AWS Dumps

 

1. You are trying to launch an EC2 instance, however the instance seems to go into a terminated status immediately. What would probably not be a reason that this is happening?
A. The AMI is missing the required part
B. The snapshot is corrupt
C. You need to create a storage in EBS first
D. You have reached your volume limit.

Answer: C


2. In the context of AWS support, why must an EC2 instance be unreachable for 20 minutes rather than allowing customers to open tickets immediately.
A. Because most reachability issues are resolved by automated processes in less than 20 mins
B. Because all EC2 instances are unreachable for 20 min. every day when AWS does route maintenance
C. Because all EC2 instances are unreachable for 20 mins when first launched
D. Because of all the reasons listed here

Answer: A

Explanation: An EC2 instance must be unreachable for 20 mins before opening a ticket, because most reachability issues are resolved by automated processes in less than 20 mins and will not require any action on the part of the customer. If the instance is still unreachable after this time frame has passed, then you should open a case with support.


3. EBS provides the ability to create backups of any EC2 volume into what is known as
A. Snapshots
B. Images
C. Instance backups
D. Mirrors

Answer: A

Explanation: Amazon allows to make backups of the data stored in EBS volumes through snapshots that can later be used to create a new EBS volume.


4. A user is storing large number of objects on S3. The user wants to implement search functionality among the objects. How the user can achieve this?
A. Use the indexing feature of S3
B. Tag the objects with the metadata to search on that
C. Use the query functionality of S3
D. Make your own DB system which stores the S3 metadata for the search functionality.

Answer: D

Explanation: In AWS, S3 doesn’t provide any query facility. To retrieve a specific object, the user needs to know the exact bucket/ object key. In this case it is recommended to have an own DB system which manages the S3 metadata and key mapping.


5. After setting up a VPC network, a more experienced cloud engineer suggests that to achieve a low n/w latency and high n/w throughput you should look into setting up a placement group. You know nothing about this, but to begin to do some research about it and are especially curious about its limitations. Which of the below statements is wrong in describing the limitations of a placement group.
A. Although launching multiple instance types into a placement group is possible, this reduces the likelihood that the required capacity will be available for your launch to succeed.
B. A placement group can span multiple AZs
C. You cant move an existing instance into a placement group
D. A placement group can span peered VPCs

Answer: B

A placement group is a logical grouping of instances within a single AZ. Using placement groups enables applications to participate in a low-latency, 10Gbps n/w. Placement groups are recommended for applications that benefit from low n/w latency, high n/w throughput, or both. To provide the lowest latency, and the highest packet-per-second n/w performance for your placement group, choose an instance type that supports enhanced networking. Placement groups have the following limitations: The name you specify for a placement group a name must be unique within your AWS account. A placement group cant span multiple AZs. Although launching multiple instance types into a placement group is possible, this reduces the likelihood that the required capacity will be available for your launch to succeed. We recommend using the instance type for all instances in a placement group. You cant merge placement groups. Instead, you must terminate the instances in one placement group, and then relaunch those instances into the other placement groups. A placement group can span peered VPCs, however, you will not get full bisection bandwidth between instances in peered VPCs. You cant move an existing instance into a placement group. You can create an AMI from an existing instance, and then launch a new instance from the AMI into a placement group.


6. What is a placement group in Amazon EC2?
A. It is a group of EC2 instances within a single AZ
B. It is edge location of web content
C. It is the AWS region where you run the EC2 instance of web content
D. It is a group used to span multiple AZ

Answer: A

Explanation: A placement group is a logical grouping of instances within single AZ.


7. You are migrating an internal server of your DC to an EC2 instance with EBS volume. Your server disk usage is around 500 GB so you just copied all your data to a 2 TB disk to be used with AWS import/ export. Where will the data be imported once it arrives at Amazon.
A. To a 2 TB EBS volume
B. To a S3 bucket with two objects of 1 TB
C. To 500 GB EBS volume
D. To S3 bucket as a 2 TB snapshot

Answer: B

Explanation: An import to EBS will have different results depending on whether the capacity of your storage device is <= 1 TB or > TB. The max size of EBS snapshot is 1 TB, so if the device image is larger than 1 TB, the image is chunked and stored on S3. The target location is determined based on the total capacity of the device, not the amount of data on the device.


8. A client needs you to import some existing infrastructure from a dedicated hosting provider to AWS to try and save on the cost of running his current website. He also needs an automated process that manages backups, s/w patching, automatic failure detection, and recovery. You are aware that his existing set up currently uses an Oracle DB. Which of the following AWS DBs could be best for accomplishing this task?
A. Amazon RDS
B. Amazon Redshift
C. Amazon Simple DB
D. Amazon Elasti Cache

Answer: A

Explanation: Amazon RDS gives you access to the capabilities of a familiar MySQL, Oracle, SQL Server or Postgresql DB engine. This means that the code, applications, and tools that you are already use today with your existing DBs can be used with Amazon RDS. Amazon RDS automatically patches the DB s/w and backs up DB, storing the back ups for a user defined retention period and enabling point in time recovery.


9. True or False: A VPC contains multiple subnets, where each subnet can span multiple AZs
A. True, only if requested during the setup of VPCs
B. True
C. False
D. True, only for US region.

Answer: C

Explanation: A VPC can span several AZs. In contrast a subnet must reside in a single AZ.


10. A edge location refers to which Amazon web service.
A. An edge location is referred to the n/w configured within a zone or region
B. An edge location is referred to AWS region
C. An edge location is the location of the data center used for Amazon cloud front
D. An edge location is a zone within the AWS region

Answer: C

Explanation: Amazon cloud front is a content distributed n/w. A content delivery n/w or content distribution n/w (CDN) is a large distributed system of servers deployed in multiple data centers across the world. The location of the data center used for CDN is called edge location. Amazon cloud front can cache static content at each edge location. This means that your popular static content (ex: your sites logo, navigational images, CSS, JS code, etc) will be available at a nearby edge location for the browsers to download with low latency and improved performance for viewers. Caching popular static content with Cloud Front also helps you off load request for such files from your origin server. Cloud Front serves the cached copy when available and only makes a browsers request does not have a copy of the file.


10. You are looking at ways to improve some existing infrastructure as it seems a lot engineering resources are being taken up with basic management and monitoring tasks and the cost seems to be excessive. You are thinking of deploying Amazon Elasti Cache to help. Which of the following statements is true in regards to Elasti Cache.
A. You can improve load and response time to user actions and queries. However the cost associated with scaling web application will be more.
B. You cant improve load and response times to user actions and queries but you can reduce the cost associated with scaling web applications
C. You can improve load and response times to user action and queries, however the cost associated with scaling web application will remain the same.
D. You can improve load and response times to user actions and queries and also you can reduce the cost associated with scaling web applications

Answer: D

Explanation: Elasti Cache is a web service that makes it easy to deploy and run MemCached or Redis protocol complaint server nodes in the cloud. Elasti Cache improve the performance of web applications by allowing to you to retrieve information from a fast, managed, in-memory caching system, instead of relying entirely on slower disk based DBs. The service simplifies and offloads the management, monitoring and operation of in-memory cache environments, enabling your engineering resources to focus on developing applications. Using Amazon Elasti Cache you can not only improve load and response times to user action and queries, but also reduce the cost associated with scaling web applications.


11. Your supervisor has asked to build a simple file synchronization service for your dept. He doesnt want to spend too much money and he wants to be notified of any changes to files by email. What do you think would be best amazon service to use for the email solution.
A. Amazon SES (Simple Email Service)
B. Amazon Cloud Search
C. Amazon SWF (Simple Workflow Service)
D. Amazon Appstream

Answer: A

Explanation: File change notifications can be sent via email to users following the resource with Amazon SES, an easy to use, cost effective email solution.


12. Your manager has just given access to multiple VPN connections that someone else has recently set up between all your company’s offices. She needs you to make sure that the communication between VPN is secured. Which of the following services would be the best for providing a low-cost hub-and-scope model for primary and backup connectivity between these remote offices.
A. Amazon Cloud Front
B. AWS Direct Connect
C. AWS Cloud HSM
D. AWS VPN CloudHub

Answer: D

Explanation: If you have multiple VPN connections, you can provide secure communication between sites using the AWS VPN CloudHub. The VPN Cloud Hub operates on a simple hub-and-spoke mode that you can use with or w/o a VPC. This design is suitable for customers with multiple branch offices and existing internet connections who would like to implement a convenient, potentially low-cost hub-and-spoke model for primary or back up connectivity between these remote offices.


Pending first four

1. EC2 Compute – 42
2. Virtual Private Cloud – 46
3. Storage Services – 27
4. Security Architecture – 36
5. Database Services – 34
6. Fault Tolerant Systems – 19
7. Deployment and Orchestration – 33
8. Monitoring Services – 17
Total == 254

EC2 Compute
Question 1:
What three attributes are selectable when creating an EBS volume for an EC2
instance?
A. volume type
B. IOPS
C. region
D. CMK
E. ELB
F. EIP
Answer (A,B,D)

Question 2: You have been asked to migrate a 10 GB unencrypted EBS volume
to an encrypted volume for security purposes. What are three key steps required
as part of the migration?
A. pause the unencrypted instance
B. create a new encrypted volume of the same size and availability zone
C. create a new encrypted volume of the same size in any availability zone
D. start converter instance
E. shutdown and detach the unencrypted instance
Answer (B,D,E)

Question 3: What is EC2 instance protection?
A. prevents Auto Scaling from selecting specific EC2 instance to be
replaced when scaling in
B. prevents Auto Scaling from selecting specific EC2 instance to be
replaced when scaling out
C. prevents Auto Scaling from selecting specific EC2 instance for
termination when scaling out
D. prevents Auto Scaling from selecting specific EC2 instance for
termination when scaling in
E. prevents Auto Scaling from selecting specific EC2 instance for
termination when paused
F. prevents Auto Scaling from selecting specific EC2 instance for
termination when stopped
Answer (D)

Question 4:
What two features are supported with EBS volume Snapshot feature?
A. EBS replication across regions
B. EBS multi-zone replication
C. EBS single region only
D. full snapshot data only
E. unencrypted snapshot only
Answer (A,B)
Question 5:
What two resource tags are supported for an EC2 instance?
A. VPC endpoint
B. EIP
C. network interface
D. security group
E. Flow Log
Answer (A,E)
Question 6:
What two options are available to alert tenants when an EC2 instance is
terminated?
A. SNS
B. CloudTrail
C. Lambda function
D. SQS
E. STS
Answer (A,C)
Question 7:
What class of EC2 instance type is recommended for running data analytics?
A. memory optimized
B. compute optimized
C. storage optimized
D. general purpose optimized
Answer (B)
Question 8:
What class of EC2 instance type is recommended for database servers?
A. memory optimized
B. compute optimized
C. storage optimized
D. general purpose optimized
Answer (A)
Question 9:
What two attributes distinguish each pricing model?
A. reliability
B. amazon service
C. discount
D. performance
E. redundancy
Answer (A,C)
Question 10:
What are three standard AWS pricing models?
A. elastic
B. spot
C. reserved
D. dynamic
E. demand
Answer (B,C,E)
Question 11:
How is an EBS root volume created when launching an EC2 instance from a
new EBS-backed AMI?
A. S3 template
B. original AMI
C. snapshot
D. instance store
Answer (C)
Question 12:
What Amazon AWS sources are available for creating an EBS-Backed Linux
AMI? (select two)
A. EC2 instance
B. Amazon SMS
C. VM Import/Export
D. EBS Snapshot
E. S3 bucket
Answer (A,D)
Question 13:
What is required to prevent an instance from being launched and incurring costs?
A. stop instance
B. terminate instance
C. terminate AMI and de-register instance
D. stop and de-register instance
E. stop, deregister AMI and terminate instance
Answer (E)
Question 14:
What is an EBS Snapshot?
A. backup of an EBS root volume and instance data
B. backup of an EC2 instance
C. backup of configuration settings
D. backup of instance store
Answer (A)
Question 15:
Where are ELB and Auto-Scaling groups deployed as a unified solution for
horizontal scaling?
A. database instances
B. all instances
C. web server instances
D. default VPC only
Answer (C)
Question 16: What feature is supported when attaching or detaching an EBS
volume from an EC2 instance?
A. EBS volume can be attached and detached to an EC2 instance in the
same region
B. EBS volume can be attached and detached to an EC2 instance that is
cross-region
C. EBS volume can only be copied and attached to an EC2 instance that is
cross-region
D. EBS volume can only be attached and detached to an EC2 instance in the
same Availability Zone
Answer (D)
Question 17:
What two statements correctly describe how to add or modify IAM roles to a
running EC2 instance?
A. attach an IAM role to an existing EC2 instance from the EC2 console
B. replace an IAM role attached to an existing EC2 instance from the EC2
console
C. attach an IAM role to the user account and relaunch the EC2 instance
D. add the EC2 instance to a group where the role is a member
Answer (A,B)
Question 18: What is the default behavior for an EC2 instance when
terminated? (Select two)
A. DeleteOnTermination attribute cannot be modified
B. EBS root device volume and additional attached volumes are deleted
immediately
C. EBS data volumes that you attach at launch persist
D. EBS root device volume is automatically deleted when instance
terminates
Answer (C,D)
Question 19:
How do you launch an EC2 instance after it is terminated? (Select two)
A. launch a new instance using the same AMI
B. reboot instance from CLI
C. launch a new instance from a Snapshot
D. reboot instance from management console
E. contact AWS support to reset
Answer (A,C)
Question 20:
What service can automate EBS snapshots (backups) for restoring EBS
volumes?
A. CloudWatch event
B. SNS topic
C. CloudTrail
D. Amazon Inspector
E. CloudWatch alarm
Answer (A)
Question 21:
What will cause AWS to terminate an EC2 instance on launch? (Select two)
A. security group error
B. number of EC2 instances on AWS account exceeded
C. EBS volume limits exceeded
D. multiple IP addresses assigned to instance
E. unsupported instance type assigned
Answer (B,C)
Question 22: You recently made some configuration changes to an EC2
instance. You then launched a new EC2 instance from the same AMI however
none of the settings were saved. What is the cause of this error?
A. did not save configuration changes to EC2 instance
B. did not save configuration changes to AMI
C. did not create new AMI
D. did not reboot EC2 instance to enable changes
Answer (C)
Question 23: What statements are correct concerning DisableApiTermination
attribute? (Select two)
A. cannot enable termination protection for Spot instances
B. termination protection is disabled by default for an EC2 instance
C. termination protection is enabled by default for an EC2 instance
D. can enable termination protection for Spot instances
E. DisableApiTermination attribute supported for EBS-backed instances
only
Answer (A,B)
Question 24:
What is required to copy an encrypted EBS snapshot cross-account? (Select two)
A. copy the unencrypted EBS snapshot to an S3 bucket
B. distribute the custom key from CloudFront
C. share the custom key for the snapshot with the target account
D. share the encrypted EBS snapshot with the target account
E. share the encrypted EBS snapshots publicly
F. enable root access security on both accounts
Answer (C,D)
Question 25:
What three services enable Single-AZ as a default?
A. EC2
B. ELB
C. Auto-Scaling
D. DynamoDB
E. S3
Answer (A,B,C)
Question 26:
What AWS service automatically publishes access logs every five minutes?
A. VPC Flow Logs
B. Elastic Load Balancer
C. CloudTrail
D. DNS Route 53
Answer (B)
Question 27:
You have developed a web-based application for file sharing that will allow
customers to access files. There are a variety of sizes that include larger .pdf and
video files. What two solution stacks could tenants use for an online file sharing
service? (Select two)
A. EC2, ELB, Auto-Scaling, S3
B. Route 53, Auto-Scaling, DynamoDB
C. EC2, Auto-Scaling, RDS
D. CloudFront
Answer (A,D)
Question 28:
What infrastructure services are provided to EC2 instances? (Select three)
A. VPN
B. storage
C. compute
D. transport
E. security
F. support
Answer (B,C,D)
Question 29:
What steps are required from AWS console to copy an EBS-backed AMI for a
database instance cross-region?
A. create Snapshot of data volume, select Copy, select destination region
B. select Copy EBS-backed AMI option and destination region
C. select copy database volume and destination region
D. create Snapshot of EBS-backed AMI, select Copy Snapshot option,
select destination region
E. create Snapshot of Instance-store AMI, select Copy AMI option, select
destination region
Answer (D)
Question 30:
How is capacity (compute, storage and network speed) managed and assigned to
EC2 instances?
A. AMI
B. instance type
C. IOPS
D. Auto-Scaling
Answer (B)
Question 31:
What storage type enable permanent attachment of volumes to EC2 instances?
A. S3
B. RDS
C. TDS
D. EBS
E. instance store
Answer (D)
Question 32: What is the recommended method for migrating (copying) an EC2
instance to a different region?
A. terminate instance, select region, copy instance to destination region
B. select AMI associated with EC2 instance and use Copy AMI option
C. stop instance and copy AMI to destination region
D. cross-region copy is not currently supported
Answer (B)
Question 33:
What are two attributes that define an EC2 instance type?
A. vCPU
B. license type
C. EBS volume storage
D. IP address
E. Auto-Scaling
Answer (A,C)
Question 34:
How is an Amazon Elastic Load Balancer (ELB) assigned?
A. per EC2 instance
B. per Auto-Scaling group
C. per subnet
D. per VPC
Answer (A)
Question 35:
What method detects when to replace an EC2 instance that is assigned to an
Auto-Scaling group?
A. health check
B. load balancing algorithm
C. EC2 health check
D. not currently supported
E. dynamic path detection
F. Auto-Scaling
Answer (A)
Question 36:
What two statements correctly describe Auto-Scaling groups?
A. horizontal scaling of capacity
B. decrease number of instances only
C. EC2 instances are assigned to a group
D. database instances only
E. no support for multiple availability zones
Answer (A,C)
Question 37:
What is the default maximum number of Elastic IP addresses assignable per
Amazon AWS region?
A. 1
B. 100
C. 5
D. unlimited
Answer (C)
Question 38:
How are snapshots for an EBS volume created when it is the root device for an
instance?
A. pause instance, unmount volume and snapshot
B. terminate instance and snapshot
C. unencrypt volume and snapshot dynamically
D. stop instance, unmount volume and snapshot
Answer (D)
Question 39:
What cloud compute components are configured by tenants and not Amazon
AWS support engineers? (Select three)
A. hypervisor
B. upstream physical switch
C. virtual appliances
D. guest operating system
E. applications and databases
F. RDS
Answer (C,D,E)
Question 40:
What three attributes are used to define a launch configuration template for an
Auto-Scaling group?
A. instance type
B. private IP address
C. Elastic IP
D. security group
E. AMI
Answer (A,D,E)
Question 41:
What three characteristics or limitations differentiate EC2 instance types?
A. VPC only
B. application type
C. EBS volume only
D. virtualization type
E. AWS service selected
Answer (A,C,D)
Question 42:
Select two difference between HVM and PV virtualization types?
A. HVM supports all current generation instance types
B. HVM is similar to bare metal hypervisor architecture
C. PV provides better performance than HVM for most instance types
D. HVM doesn’t support enhanced networking
E. HVM doesn’t support current generation instance types
Answer (A,B)
Virtual Private Cloud (VPC) Question 1: What are the minimum
components required to enable a web-based application with public web servers
and a private database tier? (select three)
A. Internet gateway
B. Assign EIP addressing to database instances on private subnet
C. Virtual private gateway
D. Assign database instances to private subnet and private IP addressing
E. Assign EIP and private IP addressing to web servers on public subnet
Answer (A,D,E)
Question 2:
Refer to the network drawing. How are packets routed from private subnet
to public subnet for the following web-based application with a database tier?
A. Internet gateway
B. custom route table
C. 10.0.0.0/16
D. nat-instance-id
E. igw-id
F. add custom route table
Answer (D)
Question 3:
What VPC component provides Network Address Translation?
A. NAT instance
B. NAT gateway
C. virtual private gateway
D. Internet gateway
E. ECS
Answer (D)
Question 4:
What are the advantages of NAT gateway over NAT instance? (Select two)
A. NAT gateway requires a single EC2 instance
B. NAT gateway is scalable
C. NAT gateway translates faster
D. NAT gateways is a managed service
E. NAT gateway is Linux-based
Answer (B,D)
Question 5:
What is the management responsibility of tenants and not Amazon AWS?
A. EC2 instances
B. RDS
C. Beanstalk
D. NAT instance
Answer (A,D)
Question 6:
What two features provide an encrypted (VPN) connection from VPC to an
enterprise data center?
A. Internet gateway
B. Amazon RDS
C. Virtual private gateway
D. CSR 1000V router
E. NAT gateway
Answer (C,D)
Question 7:
What two attributes are supported when configuring an Amazon Virtual private
gateway (VPG)?
A. route propagation
B. Elastic IP (EIP)
C. DHCP
D. public IPv4 address
E. public subnets
Answer (A,C)
Question 8:
What two features are available with AWS Direct Connect service?
A. internet access
B. extend on-premises VLANs to cloud
C. bidirectional forwarding detection (BFD)
D. load balancing between Direct Connect and VPN connection
E. public and private AWS services
Answer (C,E)
Question 9:
When is Direct Connect a preferred solution over VPN IPsec?
A. fast and reliable connection
B. redundancy is a key requirement
C. fast and easy to deploy
D. layer 3 connectivity
E. layer 2 connectivity
Answer (A)
Question 10:
You have been asked to setup a VPC endpoint connection between VPC and S3
buckets for storing backups and snapshots. What AWS components are currently
required when configuring a VPC endpoint?
A. Internet gateway
B. NAT instance
C. Elastic IP
D. private IP address
Answer (D)
Question 11:
What are the primary advantages of VPC endpoints? (Select two)
A. reliability
B. cost
C. throughput
D. security
Answer (B,D)
Question 12:
What are the DHCP option attributes used to assign private DNS servers to your
VPC?
A. dns resolution and domain name
B. hostnames and internet domain
C. domain servers and domain name
D. domain-name-servers and domain-name
Answer (D)
Question 13:
What DNS attributes are configured when Default VPC option is selected?
A. DNS resolution: yes / DNS hostnames: yes
B. DNS resolution: yes / DNS hostnames: no
C. DNS resolution: no / DNS hostnames: yes
D. DNS resolution: no / DNS hostnames: no
Answer (A)
Question 14:
What configuration settings are required from the remote VPC in order to create
cross-account peering? (Select three)
A. VPC ID
B. account username
C. account ID
D. CMK keys
E. VPC CIDR block
F. volume type
Answer (A,C,E)
Question 15:
What CIDR block range is supported for IPv4 addressing and subnetting within
a single VPC?
A. /16 to /32
B. /16 to /24
C. /16 to /28
D. /16 to /20
Answer (C)
Question 16: What problem is caused by the fact that VPC peering does not
permit transitive routing?
A. additional VPC route tables to manage
B. virtual private gateway is required
C. Internet gateway is required for each VPC
D. routing between connected spokes through hub VPC is complex
E. increased number of peer links required
Answer (E)
Question 17:
What two statements correctly describes Elastic Load Balancer operation?
A. spans multiple regions
B. assigned per EC2 instance
C. assigned per subnet
D. assigned per Auto-Scaling group
E. no cross-region support
Answer (D,E)
Question 18:
What are two advantages of Elastic IP (EIP) over AWS public IPv4 addresses?
A. EIP can be reassigned
B. EIP is private
C. EIP is dynamic
D. EIP is persistent
E. EIP is public and private
Answer (A,D)
Question 19:
What AWS services are globally managed? (Select four)
A. IAM
B. S3
C. CloudFront
D. Route 53
E. DynamoDB
F. WAF
G. ELB
Answer (A,C,D,F)
Question 20:
What methods are available for creating a VPC? (Select three)
A. AWS management console
B. AWS marketplace
C. VPC wizard
D. VPC console
E. Direct Connect
Answer (A,C,D)
Question 21: What two default settings are configured for tenants by AWS
when Default VPC option is selected?
A. creates a size /20 default subnet in each Availability Zone
B. creates an Internet gateway
C. creates a main route table with local route 10.0.0.0/16
D. create a virtual private gateway
E. create a security group that explicitly denies all traffic
Answer (A,B)
Question 22:
What three statements correctly describes IP address allocation within a VPC?
A. EC2 instance must be terminated to reassign an IP address
B. EC2 instance that is paused can reassign IP address
C. EC2 instance that is stopped can reassign IP address
D. private IP addresses are allocated from a pool and can be reassigned
E. private IP addresses can be assigned by tenant
F. VPC supports dual stack mode (IPv4/IPv6)
Answer (A,E,F)
Question 23:
What are two advantages of selecting default tenancy option for your VPC when
creating it?
A. performance and reliability
B. some AWS services do not work with a dedicated tenancy VPC
C. tenant can launch instances within VPC as default or dedicated instances
D. instance launch is faster
Answer (B,C)
Question 24: What is the purpose of a local route within a VPC route table?
A. local route is derived from the default VPC CIDR block 10.0.0.0/16
B. communicate between instances within the same subnet or different
subnets
C. used to communicate between instances within the same subnet
D. default route for communicating between private and public subnets
E. only installed in the main route table
Answer (C)
Question 25:
What is the default behavior when adding a new subnet to your VPC? (Select
two)
A. new subnet is associated with the main route table
B. new subnet is associated with the custom route table
C. new subnet is associated with any selected route table
D. new subnet is assigned to the default subnet
E. new subnet is assigned from the VPC CIDR block
Answer (A,E)
Question 26: You have enabled Amazon RDS database services in VPC1 for an
application that has public web servers in VPC2. How do you connect the web
servers to the RDS database instance so they can communicate considering the
VPC’s are in the same region?
A. VPC endpoints
B. VPN gateway
C. path-based routing
D. VPC peering
E. AWS Network Load Balancer
Answer (D)
Question 27:
What AWS services now support VPC endpoints feature for optimizing security?
(Select three)
A. Kinesis
B. DNS Route 53
C. S3
D. DynamoDB
E. RDS
Answer (A,C,D)
Question 28:
What are three characteristics of an Amazon Virtual Private Cloud?
A. public and private IP addressing
B. broadcasts
C. multiple private IP addresses per network interface
D. dedicated single tenant hardware only
E. persistent public IP addresses
F. HSRP
Answer (A,C,E)
Question 29: What is the difference between VPC main route table and custom
route table?
A. VPC only creates a main route table when started
B. custom route table is the default
C. custom route table is created for public subnets
D. custom route table is created for private subnets
E. main route table is created for public and private subnets
Answer (C)
Question 30:
What is the purpose of the native VPC router?
A. route packets across the internet
B. route packets between private cloud instances
C. route packets between subnets
D. route packets from instances to S3 storage volumes
E. route packets across VPN
Answer (C)
Question 31:
How are private DNS servers assigned to an Amazon VPC?
A. not supported
B. select nondefault VPC
C. select default VPC
D. select EC-2 classic
Answer (B)
Question 32:
What are two characteristics of an Amazon security group?
A. instance level packet filtering
B. deny rules only
C. permit rules only
D. subnet level packet filtering
E. inbound only
Answer (A,C)
Question 33:
What statement is true of Network Access Control Lists (ACL) operation within
an Amazon VPC?
A. instance and subnet level packet filtering
B. subnet level packet filtering
C. inbound only
D. only one ACL allowed per VPC
E. outbound only
Answer (B)
Question 34:
How are packets forwarded between public and private subnets within VPC?
A. EIP
B. NAT
C. main route table
D. VPN
Answer (B)
Question 35:
What two statements accurately describe Amazon VPC architecture?
A. Elastic Load Balancer (ELB) cannot span multiple availability zones
B. VPC does not support DMVPN connection
C. VPC subnet cannot span multiple availability zones
D. VPC cannot span multiple regions
E. Flow logs are not supported within a VPC
Answer (C,D)
Question 36:
What is a requirement for attaching EC2 instances to on-premises clients and
applications?
A. Amazon Virtual Private Gateway (VPN)
B. Amazon Internet Gateway
C. VPN Connection
D. Elastic Load Balancer (ELB)
E. NAT
Answer (B)
Question 37:
What two statements correctly describe Amazon virtual private gateway?
A. assign to private subnets only
B. assign to public subnets only
C. single virtual private gateway per VPC
D. multiple virtual private gateways per VPC
E. single virtual private gateway per region
Answer (A,C)
Question 38:
What is the maximum access port speed available with Amazon Direct Connect
service?
A. 1 Gbps
B. 10 Gbps
C. 500 Mbps
D. 100 Gbps
E. 100 Mbps
Answer (B)
Question 39:
Refer to the drawing. Your company has asked you to configure a peering link
between two VPCs that are currently not connected or exchanging any packets.
What destination and target is configured in the routing table of VPC1 to enable
packet forwarding to VPC2?
A. destination = 172.16.0.0/16
target = pcx-vpc2vpc1
B. destination = 10.0.0.0/16
target = pcx-vpc2
C. destination = 172.16.0.0/16
target = 10.0.0.0/16
D. destination = 172.16.0.0/16
target = pcx-vpc1vpc2
E. default route only
Answer (D)
Question 40:
How is routing enabled by default within a VPC for an EC2 instance?
A. add a default route
B. main route table
C. custom route table
D. must be configured explicitly
Answer (B)
Question 41:
What three features are not supported with VPC peering?
A. overlapping CIDR blocks
B. IPv6 addressing
C. Gateways
D. transitive routing
E. RedShift
F. ElastiCache
Answer (A,C,D)
Question 42:
What route is used in a VPC routing table for packet forwarding to a Gateway?
A. static route
B. 10.0.0.0/16
C. tenant configured
D. 0.0.0.0/0
E. 0.0.0.0/16
Answer (D)
Question 43: You are asked to deploy a web application comprised of multiple
public web servers with only private addressing assigned. What Amazon AWS
solutions enables multiple servers on a private subnet with only a single EIP
required and Availability Zone redundancy?
A. NAT instance
B. Internet gateway
C. virtual private gateway
D. NAT gateway
E. Elastic Network Interface (ENI)
Answer (D)
Question 44:
What is the IP addressing schema assigned to a default VPC?
A. 172.31.0.0/16 CIDR block subnetted with 172.31.0.0/20
B. 172.16.0.0/16 CIDR block subnetted with 172.16.0.0/24
C. 10.0.0.0/16 CIDR block subnetted with 10.0.0.0/24
D. 172.16.0.0/24 CIDR block subnetted with 172.31.0.0/18
Answer (A)
Question 45:
What default configuration and components are added by AWS when Default
VPC type is selected? (Select three)
A. Internet gateway
B. virtual private gateway
C. NAT instance
D. security group
E. DNS
Answer (A,D,E)
Question 46:
What feature requires tenants to disable source/destination check?
A. Elastic IP (EIP)
B. data replication
C. VPC peering
D. NAT
E. Internet gateway
Answer (D)
Storage Services
Question 1:
What AWS storage solution allows thousands of EC2 instances to
simultaneously upload, access, delete and share files?
A. EBS
B. S3
C. Glacier
D. EFS
Answer (D)
Question 2:
What is required for an EFS mount target? (Select two)
A. EIP
B. DNS name
C. IP address
D. DHCP
E. IAM role
Answer (B,C)
Question 3:
What connectivity features are recommended for copying on-premises files to
EFS? (Select two)
A. VPN IPsec
B. Internet Gateway
C. Direct Connect
D. File Sync
E. FTP
F. AWS Storage Gateway
Answer (C,D)
Question 4:
What AWS services encrypts data at rest by default? (Select two)
A. S3
B. AWS Storage Gateway
C. EBS
D. Glacier
E. RDS
Answer (B,D)
Question 5:
What fault tolerant features does S3 storage provide? (Select three)
A. cross-region replication
B. versioning must be disabled
C. cross-region asynchronous replication of objects
D. synchronous replication of objects within a region
E. multiple destination buckets
Answer (A,C,D)
Question 6:
What is the fastest technique for deleting 900 objects in an S3 bucket with a
single HTTP request?
A. Multi-Part Delete API
B. Multi-Object Delete API
C. 100 objects is maximum per request
D. Fast-Delete API
Answer (B)
Question 7:
What security controls technique is recommended for S3 cross-account access?
A. IAM group
B. security groups
C. S3 ACL
D. bucket policies
Answer (D)
Question 8:
What are two advantages of cross-region replication of an S3 bucket?
A. cost
B. security compliance
C. scalability
D. Beanstalk support
E. minimize latency
Answer (B,E)
Question 9:
What are two primary difference between Amazon S3 Standard and S3/RRS
storage classes?
A. Amazon Standard does not replicate at all
B. RRS provides higher durability
C. RRS provides higher availability
D. RRS does not replicate objects as many times
E. application usage is different
Answer (D,E)
Question 10:
What two features are enabled with S3 services?
A. store objects of any size
B. dynamic web content
C. supports Provisioned IOPS
D. store virtually unlimited amounts of data
E. bucket names are globally unique
Answer (D,E)
Question 11:
What new feature was recently added to SQS that defines how messages are
ordered?
A. streams
B. SNS
C. FIFO
D. TLS
E. decoupling
Answer (C)
Question 12:
What two AWS storage types are persistent?
A. ephemeral
B. S3
C. EBS
D. instance store
E. SAML
Answer (B,C)
Question 13:
Select three on-premises backup solutions used for copying data to an Amazon
AWS S3 bucket?
A. AWS Import/Export
B. RDS
C. Snowball
D. Availability Zone (AZ) replication
E. AWS Storage Gateway
Answer (A,C,E)
Question 14:
You have 1 TB of data and want to archive the data that won’t be accessed that
often. What Amazon AWS storage solution is recommended?
A. Glacier
B. EBS
C. ephemeral
D. CloudFront
Answer (A)
Question 15:
What are three methods of accessing DynamoDB for customization purposes?
A. CLI
B. AWS console
C. API call
D. vCenter
E. Beanstalk
Answer (A,B,C)
Question 16:
What are two primary differences between Glacier and S3 storage services?
A. Glacier is lower cost
B. S3 is lower cost
C. Glacier is preferred for frequent data access with lower latency
D. S3 is preferred for frequent data access with lower latency
E. S3 supports larger file size
Answer (A,D)
Question 17:
What statement correctly describes the operation of AWS Glacier archive?
A. archive is a group of vaults
B. archive is an unencrypted vault
C. archive supports aggregated files only
D. maximum file size is 1 TB
E. archive supports single and aggregated files
Answer (E)
Question 18: What are three primary differences between S3 vs EBS?
A. S3 is a multi-purpose public internet-based storage
B. EBS is directly assigned to a tenant VPC EC2 instance
C. EBS and S3 provide persistent storage
D. EBS snapshots are typically stored on S3 buckets
E. EBS and S3 use buckets to manage files
F. EBS and S3 are based on block level storage
Answer (A,B,D)
Question 19:
What on-premises solution is available from Amazon AWS to minimize latency
for all data?
A. Gateway-VTL
B. Gateway-cached volumes
C. Gateway-stored volumes
D. EBS
E. S3 bucket
F. ElastiCache
Answer (C)
Question 20:
What feature transitions S3 storage to Standard-IA for cost optimization?
A. RRS/S3
B. Glacier vault
C. storage class analysis
D. path-based routing
Answer (C)
Question 21:
How does AWS uniquely identify S3 objects?
A. bucket name
B. version
C. key
D. object tag
Answer (C)
Question 22:
What is the advantage of read-after-write consistency for S3 buckets?
A. no stale reads for PUT of any new object in all regions
B. higher throughput for all requests
C. stale reads for PUT requests in some regions
D. no stale reads for GET requests in a single regions
Answer (A)
Question 23:
What is the maximum single file object size supported with Amazon S3?
A. 5 GB
B. 5 TB
C. 1 TB
D. 100 GB
Answer (B)
Question 24:
What security problem is solved by using Cross-Origin Resource Sharing
(CORS)?
A. enable HTTP requests from within scripts to a different domain
B. enable sharing of web-based files between different buckets
C. provide security for third party objects within AWS
D. permits sharing objects between AWS services
Answer (A)
Question 25:
What is recommended for migrating 40 TB of data from on-premises to S3
when the internet link is often overutilized?
A. AWS Storage gateway
B. AWS Snowball
C. AWS Import/Export
D. AWS Elastic File System
E. AWS Elasticsearch
F. AWS Multi-Part Upload API
Answer (B)
Question 26:
Your company is publishing an online catalog of books that is currently using
DynamoDB for storing the information associated with each item. There is a
requirement to add images for each book. What solution is most cost effective
and designed for that purpose?
A. RedShift
B. EBS
C. RDS
D. S3
E. Kinesis
Answer (D)
Question 27:
You have an application that collects monitoring data from 10,000 sensors (IoT)
deployed in the USA. The datapoints are comprised of video events for home
security and environment status alerts. The application will be deployed to AWS
with EC2 instances as data collectors. What AWS storage service is preferred for
storing video files from sensors?
A. RedShift
B. RDS
C. S3
D. DynamoDB
Answer (C)
Security Architecture
Question 1:
What statements correctly describe security groups within a VPC? (Select three)
A. default security group only permit inbound traffic
B. security groups are stateful firewalls
C. only allow rules are supported
D. allow and deny rules are supported
E. security groups are associated to network interfaces
Answer (B,C,E)
Question 2:
What three items are required to configure a security group rule?
A. protocol type
B. VPC name
C. port number
D. source IP
E. destination IP
F. description
Answer (A,C,D)
Question 3:
What two source IP address types are permitted in a security group rule?
A. only CIDR blocks with /16 subnet mask
B. source IP address 0.0.0.0/0
C. single source IP address with /24 subnet mask
D. security group id
E. IPv6 address with /64 prefix length
Answer (B,D)
Question 4:
What protocols must be enabled for remote access to Linux-based and Windowsbased EC2 instances?
A. SSH, ICMP, Telnet
B. SSH, HTTP, RDP
C. SSH, HTTP, SSL
D. SSH, RDP, ICMP
Answer (D)
Question 5:
Distinguish network ACLs from security groups within a VPC? (Select three)
A. ACL filters at the subnet level
B. ACL is based on deny rules only
C. ACL is applied to instances and subnets
D. ACL is stateless
E. ACL supports a numbered list for filtering
Answer (A,D,E)
Question 6:
What happens to the security permissions of a tenant when an IAM role is
granted? (Select two)
A. tenant inherits only permissions assigned to the IAM role temporarily
B. add security permissions of the IAM role to existing permissions
C. previous security permissions are no longer in effect
D. previous security permissions are deleted unless reconfigured
E. tenant inherits only read permissions assigned to the IAM role
Answer (A,C)
Question 7:
Where are IAM permissions granted to invoke and execute a Lambda function
for S3 access? (Select two)
A. S3 bucket
B. EC2 instance
C. Lambda function
D. IAM role
E. event mapping
Answer (A,D)
Question 8:
You have some developers working on code for an application and they require
temporary access to AWS cloud up to an hour. What is the easiest web-based
solution from AWS to provides access and minimize security exposure?
A. ACL
B. security group
C. IAM group
D. STS
E. EFS
Answer (D)
Question 9:
What two methods are used to request temporary credentials based on AWS
Security Token Service (STS)?
A. Web Identity Federation
B. LDAP
C. IAM identity
D. dynamic ACL
E. private key rotation
Answer (A,C)
Question 10:
What two components are required for enabling SAML authentication requests
to AWS Identity and Access Management (IAM)?
A. access keys
B. session token
C. SSO
D. identity provider (IdP)
E. SAML provider entity
Answer (D,E)
Question 11:
What are two reasons for deploying Origin Access Identity (OAI) when enabling
CloudFront?
A. prevent users from deleting objects in S3 buckets
B. mitigate distributed denial of service attacks (DDoS)
C. prevent users from accessing objects with Amazon S3 URL
D. prevent users from accessing objects with CloudFront URL
E. replace IAM for internet-based customer authentication
Answer (B,C)
Question 12:
What solutions are recommended to mitigate DDoS attacks? (Select three)
A. host-based firewall
B. elastic load balancer
C. WAF
D. SSL/TLS
E. Bastion host
F. NAT gateway
Answer (B,C,E)
Question 13:
What features are required to prevent users from bypassing AWS CloudFront
security? (Select three)
A. Bastion host
B. signed URL
C. IP whitelist
D. signed cookies
E. origin access identity (OAI)
Answer (B,D,E)
Question 14:
What is the advantage of resource-based policies for cross-account access?
A. trusted account permissions are not replaced
B. trusted account permissions are replaced
C. resource-based policies are easier to deploy
D. trusting account manages all permissions
Answer (A)
Question 15:
Select three requirements for configuring a Bastion host?
A. EIP
B. SSH inbound permission
C. default route
D. CloudWatch logs group
E. VPN
F. Auto-Scaling
Answer (A,B,D)
Question 16:
What rule must be added to the security group assigned to a mount target
instance that enables EFS access from an EC2 instance?
A. Type = EC2, protocol = IP, port = 2049, source = remote security group
id
B. Type = EC2, protocol = EFS, port = 2049, source = 0.0.0.0/0
C. Type = NFS, protocol = TCP, port = 2049, source = remote security
group id
D. Type = NFSv4, protocol = UDP, port = 2049, source = remote security
group id
Answer (C)
Question 17: What statement correctly describes IAM architecture?
A. IAM security is unified per region and replicated based on requirements
for an AWS tenant account
B. IAM security is defined per region for roles only on an AWS tenant
account
C. IAM security is globally unified across the AWS cloud for an AWS
tenant account
D. IAM security is defined separately per region and cross-region security
enabled for an AWS tenant account
Answer (C)
Question 18:
What are two advantages of customer-managed encryption keys (CMK)?
A. create and rotate encryption keys
B. AES-128 cipher for data at rest
C. audit encryption keys
D. encrypts data in-transit for server-side encryption only
Answer (A,C)
Question 19:
What feature is not available with AWS Trusted Advisor?
A. cost optimization
B. infrastructure best practices
C. vulnerability assessment
D. monitor application metrics
Answer (C)
Question 20:
What is required to Ping from a source instance to a destination instance?
A. Network ACL: not required Security Group: allow ICMP outbound on
source/destination EC2 instances
B. Network ACL: allow ICMP inbound/outbound on source/destination subnets
Security Group: not required
C. Network ACL: allow ICMP inbound/outbound on source/destination subnets
Security Group: allow ICMP outbound on source EC2 instance Security
Group: allow ICMP inbound on destination EC2 instance
D. Network ACL: allow TCP inbound/outbound on source/destination subnets
Security Group: allow TCP and ICMP inbound on source EC2 instance
Answer (C)
Question 21:
What two steps are required to grant cross-account permissions between AWS
accounts?
A. create an IAM user
B. attach a trust policy to S3
C. create a transitive policy
D. attach a trust policy to the role
E. create an IAM role
Answer (D,E)
Question 22: You have configured a security group to allow ICMP, SSH and
RDP inbound and assigned the security group to all instances in a subnet. There
is no access to any Linux-based or Windows-based instances and you cannot
Ping any instances. The network ACL for the subnet is configured to allow all
inbound traffic to the subnet. What is the most probable cause?
A. on-premises firewall rules
B. security group and network ACL outbound rules
C. network ACL outbound rules
D. security group outbound rules
E. Bastion host required
Answer (C)
Question 23:
What three techniques provide authentication security on S3 volumes?
A. bucket policies
B. network ACL
C. Identity and Access Management (IAM)
D. encryption
E. AES256
Answer (A,B,C)
Question 24: What statement correctly describes support for AWS encryption of
S3 objects?
A. tenants manage encryption for server-side encryption of S3 objects
B. Amazon manages encryption for server-side encryption of S3 objects
C. client-side encryption of S3 objects is not supported
D. S3 buckets are encrypted only
E. SSL is only supported with Glacier storage
Answer (B)
Question 25:
What authentication method provides Federated Single Sign-On (SSO) for
cloud applications?
A. ADS
B. ISE
C. RADIUS
D. TACACS
E. SAML
Answer (E)
Question 26:
Based on the Amazon security model, what infrastructure configuration and
associated security is the responsibility of tenants and not Amazon AWS? (Select
two)
A. dedicated cloud server
B. hypervisor
C. operating system level
D. application level
E. upstream physical switch
Answer (C,D)
Question 27:
What security authentication is required before configuring or modifying EC2
instances? (Select three)
A. authentication at the operating system level
B. EC2 instance authentication with asymmetric keys
C. authentication at the application level
D. Telnet username and password
E. SSH/RDP session connection
Answer (A,B,E)
Question 28:
What feature is part of Amazon Trusted Advisor?
A. security compliance
B. troubleshooting tool
C. EC2 configuration tool
D. security certificates
Answer (A)
Question 29:
What are two best practices for account management within Amazon AWS?
A. do not use root account for common administrative tasks
B. create a single AWS account with multiple IAM users that have root
privilege
C. create multiple AWS accounts with multiple IAM users per AWS
account
D. use root account for all administrative tasks
E. create multiple root user accounts for redundancy
Answer (A,C)
Question 30:
What AWS feature is recommended for optimizing data security?
A. Multi-factor authentication
B. username and encrypted password
C. Two-factor authentication
D. SAML
E. Federated LDAP
Answer (A)
Question 31:
What IAM class enables an EC2 instance to access a file object in an S3 bucket?
A. user
B. root
C. role
D. group
Answer (C)
Question 32:
What are three recommended solutions that provide protection and mitigation
from distributed denial of service (DDoS) attacks?
A. security groups
B. CloudWatch
C. encryption
D. WAF
E. data replication
F. Auto-Scaling
Answer (A,B,D)
Question 33:
What are three recommended best practices when configuring Identity and
Access Management (IAM) security services?
A. Lock or delete your root access keys when not required
B. IAM groups are not recommended for storage security
C. create an IAM user with administrator privileges
D. share your password and/or access keys with members of your group
only
E. delete any AWS account where the access keys are unknown
Answer (A,C,E)
Question 34:
What two features create security zones between EC2 instances within a VPC?
A. security groups
B. Virtual Security Gateway
C. network ACL
D. WAF
Answer (A,B)
Question 35:
What AWS service provides vulnerability assessment services to tenants within
the cloud?
A. Amazon WAF
B. Amazon Inspector
C. Amazon Cloud Logic
D. Amazon Trusted Advisor
Answer (B)
Question 36:
What are two primary differences between AD Connector and Simple AD for
cloud directory services?
A. Simple AD requires an on-premises ADS directory
B. Simple AD is fully managed and setup in minutes
C. AD Connector requires an on-premises ADS directory
D. Simple AD is more scalable than AD Connector
E. Simple AD provides enhanced integration with IAM
Answer (B,C)
Database Services
Question 1:
How is load balancing enabled for multiple tasks to the same container instance?
A. path-based routing
B. reverse proxy
C. NAT
D. dynamic port mapping
E. dynamic listeners
Answer (D)
Question 2:
What encryption support is available for tenants that are deploying AWS
DynamoDB?
A. server-side encryption
B. client-side encryption
C. client-side and server-side encryption
D. encryption not supported
E. block level encryption
Answer (B)
Question 3:
What are three primary reasons for deploying ElastiCache?
A. data security
B. managed service
C. replication with Redis
D. durability
E. low latency
Answer (B,C,E)
Question 4:
What service does not support session data persistence store to enable web-based
stateful applications?
A. RDS
B. Memcached
C. DynamoDB
D. Redis
E. RedShift
Answer (B)
Question 5:
How does Memcached implement horizontal scaling?
A. Auto-Scaling
B. database store
C. partitioning
D. EC2 instances
E. S3 bucket
Answer (C)
Question 6:
What two options are available for tenants to access ElastiCache?
A. VPC peering link
B. EC2 instances
C. EFS mount
D. cross-region VPC
Answer (A,B)
Question 7:
What two statements correctly describe in-transit encryption support on
ElastiCache platform ?
A. not supported for ElastiCache platform
B. supported on Redis replication group
C. encrypts cached data at rest
D. not supported on Memcached cluster
E. IPsec must be enabled first
Answer (B,D)
Question 8:
What Amazon AWS platform is designed for complex analytics of a variety of
large data sets based on custom code. The applications include machine learning
and data transformation?
A. EC2
B. Beanstalk
C. Redshift
D. EMR
Answer (D)
Question 9:
What are two primary advantages of DynamoDB?
A. SQL support
B. managed service
C. performance
D. CloudFront integration
Answer (B,C)
Question 10:
What two fault tolerant features does Amazon RDS support?
A. copy snapshot to a different region
B. create read replica to a different region
C. copy unencrypted read-replica only
D. copy read/write replica and snapshot
Answer (A,B)
Question 11:
What managed services are included with Amazon RDS? (select four)
A. assign network capacity to database instances
B. install database software
C. perform regular backups
D. data replication across multiple availability zones
E. data replication across single availability zone only
F. configure database
G. performance tuning
Answer (A,B,C,D)
Question 12:
What two configuration features are required to create a private database
instance?
A. security group
B. network ACL
C. CloudWatch
D. Elastic IP (EIP)
E. Nondefault VPC
F. DNS
Answer (A,F)
Question 13:
What storage type is recommended for an online transaction processing (OLTP)
application deployed to Multi-AZ RDS with significant workloads?
A. General Purpose SSD
B. Magnetic
C. EBS volumes
D. Provisioned IOPS
Answer (D)
Question 14:
What features are supported with Amazon RDS? (Select three)
A. horizontal scaling with multiple read replicas
B. elastic load balancing RDS read replicas
C. replicate read replicas cross-region
D. automatic failover to master database instance
E. application load balancer (ALB)
Answer (A,C,E)
Question 15:
What are three advantages of standby replica in a Multi-AZ RDS deployment?
A. fault tolerance
B. eliminate I/O freezes
C. horizontal scaling
D. vertical scaling
E. data redundancy
Answer (A,B,E)
Question 16:
What consistency model is the default used by DynamoDB?
A. strongly consistent
B. eventually consistent
C. no default model
D. casual consistency
E. sequential consistency
Answer (B)
Question 17:
What does RDS use for database and log storage?
A. EBS
B. S3
C. instance store
D. local store
E. SSD
Answer (A)
Question 18:
What statements correctly describe support for Microsoft SQL Server within
Amazon VPC? (Select three)
A. read/write replica
B. read replica only
C. vertical scaling
D. native load balancing
E. EBS storage only
F. S3 storage only
Answer (B,C,D)
Question 19:
Select two features available with Amazon RDS for MySQL?
A. Auto-Scaling
B. read requests to standby replicas
C. real-time database replication
D. active read requests only
Answer (B,C)
Question 20:
What are two characteristics of Amazon RDS?
A. database managed service
B. NoSQL queries
C. native load balancer
D. database write replicas
E. automatic failover of read replica
Answer (A,C)
Question 21:
What caching engines are supported with Amazon ElastiCache? (Select two)
A. HAProxy
B. Route 53
C. RedShift
D. Redis
E. Memcached
F. CloudFront
Answer (D,E)
Question 22:
What are three primary characteristics of DynamoDB?
A. less scalable than RDS
B. static content
C. store metadata for S3 objects
D. replication to three Availability Zones
E. high read/write throughput
Answer (C,D,E)
Question 23:
What are three examples of using Lambda functions to move data between AWS
services?
A. read data directly from DynamoDB streams to RDS
B. read data from Kinesis stream and write data to DynamoDB
C. read data from DynamoDB stream to Firehose and write to S3
D. read data from S3 and write metadata to DynamoDB
E. read data from Kinesis Firehose to Kinesis data stream
Answer (B,C,D)
Question 24: You have enabled Amazon RDS database services in VPC1 for an
application with public web servers in VPC2. How do you connect the web
servers to the RDS database instance so they can communicate considering the
VPC’s are in different regions?
A. VPC endpoints
B. VPN gateway
C. path-based routing
D. publicly accessible database
E. VPC peering
Answer (D)
Question 25:
You have a requirement to create an index to search customer objects stored in
S3 buckets. The solution should enable you to create a metadata search index for
each object stored to an S3 bucket. Select the most scalable and cost effective
solution?
A. RDS, ElastiCache
B. DynamoDB, Lambda
C. RDS, EMR, ALB
D. RedShift
Answer (B)
Question 26: What are three advantages of using DynamoDB over S3 for
storing IoT sensor data where there are 100,000 datapoint samples sent per
minute?
A. S3 must create a single file for each event
B. IoT can write data directly to DynamoDB
C. DynamoDB provides fast read/writes to a structured table for queries
D. DynamoDB is designed for frequent access and fast lookup of small
records
E. S3 is designed for frequent access and fast lookup of smaller records
F. IoT can write data directly to S3
Answer (B,C,D)
Question 27:
Your company is a provider of online gaming that customers access with various
network access devices including mobile phones. What is a data warehousing
solutions for large amounts of information on player behavior, statistics and
events for analysis using SQL tools?
A. RedShift
B. DynamoDB
C. RDS
D. DynamoDB
E. Elasticsearch
Answer (A)
Question 28: What two statements are correct when comparing Elasticsearch
and RedShift as analytical tools?
A. Elasticsearch is a text search engine and document indexing tool
B. RedShift supports complex SQL-based queries with Petabyte sized data
store
C. Elasticsearch supports SQL queries
D. RedShift provides only basic analytical services
E. Elasticsearch does not support JSON data type
Answer (A,B)
Question 29:
What happens when read or write requests exceed capacity units (throughput
capacity) for a DynamoDB table or index? (Select two)
A. DynamoDB automatically increases read/write units
B. DynamoDB can throttle requests so that requests are not exceeded
C. HTTP 400 code is returned (Bad Request)
D. HTTP 500 code is returned (Server Error)
E. DynamoDB automatically increases read/write units if provisioned
throughput is enabled
Answer (B,C)
Question 30:
What read consistency method provides lower latency for GetItem requests?
A. strongly persistent
B. eventually consistent
C. strongly consistent
D. write consistent
Answer (B)
Question 31:
You must specify strongly consistent read and write capacity for your
DynamoDB database. You have determined read capacity of 128 Kbps and write
capacity of 25 Kbps is required for your application. What is the read and write
capacity units required for DynamoDB table?
A. 32 read units, 25 write units
B. 1 read unit, 1 write unit
C. 16 read units, 2.5 write units
D. 64 read units, 10 write units
Answer (A)
Question 32:
What DynamoDB capacity management technique is based on the tenant
specifying an upper and lower range for read/write capacity units?
A. demand
B. provisioned throughput
C. reserved capacity
D. auto scaling
E. general purpose
Answer (D)
Question 33:
What is the maximum volume size of a MySQL RDS database?
A. 6 TB
B. 3 TB
C. 16 TB
D. unlimited
Answer (C)
Question 34:
What is the maximum size of a DynamoDB record (item)?
A. 400 KB
B. 64 KB
C. 1 KB
D. 10 KB
Answer (A)
Fault Tolerant Systems
Question 1:
What two features describe an Application Load Balancer (ALB)?
A. dynamic port mapping
B. SSL listener
C. layer 7 load balancer
D. backend server authentication
E. multi-region forwarding
Answer (A,C)
Question 2:
What enables load balancing between multiple applications per load balancer?
A. listeners
B. sticky sessions
C. path-based routing
D. backend server authentication
Answer (C)
Question 3:
What three features are characteristic of Classic Load Balancer?
A. dynamic port mapping
B. path-based routing
C. SSL listener
D. backend server authentication
E. ECS
F. Layer 4 based load balancer
Answer (C,D,F)
Question 4:
What security feature is only available with Classic Load Balancer?
A. IAM role
B. SAML
C. back-end server authentication
D. security groups
E. LDAP
Answer (C)
Question 5:
What is a primary difference between Classic and Network Load Balancer?
A. IP address target
B. Auto-Scaling
C. protocol target
D. cross-zone load balancing
E. listener
Answer (A)
Question 6: What are the first two conditions used by Amazon AWS default
termination policy for Multi-AZ architecture?
A. unprotected instance with oldest launch configuration
B. Availability Zone (AZ) with the most instances
C. at least one instance that is not protected from scale in
D. unprotected instance closest to the next billing hour
E. random selection of any unprotected instance
Answer (B,C)
Question 7:
What feature is used for horizontal scaling of consumers to process data records
from a Kinesis data stream?
A. vertical scaling shards
B. Auto-Scaling
C. Lambda
D. Elastic Load Balancer
Answer (B)
Question 8:
What DNS records can be used for pointing a zone apex to an Elastic Load
Balancer or CloudFront distribution? (Select two)
A. Alias
B. CNAME
C. MX
D. A
E. Name Server
Answer (A,D)
Question 9: What services are primarily provided by DNS Route 53? (Select
three)
A. load balancing web servers within a private subnet
B. resolve hostnames and IP addresses
C. load balancing web servers within a public subnet
D. load balancing data replication requests between ECS containers
E. resolve queries and route internet traffic to AWS resources
F. automated health checks to EC2 instances
Answer (B,E,F)
Question 10:
What are two features that correctly describe Availability Zone (AZ)
architecture?
A. multiple regions per AZ
B. interconnected with private WAN links
C. multiple AZ per region
D. interconnected with public WAN links
E. data auto-replicated between zones in different regions
F. Direct Connect supports Layer 2 connectivity to region
Answer (B,C)
Question 11:
How is Route 53 configured for Warm Standby fault tolerance? (Select two)
A. automated health checks
B. path-based routing
C. failover records
D. Alias records
Answer (A,C)
Question 12:
How is DNS Route 53 configured for Multi-Site fault tolerance? (Select two)
A. IP address
B. weighted records (non-zero)
C. health checks
D. Alias records
E. zero weighted records
Answer (B,C)
Question 13:
What is an Availability Zone?
A. data center
B. multiple VPCs
C. multiple regions
D. single region
E. multiple EC2 server instances
Answer (A)
Question 14:
How are DNS records managed with Amazon AWS to enable high availability?
A. Auto-Scaling
B. server health checks
C. reverse proxy
D. elastic load balancing
Answer (C)
Question 15:
What is the difference between Warm Standby and Multi-Site fault tolerance?
(Select two)
A. Multi-Site enables lower RTO and most recent RPO
B. Warm Standby enables lower RTO and most recent RPO
C. Multi-Site provides active/active load balancing
D. Multi-Site provides active/standby load balancing
E. DNS Route 53 is not required for Warm Standby
Answer (A,C)
Question 16:
What AWS best practice is recommended for creating fault tolerant systems?
A. vertical scaling
B. Elastic IP (EIP)
C. security groups
D. horizontal scaling
E. RedShift
Answer (D)
Question 17:
What two statements correctly describe versioning for protecting data at rest on
S3 buckets?
A. enabled by default
B. overwrites most current file version
C. restores deleted files
D. saves multiple versions of a single file
E. disabled by default
Answer (C,E)
Question 18:
What two methods are recommended by AWS for protecting EBS data at rest?
A. replication
B. snapshots
C. encryption
D. VPN
Answer (B,C)
Question 19: You have an Elastic Load Balancer assigned to a VPC with public
and private subnets. ELB is configured to load balance traffic to a group of EC2
instances assigned to an Auto-Scaling group. What three statements are correct?
A. Elastic Load Balancer is assigned to a public subnet
B. network ACL is assigned to Elastic Load Balancer
C. security group is assigned to Elastic Load Balancer
D. cross-zone load balancing is not supported
E. Elastic Load Balancer forwards traffic to primary private IP address
(eth0 interface) on each instance
Answer (A,C,E)
Deployment
Question 1:
What Amazon AWS service is available for container management?
A. ECS
B. Docker
C. Kinesis
D. Lambda
Answer (A)
Question 2:
What is associated with Microservices? (Select two)
A. Application Load Balancer
B. Kinesis
C. RDS
D. DynamoDB
E. ECS
Answer (A,E)
Question 3:
Where does Amazon retrieve web content when it is not in the nearest
CloudFront edge location?
A. secondary location
B. file server
C. EBS
D. S3 bucket
Answer (D)
Question 4:
What two features of an API Gateway minimize the effects of peak traffic events
and minimize latency?
A. load balancing
B. firewalling
C. throttling
D. scaling
E. caching
Answer (C,E)
Question 5:
What three characteristics differentiate Lambda from traditional EC2
deployment or containerization?
A. Lambda is based on Kinesis scripts
B. Lambda is serverless
C. tenant has ownership of EC2 instances
D. tenant has no control of EC2 instances
E. Lambda is a code-based service
F. Lambda supports only S3 and Glacier
Answer (B,D,E)
Question 6:
How is code uploaded to Lambda?
A. Lambda instance
B. Lambda container
C. Lambda entry point
D. Lambda function
E. Lambda AMI
Answer (D)
Question 7:
How are Lambda functions triggered?
A. EC2 instance
B. hypervisor
C. Kinesis
D. operating system
E. event source
Answer (E)
Question 8: What three statements correctly describe standard Lambda
operation?
A. Lambda function is allocated 500 MB ephemeral disk space
B. Lambda function is allocated 100 MB EBS storage
C. Lambda stores code in S3
D. Lambda stores code in a Glacier vault
E. Lambda stores code in containers
F. maximum execution time is 300 seconds
Answer (A,C,F)
Question 9: What network events are restricted by Lambda? (Select two)
A. only inbound TCP network connections are blocked by AWS Lambda
B. all inbound network connections are blocked by AWS Lambda
C. all inbound and outbound connections are blocked
D. outbound connections support only TCP/IP sockets
E. outbound connections support only SSL sockets
Answer (B,D)
Question 10:
How is versioning supported with Lambda? (Select two)
A. Lambda native support
B. ECS container
C. not supported
D. Aliases
E. replication
F. S3 versioning
Answer (A,D)
Question 11: What is the difference between Stream-based and AWS Services
when enabling Lambda?
A. streams maintains event source mapping in Lambda
B. streams maintains event source mapping in event source
C. streams maintains event source mapping in EC2 instance
D. streams maintains event source mapping in notification
E. streams maintains event source mapping in API
Answer (A)
Question 12:
Select two custom origin servers from the following?
A. S3 bucket
B. S3 object
C. EC2 instance
D. Elastic Load Balancer
E. API gateway
Answer (C,D)
Question 13:
What two attributes are only associated with CloudFront private content?
A. Amazon S3 URL
B. signed cookies
C. web distribution
D. signed URL
E. object
Answer (B,D)
Question 14:
How are origin servers located within CloudFront (Select two)
A. DNS request
B. distribution list
C. web distribution
D. RTMP protocol
E. source mapping
Answer (A,C)
Question 15:
Where are HTML files sourced from when they are not cached at a CloudFront
edge location?
A. S3 object
B. origin HTTP server
C. S3 bucket
D. nearest edge location
E. RTMP server
F. failover edge location
Answer (B)
Question 16:
What is the capacity of a single Kinesis shard? (Select two)
A. 2000 PUT records per second
B. 1 MB/sec data input and 2 MB/sec data output
C. 10 MB/sec data input and 10 MB/sec data output
D. 1000 PUT records per second
E. unlimited
Answer (B,D)
Question 17:
What Amazon AWS service supports real-time processing of data stream from
multiple consumers and replay of records?
A. DynamoDB
B. EMR
C. Kinesis data streams
D. SQS
E. RedShift
Answer (C)
Question 18: Your company has asked you to capture and forward a real-time
data stream on a massive scale directly to RedShift for analysis with BI tools.
What AWS tool is most appropriate that provides the feature set and cost
effective?
A. DynamoDB
B. SQS
C. Elastic Map Reduce
D. Kinesis Firehose
E. SNS
F. CloudFront
Answer (D)
Question 19:
What feature permits tenants to use a private domain name instead of the domain
name that CloudFront assigns to a distribution?
A. Route 53
B. CNAME record
C. MX record
D. RTMP
E. Signed URL
Answer (B)
Question 20:
What Amazon AWS service is available to guarantee the consuming of a unique
message only once?
A. Beanstalk
B. SQL
C. Exchange
D. SQS
Answer (D)
Question 21:
What is the fastest and easiest method for migrating an on-premises VMware
virtual machine to the AWS cloud?
A. Amazon Marketplace
B. AWS Server Migration Service
C. AWS Storage Gateway
D. EC2 Import/Export
Answer (B)
Question 22:
Select the stateless protocol from the following?
A. FTP
B. TCP
C. HTTP
D. SSH
Answer (C)
Question 23:
What are three valid endpoints for an API gateway?
A. RESTful API
B. Lambda function
C. AWS service
D. web server
E. HTTP method
Answer (B,C,D)
Question 24:
How is a volume selected (identified) when making an EBS Snapshot?
A. account id
B. volume id
C. tag
D. ARN
Answer (D)
Question 25:
What deployment service enables tenants to replicate an existing AWS stack?
A. Beanstalk
B. CloudFormation
C. RedShift
D. EMR
Answer (B)
Question 26:
What three services can invoke a Lambda function?
A. SNS topic
B. CloudWatch event
C. EC2 instance
D. security group
E. S3 bucket notification
Answer (A,B,E)
Question 27:
What two services enable automatic polling of a stream for new records only and
forward them to an AWS storage service?
A. SNS
B. Kinesis
C. Lambda
D. DynamoDB
Answer (B,C)
Question 28: Your company is deploying a web site with dynamic content to
customers in US, EU and APAC regions of the world. Content will include live
streaming videos to customers. SSL certificates are required for security
purposes. Select the AWS service delivers all requirements and provides the
lowest latency?
A. DynamoDB
B. CloudFront
C. S3
D. Redis
Answer (B)
Question 29:
What are the advantages of Beanstalk? (Select two)
A. orchestration and deployment abstraction
B. template-oriented deployment service
C. easiest solution for developers to deploy cloud applications
D. does not support cloud containers
Answer (A,C)
Question 30: You are a network analyst with JSON scripting experience and
asked to select an AWS solution that enables automated deployment of cloud
services. The template design would include a nondefault VPC with EC2
instances, ELB, Auto-Scaling and active/active failover. What AWS solution is
recommended?
A. Beanstalk
B. OpsWorks
C. CloudTrail
D. CloudFormation
Answer (D)
Question 31:
Select two statements that correctly describe OpsWorks?
A. Opsworks provides operational and configuration automation
B. OpsWorks is a lower cost alternative to BeanStalk
C. OpsWorks is primarily a monitoring service
D. Chef scripts (recipes) are a key aspect of OpsWorks
Answer (A,D)
Question 32:
Your company has developed an IoT application that sends Telemetry data from
100,000 sensors. The sensors send a datapoint of 1 KB at one-minute intervals to
a DynamoDB collector for monitoring purposes. What AWS stack would enable
you to store data for real-time processing and analytics using BI tools?
A. Sensors -> Kinesis Stream -> Firehose -> DynamoDB
B. Sensors -> Kinesis Stream -> Firehose -> DynamoDB -> S3
C. Sensors -> AWS IoT -> Firehose -> RedShift
D. Sensors -> Kinesis Data Streams -> Firehose -> RDS
Answer (C)
Question 33:
Your company has an application that was developed and migrated to AWS
cloud. The application leverages some AWS services as part of the architecture.
The stack includes EC2 instances, RDS database, S3 buckets, RedShift and
Lambda functions. In addition there is IAM security permissions configured
with defined users, groups and roles.
The application is monitored with CloudWatch and STS was recently added for
permitting Web Identity Federation sign-on from Google accounts. You want a
solution that can leverage the experience of your employees with AWS cloud
infrastructure as well. What AWS service can create a template of the design and
configuration for easier deployment of the application to multiple regions?
A. Snowball
B. Opsworks
C. CloudFormation
D. Beanstalk
Answer (C)
Monitoring Services
Question 1:
What statement correctly describes CloudWatch operation within AWS cloud?
A. log data is stored indefinitely
B. log data is stored for 15 days
C. alarm history is never deleted
D. ELB is not supported
Answer (A)
Question 2:
What are two AWS subscriber endpoint services that are supported with SNS?
A. RDS
B. Kinesis
C. SQS
D. Lambda
E. EBS
F. ECS
Answer (C,D)
Question 3:
What AWS services work in concert to integrate security monitoring and
audit within a VPC? (Select three)
A. Syslog
B. CloudWatch
C. WAF
D. CloudTrail
E. VPC Flow Log
Answer (B,D,E)
Question 4:
How is CloudWatch integrated with Lambda? (Select two)
A. tenant must enable CloudWatch monitoring
B. network metrics such as latency are not monitored
C. Lambda functions are automatically monitored through Lambda service
D. log group is created for each event source
E. log group is created for each function
Answer (C,E)
Question 5:
What two statements correctly describe AWS monitoring and audit operations?
A. CloudTrail captures API calls, stores them in an S3 bucket and generates
a Cloudwatch event
B. CloudWatch alarm can send a message to a Lambda function
C. CloudWatch alarm can send a message to an SNS Topic that triggers an
event for a Lambda function
D. CloudTrail captures all AWS events and stores them in a log file
E. VPC logs do not support events for security groups
Answer (A,C)
Question 6:
What is required for remote management access to your Linux-based instance?
A. ACL
B. Telnet
C. SSH
D. RDP
Answer (C)
Question 7:
What are two features of CloudWatch operation?
A. CloudWatch does not support custom metrics
B. CloudWatch permissions are granted per feature and not AWS resource
C. collect and monitor operating system and application generated log files
D. AWS services automatically create logs for CloudWatch
E. CloudTrail generates logs automatically when AWS account is activated
Answer (B,C)
Question 8:
You are asked to select an AWS solution that will create a log entry anytime a
snapshot of an RDS database instance and deletes the original instance. Select
the AWS service that would provide that feature?
A. VPC Flow Logs
B. RDS Access Logs
C. CloudWatch
D. CloudTrail
Answer (D)
Question 9:
What is required to enable application and operating system generated logs and
publish to CloudWatch Logs?
A. Syslog
B. enable access logs
C. IAM cross-account enabled
D. CloudWatch Log Agent
Answer (D)
Question 10:
What is the purpose of VPC Flow Logs?
A. capture VPC error messages
B. capture IP traffic on network interfaces
C. monitor network performance
D. monitor netflow data from subnets
E. enable Syslog services for VPC
Answer (B)
Question 11:
Select two cloud infrastructure services and/or components included with default
CloudWatch monitoring?
A. SQS queues
B. operating system metrics
C. hypervisor metrics
D. virtual appliances
E. application level metrics
Answer (A,C)
Question 12:
What feature enables CloudWatch to manage capacity dynamically for EC2
instances?
A. replication lag
B. Auto-Scaling
C. Elastic Load Balancer
D. vertical scaling
Answer (B)
Question 13:
What AWS service is used to monitor tenant remote access and various security
errors including authentication retries?
A. SSH
B. Telnet
C. CloudFront
D. CloudWatch
Answer (D)
Question 14:
How does Amazon AWS isolate metrics from different applications for
monitoring, store and reporting purposes?
A. EC2 instances
B. Beanstalk
C. CloudTrail
D. namespaces
E. Docker
Answer (D)
Question 15:
What Amazon AWS service provides account transaction monitoring and
security audit?
A. CloudFront
B. CloudTrail
C. CloudWatch
D. security group
Answer (B)
Question 16:
What two statements correctly describe CloudWatch monitoring of database
instances?
A. metrics are sent automatically from DynamoDB and RDS to
CloudWatch
B. alarms must be configured for DynamoDB and RDS within CloudWatch
C. metrics are not enabled automatically for DynamoDB and RDS
D. RDS does not support monitoring of operating system metrics
Answer (A,B)
Question 17: What AWS service can send notifications to customer
smartphones and mobile applications with attached video and/or alerts?
A. EMR
B. Lambda
C. SQS
D. SNS
E. CloudTrail
Answer (D) Amazon Books• AWS Certified Solutions Architect
Associate Exam: Study Notes • AWS Certified Solutions Architect Associate
Exam: Certification Practice Questions (full answer key version)