311 terms
euxyabe

AWS Certified Solutions Architect - Associate Practice Questions

STUDY
PLAY

Terms in this set (...)

Amazon Glacier is designed for: (Choose 2 answers)

A. active database storage.
B. infrequently accessed data.
C. data archives.
D. frequently accessed data.
E. cached session data.
B. infrequently accessed data.
C. data archives.
Your web application front end consists of multiple EC2 instances behind an Elastic Load Balancer. You
configured ELB to perform health checks on these EC2 instances. If an instance fails to pass health
checks, which statement will be true?

A. The instance is replaced automatically by the ELB.
B. The instance gets terminated automatically by the ELB.
C. The ELB stops sending traffic to the instance that failed its health check.
D. The instance gets quarantined by the ELB for root cause analysis.
C. The ELB stops sending traffic to the instance that failed its health check.
You are building a system to distribute confidential training videos to employees. Using CloudFront, what
method could be used to serve content that is stored in S3, but not publicly accessible from S3 directly?

A. Create an Origin Access Identity (OAI) for CloudFront and grant access to the objects in your S3 bucket to that OAI.
B. Add the CloudFront account security group "amazon-cf/amazon-cf-sg" to the appropriate S3 bucket
policy.
C. Create an Identity and Access Management (IAM) User for CloudFront and grant access to the
objects in your S3 bucket to that IAM User.
D. Create a S3 bucket policy that lists the CloudFront distribution ID as the Principal and the target
bucket as the Amazon Resource Name (ARN).
A. Create an Origin Access Identity (OAI) for CloudFront and grant access to the objects in your S3 bucket to that OAI.
Which of the following will occur when an EC2 instance in a VPC with an
associated Elastic IP is stopped and started? (Choose 2 answers)

A. The Elastic IP will be dissociated from the instance
B. All data on instance-store devices will be lost
C. All data on EBS (Elastic Block Store) devices will be lost
D. The ENI (Elastic Network Interface) is detached
E. The underlying host for the instance is changed
B. All data on instance-store devices will be lost
E. The underlying host for the instance is changed
In the basic monitoring package for EC2, Amazon CloudWatch provides the following metrics:

A. web server visible metrics such as number failed transaction requests
B. operating system visible metrics such as memory utilization
C. database visible metrics such as number of connections
D. hypervisor visible metrics such as CPU utilization
D. hypervisor visible metrics such as CPU utilization, disk I/O, network I/O
Which is an operational process performed by AWS for data security?

A. AES-256 encryption of data stored on any shared storage device
B. Decommissioning of storage devices using industry-standard practices
C. Background virus scans of EBS volumes and EBS snapshots
D. Replication of data across multiple AWS Regions
E. Secure wiping of EBS data when an EBS volume is unmounted
B. Decommissioning of storage devices using industry-standard practices
You have been tasked with creating a VPC network topology for your company. The VPC network must support both Internet-facing applications and internally-facing applications accessed only over VPN. Both Internet-facing and internally-facing applications must be able to leverage at least three AZs for high availability. At a minimum, how many subnets must you create within your VPC to accommodate these requirements?

A. 2
B. 3
C. 4
D. 6
D. 6
You receive a Spot Instance at a bid of $0.05/hr. After 30 minutes, the Spot Price increases to $0.06/hr and your Spot Instance is terminated by AWS. What was the total EC2 compute cost of running your Spot Instance?

A. $0.00
B. $0.02
C. $0.03
D. $0.05
E. $0.06
A. $0.00
You are developing a highly available web application using stateless web servers. Which services are suitable for storing session state data?
Choose 3 answers

A. Amazon CloudWatch
B. Amazon Relational Database Service (RDS)
C. Elastic Load Balancing
D. Amazon ElastiCache
E. AWS Storage Gateway
F. Amazon DynamoDB
B. Amazon Relational Database Service (RDS)
D. Amazon ElastiCache
F. Amazon DynamoDB
You have a business-critical two-tier web app currently deployed in two AZs in a single region, using Elastic Load Balancing and Auto Scaling. The app depends on synchronous replication (very low latency connectivity) at the database layer. The application needs to remain fully available even if one application AZ goes off-line, and Auto Scaling cannot launch new instances in the remaining Availability Zones. How can the current architecture be enhanced to ensure this?

A. Deploy in two regions using Weighted Round Robin (WRR), with Auto Scaling minimums set for 50 percent peak load per Region.
B. Deploy in two regions using Weighted Round Robin (WRR), with Auto Scaling minimums set for 100 percent peak load per region.
C. Deploy in three Availability Zones, with Auto Scaling minimum set to handle 50 percent peak load per zone.
D. Deploy in three Availability Zones, with Auto Scaling minimum set to handle 33 percent peak load per zone.
C. Deploy in three Availability Zones, with Auto Scaling minimum set to handle 50 percent peak load per zone.
You are deploying an application on EC2 that must call AWS APIs. What method of securely passing credentials to the application should you use?

A. Use AWS Identity and Access Management roles for EC2 instances.
B. Pass API credentials to the instance using instance userdata.
C. Embed the API credentials into your JAR files.
D. Store API credentials as an object in Amazon Simple Storage Service.
A. Use AWS Identity and Access Management roles for EC2 instances.
Which route must be added to your routing table in order to allow connections to the Internet from your subnet?

A. Destination: 0.0.0.0/0 --> Target: your Internet gateway
B. Destination: 192.168.1.257/0 --> Target: your Internet gateway
C. Destination: 0.0.0.0/33 --> Target: your virtual private gateway
D. Destination: 0.0.0.0/0 --> Target: 0.0.0.0/24
E. Destination: 10.0.0.0/32 --> Target: your virtual private gateway
A. Destination: 0.0.0.0/0 --> Target: your Internet gateway
A customer's nightly EMR job processes a single 2-TB data file stored on Amazon Simple Storage Service (S3). The EMR job runs on two On-Demand core nodes and three On-Demand task nodes. Which of the following may help reduce the EMR job completion time?
Choose 2 answers

A. Use three Spot Instances rather than three On-Demand instances for the task nodes.
B. Change the input split size in the MapReduce job configuration.
C. Use a bootstrap action to present the S3 bucket as a local filesystem.
D. Launch the core nodes and task nodes within an Amazon Virtual Cloud.
E. Adjust the number of simultaneous mapper tasks.
F. Enable termination protection for the job flow.
B. Change the input split size in the MapReduce job configuration.
E. Adjust the number of simultaneous mapper tasks.
You have an VPC with a public subnet. Three EC2 instances currently running inside the subnet can successfully communicate with other hosts on the internet. You launch a fourth instance in the same subnet, using the same AMI and security group configuration you used for the others, but find that this instance cannot be accessed from the Internet. What should you do to enable Internet access?

A. Deploy a NAT instance into the public subnet.
B. Modify the routing table for the public subnet.
C. Assign an elastic IP address to the fourth instance.
D. Configure a publicly routable IP address in the host OS of the fourth instance.
C. Assign an elastic IP address to the fourth instance.
Which of the following requires a custom CloudWatch metric to monitor?

A. Memory use
B. CPU use
C. Disk read operations
D. Network in
E. Estimated charges
A. Memory use
Which of the following is a durable key-value store?

A. Amazon Simple Storage Service
B. Amazon Simple Workflow Service
C. Amazon Simple Queue Service
D. Amazon Simple Notification Service
A. Amazon Simple Storage Service
After creating a new AWS account, you use the API to request 40 on-demand EC2 instances in a single AZ. After 20 successful requests, subsequent requests failed. What could be a reason for this issue, and how would you resolve it?

A. You encountered a soft limit of 20 instances per region. Submit the limit increase form and retry the failed requests once approved.
B. AWS allows you to provision no more than 20 instances per Availability Zone. Select a different Availability Zone and retry the failed request.
C. You need to use Amazon Virtual Private Cloud (VPC) in order to provision more than 20 instances in a single Availability Zone. Simply terminate the resources already provisioned and re-launch them all in a VPC.
D. You encountered an API throttling situation and should try the failed requests using an exponential decay retry algorithm.
A. You encountered a soft limit of 20 instances per region. Submit the limit increase form and retry the failed requests once approved.
Amazon Glacier is designed for:
Choose 2 answers

A. Frequently accessed data
B. Active database storage
C. Data archives
D. Infrequently accessed data
E. Cached session data
C. Data archives
D. Infrequently accessed data
You have an application running in us-west-2 that requires six EC2 instances running at all times. With three AZs available in that region (us-west-2a, us-west-2b, and us-west-2c), which of the following deployments provides 100 percent fault tolerance if any single AZ in us-west-2 becomes unavailable?
Choose 2 answers

A. Us-west-2a with two EC2 instances, us-west-2b with two EC2 instances, and us-west-2c with two EC2 instances
B. Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with no EC2 instances
C. Us-west-2a with four EC2 instances, us-west-2b with two EC2 instances, and us-west-2c with two EC2 instances
D. Us-west-2a with six EC2 instances, us-west-2b with six EC2 instances, and us-west-2c with no EC2 instances
E. Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with three EC2 instances
D. Us-west-2a with six EC2 instances, us-west-2b with six EC2 instances, and us-west-2c with no EC2 instances
E. Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with three EC2 instances
What action is required to establish a VPC VPN connection between an on-premises data center and an Amazon VPC virtual private gateway?

A. Modify the main route table to allow traffic to a network address translation instance.
B. Use a dedicated network address translation instance in the public subnet.
C. Assign a static Internet-routable IP address to an Amazon VPC customer gateway.
D. Establish a dedicated networking connection using AWS Direct Connect.
D. Establish a dedicated networking connection using AWS Direct Connect.
How can software determine the public and private IP addresses of the EC2 instance that it is running on?

A. Query the local instance metadata.
B. Query the local instance userdata.
C. Query the appropriate Amazon CloudWatch metric.
D. Use an ipconfig or ifconfig command.
A. Query the local instance metadata.
A startup company hired you to help them build a mobile application, that will ultimately store billions of images and videos in S3. The company is lean on funding, and wants to minimize operational costs, however, they have an aggressive marketing plan, and expect to double their current installation base every six months. Due to the nature of their business, they are expecting sudden and large increases in traffic to and from S3, and need to ensure that it can handle the performance needs of their application. What other information must you gather from this customer in order to determine whether S3 is the right option?

A. You must know how many customers the company has today, because this is critical in understanding what their customer base will be in two years.
B. You must find out the total number of requests per second at peak usage.
C. You must know the size of the individual objects being written to S3, in order to properly design the key namespace.
D. In order to build the key namespace correctly, you must understand the total amount of storage needs for each S3 bucket.
B. You must find out the total number of requests per second at peak usage.
You have an EC2 security group with several running EC2 instances. You change the security group rules to allow inbound traffic on a new port and protocol, and launch several new instances in the same security group. The new rules apply:

A. Immediately to all instances in the security group.
B. Immediately to the new instances only.
C. Immediately to the new instances, but old instances must be stopped and restarted before the new rules apply.
D. To all instances, but it may take several minutes for old instances to see the changes.
A. Immediately to all instances in the security group.
A VPC public subnet is one that:

A. Has at least one route in its associated routing table that uses an Internet Gateway (IGW).
B. Includes a route in its associated routing table via a Network Address Translation (NAT) instance.
C. Has a Network Access Control List (NACL) permitting outbound traffic to 0.0.0.0/0.
D. Has the Public Subnet option selected in its configuration.
A. Has at least one route in its associated routing table that uses an Internet Gateway (IGW).
In reviewing the Auto Scaling events for your application you notice that your application is scaling up and down multiple times in the same hour. What design choice could you make to optimize for cost while preserving elasticity?
Choose 2 answers

A. Modify the Auto Scaling policy to use scheduled scaling actions
B. Modify the Auto Scaling group termination policy to terminate the oldest instance first.
C. Modify the Auto Scaling group cool-down timers.
D. Modify the Amazon CloudWatch alarm period that triggers your Auto Scaling scale down policy.
E. Modify the Auto Scaling group termination policy to terminate the newest instance first.
C. Modify the Auto Scaling group cool-down timers.
D. Modify the Amazon CloudWatch alarm period that triggers your Auto Scaling scale down policy.
What combination of the following options will protect S3 objects from both accidental deletion and accidental overwriting?

A. Enable S3 versioning on the bucket.
B. Access S3 data using only signed URLs.
C. Disable S3 delete using an IAM bucket policy.
D. Enable S3 Reduced Redundancy Storage.
E. Enable multi-factor authentication (MFA) protected access.
A. Enable S3 versioning on the bucket.
What does Amazon S3 stand for?

A. Simple Storage Solution.
B. Storage Storage Storage (triple redundancy Storage).
C. Storage Server Solution.
D. Simple Storage Service.
A. Simple Storage Solution.
You must assign each server to at least _____ security group

A. 3
B. 2
C. 4
D. 1
D. 1
Before I delete an EBS volume, what can I do if I want to recreate the volume later?

A. Create a copy of the EBS volume (not a snapshot)
B. Store a snapshot of the volume
C. Download the content to an EC2 instance
D. Back up the data in to a physical disk
B. Store a snapshot of the volume
Select the most correct answer: The device name /dev/sda1 (within Amazon EC2 ) is _____

A. Possible for EBS volumes
B. Reserved for the root device
C. Recommended for EBS volumes
D. Recommended for instance store volumes
B. Reserved for the root device
If I want an instance to have a public IP address, which IP address should I use?

A. Elastic IP Address
B. Class B IP Address
C. Class A IP Address
D. Dynamic IP Address
A. Elastic IP Address
What does RRS stand for when talking about S3?

A. Redundancy Removal System
B. Relational Rights Storage
C. Regional Rights Standard
D. Reduced Redundancy Storage
D. Reduced Redundancy Storage
All Amazon EC2 instances are assigned two IP addresses at launch. Which one can only be reached from within the Amazon EC2 network?

A. Multiple IP address
B. Public IP address
C. Private IP address
D. Elastic IP Address
C. Private IP address
What does Amazon SWF stand for?

A. Simple Web Flow
B. Simple Work Flow
C. Simple Wireless Forms
D. Simple Web Form
B. Simple Work Flow
What is the Reduced Redundancy option in Amazon S3?

A. Less redundancy for a lower cost.
B. It doesn't exist in Amazon S3, but in Amazon EBS.
C. It allows you to destroy any copy of your files outside a specific jurisdiction.
D. It doesn't exist at all
A. Less redundancy for a lower cost.
Fill in the blanks: Resources that are created in AWS are identified by a unique identifier called an _____.

A. Amazon Resource Number
B. Amazon Resource Name tag
C. Amazon Resource Name
D. Amazon Reesource Namespace
C. Amazon Resource Name
What does the command 'ec2-run-instances ami-e3a5408a -n 20 -g appserver' do?

A. Start twenty instances as members of appserver group.
B. Creates 20 rules in the security group named appserver
C. Terminate twenty instances as members of appserver group.
D. Start 20 security groups
A. Start twenty instances as members of appserver group.
While creating an Amazon RDS DB, your first task is to set up a DB ______ that controls what IP addresses or EC2 instances have access to your DB Instance.

A. Security Pool
B. Secure Zone
C. Security Token Pool
D. Security Group
D. Security Group
When you run a DB Instance as a Multi-AZ deployment, the _____ serves database writes and reads

A. secondary
B. backup
C. stand by
D. primary
D. primary
Every user you create in the IAM system starts with ______.

A. partial permissions
B. full permissions
C. no permissions
C. no permissions
What does Amazon EC2 provide?

A. Virtual servers in the Cloud.
B. A platform to run code (Java, PHP, Python), paying on an hourly basis.
C. Computer Clusters in the Cloud.
D. Physical servers, remotely managed by the customer.
A. Virtual servers in the Cloud.
Amazon SWF is designed to help users do what?

A. Design graphical user interface interactions
B. Manage user identification and authorization
C. Store Web content
D. Coordinate synchronous and asynchronous tasks which are distributed and fault tolerant.
D. Coordinate synchronous and asynchronous tasks which are distributed and fault tolerant.
Can I control if and when MySQL based RDS Instance is upgraded to new supported versions?

A. No
B. Only in VPC
C. Yes
C. Yes
If I modify a DB Instance or the DB parameter group associated with the instance, should I reboot the instance for the changes to take effect?

A. No
B. Yes
B. Yes
When you view the block device mapping for your instance, you can see only the EBS volumes, not the instance store volumes.

A. Depends on the instance type
B. FALSE
C. Depends on whether you use API call
D. TRUE
D. TRUE
By default, EBS volumes that are created and attached to an instance at launch are deleted when that instance is terminated. You can modify this behavior by changing the value of the flag _____ to false when you launch the instance.

A. DeleteOnTermination
B. RemoveOnDeletion
C. RemoveOnTermination
D. TerminateOnDeletion
A. DeleteOnTermination
What are the initial settings of an user created security group?

A. Allow all inbound traffic and Allow no outbound traffic
B. Allow no inbound traffic and Allow no outbound traffic
C. Allow no inbound traffic and Allow all outbound traffic
D. Allow all inbound traffic and Allow all outbound traffic
C. Allow no inbound traffic and Allow all outbound traffic
Will my standby RDS instance be in the same Region as my primary?

A. Only for Oracle RDS types
B. Yes
C. Only if configured at launch
D. No
B. Yes
What does Amazon Elastic Beanstalk provide?

A. A scalable storage appliance on top of Amazon Web Services.
B. An application container on top of Amazon Web Services.
C. A service by this name doesn't exist.
D. A scalable cluster of EC2 instances.
B. An application container on top of Amazon Web Services.
When using IAM to control access to your RDS resources, the key names that can be used are case sensitive. For example, aws:CurrentTime is NOT equivalent to AWS:currenttime.

A. TRUE
B. FALSE
A. TRUE
What will be the status of the snapshot until the snapshot is complete.

A. running
B. working
C. progressing
D. pending
D. pending
Can an EBS volume be attached to more than one EC2 instance at the same time?

A. No
B. Yes.
C. Only EC2-optimized EBS volumes.
D. Only in read mode.
A. No
Automated backups are enabled by default for a new DB Instance.

A. TRUE
B. FALSE
A. TRUE
What does the AWS Storage Gateway provide?

A. Integration of on-premises IT environments with Cloud Storage.
B. A direct encrypted connection to Amazon S3.
C. A backup solution that provides an on-premises Cloud storage.
D. It provides an encrypted SSL endpoint for backups in the Cloud.
A. Integration of on-premises IT environments with Cloud Storage.
Amazon RDS automated backups and DB Snapshots are currently supported for only the ______ storage engine

A. InnoDB
B. MyISAM
A. InnoDB
How many relational database engines does RDS currently support?

A. Six: Amazon Aurora, Oracle, Microsoft SQL Server, PostgreSQL, MySQL and MariaDB
B. Just two: MySQL and Oracle.
C. Five: MySQL, PostgreSQL, MongoDB, Cassandra and SQLite.
D. Just one: MySQL.
A. Six: Amazon Aurora, Oracle, Microsoft SQL Server, PostgreSQL, MySQL and MariaDB
Fill in the blanks: The base URI for all requests for instance metadata is _____

A. http://254.169.169.254/latest/
B. http://169.169.254.254/latest/
C. http://127.0.0.1/latest/
D. http://169.254.169.254/latest/
D. http://169.254.169.254/latest/
While creating the snapshots using the the command line tools, which command should I be using?

A. ec2-deploy-snapshot
B. ec2-fresh-snapshot
C. ec2-create-snapshot
D. ec2-new-snapshot
C. ec2-create-snapshot
Typically, you want your application to check whether a request generated an error before you spend any time processing results. The easiest way to find out if an error occurred is to look for an ______ node in the response from the Amazon RDS API.

A. Incorrect
B. Error
C. FALSE
B. Error
What are the two permission types used by AWS?

A. Resource-based and Product-based
B. Product-based and Service-based
C. Service-based
D. User-based and Resource-based
D. User-based and Resource-based
In Amazon CloudWatch, which metric should I be checking to ensure that your DB Instance has enough free storage space?

A. FreeStorage
B. FreeStorageSpace
C. FreeStorageVolume
D. FreeDBStorageSpace
B. FreeStorageSpace
Amazon RDS DB snapshots and automated backups are stored in

A. Amazon S3
B. Amazon ECS Volume
C. Amazon RDS
D. Amazon EMR
A. Amazon S3
What is the maximum key length of a tag?

A. 512 Unicode characters
B. 64 Unicode characters
C. 256 Unicode characters
D. 128 Unicode characters
D. 128 Unicode characters
Security Groups can't _____.

A. be nested more than 3 levels
B. be nested at all
C. be nested more than 4 levels
D. be nested more than 2 levels
B. be nested at all
You must increase storage size in increments of at least _____ %

A. 40
B. 20
C. 50
D. 10
D. 10
Changes to the backup window take effect ______.

A. from the next billing cycle
B. after 30 minutes
C. immediately
D. after 24 hours
C. immediately
Using Amazon CloudWatch's Free Tier, what is the frequency of metric updates which you receive?

A. 5 minutes
B. 500 milliseconds.
C. 30 seconds
D. 1 minute
A. 5 minutes
Which is the default region in AWS?

A. eu-west-1
B. us-east-1
C. us-east-2
D. ap-southeast-1
B. us-east-1
What are the Amazon EC2 API tools?

A. They don't exist. The Amazon EC2 AMI tools, instead, are used to manage permissions.
B. Command-line tools to the Amazon EC2 web service.
C. They are a set of graphical tools to manage EC2 instances.
D. They don't exist. The Amazon API tools are a client interface to Amazon Web Services.
B. Command-line tools to the Amazon EC2 web service.
What are the two types of licensing options available for using Amazon RDS for Oracle?

A. BYOL and Enterprise License
B. BYOL and License Included
C. Enterprise License and License Included
D. Role based License and License Included
B. BYOL and License Included
What does a "Domain" refer to in Amazon SWF?

A. A security group in which only tasks inside can communicate with each other
B. A special type of worker
C. A collection of related Workflows
D. The DNS record for the Amazon SWF service
C. A collection of related Workflows
EBS Snapshots occur _____

A. Asynchronously
B. Synchronously
C. Weekly
A. Asynchronously
Disabling automated backups disables the point-in-time recovery feature.

A. True
B. False
A. True
Out of the striping options available for the EBS volumes, which one has the following disadvantage : 'Doubles the amount of I/O required from the instance to EBS compared to RAID 0, because you're mirroring all writes to a pair of volumes, limiting how much you can stripe.' ?

A. Raid 5
B. Raid 6
C. Raid 1
D. Raid 2
C. Raid 1
Is creating a Read Replica of another Read Replica supported?

A. Only in certain regions
B. Only with MSSQL based RDS
C. Only for Oracle RDS types
D. No
D. No
Can Amazon S3 uploads resume on failure or do they need to restart?

A. Restart from beginning
B. You can resume them, if you flag the "resume on failure" option before uploading.
C. Resume on failure
D. Depends on the file size
C. Resume on failure
Which of the following cannot be used in EC2 to control who has access to specific EC2 instances?

A. Security Groups
B. IAM System
C. SSH keys
D. Windows passwords
B. IAM System
Fill in the blanks : _____ let you categorize your EC2 resources in different ways, for example, by purpose, owner, or environment.

A. wildcards
B. pointers
C. tags
D. special filters
C. tags
How can I change the security group membership for interfaces owned by other AWS, such as Elastic Load Balancing?

A. By using the service specific console or API\CLI commands
B. None of these
C. Using Amazon EC2 API/CLI
D. Using all these methods
A. By using the service specific console or API\CLI commands
What is the maximum write throughput I can provision per table for a single DynamoDB table?

A. 5,000 us east, 1,000 all other regions
B. 100,000 us east, 10, 000 all other regions
C. Designed to scale without limits, but if you go beyond 40,000 us east/10,000 all other regions you have to contact AWS first.
D. There is no limit
C. Designed to scale without limits, but if you go beyond 40,000 us east/10,000 all other regions you have to contact AWS first.
What does the ec2-revoke command do with respect to the Amazon EC2 security groups?

A. Removes one or more security groups from a rule.
B. Removes one or more security groups from an Amazon EC2 instance.
C. Removes one or more rules from a security group.
D. Removes a security group from an account.
C. Removes one or more rules from a security group.
Can a 'user' be associated with multiple AWS accounts?

A. No
B. Yes
A. No
True or False: Manually created DB Snapshots are deleted after the DB Instance is deleted.

A. TRUE
B. FALSE
B. FALSE
What is Amazon Glacier?

A. There is no such thing
B. A security tool that allows "freezing" an EBS volume to perform computer forensics on it.
C. A low-cost storage service that provides secure and durable storage for data archiving and backup.
D. A security tool that allows "freezing" an EC2 instance to perform computer forensics on it.
C. A low-cost storage service that provides secure and durable storage for data archiving and backup.
What is the durability of S3 RRS?

A. 99.99%
B. 99.95%
C. 99.995%
D. 99.999999999%
A. 99.99%
What does specifying the mapping /dev/sdc=none do when launching an EC2 instance?

A. Prevents /dev/sdc from creating the instance.
B. Prevents /dev/sdc from deleting the instance.
C. Set the value of /dev/sdc to 'zero'.
D. Prevents /dev/sdc from attaching to the instance.
D. Prevents /dev/sdc from attaching to the instance.
Is Federated Storage Engine currently supported by Amazon RDS for MySQL?

A. Only for Oracle RDS instances
B. No
C. Yes
D. Only in VPC
B. No
What is the maximum groups an IAM user be a member of?

A. 20
B. 5
C. 10
D. 15
C. 10
True or False: When you perform a restore operation to a point in time or from a DB Snapshot, a new DB Instance is created with a new endpoint.

A. FALSE
B. TRUE
B. TRUE
A/An _____ acts as a firewall that controls the traffic allowed to reach one or more instances.

A. security group
B. ACL
C. IAM
D. Private IP Addresses
A. security group
Will my standby RDS instance be in the same Availability Zone as my primary?

A. Only for Oracle RDS types
B. Yes
C. Only if configured at launch
D. No
D. No
While launching an RDS DB instance, on which page I can select the Availability Zone?

A. Review
B. DB Instance Details
C. Management Options
D. Additional Configuration
D. Additional Configuration
What does the ec2-create-group command do with respect to the Amazon EC2 security groups?

A. Groups the user created security groups in to a new group for easy access.
B. Creates a new security group for use with your account.
C. Creates a new group inside the security group.
D. Creates a new rule inside the security group.
B. Creates a new security group for use with your account.
In the Launch Db Instance Wizard, where can I select the backup and maintenance options?

A. DB Instance Details
B. Review
C. Management Options
D. Engine Selection
C. Management Options
You are charged for the IOPS and storage whether or not you use them in a given month?

A. FALSE
B. TRUE
B. TRUE
IAM provides several policy templates you can use to automatically assign permissions to the groups you create. The _____ policy template gives the Admins group permission to access all account resources, except your AWS account information.

A. Read Only Access
B. Power User Access
C. AWS CloudFormation Read Only Access
D. Administrator Access
D. Administrator Access
While performing volume status checks using volume status checks, if the status is insufficient-data, if the status is 'insufficient-data', what does it mean?

A. checks may still be in progress on the volume
B. check has passed
C. check has failed
D. there is no such status
A. checks may still be in progress on the volume
By default, when an EBS volume is attached to a Windows instance, it may show up as any drive letter on the instance. You can change the settings of the _____ Service to set the drive letters of the EBS volumes per your specifications.

A. EBSConfig Service
B. AMIConfig Service
C. Ec2Config Service
D. Ec2-AMIConfig Service
C. Ec2Config Service
SQL Server stores logins and passwords in the master database.

A. True
B. False
A. True
Does Amazon RDS allow direct host access via Telnet, Secure Shell (SSH), or Windows Remote Desktop Connection?

A. Yes
B. No
C. Depends on if it is in VPC or not
B. No
To view information about an Amazon EBS volume, open the Amazon EC2 console, go to EC2, click _____ in the Navigation pane.

A. EBS
B. Describe
C. Details
D. Volumes
D. Volumes
Using Amazon IAM, I can give permissions based on organizational groups?

A. True
B. False
A. True
While creating an EC2 snapshot using the API, which Action should I be using?

A. MakeSnapShot
B. FreshSnapshot
C. DeploySnapshot
D. CreateSnapshot
D. CreateSnapshot
While signing in REST/ Query requests, for additional security, you should transmit your requests using Secure Sockets Layer (SSL) by using _____.

A. HTTP
B. Internet Protocol Security(IPsec)
C. TLS (Transport Layer Security)
D. HTTPS
D. HTTPS
What happens to the I/O operations while you take a database snapshot in a single AZ database?

A. I/O operations to the database are suspended for a few minutes while the backup is in progress.
B. I/O operations to the database are sent to a Replica (if available) for a few minutes while the backup is in progress.
C. I/O operations will be functioning normally
D. I/O operations to the database are suspended for an hour while the backup is in progress
A. I/O operations to the database are suspended for a few minutes while the backup is in progress.
Read Replicas require a transactional storage engine and are only supported for the _____ storage engine.

A. OracleISAM
B. MSSQLDB
C. InnoDB
D. MyISAM
C. InnoDB
When running my DB Instance as a Multi-AZ deployment, can I use the standby for read or write operations?

A. Yes
B. Only with MSSQL based RDS
C. Only for Oracle RDS instances
D. No
D. No
When should I choose Provisioned IOPS over Standard RDS storage?

A. If you have batch-oriented workloads
B. If you use production online transaction processing (OLTP) workloads.
C. If you have workloads that are not sensitive to consistent performance
D. If you infrequently read or write to the drive.
B. If you use production online transaction processing (OLTP) workloads.
In the 'Detailed' monitoring data available for your Amazon EBS volumes, Provisioned IOPS volumes automatically send _____ minute metrics to Amazon CloudWatch.
A. 3
B. 1
C. 5
D. 2
B. 1
What is the minimum charge for the data transferred between Amazon RDS and Amazon EC2 Instances in the same Availability Zone?

A. USD 0.10 per GB
B. No charge. It is free.
C. USD 0.02 per GB
D. USD 0.01 per GB
B. No charge. It is free.
Reserved Instances are available for Multi-AZ Deployments.

A. True
B. False
A. True
Which service enables AWS customers to manage users and permissions in AWS?

A. AWS Access Control Service (ACS)
B. AWS Identity and Access Management (IAM)
C. AWS Identity Manager (AIM)
D. AWS Security Groups
B. AWS Identity and Access Management (IAM)
Which Amazon Storage behaves like raw, unformatted, external block devices that you can attach to your instances?

A. None of these.
B. Amazon Instance Storage
C. Amazon EBS
D. All of these
C. Amazon EBS
Which Amazon service can I use to define a virtual network that closely resembles a traditional data center?

A. Amazon VPC
B. Amazon ServiceBus
C. Amazon EMR
D. Amazon RDS
A. Amazon VPC
What is the command line instruction for running the remote desktop client in Windows?

A. desk.cpl
B. mstsc
B. mstsc
Amazon RDS automated backups and DB Snapshots are currently supported for only the ______ storage engine.

A. MyISAM
B. InnoDB
B. InnoDB
MySQL installations default to port _____.

A. 3306
B. 443
C. 80
D. 1158
A. 3306
If you have chosen Multi-AZ deployment, in the event of an outage of your primary DB Instance, Amazon RDS automatically switches to the standby replica. The automatic failover mechanism simply changes the ______ record of the main DB Instance to point to the standby DB Instance.

A. DNAME
B. CNAME
C. TXT
D. MX
B. CNAME
If I modify a DB Instance or the DB parameter group associated with the instance, I should reboot the instance for the changes to take effect?

A. True
B. False
A. True
If I want to run a database in an Amazon instance, which is the most recommended Amazon storage option?

A. Amazon Instance Storage
B. Amazon EBS
C. You can't run a database inside an Amazon instance.
D. Amazon S3
B. Amazon EBS
In regards to IAM you can edit user properties later, but you cannot use the console to change the _____.

A. user name
B. password
C. default group
A. user name
If you add a tag that has the same key as an existing tag on a DB Instance, the new value overwrites the old value.

A. FALSE
B. TRUE
B. TRUE
Making your snapshot public shares all snapshot data with everyone. Can the snapshots with AWS Marketplace product codes be made public?

A. No
B. Yes
A. No
Fill in the blanks: "To ensure failover capabilities, consider using a _____ for incoming traffic on a network interface".

A. primary public IP
B. secondary private IP
C. secondary public IP
D. add on secondary IP
B. secondary private IP
If I have multiple Read Replicas for my master DB Instance and I promote one of them, what happens to the rest of the Read Replicas?

A. The remaining Read Replicas will still replicate from the older master DB Instance
B. The remaining Read Replicas will be deleted
C. The remaining Read Replicas will be combined to one read replica
A. The remaining Read Replicas will still replicate from the older master DB Instance
What does Amazon CloudFormation provide?

A. The ability to setup Autoscaling for Amazon EC2 instances.
B. None of these.
C. A template resource creation for Amazon Web Services.
D. A template to map network resources for Amazon Web Services.
C. A template resource creation for Amazon Web Services.
Can I encrypt connections between my application and my DB Instance using SSL?

A. No
B. Yes
C. Only in VPC
D. Only in certain regions
B. Yes
What are the four levels of AWS Premium Support?

A. Basic, Developer, Business, Enterprise
B. Basic, Startup, Business, Enterprise
C. Free, Bronze, Silver, Gold
D. All support is free
A. Basic, Developer, Business, Enterprise
What can I access by visiting the URL: http://status.aws.amazon.com/ ?

A. Amazon Cloud Watch
B. Status of the Amazon RDS DB
C. AWS Service Health Dashboard
D. AWS Cloud Monitor
C. AWS Service Health Dashboard
Please select the Amazon EC2 resource which cannot be tagged.

A. Images (AMIs, kernels, RAM disks)
B. Amazon EBS volumes
C. Elastic IP addresses
D. VPCs
C. Elastic IP addresses
Because of the extensibility limitations of striped storage attached to Windows Server, Amazon RDS does not currently support increasing storage on a _____ DB Instance.

A. SQL Server
B. MySQL
C. Oracle
A. SQL Server
Through which of the following interfaces is AWS Identity and Access Management available?

A. AWS Management Console
B. Command line interface (CLI)
C. IAM Query API
D. All of the above
D. All of the above
Select the incorrect statement.

A. In Amazon EC2, private IP address is only returned to Amazon EC2 when the instance is stopped or terminated
B. In Amazon VPC, an instance retains its private IP address when the instance is stopped.
C. In Amazon VPC, an instance does NOT retain its private IP address when the instance is stopped.
D. In Amazon EC2, the private IP address is associated exclusively with the instance for its lifetime
C. In Amazon VPC, an instance does NOT retain its private IP address when the instance is stopped.
How are the EBS snapshots saved on Amazon S3?

A. Exponentially
B. Incrementally
C. EBS snapshots are not stored in the Amazon S3
D. Decrementally
B. Incrementally
What is the type of monitoring data (for Amazon EBS volumes) which is available automatically in 5-minute periods at no charge called?

A. Basic
B. Primary
C. Detailed
D. Local
A. Basic
The new DB Instance that is created when you promote a Read Replica retains the backup window period.

A. TRUE
B. FALSE
A. TRUE
What happens when you create a topic on Amazon SNS?

A. The topic is created, and it has the name you specified for it.
B. An ARN (Amazon Resource Name) is created.
C. You can create a topic on Amazon SQS, not on Amazon SNS.
D. This question doesn't make sense.
B. An ARN (Amazon Resource Name) is created.
Can I delete a snapshot of the root device of an EBS volume used by a registered AMI?

A. Only via API
B. Only via Console
C. Yes
D. No
C. Yes
New database versions will automatically be applied to AWS RDS instances as they become available.

A. True
B. False
B. False
What is the maximum response time for a Business level Premium Support case?

A. 120 seconds
B. 1 hour
C. 10 minutes
D. 12 hours
B. 1 hour
The _____ service is targeted at organizations with multiple users or systems that use AWS products such as Amazon EC2, Amazon SimpleDB, and the AWS Management Console.

A. Amazon RDS
B. AWS Integrity Management
C. AWS Identity and Access Management
D. Amazon EMR
C. AWS Identity and Access Management
Without IAM, you cannot control the tasks a particular user or system can do and what AWS resources they might use.

A. FALSE
B. TRUE
B. TRUE
When you use the AWS Management Console to delete an IAM user, IAM also deletes any signing certificates and any access keys belonging to the user.

A. FALSE
B. TRUE
B. TRUE
When automatic failover occurs, Amazon RDS will emit a DB Instance event to inform you that automatic failover occurred. You can use the _____ to return information about events related to your DB Instance.

A. FetchFailure
B. DescribeFailure
C. DescribeEvents
D. FetchEvents
C. DescribeEvents
What is the default maximum number of MFA devices in use per AWS account (at the root account level)?

A. 1
B. 5
C. 15
D. 10
A. 1
Is there a limit to how many groups a user can be in?

A. Yes for all users except root
B. Yes unless special permission granted
C. Yes for all users
D. No
A. Yes for all users except root
Do the Amazon EBS volumes persist independently from the running life of an Amazon EC2 instance?

A. Only if instructed to when created
B. Yes
C. No
B. Yes
Can we attach an EBS volume to more than one EC2 instance at the same time?

A. Yes
B. No
C. Only EC2-optimized EBS volumes.
D. Only in read mode.
B. No
Select the correct set of options. The initial settings for the default security group are:

A. Allow no inbound traffic, Allow all outbound traffic and Allow instances associated with this security group to talk to each other
B. Allow all inbound traffic, Allow no outbound traffic and Allow instances associated with this security group to talk to each other
C. Allow no inbound traffic, Allow all outbound traffic and Does NOT allow instances associated with this security group to talk to each other
D. Allow all inbound traffic, Allow all outbound traffic and Does NOT allow instances associated with this security group to talk to each other
A. Allow no inbound traffic, Allow all outbound traffic and Allow instances associated with this security group to talk to each other
What does Amazon Route53 provide?

A. A global Content Delivery Network.
B. None of these.
C. A scalable Domain Name System.
D. An SSH endpoint for Amazon EC2.
C. A scalable Domain Name System.
What does Amazon ElastiCache provide?

A. A service by this name doesn't exist. Perhaps you mean Amazon CloudCache.
B. A virtual server with a huge amount of memory.
C. A managed In-memory cache service.
D. An Amazon EC2 instance with the Memcached software already pre-installed.
C. A managed In-memory cache service.
What is the default per account limit of Elastic IPs?

A. 1
B. 3
C. 5
D. 0
C. 5
What is a Security Group?

A. None of these.
B. A list of users that can access Amazon EC2 instances.
C. An Access Control List (ACL) for AWS resources.
D. It acts as a virtual firewall that controls the traffic for one or more instances.
D. It acts as a virtual firewall that controls the traffic for one or more instances.
Please select the Amazon EC2 resource which can be tagged.

A. Key pairs
B. Elastic IP addresses
C. Placement groups
D. EBS snapshots
D. EBS snapshots
What is Amazon Glacier?

A. It's a security tool that allows to "freeze" an EC2 instance and perform computer forensics on it.
B. A security tool that allows to "freeze" an EBS volume and perform computer forensics on it.
C. A low-cost storage service that provides secure and durable storage for data archiving and backup.
D. You mean Amazon "Iceberg": it's a low-cost storage service.
C. A low-cost storage service that provides secure and durable storage for data archiving and backup.
If an Amazon EBS volume is the root device of an instance, can I detach it without stopping the instance?

A. Yes but only if Windows instance
B. No
C. Yes
D. Yes but only if a Linux instance
B. No
If you are using Amazon RDS Provisioned IOPS storage with MySQL and Oracle database engines, you can scale the throughput of your database Instance by specifying the IOPS rate from _____ .

A. 1,000 to 1,00,000
B. 100 to 1,000
C. 10,000 to 1,00,000
D. 1,000 to 10,000
D. 1,000 to 10,000
Every user you create in the IAM system starts with ______.

A. full permissions
B. no permissions
C. partial permissions
B. no permissions
After an EC2-VPC instance is launched, can I change the VPC security groups it belongs to?

A. Only if the tag "VPC_Change_Group" is true
B. Yes
C. No
D. Only if the tag "VPC Change Group" is true
B. Yes
A______ is an individual, system, or application that interacts with AWS programmatically.

A. User
B. AWS Account
C. Group
D. Role
A. User
Select the correct statement:

A. You don't need not specify the resource identifier while stopping a resource
B. You can terminate, stop, or delete a resource based solely on its tags
C. You can't terminate, stop, or delete a resource based solely on its tags
D. You don't need to specify the resource identifier while terminating a resource
C. You can't terminate, stop, or delete a resource based solely on its tags
Can I initiate a "forced failover" for my MySQL Multi-AZ DB Instance deployment?

A. Only in certain regions
B. Only in VPC
C. Yes
D. No
C. Yes
A group can contain many users. Can a user belong to multiple groups?

A. Yes
B. No
C. Only if they are using two factor authentication
D. Only in VPC
A. Yes
Is the encryption of connections between my application and my DB Instance using SSL for the MySQL server engines available?

A. Yes
B. Only in VPC
C. Only in certain regions
D. No
A. Yes
Which AWS instance address has the following characteristics? :"If you stop an instance, its Elastic IP address is unmapped, and you must remap it when you restart the instance."

A. None of these
B. EC2-VPC Addresses
C. EC2-Classic Addresses
C. EC2-Classic Addresses
Please select the most correct answer regarding the persistence of the Amazon Instance Store:

A. The data on an instance store volume persists only during the life of the associated Amazon EC2 instance
B. The data on an instance store volume is lost when the security group rule of the associated instance is changed.
C. The data on an instance store volume persists even after associated Amazon EC2 instance is deleted
A. The data on an instance store volume persists only during the life of the associated Amazon EC2 instance
Multi-AZ deployment is supported for Microsoft SQL Server DB Instances.

A. True
B. False
A. True
Security groups act like a firewall at the instance level, whereas _____ are an additional layer of security that act at the subnet level.

A. DB Security Groups
B. VPC Security Groups
C. Network ACLs
C. Network ACLs
Does AWS allow for the use of Multi Factor Authentication tokens?

A. Yes, with both hardware or virtual MFA devices
B. Yes, but only virtual MFA devices.
C. Yes, but only physical (hardware) MFA devices.
D. No
A. Yes, with both hardware or virtual MFA devices
What does Amazon SWF stand for?

A. Simple Wireless Forms
B. Simple Web Form
C. Simple Work Flow
D. Simple Web Flow
C. Simple Work Flow
What does Amazon Elastic Beanstalk provide?

A. An application container on top of Amazon Web Services.
B. A scalable storage appliance on top of Amazon Web Services.
C. A scalable cluster of EC2 instances.
D. A service by this name doesn't exist.
A. An application container on top of Amazon Web Services.
Is the SQL Server Audit feature supported in the Amazon RDS SQL Server engine?

A. No
B. Yes
A. No
Are you able to integrate a multi-factor token service with the AWS Platform?

A. Yes, using the AWS multi-factor token devices to authenticate users on the AWS platform.
B. No, you cannot integrate multi-factor token devices with the AWS platform.
C. Yes, you can integrate private multi-factor token devices to authenticate users to the AWS platform.
A. Yes, using the AWS multi-factor token devices to authenticate users on the AWS platform.
My Read Replica appears "stuck" after a Multi-AZ failover and is unable to obtain or apply updates from the source DB Instance. What do I do?

A. You will need to delete the Read Replica and create a new one to replace it.
B. You will need to disassociate the DB Engine and re associate it.
C. The instance should be deployed to Single AZ and then moved to Multi- AZ once again
D. You will need to delete the DB Instance and create a new one to replace it.
A. You will need to delete the Read Replica and create a new one to replace it.
Which DNS name can only be resolved within Amazon EC2?

A. Internal DNS name
B. External DNS name
C. Global DNS name
D. Private DNS name
A. Internal DNS name
If your DB instance runs out of storage space or file system resources, its status will change to _____ and your DB Instance will no longer be available.

A. storage-overflow
B. storage-full
C. storage-exceed
D. storage-overage
B. storage-full
Will my standby RDS instance be in the same Availability Zone as my primary?

A. Only for Oracle RDS types
B. Only if configured at launch
C. Yes
D. No
D. No
Does Amazon RDS for SQL Server currently support importing data into the msdb database?

A. No
B. Yes
A. No
Does Route 53 support MX Records?

A. Yes
B. It supports CNAME records, but not MX records.
C. No
D. Only Primary MX records. Secondary MX records are not supported.
A. Yes
How can I change the security group membership for interfaces owned by other AWS services, such as Elastic Load Balancing?

A. using all these methods
B. By using the service specific console or API\CLI commands
C. None of these
B. By using the service specific console or API\CLI commands
When you perform a restore operation to a point in time or from a DB Snapshot, a new DB Instance is created with a new endpoint.

A. FALSE
B. TRUE
B. TRUE
Which Amazon storage do you think is the best for my database-style applications that frequently encounter many random reads and writes across the dataset.

A. None of these
B. Amazon Instance Storage
C. Any of these
D. Amazon EBS
D. Amazon EBS
In a management network scenario, which interface on the instance handles public-facing traffic?

A. Primary network interface
B. Subnet interface
C. Secondary network interface
C. Secondary network interface
Select the correct set of steps for exposing the snapshot only to specific AWS accounts:

A. Select public for all the accounts and check mark those accounts with whom you want to expose the snapshots and click save.
B. SelectPrivate, enter the IDs of those AWS accounts, and clickSave.
C. SelectPublic, enter the IDs of those AWS accounts, and clickSave.
D. SelectPublic, mark the IDs of those AWS accounts as private, and clickSave.
B. SelectPrivate, enter the IDs of those AWS accounts, and clickSave.
Is decreasing the storage size of a DB Instance permitted?

A. Depends on the RDMS used
B. Yes
C. No
B. Yes
When should I choose Provisioned IOPS over Standard RDS storage?

A. If you use production online transaction processing (OLTP) workloads.
B. If you have batch-oriented workloads
C. If you have workloads that are not sensitive to consistent performance
A. If you use production online transaction processing (OLTP) workloads.
In the 'Detailed' monitoring data available for your Amazon EBS volumes, Provisioned IOPS volumes automatically send _____ minute metrics to Amazon CloudWatch.

A. 5
B. 2
C. 1
D. 3
C. 1
It is advised that you watch the Amazon CloudWatch _____ metric carefully and recreate the Read Replica should it fall behind due to replication errors.

A. WriteLag
B. ReadReplica
C. ReplicaLag
D. SingleReplica
C. ReplicaLag
Can the string value of 'Key' be prefixed with ":aws:"?

A. No
B. Only for EC2 not S3
C. Yes
D. Only for S3 not EC2
A. No
By default, what happens to ENIs that are automatically created and attached to EC2 instances when the attached instance terminates?

A. Remain as is
B. Terminate
C. Hibernate
D. Pause
B. Terminate
You can use _____ and _____ to help secure the instances in your VPC.

A. security groups and multi-factor authentication
B. security groups and 2-Factor authentication
C. security groups and biometric authentication
D. security groups and network ACLs
D. security groups and network ACLs
_____ is a durable, block-level storage volume that you can attach to a single, running Amazon EC2 instance.

A. Amazon S3
B. Amazon EBS
C. Amazon EFS
D. All of these
B. Amazon EBS
Do the Amazon EBS volumes persist independently from the running life of an Amazon EC2 instance?

A. No
B. Only if instructed to when created
C. Yes
C. Yes
If I want my instance to run on a single-tenant hardware, which value do I have to set the instance's tenancy attribute to?

A. dedicated
B. isolated
C. one
D. reserved
A. dedicated
What does Amazon RDS stand for?

A. Regional Data Server.
B. Relational Database Service.
C. Nothing.
D. Regional Database Service.
B. Relational Database Service.
What does ec2-create-group do with respect to the Amazon EC2 security groups?

A. Creates a new rule inside the security group.
B. Creates a new security group for use with your account.
C. Creates a new group inside the security group.
D. Groups the user created security groups in to a new group for easy access.
B. Creates a new security group for use with your account.
What is the maximum response time for a Business level Premium Support case?

A. 30 minutes
B. You always get instant responses (within a few seconds).
C. 10 minutes
D. 1 hour
D. 1 hour
What does Amazon ELB stand for?

A. Elastic Linux Box
B. Encrypted Linux Box
C. Encrypted Load Balancing
D. Elastic Load Balancer
D. Elastic Load Balancer
What is the default VPC security group limit?

A. 500
B. 50
C. 5
D. There is no limit
A. 500
Location of Instances are _____

A. Regional
B. based on Availability Zone
C. Global
B. based on Availability Zone
Is there any way to own a direct connection to Amazon Web Services?

A. You can create an encrypted tunnel to VPC, but you don't own the connection.
B. Yes, it's called Amazon Dedicated Connection.
C. No, AWS only allows access from the public Internet.
D. Yes, it's called Direct Connect
D. Yes, it's called Direct Connect
You must assign each server to at least _____ security group?

A. 4
B. 3
C. 1
D. 2
C. 1
Does DynamoDB support in-place atomic updates?

A. It is not defined
B. No
C. Yes
D. It does support in-place non-atomic updates
C. Yes
Is there a method or command in the IAM system to allow or deny access to a specific instance?

A. Only for VPC based instances
B. Yes
C. No
C. No
What is an isolated database environment running in the cloud (Amazon RDS) called?

A. DB Instance
B. DB Unit
C. DB Server
D. DB Volume
A. DB Instance
What does Amazon SES stand for?

A. Simple Elastic Server.
B. Simple Email Service.
C. Software Email Solution.
D. Software Enabled Server.
B. Simple Email Service.
Amazon S3 doesn't automatically give a user who creates a _____ permission to perform other actions on that bucket or object. Therefore, in your IAM policies, you must explicitly give users permission to use the Amazon S3 resources they create.

A. file
B. bucket or object
C. bucket or file
D. object or file
B. bucket or object
Can I attach more than one policy to a particular entity?

A. Yes always
B. Only if within GovCloud
C. No
D. Only if within VPC
A. Yes always
A _____ is a storage device that moves data in sequences of bytes or bits (blocks). Hint: These devices support random access and generally use buffered I/O.

A. block map
B. storage block
C. mapping device
D. block device
D. block device
Can I detach the primary (eth0) network interface when the instance is running or stopped?

A. Yes
B. No
C. Depends on the state of the interface at the time
B. No
What's an ECU?

A. Extended Cluster User.
B. None of these.
C. Elastic Computer Usage.
D. Elastic Compute Unit
D. Elastic Compute Unit
What is the charge for the data transfer incurred in replicating data between your primary and standby?

A. No charge. It is free.
B. Double the standard data transfer charge
C. Same as the standard data transfer charge
D. Half of the standard data transfer charge
A. No charge. It is free.
Does AWS Direct Connect allow you access to all Availabilities Zones within a Region?

A. Depends on the type of connection
B. No
C. Yes
D. Only when there's just one availability zone in a region. If there are more than one, only one availability zone can be accessed directly.
C. Yes
What does the "Server Side Encryption" option on Amazon S3 provide?

A. It provides an encrypted virtual disk in the Cloud.
B. It doesn't exist for Amazon S3, but only for Amazon EC2.
C. It encrypts the files that you send to Amazon S3, on the server side.
D. It allows to upload files using an SSL endpoint, for a secure transfer.
C. It encrypts the files that you send to Amazon S3, on the server side.
What does Amazon EBS stand for?

A. Elastic Block Storage.
B. Elastic Business Server.
C. Elastic Blade Server.
D. Elastic Block Store.
A. Elastic Block Storage.
Within the IAM service a GROUP is regarded as a:

A. A collection of AWS accounts
B. It's the group of EC2 machines that gain the permissions specified in the GROUP.
C. There's no GROUP in IAM, but only USERS and RESOURCES.
D. A collection of users.
D. A collection of users.
A _____ is the concept of allowing (or disallowing) an entity such as a user, group, or role some type of access to one or more resources.

A. user
B. AWS Account
C. resource
D. permission
D. permission
After an Amazon EC2-VPC instance is launched, can I change the VPC security groups it belongs to?

A. No
B. Yes
C. Only if you are the root user
D. Only if the tag "VPC_Change_Group" is true
B. Yes
Do the system resources on the Micro instance meet the recommended configuration for Oracle?

A. Yes completely
B. Yes but only for certain situations
C. Not in any circumstance
C. Not in any circumstance
Will I be charged if the DB instance is idle?

A. No
B. Yes
C. Only is running in GovCloud
D. Only if running in VPC
B. Yes
Can I move a Reserved Instance from one Region to another?

A. No
B. Yes
C. Only if they are moving into GovCloud
D. Only if they are moving to US East from another region
A. No
To help you manage your Amazon EC2 instances, images, and other Amazon EC2 resources, you can assign your own metadata to each resource in the form of_____.

A. special filters
B. functions
C. tags
D. wildcards
C. tags
Are you able to integrate a multi-factor token service with the AWS Platform?

A. No, you cannot integrate multi-factor token devices with the AWS platform.
B. Yes, you can integrate private multi-factor token devices to authenticate users to the AWS platform.
C. Yes, using the AWS multi-factor token devices to authenticate users on the AWS platform.
C. Yes, using the AWS multi-factor token devices to authenticate users on the AWS platform.
When you add a rule to a DB security group, you do not need to specify port number or protocol.

A. Depends on the RDMS used
B. TRUE
C. FALSE
B. TRUE
Can I initiate a "forced failover" for my Oracle Multi-AZ DB Instance deployment?

A. Yes
B. Only in certain regions
C. Only in VPC
D. No
A. Yes
Amazon EC2 provides a repository of public data sets that can be seamlessly integrated into AWS cloud- based applications. What is the monthly charge for using the public data sets?

A. A 1 time charge of 10$ for all the datasets.
B. 1$ per dataset per month
C. 10$ per month for all the datasets
D. There is no charge for using the public data sets
D. There is no charge for using the public data sets
In the Amazon RDS Oracle DB engine, the Database Diagnostic Pack and the Database Tuning Pack are only available with _____.

A. Oracle Standard Edition
B. Oracle Express Edition
C. Oracle Enterprise Edition
D. None of these
C. Oracle Enterprise Edition
Without _____, you must either create multiple AWS accounts, each with its own billing and subscriptions, or your employees must share the security credentials of a single AWS account.

A. Amazon RDS
B. Amazon Glacier
C. Amazon EMR
D. Amazon IAM
D. Amazon IAM
Amazon RDS supports SOAP only through _____.

A. HTTP or HTTPS
B. TCP/IP
C. HTTP
D. HTTPS
D. HTTPS
The Amazon EC2 web service can be accessed using the _____ web services messaging protocol. This interface is described by a Web Services Description Language (WSDL) document.

A. SOAP
B. DCOM
C. CORBA
D. XML-RPC
A. SOAP
Is creating a Read Replica of another Read Replica supported?

A. Only in VPC
B. Yes
C. Only in certain regions
D. No
D. No
What is the charge for the data transfer incurred in replicating data between your primary and standby?

A. Same as the standard data transfer charge
B. Double the standard data transfer charge
C. No charge. It is free
D. Half of the standard data transfer charge
C. No charge. It is free
HTTP Query-based requests are HTTP requests that use the HTTP verb GET or POST and a Query parameter named _____.

A. Action
B. Value
C. Reset
D. Retrieve
A. Action
What happens to the I/O operations while you take a database snapshot?

A. I/O operations to the database are suspended for an hour while the backup is in progress.
B. I/O operations to the database are sent to a Replica (if available) for a few minutes while the backup is in progress.
C. I/O operations will be functioning normally
D. I/O operations to the database are suspended for a few minutes while the backup is in progress.
D. I/O operations to the database are suspended for a few minutes while the backup is in progress.
Amazon RDS creates an SSL certificate and installs the certificate on the DB Instance when Amazon RDS provisions the instance. These certificates are signed by a certificate authority. The _____ is stored at https://rds.amazonaws.com/doc/rds-ssl-ca-cert.pem.

A. private key
B. foreign key
C. public key
D. protected key
A. private key
_____ embodies the "share-nothing" architecture and essentially involves breaking a large database into several smaller databases.

A. Sharding
B. Failure recovery
C. Federation
D. DDL operations
A. Sharding
What is the name of licensing model in which I can use your existing Oracle Database licenses to run Oracle deployments on Amazon RDS?

A. Bring Your Own License
B. Role Bases License
C. Enterprise License
D. License Included
A. Bring Your Own License
When you resize the Amazon RDS DB instance, Amazon RDS will perform the upgrade during the next maintenance window. If you would rather perform the change now, specify the _____ option.

A. ApplyNow
B. ApplySoon
C. ApplyThis
D. ApplyImmediately
D. ApplyImmediately
Does Amazon Route 53 support NS Records?

A. Yes, it supports Name Service records.
B. No
C. It supports only MX records.
D. Yes, it supports Name Server records.
D. Yes, it supports Name Server records.
The SQL Server _____ feature is an efficient means of copying data from a source database to your DB Instance. It writes the data that you specify to a data file, such as an ASCII file.

A. bulk copy
B. group copy
C. dual copy
D. mass copy
A. bulk copy
In Amazon CloudWatch, which metric should I be checking to ensure that your DB Instance has enough free storage space?

A. FreeStorage
B. FreeStorageVolume
C. FreeStorageSpace
D. FreeStorageAllocation
C. FreeStorageSpace
When using consolidated billing there are two account types. What are they?

A. Paying account and Linked account
B. Parent account and Child account
C. Main account and Sub account.
D. Main account and Secondary account.
A. Paying account and Linked account
A _____ is a document that provides a formal statement of one or more permissions.

A. policy
B. permission
C. Role
D. resource
A. policy
In the Amazon RDS which uses the SQL Server engine, what is the maximum size for a Microsoft SQL Server DB Instance with SQL Server Express edition?

A. 10 GB per DB
B. 100 GB per DB
C. 2 TB per DB
D. 1TB per DB
A. 10 GB per DB
Regarding the attaching of ENI to an instance, what does 'warm attach' refer to?

A. Attaching an ENI to an instance when it is stopped.
B. This question doesn't make sense.
C. Attaching an ENI to an instance when it is running
D. Attaching an ENI to an instance during the launch process
A. Attaching an ENI to an instance when it is stopped.
If I scale the storage capacity provisioned to my DB Instance by mid of a billing month, how will I be charged?

A. you will be charged for the highest storage capacity you have used
B. on a proration basis
C. you will be charged for the lowest storage capacity you have used
B. on a proration basis
You can modify the backup retention period for AWS RDS. Valid values are 0 (for no backup retention) to a maximum of _____ days.

A. 45
B. 35
C. 15
D. 5
B. 35
A Provisioned IOPS SSD volume must be at least _____ GB in size.

A. 1
B. 6
C. 20
D. 4
D. 4
Will I be alerted when automatic failover occurs?

A. Only if SNS configured
B. No
C. Yes
D. Only if Cloudwatch configured
C. Yes
You are a solutions architect working for a company that specializes in ingesting large data feeds (using Kinesis) and then analyzing these feeds using Elastic Map Reduce (EMR). The results are then stored on a custom MySQL database which is hosted on an EC2 instance which has 3 volumes, the root/boot volume, and then 2 additional volumes which are striped in to a RAID 1. Your company recently had an outage and lost some key data and have since decided that they will need to run nightly back ups. Your application is only used during office hours, so you can afford to have some down time in the middle of the night if required. You decide to take a snapshot of all three volumes every 24 hours. In what manner should you do this?

A. Take a snapshot of each volume independently, while the EC2 instance is running.
B. Stop the EC2 instance and take a snapshot of each EC2 instance independently. Once the snapshots are complete, start the EC2 instance and ensure that all relevant volumes are remounted.
C. Add two additional volumes to the existing RAID 0 volume and mirror these volumes creating a RAID 10. Take a snap of only the two new volumes.
D. Create a read replica of the existing EC2 instance and then take your snapshots from the read replica and not the live EC2 instance.
B. Stop the EC2 instance and take a snapshot of each EC2 instance independently. Once the snapshots are complete, start the EC2 instance and ensure that all relevant volumes are remounted.
What are the valid methodologies for encrypting data on S3?

A. Server Side Encryption (SSE)-S3, SSE-C, SSE-KMS or a client library such as Amazon S3 Encryption Client.
B. Server Side Encryption (SSE)-S3, SSE-A, SSE-KMS or a client library such as Amazon S3 Encryption Client.
C. Server Side Encryption (SSE)-S3, SSE-C, SSE-SSL or a client library such as Amazon S3 Encryption Client.
D. Server Side Encryption (SSE)-S3, SSE-C, SSE-SSL or a server library such as Amazon S3 Encryption Client.
A. Server Side Encryption (SSE)-S3, SSE-C, SSE-KMS or a client library such as Amazon S3 Encryption Client.
In Identity and Access Management, when you first create a new user, certain security credentials are automatically generated. Which of the below are valid security credentials?

A. Access Key ID, Authorized Key
B. Private Key, Secret Access Key
C. Private Key, Authorized Key
D. Access Key ID, Secret Access Key
D. Access Key ID, Secret Access Key
Amazon Web Services offer 3 different levels of support, which of the below are valid support levels.

A. Corporate, Business, Developer
B. Enterprise, Business, Developer
C. Enterprise, Business, Free Tier
D. Enterprise, Company, Free Tier
B. Enterprise, Business, Developer
You are a solutions architect working for a large digital media company. Your company is migrating their production estate to AWS and you are in the process of setting up access to the AWS console using Identity Access Management (IAM). You have created 5 users for your system administrators. What further steps do you need to take to enable your system administrators to get access to the AWS console?

A. Generate an Access Key ID & Secret Access Key, and give these to your system administrators.
B. Enable multi-factor authentication on their accounts and define a password policy.
C. Generate a password for each user created and give these passwords to your system administrators.
D. Give the system administrators the secret access key and access key id, and tell them to use these credentials to log in to the AWS console.
C. Generate a password for each user created and give these passwords to your system administrators.
Amazon S3 buckets in all Regions provide which of the following?

A. Read-after-write consistency for PUTS of new objects AND Strongly consistent for POST & DELETES
B. Read-after-write consistency for POST of new objects AND Eventually consistent for overwrite PUTS & DELETES
C. Read-after-write consistency for PUTS of new objects AND Eventually consistent for overwrite PUTS & DELETES
D. Read-after-write consistency for POST of new objects AND Strongly consistent for POST & DELETES
C. Read-after-write consistency for PUTS of new objects AND Eventually consistent for overwrite PUTS & DELETES
What function of an AWS VPC is stateless?

A. Security Groups
B. Elastic Load Balancers
C. Network Access Control Lists
D. EC2
C. Network Access Control Lists
Which of the following services allows you root access (i.e. you can login using SSH)?

A. Elastic Load Balancer
B. Elastic Map Reduce
C. Elasticache
D. RDS
B. Elastic Map Reduce
When trying to grant an amazon account access to S3 using access control lists what method of identification should you use to identify that account with?

A. The email address of the account or the canonical user ID
B. The AWS account number
C. The ARN
D. An email address with a 2FA token
Submit
A. The email address of the account or the canonical user ID
You are a solutions architect working for a large oil and gas company. Your company runs their production environment on AWS and has a custom VPC. The VPC contains 3 subnets, 1 of which is public and the other 2 are private. Inside the public subnet is a fleet of EC2 instances which are the result of an autoscaling group. All EC2 instances are in the same security group. Your company has created a new custom application which connects to mobile devices using a custom port. This application has been rolled out to production and you need to open this port globally to the internet. What steps should you take to do this, and how quickly will the change occur?

A. Open the port on the existing network Access Control List. Your EC2 instances will be able to communicate on this port after a reboot.
B. Open the port on the existing network Access Control List. Your EC2 instances will be able to communicate over this port immediately.
C. Open the port on the existing security group. Your EC2 instances will be able to communicate over this port immediately.
D. Open the port on the existing security group. Your EC2 instances will be able to communicate over this port as soon as the relevant Time To Live (TTL) expires.
C. Open the port on the existing security group. Your EC2 instances will be able to communicate over this port immediately.
Which of the following is not supported by AWS Import/Export?

A. Import to Amazon S3
B. Export from Amazon S3
C. Import to Amazon EBS
D. Import to Amazon Glacier
E. Export to Amazon Glacier
E. Export to Amazon Glacier
Which of the following is not a service of the security category of the AWS trusted advisor service?

A. Security Groups - Specific Ports Unrestricted
B. MFA on Root Account
C. IAM Use
D. Vulnerability scans on existing VPCs.
D. Vulnerability scans on existing VPCs.
You work for a market analysis firm who are designing a new environment. They will ingest large amounts of market data via Kinesis and then analyze this data using Elastic Map Reduce. The data is then imported in to a high performance NoSQL Cassandra database which will run on EC2 and then be accessed by traders from around the world. The database volume itself will sit on 2 EBS volumes that will be grouped into a RAID 0 volume. They are expecting very high demand during peak times, with an IOPS performance level of approximately 15,000. Which EBS volume should you recommend?

A. Magnetic
B. General Purpose SSD
C. Provisioned IOPS (PIOPS)
D. Turbo IOPS (TIOPS)
C. Provisioned IOPS (PIOPS)
What are the different types of virtualization available on EC2?

A. Pseudo-Virtual (PV) & Hardware Virtual Module (HSM)
B. Para-Virtual (PV) & Hardware Virtual Machine (HVM)
C. Pseudo-Virtual (PV) & Hardware Virtual Machine (HVM)
D. Para-Virtual (PV) & Hardware Virtual Module (HSM)
Submit
B. Para-Virtual (PV) & Hardware Virtual Machine (HVM)
Which of the following is not a valid configuration type for AWS Storage gateway.

A. Gateway-accessed volumes
B. Gateway-cached volumes
C. Gateway-stored volumes
D. Gateway-Virtual Tape Library
A. Gateway-accessed volumes
You have started a new role as a solutions architect for an architectural firm that designs large sky scrapers in the Middle East. Your company hosts large volumes of data and has about 250Tb of data on internal servers. They have decided to store this data on S3 due to the redundancy offered by it. The company currently has a telecoms line of 2Mbps connecting their head office to the internet. What method should they use to import this data on to S3 in the fastest manner possible.

A. Upload it directly to S3
B. Purchase and AWS Direct connect and transfer the data over that once it is installed.
C. AWS Data pipeline
D. AWS Import/Export
D. AWS Import/Export
You are designing a site for a new start up which generates cartoon images for people automatically. Customers will log on to the site, upload an image which is stored in S3. The application then passes a job to AWS SQS and a fleet of EC2 instances poll the queue to receive new processing jobs. These EC2 instances will then turn the picture in to a cartoon and will then need to store the processed job somewhere. Users will typically download the image once (immediately), and then never download the image again. What is the most commercially feasible method to store the processed images?

A. Rather than use S3, store the images inside a BLOB on RDS with Multi-AZ configured for redundancy.
B. Store the images on S3 RRS, and create a lifecycle policy to delete the image after 24 hours.
C. Store the images on glacier instead of S3.
D. Use elastic block storage volumes to store the images.
B. Store the images on S3 RRS, and create a lifecycle policy to delete the image after 24 hours.
You are hosting a website in Ireland called aloud.guru and you decide to have a static DR site available on S3 in the event that your primary site would go down. Your bucket name is also called "acloudguru". What would be the S3 URL of the static website?

A. https://acloudguru.s3-website-eu-west-1.amazonaws.com
B. https://s3-eu-east-1.amazonaws.com/acloudguru
C. https://acloudguru.s3-website-us-east-1.amazonaws.com
D. https://s3-eu-central-1.amazonaws.com/acloudguru
A. https://acloudguru.s3-website-eu-west-1.amazonaws.com
Which of the following is NOT a valid SNS subscribers?

A. Lambda
B. SWF
C. SQS
D. Email
E. HTTPS
F. SMS
B. SWF
You are appointed as your company's Chief Security Officer and you want to be able to track all changes made to your AWS environment, by all users and at all times, in all regions. What AWS service should you use to achieve this?

A. CloudAudit
B. CloudWatch
C. CloudTrail
D. CloudDetective
C. CloudTrail
You have a high performance compute application and you need to minimize network latency between EC2 instances as much as possible. What can you do to achieve this?

A. Use Elastic Load Balancing to load balance traffic between availability zones
B. Create a CloudFront distribution and to cache objects from an S3 bucket at Edge Locations.
C. Create a placement group within an Availability Zone and place the EC2 instances within that placement group.
D. Deploy your EC2 instances within the same region, but in different subnets and different availability zones so as to maximize redundancy.
C. Create a placement group within an Availability Zone and place the EC2 instances within that placement group.
Amazon S3 buckets in the US Standard region do not provide eventual consistency.

A. True
B. False
B. False
Placement Groups can be created across 2 or more Availability Zones.

A. True
B. False
B. False
You can add multiple volumes to an EC2 instance and then create your own RAID 5/RAID 10/RAID 0 configurations using those volumes.

A. True
B. False
A. True
You are creating your own relational database on an EC2 instance and you need to maximize IOPS performance. What can you do to achieve this goal?

A. Add a single additional volume to the EC2 instance with provisioned IOPS.
B. Create the database on an S3 bucket.
C. Add multiple additional volumes with provisioned IOPS and then create a RAID 0 stripe across those volumes.
D. Attach the single volume to multiple EC2 instances so as to maximize performance.
C. Add multiple additional volumes with provisioned IOPS and then create a RAID 0 stripe across those volumes.
Which of the services below do you get root access to?

A. Elasticache & Elastic MapReduce
B. RDS & DynamoDB
C. EC2 & Elastic MapReduce
D. Elasticache & DynamoDB
C. EC2 & Elastic MapReduce
Using SAML (Security Assertion Markup Language 2.0) you can give your federated users single sign-on (SSO) access to the AWS Management Console.

A. True
B. False
A. True
You can have 1 subnet stretched across multiple availability zones.

A. True
B. False
B. False
When you create new subnets within a custom VPC, by default they can communicate with each other, across availability zones.

A. True
B. False
A. True
It is possible to transfer a reserved instance from one Availability Zone to another.

A. True
B. False
A. True
You have an EC2 instance which needs to find out both its private IP address and its public IP address. To do this you need to;

A. Run IPCONFIG (Windows) or IFCONFIG (Linux)
B. Retrieve the instance Metadata from http://169.254.169.254/latest/meta-data/
C. Retrieve the instance Userdata from http://169.254.169.254/latest/meta-data/
D. Use the following command; AWS EC2 displayIP
B. Retrieve the instance Metadata from http://169.254.169.254/latest/meta-data/
To retrieve instance metadata or userdata you will need to use the following IP Address;

A. http://127.0.0.1
B. http://192.168.0.254
C. http://10.0.0.1
D. http://169.254.169.254
D. http://169.254.169.254
Amazon S3 buckets in all other regions (other than US Standard) provide read-after-write consistency for PUTS of new objects.

A. True
B. False
A. True
Amazon S3 buckets in all other regions (other than US Standard) do not provide eventual consistency for overwrite PUTS and DELETES.

A. True
B. False
B. False
Amazon S3 provides;

A. Unlimited File Size for Objects
B. Unlimited Storage
C. A great place to run a No SQL database from
D. The ability to act as a web server for dynamic content (i.e. can query a database)
B. Unlimited Storage
In order to enable encryption at rest using EC2 and Elastic Block Store you need to

A. Configure encryption when creating the EBS volume
B. Configure encryption using the appropriate Operating Systems file system
C. Configure encryption using X.509 certificates
D. Mount the EBS volume in to S3 and then encrypt the bucket using a bucket policy.
A. Configure encryption when creating the EBS volume
You can select a specific Availability Zone in which to place your DynamoDB Table

A. True
B. False
B. False
When creating an RDS instance you can select which availability zone in which to deploy your instance.

A. True
B. False
A. True
Amazon's Redshift uses which block size for its columnar storage?

A. 2KB
B. 8KB
C. 16KB
D. 32KB
E. 1024KB / 1MB
E. 1024KB / 1MB
You run a website which hosts videos and you have two types of members, premium fee paying members and free members. All videos uploaded by both your premium members and free members are processed by a fleet of EC2 instances which will poll SQS as videos are uploaded. However you need to ensure that your premium fee paying members videos have a higher priority than your free members. How do you design SQS?

A. SQS allows you to set priorities on individual items within the queue, so simply set the fee paying members at a higher priority than your free members.
B. Create two SQS queues, one for premium members and one for free members. Program your EC2 fleet to poll the premium queue first and if empty, to then poll your free members SQS queue.
C. SQS would not be suitable for this scenario. It would be much better to use SNS to encode the videos.
Submit
B. Create two SQS queues, one for premium members and one for free members. Program your EC2 fleet to poll the premium queue first and if empty, to then poll your free members SQS queue.
You have uploaded a file to S3. What HTTP code would indicate that the upload was successful?

A. HTTP 404
B. HTTP 501
C. HTTP 200
D. HTTP 307
C. HTTP 200
You are hosting a MySQL database on the root volume of an EC2 instance. The database is using a large amount of IOPs and you need to increase the IOPs available to it. What should you do?

A. Migrate the database to an S3 bucket.
B. Migrate the database to Glacier.
C. Add 4 additional EBS SSD volumes and create a RAID 10 using these volumes.
D. Use Cloud Front to cache the database.
...
You have been asked to create VPC for your company. The VPC must support both Internet-facing web applications (ie they need to be publicly accessible) and internal private applications (i.e. they are not publicly accessible and can be accessed only over VPN). The internal private applications must be inside a private subnet. Both the internet-facing and private applications must be able to leverage at least three Availability Zones for high availability. At a minimum, how many subnets must you create within your VPC to achieve this?

A. 5
B. 3
C. 4
D. 6
D. 6
You work for a cosmetic company which has their production website on AWS. The site itself is in a two-tier configuration with web servers in the front end and database servers at the back end. The site uses using Elastic Load Balancing and Auto Scaling. The databases maintain consistency by replicating changes to each other as and when they occur. This requires the databases to have extremely low latency. Your website needs to be highly redundant and must be designed so that if one availability zone goes offline and Auto Scaling cannot launch new instances in the remaining Availability Zones the site will not go offline. How can the current architecture be enhanced to ensure this?

A. Deploy your site in three different AZ's within the same region. Configure the Auto Scaling minimum to handle 50 percent of the peak load per zone.
B. Deploy your website in 2 different regions. Configure Route53 with a failover routing policy and set up health checks on the primary site.
C. Deploy your site in three different AZ's within the same region. Configure the Auto Scaling minimum to handle 33 percent of the peak load per zone.
D. Deploy your website in 2 different regions. Configure Route53 with Weighted Routing. Assign a weight of 25% to region 1 and a weight of 75% to region 2.
A. Deploy your site in three different AZ's within the same region. Configure the Auto Scaling minimum to handle 50 percent of the peak load per zone.
You working in the media industry and you have created a web application where users will be able to upload photos they create to your website. This web application must be able to call the S3 API in order to be able to function. Where should you store your API credentials whilst maintaining the maximum level of security.

A. Save the API credentials to your php files.
B. Don't save your API credentials. Instead create a role in IAM and assign this role to an EC2 instance when you first create it.
C. Save your API credentials in a public Github repository.
D. Pass API credentials to the instance using instance userdata.
B. Don't save your API credentials. Instead create a role in IAM and assign this role to an EC2 instance when you first create it.
You are a systems administrator and you need to monitor the health of your production environment. You decide to do this using Cloud Watch, however you notice that you cannot see the health of every important metric in the default dash board. Which of the following metrics do you need to design a custom cloud watch metric for, when monitoring the health of your EC2 instances?

A. CPU Usage
B. Memory usage
C. Disk read operations
D. Network in
E. Estimated charges
B. Memory usage
You are a student currently learning about the different AWS services. Your employer asks you to tell him a bit about Amazon's glacier service. Which of the following best describes the use cases for Glacier?

A. Infrequently accessed data & data archives
B. Hosting active databases
C. Replicating Files across multiple availability zones and regions
D. Frequently Accessed Data
...
You work for a toy company that has a busy online store. As you are approaching christmas you find that your store is getting more and more traffic. You ensure that the web tier of your store is behind an Auto Scaling group, however you notice that the web tier is frequently scaling, sometimes multiple times in an hour, only to scale back after peak usage. You need to prevent this so that Auto Scaling does not scale as rapidly, just to scale back again. What option would help you to achieve this?

A. Configure Auto Scaling to terminate your oldest instances first, then adjust your CloudWatch alarm.
B. Configure Auto Scaling to terminate your newest instances first, then adjust your CloudWatch alarm.
C. Change your Auto Scaling so that it only scales at scheduled times.
D. Modify the Auto Scaling group cool-down timers & modify the Amazon CloudWatch alarm period that triggers your Auto Scaling scale down policy.
D. Modify the Auto Scaling group cool-down timers & modify the Amazon CloudWatch alarm period that triggers your Auto Scaling scale down policy.
You work in the genomics industry and you process large amounts of genomic data using a nightly Elastic Map Reduce (EMR) job. This job processes a single 3 Tb file which is stored on S3. The EMR job runs on 3 on-demand core nodes and four on-demand task nodes. The EMR job is now taking longer than anticipated and you have been asked to advise how to reduced the completion time?

A. Use four Spot Instances for the task nodes rather than four On-Demand instances.
B. You should reduce the input split size in the MapReduce job configuration and then adjust the number of simultaneous mapper tasks so that more tasks can be processed at once.
C. Store the file on Elastic File Service instead of S3 and then mount EFS as an independent volume for your core nodes.
D. Configure an independent VPC in which to run the EMR jobs and then mount EFS as an independent volume for your core nodes.
E. Enable termination protection for the job flow.
B. You should reduce the input split size in the MapReduce job configuration and then adjust the number of simultaneous mapper tasks so that more tasks can be processed at once.
By definition a public subnet within a VPC is one that;

A. In it's routing table it has at least one route that uses an Internet Gateway (IGW).
B. Has at least one route in it's routing table that routes via a Network Address Translation (NAT) instance.
C. Where the the Network Access Control List (NACL) permitting outbound traffic to 0.0.0.0/0.
D. Has had the public subnet check box ticked when setting up this subnet in the VPC console.
A. In it's routing table it has at least one route that uses an Internet Gateway (IGW).
You have been asked to identify a service on AWS that is a durable key value store. Which of the services below meets this definition?

A. Mobile Hub
B. Kinesis
C. Simple Storage Service (S3)
D. Elastic File Service (EFS)
C. Simple Storage Service (S3)
You are a security architect working for a large antivirus company. The production environment has recently been moved to AWS and is in a public subnet. You are able to view the production environment over HTTP however when your customers try to update their virus definition files over a custom port, that port is blocked. You log in to the console and you allow traffic in over the custom port. How long will this take to take effect?

A. Straight away but to the new instances only.
B. Immediately.
C. After a few minutes this should take effect.
D. Straight away to the new instances, but old instances must be stopped and restarted before the new rules apply.
B. Immediately.
You are a solutions architect working for a biotech company who is pioneering research in immunotherapy. They have developed a new cancer treatment that may be able to cure up to 94% of cancers. They store their research data on S3, however recently an intern accidentally deleted some critical files. You've been asked to prevent this from happening in the future. What options below can prevent this?

A. Make sure the interns can only access data on S3 using signed URLs.
B. Enable S3 versioning on the bucket & enable Enable Multifactor Authentication (MFA) on the bucket.
C. Use S3 Infrequently Accessed storage to store the data on.
D. Create an IAM bucket policy that disables deletes.
Submit
B. Enable S3 versioning on the bucket & enable Enable Multifactor Authentication (MFA) on the bucket.
You run an automobile reselling company that has a popular online store on AWS. The application sits behind an Auto Scaling group and requires new instances of the Auto Scaling group to identify their public and private IP addresses. How can you achieve this?

A. By using Ipconfig for windows or Ifconfig for Linux.
B. By using a cloud watch metric.
C. Using a Curl or Get Command to get the latest meta-data from http://169.254.169.254/latest/meta-data/
D. Using a Curl or Get Command to get the latest user-data from http://169.254.169.254/latest/user-data/
C. Using a Curl or Get Command to get the latest meta-data from http://169.254.169.254/latest/meta-data/
You are a solutions architect who has been asked to do some consulting for a US company that produces re-useable rocket parts. They have a new web application that needs to be built and this application must be stateless. Which three services could you use to achieve this?

A. AWS Storage Gateway, Elasticache & ELB
B. ELB, Elasticache & RDS
C. Cloudwatch, RDS & DynamoDb
D. RDS, DynamoDB & Elasticache.
D. RDS, DynamoDB & Elasticache.
Your company has decided to set up a new AWS account for test and dev purposes. They already use AWS for production, but would like a new account dedicated for test and dev so as to not accidentally break the production environment. You launch an exact replica of your production environment using a CloudFormation template that your company uses in production. However CloudFormation fails. You use the exact same CloudFormation template in production, so the failure is something to do with your new AWS account. The CloudFormation template is trying to launch 60 new EC2 instances in a single AZ. After some research you discover that the problem is;

A. For all new AWS accounts there is a soft limit of 20 EC2 instances per region. You should submit the limit increase form and retry the template after your limit has been increased.
B. For all new AWS accounts there is a soft limit of 20 EC2 instances per availability zone. You should submit the limit increase form and retry the template after your limit has been increased.
C. You cannot launch more than 20 instances in your default VPC, instead reconfigure the CloudFormation template to provision the instances in a custom VPC.
D. Your CloudFormation template is configured to use the parent account and not the new account. Change the account number in the CloudFormation template and relaunch the template.
Submit
A. For all new AWS accounts there is a soft limit of 20 EC2 instances per region. You should submit the limit increase form and retry the template after your limit has been increased.
You work for a famous bakery who are deploying a hybrid cloud approach. Their legacy IBM AS400 servers will remain on premise within their own datacenter however they will need to be able to communicate to the AWS environment over a site to site VPN connection. What do you need to do to establish the VPN connection?

A. Connect to the environment using AWS Direct Connect.
B. Assign a public IP address to your Amazon VPC Gateway.
C. Create a dedicated NAT and deploy this to the public subnet.
D. Update your route table to add a route for the NAT to 0.0.0.0/0.
B. Assign a public IP address to your Amazon VPC Gateway.
You work for a major news network in Europe. They have just released a new app which allows users to report on events as and when they happen using their mobile phone. Users are able to upload pictures from the app and then other users will be able to view these pics. Your organization expects this app to grow very quickly, essentially doubling it's user base every month. The app uses S3 to store the media and you are expecting sudden and large increases in traffic to S3 when a major news event takes place (as people will be uploading content in huge numbers). You need to keep your storage costs to a minimum however and it does not matter if some objects are lost. Which storage media should you use to keep costs as low as possible?

A. S3 - Infrequently Accessed Storage.
B. S3 - Reduced Redundancy Storage (RRS).
C. Glacier.
D. S3 - Provisioned IOPS.
B. S3 - Reduced Redundancy Storage (RRS).
You have developed a new web application in us-west-2 that requires six Amazon Elastic Compute Cloud (EC2) instances running at all times. You have three availability zones available in that region (us-west-2a, us-west-2b, and us-west-2c). You need 100 percent fault tolerance if any single Availability Zone in us-west-2 becomes unavailable. How would you do this, each answer has 2 answers, select the answer with BOTH correct answers.

A. Answer 1 - Us-west-2a with two EC2 instances, us-west-2b with two EC2 instances, and us-west-2c with two EC2 instances. Answer 2 - Us-west-2a with six EC2 instances, us-west-2b with six EC2 instances, and us-west-2c with no EC2 instances
B. Answer 1 - Us-west-2a with six EC2 instances, us-west-2b with six EC2 instances, and us-west-2c with no EC2 instances. Answer 2 - Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with three EC2 instances.
C. Answer 1 - Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with no EC2 instances. Answer 2 - Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with three EC2 instances.
D. Answer 1 - Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with three EC2 instances. Answer 2 - Us-west-2a with four EC2 instances, us-west-2b with two EC2 instances, and us-west-2c with two EC2 instances.
B. Answer 1 - Us-west-2a with six EC2 instances, us-west-2b with six EC2 instances, and us-west-2c with no EC2 instances. Answer 2 - Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with three EC2 instances.
You need to add a route to your routing table in order to allow connections to the internet from your subnet. What route should you add?

A. Destination: 192.168.1.258/0 --> Target: your Internet gateway
B. Destination: 0.0.0.0/33 --> Target: your virtual private gateway
C. Destination: 0.0.0.0/0 --> Target: 0.0.0.0/24
D. Destination: 10.0.0.0/32 --> Target: your virtual private gateway
E. Destination: 0.0.0.0/0 --> Target: your Internet gateway
E. Destination: 0.0.0.0/0 --> Target: your Internet gateway
You work for a construction company that has their production environment in AWS. The production environment consists of 3 identical web servers that are launched from a standard Amazon linux AMI using Auto Scaling. The web servers are launched in to the same public subnet and belong to the same security group. They also sit behind the same ELB. You decide to do some test and dev and you launch a 4th EC2 instance in to the same subnet and same security group. Annoyingly your 4th instance does not appear to have internet connectivity. What could be the cause of this?

A. You need to update your routing table so as to provide a route out for this instance.
B. Assign an elastic IP address to the fourth instance.
C. You have not configured a NAT in the public subnet.
D. You have not configured a routable IP address in the host OS of the fourth instance.
B. Assign an elastic IP address to the fourth instance.
With which AWS orchestration service can you implement Chef recipes?

A. CloudFormation
B. Elastic Beanstalk
C. Opsworks
D. Lambda
C. Opsworks
AWS Certified Solutions Architect - Associate Practice Questions
851 terms
dathuminh