D319 - Part 5
Which RDS database technology does NOT support IAM Database Authentication? A) Oracle B) PostgreSQL C) MySQL
A
Which of the following are NOT valid Route 53 Health Checks? A) Health Check that monitor SQS Queue B) Health Check that monitors an Endpoint C) Health Check that monitors other Health Checks D) Health Check that monitor CloudWatch Alarms
A
Which of the following is NOT a Glacier Deep Archive retrieval mode? A) Expedited (1 - 5 minutes) B) Standard (12 hours) C) Bulk (48 hours)
A
Which of the following is NOT a Glacier Flexible retrieval mode? A) Instant (10 seconds) B) Expedited (1 - 5 minutes) C) Standard (3 - 5 hours) D) Bulk (5 - 12 hours)
A
You are planning to migrate your company's infrastructure from on-premises to AWS Cloud. You have an on-premises Microsoft Windows File Server that you want to migrate. What is the most suitable AWS service you can use? A) Amazon FSx for Windows (File Server) B) AWS Storage Gateway - S3 File Gateway C) AWS Managed Microsoft AD
A
You have 3 S3 buckets. One source bucket A, and two destination buckets B and C in different AWS Regions. You want to replicate objects from bucket A to both bucket B and C. How would you achieve this? A) Configure replication from bucket A to bucket B, then from bucket A to bucket C B) Configure replication from bucket A to bucket B, then from bucket B to bucket C C) Configure replication from bucket A to bucket C, then from bucket C to bucket B
A
You have a CloudFront Distribution that serves your website hosted on a fleet of EC2 instances behind an Application Load Balancer. All your clients are from the United States, but you found that some malicious requests are coming from other countries. What should you do to only allow users from the US and block other countries? A) Use CloudFront Geo Restriction B) Use Origin Access Control C) Set up a security group and attach it to your CloudFront Distribution D) Use a Route 53 Latency record and attach it to CloudFront
A
You have an un-encrypted RDS DB instance and you want to create Read Replicas. Can you configure the RDS Read Replicas to be encrypted? A) No B) Yes
A
You have purchased mycoolcompany.com on Amazon Route 53 Registrar and would like the domain to point to your Elastic Load Balancer my-elb-1234567890.us-west-2.elb.amazonaws.com. Which Route 53 Record type must you use here? A) CNAME B) Alias
A
You suspect that some of your employees try to access files in an S3 bucket that they don't have access to. How can you verify this is indeed the case without them noticing? A) Enable S3 Access Logs and analyze them using Athena B) Restrict their IAM policies and look at CloudTrail logs C) Use a bucket policy
A
You're developing an application and would like to deploy it to Elastic Beanstalk with minimal cost. You should run it in .................. A) Single Instance Mode B) High Availability Mode
A
Your EC2 Windows Servers need to share some data by having a Network File System mounted on them which respects the Windows security mechanisms and has integration with Microsoft Active Directory. What do you recommend? A) Amazon FSx for Windows (File Server) B) Amazon EFS C) Amazon FSx for Lustre D) S3 File Gateway
A
A WordPress website is hosted in a set of EC2 instances in an EC2 Auto Scaling Group and fronted by a CloudFront Distribution which is configured to cache the content for 3 days. You have released a new version of the website and want to release it immediately to production without waiting for 3 days for the cached content to be expired. What is the easiest and most efficient way to solve this? A) Open a support ticket with AWS Support to remove the CloudFront Cache B) CloudFront Cache Invalidation C) EC2 Cache Invalidation
B
A company is deploying a media-sharing website to AWS. They are going to use CloudFront to deliver the context with low latency to their customers where they are located in both US and Europe only. After a while there a huge costs for CloudFront. Which CloudFront feature allows you to decrease costs by targeting only US and Europe? A) CloudFront Cache Invalidation B) CloudFront Price Classes C) CloudFront Cache Behavior D) Origin Access Control
B
A company you're working for wants their data stored in S3 to be encrypted. They don't mind the encryption keys stored and managed by AWS, but they want to maintain control over the rotation policy of the encryption keys. You recommend them to use .................... A) SSE-S3 B) SSE-KMS C) SSE-C D) Client-Side Encryption
B
Amazon Aurora supports both .......................... databases. A) MySQL and MariaDB B) MySQL and PostgreSQL C) Oracle and MariaDB D) Oracle and MS SQL Server
B
What does this S3 bucket policy do? { "Version": "2012-10-17", "Id": "Mystery policy", "Statement": [{ "Sid": "What could it be?", "Effect": "Allow", "Principal": { "Service": "cloudfront.amazonaws.com" }, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::examplebucket/*","Condition": {"StringEquals": {"AWS:SourceArn": "arn:aws:cloudfront::123456789012:distribution/EDFDVBD6EXAMPLE"}} }] } A) Forces GetObject request to be encrypted if coming from CloudFront B) Only allows the S3 bucket content to be accessed from your CloudFront Distribution C) Only allows GetObject type of request on the S3 bucket from anybody
B
Which deployment option in the FSx file system provides you with long-term storage that's replicated within AZ? A) Scratch File System B) Persistent File System
B
You are looking to get recommendations for S3 Lifecycle Rules. How can you analyze the optimal number of days to move objects between different storage tiers? A) S3 Inventory B) S3 Analytics C) S3 Lifecycle Rules Advisor
B
You are looking to provide temporary URLs to a growing list of federated users to allow them to perform a file upload on your S3 bucket to a specific location. What should you use? A) S3 CORS B) S3 Pre-Signed URL C) S3 Bucket Policies
B
You have a large dataset stored in S3 that you want to access from on-premises servers using the NFS or SMB protocol. Also, you want to authenticate access to these files through on-premises Microsoft AD. What would you use? A) AWS Storage Gateway - Volume Gateway B) AWS Storage Gateway - S3 File Gateway C) AWS Storage Gateway - Tape Gateway D) AWS Data Migration Service
B
You have a static website hosted on an S3 bucket. You have created a CloudFront Distribution that points to your S3 bucket to better serve your requests and improve performance. After a while, you noticed that users can still access your website directly from the S3 bucket. You want to enforce users to access the website only through CloudFront. How would you achieve that? A) Send an email to your clients and tell them to not use the S3 endpoint B) Configure your CloudFront Distribution and create an Origin Access Control (OAC), then update your S3 Bucket Policy to only accept requests from your CloudFront Distribution. C) Use S3 Access Points to redirect clients to CloudFront
B
You have an S3 bucket that has S3 Versioning enabled. This S3 bucket has a lot of objects, and you would like to remove old object versions to reduce costs. What's the best approach to automate the deletion of these old object versions? A) S3 Lifecycle Rules - Transition Actions B) S3 Lifecycle Rules - Expiration Actions C) S3 Access Logs
B
You have deployed a new Elastic Beanstalk environment and would like to direct 5% of your production traffic to this new environment. This allows you to monitor for CloudWatch metrics and ensuring that there're no bugs exist with your new environment. Which Route 53 Record type allows you to do so? A) Simple B) Weighted C) Latency D) Failover
B
You have enabled versioning and want to be extra careful when it comes to deleting files on an S3 bucket. What should you enable to prevent accidental permanent deletions? A) Use a bucket policy B) Enable MFA Delete C) Encrypt the files D) Disable versioning
B
You need full customization of an Oracle Database on AWS. You would like to benefit from using the AWS services. What do you recommend? A) RDS for Oracle B) RDS Custom for Oracle C) Deploy Oracle on EC2
B
You need to store long-term backups for your Aurora database for disaster recovery and audit purposes. What do you recommend? A) Enable Automated Backups B) Perform On Demand Backups C) Use Aurora Database Cloning
B
You want to expose virtually infinite storage for your tape backups. You want to keep the same software you're using and want an iSCSI compatible interface. What do you use? A) AWS Snowball B) AWS Storage Gateway - Tape Gateway C) AWS Storage Gateway - Volume Gateway D) AWS Storage Gateway - S3 File Gateway
B
You want to install software updates on 100s of Linux EC2 instances that you manage. You want to store these updates on shared storage which should be dynamically loaded on the EC2 instances and shouldn't require heavy operations. What do you suggest? A) Store the software updates on EBS and sync them using data replication software from one master in each AZ B) Store the software updates on EFS and mount EFS as a network drive at startup C) Package the software updates as an EBS snapshot and create EBS volumes for each new software update D) Store the software updates on Amazon RDS
B
You would like all your files in an S3 bucket to be encrypted by default. What is the optimal way of achieving this? A) Use a bucket policy that forces HTTPS connections B) Do nothing, Amazon S3 automatically encrypt new objects using Server-Side Encryption with S3-Managed Keys (SSE-S3) C) Enable Versioning
B
You would like to have a distributed POSIX compliant file system that will allow you to maximize the IOPS in order to perform some High-Performance Computing (HPC) and genomics computational research. This file system has to easily scale to millions of IOPS. What do you recommend? A) EFS with Max. IO enabled B) Amazon FSx for Lustre C) Amazon S3 mounted on the EC2 instances D) EC2 Instance Store
B
You're getting errors while trying to create a new S3 bucket named "dev". You're using a new AWS Account with no S3 buckets created before. What is a possible cause for this? A) You're missing IAM permissions to create an S3 bucket B) S3 bucket names must be globally unique and "dev" is already taken
B
Your website TriangleSunglasses.com is hosted on a fleet of EC2 instances managed by an Auto Scaling Group and fronted by an Application Load Balancer. Your ASG has been configured to scale on-demand based on the traffic going to your website. To reduce costs, you have configured the ASG to scale based on the traffic going through the ALB. To make the solution highly available, you have updated your ASG and set the minimum capacity to 2. How can you further reduce the costs while respecting the requirements? A) Remove the ALB and use an Elastic IP instead B) Reserve two EC2 instances C) Reduce the minimum capacity to 1 D) Reduce the minimum capacity to 0
B
You are looking to build an index of your files in S3, using Amazon RDS PostgreSQL. To build this index, it is necessary to read the first 250 bytes of each object in S3, which contains some metadata about the content of the file itself. There are over 100,000 files in your S3 bucket, amounting to 50 TB of data. How can you build this index efficiently? A) Use the RDS Import feature to load the data from S3 to PostgreSQL, and run a SQL query to build the index B) Create an application that will traverse the S3 bucket, read all the files one by one, extract the first 250 bytes, and store that information in RDS C) Create an application that will traverse the S3 bucket, issue a Byte Range Fetch for the first 250 bytes, and store that information in RDS D) Create an application that will traverse the S3 bucket, use S3 Select to get the first 250 bytes, and store that information in RDS
C
You have a 25 GB file that you're trying to upload to S3 but you're getting errors. What is a possible solution for this? A) The file size limit on S3 is 5 GB B) Update your bucket policy to allow the larger file C) Use Multi-Part upload when uploading files larger than 5GB D) Encrypt the file
C
You have a large dataset stored on-premises that you want to upload to the S3 bucket. The dataset is divided into 10 GB files. You have good bandwidth but your Internet connection isn't stable. What is the best way to upload this dataset to S3 and ensure that the process is fast and avoid any problems with the Internet connection? A) Use Multi-part Upload Only B) Use S3 Select & Use S3 Transfer Acceleration C) Use S3 Multi-part Upload & S3 Transfer Acceleration
C
You have a website that loads files from an S3 bucket. When you try the URL of the files directly in your Chrome browser it works, but when the website you're visiting tries to load these files it doesn't. What's the problem? A) The Bucket policy is wrong B) The IAM policy is wrong C) CORS is wrong D) Encryption is wrong
C
You have an application that's hosted in two different AWS Regions us-west-1 and eu-west-2. You want your users to get the best possible user experience by minimizing the response time from application servers to your users. Which Route 53 Routing Policy should you choose? A) Multi Value B) Weighted C) Latency D) Geolocation
C
You have hundreds of Terabytes that you want to migrate to AWS S3 as soon as possible. You tried to use your network bandwidth and it will take around 3 weeks to complete the upload process. What is the recommended approach to using in this situation? A) AWS Storage Gateway - Volume Gateway B) S3 Multi-part Upload C) AWS Snowball Edge D) AWS Data Migration Service
C
You have updated a Route 53 Record's myapp.mydomain.com value to point to a new Elastic Load Balancer, but it looks like users are still redirected to the old ELB. What is a possible cause for this behavior? A) Because of the Alias record B) Because of the CNAME record C) Because of the TTL D) Because of Route 53 Health Checks
C
You have updated an S3 bucket policy to allow IAM users to read/write files in the S3 bucket, but one of the users complain that he can't perform a PutObject API call. What is a possible cause for this? A) The S3 bucket policy must be wrong B) The user is lacking permissions C) The IAM user must have an explicit DENY in the attached IAM Policy D) You need to contact AWS Support to lift this limit
C
You would like to retrieve a subset of your dataset stored in S3 with the .csv format. You would like to retrieve a month of data and only 3 columns out of 10, to minimize compute and network costs. What should you use? A) S3 Analytics B) S3 Access Logs C) S3 Select D) S3 Inventory
C
You're deploying your application to an Elastic Beanstalk environment but you notice that the deployment process is painfully slow. After reviewing the logs, you found that your dependencies are resolved on each EC2 instance each time you deploy. How can you speed up the deployment process with minimal impact? A) Remove some dependencies in your code B) Place the dependencies in Amazon EFS C) Create a Golden AMI that contains the dependencies and use that image to launch the EC2 instances
C
Your client wants to make sure that file encryption is happening in S3, but he wants to fully manage the encryption keys and never store them in AWS. You recommend him to use ............................ A) SSE-S3 B) SSE-KMS C) SSE-C D) Client-Side Encryption
C
A Solutions Architect is working on planning the migration of a startup company from on-premises to AWS. Currently, their infrastructure consists of many servers and 30 TB of data hosted on a shared NFS storage. He has decided to use Amazon S3 to host the data. Which AWS service can efficiently migrate the data from on-premises to S3? A) AWS Storage Tape Gateway B) Amazon EBS C) AWS Transfer Family D) AWS DataSync
D
Which of the following will NOT help us while designing a STATELESS application tier? A) Store session data in Amazon RDS B) Store session data in Amazon ElastiCache C) Store session data in the client HTTP cookies D) Store session data on EBS volumes
D
You have 100 EC2 instances connected to your RDS database and you see that upon a maintenance of the database, all your applications take a lot of time to reconnect to RDS, due to poor application logic. How do you improve this? A) Fix all the applications B) Disable Multi-AZ C) Enable Multi-AZ D) Use an RDS Proxy
D
You have a legal requirement that people in any country but France should NOT be able to access your website. Which Route 53 Routing Policy helps you in achieving this? A) Latency B) Simple C) Multi Value D) Geolocation
D
You have enabled versioning in your S3 bucket which already contains a lot of files. Which version will the existing files have? A) 1 B) 0 C) -1 D) null
D
You have purchased a domain on GoDaddy and would like to use Route 53 as the DNS Service Provider. What should you do to make this work? A) Request for a domain transfer B) Create a Private Hosted Zone and update the 3rd party Registrar NS records C) Create a Public Hosted Zone and update the Route 53 NS records D) Create a Public Hosted Zone and update the 3rd party Registrar NS records
D
You need to move hundreds of Terabytes into Amazon S3, then process the data using a fleet of EC2 instances. You have a 1 Gbit/s broadband. You would like to move the data faster and possibly processing it while in transit. What do you recommend? A) Use your network B) Use Snowcone C) Use AWS Data Migration D) Use Snowball Edge
D
You want the content of an S3 bucket to be fully available in different AWS Regions. That will help your team perform data analysis at the lowest latency and cost possible. What S3 feature should you use? A) Amazon CloudFront Distributions B) S3 Versioning C) S3 Static Website Hosting D) S3 Replication
D
You work as a Solutions Architect for a gaming company. One of the games mandates that players are ranked in real-time based on their score. Your boss asked you to design then implement an effective and highly available solution to create a gaming leaderboard. What should you use? A) Use RDS for MySQL B) Use an Amazon Aurora C) Use ElastiCache for Memcached D) Use ElastiCache for Redis - Sorted Sets
D
Your company does not trust AWS for the encryption process and wants it to happen on the application. You recommend them to use .................... A) SSE-S3 B) SSE-KMS C) SSE-C D) Client-Side Encryption
D
Your development team would like to perform a suite of read and write tests against your production Aurora database because they need access to production data as soon as possible. What do you advise? A) Create an Aurora Read Replica for them B) Do the test against the production database C) Make a DB Snapshot and Restore it into a new database D) Use the Aurora Cloning feature
D
For compliance reasons, your company has a policy mandate that database backups must be retained for 4 years. It shouldn't be possible to erase them. What do you recommend? A) Glacier Vaults with Vault Lock Policies B) EFS network drives with restrictive Linux permissions C) S3 with Bucket Policies
A
A company is migrating a web application to AWS Cloud and they are going to use a set of EC2 instances in an EC2 Auto Scaling Group. The web application is made of multiple components so they will need a host-based routing feature to route to specific web application components. This web application is used by many customers and therefore the web application must have a static IP address so it can be whitelisted by the customers' firewalls. As the customers are distributed around the world, the web application must also provide low latency to all customers. Which AWS service can help you to assign a static IP address and provide low latency across the globe? A) AWS Global Accelerator + Application Load Balancer B) Amazon CloudFront C) Network Load Balancer D) Application Load Balancer
A
An e-commerce company has its customers and orders data stored in an S3 bucket. The company's CEO wants to generate a report to show the list of customers and the revenue for each customer. Customer data stored in files on the S3 bucket has sensitive information that we don't want to expose in the report. How do you recommend the report can be created without exposing sensitive information? A) Use S3 Object Lambda to change the objects before they are retrieved by the report generator application B) Create another S3 bucket. Create a lambda function to process each file, remove the sensitive information, and then move them to the new S3 bucket C) Use S3 Object Lock to lock the sensitive information from being fetched by the report generator application
A
As a Solutions Architect, you're planning to migrate a complex ERP software suite to AWS Cloud. You're planning to host the software on a set of Linux EC2 instances managed by an Auto Scaling Group. The software traditionally takes over an hour to set up on a Linux machine. How do you recommend you speed up the installation process when there's a scale-out event? A) Use a Golden AMI B) Bootstrap using EC2 User Data C) Store the application in Amazon RDS D) Retrieve the application setup files from EFS
A
A company has its data and files stored on some S3 buckets. Some of these files need to be kept for a predefined period of time and protected from being overwritten and deletion according to company compliance policy. Which S3 feature helps you in doing this? A) S3 Object Lock - Retention Governance Mode B) S3 Versioning C) S3 Object Lock - Retention Compliance Mode D) S3 Glacier Vault Lock
C
A company is preparing for compliance and regulatory review on its infrastructure on AWS. Currently, they have their files stored on S3 buckets that are not encrypted, which must be encrypted as required for compliance and regulatory review. Which S3 feature allows them to encrypt all files in their S3 buckets in the most efficient and cost-effective way? A) S3 Access Points B) S3 Cross-Region Replication C) S3 Batch Operations D) S3 Lifecycle Rules
C
A company uses a lot of files and data which is stored in an FSx for Windows File Server storage on AWS. Those files are currently used by the resources hosted on AWS. There's a requirement for those files to be accessed on-premises with low latency. Which AWS service can help you achieve this? A) S3 File Gateway B) FSx for Windows File Server On-Premises C) FSx File Gateway D) Volume Gateway
C
An application running in production is using an Aurora Cluster as its database. Your development team would like to run a version of the application in a scaled-down application with the ability to perform some heavy workload on a need-basis. Most of the time, the application will be unused. Your CIO has tasked you with helping the team to achieve this while minimizing costs. What do you suggest? A) Use an Aurora Global Database B) Use an RDS database C) Use Aurora Serverless D) Run Aurora on EC2, and write a script to shut down the EC2 instance at night
C
How can you automate the transition of S3 objects between their different tiers? A) AWS Lambda B) CloudWatch Events C) S3 Lifecycle Rules
C
How can you be notified when there's an object uploaded to your S3 bucket? A) S3 Select B) S3 Access Logs C) S3 Event Notifications D) S3 Analytics
C
How many Aurora Read Replicas can you have in a single Aurora DB Cluster? A) 5 B) 10 C) 15
C
Which of the following S3 Object Lock configuration allows you to prevent an object or its versions from being overwritten or deleted indefinitely and gives you the ability to remove it manually? A) Retention Governance Mode B) Retention Compliance Mode C) Legal Hold
C
Which of the following protocols is NOT supported by AWS Transfer Family? A) File Transfer Protocol (FTP) B) File Transfer Protocol over SSL (FTPS) C) Transport Layer Security (TLS) D) Secure File Transfer Protocol (SFTP)
C
While you're uploading large files to an S3 bucket using Multi-part Upload, there are a lot of unfinished parts stored in the S3 bucket due to network issues. You are not using these unfinished parts and they cost you money. What is the best approach to remove these unfinished parts? A) Use AWS Lambda to loop on each old/unfinished part and delete them B) Request AWS Support to help you delete old/unfinished parts C) Use an S3 Lifecycle Policy to automate old/unfinished parts deletion
C
