AWS Certified Solutions Architect Chapter Exams

Ace your homework & exams now with Quizwiz!

A firm is moving its testing platform to AWS to provide developers with instant access to clean test and development environments. The primary requirement for the firm is to make environments easily reproducible and fungible. What service will help the firm meet their requirements? A. AWS CloudFormation B. AWS Config C. Amazon Redshift D. AWS Trusted Advisor

A

A week before Cyber Monday last year, your corporate data center experienced a failed air conditioning unit that caused flooding into the server racks. The resulting outage cost your company significant revenue. Your CIO mandated a move to the cloud, but he is still concerned about catastrophic failures in a data center. What can you do to alleviate his concerns? A. Distribute the architecture across multiple Availability Zones. B. Use an Amazon Virtual Private Cloud (Amazon VPC) with subnets. C. Launch the compute for the processing services in a placement group. D. Purchase Reserved Instances for the processing services instances.

A

AWS provides IT control information to customers in which of the following ways? A. By using specific control definitions or through general control standard compliance B. By using specific control definitions or through SAS 70 C. By using general control standard compliance and by complying with ISO 27001 D. By complying with ISO 27001 and SOC 1 Type II

A

How many nodes can you add to an Amazon ElastiCache cluster running Redis? A. 1 B. 5 C. 20 D. 100

A

Of the following options, what is an efficient way to fanout a single Amazon Simple Notification Service (Amazon SNS) message to multiple Amazon Simple Queue Service (Amazon SQS) queues? A. Create an Amazon SNS topic using Amazon SNS. Then create and subscribe multiple Amazon SQS queues sent to the Amazon SNS topic. B. Create one Amazon SQS queue that subscribes to multiple Amazon SNS topics. C. Amazon SNS allows exactly one subscriber to each topic, so fanout is not possible. D. Create an Amazon SNS topic using Amazon SNS. Create an application that subscribes to that topic and duplicates the message. Send copies to multiple Amazon SQS queues.

A

To help prevent data loss due to the failure of any single hardware component, Amazon Elastic Block Storage (Amazon EBS) automatically replicates EBS volume data to which of the following? A. Amazon EBS replicates EBS volume data within the same Availability Zone in a region. B. Amazon EBS replicates EBS volume data across other Availability Zones within the same region. 3. Amazon EBS replicates EBS volume data across Availability Zones in the same region and in Availability Zones in one other region. D. Amazon EBS replicates EBS volume data across Availability Zones in the same region and in Availability Zones in every other region.

A

What is the default limit for the number of Amazon VPCs that a customer may have in a region? A. 5 B. 6 C. 7 D. There is no default maximum number of VPCs within a region.

A

What is the default time for an Amazon Simple Queue Service (Amazon SQS) visibility timeout? A. 30 seconds B. 60 seconds C. 1 hour D. 12 hours

A

When you create a new Amazon Simple Notification Service (Amazon SNS) topic, which of the following is created automatically? A. An Amazon Resource Name (ARN) B. A subscriber C. An Amazon Simple Queue Service (Amazon SQS) queue to deliver your Amazon SNS topic D. A message

A

Which AWS Cloud service is best suited for Online Analytics Processing (OLAP)? A. Amazon Redshift B. Amazon Relational Database Service (Amazon RDS) C. Amazon Glacier D. Amazon DynamoDB

A

Which AWS service records Application Program Interface (API) calls made on your account and delivers log files to your Amazon Simple Storage Service (Amazon S3) bucket? A. AWS CloudTrail B. Amazon CloudWatch C. Amazon Kinesis D. AWS Data Pipeline

A

Which Amazon Relational Database Service (Amazon RDS) database engines support Multi-AZ? A. All of them B. Microsoft SQL Server, MySQL, and Oracle C. Oracle, Amazon Aurora, and PostgreSQL D. MySQL

A

Which DNS record can be used to store human-readable information about a server, network, and other accounting data with a host? A. A TXT record B. An MX record C. An SPF record D. A PTR record

A

Which encryption algorithm is used by Amazon Simple Storage Service (Amazon S3) to encrypt data at rest with Service-Side Encryption (SSE)? A. Advanced Encryption Standard (AES)-256 B. RSA 1024 C. RSA 2048 D. AES-128

A

Which feature of AWS is designed to permit calls to the platform from an Amazon Elastic Compute Cloud (Amazon EC2) instance without needing access keys placed on the instance? A. AWS Identity and Access Management (IAM) instance profile B. IAM groups C. IAM roles D. Amazon EC2 key pairs

A

Which of the following is an optional security control that can be applied at the subnet layer of a VPC? A. Network ACL B. Security Group C. Firewall D. Web application firewall

A

Which of the following statements is true? A. IT governance is still the customer's responsibility, despite deploying their IT estate onto the AWS platform. B. The AWS platform is PCI DSS-compliant to Level 1. Customers can deploy their web applications to this platform, and they will be PCI DSS-compliant automatically. C. The shared responsibility model applies to IT security only; it does not relate to governance. D. AWS doesn't take risk management very seriously, and it's up to the customer to mitigate risks to the AWS infrastructure.

A

Which protocol is used by DNS when response data size exceeds 512 bytes? A. Transmission Control Protocol (TCP) B. Hyper Text Transfer Protocol (HTTP) C. File Transfer Protocol (FTP) D. User Datagram Protocol (UDP)

A

Which security scheme is used by the AWS Multi-Factor Authentication (AWS MFA) token? A. Time-Based One-Time Password (TOTP) B. Perfect Forward Secrecy (PFC) C. Ephemeral Diffie Hellman (EDH) D. Split-Key Encryption (SKE)

A

You are changing your application to move session state information off the individual Amazon Elastic Compute Cloud (Amazon EC2) instances to take advantage of the elasticity and cost benefits provided by Auto Scaling. Which of the following AWS Cloud services is best suited as an alternative for storing session state information? A. Amazon DynamoDB B. Amazon Redshift C. Amazon Storage Gateway D. Amazon Kinesis

A

You are creating an Amazon DynamoDB table that will contain messages for a social chat application. This table will have the following attributes: Username (String), Timestamp (Number), Message (String). Which attribute should you use as the partition key? The sort key? A. Username, Timestamp B. Username, Message C. Timestamp, Message D. Message, Timestamp

A

You are working for a small organization without a dedicated database administrator on staff. You need to install Microsoft SQL Server Enterprise edition quickly to support an accounting back office application on Amazon Relational Database Service (Amazon RDS). What should you do? A. Launch an Amazon RDS DB Instance, and select Microsoft SQL Server Enterprise Edition under the Bring Your Own License (BYOL) model. B. Provision SQL Server Enterprise Edition using the License Included option from the Amazon RDS Console. C. SQL Server Enterprise edition is only available via the Command Line Interface (CLI). Install the command-line tools on your laptop, and then provision your new Amazon RDS Instance using the CLI. D. You cannot use SQL Server Enterprise edition on Amazon RDS. You should install this on to a dedicated Amazon Elastic Compute Cloud (Amazon EC2) Instance.

A

You have built a large web application that uses Amazon ElastiCache using Memcached to store frequent query results. You plan to expand both the web fleet and the cache fleet multiple times over the next year to accommodate increased user traffic. How do you minimize the amount of changes required when a scaling event occurs? A. Configure AutoDiscovery on the client side B. Configure AutoDiscovery on the server side C. Update the configuration file each time a new cluster D. Use an Elastic Load Balancer to proxy the requests

A

Your company provides media content via the Internet to customers through a paid subscription model. You leverage Amazon CloudFront to distribute content to your customers with low latency. What approach can you use to serve this private content securely to your paid subscribers? A. Provide signed Amazon CloudFront URLs to authenticated users to access the paid content. B. Use HTTPS requests to ensure that your objects are encrypted when Amazon CloudFront serves them to viewers. C. Configure Amazon CloudFront to compress the media files automatically for paid subscribers. D. Use the Amazon CloudFront geo restriction feature to restrict access to all of the paid subscription media at the country level.

A

Your company works with data that requires frequent audits of your AWS environment to ensure compliance with internal policies and best practices. In order to perform these audits, you need access to historical configurations of your resources to evaluate relevant configuration changes. Which service will provide the necessary information for your audits? A. AWS Config B. AWS Key Management Service (AWS KMS) C. AWS CloudTrail D. AWS OpsWorks

A

Your team is building an order processing system that will span multiple Availability Zones. During testing, the team wanted to test how the application will react to a database failover. How can you enable this type of test? A. Force a Multi-AZ failover from one Availability Zone to another by rebooting the primary instance using the Amazon RDS console. B. Terminate the DB instance, and create a new one. Update the connection string. C. Create a support case asking for a failover. D. It is not possible to test a failover.

A

Your website is hosted on a fleet of web servers that are load balanced across multiple Availability Zones using an Elastic Load Balancer (ELB). What type of record set in Amazon Route 53 can be used to point myawesomeapp.com to your website? A. Type A Alias resource record set B. MX record set C. TXT record set D. CNAME record set

A

(Choose 2 answers) Which cache engines does Amazon ElastiCache support? A. Memcached B. Redis C. Membase D. Couchbase

A,B

(Choose 3 answers) In Amazon Simple Workflow Service (Amazon SWF), which of the following are actors? A. Activity workers B. Workflow starters C. Deciders D. Activity tasks

A,B,C

(Choose 3 answers) Which of the following objects are good candidates to store in a cache? A. Session state B. Shopping cart C. Product catalog D. Bank account balance

A,B,C

(Choose 3 answers) You are building a large order processing system and are responsible for securing the database. Which actions will you take to protect the data? A. Adjust AWS Identity and Access Management (IAM) permissions for administrators. B. Configure security groups and network Access Control Lists (ACLs) to limit network access. C. Configure database users, and grant permissions to database objects. D. Install anti-virus software on the Amazon RDS DB Instance.

A,B,C

(Choose 3 answers) Your team manages a popular website running Amazon Relational Database Service (Amazon RDS) MySQL backend. The Marketing department has just informed you about an upcoming television commercial that will drive thousands of new visitors to the website. How can you prepare your database to handle the load? A. Vertically scale the DB Instance by selecting a more powerful instance class. B. Create read replicas to offload read requests and update your application. C. Upgrade the storage from Magnetic volumes to General Purpose Solid State Drive (SSD) volumes. D. Upgrade to Amazon Redshift for faster columnar storage.

A,B,C

(Choose three) AWS communicates with customers regarding its security and control environment through a variety of different mechanisms. Which of the following are valid mechanisms? A. Obtaining industry certifications and independent third-party attestations B. Publishing information about security and AWS control practices via the website, whitepapers, and blogs C. Directly providing customers with certificates, reports, and other documentation (under NDA in some cases) D. Allowing customers' auditors direct access to AWS data centers, infrastructure, and senior staff

A,B,C

(Choose three) Which of the following is a valid report, certification, or third-party attestation for AWS? A. SOC 1 B. PCI DSS Level 1 C. SOC 4 D. ISO 27001

A,B,D

(Choose 3 answers) You need to implement a service to scan Application Program Interface (API) calls and related events' history to your AWS account. This service will detect things like unused permissions, overuse of privileged accounts, and anomalous logins. Which of the following AWS Cloud services can be leveraged to implement this service? A. AWS CloudTrail B. Amazon Simple Storage Service (Amazon S3) C. Amazon Route 53 D. Auto Scaling E. AWS Lambda

A,B,E

(Choose 2 answers) When building a Distributed Denial of Service (DDoS)-resilient architecture, how does Amazon Virtual Private Cloud (Amazon VPC) help minimize the attack surface area? A. Reduces the number of necessary Internet entry points B. Combines end user traffic with management traffic C. Obfuscates necessary Internet entry points to the level that untrusted end users cannot access them D. Adds non-critical Internet entry points to the architecture E. Scales the network to absorb DDoS attacks

A,C

(Choose 2 answers) Which of the following are good use cases for Amazon CloudFront? A. A popular software download site that supports users around the world, with dynamic content that changes rapidly B. A corporate website that serves training videos to employees. Most employees are located in two corporate campuses in the same city. C. A heavily used video and music streaming service that requires content to be delivered only to paid subscribers D. A corporate HR website that supports a global workforce. Because the site contains sensitive data, all users must connect through a corporate Virtual Private Network (VPN).

A,C

(Choose two) With regard to vulnerability scans and threat assessments of the AWS platform, which of the following statements are true? A. AWS regularly performs scans of public-facing endpoint IP addresses for vulnerabilities. B. Scans performed by AWS include customer instances. C. AWS security notifies the appropriate parties to remediate any identified vulnerabilities. D. Customers can perform their own scans at any time without advance notice.

A,C

(Choose 3 answers) Which of the following are features of Amazon Simple Notification Service (Amazon SNS)? A. Publishers B. Readers C. Subscribers D. Topic

A,C,D

(Choose 3 answers) Which of the following techniques can you use to help you meet Recovery Point Objective (RPO) and Recovery Time Objective (RTO) requirements? A. DB snapshots B. DB option groups C. Read replica D. Multi-AZ deployment

A,C,D

(Choose 2 answers) Your e-commerce site was designed to be stateless and currently runs on a fleet of Amazon Elastic Compute Cloud (Amazon EC2) instances. In an effort to control cost and increase availability, you have a requirement to scale the fleet based on CPU and network utilization to match the demand curve for your site. What services do you need to meet this requirement? A. Amazon CloudWatch B. Amazon DynamoDB C. Elastic Load Balancing D. Auto Scaling E. Amazon Simple Storage Service (Amazon S3)

A,D

(Choose 2 answers) Which of the following AWS cloud services are designed according to the Multi-AZ principle? A. Amazon DynamoDB B. Amazon ElastiCache C. Elastic Load Balancing D. Amazon Virtual Private Cloud (Amazon VPC) E. Amazon Simple Storage Service (Amazon S3)

A,E

(Choose 2 answers) Amazon CloudWatch supports which types of monitoring plans? A. Basic monitoring, which is free B. Basic monitoring, which has an additional cost C. Ad hoc monitoring, which is free D. Ad hoc monitoring, which has an additional cost E. Detailed monitoring, which is free F. Detailed monitoring, which has an additional cost

A,F

A media sharing application is producing a very high volume of data in a very short period of time. Your back-end services are unable to manage the large volume of transactions. What option provides a way to manage the flow of transactions to your back-end services? A. Store the inbound transactions in an Amazon Relational Database Service (Amazon RDS) instance so that your back-end services can retrieve them as time permits. B. Use an Amazon Simple Queue Service (Amazon SQS) queue to buffer the inbound transactions. C. Use an Amazon Simple Notification Service (Amazon SNS) topic to buffer the inbound transactions. D. Store the inbound transactions in an Amazon Elastic MapReduce (Amazon EMR) cluster so that your back-end services can retrieve them as time permits.

B

Government regulations require that your company maintain all correspondence for a period of seven years for compliance reasons. What is the best storage mechanism to keep this data secure in a cost-effective manner? A. Amazon S3 B. Amazon Glacier C. Amazon EBS D. Amazon EFS

B

In Amazon Simple Workflow Service (Amazon SWF), a decider is responsible for what? A. Executing each step of the work B. Defining work coordination logic by specifying work sequencing, timing, and failure conditions C. Executing your workflow D. Registering activities and workflow with Amazon SWF

B

What is the longest time available for an Amazon Simple Queue Service (Amazon SQS) long polling timeout? A. 10 seconds B. 20 seconds C. 30 seconds D. 1 hour

B

The AWS control environment is in place for the secure delivery of AWS Cloud service offerings. Which of the following does the collective control environment NOT explicitly include? A. People B. Energy C. Technology D. Processes

B

What are the different hosted zones that can be created in Amazon Route 53? (1) Public hosted zone (2) Global hosted zone (3) Private hosted zone A. 1 and 2 B. 1 and 3 C. 2 and 3 D. 1, 2, and 3

B

What is the default message retention period for Amazon Simple Queue Service (Amazon SQS)? A. 30 minutes B. 4 days C. 30 seconds D. 14 days

B

Where do you register a domain name? A. With your local government authority B. With a domain registrar C. With InterNIC directly D. With the Internet Assigned Numbers Authority (IANA)

B

Which AWS database service is best suited for traditional Online Transaction Processing (OLTP)? A. Amazon Redshift B. Amazon Relational Database Service (Amazon RDS) C. Amazon Glacier D. Elastic Database

B

Which Amazon Relational Database Service (Amazon RDS) database engines support read replicas? A. Microsoft SQL Server and Oracle B. MySQL, MariaDB, PostgreSQL, and Aurora C. Aurora, Microsoft SQL Server, and Oracle D. MySQL and PostgreSQL

B

Which DNS records are commonly used to stop email spoofing and spam? A. MX records B. SPF records C. A records D. C names

B

Which is an operational process performed by AWS for data security? A. Advanced Encryption Standard (AES)-256 encryption of data stored on any shared storage device B. Decommissioning of storage devices using industry-standard practices C. Background virus scans of Amazon Elastic Block Store (Amazon EBS) volumes and Amazon EBS snapshots D. Replication of data across multiple AWS regions E. Secure wiping of Amazon EBS data when an Amazon EBS volume is unmounted

B

Which of the following Amazon Virtual Private Cloud (Amazon VPC) elements acts as a stateless firewall? A. Security group B. Network Access Control List (ACL) C. Network Address Translation (NAT) instance D. An Amazon VPC endpoint

B

Which of the following best describes the risk and compliance communication responsibilities of customers to AWS? A. AWS and customers both communicate their security and control environment information to each other at all times. B. AWS publishes information about the AWS security and control practices online, and directly to customers under NDA. Customers do not need to communicate their use and configurations to AWS. C. Customers communicate their use and configurations to AWS at all times. AWS does not communicate AWS security and control practices to customers for security reasons. D. Both customers and AWS keep their security and control practices entirely confidential and do not share them in order to ensure the greatest security for all parties.

B

Which of the following is the name of the feature within Amazon Virtual Private Cloud (Amazon VPC) that allows you to launch Amazon Elastic Compute Cloud (Amazon EC2) instances on hardware dedicated to a single customer? A. Amazon VPC-based tenancy B. Dedicated tenancy C. Default tenancy D. Host-based tenancy

B

Which of the following is the name of the security model employed by AWS with its customers? A. The shared secret model B. The shared responsibility model C. The shared secret key model D. The secret key responsibility model

B

Which of the following statements best describes an availability zone? A. Each availability zone consists of a single discrete data center with redundant power and networking/connectivity. B. Each availability zone consists of multiple discrete data centers with redundant power and networking/connectivity. C. Each availability zone consists of multiple discrete regions, each with a single data center with redundant power and networking/connectivity. D. Each availability zone consists of multiple discrete data centers with shared power and redundant networking/connectivity.

B

Which port number is used to serve requests by DNS? A. 22 B. 53 C. 161 D. 389

B

Which type of DNS record should you use to resolve a domain name to another domain name? A. An A record B. A CNAME record C. An SPF record D. A PTR record

B

You are building a media-sharing web application that serves video files to end users on both PCs and mobile devices. The media files are stored as objects in an Amazon Simple Storage Service (Amazon S3) bucket, but are to be delivered through Amazon CloudFront. What is the simplest way to ensure that only Amazon CloudFront has access to the objects in the Amazon S3 bucket? A. Create Signed URLs for each Amazon S3 object. B. Use an Amazon CloudFront Origin Access Identifier (OAI). C. Use public and private keys with signed cookies. D. Use an AWS Identity and Access Management (IAM) bucket policy.

B

You are building the database tier for an enterprise application that gets occasional activity throughout the day. Which storage type should you select as your default option? A. Magnetic storage B. General Purpose Solid State Drive (SSD) C. Provisioned IOPS (SSD) D. Storage Area Network (SAN)-attached

B

You are designing a new application, and you need to ensure that the components of your application are not tightly coupled. You are trying to decide between the different AWS cloud services to use to achieve this goal. Your requirements are that messages between your application components may not be delivered more than once, tasks must be completed in either a synchronous or asynchronous fashion, and there must be some form of application logic that decides what do when tasks have been completed. What application service should you use? A. Amazon Simple Queue Service (Amazon SQS) B. Amazon Simple Workflow Service (Amazon SWF) C. Amazon Simple Storage Service (Amazon S3) D. Amazon Simple Email Service (Amazon SES)

B

You are designing an e-commerce web application that will scale to potentially hundreds of thousands of concurrent users. Which database technology is best suited to hold the session state for large numbers of concurrent users? A. Relational database using Amazon Relational Database Service (Amazon RDS) B. NoSQL database table using Amazon DynamoDB C. Data warehouse using Amazon Redshift D. Amazon Simple Storage Service (Amazon S3)

B

You are rolling out A and B test versions of a web application to see which version results in the most sales. You need 10 percent of your traffic to go to version A, 10 percent to go to version B, and the rest to go to your current production version. Which routing policy should you choose to achieve this? A. Simple routing B. Weighted routing C. Geolocation routing D. Failover routing

B

You are running a suite of microservices on AWS Lambda that provide the business logic and access to data stored in Amazon DynamoDB for your task management system. You need to create well-defined RESTful Application Program Interfaces (APIs) for these microservices that will scale with traffic to support a new mobile application. What AWS Cloud service can you use to create the necessary RESTful APIs? A. Amazon Kinesis B. Amazon API Gateway C. Amazon Cognito D. Amazon Elastic Compute Cloud (Amazon EC2) Container Registry

B

You have been using Amazon Relational Database Service (Amazon RDS) for the last year to run an important application with automated backups enabled. One of your team members is performing routine maintenance and accidentally drops an important table, causing an outage. How can you recover the missing data while minimizing the duration of the outage? A. Perform an undo operation and recover the table. B. Restore the database from a recent automated DB snapshot. C. Restore only the dropped table from the DB snapshot. D. The data cannot be recovered.

B

You have launched an Amazon Linux Elastic Compute Cloud (Amazon EC2) instance into EC2-Classic, and the instance has successfully passed the System Status Check and Instance Status Check. You attempt to securely connect to the instance via Secure Shell (SSH) and receive the response, "WARNING: UNPROTECTED PRIVATE KEY FILE", after which the login fails. Which of the following is the cause of the failed login? A. You are using the wrong private key. B. The permissions for the private key are too insecure for the key to be trusted. C. A security group rule is blocking the connection. D. A security group rule has not been associated with the private key.

B

You host a web application across multiple AWS regions in the world, and you need to configure your DNS so that your end users will get the fastest network performance possible. Which routing policy should you apply? A. Geolocation routing B. Latency-based routing C. Simple routing D. Weighted routing

B

Your company has 30 years of financial records that take up 15TB of on-premises storage. It is regulated that you maintain these records, but in the year you have worked for the company no one has ever requested any of this data. Given that the company data center is already filling the bandwidth of its Internet connection, what is an alternative way to store the data on the most appropriate cloud storage? A. AWS Import/Export to Amazon Simple Storage Service (Amazon S3) B. AWS Import/Export to Amazon Glacier C. Amazon Kinesis D. Amazon Elastic MapReduce (AWS EMR)

B

Your company has 50,000 weather stations around the country that send updates every 2 seconds. What service will enable you to ingest this stream of data and store it to Amazon Simple Storage Service (Amazon S3) for future processing? A. Amazon Simple Queue Service (Amazon SQS) B. Amazon Kinesis Firehose C. Amazon Elastic Compute Cloud (Amazon EC2) D. Amazon Data Pipeline

B

Your company provides transcoding services for amateur producers to format their short films to a variety of video formats. Which service provides the best option for storing the videos? A. Amazon Glacier B. Amazon Simple Storage Service (Amazon S3) C. Amazon Relational Database Service (Amazon RDS) D. AWS Storage Gateway

B

Your company wants to extend their existing Microsoft Active Directory capability into an Amazon Virtual Private Cloud (Amazon VPC) without establishing a trust relationship with the existing on-premises Active Directory. Which of the following is the best approach to achieve this goal? A. Create and connect an AWS Directory Service AD Connector. B. Create and connect an AWS Directory Service Simple AD. C. Create and connect an AWS Directory Service for Microsoft Active Directory (Enterprise Edition). D. None of the above.

B

Your company's IT management team is looking for an online tool to provide recommendations to save money, improve system availability and performance, and to help close security gaps. What can help the management team? A. Cloud-init B. AWS Trusted Advisor C. AWS Config D. Configuration Recorder

B

(Choose 2 answers) An application currently uses Memcached to cache frequently used database queries. Which steps are required to migrate the application to use Amazon ElastiCache with minimal changes? A. Recompile the application to use the Amazon ElastiCache libraries. B. Update the configuration file with the endpoint for the Amazon ElastiCache cluster. C. Configure a security group to allow access from the application servers. D. Connect to the Amazon ElastiCache nodes using Secure Shell (SSH) and install the latest version of Memcached.

B,C

(Choose 2 answers) How can you back up data stored in Amazon ElastiCache running Redis? A. Create an image of the Amazon Elastic Compute Cloud (Amazon EC2) instance. B. Configure automatic snapshots to back up the cache environment every night. C. Create a snapshot manually. D. Redis clusters cannot be backed up.

B,C

(Choose 2 answers) Which of the following cache engines are supported by Amazon ElastiCache? A. MySQL B. Memcached C. Redis D. Couchbase

B,C

(Choose 2 answers) Which of the following options will help increase the availability of a web server farm? A. Use Amazon CloudFront to deliver content to the end users with low latency and high data transfer speeds. B. Launch the web server instances across multiple Availability Zones. C. Leverage Auto Scaling to recover from failed instances. D. Deploy the instances in an Amazon Virtual Private Cloud (Amazon VPC). E. Add more CPU and RAM to each instance.

B,C

(Choose 2 answers) Which of the following workloads are a good fit for running on Amazon Redshift? A. Transactional database supporting a busy e-commerce order processing website B. Reporting database supporting back-office analytics C. Data warehouse used to aggregate multiple disparate data sources D. Manage session state and user profile data for thousands of concurrent users

B,C

(Choose 2 answers) You are trying to decrypt ciphertext with AWS KMS and the decryption operation is failing. Which of the following are possible causes? A. The private key does not match the public key in the ciphertext. B. The plaintext was encrypted along with an encryption context, and you are not providing the identical encryption context when calling the Decrypt API. C. The ciphertext you are trying to decrypt is not valid. D. You are not providing the correct symmetric key to the Decrypt API.

B,C

(Choose 3 answers) How can you secure an Amazon ElastiCache cluster? A. Change the Memcached root password. B. Restrict Application Programming Interface (API) actions using AWS Identity and Access Management (IAM) policies. C. Restrict network access using security groups. D. Restrict network access using a network Access Control List (ACL).

B,C,D

(Choose 3 answers) What origin servers are supported by Amazon CloudFront? A. An Amazon Route 53 Hosted Zone B. An Amazon Simple Storage Service (Amazon S3) bucket C. An HTTP server running on Amazon Elastic Compute Cloud (Amazon EC2) D. An Amazon EC2 Auto Scaling Group E. An HTTP server running on-premises

B,C,E

(Choose 3 answers) Which of the following are best practices for managing AWS Identity and Access Management (IAM) user access keys? A. Embed access keys directly into application code. B. Use different access keys for different applications. C. Rotate access keys periodically. D. Keep unused access keys for an indefinite period of time. E. Configure Multi-Factor Authentication (MFA) for your most sensitive operations.

B,C,E

(Choose 2 answers) DynamoDB tables may contain sensitive data that needs to be protected. Which of the following is a way for you to protect DynamoDB table content? A. DynamoDB encrypts all data server-side by default so nothing is required. B. DynamoDB can store data encrypted with a client-side encryption library solution before storing the data in DynamoDB. C. DynamoDB obfuscates all data stored so encryption is not required D. DynamoDB can be used with the AWS Key Management Service to encrypt the data before storing the data in DynamoDB. E. DynamoDB should not be used to store sensitive information requiring protection.

B,D

(Choose 2 answers) Which of the following statements about Amazon DynamoDB tables are true? A. Global secondary indexes can only be created when the table is being created. B. Local secondary indexes can only be created when the table is being created. C. You can only have one global secondary index. D. You can only have one local secondary index.

B,D

Which of the following options are valid properties of an Amazon Simple Queue Service (Amazon SQS) message? A. Destination B. Message ID C. Type D. Body

B,D

(Choose 3 answers) Your compliance department has mandated a new requirement that all data on Amazon Elastic Block Storage (Amazon EBS) volumes must be encrypted. Which of the following steps would you follow for your existing Amazon EBS volumes to comply with the new requirement? A. Move the existing Amazon EBS volume into an Amazon Virtual Private Cloud (Amazon VPC). B. Create a new Amazon EBS volume with encryption enabled. C. Modify the existing Amazon EBS volume properties to enable encryption. D. Attach an Amazon EBS volume with encryption enabled to the instance that hosts the data, then migrate the data to the encryption-enabled Amazon EBS volume. E. Copy the data from the unencrypted Amazon EBS volume to the Amazon EBS volume with encryption enabled.

B,D,E

(Choose 2 answers) When designing a loosely coupled system, which AWS services provide an intermediate durable storage layer between components? A. Amazon CloudFront B. Amazon Kinesis C. Amazon Route 53 D. AWS CloudFormation E. Amazon Simple Queue Service (Amazon SQS)

B,E

FIX THIS*****(Choose 2 answers) You are a solutions architect who is working for a mobile application company that wants to use Amazon Simple Workflow Service (Amazon SWF) for their new takeout ordering application. They will have multiple workflows that will need to interact. What should you advise them to do in structuring the design of their Amazon SWF environment? A. Use multiple domains, each containing a single workflow, and design the workflows to interact across the different domains. B. Use a single domain containing multiple workflows. In this manner, the workflows will be able to interact. C. Use a single domain with a single workflow and collapse all activities to within this single workflow. D. Workflows cannot interact with each other; they would be better off using Amazon Simple Queue Service (Amazon SQS) and Amazon Simple Notification Service (Amazon SNS) for their application.

B?

A Database security group controls network access to a database instance that is inside a Virtual Private Cloud (VPC) and by default allows access from? A. Access from any IP address for the standard ports that the database uses is provided by default. B. Access from any IP address for any port is provided by default in the DB security group. C. No access is provided by default, and any access must be explicitly added with a rule to the DB security group. D. Access for the database connection string is provided by default in the DB security group.

C

As a Solutions Architect, how should you architect systems on AWS? A. You should architect for least cost. B. You should architect your AWS usage to take advantage of Amazon Simple Storage Service's (Amazon S3) durability. C. You should architect your AWS usage to take advantage of multiple regions and Availability Zones. D. You should architect with Amazon Elastic Compute Cloud (Amazon EC2) Auto Scaling to ensure capacity is available when needed.

C

Can an Amazon Simple Notification Service (Amazon SNS) message be deleted after being published to a topic? A. Only if a subscriber(s) has/have not read the message yet B. Only if the Amazon SNS recall message parameter has been set C. No. After a message has been successfully published to a topic, it cannot be recalled. D. Yes. However it can be deleted only if the subscribers are Amazon SQS queues.

C

Can an Amazon Simple Notification Service (Amazon SNS) topic be recreated with a previously used topic name? A. Yes. The topic name should typically be available after 24 hours after the previous topic with the same name has been deleted. B. Yes. The topic name should typically be available after 1–3 hours after the previous topic with the same name has been deleted. C. Yes. The topic name should typically be available after 30-60 seconds after the previous topic with the same name has been deleted. D. At this time, this feature is not supported.

C

How can you connect to a new Linux instance using SSH? A. Decrypt the root password. B. Using a certificate C. Using the private half of the instance's key pair D. Using Multi-Factor Authentication (MFA)

C

How many access keys may an AWS Identity and Access Management (IAM) user have active at one time? A. 0 B. 1 C. 2 D. 3

C

How many nodes can you add to an Amazon ElastiCache cluster running Memcached? A. 1 B. 5 C. 20 D. 100

C

What combination of services enable you to copy daily 50TB of data to Amazon storage, process the data in Hadoop, and store the results in a large data warehouse? A. Amazon Kinesis, Amazon Data Pipeline, Amazon Elastic MapReduce (Amazon EMR), and Amazon Elastic Compute Cloud (Amazon EC2) B. Amazon Elastic Block Store (Amazon EBS), Amazon Data Pipeline, Amazon EMR, and Amazon Redshift C. Amazon Simple Storage Service (Amazon S3), Amazon Data Pipeline, Amazon EMR, and Amazon Redshift D. Amazon S3, Amazon Simple Workflow, Amazon EMR, and Amazon DynamoDB

C

What is the format of an IAM policy? A. XML B. Key/value pairs C. JSON D. Tab-delimited text

C

What is the minimum size subnet that you can have in an Amazon VPC? A. /24 B. /26 C. /28 D. /30

C

What should you do in order to grant a different AWS account permission to your Amazon Simple Queue Service (Amazon SQS) queue? A. Share credentials to your AWS account and have the other account's applications use your account's credentials to access the Amazon SQS queue. B. Create a user for that account in AWS Identity and Access Management (IAM) and establish an IAM policy that grants access to the queue. C. Create an Amazon SQS policy that grants the other account access. D. Amazon Virtual Private Cloud (Amazon VPC) peering must be used to achieve this.

C

When it comes to risk management, which of the following is true? A. AWS does not develop a strategic business plan; risk management and mitigation is entirely the responsibility of the customer. B. AWS has developed a strategic business plan to identify any risks and implemented controls to mitigate or manage those risks. Customers do not need to develop and maintain their own risk management plans. C. AWS has developed a strategic business plan to identify any risks and has implemented controls to mitigate or manage those risks. Customers should also develop and maintain their own risk management plans to ensure they are compliant with any relevant controls and certifications. D. Neither AWS nor the customer needs to worry about risk management, so no plan is needed from either party.

C

Which DNS record should you use to configure the transmission of email to your intended mail server? A. SPF records B. A records C. MX records D. SOA record

C

Which is a function that Amazon Route 53 does not perform? A. Domain registration B. DNS service C. Load balancing D. Health checks

C

Which of the following are AWS Key Management Service (AWS KMS) keys that will never exit AWS unencrypted? A. AWS KMS data keys B. Envelope encryption keys C. AWS KMS Customer Master Keys (CMKs) D. A and C

C

Which of the following describes how Amazon Elastic MapReduce (Amazon EMR) protects access to the cluster? A. The master node and the slave nodes are launched into an Amazon Virtual Private Cloud (Amazon VPC). B. The master node supports a Virtual Private Network (VPN) connection from the key specified at cluster launch. C. The master node is launched into a security group that allows Secure Shell (SSH) and service access, while the slave nodes are launched into a separate security group that only permits communication with the master node. D. The master node and slave nodes are launched into a security group that allows SSH and service access.

C

Which of the following is NOT a recommended approach for customers trying to achieve strong compliance and governance over an entire IT control environment? A. Take a holistic approach: Review information available from AWS together with all other information, and document all compliance requirements. B. Verify that all control objectives are met and all key controls are designed and operating effectively. C. Implement generic control objectives that are not specifically designed to meet their organization's compliance requirements. D. Identify and document controls owned by all third parties.

C

Which of the following statements is true when it comes to the AWS shared responsibility model? A. The shared responsibility model is limited to security considerations only; it does not extend to IT controls. B. The shared responsibility model is only applicable for customers who want to be compliant with SOC 1 Type II. C. The shared responsibility model is not just limited to security considerations; it also extends to IT controls. D. The shared responsibility model is only applicable for customers who want to be compliant with ISO 27001.

C

Which resource record set would not be allowed for the hosted zone example.com? A. www.example.com B. www.aws.example.com C. www.example.ca D. www.beta.example.com

C

Which technology does Amazon WorkSpaces use to provide data security? A. Secure Sockets Layer (SSL)/Transport Layer Security (TLS) B. Advanced Encryption Standard (AES)-256 C. PC-over-IP (PCoIP) D. AES-128

C

Which type of record is commonly used to route traffic to an IPv6 address? A. An A record B. A CNAME C. An AAAA record D. An MX record

C

You are a solutions architect working for a media company that hosts its website on AWS. Currently, there is a single Amazon Elastic Compute Cloud (Amazon EC2) Instance on AWS with MySQL installed locally to that Amazon EC2 Instance. You have been asked to make the company's production environment more resilient and to increase performance. You suggest that the company split out the MySQL database onto an Amazon RDS Instance with Multi-AZ enabled. This addresses the company's increased resiliency requirements. Now you need to suggest how you can increase performance. Ninety-nine percent of the company's end users are magazine subscribers who will be reading additional articles on the website, so only one percent of end users will need to write data to the site. What should you suggest to increase performance? A. Alter the connection string so that if a user is going to write data, it is written to the secondary copy of the Multi-AZ database. B. Alter the connection string so that if a user is going to write data, it is written to the primary copy of the Multi-AZ database. C. Recommend that the company use read replicas, and distribute the traffic across multiple read replicas. D. Migrate the MySQL database to Amazon Redshift to take advantage of columnar storage and maximize performance.

C

You are building a photo management application that maintains metadata on millions of images in an Amazon DynamoDB table. When a photo is retrieved, you want to display the metadata next to the image. Which Amazon DynamoDB operation will you use to retrieve the metadata attributes from the table? A. Scan operation B. Search operation C. Query operation D. Find operation

C

You are working on a mobile gaming application and are building the leaderboard feature to track the top scores across millions of users. Which AWS services are best suited for this use case? A. Amazon Redshift B. Amazon ElastiCache using Memcached C. Amazon ElastiCache using Redis D. Amazon Simple Storage Service (S3)

C

You have an application that for legal reasons must be hosted in the United States when U.S. citizens access it. The application must be hosted in the European Union when citizens of the EU access it. For all other citizens of the world, the application must be hosted in Sydney. Which routing policy should you choose in order to achieve this? A. Latency-based routing B. Simple routing C. Geolocation routing D. Failover routing

C

You have launched a Windows Amazon Elastic Compute Cloud (Amazon EC2) instance and specified an Amazon EC2 key pair for the instance at launch. Which of the following accurately describes how to log in to the instance? A. Use the Amazon EC2 key pair to securely connect to the instance via Secure Shell (SSH). B. Use your AWS Identity and Access Management (IAM) user X.509 certificate to log in to the instance. C. Use the Amazon EC2 key pair to decrypt the administrator password and then securely connect to the instance via Remote Desktop Protocol (RDP) as the administrator. D. A key pair is not needed. Securely connect to the instance via RDP.

C

Your Amazon Virtual Private Cloud (Amazon VPC) includes multiple private subnets. The instances in these private subnets must access third-party payment Application Program Interfaces (APIs) over the Internet. Which option will provide highly available Internet access to the instances in the private subnets? A. Create an AWS Storage Gateway in each Availability Zone and configure your routing to ensure that resources use the AWS Storage Gateway in the same Availability Zone. B. Create a customer gateway in each Availability Zone and configure your routing to ensure that resources use the customer gateway in the same Availability Zone. C. Create a Network Address Translation (NAT) gateway in each Availability Zone and configure your routing to ensure that resources use the NAT gateway in the same Availability Zone. D. Create a NAT gateway in one Availability Zone and configure your routing to ensure that resources use that NAT gateway in all the Availability Zones.

C

Your WordPress website is hosted on a fleet of Amazon Elastic Compute Cloud (Amazon EC2) instances that leverage Auto Scaling to provide high availability. To ensure that the content of the WordPress site is sustained through scale up and scale down events, you need a common file system that is shared between more than one Amazon EC2 instance. Which AWS Cloud service can meet this requirement? A. Amazon CloudFront B. Amazon ElastiCache C. Amazon Elastic File System (Amazon EFS) D. Amazon Elastic Beanstalk

C

Your company collects information from the point of sale registers at all of its franchise locations. Each month these processes collect 200TB of information stored in Amazon Simple Storage Service (Amazon S3). Analytics jobs taking 24 hours are performed to gather knowledge from this data. Which of the following will allow you to perform these analytics in a cost-effective way? A. Copy the data to a persistent Amazon Elastic MapReduce (Amazon EMR) cluster, and run the MapReduce jobs. B. Create an application that reads the information of the Amazon S3 bucket and runs it through an Amazon Kinesis stream. C. Run a transient Amazon EMR cluster, and run the MapReduce jobs against the data directly in Amazon S3. D. Launch a d2.8xlarge (32 vCPU, 244GB RAM) Amazon Elastic Compute Cloud (Amazon EC2) instance, and run an application to read and process each object sequentially.

C

Your company data center is completely full, but the sales group has determined a need to store 200TB of product video. The videos were created over the last several years, with the most recent being accessed by sales the most often. The data must be accessed locally, but there is no space in the data center to install local storage devices to store this data. What AWS Cloud service will meet sales' requirements? A. AWS Storage Gateway Gateway-Stored volumes B. Amazon Elastic Compute Cloud (Amazon EC2) instances with attached Amazon EBS Volumes C. AWS Storage Gateway Gateway-Cached volumes D. AWS Import/Export Disk

C

Your e-commerce application provides daily and <em>ad hoc</em> reporting to various business units on customer purchases. This is resulting in an extremely high level of read traffic to your MySQL Amazon Relational Database Service (Amazon RDS) instance. What can you do to scale up read traffic without impacting your database's performance? A. Increase the allocated storage for the Amazon RDS instance. B. Modify the Amazon RDS instance to be a Multi-AZ deployment. C. Create a read replica for an Amazon RDS instance. D. Change the Amazon RDS instance DB engine version.

C

Your organization uses Chef heavily for its deployment automation. What AWS Cloud service provides integration with Chef recipes to start new application server instances, configure application server software, and deploy applications? A. AWS Elastic Beanstalk</span> B. Amazon Kinesis C. AWS OpsWorks D. AWS CloudFormation

C

When using Amazon Relational Database Service (Amazon RDS) Multi-AZ, how can you offload read requests from the primary? (Choose 2 answers) A. Configure the connection string of the clients to connect to the secondary node and perform reads while the primary is used for writes. B. Amazon RDS automatically sends writes to the primary and sends reads to the secondary. C. Add a read replica DB instance, and configure the client's application logic to use a read-replica. D. Create a caching environment using ElastiCache to cache frequently used data. Update the application logic to read/write from the cache.

C,D

(Choose 2 answers) You have a web application that contains both static content in an Amazon Simple Storage Service (Amazon S3) bucket&mdash;primarily images and CSS files&mdash;and also dynamic content currently served by a PHP web app running on Amazon Elastic Compute Cloud (Amazon EC2). What features of Amazon CloudFront can be used to support this application with a single Amazon CloudFront distribution? A. Multiple Origin Access Identifiers B. Multiple signed URLs C. Multiple origins D. Multiple edge locations E. Multiple cache behaviors

C,E

Which service allows you to process nearly limitless streams of data in flight? A. Amazon Kinesis Firehose B. Amazon Elastic MapReduce (Amazon EMR) C. Amazon Redshift D. Amazon Kinesis Streams

D

Which of the following Elastic Load Balancing options ensure that the load balancer determines which cipher is used for a Secure Sockets Layer (SSL) connection? A. Client Server Cipher Suite B. Server Cipher Only C. First Server Cipher D. Server Order Preference

D

Which type of DNS record should you use to resolve an IP address to a domain name? A. An A record B. A C Name C. An SPF record D. A PTR record

D

All of the website deployments are currently done by your company's development team. With a surge in website popularity, the company is looking for ways to be more agile with deployments. What AWS Cloud service can help the developers focus more on writing code instead of spending time managing and configuring servers, databases, load balancers, firewalls, and networks? A. AWS Config B. AWS Trusted Advisor C. Amazon Kinesis D. AWS Elastic Beanstalk

D

Amazon Route 53 cannot route queries to which AWS resource? A. Amazon CloudFront distribution B. Elastic Load Balancing load balancer C. Amazon EC2 D. AWS OpsWorks

D

Amazon Simple Notification Service (Amazon SNS) is a push notification service that lets you send individual or multiple messages to large numbers of recipients. What types of clients are supported? A. Java and JavaScript clients that support publisher and subscriber types B. Producers and consumers supported by C and C++ clients C. Mobile and AMQP support for publisher and subscriber client types D. Publisher and subscriber client types

D

Which cryptographic method is used by AWS Key Management Service (AWS KMS) to encrypt data? A. Password-based encryption B. Asymmetric C. Shared secret D. Envelope encryption

D

How does Amazon Simple Queue Service (Amazon SQS) deliver messages? A. Last In, First Out (LIFO) B. First In, First Out (FIFO) C. Sequentially D. Amazon SQS doesn't guarantee delivery of your messages in any particular order.

D

What is the longest configurable message retention period for Amazon Simple Queue Service (Amazon SQS)? A. 30 minutes B. 4 days C. 30 seconds D. 14 days

D

What is the longest time available for an Amazon Simple Queue Service (Amazon SQS) visibility timeout? A. 30 seconds B. 60 seconds C. 1 hour D. 12 hours

D

When configuring Amazon Route 53 as your DNS service for an existing domain, which is the first step that needs to be performed? A. Create hosted zones. B. Create resource record sets. C. Register a domain with Amazon Route 53. D. Transfer domain registration from current registrar to Amazon Route 53.

D

Which AWS database service is best suited for non-relational databases? A. Amazon Redshift B. Amazon Relational Database Service (Amazon RDS) C. Amazon Glacier D. Amazon DynamoDB

D

Which DNS record must all zones have by default? A. SPF B. TXT C. MX D. SOA

D

Which of the following describes the scheme used by an Amazon Redshift cluster leveraging AWS Key Management Service (AWS KMS) to encrypt data-at-rest? A. Amazon Redshift uses a one-tier, key-based architecture for encryption. B. Amazon Redshift uses a two-tier, key-based architecture for encryption. C. Amazon Redshift uses a three-tier, key-based architecture for encryption. D. Amazon Redshift uses a four-tier, key-based architecture for encryption.

D

Which of the following is not a supported Amazon Simple Notification Service (Amazon SNS) protocol? A. HTTPS B. AWS Lambda C. Email-JSON D. Amazon DynamoDB

D

Which of the following is the most recent version of the AWS digital signature calculation process? A. Signature Version 1 B. Signature Version 2 C. Signature Version 3 D. Signature Version 4

D

Which of the following public identity providers are supported by Amazon Cognito Identity? A. Amazon B. Google C. Facebook D. All of the above

D

Which of the following statements is true when it comes to the risk and compliance advantages of the AWS environment? A. Workloads must be moved entirely into the AWS Cloud in order to be compliant with various certifications and third-party attestations. B. The critical components of a workload must be moved entirely into the AWS Cloud in order to be compliant with various certifications and third-party attestations, but the non-critical components do not. C. The non-critical components of a workload must be moved entirely into the AWS Cloud in order to be compliant with various certifications and third-party attestations, but the critical components do not. D. Few, many, or all components of a workload can be moved to the AWS Cloud, but it is the customer's responsibility to ensure that their entire workload remains compliant with various certifications and third-party attestations.

D

Which protocol is primarily used by DNS to serve requests? A. Transmission Control Protocol (TCP) B. Hyper Text Transfer Protocol (HTTP) C. File Transfer Protocol (FTP) D. User Datagram Protocol (UDP)

D

Who is responsible for the configuration of security groups in an AWS environment? A. The customer and AWS are both jointly responsible for ensuring that security groups are correctly and securely configured. B. AWS is responsible for ensuring that all security groups are correctly and securely configured. Customers do not need to worry about security group configuration. C. Neither AWS nor the customer is responsible for the configuration of security groups; security groups are intelligently and automatically configured using traffic heuristics. D. AWS provides the security group functionality as a service, but the customer is responsible for correctly and securely configuring their own security groups.

D

You are a system administrator whose company has moved its production database to AWS. Your company monitors its estate using Amazon CloudWatch, which sends alarms using Amazon Simple Notification Service (Amazon SNS) to your mobile phone. One night, you get an alert that your primary Amazon Relational Database Service (Amazon RDS) Instance has gone down. You have Multi-AZ enabled on this instance. What should you do to ensure the failover happens quickly? A. Update your Domain Name System (DNS) to point to the secondary instance's new IP address, forcing your application to fail over to the secondary instance. B. Connect to your server using Secure Shell (SSH) and update your connection strings so that your application can communicate to the secondary instance instead of the failed primary instance. C. Take a snapshot of the secondary instance and create a new instance using this snapshot, then update your connection string to point to the new instance. D. No action is necessary. Your connection string points to the database endpoint, and AWS automatically updates this endpoint to point to your secondary instance.

D

You need a secure way to distribute your AWS credentials to an application running on Amazon Elastic Compute Cloud (Amazon EC2) instances in order to access supplementary AWS Cloud services. What approach provides your application access to use short-term credentials for signing requests while protecting those credentials from other users? A. Add your credentials to the UserData parameter of each Amazon EC2 instance. B. Use a configuration file to store your access and secret keys on the Amazon EC2 instances. C. Specify your access and secret keys directly in your application. D. Provision the Amazon EC2 instances with an instance profile that has the appropriate privileges.

D

Your application polls an Amazon Simple Queue Service (Amazon SQS) queue frequently and returns immediately, often with empty ReceiveMessageResponses. What is one thing that can be done to reduce Amazon SQS costs? A. Pricing on Amazon SQS does not include a cost for service requests; therefore, there is no concern. B. Increase the timeout value for short polling to wait for messages longer before returning a response. C. Change the message visibility value to a higher number. D. Use long polling by supplying a WaitTimeSeconds of greater than 0 seconds when calling ReceiveMessage.

D

Your company has its primary production site in Western Europe and its DR site in the Asia Pacific. You need to configure DNS so that if your primary site becomes unavailable, you can fail DNS over to the secondary site. Which DNS routing policy would best achieve this? A. Weighted routing B. Geolocation routing C. Simple routing D. Failover routing

D

Each AWS region is composed of two or more locations that offer organizations the ability to operate production systems that are more highly available, fault tolerant, and scalable than would be possible using a single data center. What are these locations called? A. Availability zones B. Replication areas C. Geographic districts D. Compute centers

A

How many (Internet Gateways) IGWs can you attach to an Amazon VPC at any one time? A. 1 B. 2 C. 3 D. 4

A

Using the correctly decrypted Administrator password and (Remote Desktop Protocol) RDP, you cannot log in to a Windows instance you just launched. Which of the following is a possible reason? A. There is no security group rule that allows RDP access over port 3389 from your IP address. B. The instance is a Reserved Instance. C. The instance is not using enhanced networking. D. The instance is not an Amazon EBS-optimized instance.

A

What is the maximum size IP address range that you can have in an Amazon VPC? A. /16 B. /24 C. /28 D. /30

A

Which of the following are the minimum required elements to create an Auto Scaling launch configuration? A. Launch configuration name, Amazon Machine Image (AMI), and instance type B. Launch configuration name, AMI, instance type, and key pair C. Launch configuration name, AMI, instance type, key pair, and security group D. Launch configuration name, AMI, instance type, key pair, security group, and block device mapping

A

You want to host multiple Hypertext Transfer Protocol Secure (HTTPS) websites on a fleet of Amazon EC2 instances behind an Elastic Load Balancing load balancer with a single X.509 certificate. How must you configure the Secure Sockets Layer (SSL) certificate so that clients connecting to the load balancer are not presented with a warning when they connect? A. Create one SSL certificate with a Subject Alternative Name (SAN) value for each website name. B. Create one SSL certificate with the Server Name Indication (SNI) value checked. C. Create multiple SSL certificates with a SAN value for each website name. D. Create SSL certificates for each Availability Zone with a SAN value for each website name.

A

(Choose 2 answers) You have a workload that requires 15,000 consistent (input/output operations per second) IOPS for data that must be durable. What combination of the following steps do you need? A. Use an Amazon Elastic Block Store (Amazon EBS)-optimized instance. B. Use an instance store. C. Use a Provisioned IOPS SSD volume. D. Use a magnetic volume.

A,C

(Choose 2 answers) You have purchased an m3.xlarge Linux Reserved instance in us-east-1a. In which ways can you modify this reservation? A. Change it into two m3.large instances. B. Change it to a Windows instance. C. Move it to us-east-1b. D. Change it to an m4.xlarge.

A,C

(Choose 3 answers) Elastic Load Balancing health checks may be: A. A ping B. A key pair verification C. A connection attempt D. A page request E. An Amazon Elastic Compute Cloud (Amazon EC2) instance status check

A,C,D

(Choose 3 answers) Your security team is very concerned about the vulnerability of the IAM administrator user accounts (the accounts used to configure all IAM features and accounts). What steps can be taken to lock down these accounts? A. Add multi-factor authentication (MFA) to the accounts. B. Limit logins to a particular U.S. state. C. Implement a password policy on the AWS account. D. Apply a source IP address condition to the policy that only grants permissions when the user is on the corporate network. E. Add a CAPTCHA test to the accounts.

A,C,D

(Choose 2 answers) What is needed before you can enable cross-region replication on an Amazon Simple Storage Service (Amazon S3) bucket? A. Enable versioning on the bucket. B. Enable a lifecycle rule to migrate data to the second region. C. Enable static website hosting. D. Create an AWS Identity and Access Management (IAM) policy to allow Amazon S3 to replicate objects on your behalf.

A,D

(Choose 2 answers) Which of the following are based on temporary security tokens? A. Amazon EC2 roles B. MFA C. Root user D. Federation

A,D

(Choose 2 answers) Which of the following are required elements of an Auto Scaling group? A. Minimum size B. Health checks C. Desired capacity D. Launch configuration

A,D

(Choose 3 answers) Amazon Simple Storage Service (S3) bucket policies can restrict access to an Amazon S3 bucket and objects by which of the following? A. Company name B. IP address range C. AWS account D. Country of origin E. Objects with a specific prefix

B,C,E

Which of the following must be configured on an Elastic Load Balancing load balancer to accept incoming traffic? A. A port B. A network interface C. A listener D. An instance

C

Which of the following describes a physical location around the world where AWS clusters data centers? A. Endpoint B. Collection C. Fleet D. Region

D

Which of the following is the security protocol supported by Amazon VPC? A. SSH B. Advanced Encryption Standard (AES) C. Point-to-Point Tunneling Protocol (PPTP) D. IPsec

D

Your company provides an online photo sharing service. The development team is looking for ways to deliver image files with the lowest latency to end users so the website content is delivered with the best possible performance. What service can help speed up distribution of these image files to end users around the world? A. Amazon Elastic Compute Cloud (Amazon EC2) B. Amazon Route 53 C. AWS Storage Gateway D. Amazon CloudFront

D

Your instance is associated with two security groups. The first allows Remote Desktop Protocol (RDP) access over port 3389 from Classless Inter-Domain Routing (CIDR) block 72.14.0.0/16. The second allows HTTP access over port 80 from CIDR block 0.0.0.0/0. What traffic can reach your instance? A. RDP and HTTP access from CIDR block 0.0.0.0/0 B. No traffic is allowed. C. RDP and HTTP traffic from 72.14.0.0/16 D. RDP traffic over port 3389 from 72.14.0.0/16 and HTTP traffic over port 80 from 0.0.00/0

D

What happens when you create a new Amazon VPC? A. A main route table is created by default. B. Three subnets are created by default with one for each Availability Zone. C. Three subnets are created by default in one Availability Zone. D. An (Internet Gateway) IGW is created by default.

A

Your company experiences fluctuations in traffic patterns to their e-commerce website based on flash sales. What service can help your company dynamically match the required compute capacity to the spike in traffic during flash sales? A. Auto Scaling B. Amazon Glacier C. Amazon Simple Notification Service (Amazon SNS) D. Amazon Virtual Private Cloud (Amazon VPC)

A

Your company runs an Amazon Elastic Compute Cloud (Amazon EC2) instance periodically to perform a batch processing job on a large and growing filesystem. At the end of the batch job, you shut down the Amazon EC2 instance to save money but need to persist the filesystem on the Amazon EC2 instance from the previous batch runs. What AWS Cloud service can you leverage to meet these requirements? A. Amazon Elastic Block Store (Amazon EBS) B. Amazon DynamoDB C. Amazon Glacier D. AWS CloudFormation

A

(Choose 4 answers) Your AWS account administrator left your company today. The administrator had access to the root user and a personal IAM administrator account. With these accounts, he generated other IAM accounts and keys. Which of the following should you do today to protect your AWS infrastructure? A. Change the password and add MFA to the root user. B. Put an IP restriction on the root user. C. Rotate keys and change passwords for IAM accounts. D. Delete all IAM accounts. E. Delete the administrator's personal IAM account. F. Relaunch all Amazon EC2 instances with new roles.

A,B,C,E

(Choose 3 answers) What are some of the key characteristics of Amazon Simple Storage Service (Amazon S3)? A. All objects have a URL. B. Amazon S3 can store unlimited amounts of data. C. Objects are world-readable by default. D. Amazon S3 uses a REST (Representational State Transfer) Application Program Interface (API). E. You must pre-allocate the storage in a bucket.

A,B,D

(Choose 3 answers) What must be done to host a static website in an Amazon Simple Storage Service (Amazon S3) bucket? A. Configure the bucket for static hosting and specify an index and error document. B. Create a bucket with the same name as the website. C. Enable File Transfer Protocol (FTP) on the bucket. D. Make the objects in the bucket world-readable. E. Enable HTTP on the bucket.

A,B,D

(Choose 3 answers) You are creating a High-Performance Computing (HPC) cluster and need very low latency and high bandwidth between instances. What combination of the following will allow this? A. Use an instance type with 10 Gbps network performance. B. Put the instances in a placement group. C. Use Dedicated Instances. D. Enable enhanced networking on the instances. E. Use Reserved Instances.

A,B,D

(Choose 3 answers) Which of the following are features of enhanced networking? A. More Packets Per Second (PPS) B. Lower latency C. Multiple network interfaces D. Border Gateway Protocol (BGP) routing E. Less jitter

A,B,E

(Choose 2 answers) Amazon Glacier is well-suited to data that is which of the following? A. Is infrequently or rarely accessed B. Must be immediately available when needed C. Is available after a three- to five-hour restore period D. Is frequently erased within 30 days

A,C

(Choose 2 answers) An Auto Scaling group may use: A. On-Demand Instances B. Stopped instances C. Spot Instances D. On-premises instances E. Already running instances if they use the same Amazon Machine Image (AMI) as the Auto Scaling group's launch configuration and are not already part of another Auto Scaling group

A,C

(Choose 2 answers) What properties of an Amazon VPC must be specified at the time of creation? A. The (Classless Inter-Domain Routing) CIDR block representing the IP address range B. One or more subnets for the Amazon VPC C. The region for the Amazon VPC D. Amazon VPC Peering relationships

A,C

(Choose 2 answers) Which of the following are IAM security features? A. Password policies B. Amazon DynamoDB global secondary indexes C. MFA D. Consolidated Billing

A,C

(Choose 2 answers) Which of the following are features of Amazon Elastic Block Store (Amazon EBS)? A. Data stored on Amazon EBS is automatically replicated within an Availability Zone. B. Amazon EBS data is automatically backed up to tape. C. Amazon EBS volumes can be encrypted transparently to workloads on the attached instance. D. Data on an Amazon EBS volume is lost when the attached instance is stopped.

A,C

(Choose 2 answers) Which of the following are found in an IAM policy? A. Service Name B. Region C. Action D. Password

A,C

For an application running in the ap-northeast-1 region with three Availability Zones (ap-northeast-1a, ap-northeast-1b, and ap-northeast-1c), which instance deployment provides high availability for the application that normally requires nine running Amazon Elastic Compute Cloud (Amazon EC2) instances but can run on a minimum of 65 percent capacity while Auto Scaling launches replacement instances in the remaining Availability Zones? A. Deploy the application on four servers in ap-northeast-1a and five servers in ap-northeast-1b, and keep five stopped instances in ap-northeast-1a as reserve. B. Deploy the application on three servers in ap-northeast-1a, three servers in ap-northeast-1b, and three servers in ap-northeast-1c. C. Deploy the application on six servers in ap-northeast-1b and three servers in ap-northeast-1c. D. Deploy the application on nine servers in ap-northeast-1b, and keep nine stopped instances in ap-northeast-1a as reserve.

B

How are you billed for elastic IP addresses? A. Hourly when they are associated with an instance B. Hourly when they are not associated with an instance C. Based on the data that flows through them D. Based on the instance type to which they are attached

B

How is data stored in Amazon Simple Storage Service (Amazon S3) for high durability? A. Data is automatically replicated to other regions. B. Data is automatically replicated within a region. C. Data is replicated only if versioning is enabled on the bucket. D. Data is automatically backed up on tape and restored if needed.

B

What aspect of an Amazon VPC is stateful? A. Network ACLs B. Security groups C. Amazon DynamoDB D. Amazon S3

B

What is the deployment term for an environment that extends an existing on-premises infrastructure into the cloud to connect cloud resources to internal systems? A. All-in deployment B. Hybrid deployment C. On-premises deployment D. Scatter deployment

B

Which Amazon VPC feature allows you to create a dual-homed instance? A. (Elastic IP) EIP address B. (Elastic Network Interface) ENI C. Security groups D. (Customer Gateway) CGW

B

Which of the following AWS Cloud services is a fully managed NoSQL database service? A. Amazon Simple Queue Service (Amazon SQS) B. Amazon DynamoDB C. Amazon ElastiCache D. Amazon Relational Database Service (Amazon RDS)

B

Which of the following AWS resources would you use in order for an EC2-VPC instance to resolve DNS names outside of AWS? A. A VPC peering connection B. A DHCP option set C. A routing rule D. An (Internet Gateway) IGW

B

You are responsible for the application logging solution for your company's existing applications running on multiple Amazon EC2 instances. Which of the following is the best approach for aggregating the application logs within AWS? A. Amazon CloudWatch custom metrics B. Amazon CloudWatch Logs Agent C. An Elastic Load Balancing listener D. An internal Elastic Load Balancing load balancer

B

You are responsible for your company's AWS resources, and you notice a significant amount of traffic from an IP address in a foreign country in which your company does not have customers. Further investigation of the traffic indicates the source of the traffic is scanning for open ports on your EC2-VPC instances. Which one of the following resources can deny the traffic from reaching the instances? A. Security group B. Network ACL C. NAT instance D. An Amazon VPC endpoint

B

You are restoring an Amazon Elastic Block Store (Amazon EBS) volume from a snapshot. How long will it be before the data is available? A. It depends on the provisioned size of the volume. B. The data will be available immediately. C. It depends on the amount of data stored on the volume. D. It depends on whether the attached instance is an Amazon EBS-optimized instance.

B

You have a popular web application that accesses data stored in an Amazon Simple Storage Service (Amazon S3) bucket. You expect the access to be very read-intensive, with expected request rates of up to 500 GETs per second from many clients. How can you increase the performance and scalability of Amazon S3 in this case? A. Turn on cross-region replication to ensure that data is served from multiple locations. B. Ensure randomness in the namespace by including a hash prefix to key names. C. Turn on server access logging. D. Ensure that key names are sequential to enable pre-fetch.

B

You have created an Elastic Load Balancing load balancer listening on port 80, and you registered it with a single Amazon Elastic Compute Cloud (Amazon EC2) instance also listening on port 80. A client makes a request to the load balancer with the correct protocol and port for the load balancer. In this scenario, how many connections does the balancer maintain? A. 1 B. 2 C. 3 D. 4

B

You have valuable media files hosted on AWS and want them to be served only to authenticated users of your web application. You are concerned that your content could be stolen and distributed for free. How can you protect your content? A. Use static web hosting. B. Generate pre-signed URLs for content in the web application. C. Use AWS Identity and Access Management (IAM) policies to restrict access. D. Use logging to track your content.

B

You need to take a snapshot of an Amazon Elastic Block Store (Amazon EBS) volume. How long will the volume be unavailable? A. It depends on the provisioned size of the volume. B. The volume will be available immediately. C. It depends on the amount of data stored on the volume. D. It depends on whether the attached instance is an Amazon EBS-optimized instance.

B

Your company has 100TB of financial records that need to be stored for seven years by law. Experience has shown that any record more than one-year old is unlikely to be accessed. Which of the following storage plans meets these needs in the most cost efficient manner? A. Store the data on Amazon Elastic Block Store (Amazon EBS) volumes attached to t2.micro instances. B. Store the data on Amazon Simple Storage Service (Amazon S3) with lifecycle policies that change the storage class to Amazon Glacier after one year and delete the object after seven years. C. Store the data in Amazon DynamoDB and run daily script to delete data older than seven years. D. Store the data in Amazon Elastic MapReduce (Amazon EMR).

B

Your company provides a mobile voting application for a popular TV show, and 5 to 25 million viewers all vote in a 15-second timespan. What mechanism can you use to decouple the voting application from your back-end services that tally the votes? A. AWS CloudTrail B. Amazon Simple Queue Service (Amazon SQS) C. Amazon Redshift D. Amazon Simple Notification Service (Amazon SNS)

B

Your order-processing application processes orders extracted from a queue with two Reserved Instances processing 10 orders/minute. If an order fails during processing, then it is returned to the queue without penalty. Due to a weekend sale, the queues have several hundred orders backed up. While the backup is not catastrophic, you would like to drain it so that customers get their confirmation emails faster. What is a cost-effective way to drain the queue for orders? A. Create more queues. B. Deploy additional Spot Instances to assist in processing the orders. C. Deploy additional Reserved Instances to assist in processing the orders. D. Deploy additional On-Demand Instances to assist in processing the orders.

B

(Choose 2 answers) Amazon Simple Storage Service (Amazon S3) is an eventually consistent storage system. For what kinds of operations is it possible to get stale data as a result of eventual consistency? A. GET after PUT of a new object B. GET or LIST after a DELETE C. GET after overwrite PUT (PUT to an existing key) D. DELETE after PUT of new object

B,C

(Choose 2 answers) VM Import/Export can import existing virtual machines as: A. Amazon Elastic Block Store (Amazon EBS) volumes B. Amazon Elastic Compute Cloud (Amazon EC2) instances C. Amazon Machine Images (AMIs) D. Security groups

B,C

(Choose 2 answers) What are some reasons to enable cross-region replication on an Amazon Simple Storage Service (Amazon S3) bucket? A. You want a backup of your data in case of accidental deletion. B. You have a set of users or customers who can access the second bucket with lower latency. C. For compliance reasons, you need to store data in a location at least 300 miles away from the first region. D. Your data needs at least five nines of durability.

B,C

(Choose 2 answers) Which of the following are benefits of using Amazon EC2 roles? A. No policies are required. B. Credentials do not need to be stored on the Amazon EC2 instance. C. Key rotation is not necessary. D. Integration with Active Directory is automatic.

B,C

(Choose 2 answers) Which of the following are true of instance stores? A. Automatic backups B. Data is lost when the instance stops. C. Very high IOPS (input/output operations per second) D. Charge is based on the total amount of storage provisioned.

B,C

(Choose 2 answers) Which of the following methods will allow an application using an AWS SDK to be authenticated as a principal to access AWS Cloud services? A. Create an IAM user and store the user name and password for the user in the application's configuration. B. Create an IAM user and store both parts of the access key for the user in the application's configuration. C. Run the application on an Amazon EC2 instance with an assigned IAM role. D. Make all the API calls over an SSL connection.

B,C

(Choose 2 answers) You want to grant the individuals on your network team the ability to fully manipulate Amazon EC2 instances. Which of the following accomplish this goal? A. Create a new policy allowing EC2:* actions, and name the policy <strong>NetworkTeam</strong>. B. Assign the managed policy, EC2FullAccess, to a group named NetworkTeam, and assign all the team members' IAM user accounts to that group. C. Create a new policy that grants EC2:* actions on all resources, and assign that policy to each individual's IAM user account on the network team. D. Create a NetworkTeam IAM group, and have each team member log in to the AWS Management Console using the user name/password for the group.

B,C

(Choose 3 answers) Which features can be used to restrict access to Amazon Simple Storage Service (Amazon S3) data? A. Enable static website hosting on the bucket. B. Create a pre-signed URL for an object. C. Use an Amazon S3 Access Control List (ACL) on a bucket or object. D. Use a lifecycle policy. E. Use an Amazon S3 bucket policy.

B,C,E

(Choose 2 answers) When an Amazon Elastic Compute Cloud (Amazon EC2) instance registered with an Elastic Load Balancing load balancer using connection draining is deregistered or unhealthy, which of the following will happen? A. Immediately close all existing connections to that instance. B. Keep the connections open to that instance, and attempt to complete in-flight requests. C. Redirect the requests to a user-defined error page like "Oops this is embarrassing" or "Under Construction." D. Forcibly close all connections to that instance after a timeout period. E. Leave the connections open as long as the load balancer is running.

B,D

(Choose 2 answers) Which of the following actions can be authorized by IAM? A. Installing ASP.NET on a Windows Server B. Launching an Amazon Linux EC2 instance C. Querying an Oracle database D. Adding a message to an Amazon Simple Queue Service (Amazon SQS) queue

B,D

(Choose 2 answers) Which of the following are not appropriates use cases for Amazon Simple Storage Service (Amazon S3)? A. Storing web content B. Storing a file system mounted to an Amazon Elastic Compute Cloud (Amazon EC2) instance C. Storing backups for a relational database D. Primary storage for a database E. Storing logs for analytics

B,D

(Choose 2 answers) Which of the following can be used to address an Amazon Elastic Compute Cloud (Amazon EC2) instance over the web? A. Windows machine name B. Public DNS name C. Amazon EC2 instance ID D. Elastic IP address

B,D

(Choose 3 answers) Auto Scaling supports which of the following plans for Auto Scaling groups? A. Predictive B. Manual C. Preemptive D. Scheduled E. Dynamic F. End-user request driven

B,D,E

(Choose two) Which of the following will occur when an Amazon Elastic Block Store (Amazon EBS)-backed Amazon EC2 instance in an Amazon VPC with an associated (Elastic IP) EIP is stopped and started? A. The EIP will be dissociated from the instance. B. All data on instance-store devices will be lost. C. All data on Amazon EBS devices will be lost. D. The (Elastic Network Interfaces) ENI is detached. E. The underlying host for the instance is changed.

B,E

(Choose 3 answers) Elastic Load Balancing supports which of the following types of load balancers? A. Cross-region B. Internet-facing C. Interim D. Itinerant E. Internal F. Hypertext Transfer Protocol Secure (HTTPS) using Secure Sockets Layer (SSL)

B,E,F

(Choose 3 answers) Which of the following are characteristics of the Auto Scaling service on AWS? A. Sends traffic to healthy instances B. Responds to changing conditions by adding or terminating Amazon Elastic Compute Cloud (Amazon EC2) instances C. Collects and tracks metrics and sets alarms D. Delivers push notifications E. Launches instances from a specified Amazon Machine Image (AMI) F. Enforces a minimum number of running Amazon EC2 instances

B,E,F

A cell phone company is running dynamic-content television commercials for a contest. They want their website to handle traffic spikes that come after a commercial airs. The website is interactive, offering personalized content to each visitor based on location, purchase history, and the current commercial airing. Which architecture will configure Auto Scaling to scale out to respond to spikes of demand, while minimizing costs during quiet periods? A. Set the minimum size of the Auto Scaling group so that it can handle high traffic volumes without needing to scale out. B. Create an Auto Scaling group large enough to handle peak traffic loads, and then stop some instances. Configure Auto Scaling to scale out when traffic increases using the stopped instances, so new capacity will come online quickly. C. Configure Auto Scaling to scale out as traffic increases. Configure the launch configuration to start new instances from a preconfigured Amazon Machine Image (AMI). D. Use Amazon CloudFront and Amazon Simple Storage Service (Amazon S3) to cache changing content, with the Auto Scaling group set as the origin. Configure Auto Scaling to have sufficient instances necessary to initially populate CloudFront and Amazon ElastiCache, and then scale in after the cache is fully populated.

C

Based on the following Amazon Simple Storage Service (Amazon S3) URL, which one of the following statements is correct?https://bucket1.abc.com.s3.amazonaws.com/folderx/myfile.doc A. The object "myfile.doc" is stored in the folder "folderx" in the bucket "bucket1.abc.com." B. The object "myfile.doc" is stored in the bucket "bucket1.abc.com." C. The object "folderx/myfile.doc" is stored in the bucket "bucket1.abc.com." D. The object "myfile.doc" is stored in the bucket "bucket1."

C

To have a record of who accessed your Amazon Simple Storage Service (Amazon S3) data and from where, you should do what? A. Enable versioning on the bucket. B. Enable website hosting on the bucket. C. Enable server access logs on the bucket. D. Create an AWS Identity and Access Management (IAM) bucket policy. E. Enable Amazon CloudWatch logs.

C

What AWS Cloud service provides a logically isolated section of the AWS Cloud where organizations can launch AWS resources in a virtual network that they define? A. Amazon Simple Workflow Service (Amazon SWF) B. Amazon Route 53 C. Amazon Virtual Private Cloud (Amazon VPC) D. AWS CloudFormation

C

Which AWS Cloud service allows organizations to gain system-wide visibility into resource utilization, application performance, and operational health? A. AWS Identity and Access Management (IAM) B. Amazon Simple Notification Service (Amazon SNS) C. Amazon CloudWatch D. AWS CloudFormation

C

Which Amazon Elastic Compute Cloud (Amazon EC2) feature ensures that your instances will not share a physical host with instances from any other AWS customer? A. Amazon Virtual Private Cloud (VPC) B. Placement groups C. Dedicated Instances D. Reserved Instances

C

You are a solutions architect working for a large travel company that is migrating its existing server estate to AWS. You have recommended that they use a custom Amazon VPC, and they have agreed to proceed. They will need a public subnet for their web servers and a private subnet in which to place their databases. They also require that the web servers and database servers be highly available and that there be a minimum of two web servers and two database servers each. How many subnets should you have to maintain high availability? A. 2 B. 3 C. 4 D. 1

C

You create a new VPC in US-East-1 and provision three subnets inside this Amazon VPC. Which of the following statements is true? A. By default, these subnets will not be able to communicate with each other; you will need to create routes. B. All subnets are public by default. C. All subnets will be able to communicate with each other by default. D. Each subnet will have identical (Classless Inter-Domain Routing) CIDR blocks.

C

You have a workload that requires 1 TB of durable block storage at 1,500 (input/output operations per second) IOPS during normal use. Every night there is an Extract, Transform, Load (ETL) task that requires 3,000 IOPS for 15 minutes. What is the most appropriate volume type for this workload? A. Use a Provisioned IOPS SSD volume at 3,000 IOPS. B. Use an instance store. C. Use a general-purpose SSD volume. D. Use a magnetic volume.

C

You have created a custom Amazon VPC with both private and public subnets. You have created a NAT instance and deployed this instance to a public subnet. You have attached an EIP address and added your NAT to the route table. Unfortunately, instances in your private subnet still cannot access the Internet. What may be the cause of this? A. Your NAT is in a public subnet, but it needs to be in a private subnet. B. Your NAT should be behind an Elastic Load Balancer. C. You should disable source/destination checks on the NAT. D. Your NAT has been deployed on a Windows instance, but your other instances are Linux. You should redeploy the NAT onto a Linux instance.

C

Your company requires that all data sent to external storage be encrypted before being sent. Which Amazon Simple Storage Service (Amazon S3) encryption solution will meet this requirement? A. Server-Side Encryption (SSE) with AWS-managed keys (SSE-S3) B. SSE with customer-provided keys (SSE-C) C. Client-side encryption with customer-managed keys D. Server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS)

C

Your company stores documents in Amazon Simple Storage Service (Amazon S3), but it wants to minimize cost. Most documents are used actively for only about a month, then much less frequently. However, all data needs to be available within minutes when requested. How can you meet these requirements? A. Migrate the data to Amazon S3 Reduced Redundancy Storage (RRS) after 30 days. B. Migrate the data to Amazon Glacier after 30 days. C. Migrate the data to Amazon S3 Standard-Infrequent Access (IA) after 30 days. D. Turn on versioning, then migrate the older version to Amazon Glacier.

C

Your web application front end consists of multiple Amazon Compute Cloud (Amazon EC2) instances behind an Elastic Load Balancing load balancer. You have configured the load balancer to perform health checks on these Amazon EC2 instances. If an instance fails to pass health checks, which statement will be true? A. The instance is replaced automatically by the load balancer. B. The instance is terminated automatically by the load balancer. C. The load balancer stops sending traffic to the instance that failed its health check. D. The instance is quarantined by the load balancer for root cause analysis.

C

Your web application needs four instances to support steady traffic nearly all of the time. On the last day of each month, the traffic triples. What is a cost-effective way to handle this traffic pattern? A. Run 12 Reserved Instances all of the time. B. Run four On-Demand Instances constantly, then add eight more On-Demand Instances on the last day of each month. C. Run four Reserved Instances constantly, then add eight On-Demand Instances on the last day of each month. D. Run four On-Demand Instances constantly, then add eight Reserved Instances on the last day of each month.

C

(Choose 2 answers) Which of the following must be specified when launching a new Amazon Elastic Compute Cloud (Amazon EC2) Windows instance? A. The Amazon EC2 instance ID B. Password for the administrator account C. Amazon EC2 instance type D. Amazon Machine Image (AMI)

C,D

(Choose 3 answers) Which statements about Amazon Glacier are true? A. Amazon Glacier stores data in objects that live in archives. B. Amazon Glacier archives are identified by user-specified key names. C. Amazon Glacier archives take three to five hours to restore. D. Amazon Glacier vaults can be locked. E. Amazon Glacier can be used as a standalone service and as an Amazon S3 storage class.

C,D,E

(Choose 2 answers) Your application stores critical data in Amazon Simple Storage Service (Amazon S3), which must be protected against inadvertent or intentional deletion. How can this data be protected? A. Use cross-region replication to copy data to another bucket automatically. B. Set a vault lock. C. Enable versioning on the bucket. D. Use a lifecycle policy to migrate data to Amazon Glacier. E. Enable MFA Delete on the bucket.

C,E

How long does Amazon CloudWatch keep metric data? A. 1 day B. 2 days C. 1 week D. 2 weeks

D

How many VPC Peering connections are required for four VPCs located within the same AWS region to be able to send traffic to each of the others. A. 3 B. 4 C. 5 D. 6

D

In the basic monitoring package for Amazon Elastic Compute Cloud (Amazon EC2), what Amazon CloudWatch metrics are available? A. Web server visible metrics such as number of failed transaction requests B. Operating system visible metrics such as memory utilization C. Database visible metrics such as number of connections D. Hypervisor visible metrics such as CPU utilization

D

Which of the following Amazon VPC resources would you use in order for EC2-VPC instances to send traffic directly to Amazon S3? A. Amazon S3 gateway B. Internet Gateway IGW C. Customer Gateway CGW D. VPC endpoint

D

Which of the following can be accomplished through bootstrapping? A. Install the most current security updates. B. Install the current version of the application. C. Configure Operating System (OS) services. D. All of the above.

D

Which of the following is the Amazon side of an Amazon VPN connection? A. An (Elastic IP) EIP B. A (Customer Gateway) CGW C. An (Internet Gateway) IGW D. A (Virtual Private Gateway) VPG

D

Why is the launch configuration referenced by the Auto Scaling group instead of being part of the Auto Scaling group? A. It allows you to change the Amazon Elastic Compute Cloud (Amazon EC2) instance type and Amazon Machine Image (AMI) without disrupting the Auto Scaling group. B. It facilitates rolling out a patch to an existing set of instances managed by an Auto Scaling group. C. It allows you to change security groups associated with the instances launched without having to make changes to the Auto Scaling group. D. All of the above E. None of the above

D

You create a new subnet and then add a route to your route table that routes traffic out from that subnet to the Internet using an (Internet Gateway) IGW. What type of subnet have you created? A. An internal subnet B. A private subnet C. An external subnet D. A public subnet

D

You create an Auto Scaling group in a new region that is configured with a minimum size value of 10, a maximum size value of 100, and a desired capacity value of 50. However, you notice that 30 of the Amazon Elastic Compute Cloud (Amazon EC2) instances within the Auto Scaling group fail to launch. Which of the following is the cause of this behavior? A. You cannot define an Auto Scaling group larger than 20. B. The Auto Scaling group maximum value cannot be more than 20. C. You did not attach an Elastic Load Balancing load balancer to the Auto Scaling group. D. You have not raised your default Amazon EC2 capacity (20) for the new region.

D

(Choose 2 answers) In what ways does Amazon Simple Storage Service (Amazon S3) object storage differ from block and file storage? A. Amazon S3 stores data in fixed size blocks. B. Objects are identified by a numbered address. C. Objects can be any size. D. Objects contain both data and metadata. E. Objects are stored in buckets.

D,E


Related study sets

CompTIA Linux+ (XKO-004) Post-Assessment Quiz

View Set

Сетевые протоколы

View Set

CHAPTER 15: MCQs (RETAILING AND WHOLESALING STRATEGIES)

View Set

Project Management Exam 1 (chap 1)

View Set

Chapter 29- Medication administration

View Set

Chapter 11 Planning the Pesticide Application

View Set

IBIO 341: Sex effects in transmission genetics and pedigree analysis

View Set