Upgrade to remove ads
AWS Solutions Architect Associate Test Questions
Terms in this set (90)
Amazon SWF is designed to help users:
a. Manage user identification and authorization
b. Coordinate synchronous and asynchronous tasks
c. Secure their VPCs
d. Help users store file based objects
In RDS, what is the maximum value I can set for my backup retention period?
a. 15 days
b. 30 days
c. 35 days
d. 45 days
True or False. Automated backups are enabled by default for new DB Instance?
Amazon RDS does not currently support increasing storage on a ___ DB instance.
In what circumstances would I choose provisioned IOPS in RDS over standard storage?
a. If you use production online transaction processing
b. If you have workloads that are not sensitive to latency/lag
c. If your business was trying to save money
d. If this was a test DB
Amazon S3 is
a. Object Based Storage
b. Block Based Storage
c. A Data Warehouse Solution
d. Suitable for data archival, not frequently used files.
In S3 with RRS the availability is
Amazon's EBS volumes are
a. Object based storage
b. Block based storage
c. Encrypted by default
d. Not suitable for databases
If I want to run a database on an EC2 instance, which is the most recommended Amazon storage option?
In S3 the durability of my files is
Can you access Amazon EBS Snapshots?
a. Yes, through the AWS APIs/CLI & AWS Console
c. Depends on the region
d. EBS does not have snapshot functionality
A _____ is a document that provides a formal statement of one or more permissions.
In a default VPC, all Amazon EC2 instances are assigned 2 IP addresses at launch, what are these?
a. Private IP and Public IP
b. Public IP and Secret IP
c. Elastic IP and Public IP
d. IPv6 and Elastic IP
If an Amazon EBS volume is the root device of an instance, can I detach it without stopping the instance?
If you want your application to check whether a request generated an error, then you look for an ____ node in the response from the Amazon RDS API
True or False. AWS recommends providing EC2 instances with credentials so they can access other resources (such as S3 buckets) instead of assigning roles.
Can I move a reserved instance from one region to another?
b. Only in the US
d. Depends on the region
In S3 RRS, the durability of my files is
In RDS, changes to the backup window take effect
a. After 30 mins
b. The next day
d. you cannot back up in RDS
In RDS, what is the maximum size for a Microsoft SQL Server DB Instance with SQL server Express edition?
In S3, what does RRS stand for?
a. Relational Reduced Storage
b. Reactive Replicating Storage
c. Reduced Replication Storage
d. Reduced Redundancy Storage
Can I "force" a failover for any RDS instance that has Multi-AZ configured?
c. Only for Oracle RDS instances
What does EBS stand for?
a. Energetic Block Storage
b. Elastic Based Storage
c. Equal Block Storage
d. Elastic Block Storage
True or False. You can conduct your own vulnerability scans within your own VPC without alerting AWS first.
True or False. Reserved instances are available for multi-AZ deployments.
True or False. Amazon's Glacier service is a Content Distribution Network which integrates with S3.
MySQL installations default to port number
If an Amazon EBS volume is an additional partition (ie. not the root volume), can I detach it without stopping the instance?
a. Yes, but it may take some time
b. No, you still need to stop the instance
Every user you create in the IAM system starts with ____
a. Full permissions
b. Partial permissions
c. No permissions
True or False. You can RDP or SSH into an RDS instance to see what is going on with the operating system.
True or False. When creating a new security group, all inbound traffic is allowed by default.
True or False. Amazon recommends that you leave all security groups in web facing subnets open on port 22 to 0.0.0.0/0 CIDR, that way you can connect wherever you are in the world.
What are the 4 level of AWS premium support?
a. It's an IAAS platform, there sis no support
b. Free, Bronze, Silver, Gold
c. Basic, Startup, Business, Enterprise
d. Basic, Developer, Business, Enterprise
True or False. As the AWS is PCI DSS 1.00 compliant, I can immediately deploy a website to it that takes credit card details. I do not need any kind of delta accreditation from a QSA.
To help manage your Amazon EC2 instances, you can assign you own metadata in the form of
Which statement best describes Availability Zones
a. Content distribution network which is used to distribute content to users
b. A restricted area designed specifically for creating VPCs
c. Two zones containing compute resources that are designed to maintain synchronized copies of data within each other
d. Distinct locations from within an AWS region that are engineered to be isolated from failures
True or False. The service to allow Big Data Processing on the AWS platform is known as AWS "Elastic Big Data".
Individual instances are provisioned in
a. Regions only, you cannot choose anything below this
b. Availability Zones
True or False. When using a custom VPC and placing an EC2 instance into a public subnet, it will automatically be internet accessible (ie. you don't need to apply an elastic IP or ELB to the instance).
What is the underlying Hypervisor for EC2?
True or False. The AWS platform is certified PCI DSS 1.0 compliant.
The AWS platform consists of how many regions currently?
How many copies of my data does RDS - Aurora store by default?
What is the difference between Elastic Beanstalk and CloudFormation?
a. Elastic Beanstalk is a monitoring tool to view performance of your AWS resources. CloudFormation is an automated provisioning engine to deploy entire cloud environments via JSON.
b. Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring based on the code you upload to it. CloudFormation is an automated provisioning engine to deploy entire cloud environments via JSON.
c. There is no difference.
d. Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring based on the code you upload to it. CloudFormation is a security service designed to harden your cloud against an attack, like a DDOS.
True or False. In RDS, you are responsible for maintaining OS & application security patching, antivirus, etc.
What is the maximum response time for a Business Level Premium support case?
a. 1 day
b. 12 hrs
c. 15 mins
d. 1 hr
True or False. When I create a new security group, all outbound traffic is allowed by default.
What types of RDS databases are currently available
a. Aurora, MySQL, MSSQL, Cassandra
b. PostGres, Cassandra, MongoDB, Aurora
c. Oracle, MSSQL, MySQL, Cassandra
d. Oracle, MSSQL, MySQL, Postgres
I can enable multi-factor authentication by using
d. Account Settings
True or False. When deploying databases on your own EC2 instances, it is recommended that you deploy these on magnetic storage rather than SSD as you get better performance.
AWS DNS service is known as
Auditing user access/API calls, etc., across the entire AWS estate can be achieved using
EC2 instances are launched from Amazon Machine Images (AMI). An AMI can
a. Be used to launch EC2 instances in any AWS region
b. Only launch EC2 instances in the same Country as the AMI is stored
c. Only launch EC2 instances in the same AWS region as the AMI is stored
d. Only launch EC2 instances in the same AWS AZ as the AMI is stored
What action is required to establish an Amazon Virtual Private Cloud (VPC) VPN?
a. Assign a static internet-routable IP address to an Amazon VPC customer gateway
b. Use a dedicated network address translation instance in the pubic subnet
c. Modify the main route table to allow traffic to a network address translation instance
You are working with a customer who has 10 TB of archival data that they want to migrate to Glacier. The customer has a 1-Mbps connection to the internet. Which service or feature provides the fastest method of getting data into Amazon Glacier?
a. Glacier multipart upload
b. AWS Storage Gateway
c. VM Import/Export
d. AWS Import/Export
An auto-scaling group spans 3 AZs and has 4 running EC2 instances. When auto-scaling needs to terminate an instance by default, autoscaling will (select 2):
a. Allow >= 5mins for Windows/Linux shutdown scripts to complete before terminating
b. Terminate the instance with the least active network connections
c. Send an SNS notification if configured to do so
d. Terminate an instance in the AZ which currently has 2 running instances
e. Randomly select one of the 3 AZs and terminate an instance
You have a load balancer configured for VPC, and all back-end EC2 instances are in service. Your web browser is timing out when connecting to the load balancers' DNS name. Which options are probable causes of this behavior? Choose 2
a. Load balancer was not configured to use a public subnet with an internet gateway configured
b. EC2 instances do not have a dynamically allocated private IP address
c. Security groups or network ACLs are not properly configured for web traffic
d. Load balancer is not configured in a private subnet with a NAT instance
e. VPC does not have a VGW configured
Instance 1 and 2 are running in two different subnets (A and B) of a VPC. Instance 1 is not able to ping instance 2. What are 2 possible reasons?
a. The routing table of subnet A has no target route to subnet B
b. The security group attached to instance 2 does not allow inbound ICMP traffic
c. The policy linked to the IAM role on instance 1 is not configured correctly
d. The NACL on subnet B doesn't allow outbound ICMP traffic
A company has an AWS account that contains 3 VPCs (dev, tst, prd) in the same region. Tst is peered to both prd and dev. All VPCs have non-overlapping CIDR blocks. The company wants to push minor releases from dev to prd to speed up time to market. Which of the following options helps accomplish this?
a. Create a new peering connection between prd and dev along with appropriate routes
b. Create a new entry to prd in the dev route table using the peering connection as the target
c. Attach a second gateway to dev. Add a new entry in the prd route table identifying the gateway as the target
d. The VPCs have non-overlapping CIDR blocks in teh same account. The route tables contain local routes for all VPCs
You have a VPC with 1 private subnet and 1 public subnet with a NAT server. You are creating a group of EC2 instances that configure themselves at startup via downloading a bootstrapping script from S3 that deploys an application via GIT. Which setup provides the highest level of security?
a. EC2 instances in private subnet, no EIPs, route outgoing traffic via the NAT
b. EC2 instances in public subnet, no EIPs, route outgoing traffic via the Internet Gateway (IGW)
c. EC2 instances in private subnet, assign EIPs, route outgoing traffic via the Internet Gateway (IGW)
d. EC2 instances in public subnet, assign EIPs, route outgoing traffic via the NAT
Out of the stripping options available for the EBS volumes, which one has the following disadvantage : 'Doubles the amount of I/O required from the instance to EBS compared to RAID 0, because you're mirroring all writes to a pair of volumes, limiting how much you can stripe.' ?
a. Raid 0
b. RAID 1+0 (RAID 10)
c. Raid 1
d. Raid 2
An application requires OS privileges on a database host. Which one is best choice of High Available DB?
a. Amazon EC2 instances in a replication configuration utilizing a single AZ
b. A standalone Amazon EC2 instance
c. Amazon EC2 instances in a replication configuration utilizing two different AZ
d. Amazon RDS in a Multi-AZ configuration
EC2 EBS-backed (EBS root) instance is stopped, what happens to the data on any ephemeral store volumes?
a. Data is automatically saved in an EBS volume.
b. Data is unavailable until the instance is restarted.
c. Data will be deleted and will no longer be accessible.
e. Data is automatically saved as an EBS snapshot.
An organization is planning to use AWS for their production roll out. The organization wants to implement automation for deployment such that it will automatically create a LAMP stack, download the latest PHP installable from S3 and setup the ELB. Which of the below mentioned AWS services meets the requirement for making an orderly deployment of the software?
a. AWS Elastic Beanstalk
b. AWS Cloudfront
c. AWS Cloudformation
d. AWS DevOps
From what services I can block incoming/outgoing IPs?
a. Security Groups
d. VPC subnet?
Which 2 services provide Native encryption?
d. Storage Gateway
You are putting together a wordpress site for a local charity and you are using a combination of Route53, Elastic Load Balancers, EC2 & RDS. You launch your EC2 instance, download wordpress and setup the configuration files connection string so that it can communicate to RDS. When you browse to your URL however, nothing happens. Which of the following could NOT be the cause of this.
a. You have forgotten to open port 80/443 on your security group in which the EC2 instance is placed.
b. Your elastic load balancer has a health check which is checking a webpage that does not exist, therefore your EC2 instance is not in service.
c. You have not configured an ALIAS for your A record to point to your elastic load balancer
d. You have locked port 22 down to your specific IP address therefore users cannot access your site using HTTP/HTTPS
Which feature support optimize performance for a compute cluster that requires low inter-node latency?
a. Multiple Availability Zones
b. AWS Direct Connect
c. EC2 Dedicated Instances
d. Placement Groups
e. VPC private subnets
You need to design a VPC for a web-application consisting of an ELB a fleet of web application servers, and an RDS DB. The entire infrastructure must be distributed over 2 AZ. Which VPC configuration works while assuring the DB is not available from the internet?
a. One Public Subnet for ELB one Public Subnet for the web-servers, and one private subnet for the DB
b. One Public Subnet for ELB two Private Subnets for the web-servers, and two private subnets for the RDS
c. Two Public Subnets for ELB two private Subnet for the web-servers, and two private subnet for the RDS
d. Two Public Subnets for ELB two Public Subnet for the web-servers, and two public subnets for the RDS
An organization has established an Internet-based VPN connection between their on-premises data center and AWS. They are considering migrating from VPN to AWS DirectConnect. Which operational concern should drive an organization to consider switching from an Internet-based VPN connection to AWS DirectConnect?
a. AWS DirectConnect provides greater redundancy than an Internet-based VPN connection.
b. AWS DirectConnect provides greater resiliency than an Internet-based VPN connection.
c. AWS DirectConnect provides greater bandwidth than an Internet-based VPN connection.
d. AWS DirectConnect provides greater control of network provider selection than an Internet-based VPN connection.
A customer has a web application that uses cookie-based sessions to track logged-in users. It is deployed on AWS using Elastic Load Balancing and Auto Scaling. When load increases, Auto Scaling launches new instances, but the load on the other instances does not decrease; this causes all existing users to have a slow experience. What could be the cause of the poor user experience?
a. The ELB DNS record's TTL is set too high.
b. The new instances are not being added to the ELB during the Auto Scaling cooldown period.
c. The website uses the dynamic content feature of Amazon CloudFront which is keeping connections alive to the ELB.
d. The ELB is continuing to send requests with previously established sessions to the same backend instances rather than spreading them out to the new instances.
As an application has increased in popularity, reports of performance issues have grown. The current configuration initiates scaling actions based on Avg CPU utilization; however during reports of slowness, CloudWatch graphs have shown that Avg CPU remains steady at 40 percent. This is well below the alarm threshold of 60 percent. Your developers have discovered that, due to the unique design of the application, performance degradation occurs on an instance when it is processing more than 200 threads. What is the best way to ensure that your application scales to match demand?
a. Launch two to six additional instances outside of the AutoScaling group to handle the additional load.
b. Populate a custom CloudWatch metric for concurrent sessions and initiate scaling actions based on that metric instead of on CPU use.
c. Empirically determine the expected CPU use for 200 concurrent sessions and adjust the CloudWatch alarm threshold to be that CPU use.
d. Add a script to each instance to detect the number of concurrent sessions. If the number of sessions remains over 200 for five minutes, have the instance increase the desired capacity of the AutoScaling group by one.
Your customer is willing to consolidate their log streams (access logs application logs security logs etc.) in one single system. Once consolidated, the customer wants to analyze these logs in real time based on heuristics. From time to time, the customer needs to validate heuristics, which requires going back to data samples extracted from the last 12 hours? What is the best approach to meet your customer's requirements?
a. Send all the log events to Amazon SQS. Setup an Auto Scaling group of EC2 servers to consume the logs
and apply the heuristics.
b. Send all the log events to Amazon Kinesis develop a client process to apply heuristics on the logs
c. Configure Amazon Cloud Trail to receive custom logs, use EMR to apply heuristics the logs
d. Setup an Auto Scaling group of EC2 syslogd servers, store the logs on S3 use EMR to apply heuristics on
Which of the following is part of the failover process for a Multi-Availability Zone Amazon Relational Database Service (RDS) instance?
a. The failed RDS DB instance reboots.
b. The IP of the primary DB instance is switched to the standby DB instance.
c. The DNS record for the RDS endpoint is changed from primary to standby.
d. A new DB instance is created in the standby availability zone.
To be prepared for a security assessment, an organization should implement which two configuration management practices? Choose 2 answers
a. Determine whether remote administrative access is performed securely.
b. Verify that all Amazon Simple Storage Service (S3) bucket policies and ACLs correctly implement your security policies.
c. Determine whether unnecessary users and services have been identified on all Amazon-published AMIs.
d. Verify that AWS Trusted Advisor has identified and disabled all unnecessary users and services on your Amazon Elastic Compute Cloud (EC2) instances.
You are tasked with moving a legacy application from a virtual machine running inside your datacenter to an Amazon VPC unfortunately this app requires access to a number of on-premises services and no one who configured the app still works for your company. even worse there is no documentation for it. what will allow the application running inside the VPC to reach back and access its internal dependencies without being reconfigured? Choose 3 answers
a. An AWS Direct connect link between the VPC and the network housing the internal services.
b. An Internet gateway to allow a VPN Connection
c. AN Elastic IP address on the VPC Instance
d. AN IP Address space that does not conflict with the one on-premises
e. Entries in Amazon Route 53 that allow the instance to resolve its dependencies IP address
f. A VM Import of the current Virtual Machine
A company is deploying a new two-tier web application in AWS. The company has limited staff and requires high availability, and the application requires complex queries and table joins. Which configuration provides the solution for the company's requirements?
a. MySQL Installed on two Amazon EC2 Instances in a single Availability Zone
b. Amazon RDS for MySQL with Multi-AZ
c. Amazon ElastiCache
d. Amazon DynamoDB
You have a video transcoding application running on Amazon EC2. Each instance polls a queue to find out which video should be transcoded, and then runs a transcoding process. If this process is interrupted, the video will be transcoded by another instance based on the queuing system. You have a large backlog of videos which need to be transcoded and would like to reduce this backlog by adding more instances. You will need these instances only until the backlog is reduced. Which type of Amazon EC2 instances should you use to reduce the backlog in the most cost efficient way?
a. Reserved instances
b. Spot instances
c. Dedicated instances
d. On-demand instances
When an EC2 instance that is backed by an S3-based AMI is terminated, what happens to the data on the root volume?
a. Data is automatically saved as an EBS snapshot.
b. Data is automatically saved as an EBS volume.
c. Data is unavailable until the instance is restarted.
d. Data is automatically deleted.
Which procedure for backing up a relational database on EC2 that is using a set of RAlDed EBS volumes for storage minimizes the time during which the database cannot be written to and results in a consistent backup?
a. 1. Detach EBS volumes, 2. Start EBS snapshot of volumes, 3. Re-attach EBS volumes
b. 1. Stop the EC2 Instance. 2. Snapshot the EBS volumes
c. 1. Suspend disk I/O, 2. Create an image of the EC2 Instance, 3. Resume disk I/O
d. 1. Suspend disk I/O, 2. Start EBS snapshot of volumes, 3. Resume disk I/O
e. 1. Suspend disk I/O, 2. Start EBS snapshot of volumes, 3. Wait for snapshots to complete, 4. Resume disk I/O
5. How can the domain's zone apex, for example, "myzoneapexdomain.com", be pointed towards an Elastic Load Balancer?
a. By using an Amazon Route 53 Alias record
b. By using an AAAA record
c. By using an Amazon Route 53 CNAME record
d. By using an A record
Your company is getting ready to do a major public announcement of a social media site on AWS. The website is running on EC2 instances deployed across multiple Availability Zones with a Multi-AZ RDS MySQL Extra Large DB Instance. The site performs a high number of small reads and writes per second and relies on an eventual consistency model. After comprehensive tests you discover that there is read contention on RDS MySQL. Which are the best approaches to meet these requirements? (Choose 2 answers)
a. Deploy ElasticCache in-memory cache running in each availability zone
b. Implement sharding to distribute load to multiple RDS MySQL instances
c. Increase the RDS MySQL Instance size and Implement provisioned IOPS
d. Add an RDS MySQL read replica in each availability zone
A customer has a single 3-TB volume on-premises that is used to hold a large repository of images and print layout files. This repository is growing at 500 GB a year and must be presented as a single logical volume. The customer is becoming increasingly constrained with their local storage capacity and wants an off-site backup of this data, while maintaining low-latency access to their frequently accessed data. Which AWS Storage Gateway configuration meets the customer requirements?
a. Gateway-Cached volumes with snapshots scheduled to Amazon S3
b. Gateway-Stored volumes with snapshots scheduled to Amazon S3
c. Gateway-Virtual Tape Library with snapshots to Amazon S3
d. Gateway-Virtual Tape Library with snapshots to Amazon Glacier
Which of the following approaches provides the lowest cost for Amazon Elastic Block Store snapshots while giving you the ability to fully restore data?
a. Maintain two snapshots: the original snapshot and the latest incremental snapshot.
b. Maintain a volume snapshot; subsequent snapshots will overwrite one another
c. Maintain a single snapshot the latest snapshot is both Incremental and complete.
d. Maintain the most current snapshot, archive the original and incremental to Amazon Glacier.
You are deploying an application to collect votes for a very popular television show. Millions of users will submit votes using mobile devices. The votes must be collected into a durable, scalable, and highly available data store for real-time public tabulation. Which service should you use?
a. Amazon DynamoDB
b. Amazon Redshift
c. Amazon Kinesis
d. Amazon Simple Queue Service
Company "ABC" needs to deploy services to an AWS region which they have not previously used. The company currently has an AWS identity and Access Management (IAM) role for the Amazon EC2 instances, which permits the instance to have access to Amazon DynamoDB. The company wants their EC2 instances in the new region to have the same privileges. How should the company achieve this?
a. Create a new IAM role and associated policies within the new region
b. Assign the existing IAM role to the Amazon EC2 instances in the new region
c. Copy the IAM role and associated policies to the new region and attach it to the instances
d. Create an Amazon Machine Image (AMI) of the instance and copy it to the desired region using the AMI Copy feature
A company is building software on AWS that requires access to various AWS services. Which configuration should be used to ensure that AWS credentials (i.e.,Access Key ID/Secret Access Key combination) are not compromised?
a. Enable Multi-Factor Authentication for your AWS root account.
b. Assign an IAM role to the Amazon EC2 instance.
c. Store the AWS Access Key ID/Secret Access Key combination in software comments.
d. Assign an IAM user to the Amazon EC2 Instance.
A_____is the concept of allowing (or disallowing) an entity such as a user, group, or role some type of access to one or more resources
b. AWS Account
For the EBS volumes, which has the following disadvantage : 'Doubles the amount of I/O required from the instance to EBS compared to RAID 0, because you're mirroring all writes to a pair of volumes, limiting how much you can stripe.
a. Raid 0
b. Raid 1+0 [Raid 10]
c. Raid 1
d. Raid 5
Which DNS name can only be resolved within amazon EC2?
a. Internal DNS Name
b. External DNS Name
c. Global DNS Name
d. Private DNS Name
THIS SET IS OFTEN IN FOLDERS WITH...
AWS Solutions Architect
AWS Architect Associate Level
AWS Certified Solutions Architect - Associate Prac…
AWS solutions architect
YOU MIGHT ALSO LIKE...
Azure Infrastructure and Networking
Windows Server 2012 R2 Final Exam Practice
OTHER SETS BY THIS CREATOR
AWS Elastic Cloud Compute (EC2)
AWS Simple Storage Service (S3)
AWS Identity Access Management (IAM)
AWS Cloud Products, Services, and Terms