AWS Certified Solutions Architect Chapter Exams 2022

AWS Certified Solutions Architect Chapter Exams 2022 Which of the following describes a physical location around the world where AWS clusters data centers? 1. Endpoint 2. Collection 3. Fleet 4. Region - ANS- 4 D ...

AWS Certified Solutions Architect Chapter Exams 2022 Which of the following describes a physical location around the world where AWS clusters data centers? 1. Endpoint 2. Collection 3. Fleet 4. Region - ANS- 4 D.
A region is a named set of AWS resources in the same geographical area. A region comprises at least two availability zones. Endpoint, Collection, and Fleet do not describe a physical location around the world where AWS clusters data centers. Each AWS region is composed of two or more locations that offer organizations the ability to operate production systems that are more highly available, fault tolerant, and scalable than would be possible using a single data center. What are these locations called? 1. Availability zones 2. Replication areas 3. Geographic districts 4. Compute centers - ANS- 1 A.
An availability zone is a distinct location within a region that is insulated from failures in other availability zones and provides inexpensive, lowlatency network connectivity to other availability zones in the same region. Replication areas, geographic districts, and compute centers are not terms used to describe AWS data center locations. What is the deployment term for an environment that extends an existing onpremises infrastructure into the cloud to connect cloud resources to internal systems? 1. All-in deployment 2. Hybrid deployment 3. On-premises deployment 4. Scatter deployment - ANS- 2 B.
A hybrid deployment is a way to connect infrastructure and applications between cloud-based resources and existing resources that are not located in the cloud. An all-in deployment refers to an environment that exclusively runs in the cloud. An on-premises deployment refers to an environment that runs exclusively in an organization's data center. Which AWS Cloud service allows organizations to gain system-wide visibility into resource utilization, application performance, and operational health? 1. AWS Identity and Access Management (IAM) 2. Amazon Simple Notification Service (Amazon SNS) 3. Amazon CloudWatch 4. AWS CloudFormation - ANS- 3 C.
Amazon CloudWatch is a monitoring service for AWS Cloud resources and the applications organizations run on AWS. It allows organizations to collect and track metrics, collect and monitor log files, and set alarms. AWS IAM, Amazon SNS, and AWS CloudFormation do not provide visibility into resource utilization, application performance, and the operational health of your AWS resources. Which of the following AWS Cloud services is a fully managed NoSQL database service? 1. Amazon Simple Queue Service (Amazon SQS) 2. Amazon DynamoDB 3. Amazon ElastiCache 4. Amazon Relational Database Service (Amazon RDS) - ANS- 2 B.
Amazon DynamoDB is a fully managed, fast, and flexible NoSQL database service for all applications that need consistent, single-digit millisecond latency at any scale. Amazon SQS, Amazon ElastiCache, and Amazon RDS do not provide a NoSQL database service. Amazon SQS is a managed message queuing service. Amazon ElastiCache is a service that provides in-memory cache in the cloud. Finally, Amazon RDS provides managed relational databases. Your company experiences fluctuations in traffic patterns to their e-commerce website based on flash sales. What service can help your company dynamically match the required compute capacity to the spike in traffic during flash sales? 1. Auto Scaling 2. Amazon Glacier 3. Amazon Simple Notification Service (Amazon SNS) 4. Amazon Virtual Private Cloud (Amazon VPC) - ANS- 1 A.
Auto Scaling helps maintain application availability and allows organizations to scale Amazon Elastic Compute Cloud (Amazon EC2) capacity up or down automatically according to conditions defined for the particular workload. Not only can it be used to help ensure that the desired number of Amazon EC2 instances are running, but it also allows resources to scale in and out to match the demands of dynamic workloads. Amazon Glacier, Amazon SNS, and Amazon VPC do not provide services to scale compute capacity automatically. Your company provides an online photo sharing service. The development team is looking for ways to deliver image files with the lowest latency to end users so the website content is delivered with the best possible performance. What service can help speed up distribution of these image files to end users around the world? 1. Amazon Elastic Compute Cloud (Amazon EC2) 2. Amazon Route 53 3. AWS Storage Gateway 4. Amazon CloudFront - ANS- 4 D.
Amazon CloudFront is a web service that provides a CDN to speed up distribution of your static and dynamic web content—for example, .html, .css, .php, image, and media files—to end users. Amazon CloudFront delivers content through a worldwide network of edge locations. Amazon EC2, Amazon Route 53, and AWS Storage Gateway do not provide CDN services that are required to meet the needs for the photo sharing service. Your company runs an Amazon Elastic Compute Cloud (Amazon EC2) instance periodically to perform a batch processing job on a large and growing filesystem. At the end of the batch job, you shut down the Amazon EC2 instance to save money but need to persist the filesystem on the Amazon EC2 instance from the previous batch runs. What AWS Cloud service can you leverage to meet these requirements? 1. Amazon Elastic Block Store (Amazon EBS) 2. Amazon DynamoDB 3. Amazon Glacier 4. AWS CloudFormation - ANS- 1 A.
Amazon EBS provides persistent block-level storage volumes for use with Amazon EC2 instances on the AWS Cloud. Amazon DynamoDB, Amazon Glacier, and AWS CloudFormation do not provide persistent block-level storage for Amazon EC2 instances. Amazon DynamoDB provides managed NoSQL databases. Amazon Glacier provides low-cost archival storage. AWS CloudFormation gives developers and systems administrators an easy way to create and manage a collection of related AWS resources. What AWS Cloud service provides a logically isolated section of the AWS Cloud where organizations can launch AWS resources in a virtual network that they define? 1. Amazon Simple Workflow Service (Amazon SWF) 2. Amazon Route 53 3. Amazon Virtual Private Cloud (Amazon VPC) 4. AWS CloudFormation - ANS- 3 C.
Amazon VPC lets organizations provision a logically isolated section of the AWS Cloud where they can launch AWS resources in a virtual network that they define. Amazon SWF, Amazon Route 53, and AWS CloudFormation do not provide a virtual network. Amazon SWF helps developers build, run, and scale background jobs that have parallel or sequential steps. Amazon Route 53 provides a highly available and scalable cloud Domain Name System (DNS) web service. Amazon CloudFormation gives developers and systems administrators an easy way to create and manage a collection of related AWS resources. Your company provides a mobile voting application for a popular TV show, and 5 to 25 million viewers all vote in a 15-second timespan. What mechanism can you use to decouple the voting application from your back-end services that tally the votes? 1. AWS CloudTrail 2. Amazon Simple Queue Service (Amazon SQS) 3. Amazon Redshift 4. Amazon Simple Notification Service (Amazon SNS) - ANS- 2 B.
Amazon SQS is a fast, reliable, scalable, fully managed message queuing service that allows organizations to decouple the components of a cloud application. With Amazon SQS, organizations can transmit any volume of data, at any level of throughput, without losing messages or requiring other services to be always available. AWS CloudTrail records AWS API calls, and Amazon Redshift is a data warehouse, neither of which would be useful as an architecture component for decoupling components. Amazon SNS provides a messaging bus complement to Amazon SQS; however, it doesn't provide the decoupling of components necessary for this scenario. In what ways does Amazon Simple Storage Service (Amazon S3) object storage differ from block and file storage? (Choose 2 answers) 1. Amazon S3 stores data in fixed size blocks. 2. Objects are identified by a numbered address. 3. Objects can be any size. 4. Objects contain both data and metadata. 5. Objects are stored in buckets. - ANS- 4,5 D,E.
Objects are stored in buckets, and objects contain both data and metadata. Which of the following are not appropriates use cases for Amazon Simple Storage Service (Amazon S3)? (Choose 2 answers) 1. Storing web content 2. Storing a file system mounted to an Amazon Elastic Compute Cloud (Amazon EC2) instance 3. Storing backups for a relational database 4. Primary storage for a database 5. Storing logs for analytics - ANS- 2,4 B,D.
Amazon S3 cannot be mounted to an Amazon EC2 instance like a file system and should not serve as primary database storage. What are some of the key characteristics of Amazon Simple Storage Service (Amazon S3)? (Choose 3 answers) 1. All objects have a URL. 2. Amazon S3 can store unlimited amounts of data. 3. Objects are world-readable by default. 4. Amazon S3 uses a REST (Representational State Transfer) Application Program Interface (API). 5. You must pre-allocate the storage in a bucket. - ANS- 1,2,4 A,B,D.
C and E are incorrect—objects are private by default, and storage in a bucket does not need to be pre-allocated. Which features can be used to restrict access to Amazon Simple Storage Service (Amazon S3) data? (Choose 3 answers) 1. Enable static website hosting on the bucket. 2. Create a pre-signed URL for an object. 3. Use an Amazon S3 Access Control List (ACL) on a bucket or object. 4. Use a lifecycle policy. 5. Use an Amazon S3 bucket policy. - ANS- 2,3,5 B,C,E.
Static website hosting does not restrict data access, and neither does an Amazon S3 lifecycle policy. Your application stores critical data in Amazon Simple Storage Service (Amazon S3), which must be protected against inadvertent or intentional deletion. How can this data be protected? (Choose 2 answers) 1. Use cross-region replication to copy data to another bucket automatically. 2. Set a vault lock. 3. Enable versioning on the bucket. 4. Use a lifecycle policy to migrate data to Amazon Glacier. 5. Enable MFA Delete on the bucket. - ANS- 3,5 C,E.
Versioning protects data against inadvertent or intentional deletion by storing all versions of the object, and MFA Delete requires a one-time code from a Multi-Factor Authentication (MFA) device to delete objects. Cross-region replication and migration to the Amazon Glacier storage class do not protect against deletion. Vault locks are a feature of Amazon Glacier, not a feature of Amazon S3. Your company stores documents in Amazon Simple Storage Service (Amazon S3), but it wants to minimize cost. Most documents are used actively for only about a month, then much less frequently. However, all data needs to be available within minutes when requested. How can you meet these requirements? 1. Migrate the data to Amazon S3 Reduced Redundancy Storage (RRS) after 30 days. 2. Migrate the data to Amazon Glacier after 30 days. 3. Migrate the data to Amazon S3 Standard – Infrequent Access (IA) after 30 days. 4. Turn on versioning, then migrate the older version to Amazon Glacier. - ANS- 3 C.
Migrating the data to Amazon S3 Standard-IA after 30 days using a lifecycle policy is correct. Amazon S3 RRS should only be used for easily replicated data, not critical data. Migration to Amazon Glacier might minimize storage costs if retrievals are infrequent, but documents would not be available in minutes when needed. How is data stored in Amazon Simple Storage Service (Amazon S3) for high durability? 1. Data is automatically replicated to other regions. 2. Data is automatically replicated within a region. 3. Data is replicated only if versioning is enabled on the bucket. 4. Data is automatically backed up on tape and restored if needed. - ANS- 2 B.
Data is automatically replicated within a region. Replication to other regions and versioning are optional. Amazon S3 data is not backed up to tape. Based on the following Amazon Simple Storage Service (Amazon S3) URL, which one of the following statements is correct?

https://bucket1.abc.com.s3.amazonaws.com/folderx/myfile.doc

(NOTE: This link is only an example URL for this question, and is not intended to be a real or live link.) 1. The object "myfile.doc" is stored in the folder "folderx" in the bucket "bucket1.abc.com." 2. The object "myfile.doc" is stored in the bucket "bucket1.abc.com." 3. The object "folderx/myfile.doc" is stored in the bucket "bucket1.abc.com." 4. The object "myfile.doc" is stored in the bucket "bucket1." - ANS- 3 C.
In a URL, the bucket name precedes the string "s3.amazonaws.com/," and the object key is everything after that. There is no folder structure in Amazon S3. To have a record of who accessed your Amazon Simple Storage Service (Amazon S3) data and from where, you should do what? 1. Enable versioning on the bucket. 2. Enable website hosting on the bucket. 3. Enable server access logs on the bucket. 4. Create an AWS Identity and Access Management (IAM) bucket policy. 5. Enable Amazon CloudWatch logs. - ANS- 3 C.
Amazon S3 server access logs store a record of what requestor accessed the objects in your bucket, including the requesting IP address. What are some reasons to enable cross-region replication on an Amazon Simple Storage Service (Amazon S3) bucket? (Choose 2 answers) 1. You want a backup of your data in case of accidental deletion. 2. You have a set of users or customers who can access the second bucket with lower latency. 3. For compliance reasons, you need to store data in a location at least 300 miles away from the first region. 4. Your data needs at least five nines of durability. - ANS- 2,3 B,C.
Cross-region replication can help lower latency and satisfy compliance requirements on distance. Amazon S3 is designed for eleven nines durability for objects in a single region, so a second region does not significantly increase durability. Cross-region replication does not protect against accidental deletion. Your company requires that all data sent to external storage be encrypted before being sent. Which Amazon Simple Storage Service (Amazon S3) encryption solution will meet this requirement? 1. Server-Side Encryption (SSE) with AWS-managed keys (SSE-S3) 2. SSE with customer-provided keys (SSE-C) 3. Client-side encryption with customer-managed keys 4. Server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS) - ANS- 3 C.
If data must be encrypted before being sent to Amazon S3, client-side encryption must be used. You have a popular web application that accesses data stored in an Amazon Simple Storage Service (Amazon S3) bucket. You expect the access to be very readintensive, with expected request rates of up to 500 GETs per second from many clients. How can you increase the performance and scalability of Amazon S3 in this case? 1. Turn on cross-region replication to ensure that data is served from multiple locations. 2. Ensure randomness in the namespace by including a hash prefix to key names. 3. Turn on server access logging. 4. Ensure that key names are sequential to enable pre-fetch. - ANS- 2 B.
Amazon S3 scales automatically, but for request rates over 100 GETS per second, it helps to make sure there is some randomness in the key space. Replication and logging will not affect performance or scalability. Using sequential key names could have a negative effect on performance or scalability. What is needed before you can enable cross-region replication on an Amazon Simple Storage Service (Amazon S3) bucket? (Choose 2 answers) 1. Enable versioning on the bucket. 2. Enable a lifecycle rule to migrate data to the second region. 3. Enable static website hosting. 4. Create an AWS Identity and Access Management (IAM) policy to allow Amazon S3 to replicate objects on your behalf. - ANS- 1,4 A,D.
You must enable versioning before you can enable cross-region replication, and Amazon S3 must have IAM permissions to perform the replication. Lifecycle rules migrate data from one storage class to another, not from one bucket to another. Static website hosting is not a prerequisite for replication. Your company has 100TB of financial records that need to be stored for seven years by law. Experience has shown that any record more than one-year old is unlikely to be accessed. Which of the following storage plans meets these needs in the most cost efficient manner? 1. Store the data on Amazon Elastic Block Store (Amazon EBS) volumes attached to t2.micro instances. 2. Store the data on Amazon Simple Storage Service (Amazon S3) with lifecycle policies that change the storage class to Amazon Glacier after one year and delete the object after seven years. 3. Store the data in Amazon DynamoDB and run daily script to delete data older than seven years. 4. Store the data in Amazon Elastic MapReduce (Amazon EMR). - ANS- 2 B.
Amazon S3 is the most cost effective storage on AWS, and lifecycle policies are a simple and effective feature to address the business requirements. Amazon Simple Storage Service (S3) bucket policies can restrict access to an Amazon S3 bucket and objects by which of the following? (Choose 3 answers) 1. Company name 2. IP address range 3. AWS account 4. Country of origin 5. Objects with a specific prefix - ANS- 2,3,5 B,C,E.
Amazon S3 bucket policies cannot specify a company name or a country or origin, but they can specify request IP range, AWS account, and a prefix for objects that can be accessed. Amazon Simple Storage Service (Amazon S3) is an eventually consistent storage system. For what kinds of operations is it possible to get stale data as a result of eventual consistency? (Choose 2 answers) 1. GET after PUT of a new object 2. GET or LIST after a DELETE 3. GET after overwrite PUT (PUT to an existing key) 4. DELETE after PUT of new object - ANS- 2,3 B,C.
Amazon S3 provides read-after-write consistency for PUTs to new objects (new key), but eventual consistency for GETs and DELETEs of existing objects (existing key). What must be done to host a static website in an Amazon Simple Storage Service (Amazon S3) bucket? (Choose 3 answers) 1. Configure the bucket for static hosting and specify an index and error document. 2. Create a bucket with the same name as the website. 3. Enable File Transfer Protocol (FTP) on the bucket. 4. Make the objects in the bucket world-readable. 5. Enable HTTP on the bucket. - ANS- 1,2,4 A,B,D.
A, B, and D are required, and normally you also set a friendly CNAME to the bucket URL. Amazon S3 does not support FTP transfers, and HTTP does not need to be enabled. You have valuable media files hosted on AWS and want them to be served only to authenticated users of your web application. You are concerned that your content could be stolen and distributed for free. How can you protect your content? 1. Use static web hosting. 2. Generate pre-signed URLs for content in the web application. 3. Use AWS Identity and Access Management (IAM) policies to restrict access. 4. Use logging to track your content. - ANS- 2 B.
Pre-signed URLs allow you to grant time-limited permission to download objects from an Amazon Simple Storage Service (Amazon S3) bucket. Static web hosting generally requires world-read access to all content. AWS IAM policies do not know who the authenticated users of the web app are. Logging can help track content loss, but not prevent it. Amazon Glacier is well-suited to data that is which of the following? (Choose 2 answers) 1. Is infrequently or rarely accessed 2. Must be immediately available when needed 3. Is available after a three- to five-hour restore period 4. Is frequently erased within 30 days - ANS- 1,3 A,C.
Amazon Glacier is optimized for long-term archival storage and is not suited to data that needs immediate access or short-lived data that is erased within 90 days. Which statements about Amazon Glacier are true? (Choose 3 answers) 1. Amazon Glacier stores data in objects that live in archives. 2. Amazon Glacier archives are identified by user-specified key names. 3. Amazon Glacier archives take three to five hours to restore. 4. Amazon Glacier vaults can be locked. 5. Amazon Glacier can be used as a standalone service and as an Amazon S3 storage class. - ANS- 3,4,5 C,D,E.
Amazon Glacier stores data in archives, which are contained in vaults. Archives are identified by system-created archive IDs, not key names. Your web application needs four instances to support steady traffic nearly all of the time. On the last day of each month, the traffic triples. What is a cost-effective way to handle this traffic pattern? 1. Run 12 Reserved Instances all of the time. 2. Run four On-Demand Instances constantly, then add eight more On-Demand Instances on the last day of each month. 3. Run four Reserved Instances constantly, then add eight On-Demand Instances on the last day of each month. 4. Run four On-Demand Instances constantly, then add eight Reserved Instances on the last day of each month. - ANS- 3 C.
Reserved Instances provide cost savings when you can commit to running instances full time, such as to handle the base traffic. On-Demand Instances provide the flexibility to handle traffic spikes, such as on the last day of the month. Your order-processing application processes orders extracted from a queue with two Reserved Instances processing 10 orders/minute. If an order fails during processing, then it is returned to the queue without penalty. Due to a weekend sale, the queues have several hundred orders backed up. While the backup is not catastrophic, you would like to drain it so that customers get their confirmation emails faster. What is a cost-effective way to drain the queue for orders? 1. Create more queues. 2. Deploy additional Spot Instances to assist in processing the orders. 3. Deploy additional Reserved Instances to assist in processing the orders. 4. Deploy additional On-Demand Instances to assist in processing the orders. - ANS2 B.
Spot Instances are a very cost-effective way to address temporary compute needs that are not urgent and are tolerant of interruption. That’s exactly the workload described here. Reserved Instances are inappropriate for temporary workloads. On-Demand Instances are good for temporary workloads, but don’t offer the cost savings of Spot Instances. Adding more queues is a non-responsive answer as it would not address the problem. Which of the following must be specified when launching a new Amazon Elastic Compute Cloud (Amazon EC2) Windows instance? (Choose 2 answers) 1. The Amazon EC2 instance ID 2. Password for the administrator account 3. Amazon EC2 instance type 4. Amazon Machine Image (AMI) - ANS- 3,4 C,D.
The Amazon EC2 instance ID will be assigned by AWS as part of the launch process. The administrator password is assigned by AWS and encrypted via the public key. The instance type defines the virtual hardware and the AMI defines the initial software state. You must specify both upon launch. You have purchased an m3.xlarge Linux Reserved instance in us-east-1a. In which ways can you modify this reservation? (Choose 2 answers) 1. Change it into two m3.large instances. 2. Change it to a Windows instance. 3. Move it to us-east-1b. 4. Change it to an m4.xlarge. - ANS- 1,3 A,C.
You can change the instance type only within the same instance type family, or you can change the availability zone. You cannot change the operating system nor the instance type family. Your instance is associated with two security groups. The first allows Remote Desktop Protocol (RDP) access over port 3389 from Classless Inter-Domain Routing (CIDR) block 72.14.0.0/16. The second allows HTTP access over port 80 from CIDR block 0.0.0.0/0. What traffic can reach your instance? 1. RDP and HTTP access from CIDR block 0.0.0.0/0 2. No traffic is allowed. 3. RDP and HTTP traffic from 72.14.0.0/16 4. RDP traffic over port 3389 from 72.14.0.0/16 and HTTP traffic over port 80 from 0.0.00/0 - ANS- 4 D.
When there are multiple security groups associated with an instance, all the rules are aggregated. Which of the following are features of enhanced networking? (Choose 3 answers) 1. More Packets Per Second (PPS) 2. Lower latency 3. Multiple network interfaces 4. Border Gateway Protocol (BGP) routing 5. Less jitter - ANS- 1,2,5 A,B,E.
These are the benefits of enhanced networking. You are creating a High-Performance Computing (HPC) cluster and need very low latency and high bandwidth between instances. What combination of the following will allow this? (Choose 3 answers) 1. Use an instance type with 10 Gbps network performance. 2. Put the instances in a placement group. 3. Use Dedicated Instances. 4. Enable enhanced networking on the instances. 5. Use Reserved Instances. - ANS- 1,2,4 A,B,D.
The other answers have nothing to do with networking. Which Amazon Elastic Compute Cloud (Amazon EC2) feature ensures that your instances will not share a physical host with instances from any other AWS customer? 1. Amazon Virtual Private Cloud (VPC) 2. Placement groups 3. Dedicated Instances 4. Reserved Instances - ANS- 3 C.
Dedicated Instances will not share hosts with other accounts. Which of the following are true of instance stores? (Choose 2 answers) 1. Automatic backups 2. Data is lost when the instance stops. 3. Very high IOPS 4. Charge is based on the total amount of storage provisioned. - ANS- 2,3 B,C.
Instance stores are low-durability, high-IOPS storage that is included for free with the hourly cost of an instance. Which of the following are features of Amazon Elastic Block Store (Amazon EBS)? (Choose 2 answers) 1. Data stored on Amazon EBS is automatically replicated within an Availability Zone. 2. Amazon EBS data is automatically backed up to tape. 3. Amazon EBS volumes can be encrypted transparently to workloads on the attached instance. 4. Data on an Amazon EBS volume is lost when the attached instance is stopped. - ANS- 1,3 A,C.
There are no tapes in the AWS infrastructure. Amazon EBS volumes persist when the instance is stopped. The data is automatically replicated within an availability zone. Amazon EBS volumes can be encrypted upon creation and used by an instance in the same manner as if they were not encrypted. You need to take a snapshot of an Amazon Elastic Block Store (Amazon EBS) volume. How long will the volume be unavailable? 1. It depends on the provisioned size of the volume. 2. The volume will be available immediately. 3. It depends on the amount of data stored on the volume. 4. It depends on whether the attached instance is an Amazon EBS-optimized instance. - ANS- 2 B.
There is no delay in processing when commencing a snapshot. You are restoring an Amazon Elastic Block Store (Amazon EBS) volume from a snapshot. How long will it be before the data is available? 1. It depends on the provisioned size of the volume. 2. The data will be available immediately. 3. It depends on the amount of data stored on the volume. 4. It depends on whether the attached instance is an Amazon EBS-optimized instance. - ANS- 2 B.
The volume is created immediately but the data is loaded lazily. This means that the volume can be accessed upon creation, and if the data being requested has not yet been restored, it will be restored upon first request. You have a workload that requires 15,000 consistent IOPS for data that must be durable. What combination of the following steps do you need? (Choose 2 answers) 1. Use an Amazon Elastic Block Store (Amazon EBS)-optimized instance. 2. Use an instance store. 3. Use a Provisioned IOPS SSD volume. 4. Use a magnetic volume. - ANS- 1,3 A,C.
B and D are incorrect because an instance store will not be durable and a magnetic volume offers an average of 100 IOPS. Amazon EBSoptimized instances reserve network bandwidth on the instance for IO, and Provisioned IOPS SSD volumes provide the highest consistent IOPS. Which of the following can be accomplished through bootstrapping? 1. Install the most current security updates. 2. Install the current version of the application. 3. Configure Operating System (OS) services. 4. All of the above. - ANS- 4 D.
Bootstrapping runs the provided script, so anything you can accomplish in a script you can accomplish during bootstrapping. How can you connect to a new Linux instance using SSH? 1. Decrypt the root password. 2. Using a certificate 3. Using the private half of the instance's key pair 4. Using Multi-Factor Authentication (MFA) - ANS- 3 C.
The public half of the key pair is stored on the instance, and the private half can then be used to connect via SSH. VM Import/Export can import existing virtual machines as: (Choose 2 answers) 1. Amazon Elastic Block Store (Amazon EBS) volumes 2. Amazon Elastic Compute Cloud (Amazon EC2) instances 3. Amazon Machine Images (AMIs) 4. Security groups - ANS- 2,3 B,C.
These are the possible outputs of VM Import/Export. Which of the following can be used to address an Amazon Elastic Compute Cloud (Amazon EC2) instance over the web? (Choose 2 answers) 1. Windows machine name 2. Public DNS name 3. Amazon EC2 instance ID 4. Elastic IP address - ANS- 2,4 B,D.
Neither the Windows machine name nor the Amazon EC2 instance ID can be resolved into an IP address to access the instance. Using the correctly decrypted Administrator password and RDP, you cannot log in to a Windows instance you just launched. Which of the following is a possible reason? 1. There is no security group rule that allows RDP access over port 3389 from your IP address. 2. The instance is a Reserved Instance. 3. The instance is not using enhanced networking. 4. The instance is not an Amazon EBS-optimized instance. - ANS- 1 A.
None of the other options will have any effect on the ability to connect. You have a workload that requires 1 TB of durable block storage at 1,500 IOPS during normal use. Every night there is an Extract, Transform, Load (ETL) task that requires 3,000 IOPS for 15 minutes. What is the most appropriate volume type for this workload? 1. Use a Provisioned IOPS SSD volume at 3,000 IOPS. 2. Use an instance store. 3. Use a general-purpose SSD volume. 4. Use a magnetic volume. - ANS- 3 C.
A short period of heavy traffic is exactly the use case for the bursting nature of general-purpose SSD volumes—the rest of the day is more than enough time to build up enough IOPS credits to handle the nightly task. Instance stores are not durable, magnetic volumes cannot provide enough IOPS, and to set up a Provisioned IOPS SSD volume to handle the peak would mean spending money for more IOPS than you need. How are you billed for elastic IP addresses? 1. Hourly when they are associated with an instance 2. Hourly when they are not associated with an instance 3. Based on the data that flows through them 4. Based on the instance type to which they are attached - ANS- 2 B.
There is a very small hourly charge for allocated elastic IP addresses that are not associated with an instance. What is the minimum size subnet that you can have in an Amazon VPC? 1. /24 2. /26 3. /28 4. /30 - ANS- 3 C.
The minimum size subnet that you can have in an Amazon VPC is /28. You are a solutions architect working for a large travel company that is migrating its existing server estate to AWS. You have recommended that they use a custom Amazon VPC, and they have agreed to proceed. They will need a public subnet for their web servers and a private subnet in which to place their databases. They also require that the web servers and database servers be highly available and that there be a minimum of two web servers and two database servers each. How many subnets should you have to maintain high availability? 1. 2 2. 3 3. 4 4. 1 - ANS- 3 C.
You need two public subnets (one for each Availability Zone) and two private subnets (one for each Availability Zone). Therefore, you need four subnets. Which of the following is an optional security control that can be applied at the subnet layer of a VPC? 1. Network ACL 2. Security Group 3. Firewall 4. Web application firewall - ANS- 1 A.
Network ACLs are associated to a VPC subnet to control traffic flow. What is the maximum size IP address range that you can have in an Amazon VPC? 1. /16 2. /24 3. /28 4. /30 - ANS- 1 A.
The maximum size subnet that you can have in a VPC is /16. You create a new subnet and then add a route to your route table that routes traffic out from that subnet to the Internet using an IGW. What type of subnet have you created? 1. An internal subnet 2. A private subnet 3. An external subnet 4. A public subnet - ANS- 4 D.
By creating a route out to the Internet using an IGW, you have made this subnet public. What happens when you create a new Amazon VPC? 1. A main route table is created by default. 2. Three subnets are created by default—one for each Availability Zone. 3. Three subnets are created by default in one Availability Zone. 4. An IGW is created by default. - ANS- 1 A.
When you create an Amazon VPC, a route table is created by default. You must manually create subnets and an IGW. You create a new VPC in US-East-1 and provision three subnets inside this Amazon VPC. Which of the following statements is true? 1. By default, these subnets will not be able to communicate with each other; you will need to create routes. 2. All subnets are public by default. 3. All subnets will be able to communicate with each other by default. 4. Each subnet will have identical CIDR blocks. - ANS- 3 C.
When you provision an Amazon VPC, all subnets can communicate with each other by default. How many IGWs can you attach to an Amazon VPC at any one time? 1. 1 2. 2 3. 3 4. 4 - ANS- 1 A.
You may only have one IGW for each Amazon VPC. What aspect of an Amazon VPC is stateful? 1. Network ACLs 2. Security groups 3. Amazon DynamoDB 4. Amazon S3 - ANS- 2 B.
Security groups are stateful, whereas network ACLs are stateless. You have created a custom Amazon VPC with both private and public subnets. You have created a NAT instance and deployed this instance to a public subnet. You have attached an EIP address and added your NAT to the route table. Unfortunately, instances in your private subnet still cannot access the Internet. What may be the cause of this? 1. Your NAT is in a public subnet, but it needs to be in a private subnet. 2. Your NAT should be behind an Elastic Load Balancer. 3. You should disable source/destination checks on the NAT. 4. Your NAT has been deployed on a Windows instance, but your other instances are Linux. You should redeploy the NAT onto a Linux instance. - ANS- 3 C.
You should disable source/destination checks on the NAT. Which of the following will occur when an Amazon Elastic Block Store (Amazon EBS)-backed Amazon EC2 instance in an Amazon VPC with an associated EIP is stopped and started? (Choose two) 1. The EIP will be dissociated from the instance. 2. All data on instance-store devices will be lost. 3. All data on Amazon EBS devices will be lost. 4. The ENI is detached. 5. The underlying host for the instance is changed. - ANS- 2,5 B,E.
In the EC2-Classic network, the EIP will be disassociated with the instance; in the EC2-VPC network, the EIP remains associated with the instance. Regardless of the underlying network, a stop/start of an Amazon EBSbacked Amazon EC2 instance always changes the host computer. How many VPC Peering connections are required for four VPCs located within the same AWS region to be able to send traffic to each of the others. 1. 3 2. 4 3. 5 4. 6 - ANS- 4 D.
Six VPC Peering connections are needed for each of the four VPCs to send traffic to the other. Which of the following AWS resources would you use in order for an EC2-VPC instance to resolve DNS names outside of AWS? 1. A VPC peering connection 2. A DHCP option set 3. A routing rule 4. An IGW - ANS- 2 B.
A DHCP option set allows customers to define DNS servers for DNS name resolution, establish domain names for instances within an Amazon VPC, define NTP servers, and define the NetBIOS name servers. Which of the following is the Amazon side of an Amazon VPN connection? 1. An EIP 2. A CGW 3. An IGW 4. A VPG - ANS- 4 D.
A CGW is the customer side of a VPN connection, and an IGW connects a network to the Internet. A VPG is the Amazon side of a VPN connection. What is the default limit for the number of Amazon VPCs that a customer may have in a region? 1. 5 2. 6 3. 7 4. There is no default maximum number of VPCs within a region. - ANS- 1 A.
The default limit for the number of Amazon VPCs that a customer may have in a region is 5. You are responsible for your company’s AWS resources, and you notice a significant amount of traffic from an IP address in a foreign country in which your company does not have customers. Further investigation of the traffic indicates the source of the traffic is scanning for open ports on your EC2-VPC instances. Which one of the following resources can deny the traffic from reaching the instances? 1. Security group 2. Network ACL 3. NAT instance 4. An Amazon VPC endpoint - ANS- 2 B.
Network ACL rules can deny traffic. Which of the following is the security protocol supported by Amazon VPC? 1. SSH 2. Advanced Encryption Standard (AES) 3. Point-to-Point Tunneling Protocol (PPTP) 4. IPsec - ANS- 4 D.
IPsec is the security protocol supported by Amazon VPC. Which of the following Amazon VPC resources would you use in order for EC2-VPC instances to send traffic directly to Amazon S3? 1. Amazon S3 gateway 2. IGW 3. CGW 4. VPC endpoint - ANS- 4 D.
An Amazon VPC endpoint enables you to create a private connection between your Amazon VPC and another AWS service without requiring access over the Internet or through a NAT device, VPN connection, or AWS Direct Connect. What properties of an Amazon VPC must be specified at the time of creation? (Choose 2 answers) 1. The CIDR block representing the IP address range 2. One or more subnets for the Amazon VPC 3. The region for the Amazon VPC 4. Amazon VPC Peering relationships - ANS- 1,3 A, C.
A, C – The CIDR block is specified upon creation and cannot be changed. An Amazon VPC is associated with exactly one region which must be specified upon creation. You can add a subnet to an Amazon VPC any time after it has been created, provided its address range falls within the Amazon VPC CIDR block and does not overlap with the address range of any existing CIDR block. You can set up peering relationships between Amazon VPCs after they have been created. Which Amazon VPC feature allows you to create a dual-homed instance? 1. EIP address 2. ENI 3. Security groups 4. CGW - ANS- 2 B.
Attaching an ENI associated with a different subnet to an instance can make the instance dual-homed. Which of the following are required elements of an Auto Scaling group? (Choose 2 answers) 1. Minimum size 2. Health checks 3. Desired capacity 4. Launch configuration - ANS- 1,4 A,D.
An Auto Scaling group must have a minimum size and a launch configuration defined in order to be created. Health checks and a desired capacity are optional. You have created an Elastic Load Balancing load balancer listening on port 80, and you registered it with a single Amazon Elastic Compute Cloud (Amazon EC2) instance also listening on port 80. A client makes a request to the load balancer with the correct protocol and port for the load balancer. In this scenario, how many connections does the balancer maintain? 1. 1 2. 2 3. 3 4. 4 - ANS- 2 B.
The load balancer maintains two separate connections: one connection with the client and one connection with the Amazon EC2 instance. How long does Amazon CloudWatch keep metric data? 1. 1 day 2. 2 days 3. 1 week 4. 2 weeks - ANS- 4 D.
Amazon CloudWatch metric data is kept for 2 weeks. Which of the following are the minimum required elements to create an Auto Scaling launch configuration? 1. Launch configuration name, Amazon Machine Image (AMI), and instance type 2. Launch configuration name, AMI, instance type, and key pair 3. Launch configuration name, AMI, instance type, key pair, and security group 4. Launch configuration name, AMI, instance type, key pair, security group, and block device mapping - ANS- 1 A.
Only the launch configuration name, AMI, and instance type are needed to create an Auto Scaling launch configuration. Identifying a key pair, security group, and a block device mapping are optional elements for an Auto Scaling launch configuration. You are responsible for the application logging solution for your company’s existing applications running on multiple Amazon EC2 instances. Which of the following is the best approach for aggregating the application logs within AWS? 1. Amazon CloudWatch custom metrics 2. Amazon CloudWatch Logs Agent 3. An Elastic Load Balancing listener 4. An internal Elastic Load Balancing load balancer - ANS- 2 B.
You can use the Amazon CloudWatch Logs Agent installer on existing Amazon EC2 instances to install and configure the CloudWatch Logs Agent. Which of the following must be configured on an Elastic Load Balancing load balancer to accept incoming traffic? 1. A port 2. A network interface 3. A listener 4. An instance - ANS- 3 C.
You configure your load balancer to accept incoming traffic by specifying one or more listeners. You create an Auto Scaling group in a new region that is configured with a minimum size value of 10, a maximum size value of 100, and a desired capacity value of 50. However, you notice that 30 of the Amazon Elastic Compute Cloud (Amazon EC2) instances within the Auto Scaling group fail to launch. Which of the following is the cause of this behavior? 1. You cannot define an Auto Scaling group larger than 20. 2. The Auto Scaling group maximum value cannot be more than 20. 3. You did not attach an Elastic Load Balancing load balancer to the Auto Scaling group. 4. You have not raised your default Amazon EC2 capacity (20) for the new region. - ANS- 4 D.
The default Amazon EC2 instance limit for all regions is 20. You want to host multiple Hypertext Transfer Protocol Secure (HTTPS) websites on a fleet of Amazon EC2 instances behind an Elastic Load Balancing load balancer with a single X.509 certificate. How must you configure the Secure Sockets Layer (SSL) certificate so that clients connecting to the load balancer are not presented with a warning when they connect? 1. Create one SSL certificate with a Subject Alternative Name (SAN) value for each website name. 2. Create one SSL certificate with the Server Name Indication (SNI) value checked. 3. Create multiple SSL certificates with a SAN value for each website name. 4. Create SSL certificates for each Availability Zone with a SAN value for each website name. - ANS- 1 A.
An SSL certificate must specify the name of the website in either the subject name or listed as a value in the SAN extension of the certificate in order for connecting clients to not receive a warning. Your web application front end consists of multiple Amazon Compute Cloud (Amazon EC2) instances behind an Elastic Load Balancing load balancer. You have configured the load balancer to perform health checks on these Amazon EC2 instances. If an instance fails to pass health checks, which statement will be true? 1. The instance is replaced automatically by the load balancer. 2. The instance is terminated automatically by the load balancer. 3. The load balancer stops sending traffic to the instance that failed its health check. 4. The instance is quarantined by the load balancer for root cause analysis. - ANS- 3 C.
When Amazon EC2 instances fail the requisite number of consecutive health checks, the load balancer stops sending traffic to the Amazon EC2 instance. In the basic monitoring package for Amazon Elastic Compute Cloud (Amazon EC2), what Amazon CloudWatch metrics are available? 1. Web server visible metrics such as number of failed transaction requests 2. Operating system visible metrics such as memory utilization 3. Database visible metrics such as number of connections 4. Hypervisor visible metrics such as CPU utilization - ANS- 4 D.
Amazon CloudWatch metrics provide hypervisor visible metrics. A cell phone company is running dynamic-content television commercials for a contest. They want their website to handle traffic spikes that come after a commercial airs. The website is interactive, offering personalized content to each visitor based on location, purchase history, and the current commercial airing. Which architecture will configure Auto Scaling to scale out to respond to spikes of demand, while minimizing costs during quiet periods? 1. Set the minimum size of the Auto Scaling group so that it can handle high traffic volumes without needing to scale out. 2. Create an Auto Scaling group large enough to handle peak traffic loads, and then stop some instances. Configure Auto Scaling to scale out when traffic increases using the stopped instances, so new capacity will come online quickly. 3.

Configure Auto Scaling to scale out as traffic increases. Configure the launch configuration to start new instances from a preconfigured Amazon Machine Image (AMI). 4.

Use Amazon CloudFront and Amazon Simple Storage Service (Amazon S3) to cache changing content, with the Auto Scaling group set as the origin. Configure Auto Scaling to have sufficient instances necessary to initially populate CloudFront and Amazon ElastiCache, and then scale in after the cache is fully populated. - ANS- 3

C.

Auto Scaling is designed to scale out based on an event like increased traffic while being cost effective when not needed. For an application running in the ap-northeast-1 region with three Availability Zones (ap-northeast-1a, ap-northeast-1b, and ap-northeast-1c), which instance deployment provides high availability for the application that normally requires nine running Amazon Elastic Compute Cloud (Amazon EC2) instances but can run on a minimum of 65 percent capacity while Auto Scaling launches replacement instances in the remaining Availability Zones? 1. Deploy the application on four servers in ap-northeast-1a and five servers in apnortheast-1b, and keep five stopped instances in ap-northeast-1a as reserve. 2. Deploy the application on three servers in ap-northeast-1a, three servers in apnortheast-1b, and three servers in ap-northeast-1c. 3. Deploy the application on six servers in ap-northeast-1b and three servers in apnortheast-1c. 4. Deploy the application on nine servers in ap-northeast-1b, and keep nine stopped instances in ap-northeast-1a as reserve. - ANS- 2 B.
Auto Scaling will provide high availability across three Availability Zones with three Amazon EC2 instances in each and keep capacity above the required minimum capacity, even in the event of an entire Availability Zone becoming unavailable. Which of the following are characteristics of the Auto Scaling service on AWS? (Choose 3 answers) 1. Sends traffic to healthy instances 2. Responds to changing conditions by adding or terminating Amazon Elastic Compute Cloud (Amazon EC2) instances 3. Collects and tracks metrics and sets alarms 4. Delivers push notifications 5. Launches instances from a specified Amazon Machine Image (AMI) 6. Enforces a minimum number of running Amazon EC2 instances - ANS- 2,5,6 B,E,F.
Auto Scaling responds to changing conditions by adding or terminating instances, launches instances from an AMI specified in the launch configuration associated with the Auto Scaling group, and enforces a minimum number of instances in the min-size parameter of the Auto Scaling group. Why is the launch configuration referenced by the Auto Scaling group instead of being part of the Auto Scaling group? 1. It allows you to change the Amazon Elastic Compute Cloud (Amazon EC2) instance type and Amazon Machine Image (AMI) without disrupting the Auto Scaling group. 2. It facilitates rolling out a patch to an existing set of instances managed by an Auto Scaling group. 3. It allows you to change security groups associated with the instances launched without having to make changes to the Auto Scaling group. 4. All of the above 5. None of the above - ANS- 4 D.
A, B, and C are all true statements about launch configurations being loosely coupled and referenced by the Auto Scaling group instead of being part of the Auto Scaling group. An Auto Scaling group may use: (Choose 2 answers) 1. On-Demand Instances 2. Stopped instances 3. Spot Instances 4. On-premises instances 5. Already running instances if they use the same Amazon Machine Image (AMI) as the Auto Scaling group's launch configuration and are not already part of another Auto Scaling group - ANS- 1,3 A,C.
An Auto Scaling group may use On-Demand and Spot Instances. An Auto Scaling group may not use already stopped instances, instances running someplace other than AWS, and already running instances not started by the Auto Scaling group itself. Amazon CloudWatch supports which types of monitoring plans? (Choose 2 answers) 1. Basic monitoring, which is free 2. Basic monitoring, which has an additional cost 3. Ad hoc monitoring, which is free 4. Ad hoc monitoring, which has an additional cost 5. Detailed monitoring, which is free 6. Detailed monitoring, which has an additional cost - ANS- 1,6 A,F.
Amazon CloudWatch has two plans: basic, which is free, and detailed, which has an additional cost. There is no ad hoc plan for Amazon CloudWatch. Elastic Load Balancing health checks may be: (Choose 3 answers) 1. A ping 2. A key pair verification 3. A connection attempt 4. A page request 5. An Amazon Elastic Compute Cloud (Amazon EC2) instance status check - ANS1,3,4 A,C,D.
An Elastic Load Balancing health check may be a ping, a connection attempt, or a page that is checked. When an Amazon Elastic Compute Cloud (Amazon EC2) instance registered with an Elastic Load Balancing load balancer using connection draining is deregistered or unhealthy, which of the following will happen? (Choose 2 answers) 1. Immediately close all existing connections to that instance. 2. Keep the connections open to that instance, and attempt to complete in-flight requests. 3. Redirect the requests to a user-defined error page like "Oops this is embarrassing" or "Under Construction." 4. Forcibly close all connections to that instance after a timeout period. 5. Leave the connections open as long as the load balancer is running. - ANS- 2,4 B,C.
When connection draining is enabled, the load balancer will stop sending requests to a deregistered or unhealthy instance and attempt to complete in-flight requests until a connection draining timeout period is reached, which is 300 seconds by default. Elastic Load Balancing supports which of the following types of load balancers? (Choose 3 answers) 1. Cross-region 2. Internet-facing 3. Interim 4. Itinerant 5. Internal 6. Hypertext Transfer Protocol Secure (HTTPS) using Secure Sockets Layer (SSL) - ANS- 2,5,6 B,E,F.
Elastic Load Balancing supports Internet-facing, internal, and HTTPS load balancers. Auto Scaling supports which of the following plans for Auto Scaling groups? (Choose 3 answers) 1. Predictive 2. Manual 3. Preemptive 4. Scheduled 5. Dynamic 6. End-user request driven - ANS- 2,4,5 B,D,E.
Auto Scaling supports maintaining the current size of an Auto Scaling group using four plans: maintain current levels, manual scaling, scheduled scaling, and dynamic scaling. Which of the following methods will allow an application using an AWS SDK to be authenticated as a principal to access AWS Cloud services? (Choose 2 answers) 1. Create an IAM user and store the user name and password for the user in the application’s configuration. 2. Create an IAM user and store both parts of the access key for the user in the application’s configuration. 3. Run the application on an Amazon EC2 instance with an assigned IAM role. 4. Make all the API calls over an SSL connection. - ANS- 2,3 B,C.
Programmatic access is authenticated with an access key, not with user names/passwords. IAM roles provide a temporary security token to an application using an SDK. Which of the following are found in an IAM policy? (Choose 2 answers) 1. Service Name 2. Region 3. Action 4. Password - ANS- 1,3 A,C.
IAM policies are independent of region, so no region is specified in the policy. IAM policies are about authorization for an alreadyauthenticated principal, so no password is needed. Your AWS account administrator left your company today. The administrator had access to the root user and a personal IAM administrator account. With these accounts, he generated other IAM accounts and keys. Which of the following should you do today to protect your AWS infrastructure? (Choose 4 answers) 1. Change the password and add MFA to the root user. 2. Put an IP restriction on the root user. 3. Rotate keys and change passwords for IAM accounts. 4. Delete all IAM accounts. 5. Delete the administrator's personal IAM account. 6. Relaunch all Amazon EC2 instances with new roles. - ANS- 1,2,3,5 A,B,C,E.
Locking down your root user and all accounts to which the administrator had access is the key here. Deleting all IAM accounts is not necessary, and it would cause great disruption to your operations. Amazon EC2 roles use temporary security tokens, so relaunching Amazon EC2 instances is not necessary. Which of the following actions can be authorized by IAM? (Choose 2 answers) 1. Installing ASP.NET on a Windows Server 2. Launching an Amazon Linux EC2 instance 3. Querying an Oracle database 4. Adding a message to an Amazon Simple Queue Service (Amazon SQS) queue - ANS- 2,4 B,D.
IAM controls access to AWS resources only. Installing ASP.NET will require Windows operating system authorization, and querying an Oracle database will require Oracle authorization. Which of the following are IAM security features? (Choose 2 answers) 1. Password policies 2. Amazon DynamoDB global secondary indexes 3. MFA 4. Consolidated Billing - ANS- 1,3 A,C.
Amazon DynamoDB global secondary indexes are a performance feature of Amazon DynamoDB; Consolidated Billing is an accounting feature allowing all bills to roll up under a single account. While both are very valuable features, neither is a security feature. Which of the following are benefits of using Amazon EC2 roles? (Choose 2 answers) 1. No policies are required. 2. Credentials do not need to be stored on the Amazon EC2 instance. 3. Key rotation is not necessary. 4. Integration with Active Directory is automatic. - ANS- 2,3 B,C.
Amazon EC2 roles must still be assigned a policy. Integration with Active Directory involves integration between Active Directory and IAM via SAML. Which of the following are based on temporary security tokens? (Choose 2 answers) 1. Amazon EC2 roles 2. MFA 3. Root user 4. Federation - ANS- 1,4 A,D.
Amazon EC2 roles provide a temporary token to applications running on the instance; federation maps policies to identities from other sources via temporary tokens. Your security team is very concerned about the vulnerability of the IAM administrator user accounts (the accounts used to configure all IAM features and accounts). What steps can be taken to lock down these accounts? (Choose 3 answers) 1. Add multi-factor authentication (MFA) to the accounts. 2. Limit logins to a particular U.S. state. 3. Implement a password policy on the AWS account. 4. Apply a source IP address condition to the policy that only grants permissions when the user is on the corporate network. 5. Add a CAPTCHA test to the accounts. - ANS- 1,3,4 A,C,D.
Neither B nor E are features supported by IAM. You want to grant the individuals on your network team the ability to fully manipulate Amazon EC2 instances. Which of the following accomplish this goal? (Choose 2 answers) 1. Create a new policy allowing EC2:* actions, and name the policy NetworkTeam. 2. Assign the managed policy, EC2FullAccess, to a group named NetworkTeam, and assign all the team members’ IAM user accounts to that group. 3. Create a new policy that grants EC2:* actions on all resources, and assign that policy to each individual’s IAM user account on the network team. 4. Create a NetworkTeam IAM group, and have each team member log in to the AWS Management Console using the user name/password for the group. - ANS- 2,3 B,C.
Access requires an appropriate policy associated with a principal. Response A is merely a policy with no principal, and response D is not a principal as IAM groups do not have user names and passwords. Response B is the best solution; response C will also work but it is much harder to manage. What is the format of an IAM policy? 1. XML 2. Key/value pairs 3. JSON 4. Tab-delimited text - ANS- 3 C.
An IAM policy is a JSON document. Which AWS database service is best suited for traditional Online Transaction Processing (OLTP)? 1. Amazon Redshift 2. Amazon Relational Database Service (Amazon RDS) 3. Amazon Glacier 4. Elastic Database - ANS- 2 B.
Amazon RDS is best suited for traditional OLTP transactions. Amazon Redshift, on the other hand, is designed for OLAP workloads. Amazon Glacier is designed for cold archival storage. Which AWS database service is best suited for non-relational databases? 1. Amazon Redshift 2. Amazon Relational Database Service (Amazon RDS) 3. Amazon Glacier 4. Amazon DynamoDB - ANS- 4 D.
Amazon DynamoDB is best suited for non-relational databases. Amazon RDS and Amazon Redshift are both structured relational databases. You are a solutions architect working for a media company that hosts its website on AWS. Currently, there is a single Amazon Elastic Compute Cloud (Amazon EC2) Instance on AWS with MySQL installed locally to that Amazon EC2 Instance. You have been asked to make the company’s production environment more resilient and to increase performance. You suggest that the company split out the MySQL database onto an Amazon RDS Instance with Multi-AZ enabled. This addresses the company’s increased resiliency requirements. Now you need to suggest how you can increase performance. Ninety-nine percent of the company’s end users are magazine subscribers who will be reading additional articles on the website, so only one percent of end users will need to write data to the site. What should you suggest to increase performance? 1. Alter the connection string so that if a user is going to write data, it is written to the secondary copy of the Multi-AZ database. 2. Alter the connection string so that if a user is going to write data, it is written to the primary copy of the Multi-AZ database. 3. Recommend that the company use read replicas, and distribute the traffic across multiple read replicas. 4. Migrate the MySQL database to Amazon Redshift to take advantage of columnar storage and maximize performance. - ANS- 3 C.
In this scenario, the best idea is to use read replicas to scale out the database and thus maximize read performance. When using Multi-AZ, the secondary database is not accessible and all reads and writes must go to the primary or any read replicas. Which AWS Cloud service is best suited for Online Analytics Processing (OLAP)? 1. Amazon Redshift 2. Amazon Relational Database Service (Amazon RDS) 3. Amazon Glacier 4. Amazon DynamoDB - ANS- 1 A.
Amazon Redshift is best suited for traditional OLAP transactions. While Amazon RDS can also be used for OLAP, Amazon Redshift is purpose-built as an OLAP data warehouse. You have been using Amazon Relational Database Service (Amazon RDS) for the last year to run an important application with automated backups enabled. One of your team members is performing routine maintenance and accidentally drops an important table, causing an outage. How can you recover the missing data while minimizing the duration of the outage? 1. Perform an undo operation and recover the table. 2. Restore the database from a recent automated DB snapshot. 3. Restore only the dropped table from the DB snapshot. 4. The data cannot be recovered. - ANS- 2 B.
DB Snapshots can be used to restore a complete copy of the database at a specific point in time. Individual tables cannot be extracted from a snapshot. Which Amazon Relational Database Service (Amazon RDS) database engines support Multi-AZ? 1. All of them 2. Microsoft SQL Server, MySQL, and Oracle 3. Oracle, Amazon Aurora, and PostgreSQL 4. MySQL - ANS- 1 A.
All Amazon RDS database engines support Multi-AZ deployment. Which Amazon Relational Database Service (Amazon RDS) database engines support read replicas? 1. Microsoft SQL Server and Oracle 2. MySQL, MariaDB, PostgreSQL, and Aurora 3. Aurora, Microsoft SQL Server, and Oracle 4. MySQL and PostgreSQL - ANS- 2 B.
Read replicas are supported by MySQL, MariaDB, PostgreSQL, and Aurora. Your team is building an order processing system that will span multiple Availability Zones. During testing, the team wanted to test how the application will react to a database failover. How can you enable this type of test? 1. Force a Multi-AZ failover from one Availability Zone to another by rebooting the primary instance using the Amazon RDS console. 2. Terminate the DB instance, and create a new one. Update the connection string. 3. Create a support case asking for a failover. 4. It is not possible to test a failover. - ANS- 1 A.
You can force a failover from one Availability Zone to another by rebooting the primary instance in the AWS Management Console. This is often how people test a failover in the real world. There is no need to create a support case. You are a system administrator whose company has moved its production database to AWS. Your company monitors its estate using Amazon CloudWatch, which sends alarms using Amazon Simple Notification Service (Amazon SNS) to your mobile phone. One night, you get an alert that your primary Amazon Relational Database Service (Amazon RDS) Instance has gone down. You have Multi-AZ enabled on this instance. What should you do to ensure the failover happens quickly? 1. Update your Domain Name System (DNS) to point to the secondary instance’s new IP address, forcing your application to fail over to the secondary instance. 2. Connect to your server using Secure Shell (SSH) and update your connection strings so that your application can communicate to the secondary instance instead of the failed primary instance. 3. Take a snapshot of the secondary instance and create a new instance using this snapshot, then update your connection string to point to the new instance. 4. No action is necessary. Your connection string points to the database endpoint, and AWS automatically updates this endpoint to point to your secondary instance. - ANS- 4 D.
Monitor the environment while Amazon RDS attempts to recover automatically. AWS will update the DB endpoint to point to the secondary instance automatically. You are working for a small organization without a dedicated database administrator on staff. You need to install Microsoft SQL Server Enterprise edition quickly to support an accounting back office application on Amazon Relational Database Service (Amazon RDS). What should you do? 1. Launch an Amazon RDS DB Instance, and select Microsoft SQL Server Enterprise Edition under the Bring Your Own License (BYOL) model. 2. Provision SQL Server Enterprise Edition using the License Included option from the Amazon RDS Console. 3. SQL Server Enterprise edition is only available via the Command Line Interface (CLI). Install the command-line tools on your laptop, and then provision your new Amazon RDS Instance using the CLI. 4. You cannot use SQL Server Enterprise edition on Amazon RDS. You should install this on to a dedicated Amazon Elastic Compute Cloud (Amazon EC2) Instance. - ANS- 1 A.
Amazon RDS supports Microsoft SQL Server Enterprise edition and the license is available only under the BYOL model. You are building the database tier for an enterprise application that gets occasional activity throughout the day. Which storage type should you select as your default option? 1. Magnetic storage 2. General Purpose Solid State Drive (SSD) 3. Provisioned IOPS (SSD) 4. Storage Area Network (SAN)-attached - ANS- 2 B.
General Purpose (SSD) volumes are generally the right choice for databases that have bursts of activity. You are designing an e-commerce web application that will scale to potentially hundreds of thousands of concurrent users. Which database technology is best suited to hold the session state for large numbers of concurrent users? 1. Relational database using Amazon Relational Database Service (Amazon RDS) 2. NoSQL database table using Amazon DynamoDB 3. Data warehouse using Amazon Redshift 4. Amazon Simple Storage Service (Amazon S3) - ANS- 2 B.
NoSQL databases like Amazon DynamoDB excel at scaling to hundreds of thousands of requests with key/value access to user profile and session. Which of the following techniques can you use to help you meet Recovery Point Objective (RPO) and Recovery Time Objective (RTO) requirements? (Choose 3 answers) 1. DB snapshots 2. DB option groups 3. Read replica 4. Multi-AZ deployment - ANS- 1,3,4 A,C,D.
DB snapshots allow you to back up and recover your data, while read replicas and a Multi-AZ deployment allow you to replicate your data and reduce the time to failover. When using Amazon Relational Database Service (Amazon RDS) Multi-AZ, how can you offload read requests from the primary? (Choose 2 answers) 1. Configure the connection string of the clients to connect to the secondary node and perform reads while the primary is used for writes. 2. Amazon RDS automatically sends writes to the primary and sends reads to the secondary. 3. Add a read replica DB instance, and configure the client’s application logic to use a read-replica. 4. Create a caching environment using ElastiCache to cache frequently used data. Update the application logic to read/write from the cache. - ANS- 3,4 C,D.
Amazon RDS allows for the creation of one or more read-replicas for many engines that can be used to handle reads. Another common pattern is to create a cache using Memcached and Amazon ElastiCache to store frequently used queries. The secondary slave DB Instance is not accessible and cannot be used to offload queries...