Storage. B. A direct encrypted connection to Amazon S3. C. A backup solution that provides an on-premises Cloud storage. D. It provides an encrypted SSL endpoint for backups in the Cloud.
A. Integration of on-premises IT environments with Cloud Storage.
Which DNS name can only be resolved within Amazon EC2? A. Internal DNS name B. External DNS name C. Global DNS name D. Private DNS name
A. Internal DNS name
Which of the following are characteristics of a reserved instance? (Choose three.) A. It can be migrated across Availability Zones B. It is specific to an Amazon Machine Image (AMI) C. It can be applied to instances launched by Auto Scaling D. It is specific to an instance Type E. It can be used to lower Total Cost of Ownership (TCO) of a system
A. It can be migrated across Availability Zones C. It can be applied to instances launched by Auto Scaling E. It can be used to lower Total Cost of Ownership (TCO) of a system
What is the Reduced Redundancy option in Amazon S3? A. Less redundancy for a lower cost. B. It doesn't exist in Amazon S3, but in Amazon EBS. C. It allows you to destroy any copy of your files outside a specific jurisdiction. D. It doesn't exist at all
A. Less redundancy for a lower cost.
Which of the following requires a custom CloudWatch metric to monitor? A. Memory use B. CPU use C. Disk read operations D. Network in E. Estimated charges
A. Memory use
Can I move a Reserved Instance from one Region to another? A. No B. Yes C. Only if they are moving into GovCloud D. Only if they are moving to US East from another region
A. No
Can a 'user' be associated with multiple AWS accounts? A. No B. Yes
A. No
Can an EBS volume be attached to more than one EC2 instance at the same time? A. No B. Yes. C. Only EC2-optimized EBS volumes. D. Only in read mode.
A. No
Can the string value of 'Key' be prefixed with ":aws:"? A. No B. Only for EC2 not S3 C. Yes D. Only for S3 not EC2
A. No
Does Amazon RDS for SQL Server currently support importing data into the msdb database? A. No B. Yes
A. No
Is the SQL Server Audit feature supported in the Amazon RDS SQL Server engine? A. No B. Yes
A. No
Making your snapshot public shares all snapshot data with everyone. Can the snapshots with AWS Marketplace product codes be made public? A. No B. Yes
A. No
What is the charge for the data transfer incurred in replicating data between your primary and standby? A. No charge. It is free. B. Double the standard data transfer charge C. Same as the standard data transfer charge D. Half of the standard data transfer charge
A. No charge. It is free.
Will I be alerted when automatic failover occurs? A. Only if SNS configured B. No C. Yes D. Only if Cloudwatch configured
A. Only if SNS configured
When using consolidated billing there are two account types. What are they? A. Paying account and Linked account B. Parent account and Child account C. Main account and Sub account. D. Main account and Secondary account.
A. Paying account and Linked account
How can software determine the public and private IP addresses of the EC2 instance that it is running on? A. Query the local instance metadata. B. Query the local instance userdata. C. Query the appropriate Amazon CloudWatch metric. D. Use an ipconfig or ifconfig command.
A. Query the local instance metadata.
You run an ad-supported photo sharing website using S3 to serve photos to visitors of your site. At some point you find out that other sites have been linking to the photos on your site, causing loss to your business. What is an effective method to mitigate this? A. Remove public read access and use signed URLs with expiry dates. B. Use CloudFront distributions for static content. C. Block the IPs of the offending websites in Security Groups. D. Store photos on an EBS volume of the web server.
A. Remove public read access and use signed URLs with expiry dates.
A user has configured ELB with three instances. The user wants to achieve High Availability as well as redundancy with ELB. Which of the below mentioned AWS services helps the user achieve this for ELB? A. Route 53 B. AWS Mechanical Turk C. Auto Scaling D. AWS EMR
A. Route 53
You need to create a simple, holistic check for your system's general availability and uptime. Your system presents itself as an HTTP-speaking API. What is the simplest tool on AWS to achieve this with? A. Route53 Health Checks B. CloudWatch Health Checks C. AWS ELB Health Checks D. EC2 Health Checks
A. Route53 Health Checks
The Amazon EC2 web service can be accessed using the _____ web services messaging protocol. This interface is described by a Web Services Description Language (WSDL) document. A. SOAP B. DCOM C. CORBA D. XML-RPC
A. SOAP
Because of the extensibility limitations of striped storage attached to Windows Server, Amazon RDS does not currently support increasing storage on a _____ DB Instance. A. SQL Server B. MySQL C. Oracle
A. SQL Server
You are tasked with setting up a Linux bastion host for access to Amazon EC2 instances running in your VPC. Only clients connecting from the corporate external public IP address 72.34.51.100 should have SSH access to the host. Which option will meet the customer requirement? A. Security Group Inbound Rule: Protocol - TCP. Port Range - 22, Source 72.34.51.100/32 B. Security Group Inbound Rule: Protocol - UDP, Port Range - 22, Source 72.34.51.100/32 C. Network ACL Inbound Rule: Protocol - UDP, Port Range - 22, Source 72.34.51.100/32 D. Network ACL Inbound Rule: Protocol - TCP, Port Range-22, Source 72.34.51.100/0
A. Security Group Inbound Rule: Protocol - TCP. Port Range - 22, Source 72.34.51.100/32 /0 is not correct CIDR notation for a single IP address UDP is not the correct protocol
In AWS, which security aspects are the customer's responsibility? (Choose four.) A. Security Group and ACL (Access Control List) settings B. Decommissioning storage devices C. Patch management on the EC2 instance's operating system D. Life-cycle management of IAM credentials E. Controlling physical access to compute resources F. Encryption of EBS (Elastic Block Storage) volumes
A. Security Group and ACL (Access Control List) settings C. Patch management on the EC2 instance's operating system D. Life-cycle management of IAM credentials F. Encryption of EBS (Elastic Block Storage) volumes
What are the valid methodologies for encrypting data on S3? A. Server Side Encryption (SSE)-S3, SSE-C, SSE-KMS or a client library such as Amazon S3 Encryption Client. B. Server Side Encryption (SSE)-S3, SSE-A, SSE-KMS or a client library such as Amazon S3 Encryption Client. C. Server Side Encryption (SSE)-S3, SSE-C, SSE-SSL or a client library such as Amazon S3 Encryption Client. D. Server Side Encryption (SSE)-S3, SSE-C, SSE-SSL or a server library such as Amazon S3 Encryption Client.
A. Server Side Encryption (SSE)-S3, SSE-C, SSE-KMS or a client library such as Amazon S3 Encryption Client.
Which features can be used to restrict access to data in S3? (Choose two.) A. Set an S3 ACL on the bucket or the object. B. Create a CloudFront distribution for the bucket. C. Set an S3 bucket policy. D. Enable IAM Identity Federation E. Use S3 Virtual Hosting
A. Set an S3 ACL on the bucket or the object. C. Set an S3 bucket policy.
You need to configure an Amazon S3 bucket to serve static assets for your public-facing web application. Which methods ensure that all objects uploaded to the bucket are set to public read? (Choose two.) A. Set permissions on the object to public read during upload. B. Configure the bucket ACL to set all objects to public read. C. Configure the bucket policy to set all objects to public read. D. Use AWS Identity and Access Management roles to set the bucket to public read. E. Amazon S3 objects default to public read, so no action is needed.
A. Set permissions on the object to public read during upload. C. Configure the bucket policy to set all objects to public read.
_____ embodies the "share-nothing" architecture and essentially involves breaking a large database into several smaller databases. A. Sharding B. Failure recovery C. Federation D. DDL operations
A. Sharding
How many relational database engines does RDS currently support? A. Six: Amazon Aurora, Oracle, Microsoft SQL Server, PostgreSQL, MySQL and MariaDB B. Just two: MySQL and Oracle. C. Five: MySQL, PostgreSQL, MongoDB, Cassandra and SQLite. D. Just one: MySQL.
A. Six: Amazon Aurora, Oracle, Microsoft SQL Server, PostgreSQL, MySQL and MariaDB
You have a distributed application that periodically processes large volumes of data across multiple Amazon EC2 Instances. The application is designed to recover gracefully from Amazon EC2 instance failures. You are required to accomplish this task in the most cost-effective way. Which of the following will meet your requirements? A. Spot Instances B. Reserved instances C. Dedicated instances D. On-Demand instances
A. Spot Instances
What does the command 'ec2-run-instances ami-e3a5408a -n 20 -g appserver' do? A. Start twenty instances as members of appserver group. B. Creates 20 rules in the security group named appserver C. Terminate twenty instances as members of appserver group. D. Start 20 security groups
A. Start twenty instances as members of appserver group.
Which of the following are true regarding encrypted Amazon Elastic Block Store (EBS) volumes? (Choose two.) A. Supported on all Amazon EBS volume types B. Snapshots are automatically encrypted C. Available to all instance types D. Existing volumes can be encrypted E. shared volumes can be encrypted
A. Supported on all Amazon EBS volume types B. Snapshots are automatically encrypted
Automated backups are enabled by default for a new DB Instance. A. TRUE B. FALSE
A. TRUE
The new DB Instance that is created when you promote a Read Replica retains the backup window period. A. TRUE B. FALSE
A. TRUE
When using IAM to control access to your RDS resources, the key names that can be used are case sensitive. For example, aws:CurrentTime is NOT equivalent to AWS:currenttime. A. TRUE B. FALSE
A. TRUE
Please select the most correct answer regarding the persistence of the Amazon Instance Store: A. The data on an instance store volume persists only during the life of the associated Amazon EC2 instance B. The data on an instance store volume is lost when the security group rule of the associated instance is changed. C. The data on an instance store volume persists even after associated Amazon EC2 instance is deleted
A. The data on an instance store volume persists only during the life of the associated Amazon EC2 instance
When trying to grant an amazon account access to S3 using access control lists what method of identification should you use to identify that account with? A. The email address of the account or the canonical user ID B. The AWS account number C. The ARN D. An email address with a 2FA token Submit
A. The email address of the account or the canonical user ID
You have launched an Amazon Elastic Compute Cloud (EC2) instance into a public subnet with a primary private IP address assigned, an Internet gateway is attached to the VPC, and the public route table is configured to send all Internet-based traffic to the Internet gateway. The instance security group is set to allow all outbound traffic but cannot access the internet. Why is the Internet unreachable from this instance? A. The instance does not have a public IP address. B. The internet gateway security group must allow all outbound traffic. C. The instance security group must allow all inbound traffic. D. The instance "Source/Destination check" property must be enabled.
A. The instance does not have a public IP address.
You have a load balancer configured for VPC, and all back-end Amazon EC2 instances are in service. However, your web browser times out when connecting to the load balancer's DNS name. Which options are probable causes of this behavior? (Choose two.) A. The load balancer was not configured to use a public subnet with an Internet gateway configured B. The Amazon EC2 instances do not have a dynamically allocated private IP address C. The security groups or network ACLs are not property configured for web traffic. D. The load balancer is not configured in a private subnet with a NAT instance.E. The VPC does not have a VGW configured.
A. The load balancer was not configured to use a public subnet with an Internet gateway configured C. The security groups or network ACLs are not property configured for web traffic.
If I have multiple Read Replicas for my master DB Instance and I promote one of them, what happens to the rest of the Read Replicas? A. The remaining Read Replicas will still replicate from the older master DB Instance B. The remaining Read Replicas will be deleted C. The remaining Read Replicas will be combined to one read replica
A. The remaining Read Replicas will still replicate from the older master DB Instance
Amazon S3 buckets in all other regions (other than US Standard) provide read-after-write consistency for PUTS of new objects. A. True B. False
A. True
Disabling automated backups disables the point-in-time recovery feature. A. True B. False
A. True
If I modify a DB Instance or the DB parameter group associated with the instance, I should reboot the instance for the changes to take effect? A. True B. False
A. True
It is possible to transfer a reserved instance from one Availability Zone to another. A. True B. False
A. True
Multi-AZ deployment is supported for Microsoft SQL Server DB Instances. A. True B. False
A. True
Reserved Instances are available for Multi-AZ Deployments. A. True B. False
A. True
SQL Server stores logins and passwords in the master database. A. True B. False
A. True
Using Amazon IAM, I can give permissions based on organizational groups? A. True B. False
A. True
Using SAML (Security Assertion Markup Language 2.0) you can give your federated users single sign-on (SSO) access to the AWS Management Console. A. True B. False
A. True
When creating an RDS instance you can select which availability zone in which to deploy your instance. A. True B. False
A. True
When you create new subnets within a custom VPC, by default they can communicate with each other, across availability zones. A. True B. False
A. True
You can add multiple volumes to an EC2 instance and then create your own RAID 5/RAID 10/RAID 0 configurations using those volumes. A. True B. False
A. True
You are deploying an application on EC2 that must call AWS APIs. What method of securely passing credentials to the application should you use? A. Use AWS Identity and Access Management roles for EC2 instances. B. Pass API credentials to the instance using instance userdata. C. Embed the API credentials into your JAR files. D. Store API credentials as an object in Amazon Simple Storage Service.
A. Use AWS Identity and Access Management roles for EC2 instances.
You are using an m1.small EC2 Instance with one 300 GB EBS volume to host a relational database. You determined that write throughput to the database needs to be increased. Which of the following approaches can help achieve this? Choose 2 answers A. Use an array of EBS volumes. B. Enable Multi-AZ mode. C. Place the instance in an Auto Scaling Groups D. Add an EBS volume and place into RAID 5. E. Increase the size of the EC2 Instance. F. Put the database behind an Elastic Load Balancer.
A. Use an array of EBS volumes. E. Increase the size of the EC2 Instance.
A______ is an individual, system, or application that interacts with AWS programmatically. A. User B. AWS Account C. Group D. Role
A. User
You need to pass a custom script to new Amazon Linux instances created in your Auto Scaling group. Which feature allows you to accomplish this? A. User data B. EC2Config service C. IAM roles D. AWS Config
A. User data keywords, "pass a custom script"
You try to connect via SSH to a newly created Amazon EC2 instance and get one of the following error messages: "Network error: Connection timed out" or "Error connecting to [instance], reason: -> Connection timed out: connect," You have confirmed that the network and security group rules are configured correctly and the instance is passing status checks. What steps should you take to identify the source of the behavior? Choose 2 answers A. Verify that the private key file corresponds to the Amazon EC2 key pair assigned at launch. B. Verify that your IAM user policy has permission to launch Amazon EC2 instances. C. Verify that you are connecting with the appropriate user name for your AMI. D. Verify that the Amazon EC2 Instance was launched with the proper IAM role. E. Verify that your federation trust to AWS has been established.
A. Verify that the private key file corresponds to the Amazon EC2 key pair assigned at launch. C. Verify that you are connecting with the appropriate user name for your AMI. Reason - using SSH, Network already checked
What does Amazon EC2 provide? A. Virtual servers in the Cloud. B. A platform to run code (Java, PHP, Python), paying on an hourly basis. C. Computer Clusters in the Cloud. D. Physical servers, remotely managed by the customer.
A. Virtual servers in the Cloud.
A group can contain many users. Can a user belong to multiple groups? A. Yes B. No C. Only if they are using two factor authentication D. Only in VPC
A. Yes
Can I initiate a "forced failover" for my Oracle Multi-AZ DB Instance deployment? A. Yes B. Only in certain regions C. Only in VPC D. No
A. Yes
Does Route 53 support MX Records? A. Yes B. It supports CNAME records, but not MX records. C. No D. Only Primary MX records. Secondary MX records are not supported.
A. Yes
Is the encryption of connections between my application and my DB Instance using SSL for the MySQL server engines available? A. Yes B. Only in VPC C. Only in certain regions D. No
A. Yes
Can I attach more than one policy to a particular entity? A. Yes always B. Only if within GovCloud C. No D. Only if within VPC
A. Yes always
Are you able to integrate a multi-factor token service with the AWS Platform? A. Yes, using the AWS multi-factor token devices to authenticate users on the AWS platform. B. No, you cannot integrate multi-factor token devices with the AWS platform. C. Yes, you can integrate private multi-factor token devices to authenticate users to the AWS platform.
A. Yes, using the AWS multi-factor token devices to authenticate users on the AWS platform.
Does AWS allow for the use of Multi Factor Authentication tokens? A. Yes, with both hardware or virtual MFA devices B. Yes, but only virtual MFA devices. C. Yes, but only physical (hardware) MFA devices. D. No
A. Yes, with both hardware or virtual MFA devices
After creating a new AWS account, you use the API to request 40 on-demand EC2 instances in a single AZ. After 20 successful requests, subsequent requests failed. What could be a reason for this issue, and how would you resolve it? A. You encountered a soft limit of 20 instances per region. Submit the limit increase form and retry the failed requests once approved. B. AWS allows you to provision no more than 20 instances per Availability Zone. Select a different Availability Zone and retry the failed request. C. You need to use Amazon Virtual Private Cloud (VPC) in order to provision more than 20 instances in a single Availability Zone. Simply terminate the resources already provisioned and re-launch them all in a VPC. D. You encountered an API throttling situation and should try the failed requests using an exponential decay retry algorithm.
A. You encountered a soft limit of 20 instances per region. Submit the limit increase form and retry the failed requests once approved.
My Read Replica appears "stuck" after a Multi-AZ failover and is unable to obtain or apply updates from the source DB Instance. What do I do? A. You will need to delete the Read Replica and create a new one to replace it. B. You will need to disassociate the DB Engine and re associate it. C. The instance should be deployed to Single AZ and then moved to Multi- AZ once again D. You will need to delete the DB Instance and create a new one to replace it.
A. You will need to delete the Read Replica and create a new one to replace it.
The SQL Server _____ feature is an efficient means of copying data from a source database to your DB Instance. It writes the data that you specify to a data file, such as an ASCII file. A. bulk copy B. group copy C. dual copy D. mass copy
A. bulk copy
While performing volume status checks using volume status checks, if the status is insufficient-data, if the status is 'insufficient-data', what does it mean? A. checks may still be in progress on the volume B. check has passed C. check has failed D. there is no such status
A. checks may still be in progress on the volume
If I want my instance to run on a single-tenant hardware, which value do I have to set the instance's tenancy attribute to? A. dedicated B. isolated C. one D. reserved
A. dedicated
You are hosting a website in Ireland called aloud.guru and you decide to have a static DR site available on S3 in the event that your primary site would go down. Your bucket name is also called "acloudguru". What would be the S3 URL of the static website? A. https://acloudguru.s3-website-eu-west-1.amazonaws.com B. https://s3-eu-east-1.amazonaws.com/acloudguru C. https://acloudguru.s3-website-us-east-1.amazonaws.com D. https://s3-eu-central-1.amazonaws.com/acloudguru
A. https://acloudguru.s3-website-eu-west-1.amazonaws.com
A _____ is a document that provides a formal statement of one or more permissions. A. policy B. permission C. Role D. resource
A. policy
A __________ is a document that provides a formal statement of one or more permissions. A. policy B. permission C. Role D. resource
A. policy
A/An _____ acts as a firewall that controls the traffic allowed to reach one or more instances. A. security group B. ACL C. IAM D. Private IP Addresses
A. security group
In regards to IAM you can edit user properties later, but you cannot use the console to change the _____. A. user name B. password C. default group
A. user name
In regards to IAM you can edit user properties later, but you cannot use the console to change the ___________. A. user name B. password C. default group
A. user name
You are working with a customer who is using Chef configuration management in their data center. What service is designed to let the customer leverage existing Chef recipes in AWS?
AWS OpsWorks
In the 'Detailed' monitoring data available for your Amazon EBS volumes, Provisioned IOPS volumes automatically send _____ minute metrics to Amazon CloudWatch. A. 3 B. 1 C. 5 D. 2
B. 1
What is the maximum response time for a Business level Premium Support case? A. 120 seconds B. 1 hour C. 10 minutes D. 12 hours
B. 1 hour
Which procedure for backing up a relational database on EC2 that is using a set of RAlDed EBS volumes for storage minimizes the time during which the database cannot be written to and results in a consistent backup? A. 1. Detach EBS volumes, 2. Start EBS snapshot of volumes, 3. Re-attach EBS volumes B. 1. Stop the EC2 Instance. 2. Snapshot the EBS volumes C. 1. Suspend disk I/O, 2. Create an image of the EC2 Instance, 3. Resume disk I/O D. 1. Suspend disk I/O, 2. Start EBS snapshot of volumes, 3. Resume disk I/O E. 1. Suspend disk I/O, 2. Start EBS snapshot of volumes, 3. Wait for snapshots to complete, 4. Resume disk I/O
B. 1. Stop the EC2 Instance. 2. Snapshot the EBS volumes 'D' won't work because the volume is RAIDed. Instance must be fully stopped and cache flushed.
You can modify the backup retention period for AWS RDS. Valid values are 0 (for no backup retention) to a maximum of _____ days. A. 45 B. 35 C. 15 D. 5
B. 35
You can modify the backup retention period for RDS; valid values are 0 (for no backup retention) to a maximum of ___________ days. A. 45 B. 35 C. 15 D. 5
B. 35
What is a placement group? A. A collection of Auto Scaling groups in the same region B. A feature that enables EC2 instances to interact with each other via high bandwidth, low latency connections C. A collection of authorized CloudFront edge locations for a distribution D. A collection of Elastic Load Balancers in the same Region or Availability Zone
B. A feature that enables EC2 instances to interact with each other via high bandwidth, low latency connections
What is Oracle SQL Developer? A. An AWS developer who is an expert in Amazon RDS using both the Oracle and SQL Server DB engines B. A graphical Java tool distributed without cost by Oracle. C. It is a variant of the SQL Server Management Studio designed by Microsoft to support Oracle DBMS functionalities D. A different DBMS released by Microsoft free of cost
B. A graphical Java tool distributed without cost by Oracle.
Which service enables AWS customers to manage users and permissions in AWS? A. AWS Access Control Service (ACS) B. AWS Identity and Access Management (IAM) C. AWS Identity Manager (AIM) D. AWS Security Groups
B. AWS Identity and Access Management (IAM)
Which of the following will occur when an EC2 instance in a VPC with an associated Elastic IP is stopped and started? (Choose 2 answers) A. The Elastic IP will be dissociated from the instance B. All data on instance-store devices will be lost C. All data on EBS (Elastic Block Store) devices will be lost D. The ENI (Elastic Network Interface) is detached E. The underlying host for the instance is changed
B. All data on instance-store devices will be lost E. The underlying host for the instance is changed
A company needs to monitor the read and write IOPs metrics for their AWS MySQL RDS instance and send real-time alerts to their operations team. Which AWS services can accomplish this? (Choose two.) A. Amazon Simple Email Service B. Amazon CloudWatch C. Amazon Simple Queue Service D. Amazon Route 53 E. Amazon Simple Notification Service
B. Amazon CloudWatch E. Amazon Simple Notification Service
If I want to run a database in an Amazon instance, which is the most recommended Amazon storage option? A. Amazon Instance Storage B. Amazon EBS C. You can't run a database inside an Amazon instance. D. Amazon S3
B. Amazon EBS
_____ is a durable, block-level storage volume that you can attach to a single, running Amazon EC2 instance. A. Amazon S3 B. Amazon EBS C. Amazon EFS D. All of these
B. Amazon EBS
When using the following AWS services, which should be implemented in multiple Availability Zones for high availability solutions? Choose 2 A. Amazon DynamoDB B. Amazon Elastic Compute Cloud (EC2) C. Amazon Elastic Load Balancing D. Amazon Simple Notification Service (SNS) E. Amazon Simple Storage Service (S3)
B. Amazon Elastic Compute Cloud (EC2) C. Amazon Elastic Load Balancing
Which services allow the customer to retain full administrative privileges of the underlying EC2 instances? (Choose two.) A. Amazon Relational Database Service B. Amazon Elastic Map Reduce C. Amazon ElastiCache D. Amazon DynamoDB E. AWS Elastic Beanstalk
B. Amazon Elastic Map Reduce E. AWS Elastic Beanstalk
A company is deploying a new two-tier web application in AWS. The company has limited staff and requires high availability, and the application requires complex queries and table joins. Which configuration provides the solution for the company's requirements? A. MySQL Installed on two Amazon EC2 Instances in a single Availability Zone B. Amazon RDS for MySQL with Multi-AZ C. Amazon ElastiCache D. Amazon DynamoDB
B. Amazon RDS for MySQL with Multi-AZ
You are developing a highly available web application using stateless web servers. Which services are suitable for storing session state data? Choose 3 answers A. Amazon CloudWatch B. Amazon Relational Database Service (RDS) C. Elastic Load Balancing D. Amazon ElastiCache E. AWS Storage Gateway F. Amazon DynamoDB
B. Amazon Relational Database Service (RDS) D. Amazon ElastiCache F. Amazon DynamoDB
What happens when you create a topic on Amazon SNS? A. The topic is created, and it has the name you specified for it. B. An ARN (Amazon Resource Name) is created. C. You can create a topic on Amazon SQS, not on Amazon SNS. D. This question doesn't make sense.
B. An ARN (Amazon Resource Name) is created.
What does Amazon Elastic Beanstalk provide? A. A scalable storage appliance on top of Amazon Web Services. B. An application container on top of Amazon Web Services. C. A service by this name doesn't exist. D. A scalable cluster of EC2 instances.
B. An application container on top of Amazon Web Services.
You have developed a new web application in us-west-2 that requires six Amazon Elastic Compute Cloud (EC2) instances running at all times. You have three availability zones available in that region (us-west-2a, us-west-2b, and us-west-2c). You need 100 percent fault tolerance if any single Availability Zone in us-west-2 becomes unavailable. How would you do this, each answer has 2 answers, select the answer with BOTH correct answers. A. Answer 1 - Us-west-2a with two EC2 instances, us-west-2b with two EC2 instances, and us-west-2c with two EC2 instances. Answer 2 - Us-west-2a with six EC2 instances, us-west-2b with six EC2 instances, and us-west-2c with no EC2 instances B. Answer 1 - Us-west-2a with six EC2 instances, us-west-2b with six EC2 instances, and us-west-2c with no EC2 instances. Answer 2 - Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with three EC2 instances. C. Answer 1 - Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with no EC2 instances. Answer 2 - Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with three EC2 instances. D. Answer 1 - Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with three EC2 instances. Answer 2 - Us-west-2a with four EC2 instances, us-west-2b with two EC2 instances, and us-west-2c with two EC2 instances.
B. Answer 1 - Us-west-2a with six EC2 instances, us-west-2b with six EC2 instances, and us-west-2c with no EC2 instances. Answer 2 - Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with three EC2 instances.
You work for a famous bakery who are deploying a hybrid cloud approach. Their legacy IBM AS400 servers will remain on premise within their own datacenter however they will need to be able to communicate to the AWS environment over a site to site VPN connection. What do you need to do to establish the VPN connection? A. Connect to the environment using AWS Direct Connect. B. Assign a public IP address to your Amazon VPG (Virtual Private Gateway). C. Create a dedicated NAT and deploy this to the public subnet. D. Update your route table to add a route for the NAT to 0.0.0.0/0.
B. Assign a public IP address to your Amazon VPG (Virtual Private Gateway).
A company is building software on AWS that requires access to various AWS services. Which configuration should be used to ensure mat AWS credentials (i.e., Access Key ID/Secret Access Key combination) are not compromised? A. Enable Multi-Factor Authentication for your AWS root account. B. Assign an IAM role to the Amazon EC2 instance. C. Store the AWS Access Key ID/Secret Access Key combination in software comments. D. Assign an IAM user to the Amazon EC2 Instance.
B. Assign an IAM role to the Amazon EC2 instance.
You work for a construction company that has their production environment in AWS. The production environment consists of 3 identical web servers that are launched from a standard Amazon linux AMI using Auto Scaling. The web servers are launched in to the same public subnet and belong to the same security group. They also sit behind the same ELB. You decide to do some test and dev and you launch a 4th EC2 instance in to the same subnet and same security group. Annoyingly your 4th instance does not appear to have internet connectivity. What could be the cause of this? A. You need to update your routing table so as to provide a route out for this instance. B. Assign an elastic IP address to the fourth instance. C. You have not configured a NAT in the public subnet. D. You have not configured a routable IP address in the host OS of the fourth instance.
B. Assign an elastic IP address to the fourth instance.
A company needs to deploy services to an AWS region which they have not previously used. The company currently has an AWS identity and Access Management (IAM) role for the Amazon EC2 instances, which permits the instance to have access to Amazon DynamoDB. The company wants their EC2 instances in the new region to have the same privileges. How should the company achieve this? A. Create a new IAM role and associated policies within the new region B. Assign the existing IAM role to the Amazon EC2 instances in the new region C. Copy the IAM role and associated policies to the new region and attach it to the instances D. Create an Amazon Machine Image (AMI) of the instance and copy it to the desired region using the AMI Copy feature
B. Assign the existing IAM role to the Amazon EC2 instances in the new region
What are the two types of licensing options available for using Amazon RDS for Oracle? A. BYOL and Enterprise License B. BYOL and License Included C. Enterprise License and License Included D. Role based License and License Included
B. BYOL and License Included
How can I change the security group membership for interfaces owned by other AWS services, such as Elastic Load Balancing? A. using all these methods B. By using the service specific console or API\CLI commands C. None of these D. Using Amazon EC2 API/CLI
B. By using the service specific console or API\CLI commands
If you have chosen Multi-AZ deployment, in the event of an outage of your primary DB Instance, Amazon RDS automatically switches to the standby replica. The automatic failover mechanism simply changes the ______ record of the main DB Instance to point to the standby DB Instance. A. DNAME B. CNAME C. TXT D. MX
B. CNAME
A customer's nightly EMR job processes a single 2-TB data file stored on Amazon Simple Storage Service (S3). The EMR job runs on two On-Demand core nodes and three On-Demand task nodes. Which of the following may help reduce the EMR job completion time? Choose 2 answers A. Use three Spot Instances rather than three On-Demand instances for the task nodes. B. Change the input split size in the MapReduce job configuration. C. Use a bootstrap action to present the S3 bucket as a local filesystem. D. Launch the core nodes and task nodes within an Amazon Virtual Cloud. E. Adjust the number of simultaneous mapper tasks. F. Enable termination protection for the job flow.
B. Change the input split size in the MapReduce job configuration. E. Adjust the number of simultaneous mapper tasks.
What are the Amazon EC2 API tools? A. They don't exist. The Amazon EC2 AMI tools, instead, are used to manage permissions. B. Command-line tools to the Amazon EC2 web service. C. They are a set of graphical tools to manage EC2 instances. D. They don't exist. The Amazon API tools are a client interface to Amazon Web Services.
B. Command-line tools to the Amazon EC2 web service.
An existing application stores sensitive information on a non-boot Amazon EBS data volume attached to an Amazon Elastic Compute Cloud instance. Which of the following approaches would protect the sensitive data on an Amazon EBS volume? A. Upload your customer keys to AWS CloudHSM. Associate the Amazon EBS volume with AWS CloudHSM. Re-mount the Amazon EBS volume. B. Create and mount a new, encrypted Amazon EBS volume. Move the data to the new volume. Delete the oldAmazon EBS volume. C. Unmount the EBS volume. Toggle the encryption attribute to True. Re-mount the Amazon EBS volume. D. Snapshot the current Amazon EBS volume. Restore the snapshot to a new, encrypted Amazon EBS volume. Mount the Amazon EBS volume
B. Create and mount a new, encrypted Amazon EBS volume. Move the data to the new volume. Delete the oldAmazon EBS volume.
You run a website which hosts videos and you have two types of members, premium fee paying members and free members. All videos uploaded by both your premium members and free members are processed by a fleet of EC2 instances which will poll SQS as videos are uploaded. However you need to ensure that your premium fee paying members videos have a higher priority than your free members. How do you design SQS? A. SQS allows you to set priorities on individual items within the queue, so simply set the fee paying members at a higher priority than your free members. B. Create two SQS queues, one for premium members and one for free members. Program your EC2 fleet to poll the premium queue first and if empty, to then poll your free members SQS queue. C. SQS would not be suitable for this scenario. It would be much better to use SNS to encode the videos. Submit
B. Create two SQS queues, one for premium members and one for free members. Program your EC2 fleet to poll the premium queue first and if empty, to then poll your free members SQS queue.
What does ec2-create-group do with respect to the Amazon EC2 security groups? A. Creates a new rule inside the security group. B. Creates a new security group for use with your account. C. Creates a new group inside the security group. D. Groups the user created security groups in to a new group for easy access.
B. Creates a new security group for use with your account.
What does the ec2-create-group command do with respect to the Amazon EC2 security groups? A. Groups the user created security groups in to a new group for easy access. B. Creates a new security group for use with your account. C. Creates a new group inside the security group. D. Creates a new rule inside the security group.
B. Creates a new security group for use with your account.
What happens to the data on an instance if the instance reboots (intentionally or unintentionally)? A. Data will be lost B. Data persists C. Data may persist however cannot be sure
B. Data persists If stops, Instance store will lose data.
Which is an operational process performed by AWS for data security? A. AES-256 encryption of data stored on any shared storage device B. Decommissioning of storage devices using industry-standard practices C. Background virus scans of EBS volumes and EBS snapshots D. Replication of data across multiple AWS Regions E. Secure wiping of EBS data when an EBS volume is unmounted
B. Decommissioning of storage devices using industry-standard practices
IAM's Policy Evaluation Logic always starts with a default ____________ for every request, except for those that use the AWS account's root security credentials. A. Permit B. Deny C. Cancel
B. Deny
You working in the media industry and you have created a web application where users will be able to upload photos they create to your website. This web application must be able to call the S3 API in order to be able to function. Where should you store your API credentials whilst maintaining the maximum level of security. A. Save the API credentials to your php files. B. Don't save your API credentials. Instead create a role in IAM and assign this role to an EC2 instance when you first create it. C. Save your API credentials in a public Github repository. D. Pass API credentials to the instance using instance userdata.
B. Don't save your API credentials. Instead create a role in IAM and assign this role to an EC2 instance when you first create it.
Which of the following are characteristics of Amazon VPC subnets? (Choose two.) A. Each subnet spans at least 2 Availability Zones to provide a high-availability environment. B. Each subnet maps to a single Availability Zone. C. CIDR block mask of/25 is the smallest range supported. D. By default, all subnets can route between each other, whether they are private or public. E. Instances in a private subnet can communicate with the Internet only if they have an Elastic IP.
B. Each subnet maps to a single Availability Zone. D. By default, all subnets can route between each other, whether they are private or public.
Which of the following services allows you root access (i.e. you can login using SSH)? A. Elastic Load Balancer B. Elastic Map Reduce C. Elasticache D. RDS
B. Elastic Map Reduce
A customer needs corporate IT governance and cost oversight of all AWS resources consumed by its divisions. The divisions want to maintain administrative control of the discrete AWS resources they consume and keep those resources separate from the resources of other divisions. Which of the following options, when used together will support the autonomy/control of divisions while enabling corporate IT to maintain governance and cost oversight? (Choose two.) A. Use AWS Consolidated Billing and disable AWS root account access for the child accounts. B. Enable IAM cross-account access for all corporate IT administrators in each child account. C. Create separate VPCs for each division within the corporate IT AWS account. D. Use AWS Consolidated Billing to link the divisions' accounts to a parent corporate account. E. Write all child AWS CloudTrail and Amazon CloudWatch logs to each child account's Amazon S3 'Log' bucket.
B. Enable IAM cross-account access for all corporate IT administrators in each child account. D. Use AWS Consolidated Billing to link the divisions' accounts to a parent corporate account.
You are a solutions architect working for a biotech company who is pioneering research in immunotherapy. They have developed a new cancer treatment that may be able to cure up to 94% of cancers. They store their research data on S3, however recently an intern accidentally deleted some critical files. You've been asked to prevent this from happening in the future. What options below can prevent this? A. Make sure the interns can only access data on S3 using signed URLs. B. Enable S3 versioning on the bucket & enable Enable Multifactor Authentication (MFA) on the bucket. C. Use S3 Infrequently Accessed storage to store the data on. D. Create an IAM bucket policy that disables deletes. Submit
B. Enable S3 versioning on the bucket & enable Enable Multifactor Authentication (MFA) on the bucket.
A customer needs to capture all client connection information from their load balancer every five minutes. The company wants to use this data for analyzing traffic patterns and troubleshooting their applications. Which of the following options meets the customer requirements? A. Enable AWS CloudTrail for the load balancer. B. Enable access logs on the load balancer. C. Install the Amazon CloudWatch Logs agent on the load balancer. D. Enable Amazon CloudWatch metrics on the load balancer.
B. Enable access logs on the load balancer.
You have multiple Amazon EC2 instances running in a cluster across multiple Availability Zones within the same region. What combination of the following should be used to ensure the highest network performance (packets per second), lowest latency, and lowest jitter? (Choose three.) A. Amazon EC2 placement groups B. Enhanced networking C. Amazon PV AMI D. Amazon HVM AMI E. Amazon Linux F. Amazon VPC
B. Enhanced networking D. Amazon HVM AMI F. Amazon VPC
Amazon Web Services offer 3 different levels of support, which of the below are valid support levels. A. Corporate, Business, Developer B. Enterprise, Business, Developer C. Enterprise, Business, Free Tier D. Enterprise, Company, Free Tier
B. Enterprise, Business, Developer
Typically, you want your application to check whether a request generated an error before you spend any time processing results. The easiest way to find out if an error occurred is to look for an ______ node in the response from the Amazon RDS API. A. Incorrect B. Error C. FALSE
B. Error
A company has configured and peered two VPCs: VPC-1 and VPC-2. VPC-1 contains only private subnets, and VPC-2 contains only public subnets. The company uses a single AWS Direct Connect connection and private virtual interface to connect their on-premises network with VPC-1. Which two methods increases the fault tolerance of the connection to VPC-1? (Choose two.) A. Establish a hardware VPN over the internet between VPC-2 and the on-premises network. B. Establish a hardware VPN over the internet between VPC-1 and the on-premises network. C. Establish a new AWS Direct Connect connection and private virtual interface in the same region as VPC-2. D. Establish a new AWS Direct Connect connection and private virtual interface in a different AWS region than VPC-1. E. Establish a new AWS Direct Connect connection and private virtual interface in the same AWS region as VPC-1
B. Establish a hardware VPN over the internet between VPC-1 and the on-premises network. E. Establish a new AWS Direct Connect connection and private virtual interface in the same AWS region as VPC-1
True or False: Manually created DB Snapshots are deleted after the DB Instance is deleted. A. TRUE B. FALSE
B. FALSE
Amazon S3 buckets in all other regions (other than US Standard) do not provide eventual consistency for overwrite PUTS and DELETES. A. True B. False
B. False
Amazon S3 buckets in the US Standard region do not provide eventual consistency. A. True B. False
B. False
New database versions will automatically be applied to AWS RDS instances as they become available. A. True B. False
B. False
Placement Groups can be created across 2 or more Availability Zones. A. True B. False
B. False
You can have 1 subnet stretched across multiple availability zones. A. True B. False
B. False
You can select a specific Availability Zone in which to place your DynamoDB Table A. True B. False
B. False
In Amazon CloudWatch, which metric should I be checking to ensure that your DB Instance has enough free storage space? A. FreeStorage B. FreeStorageSpace C. FreeStorageVolume D. FreeDBStorageSpace
B. FreeStorageSpace
Which of the following cannot be used in EC2 to control who has access to specific EC2 instances? A. Security Groups B. IAM System C. SSH keys D. Windows passwords
B. IAM System
When should I choose Provisioned IOPS over Standard RDS storage? A. If you have batch-oriented workloads B. If you use production online transaction processing (OLTP) workloads. C. If you have workloads that are not sensitive to consistent performance D. If you infrequently read or write to the drive.
B. If you use production online transaction processing (OLTP) workloads.
You are a security architect working for a large antivirus company. The production environment has recently been moved to AWS and is in a public subnet. You are able to view the production environment over HTTP however when your customers try to update their virus definition files over a custom port, that port is blocked. You log in to the console and you allow traffic in over the custom port. How long will this take to take effect? A. Straight away but to the new instances only. B. Immediately. C. After a few minutes this should take effect. D. Straight away to the new instances, but old instances must be stopped and restarted before the new rules apply.
B. Immediately.
How are the EBS snapshots saved on Amazon S3? A. Exponentially B. Incrementally C. EBS snapshots are not stored in the Amazon S3 D. Decrementally
B. Incrementally
Amazon RDS automated backups and DB Snapshots are currently supported for only the ______ storage engine. A. MyISAM B. InnoDB
B. InnoDB
For which of the following use cases are Simple Workflow Service (SWF) and Amazon EC2 an appropriate solution? (Choose two.) A. Using as an endpoint to collect thousands of data points per hour from a distributed fleet of sensors B. Managing a multi-step and multi-decision checkout process of an e-commerce website C. Orchestrating the execution of distributed and auditable business processes D. Using as an SNS (Simple Notification Service) endpoint to trigger execution of video transcoding jobs E. Using as a distributed session store for your web application
B. Managing a multi-step and multi-decision checkout process of an e-commerce website C. Orchestrating the execution of distributed and auditable business processes
Which of the following are use cases for Amazon DynamoDB? (Choose three) A. Storing BLOB data. B. Managing web sessions. C. Storing JSON documents. D. Storing metadata for Amazon S3 objects. E. Running relational joins and complex updates. F. Storing large amounts of infrequently accessed data.
B. Managing web sessions. C. Storing JSON documents. D. Storing metadata for Amazon S3 objects.
You are a systems administrator and you need to monitor the health of your production environment. You decide to do this using Cloud Watch, however you notice that you cannot see the health of every important metric in the default dash board. Which of the following metrics do you need to design a custom cloud watch metric for, when monitoring the health of your EC2 instances? A. CPU Usage B. Memory usage C. Disk read operations D. Network in E. Estimated charges
B. Memory usage
Can I detach the primary (eth0) network interface when the instance is running or stopped? A. Yes B. No C. Depends on the state of the interface at the time
B. No
Can we attach an EBS volume to more than one EC2 instance at the same time? A. Yes B. No C. Only EC2-optimized EBS volumes. D. Only in read mode.
B. No
Does Amazon RDS allow direct host access via Telnet, Secure Shell (SSH), or Windows Remote Desktop Connection? A. Yes B. No C. Depends on if it is in VPC or not
B. No
If an Amazon EBS volume is the root device of an instance, can I detach it without stopping the instance? A. Yes but only if Windows instance B. No C. Yes D. Yes but only if a Linux instance
B. No
Is Federated Storage Engine currently supported by Amazon RDS for MySQL? A. Only for Oracle RDS instances B. No C. Yes D. Only in VPC
B. No
What is the minimum charge for the data transferred between Amazon RDS and Amazon EC2 Instances in the same Availability Zone? A. USD 0.10 per GB B. No charge. It is free. C. USD 0.02 per GB D. USD 0.01 per GB
B. No charge. It is free.
What are the different types of virtualization available on EC2? A. Pseudo-Virtual (PV) & Hardware Virtual Module (HSM) B. Para-Virtual (PV) & Hardware Virtual Machine (HVM) C. Pseudo-Virtual (PV) & Hardware Virtual Machine (HVM) D. Para-Virtual (PV) & Hardware Virtual Module (HSM) Submit
B. Para-Virtual (PV) & Hardware Virtual Machine (HVM)
What does Amazon RDS stand for? A. Regional Data Server. B. Relational Database Service. C. Nothing. D. Regional Database Service.
B. Relational Database Service.
Select the most correct answer: The device name /dev/sda1 (within Amazon EC2 ) is _____ A. Possible for EBS volumes B. Reserved for the root device C. Recommended for EBS volumes D. Recommended for instance store volumes
B. Reserved for the root device
You have an EC2 instance which needs to find out both its private IP address and its public IP address. To do this you need to; A. Run IPCONFIG (Windows) or IFCONFIG (Linux) B. Retrieve the instance Metadata from http://169.254.169.254/latest/meta-data/ C. Retrieve the instance Userdata from http://169.254.169.254/latest/meta-data/ D. Use the following command; AWS EC2 displayIP
B. Retrieve the instance Metadata from http://169.254.169.254/latest/meta-data/
You work for a major news network in Europe. They have just released a new app which allows users to report on events as and when they happen using their mobile phone. Users are able to upload pictures from the app and then other users will be able to view these pics. Your organization expects this app to grow very quickly, essentially doubling it's user base every month. The app uses S3 to store the media and you are expecting sudden and large increases in traffic to S3 when a major news event takes place (as people will be uploading content in huge numbers). You need to keep your storage costs to a minimum however and it does not matter if some objects are lost. Which storage media should you use to keep costs as low as possible? A. S3 - Infrequently Accessed Storage. B. S3 - Reduced Redundancy Storage (RRS). C. Glacier. D. S3 - Provisioned IOPS.
B. S3 - Reduced Redundancy Storage (RRS).
Which of the following is NOT a valid SNS subscribers? A. Lambda B. SWF C. SQS D. Email E. HTTPS F. SMS
B. SWF
Select the correct set of steps for exposing the snapshot only to specific AWS accounts: A. Select public for all the accounts and check mark those accounts with whom you want to expose the snapshots and click save. B. SelectPrivate, enter the IDs of those AWS accounts, and clickSave. C. SelectPublic, enter the IDs of those AWS accounts, and clickSave. D. SelectPublic, mark the IDs of those AWS accounts as private, and clickSave.
B. SelectPrivate, enter the IDs of those AWS accounts, and clickSave.
What does Amazon SES stand for? A. Simple Elastic Server. B. Simple Email Service. C. Software Email Solution. D. Software Enabled Server.
B. Simple Email Service.
What does Amazon SWF stand for? A. Simple Web Flow B. Simple Work Flow C. Simple Wireless Forms D. Simple Web Form
B. Simple Work Flow
You have a video transcoding application running on Amazon EC2. Each instance polls a queue to find out which video should be transcoded, and then runs a transcoding process. If this process is interrupted, the video will be transcoded by another instance based on the queuing system. You have a large backlog of videos which need to be transcoded and would like to reduce this backlog by adding more instances. You will need these instances only until the backlog is reduced. Which type of Amazon EC2 instances should you use to reduce the backlog in the most cost efficient way? A. Reserved instances B. Spot instances C. Dedicated instances D. On-demand instances
B. Spot Instances
You are a solutions architect working for a company that specializes in ingesting large data feeds (using Kinesis) and then analyzing these feeds using Elastic Map Reduce (EMR). The results are then stored on a custom MySQL database which is hosted on an EC2 instance which has 3 volumes, the root/boot volume, and then 2 additional volumes which are striped in to a RAID 1. Your company recently had an outage and lost some key data and have since decided that they will need to run nightly back ups. Your application is only used during office hours, so you can afford to have some down time in the middle of the night if required. You decide to take a snapshot of all three volumes every 24 hours. In what manner should you do this? A. Take a snapshot of each volume independently, while the EC2 instance is running. B. Stop the EC2 instance and take a snapshot of each EC2 instance independently. Once the snapshots are complete, start the EC2 instance and ensure that all relevant volumes are remounted. C. Add two additional volumes to the existing RAID 0 volume and mirror these volumes creating a RAID 10. Take a snap of only the two new volumes. D. Create a read replica of the existing EC2 instance and then take your snapshots from the read replica and not the live EC2 instance.
B. Stop the EC2 instance and take a snapshot of each EC2 instance independently. Once the snapshots are complete, start the EC2 instance and ensure that all relevant volumes are remounted.
Before I delete an EBS volume, what can I do if I want to recreate the volume later? A. Create a copy of the EBS volume (not a snapshot) B. Store a snapshot of the volume C. Download the content to an EC2 instance D. Back up the data in to a physical disk
B. Store a snapshot of the volume
You are designing a site for a new start up which generates cartoon images for people automatically. Customers will log on to the site, upload an image which is stored in S3. The application then passes a job to AWS SQS and a fleet of EC2 instances poll the queue to receive new processing jobs. These EC2 instances will then turn the picture in to a cartoon and will then need to store the processed job somewhere. Users will typically download the image once (immediately), and then never download the image again. What is the most commercially feasible method to store the processed images? A. Rather than use S3, store the images inside a BLOB on RDS with Multi-AZ configured for redundancy. B. Store the images on S3 RRS, and create a lifecycle policy to delete the image after 24 hours. C. Store the images on glacier instead of S3. D. Use elastic block storage volumes to store the images.
B. Store the images on S3 RRS, and create a lifecycle policy to delete the image after 24 hours.
If you add a tag that has the same key as an existing tag on a DB Instance, the new value overwrites the old value. A. FALSE B. TRUE
B. TRUE
True or False: When you perform a restore operation to a point in time or from a DB Snapshot, a new DB Instance is created with a new endpoint. A. FALSE B. TRUE
B. TRUE
When you add a rule to a DB security group, you do not need to specify port number or protocol. A. Depends on the RDMS used B. TRUE C. FALSE
B. TRUE
When you perform a restore operation to a point in time or from a DB Snapshot, a new DB Instance is created with a new endpoint. A. FALSE B. TRUE
B. TRUE
When you use the AWS Management Console to delete an IAM user, IAM also deletes any signing certificates and any access keys belonging to the user. A. FALSE B. TRUE
B. TRUE
Without IAM, you cannot control the tasks a particular user or system can do and what AWS resources they might use. A. FALSE B. TRUE
B. TRUE
You are charged for the IOPS and storage whether or not you use them in a given month? A. FALSE B. TRUE
B. TRUE
By default, what happens to ENIs that are automatically created and attached to EC2 instances when the attached instance terminates? A. Remain as is B. Terminate C. Hibernate D. Pause
B. Terminate
An instance is launched into a VPC subnet with the network ACL configured to allow all inbound traffic and deny all outbound traffic. The instance's security group is configured to allow SSH from any IP address and deny all outbound traffic. What changes need to be made to allow SSH access to the instance? A. The outbound security group needs to be modified to allow outbound traffic. B. The outbound network ACL needs to be modified to allow outbound traffic. C. Nothing, it can be accessed from any IP address using SSH. D. Both the outbound security group and outbound network ACL need to be modified to allow outbound traffic.
B. The outbound network ACL needs to be modified to allow outbound traffic.
Amazon S3 provides; A. Unlimited File Size for Objects B. Unlimited Storage C. A great place to run a No SQL database from D. The ability to act as a web server for dynamic content (i.e. can query a database)
B. Unlimited Storage
You have an application running on an Amazon Elastic Compute Cloud instance, that uploads 5 GB video objects to Amazon Simple Storage Service (S3). Video uploads are taking longer than expected, resulting in poor application performance. Which method will help improve performance of your application? A. Enable enhanced networking B. Use Amazon S3 multipart upload C. Leveraging Amazon CloudFront, use the HTTP POST method to reduce latency. D. Use Amazon Elastic Block Store Provisioned IOPs and use an Amazon EBS-optimized instance
B. Use Amazon S3 multipart upload
A company needs to deploy virtual desktops to its customers in a virtual private cloud, leveraging existing security controls. Which set of AWS services and features will meet the company's requirements? A. Virtual Private Network connection. AWS Directory Services, and ClassicLink B. Virtual Private Network connection. AWS Directory Services, and Amazon Workspaces C. AWS Directory Service, Amazon Workspaces, and AWS Identity and Access Management D. Amazon Elastic Compute Cloud, and AWS Identity and Access Management
B. Virtual Private Network connection. AWS Directory Services, and Amazon Workspaces
After an Amazon EC2-VPC instance is launched, can I change the VPC security groups it belongs to? A. No B. Yes C. Only if you are the root user D. Only if the tag "VPC_Change_Group" is true
B. Yes
After an EC2-VPC instance is launched, can I change the VPC security groups it belongs to? A. Only if the tag "VPC_Change_Group" is true B. Yes C. No D. Only if the tag "VPC Change Group" is true
B. Yes
Can I encrypt connections between my application and my DB Instance using SSL? A. No B. Yes C. Only in VPC D. Only in certain regions
B. Yes
Do the Amazon EBS volumes persist independently from the running life of an Amazon EC2 instance? A. Only if instructed to when created B. Yes C. No
B. Yes
If I modify a DB Instance or the DB parameter group associated with the instance, should I reboot the instance for the changes to take effect? A. No B. Yes
B. Yes
Will I be charged if the DB instance is idle? A. No B. Yes C. Only is running in GovCloud D. Only if running in VPC
B. Yes
Will my standby RDS instance be in the same Region as my primary? A. Only for Oracle RDS types B. Yes C. Only if configured at launch D. No
B. Yes
Is it possible to access your EBS snapshots? A. Yes, through the Amazon S3 APIs. B. Yes, through the Amazon EC2 APIs. C. No, EBS snapshots cannot be accessed; they can only be used to create a new EBS volume. D. EBS doesn't provide snapshots.
B. Yes, through the Amazon EC2 APIs.
After an Amazon VPC instance is launched, can I change the VPC security groups it belongs to? A. No. You cannot. B. Yes. You can. C. Only if you are the root user D. Only if the tag "VPC_Change_Group" is true
B. Yes. You can.
Which statements are true about Amazon Route 53? (Choose 2 answers) A. Amazon Route 53 is a region-level service B. You can register your domain name C. Amazon Route 53 can perform health checks and failovers to a backup site in the even of the primary site failure D. Amazon Route 53 only supports Latency-based routing
B. You can register your domain name C. Amazon Route 53 can perform health checks and failovers to a backup site in the even of the primary site failure
A startup company hired you to help them build a mobile application, that will ultimately store billions of images and videos in S3. The company is lean on funding, and wants to minimize operational costs, however, they have an aggressive marketing plan, and expect to double their current installation base every six months. Due to the nature of their business, they are expecting sudden and large increases in traffic to and from S3, and need to ensure that it can handle the performance needs of their application. What other information must you gather from this customer in order to determine whether S3 is the right option? A. You must know how many customers the company has today, because this is critical in understanding what their customer base will be in two years. B. You must find out the total number of requests per second at peak usage. C. You must know the size of the individual objects being written to S3, in order to properly design the key namespace. D. In order to build the key namespace correctly, you must understand the total amount of storage needs for each S3 bucket.
B. You must find out the total number of requests per second at peak usage.
You work in the genomics industry and you process large amounts of genomic data using a nightly Elastic Map Reduce (EMR) job. This job processes a single 3 Tb file which is stored on S3. The EMR job runs on 3 on-demand core nodes and four on-demand task nodes. The EMR job is now taking longer than anticipated and you have been asked to advise how to reduced the completion time? A. Use four Spot Instances for the task nodes rather than four On-Demand instances. B. You should reduce the input split size in the MapReduce job configuration and then adjust the number of simultaneous mapper tasks so that more tasks can be processed at once. C. Store the file on Elastic File Service instead of S3 and then mount EFS as an independent volume for your core nodes. D. Configure an independent VPC in which to run the EMR jobs and then mount EFS as an independent volume for your core nodes. E. Enable termination protection for the job flow.
B. You should reduce the input split size in the MapReduce job configuration and then adjust the number of simultaneous mapper tasks so that more tasks can be processed at once.
Location of Instances are _____ A. Regional B. based on Availability Zone C. Global
B. based on Availability Zone
Security Groups can't _____. A. be nested more than 3 levels B. be nested at all C. be nested more than 4 levels D. be nested more than 2 levels
B. be nested at all
Amazon S3 doesn't automatically give a user who creates a _____ permission to perform other actions on that bucket or object. Therefore, in your IAM policies, you must explicitly give users permission to use the Amazon S3 resources they create. A. file B. bucket or object C. bucket or file D. object or file
B. bucket or object
Amazon Glacier is designed for: (Choose 2 answers) A. active database storage. B. infrequently accessed data. C. data archives. D. frequently accessed data. E. cached session data.
B. infrequently accessed data. C. data archives.
What is the command line instruction for running the remote desktop client in Windows? A. desk.cpl B. mstsc
B. mstsc
Every user you create in the IAM system starts with ______. A. full permissions B. no permissions C. partial permissions
B. no permissions
If I scale the storage capacity provisioned to my DB Instance by mid of a billing month, how will I be charged? A. you will be charged for the highest storage capacity you have used B. on a proration basis C. you will be charged for the lowest storage capacity you have used
B. on a proration basis
Fill in the blanks: "To ensure failover capabilities, consider using a _____ for incoming traffic on a network interface". A. primary public IP B. secondary private IP C. secondary public IP D. add on secondary IP
B. secondary private IP
If your DB instance runs out of storage space or file system resources, its status will change to _____ and your DB Instance will no longer be available. A. storage-overflow B. storage-full C. storage-exceed D. storage-overage
B. storage-full
Which is the default region in AWS? A. eu-west-1 B. us-east-1 C. us-east-2 D. ap-southeast-1
B. us-east-1
In the 'Detailed' monitoring data available for your Amazon EBS volumes, Provisioned IOPS volumes automatically send _____ minute metrics to Amazon CloudWatch. A. 5 B. 2 C. 1 D. 3
C. 1
You must assign each server to at least _____ security group? A. 4 B. 3 C. 1 D. 2
C. 1
What is the maximum groups an IAM user be a member of? A. 20 B. 5 C. 10 D. 15
C. 10
What is the default per account limit of Elastic IPs? A. 1 B. 3 C. 5 D. 0
C. 5
What does a "Domain" refer to in Amazon SWF? A. A security group in which only tasks inside can communicate with each other B. A special type of worker C. A collection of related Workflows D. The DNS record for the Amazon SWF service
C. A collection of related Workflows
What is Amazon Glacier? A. It's a security tool that allows to "freeze" an EC2 instance and perform computer forensics on it. B. A security tool that allows to "freeze" an EBS volume and perform computer forensics on it. C. A low-cost storage service that provides secure and durable storage for data archiving and backup. D. You mean Amazon "Iceberg": it's a low-cost storage service.
C. A low-cost storage service that provides secure and durable storage for data archiving and backup.
What is Amazon Glacier? A. There is no such thing B. A security tool that allows "freezing" an EBS volume to perform computer forensics on it. C. A low-cost storage service that provides secure and durable storage for data archiving and backup. D. A security tool that allows "freezing" an EC2 instance to perform computer forensics on it.
C. A low-cost storage service that provides secure and durable storage for data archiving and backup.
What does Amazon ElastiCache provide? A. A service by this name doesn't exist. Perhaps you mean Amazon CloudCache. B. A virtual server with a huge amount of memory. C. A managed In-memory cache service. D. An Amazon EC2 instance with the Memcached software already pre-installed.
C. A managed In-memory cache service.
What does Amazon Route53 provide? A. A global Content Delivery Network. B. None of these. C. A scalable Domain Name System. D. An SSH endpoint for Amazon EC2.
C. A scalable Domain Name System.
You are building an automated transcription service in which Amazon EC2 worker instances process an uploaded audio file and generate a text file. You must store both of these files in the same durable storage until the text file is retrieved. You do not know what the storage capacity requirements are. Which storage option is both cost-efficient and scalable? A. Multiple Amazon EBS volume with snapshots B. A single Amazon Glacier vault C. A single Amazon S3 bucket D. Multiple instance stores
C. A single Amazon S3 bucket
Which of the following are valid statements about Amazon S3? (Choose two.) A. S3 provides read-after-write consistency for any type of PUT or DELETE B. Consistency is not guaranteed for any type of PUT or DELETE C. A successful response to a PUT request only occurs when a complete object is saved. D. Partially saved objects are immediately readable with a GET after an overwrite PUT. E. S3 provides eventual consistency for overwrite PUTS and DELETES.
C. A successful response to a PUT request only occurs when a complete object is saved. E. S3 provides eventual consistency for overwrite PUTS and DELETES.
What does Amazon CloudFormation provide? A. The ability to setup Autoscaling for Amazon EC2 instances. B. None of these. C. A template resource creation for Amazon Web Services. D. A template to map network resources for Amazon Web Services.
C. A template resource creation for Amazon Web Services.
The _____ service is targeted at organizations with multiple users or systems that use AWS products such as Amazon EC2, Amazon SimpleDB, and the AWS Management Console. A. Amazon RDS B. AWS Integrity Management C. AWS Identity and Access Management D. Amazon EMR
C. AWS Identity and Access Management
What can I access by visiting the URL: http://status.aws.amazon.com/ ? A. Amazon Cloud Watch B. Status of the Amazon RDS DB C. AWS Service Health Dashboard D. AWS Cloud Monitor
C. AWS Service Health Dashboard
You are hosting a MySQL database on the root volume of an EC2 instance. The database is using a large amount of IOPs and you need to increase the IOPs available to it. What should you do? A. Migrate the database to an S3 bucket. B. Migrate the database to Glacier. C. Add 4 additional EBS SSD volumes and create a RAID 10 using these volumes. D. Use Cloud Front to cache the database.
C. Add 4 additional EBS SSD volumes and create a RAID 10 using these volumes.
You are creating your own relational database on an EC2 instance and you need to maximize IOPS performance. What can you do to achieve this goal? A. Add a single additional volume to the EC2 instance with provisioned IOPS. B. Create the database on an S3 bucket. C. Add multiple additional volumes with provisioned IOPS and then create a RAID 0 stripe across those volumes. D. Attach the single volume to multiple EC2 instances so as to maximize performance.
C. Add multiple additional volumes with provisioned IOPS and then create a RAID 0 stripe across those volumes.
What are the initial settings of an user created security group? A. Allow all inbound traffic and Allow no outbound traffic B. Allow no inbound traffic and Allow no outbound traffic C. Allow no inbound traffic and Allow all outbound traffic D. Allow all inbound traffic and Allow all outbound traffic
C. Allow no inbound traffic and Allow all outbound traffic
Which Amazon Storage behaves like raw, unformatted, external block devices that you can attach to your instances? A. None of these. B. Amazon Instance Storage C. Amazon EBS D. All of these
C. Amazon EBS
You are deploying an application to collect votes for a very popular television show. Millions of users will submit votes using mobile devices. The votes must be collected into a durable, scalable, and highly available data store for real-time public tabulation. Which service should you use? A. Amazon DynamoDB B. Amazon Redshift C. Amazon Kinesis D. Amazon Simple Queue Service
C. Amazon Kinesis Key here is "real-time tabulation" and "millions of users"
Fill in the blanks: Resources that are created in AWS are identified by a unique identifier called an _____. A. Amazon Resource Number B. Amazon Resource Name tag C. Amazon Resource Name D. Amazon Reesource Namespace
C. Amazon Resource Name
A t2.medium EC2 instance type must be launched with what type of Amazon Machine Image (AMI)? A. An Instance store Hardware Virtual Machine AMI B. An Instance store Paravirtual AMI C. An Amazon EBS-backed Hardware Virtual Machine AMI D. An Amazon EBS-backed Paravirtual AMI
C. An Amazon EBS-backed Hardware Virtual Machine AMI
What action is required to establish a VPC VPN connection between an on-premises data center and an Amazon VPC virtual private gateway? A. Modify the main route table to allow traffic to a network address translation instance. B. Use a dedicated network address translation instance in the public subnet. C. Assign a static Internet-routable IP address to an Amazon VPC customer gateway. D. Establish a dedicated networking connection using AWS Direct Connect.
C. Assign a static Internet-routable IP address to an Amazon VPC customer gateway.
You have an VPC with a public subnet. Three EC2 instances currently running inside the subnet can successfully communicate with other hosts on the internet. You launch a fourth instance in the same subnet, using the same AMI and security group configuration you used for the others, but find that this instance cannot be accessed from the Internet. What should you do to enable Internet access? A. Deploy a NAT instance into the public subnet. B. Modify the routing table for the public subnet. C. Assign an elastic IP address to the fourth instance. D. Configure a publicly routable IP address in the host OS of the fourth instance.
C. Assign an elastic IP address to the fourth instance.
You are appointed as your company's Chief Security Officer and you want to be able to track all changes made to your AWS environment, by all users and at all times, in all regions. What AWS service should you use to achieve this? A. CloudAudit B. CloudWatch C. CloudTrail D. CloudDetective
C. CloudTrail
You have a high performance compute application and you need to minimize network latency between EC2 instances as much as possible. What can you do to achieve this? A. Use Elastic Load Balancing to load balance traffic between availability zones B. Create a CloudFront distribution and to cache objects from an S3 bucket at Edge Locations. C. Create a placement group within an Availability Zone and place the EC2 instances within that placement group. D. Deploy your EC2 instances within the same region, but in different subnets and different availability zones so as to maximize redundancy.
C. Create a placement group within an Availability Zone and place the EC2 instances within that placement group.
You have a content management system running on an Amazon EC2 instance that is approaching 100% CPU utilization. Which option will reduce load on the Amazon EC2 instance? A. Create a load balancer, and register the Amazon EC2 instance with it B. Create a CloudFront distribution, and configure the Amazon EC2 instance as the origin C. Create an Auto Scaling group from the instance using the CreateAutoScalingGroup action D. Create a launch configuration from the instance using the CreateLaunchConfiguration action
C. Create an Auto Scaling group from the instance using the CreateAutoScalingGroup action using the instance ID to create the AS group creates the launch config automatically
Amazon Glacier is designed for: Choose 2 answers A. Frequently accessed data B. Active database storage C. Data archives D. Infrequently accessed data E. Cached session data
C. Data archives D. Infrequently accessed data
When an EC2 EBS-backed (EBS root) instance is stopped, what happens to the data on any ephemeral store volumes? A. Data is automatically saved in an EBS volume. B. Data is unavailable until the instance is restarted. C. Data will be deleted and will no longer be accessible. D. Data is automatically saved as an EBS snapshot.
C. Data will be deleted and will no longer be accessible.
You have a web application running on six Amazon EC2 instances, consuming about 45% of resources on each instance. You are using auto-scaling to make sure that six instances are running at all times. The number of requests this application processes is consistent and does not experience spikes. The application is critical to your business and you want high availability at all times. You want the load to be distributed evenly between all instances. You also want to use the same Amazon Machine Image (AMI) for all instances. Which of the following architectural choices should you make? A. Deploy 6 EC2 instances in one availability zone and use Amazon Elastic Load Balancer. B. Deploy 3 EC2 instances in one region and 3 in another region and use Amazon Elastic Load Balancer. C. Deploy 3 EC2 instances in one availability zone and 3 in another availability zone and use Amazon Elastic Load Balancer. D. Deploy 2 EC2 instances in three regions and use Amazon Elastic Load Balancer.
C. Deploy 3 EC2 instances in one availability zone and 3 in another availability zone and use Amazon Elastic Load Balancer.
You have a business-critical two-tier web app currently deployed in two AZs in a single region, using Elastic Load Balancing and Auto Scaling. The app depends on synchronous replication (very low latency connectivity) at the database layer. The application needs to remain fully available even if one application AZ goes off-line, and Auto Scaling cannot launch new instances in the remaining Availability Zones. How can the current architecture be enhanced to ensure this? A. Deploy in two regions using Weighted Round Robin (WRR), with Auto Scaling minimums set for 50 percent peak load per Region. B. Deploy in two regions using Weighted Round Robin (WRR), with Auto Scaling minimums set for 100 percent peak load per region. C. Deploy in three Availability Zones, with Auto Scaling minimum set to handle 50 percent peak load per zone. D. Deploy in three Availability Zones, with Auto Scaling minimum set to handle 33 percent peak load per zone.
C. Deploy in three Availability Zones, with Auto Scaling minimum set to handle 50 percent peak load per zone.
When automatic failover occurs, Amazon RDS will emit a DB Instance event to inform you that automatic failover occurred. You can use the _____ to return information about events related to your DB Instance. A. FetchFailure B. DescribeFailure C. DescribeEvents D. FetchEvents
C. DescribeEvents
What is the maximum write throughput I can provision per table for a single DynamoDB table? A. 5,000 us east, 1,000 all other regions B. 100,000 us east, 10, 000 all other regions C. Designed to scale without limits, but if you go beyond 40,000 us east/10,000 all other regions you have to contact AWS first. D. There is no limit
C. Designed to scale without limits, but if you go beyond 40,000 us east/10,000 all other regions you have to contact AWS first.
What is the maximum write throughput I can provision for a single Dynamic DB table? A. 1,000 write capacity units B. 100,000 write capacity units C. Dynamic DB is designed to scale without limits, but if you go beyond 10,000 you have to contact AWS first. D. 10,000 write capacity units
C. Dynamic DB is designed to scale without limits, but if you go beyond 10,000 you have to contact AWS first. 40,000 in Virginia!
Which of the services below do you get root access to? A. Elasticache & Elastic MapReduce B. RDS & DynamoDB C. EC2 & Elastic MapReduce D. Elasticache & DynamoDB
C. EC2 & Elastic MapReduce
Which AWS instance address has the following characteristics? :"If you stop an instance, its Elastic IP address is unmapped, and you must remap it when you restart the instance." A. None of these B. EC2-VPC Addresses C. EC2-Classic Addresses
C. EC2-Classic Addresses
By default, when an EBS volume is attached to a Windows instance, it may show up as any drive letter on the instance. You can change the settings of the _____ Service to set the drive letters of the EBS volumes per your specifications. A. EBSConfig Service B. AMIConfig Service C. Ec2Config Service D. Ec2-AMIConfig Service
C. Ec2Config Service
Please select the Amazon EC2 resource which cannot be tagged. A. Images (AMIs, kernels, RAM disks) B. Amazon EBS volumes C. Elastic IP addresses D. VPCs
C. Elastic IP addresses
Which of the following features ensures even distribution of traffic to Amazon EC2 instances in multiple Availability Zones registered with a load balancer? A. Elastic Load Balancing request routing B. An Amazon Route 53 weighted routing policy C. Elastic Load Balancing cross-zone load balancing D. An Amazon Route 53 latency routing policy
C. Elastic Load Balancing cross-zone load balancing
In Amazon CloudWatch, which metric should I be checking to ensure that your DB Instance has enough free storage space? A. FreeStorage B. FreeStorageVolume C. FreeStorageSpace D. FreeStorageAllocation
C. FreeStorageSpace
You are a solutions architect working for a large digital media company. Your company is migrating their production estate to AWS and you are in the process of setting up access to the AWS console using Identity Access Management (IAM). You have created 5 users for your system administrators. What further steps do you need to take to enable your system administrators to get access to the AWS console? A. Generate an Access Key ID & Secret Access Key, and give these to your system administrators. B. Enable multi-factor authentication on their accounts and define a password policy. C. Generate a password for each user created and give these passwords to your system administrators. D. Give the system administrators the secret access key and access key id, and tell them to use these credentials to log in to the AWS console.
C. Generate a password for each user created and give these passwords to your system administrators.
You have uploaded a file to S3. What HTTP code would indicate that the upload was successful? A. HTTP 404 B. HTTP 501 C. HTTP 200 D. HTTP 307
C. HTTP 200
Select the incorrect statement. A. In Amazon EC2, private IP address is only returned to Amazon EC2 when the instance is stopped or terminated B. In Amazon VPC, an instance retains its private IP address when the instance is stopped. C. In Amazon VPC, an instance does NOT retain its private IP address when the instance is stopped. D. In Amazon EC2, the private IP address is associated exclusively with the instance for its lifetime
C. In Amazon VPC, an instance does NOT retain its private IP address when the instance is stopped.
Read Replicas require a transactional storage engine and are only supported for the _____ storage engine. A. OracleISAM B. MSSQLDB C. InnoDB D. MyISAM
C. InnoDB
What does the "Server Side Encryption" option on Amazon S3 provide? A. It provides an encrypted virtual disk in the Cloud. B. It doesn't exist for Amazon S3, but only for Amazon EC2. C. It encrypts the files that you send to Amazon S3, on the server side. D. It allows to upload files using an SSL endpoint, for a secure transfer.
C. It encrypts the files that you send to Amazon S3, on the server side.
If you want to launch Amazon Elastic Compute Cloud (EC2) instances and assign each instance a predetermined private IP address you should: A. Launch the instance from a private Amazon Machine Image (AMI). B. Assign a group of sequential Elastic IP address to the instances. C. Launch the instances in the Amazon Virtual Private Cloud (VPC). D. Launch the instances in a Placement Group. E. Use standard EC2 instances since each instance gets a private Domain Name Service (DNS) already.
C. Launch the instances in the Amazon Virtual Private Cloud (VPC).
Which of the following approaches provides the lowest cost for Amazon Elastic Block Store snapshots while giving you the ability to fully restore data? A. Maintain two snapshots: the original snapshot and the latest incremental snapshot. B. Maintain a volume snapshot; subsequent snapshots will overwrite one another C. Maintain a single snapshot the latest snapshot is both Incremental and complete. D. Maintain the most current snapshot, archive the original and incremental to Amazon Glacier.
C. Maintain a single snapshot the latest snapshot is both Incremental and complete.
In the Launch Db Instance Wizard, where can I select the backup and maintenance options? A. DB Instance Details B. Review C. Management Options D. Engine Selection
C. Management Options
In reviewing the Auto Scaling events for your application you notice that your application is scaling up and down multiple times in the same hour. What design choice could you make to optimize for cost while preserving elasticity? Choose 2 answers A. Modify the Auto Scaling policy to use scheduled scaling actions B. Modify the Auto Scaling group termination policy to terminate the oldest instance first. C. Modify the Auto Scaling group cool-down timers. D. Modify the Amazon CloudWatch alarm period that triggers your Auto Scaling scale down policy. E. Modify the Auto Scaling group termination policy to terminate the newest instance first.
C. Modify the Auto Scaling group cool-down timers. D. Modify the Amazon CloudWatch alarm period that triggers your Auto Scaling scale down policy.
A customer is leveraging Amazon Simple Storage Service in eu-west-1 to store static content for a web-based property. The customer is storing objects using the Standard Storage class. Where are the customers objects replicated? A. A single facility in eu-west-1 and a single facility in eu-central-1 B. A single facility in eu-west-1 and a single facility in us-east-1 C. Multiple facilities in eu-west-1 D. A single facility in eu-west-1
C. Multiple facilities in eu-west-1
Security groups act like a firewall at the instance level, whereas _____ are an additional layer of security that act at the subnet level. A. DB Security Groups B. VPC Security Groups C. Network ACLs
C. Network ACLs
What function of an AWS VPC is stateless? A. Security Groups B. Elastic Load Balancers C. Network Access Control Lists D. EC2
C. Network Access Control Lists
Is decreasing the storage size of a DB Instance permitted? A. Depends on the RDMS used B. Yes C. No
C. No
Is there a method or command in the IAM system to allow or deny access to a specific instance? A. Only for VPC based instances B. Yes C. No
C. No
What is the charge for the data transfer incurred in replicating data between your primary and standby? A. Same as the standard data transfer charge B. Double the standard data transfer charge C. No charge. It is free D. Half of the standard data transfer charge
C. No charge. It is free
Do the system resources on the Micro instance meet the recommended configuration for Oracle? A. Yes completely B. Yes but only for certain situations C. Not in any circumstance
C. Not in any circumstance
Do the system resources on the Micro instance meet the recommended configuration for Oracle? A. Yes completely B. Yes but only for certain situations C. Not in any circumstance
C. Not in any circumstance
What is the minimum time Interval for the data that Amazon CloudWatch receives and aggregates? A. One second B. Five seconds C. One minute D. Three minutes E. Five minutes
C. One minute
You are a solutions architect working for a large oil and gas company. Your company runs their production environment on AWS and has a custom VPC. The VPC contains 3 subnets, 1 of which is public and the other 2 are private. Inside the public subnet is a fleet of EC2 instances which are the result of an autoscaling group. All EC2 instances are in the same security group. Your company has created a new custom application which connects to mobile devices using a custom port. This application has been rolled out to production and you need to open this port globally to the internet. What steps should you take to do this, and how quickly will the change occur? A. Open the port on the existing network Access Control List. Your EC2 instances will be able to communicate on this port after a reboot. B. Open the port on the existing network Access Control List. Your EC2 instances will be able to communicate over this port immediately. C. Open the port on the existing security group. Your EC2 instances will be able to communicate over this port immediately. D. Open the port on the existing security group. Your EC2 instances will be able to communicate over this port as soon as the relevant Time To Live (TTL) expires.
C. Open the port on the existing security group. Your EC2 instances will be able to communicate over this port immediately.
With which AWS orchestration service can you implement Chef recipes? A. CloudFormation B. Elastic Beanstalk C. Opsworks D. Lambda
C. Opsworks
In the Amazon RDS Oracle DB engine, the Database Diagnostic Pack and the Database Tuning Pack are only available with _____. A. Oracle Standard Edition B. Oracle Express Edition C. Oracle Enterprise Edition D. None of these
C. Oracle Enterprise Edition
The Trusted Advisor service provides insight regarding which four categories of an AWS account? A. Security, fault tolerance, high availability, and connectivity B. Security, access control, high availability, and performance C. Performance, cost optimization, security, and fault tolerance D. Performance, cost optimization, access control, and connectivity
C. Performance, cost optimization, security, and fault tolerance
All Amazon EC2 instances are assigned two IP addresses at launch. Which one can only be reached from within the Amazon EC2 network? A. Multiple IP address B. Public IP address C. Private IP address D. Elastic IP Address
C. Private IP address
You work for a market analysis firm who are designing a new environment. They will ingest large amounts of market data via Kinesis and then analyze this data using Elastic Map Reduce. The data is then imported in to a high performance NoSQL Cassandra database which will run on EC2 and then be accessed by traders from around the world. The database volume itself will sit on 2 EBS volumes that will be grouped into a RAID 0 volume. They are expecting very high demand during peak times, with an IOPS performance level of approximately 15,000. Which EBS volume should you recommend? A. Magnetic B. General Purpose SSD C. Provisioned IOPS (PIOPS) D. Turbo IOPS (TIOPS)
C. Provisioned IOPS (PIOPS)
Out of the striping options available for the EBS volumes, which one has the following disadvantage : 'Doubles the amount of I/O required from the instance to EBS compared to RAID 0, because you're mirroring all writes to a pair of volumes, limiting how much you can stripe.' ? A. Raid 5 B. Raid 6 C. Raid 1+0 (Raid 10) D. Raid 1 E. Raid 2
C. Raid 1+0 (Raid 10)
Amazon S3 buckets in all Regions provide which of the following? A. Read-after-write consistency for PUTS of new objects AND Strongly consistent for POST & DELETES B. Read-after-write consistency for POST of new objects AND Eventually consistent for overwrite PUTS & DELETES C. Read-after-write consistency for PUTS of new objects AND Eventually consistent for overwrite PUTS & DELETES D. Read-after-write consistency for POST of new objects AND Strongly consistent for POST & DELETES
C. Read-after-write consistency for PUTS of new objects AND Eventually consistent for overwrite PUTS & DELETES
What does the ec2-revoke command do with respect to the Amazon EC2 security groups? A. Removes one or more security groups from a rule. B. Removes one or more security groups from an Amazon EC2 instance. C. Removes one or more rules from a security group. D. Removes a security group from an account.
C. Removes one or more rules from a security group.
What does the following command do with respect to the Amazon EC2 security groups? ec2-revoke RevokeSecurityGroupIngress A. Removes one or more security groups from a rule. B. Removes one or more security groups from an Amazon EC2 instance. C. Removes one or more rules from a security group. D. Removes a security group from our account.
C. Removes one or more rules from a security group.
It is advised that you watch the Amazon CloudWatch _____ metric carefully and recreate the Read Replica should it fall behind due to replication errors. A. WriteLag B. ReadReplica C. ReplicaLag D. SingleReplica
C. ReplicaLag
Can Amazon S3 uploads resume on failure or do they need to restart? A. Restart from beginning B. You can resume them, if you flag the "resume on failure" option before uploading. C. Resume on failure D. Depends on the file size
C. Resume on failure
What are characteristics of Amazon S3? (Choose two.) A. S3 allows you to store objects of virtually unlimited size. B. S3 offers Provisioned IOPS. C. S3 allows you to store unlimited amounts of data. D. S3 should be used to host a relational database. E. Objects are directly accessible via a URL.
C. S3 allows you to store unlimited amounts of data. E. Objects are directly accessible via a URL.
In a management network scenario, which interface on the instance handles public-facing traffic? A. Primary network interface B. Subnet interface C. Secondary network interface
C. Secondary network interface
An Auto-Scaling group spans 3 AZs and currently has 4 running EC2 instances. When Auto Scaling needs to terminate an EC2 instance by default, AutoScaling will: (Choose two.) A. Allow at least five minutes for Windows/Linux shutdown scripts to complete, before terminating the instance. B. Terminate the instance with the least active network connections. If multiple instances meet this criterion, one will be randomly selected. C. Send an SNS notification, if configured to do so. D. Terminate an instance in the AZ which currently has 2 running EC2 instances. E. Randomly select one of the 3 AZs, and then terminate an instance in that AZ.
C. Send an SNS notification, if configured to do so. D. Terminate an instance in the AZ which currently has 2 running EC2 instances.
You have been asked to identify a service on AWS that is a durable key value store. Which of the services below meets this definition? A. Mobile Hub B. Kinesis C. Simple Storage Service (S3) D. Elastic File Service (EFS)
C. Simple Storage Service (S3)
What does Amazon SWF stand for? A. Simple Wireless Forms B. Simple Web Form C. Simple Work Flow D. Simple Web Flow
C. Simple Work Flow
Your web application front end consists of multiple EC2 instances behind an Elastic Load Balancer. You configured ELB to perform health checks on these EC2 instances. If an instance fails to pass health checks, which statement will be true? A. The instance is replaced automatically by the ELB. B. The instance gets terminated automatically by the ELB. C. The ELB stops sending traffic to the instance that failed its health check. D. The instance gets quarantined by the ELB for root cause analysis.
C. The ELB stops sending traffic to the instance that failed its health check.
Which technique can be used to integrate AWS IAM (Identity and Access Management) with an on-premise LDAP (Lightweight Directory Access Protocol) directory service? A. Use an IAM policy that references the LDAP account identifiers and the AWS credentials. B. Use SAML (Security Assertion Markup Language) to enable single sign-on between AWS and LDAP. C. Use AWS Security Token Service from an identity broker to issue short-lived AWS credentials. D. Use IAM roles to automatically rotate the IAM credentials when LDAP credentials are updated. E. Use the LDAP credentials to restrict a group of users from launching specific EC2 instance types.
C. Use AWS Security Token Service from an identity broker to issue short-lived AWS credentials.
A US-based company is expanding their web presence into Europe. The company wants to extend their AWS infrastructure from Northern Virginia (us-east-1) into the Dublin (eu-west-1) region. Which of the following options would enable an equivalent experience for users on both continents? A. Use a public-facing load balancer per region to load-balance web traffic, and enable HTTP health checks. B. Use a public-facing load balancer per region to load-balance web traffic, and enable sticky sessions. C. Use Amazon Route 53, and apply a geolocation routing policy to distribute traffic across both regions. D. Use Amazon Route 53, and apply a weighted routing policy to distribute traffic across both regions.
C. Use Amazon Route 53, and apply a geolocation routing policy to distribute traffic across both regions.
Your application provides data transformation services. Files containing data to be transformed are first uploaded to Amazon S3 and then transformed by a fleet of spot EC2 instances. Files submitted by your premium customers must be transformed with the highest priority. How should you implement such a system? A. Use a DynamoDB table with an attribute defining the priority level. Transformation instances will scan the table for tasks, sorting the results by priority level. B. Use Route 53 latency based-routing to send high priority tasks to the closest ransformation instances. C. Use two SQS queues, one for high priority messages, the other for default priority. Transformation instances first poll the high priority queue; if there is no message, they poll the default priority queue. D. Use a single SQS queue. Each message contains the priority level. Transformation instances poll highpriority messages first.
C. Use two SQS queues, one for high priority messages, the other for default priority. Transformation instances first poll the high priority queue; if there is no message, they poll the default priority queue.
You run an automobile reselling company that has a popular online store on AWS. The application sits behind an Auto Scaling group and requires new instances of the Auto Scaling group to identify their public and private IP addresses. How can you achieve this? A. By using Ipconfig for windows or Ifconfig for Linux. B. By using a cloud watch metric. C. Using a Curl or Get Command to get the latest meta-data from http://169.254.169.254/latest/meta-data/ D. Using a Curl or Get Command to get the latest user-data from http://169.254.169.254/latest/user-data/
C. Using a Curl or Get Command to get the latest meta-data from http://169.254.169.254/latest/meta-data/
Can I control if and when MySQL based RDS Instance is upgraded to new supported versions? A. No B. Only in VPC C. Yes
C. Yes
Can I initiate a "forced failover" for my MySQL Multi-AZ DB Instance deployment? A. Only in certain regions B. Only in VPC C. Yes D. No
C. Yes
Do the Amazon EBS volumes persist independently from the running life of an Amazon EC2 instance? A. No B. Only if instructed to when created C. Yes
C. Yes
Do the Amazon EBS volumes persist independently from the running life of an Amazon EC2 instance? A. No B. Only if instructed to when created C. Yes
C. Yes
Does AWS Direct Connect allow you access to all Availabilities Zones within a Region? A. Depends on the type of connection B. No C. Yes D. Only when there's just one availability zone in a region. If there are more than one, only one availability zone can be accessed directly.
C. Yes
Does DynamoDB support in-place atomic updates? A. It is not defined B. No C. Yes D. It does support in-place non-atomic updates
C. Yes
Is there a limit to how many groups a user can be in? A. Yes for all users except root B. Yes unless special permission granted C. Yes for all users D. No
C. Yes for all users
Are you able to integrate a multi-factor token service with the AWS Platform? A. No, you cannot integrate multi-factor token devices with the AWS platform. B. Yes, you can integrate private multi-factor token devices to authenticate users to the AWS platform. C. Yes, using the AWS multi-factor token devices to authenticate users on the AWS platform.
C. Yes, using the AWS multi-factor token devices to authenticate users on the AWS platform.
Select the correct statement: A. You don't need not specify the resource identifier while stopping a resource B. You can terminate, stop, or delete a resource based solely on its tags C. You can't terminate, stop, or delete a resource based solely on its tags D. You don't need to specify the resource identifier while terminating a resource
C. You can't terminate, stop, or delete a resource based solely on its tags
SQL Server __________ store logins and passwords in the master database. A. can be configured to but by default does not B. doesn't C. does
C. does
While creating the snapshots using the the command line tools, which command should I be using? A. ec2-deploy-snapshot B. ec2-fresh-snapshot C. ec2-create-snapshot D. ec2-new-snapshot
C. ec2-create-snapshot
Changes to the backup window take effect ______. A. from the next billing cycle B. after 30 minutes C. immediately D. after 24 hours
C. immediately
The one-time payment for Reserved Instances is __________ refundable if the reservation is cancelled. A. always B. in some circumstances C. never
C. never non-refundable
Every user you create in the IAM system starts with ______. A. partial permissions B. full permissions C. no permissions
C. no permissions
Amazon RDS creates an SSL certificate and installs the certificate on the DB Instance when Amazon RDS provisions the instance. These certificates are signed by a certificate authority. The _____ is stored at https://rds.amazonaws.com/doc/rds-ssl-ca-cert.pem. A. private key B. foreign key C. public key D. protected key
C. public key
Fill in the blanks : _____ let you categorize your EC2 resources in different ways, for example, by purpose, owner, or environment. A. wildcards B. pointers C. tags D. special filters
C. tags
To help you manage your Amazon EC2 instances, images, and other Amazon EC2 resources, you can assign your own metadata to each resource in the form of_____. A. special filters B. functions C. tags D. wildcards
C. tags
You must assign each server to at least _____ security group A. 3 B. 2 C. 4 D. 1
D. 1
What is the maximum response time for a Business level Premium Support case? A. 30 minutes B. You always get instant responses (within a few seconds). C. 10 minutes D. 1 hour
D. 1 hour
If you are using Amazon RDS Provisioned IOPS storage with MySQL and Oracle database engines, you can scale the throughput of your database Instance by specifying the IOPS rate from _____ . A. 1,000 to 1,00,000 B. 100 to 1,000 C. 10,000 to 1,00,000 D. 1,000 to 10,000
D. 1,000 to 10,000
You must increase storage size in increments of at least _____ % A. 40 B. 20 C. 50 D. 10
D. 10
A Provisioned IOPS volume must be at least __________ GB in size: A. 1 B. 50 C. 20 D. 10
D. 10 4GiB is the actual minimum
What is the maximum key length of a tag? A. 512 Unicode characters B. 64 Unicode characters C. 256 Unicode characters D. 128 Unicode characters
D. 128 Unicode characters
A Provisioned IOPS SSD volume must be at least _____ GB in size. A. 1 B. 6 C. 20 D. 4
D. 4
A company wants to implement their website in a virtual private cloud (VPC). The web tier will use an AutoScaling group across multiple Availability Zones (AZs). The database will use Multi-AZ RDS MySQL and should not be publicly accessible. What is the minimum number of subnets that need to be configured in the VPC? A. 1 B. 2 C. 3 D. 4
D. 4
You have been asked to create VPC for your company. The VPC must support both Internet-facing web applications (ie they need to be publicly accessible) and internal private applications (i.e. they are not publicly accessible and can be accessed only over VPN). The internal private applications must be inside a private subnet. Both the internet-facing and private applications must be able to leverage at least three Availability Zones for high availability. At a minimum, how many subnets must you create within your VPC to achieve this? A. 5 B. 3 C. 4 D. 6
D. 6
You have been tasked with creating a VPC network topology for your company. The VPC network must support both Internet-facing applications and internally-facing applications accessed only over VPN. Both Internet-facing and internally-facing applications must be able to leverage at least three AZs for high availability. At a minimum, how many subnets must you create within your VPC to accommodate these requirements? A. 2 B. 3 C. 4 D. 6
D. 6
Within the IAM service a GROUP is regarded as a: A. A collection of AWS accounts B. It's the group of EC2 machines that gain the permissions specified in the GROUP. C. There's no GROUP in IAM, but only USERS and RESOURCES. D. A collection of users.
D. A collection of users.
A customer wants to leverage Amazon Simple Storage Service (S3) and Amazon Glacier as part of their backup and archive infrastructure. The customer plans to use third-party software to support this integration. Which approach will limit the access of the third party software to only the Amazon S3 bucket named "company-backup"? A. A custom bucket policy limited to the Amazon S3 API in thee Amazon Glacier archive "company-backup" B. A custom bucket policy limited to the Amazon S3 API in "company-backup" C. A custom IAM user policy limited to the Amazon S3 API for the Amazon Glacier archive "company-backup". D. A custom IAM user policy limited to the Amazon S3 API in "company-backup".
D. A custom IAM user policy limited to the Amazon S3 API in "company-backup".
You are working with a customer who has 10 TB of archival data that they want to migrate to Amazon Glacier. The customer has a 1-Mbps connection to the Internet. Which service or feature provides the fastest method of getting the data into Amazon Glacier? A. Amazon Glacier multipart upload B. AWS Storage Gateway C. VM Import/Export D. AWS Import/Export
D. AWS Import/Export
You have started a new role as a solutions architect for an architectural firm that designs large sky scrapers in the Middle East. Your company hosts large volumes of data and has about 250Tb of data on internal servers. They have decided to store this data on S3 due to the redundancy offered by it. The company currently has a telecoms line of 2Mbps connecting their head office to the internet. What method should they use to import this data on to S3 in the fastest manner possible. A. Upload it directly to S3 B. Purchase and AWS Direct connect and transfer the data over that once it is installed. C. AWS Data pipeline D. AWS Import/Export
D. AWS Import/Export
In Identity and Access Management, when you first create a new user, certain security credentials are automatically generated. Which of the below are valid security credentials? A. Access Key ID, Authorized Key B. Private Key, Secret Access Key C. Private Key, Authorized Key D. Access Key ID, Secret Access Key
D. Access Key ID, Secret Access Key
While launching an RDS DB instance, on which page I can select the Availability Zone? A. Review B. DB Instance Details C. Management Options D. Additional Configuration
D. Additional Configuration
If you're unable to connect via SSH to your EC2 instance, which of the following should you check and possibly correct to restore connectivity? A. Adjust Security Group to permit egress traffic over TCP port 443 from your IP. B. Configure the IAM role to permit changes to security group settings. C. Modify the instance security group to allow ingress of ICMP packets from your IP. D. Adjust the instance's Security Group to permit ingress traffic over port 22 from your IP. E. Apply the most recently released Operating System security patches.
D. Adjust the instance's Security Group to permit ingress traffic over port 22 from your IP.
IAM provides several policy templates you can use to automatically assign permissions to the groups you create. The _____ policy template gives the Admins group permission to access all account resources, except your AWS account information. A. Read Only Access B. Power User Access C. AWS CloudFormation Read Only Access D. Administrator Access
D. Administrator Access
Through which of the following interfaces is AWS Identity and Access Management available? 1) AWS Management Console 2) Command line interface (CLI) 3) IAM Query API 4) Existing libraries A. Only through Command line interface (CLI) B. 1, 2 and 3 C. 1 and 3 D. All of the above
D. All of the above
Through which of the following interfaces is AWS Identity and Access Management available? A. AWS Management Console B. Command line interface (CLI) C. IAM Query API D. All of the above
D. All of the above
You are configuring your company's application to use Auto Scaling and need to move user state information. Which of the following AWS services provides a shared data store with durability and low latency? A. AWS ElastiCache Memcached B. Amazon Simple Storage Service C. Amazon EC2 instance storage D. Amazon DynamoDB
D. Amazon DynamoDB
Which Amazon storage do you think is the best for my database-style applications that frequently encounter many random reads and writes across the dataset. A. None of these B. Amazon Instance Storage C. Any of these D. Amazon EBS
D. Amazon EBS
A client application requires operating system privileges on a relational database server. What is an appropriate configuration for a highly available database architecture? A. A standalone Amazon EC2 instance B. Amazon RDS in a Multi-AZ configuration C. Amazon EC2 instances in a replication configuration utilizing a single Availability Zone D. Amazon EC2 instances in a replication configuration utilizing two different Availability Zones
D. Amazon EC2 instances in a replication configuration utilizing two different Availability Zones
Without _____, you must either create multiple AWS accounts, each with its own billing and subscriptions, or your employees must share the security credentials of a single AWS account. A. Amazon RDS B. Amazon Glacier C. Amazon EMR D. Amazon IAM
D. Amazon IAM
When you resize the Amazon RDS DB instance, Amazon RDS will perform the upgrade during the next maintenance window. If you would rather perform the change now, specify the _____ option. A. ApplyNow B. ApplySoon C. ApplyThis D. ApplyImmediately
D. ApplyImmediately
You have decided to change the instance type for instances running in your application tier that is using Auto Scaling. In which area below would you change the instance type definition? A. Auto Scaling policy B. Auto Scaling group C. Auto Scaling tags D. Auto Scaling launch configuration
D. Auto Scaling launch configuration
How can the domain's zone apex for example "myzoneapexdomain com" be pointed towards an Elastic Load Balancer? A. By using an AAAA record B. By using an A record C. By using an Amazon Route 53 CNAME record D. By using an Amazon Route 53 Alias record
D. By using an Amazon Route 53 Alias record
Amazon SWF is designed to help users do what? A. Design graphical user interface interactions B. Manage user identification and authorization C. Store Web content D. Coordinate synchronous and asynchronous tasks which are distributed and fault tolerant.
D. Coordinate synchronous and asynchronous tasks which are distributed and fault tolerant.
After creating a new IAM user which of the following must be done before they can successfully make API calls? A. Add a password to the user. B. Enable Multi-Factor Authentication for the user. C. Assign a Password Policy to the user. D. Create a set of Access Keys for the user.
D. Create a set of Access Keys for the user.
A customer is hosting their company website on a cluster of web servers that are behind a public-facing load balancer. The customer also uses Amazon Route 53 to manage their public DNS. How should the customer configure the DNS zone apex record to point to the load balancer? A. Create an A record pointing to the IP address of the load balancer B. Create a CNAME record pointing to the load balancer DNS name. C. Create a CNAME record aliased to the load balancer DNS name. D. Create an A record aliased to the load balancer DNS name
D. Create an A record aliased to the load balancer DNS name
A customer is hosting their company website on a cluster of web servers that are behind a public-facing load balancer. The customer also uses Amazon Route 53 to manage their public DNS. How should the customer configure the DNS zone apex record to point to the load balancer? A. Create an A record pointing to the IP address of the load balancer B. Create a CNAME record pointing to the load balancer DNS name. C. Create a CNAME record aliased to the load balancer DNS name. D. Create an A record aliased to the load balancer DNS name
D. Create an A record aliased to the load balancer DNS name A CNAME cannot be used at the DNS zone apex!
While creating an EC2 snapshot using the API, which Action should I be using? A. MakeSnapShot B. FreshSnapshot C. DeploySnapshot D. CreateSnapshot
D. CreateSnapshot
When an EC2 instance that is backed by an S3-based AMI is terminated, what happens to the data on the root volume? A. Data is automatically saved as an EBS snapshot. B. Data is automatically saved as an EBS volume. C. Data is unavailable until the instance is restarted. D. Data is automatically deleted.
D. Data is automatically deleted.
A customer is running a multi-tier web application farm in a virtual private cloud (VPC) that is not connected to their corporate network. They are connecting to the VPC over the Internet to manage all of their Amazon EC2 instances running in both the public and private subnets. They have only authorized the bastion-security-group with Microsoft Remote Desktop Protocol (RDP) access to the application instance security groups, but the company wants to further limit administrative access to all of the instances in the VPC. Which of the following Bastion deployment scenarios will meet this requirement? A. Deploy a Windows Bastion host on the corporate network that has RDP access to all instances in the VPC, B. Deploy a Windows Bastion host with an Elastic IP address in the public subnet and allow SSH access to the bastion from anywhere. C. Deploy a Windows Bastion host with an Elastic IP address in the private subnet, and restrict RDP access to the bastion from only the corporate public IP addresses. D. Deploy a Windows Bastion host with an auto-assigned Public IP address in the public subnet, and allow RDP access to the bastion from only the corporate public IP addresses.
D. Deploy a Windows Bastion host with an auto-assigned Public IP address in the public subnet, and allow RDP access to the bastion from only the corporate public IP addresses.
You manually launch a NAT AMI in a public subnet. The network is properly configured. Security groups and network access control lists are property configured. Instances in a private subnet can access the NAT. The NAT can access the Internet. However, private instances cannot access the Internet. What additional step is required to allow access from the private instances? A. Enable Source/Destination Check on the private Instances. B. Enable Source/Destination Check on the NAT instance. C. Disable Source/Destination Check on the private instances. D. Disable Source/Destination Check on the NAT instance.
D. Disable Source/Destination Check on the NAT instance.
Please select the Amazon EC2 resource which can be tagged. A. Key pairs B. Elastic IP addresses C. Placement groups D. EBS snapshots
D. EBS snapshots
What does Amazon EBS stand for? A. Elastic Block Storage. B. Elastic Business Server. C. Elastic Blade Server. D. Elastic Block Store.
D. Elastic Block Store.
What's an ECU? A. Extended Cluster User. B. None of these. C. Elastic Computer Usage. D. Elastic Compute Unit
D. Elastic Compute Unit
What does Amazon ELB stand for? A. Elastic Linux Box B. Encrypted Linux Box C. Encrypted Load Balancing D. Elastic Load Balancer
D. Elastic Load Balancer
Amazon RDS supports SOAP only through _____. A. HTTP or HTTPS B. TCP/IP C. HTTP D. HTTPS
D. HTTPS
While signing in REST/ Query requests, for additional security, you should transmit your requests using Secure Sockets Layer (SSL) by using _____. A. HTTP B. Internet Protocol Security(IPsec) C. TLS (Transport Layer Security) D. HTTPS
D. HTTPS
What happens to the I/O operations while you take a database snapshot? A. I/O operations to the database are suspended for an hour while the backup is in progress. B. I/O operations to the database are sent to a Replica (if available) for a few minutes while the backup is in progress. C. I/O operations will be functioning normally D. I/O operations to the database are suspended for a few minutes while the backup is in progress.
D. I/O operations to the database are suspended for a few minutes while the backup is in progress.
What is a Security Group? A. None of these. B. A list of users that can access Amazon EC2 instances. C. An Access Control List (ACL) for AWS resources. D. It acts as a virtual firewall that controls the traffic for one or more instances.
D. It acts as a virtual firewall that controls the traffic for one or more instances.
A customer implemented AWS Storage Gateway with a gateway-cached volume at their main office. An event takes the link between the main and branch office offline. Which methods will enable the branch office to access their data? (Choose three.) A. Use a HTTPS GET to the Amazon S3 bucket where the files are located. B. Restore by implementing a lifecycle policy on the Amazon S3 bucket. C. Make an Amazon Glacier Restore API call to load the files into another Amazon S3 bucket within four to six hours. D. Launch a new AWS Storage Gateway instance AMI in Amazon EC2, and restore from a gateway snapshot. E. Create an Amazon EBS volume from a gateway snapshot, and mount it to an Amazon EC2 instance. F. Launch an AWS Storage Gateway virtual iSCSI device at the branch office, and restore from a gateway snapshot.
D. Launch a new AWS Storage Gateway instance AMI in Amazon EC2, and restore from a gateway snapshot. E. Create an Amazon EBS volume from a gateway snapshot, and mount it to an Amazon EC2 instance. F. Launch an AWS Storage Gateway virtual iSCSI device at the branch office, and restore from a gateway snapshot.
In the context of MySQL, version numbers are organized as MySQL version = X.Y.Z. What does X denote here? A. release level B. minor version C. version number D. major version
D. Major Version X is always major Y is sometimes major, sometimes minor Z is minor
Per the AWS Acceptable Use Policy, penetration testing of EC2 instances: A. May be performed by AWS, and will be performed by AWS upon customer request. B. May be performed by AWS, and is periodically performed by AWS. C. Are expressly prohibited under all circumstances. D. May be performed by the customer on their own instances with prior authorization from AWS. E. May be performed by the customer on their own instances, only if performed from EC2 instances
D. May be performed by the customer on their own instances with prior authorization from AWS.
You work for a toy company that has a busy online store. As you are approaching christmas you find that your store is getting more and more traffic. You ensure that the web tier of your store is behind an Auto Scaling group, however you notice that the web tier is frequently scaling, sometimes multiple times in an hour, only to scale back after peak usage. You need to prevent this so that Auto Scaling does not scale as rapidly, just to scale back again. What option would help you to achieve this? A. Configure Auto Scaling to terminate your oldest instances first, then adjust your CloudWatch alarm. B. Configure Auto Scaling to terminate your newest instances first, then adjust your CloudWatch alarm. C. Change your Auto Scaling so that it only scales at scheduled times. D. Modify the Auto Scaling group cool-down timers & modify the Amazon CloudWatch alarm period that triggers your Auto Scaling scale down policy.
D. Modify the Auto Scaling group cool-down timers & modify the Amazon CloudWatch alarm period that triggers your Auto Scaling scale down policy.
Can I delete a snapshot of the root device of an EBS volume used by a registered AMI? A. Only via API B. Only via Console C. Yes D. No
D. No
Is creating a Read Replica of another Read Replica supported? A. Only in certain regions B. Only with MSSQL based RDS C. Only for Oracle RDS types D. No
D. No
When running my DB Instance as a Multi-AZ deployment, can I use the standby for read or write operations? A. Yes B. Only with MSSQL based RDS C. Only for Oracle RDS instances D. No
D. No
Will my standby RDS instance be in the same Availability Zone as my primary? A. Only for Oracle RDS types B. Only if configured at launch C. Yes D. No
D. No
Will my standby RDS instance be in the same Availability Zone as my primary? A. Only for Oracle RDS types B. Yes C. Only if configured at launch D. No
D. No
Is creating a Read Replica of another Read Replica supported? A. Only in VPC B. Yes C. Only in certain regions D. No
D. No Old question outdated. Now MySQL and MariaDB support making a second-tier RR. Has a higher latency.
When running my DB Instance as a Multi-AZ deployment, can I use the standby for read or write operations? A. Yes B. Only with MSSQL based RDS C. Only for Oracle RDS instances D. No
D. No Standby only for backup
What does specifying the mapping /dev/sdc=none do when launching an EC2 instance? A. Prevents /dev/sdc from creating the instance. B. Prevents /dev/sdc from deleting the instance. C. Set the value of /dev/sdc to 'zero'. D. Prevents /dev/sdc from attaching to the instance.
D. Prevents /dev/sdc from attaching to the instance.
You are a solutions architect who has been asked to do some consulting for a US company that produces re-useable rocket parts. They have a new web application that needs to be built and this application must be stateless. Which three services could you use to achieve this? A. AWS Storage Gateway, Elasticache & ELB B. ELB, Elasticache & RDS C. Cloudwatch, RDS & DynamoDb D. RDS, DynamoDB & Elasticache.
D. RDS, DynamoDB & Elasticache.
What does RRS stand for when talking about S3? A. Redundancy Removal System B. Relational Rights Storage C. Regional Rights Standard D. Reduced Redundancy Storage
D. Reduced Redundancy Storage
A company has a workflow that sends video files from their on-premise system to AWS for transcoding. They use EC2 worker instances that pull transcoding jobs from SQS. Why is SQS an appropriate service for this scenario? A. SQS guarantees the order of the messages. B. SQS synchronously provides transcoding output. C. SQS checks the health of the worker instances. D. SQS helps to facilitate horizontal scaling of encoding tasks.
D. SQS helps to facilitate horizontal scaling of encoding tasks.
While creating an Amazon RDS DB, your first task is to set up a DB ______ that controls what IP addresses or EC2 instances have access to your DB Instance. A. Security Pool B. Secure Zone C. Security Token Pool D. Security Group
D. Security Group
What does Amazon S3 stand for? A. Simple Storage Solution. B. Storage Storage Storage (triple redundancy Storage). C. Storage Server Solution. D. Simple Storage Service.
D. Simple Storage Service.
When you view the block device mapping for your instance, you can see only the EBS volumes, not the instance store volumes. A. Depends on the instance type B. FALSE C. Depends on whether you use API call D. TRUE
D. TRUE
Your web application front end consists of multiple EC2 instances behind an Elastic Load Balancer. You configured ELB to perform health checks on these EC2 instances, if an instance fails to pass health checks, which statement will be true? A. The instance gets terminated automatically by the ELB B. The instance gets quarantined by the ELB for root cause analysis. C. The instance is replaced automatically by the ELB D. The ELB stops sending traffic to the instance that failed its health check.
D. The ELB stops sending traffic to the instance that failed its health check.
Amazon EC2 provides a repository of public data sets that can be seamlessly integrated into AWS cloud- based applications. What is the monthly charge for using the public data sets? A. A 1 time charge of 10$ for all the datasets. B. 1$ per dataset per month C. 10$ per month for all the datasets D. There is no charge for using the public data sets
D. There is no charge for using the public data sets
You have an application running in us-west-2 that requires six EC2 instances running at all times. With three AZs available in that region (us-west-2a, us-west-2b, and us-west-2c), which of the following deployments provides 100 percent fault tolerance if any single AZ in us-west-2 becomes unavailable? Choose 2 answers A. Us-west-2a with two EC2 instances, us-west-2b with two EC2 instances, and us-west-2c with two EC2 instances B. Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with no EC2 instances C. Us-west-2a with four EC2 instances, us-west-2b with two EC2 instances, and us-west-2c with two EC2 instances D. Us-west-2a with six EC2 instances, us-west-2b with six EC2 instances, and us-west-2c with no EC2 instances E. Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with three EC2 instances
D. Us-west-2a with six EC2 instances, us-west-2b with six EC2 instances, and us-west-2c with no EC2 instances E. Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with three EC2 instances
What are the two permission types used by AWS? A. Resource-based and Product-based B. Product-based and Service-based C. Service-based D. User-based and Resource-based
D. User-based and Resource-based
To view information about an Amazon EBS volume, open the Amazon EC2 console, go to EC2, click _____ in the Navigation pane. A. EBS B. Describe C. Details D. Volumes
D. Volumes
Which of the following is not a service of the security category of the AWS trusted advisor service? A. Security Groups - Specific Ports Unrestricted B. MFA on Root Account C. IAM Use D. Vulnerability scans on existing VPCs.
D. Vulnerability scans on existing VPCs.
A photo-sharing service stores pictures in Amazon Simple Storage Service (S3) and allows application sign-in using an OpenID Connect-compatible identity provider. Which AWS Security Token Service approach to temporary access should you use for the Amazon S3 operations? A. SAML-based Identity Federation B. Cross-Account Access C. AWS Identity and Access Management roles D. Web Identity Federation
D. Web Identity Federation
Can I use Provisioned IOPS with RDS? A. Only Oracle based RDS B. No C. Only with MSSQL based RDS D. Yes for all RDS instances
D. Yes for all RDS instances
Does Amazon Route 53 support NS Records? A. Yes, it supports Name Service records. B. No C. It supports only MX records. D. Yes, it supports Name Server records.
D. Yes, it supports Name Server records.
Is there any way to own a direct connection to Amazon Web Services? A. You can create an encrypted tunnel to VPC, but you don't own the connection. B. Yes, it's called Amazon Dedicated Connection. C. No, AWS only allows access from the public Internet. D. Yes, it's called Direct Connect
D. Yes, it's called Direct Connect
A _____ is a storage device that moves data in sequences of bytes or bits (blocks). Hint: These devices support random access and generally use buffered I/O. A. block map B. storage block C. mapping device D. block device
D. block device
To retrieve instance metadata or userdata you will need to use the following IP Address; A. http://127.0.0.1 B. http://192.168.0.254 C. http://10.0.0.1 D. http://169.254.169.254
D. http://169.254.169.254
Fill in the blanks: The base URI for all requests for instance metadata is _____ A. http://254.169.169.254/latest/ B. http://169.169.254.254/latest/ C. http://127.0.0.1/latest/ D. http://169.254.169.254/latest/
D. http://169.254.169.254/latest/
In the basic monitoring package for EC2, Amazon CloudWatch provides the following metrics: A. web server visible metrics such as number failed transaction requests B. operating system visible metrics such as memory utilization C. database visible metrics such as number of connections D. hypervisor visible metrics such as CPU utilization
D. hypervisor visible metrics such as CPU utilization, disk I/O, network I/O
What will be the status of the snapshot until the snapshot is complete. A. running B. working C. progressing D. pending
D. pending
A _____ is the concept of allowing (or disallowing) an entity such as a user, group, or role some type of access to one or more resources. A. user B. AWS Account C. resource D. permission
D. permission
When you run a DB Instance as a Multi-AZ deployment, the _____ serves database writes and reads A. secondary B. backup C. stand by D. primary
D. primary
You can use _____ and _____ to help secure the instances in your VPC. A. security groups and multi-factor authentication B. security groups and 2-Factor authentication C. security groups and biometric authentication D. security groups and network ACLs
D. security groups and network ACLs
Amazon's Redshift uses which block size for its columnar storage? A. 2KB B. 8KB C. 16KB D. 32KB E. 1024KB / 1MB
E. 1024KB / 1MB
You need to add a route to your routing table in order to allow connections to the internet from your subnet. What route should you add? A. Destination: 192.168.1.258/0 --> Target: your Internet gateway B. Destination: 0.0.0.0/33 --> Target: your virtual private gateway C. Destination: 0.0.0.0/0 --> Target: 0.0.0.0/24 D. Destination: 10.0.0.0/32 --> Target: your virtual private gateway E. Destination: 0.0.0.0/0 --> Target: your Internet gateway
E. Destination: 0.0.0.0/0 --> Target: your Internet gateway
Which of the following is not supported by AWS Import/Export? A. Import to Amazon S3 B. Export from Amazon S3 C. Import to Amazon EBS D. Import to Amazon Glacier E. Export from Amazon Glacier
E. Export from Amazon Glacier
How can you secure data at rest on an EBS volume? A. Attach the volume to an instance using EC2's SSL interface. B. Write the data randomly instead of sequentially. C. Encrypt the volume using the S3 server-side encryption service. D. Create an IAM policy that restricts read and write access to the volume. E. Use an encrypted file system on top of the EBS volume.
E. Use an encrypted file system on top of the EBS volume.
True or False: Common points of failures like generators and cooling equipment are shared across Availability Zones.
False
For each DB Instance class, what is the maximum size of associated storage capacity?
For most 6TB, SQL Server = up to 16TB
What Amazon Elastic Compute Cloud feature can you query from within the instance to access instance properties?
Instance metadata
Can I move a Reserved Instance from one Region to another? A. No B. Only if they are moving into GovCloud C. Yes D. Only if they are moving to US East from another region
No
If an Amazon EBS volume is the root device of an instance, can I detach it without stopping the instance?
No
In order to optimize performance for a compute cluster that requires low inter-node latency, what feature should you use?
Placement Groups
CloudFront key pairs can be created only by the root account and cannot be created by IAM users. T/F
True
REST or Query requests are HTTP or HTTPS requests that use an HTTP verb (such as GET or POST) and a parameter named Action or Operation that specifies the API you are calling. T/F
True
Amazon EC2 has no Amazon Resource Names (ARNs) because you can't specify a particular Amazon EC2 resource in an IAM policy.
True You use the instance id to specify an EC2 instance