AWS Solutions Architecture Associate Practice Questions Part 3
iam.awslagi2020-04-29T13:14:35+07:00Notes: Hi all, AWS Solutions Architect Associate Practice Exam will familiarize you with types of questions you may encounter on the certification exam and help you determine your readiness or if you need more preparation and/or experience. Successful completion of the practice exam does not guarantee you will pass the certification exam as the actual exam is longer and covers a wider range of topics.
We highly recommend you should take AWS Solutions Architect Associate Guarantee Part because it include real questions and highlighted answers are collected in our exam. It will help you pass exam in easier way.
Practice Questions Part 3
Quiz-summary
0 of 60 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
Information
Solution Architecture Part 1
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 60 questions answered correctly
Time has elapsed
You have reached 0 of 0 points, (0)
| Average score | |
| Your score |
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- Answered
- Review
- Question 1 of 60
1. Question
My Read Replica appears “stuck” after a Multi-AZ failover and is unable to obtain or apply updates from the source DB instance. What do I do?
CorrectIncorrect - Question 2 of 60
2. Question
Does AWS allow for the use of Multi Factor Authentication tokens?
CorrectIncorrect - Question 3 of 60
3. Question
Which AWS services that you can access to underlying host?
Multiple choiceCorrectIncorrect - Question 4 of 60
4. Question
If I have multiple Read Replicas for my master DB Instance and I promote one of them, what happens to the rest of the Read Replicas?
CorrectIncorrect - Question 5 of 60
5. Question
When working with Amazon RDS, by default AWS is responsible for implementing which two management-related activities? (Pick 2 correct answers)
CorrectIncorrect - Question 6 of 60
6. Question
You maintain an application on AWS to provide development and test platforms for your developers. Currently both environments consist of an m1.small EC2 instance. Your developers notice performance degradation as they increase network load in the test environment?
How would you mitigate these performance issues in the test environment?CorrectIncorrect - Question 7 of 60
7. Question
Per the AWS Acceptable Use Policy, penetration testing of EC2 instances :
CorrectIncorrect - Question 8 of 60
8. Question
You have been tasked with identifying an appropriate storage solution for a NoSQL database that requires random I/O reads of greater than 100,000 4kB IOPS
Which EC2 option will meet this requirement?CorrectIncorrect - Question 9 of 60
9. Question
Instance A and Instance B are running in two different subnets A and B of a VPC. Instance A is not able to ping instance B.
What are two possible reasons for this? (Pick 2 correct answers)CorrectIncorrect - Question 10 of 60
10. Question
Your web site is hosted on 10 EC2 instances in 5 regions around the globe with 2 instances per region.
How could you configure your site to maintain site availability with minimum downtime if one of the 5 regions was to lose network connectivity for an extended period of time?CorrectIncorrect - Question 11 of 60
11. Question
You run a stateless web application with the following components: Elastic Load Balancer (ELB), 3 Web/Application servers on EC2, and 1 MySQL RDS database with 5000 Provisioned IOPS. Average response time for users is increasing. Looking at CloudWatch, you observer 95% CPU usage on the Web/Application servers and 20% CPU usage on the database. The average number of database disk operations varies between 2000 and 2500.
Which two options could improve response times? (Pick 2 correct answer)CorrectIncorrect - Question 12 of 60
12. Question
Which features can be used to restrict access to data in S3? (Pick 2 correct answers)
CorrectIncorrect - Question 13 of 60
13. Question
You need to establish a backup and archiving strategy for your company using AWS. Documents should be immediately accessible for 3 months and available for 5 years for compliance reasons.
Which AWS service fulfills these requirements in the most cost effective way?
CorrectIncorrect - Question 14 of 60
14. Question
Amazon Glacier is designed for: (Choose 2 answers)
CorrectIncorrect - Question 15 of 60
15. Question
Your web application front end consists of multiple EC2 instances behind an Elastic Load Balancer. You configured ELB to perform health checks on these EC2 instances. If an instance fails to pass health checks, which statement will be true?
CorrectIncorrect - Question 16 of 60
16. Question
You are building a system to distribute confidential training videos to employees. Using CloudFront, what method could be used to serve content that is stored in S3, but not publically accessible from S3 directly?
CorrectIncorrect - Question 17 of 60
17. Question
Which of the following will occur when an EC2 instance in a VPC (Virtual Private Cloud) with an associated Elastic IP is stopped and started? (Choose 2 answers)
CorrectIncorrect - Question 18 of 60
18. Question
In the basic monitoring package for EC2, Amazon CloudWatch provides the following metrics:
CorrectIncorrect - Question 19 of 60
19. Question
Which is an operational process performed by AWS for data security?
CorrectIncorrect - Question 20 of 60
20. Question
Which of the following statements about SQS is true?
CorrectIncorrect - Question 21 of 60
21. Question
You are architecting a highly-scalable and reliable web application which will have a huge amount of content .You have decided to use Cloudfront as you know it will speed up distribution of your static and dynamic web content and know that Amazon CloudFront integrates with Amazon CloudWatch metrics so that you can monitor your web application. Because you live in Sydney you have chosen the the Asia Pacific (Sydney) region in the AWS console. However you have set up this up but no CloudFront metrics seem to be appearing in the CloudWatch console. What is the most likely reason from the possible choices below for this?
CorrectCloudFront is a global service. and metrics are available only when you choose the US East (N. Virginia) region in the AWS console. If you choose another region. no CloudFront metrics will appear in the Cloud Watch console.
LEARN MORE: httu://docs.aws.amazon.comthmazonCloudFront/latest/DeveloperGuide/monitoring-using-cloudwatch.htmlIncorrectCloudFront is a global service. and metrics are available only when you choose the US East (N. Virginia) region in the AWS console. If you choose another region. no CloudFront metrics will appear in the Cloud Watch console.
LEARN MORE: httu://docs.aws.amazon.comthmazonCloudFront/latest/DeveloperGuide/monitoring-using-cloudwatch.html - Question 22 of 60
22. Question
A lot of your companies data is stored on Amazon Glacier as most of your data is not accessed often and for which retrieval times of several hours are suitable. However someone within your organisation has expressed concerns that his data is even more sensitive than all of your other data and is wondering whether the high level of encryption that he knows is on S3 is also used on Glacier as it is a much cheaper service. Which of the following statements would be most applicable in regards to this concern?
CorrectIncorrect - Question 23 of 60
23. Question
You have multiple VPN connections and want to provide secure communication between sites using the AWS VPN CloudHub. Which statement is the most accurate in describing what you must do to set this up correctly?
CorrectIf you have multiple VPN connections. you can provide secure communication between sites using the AWS VPN CloudHub. The VPN CloudHub operates on a simple hub-and-spoke model that you can use with or without a VPC. This design is suitable for customers with multiple branch offices and existing Internet connections who’d like to implement a convenient. potentially low-cost hub-and-spoke model for primary or backup connectivity between these remote offices. To use the AWS VPN CloudHub. you must create a virtual private gateway with multiple customer gateways, each with unique Border Gateway Protocol (BGP) Autonomous System Numbers (ASNs). Customer gateways advertise the appropriate routes (BGP prefixes) over their VPN connections. These routing advertisements are received and re-advertised to each BGP peer. enabling each site to send data to and receive data from the other sites. The routes for each spoke must have unique ASNs and the sites must not have overlapping IP ranges. Each site can also send and receive data from the VPC as if they were using a standard VPN connection.
LEARN MORE: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuideNPN CloudHub.htmlIncorrectIf you have multiple VPN connections. you can provide secure communication between sites using the AWS VPN CloudHub. The VPN CloudHub operates on a simple hub-and-spoke model that you can use with or without a VPC. This design is suitable for customers with multiple branch offices and existing Internet connections who’d like to implement a convenient. potentially low-cost hub-and-spoke model for primary or backup connectivity between these remote offices. To use the AWS VPN CloudHub. you must create a virtual private gateway with multiple customer gateways, each with unique Border Gateway Protocol (BGP) Autonomous System Numbers (ASNs). Customer gateways advertise the appropriate routes (BGP prefixes) over their VPN connections. These routing advertisements are received and re-advertised to each BGP peer. enabling each site to send data to and receive data from the other sites. The routes for each spoke must have unique ASNs and the sites must not have overlapping IP ranges. Each site can also send and receive data from the VPC as if they were using a standard VPN connection.
LEARN MORE: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuideNPN CloudHub.html - Question 24 of 60
24. Question
You have started to use AWS Elastic Beanstalk to quickly deploy and manage applications in the AWS cloud. Again you start to wonder if you are being charged for this service? What is AWS’s billing policy for AWS Elastic Beanstalk?
CorrectWith AWS Elastic Beanstalk, you can quickly deploy and manage applications in the AWS cloud without worrying about the infrastructure that runs those applications. AWS Elastic Beanstalk reduces management complexity without restricting choice or control. There is no additional charge for AWS Elastic Beanstalk: you pay only for the underlying AWS resources that your application consumes.
LEARN MORE: http://docs.aws.amazon.elasticbeanstalk/lastest/dg/Welcome.htmlIncorrectWith AWS Elastic Beanstalk, you can quickly deploy and manage applications in the AWS cloud without worrying about the infrastructure that runs those applications. AWS Elastic Beanstalk reduces management complexity without restricting choice or control. There is no additional charge for AWS Elastic Beanstalk: you pay only for the underlying AWS resources that your application consumes.
LEARN MORE: http://docs.aws.amazon.elasticbeanstalk/lastest/dg/Welcome.html - Question 25 of 60
25. Question
You are setting up some IAM user policies and have also become aware that some services support resource-based permissions, which let you attach policies to the service’s resources instead of to IAM users or groups. Which of the below statements is true in regards to resource-level permissions?
CorrectAWS Identity and Access Management is a web service that enables Amazon Web Services (AWS) customers to manage users and user permissions in AWS. The service is targeted at organizations with multiple users or systems that use AWS products such as Amazon EC2. Amazon RDS. and the AWS Management Console. With IAM. you can centrally manage users. security credentials such as access keys. and permissions that control which AWS resources users can access. In addition to supporting IAM user policies. some services support resource-based permissions, which let you attach policies to the service’s resources instead of to IAM users or groups. Resource-based permissions are supported by Amazon S3. Amazon SNS. and Amazon SQS. The resource-level permissions service supports IAM policies in which you can specify individual resources using Amazon Resource Names (ARNs) in the policy’s Resource element. Some services support resource-level permissions only for some actions.
LEARN MORE: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using SpecificProducts.htmlIncorrectAWS Identity and Access Management is a web service that enables Amazon Web Services (AWS) customers to manage users and user permissions in AWS. The service is targeted at organizations with multiple users or systems that use AWS products such as Amazon EC2. Amazon RDS. and the AWS Management Console. With IAM. you can centrally manage users. security credentials such as access keys. and permissions that control which AWS resources users can access. In addition to supporting IAM user policies. some services support resource-based permissions, which let you attach policies to the service’s resources instead of to IAM users or groups. Resource-based permissions are supported by Amazon S3. Amazon SNS. and Amazon SQS. The resource-level permissions service supports IAM policies in which you can specify individual resources using Amazon Resource Names (ARNs) in the policy’s Resource element. Some services support resource-level permissions only for some actions.
LEARN MORE: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using SpecificProducts.html - Question 26 of 60
26. Question
An application hosted at the EC2 instance receives an HTTP request from ELB. The same request has an X-Forwarded-For header, which has three IP addresses. Which systems IP will be a part of this header?
CorrectWhen a user requests to ELB over HTTP/HTTPS. the request header log at the instance will only receive the IP of ELB. This is because ELB is the interceptor between the EC2 instance and the client request. To get the client IP. use the header X-Forwarded-For in header. The client IP address in the X-Forwarclecl-For request header is followed by the IP addresses of each successive proxy that passes along the request. The last I P address is the IP address that connects to the back-end application instance. e.g. if the HTTP request already has a header when it reaches the Load Balancer. the IP address from which the request came is appended at the end of the header followed by the IP address of the Load Balancer. In such cases. the X-Forwarded-For request header takes the following form: X-Forwarded-For: clientIPAddress. previousRequest IPAddress. LoadBalancerIPAdclress.
LEARN MORE: http://docs.aws.amazon.com/ElasticLoadealancing/latest/DeveloperGuide/TerminologyandKeyConcepts.htmlIncorrect - Question 27 of 60
27. Question
You need to import several hundred megabytes of data from a local Oracle database to an Amazon RDS DB instance. What does AWS recommend to use to accomplish this?
CorrectHow you import data into an Amazon RDS DB instance depends on the amount of data you have and the number and variety of database objects in your database. For example. you can use Oracle SQL Developer to import a simple. 20 MB database: you want to use Oracle Data Pump to import complex databases or databases that are several hundred megabytes or several terabytes in size.
LEARN MORE: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Oracle.Procedural.Importing.htmlIncorrectHow you import data into an Amazon RDS DB instance depends on the amount of data you have and the number and variety of database objects in your database. For example. you can use Oracle SQL Developer to import a simple. 20 MB database: you want to use Oracle Data Pump to import complex databases or databases that are several hundred megabytes or several terabytes in size.
LEARN MORE: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Oracle.Procedural.Importing.html - Question 28 of 60
28. Question
You have just discovered that you can upload your objects to Amazon S3 using Multipart Upload API. You start to test it out and but are unsure of the benefits that it would provide. Which of the following is not a benefit of using multipart uploads?
CorrectIncorrect - Question 29 of 60
29. Question
How do you secure company critical data on S3 ? (choose 4 correct answers)
CorrectIncorrect - Question 30 of 60
30. Question
How to secure data on rest in EBS ?
CorrectIncorrect - Question 31 of 60
31. Question
You have a photo selling website where you have a library of photos on S3. You noticed that there are some websites that are showing the link to your S3 photos. How do you restrict sites like these using your S3 photos link ?
CorrectIncorrect - Question 32 of 60
32. Question
How do you ensure that the data has been saved properly in S3 ?
CorrectIncorrect - Question 33 of 60
33. Question
In which of the following cases should you use SQS – Simple
Queue Service (chose 2 correct answers)CorrectIncorrect - Question 34 of 60
34. Question
How do you ensure that the data has been saved properly in S3 ?
(chose 1 correct answers)CorrectIncorrect - Question 35 of 60
35. Question
You are running an application on an EC2 and now you want to
add another EC2 for your application that requires a high bandwidth
connect with the existing EC2. Where should you launch your EC2 in
this case ? (chose 1 correct answers)CorrectIncorrect - Question 36 of 60
36. Question
Where should you use SWF – Simple Workflow Service ? (chose 2 correct answers)
CorrectIncorrect - Question 37 of 60
37. Question
What services are required for Auto Scaling ? (chose 2 correct answers)
CorrectIncorrect - Question 38 of 60
38. Question
Which of the following AWS services facilitate the implementation of loosely coupled architectures? (choose 2)
CorrectIncorrect - Question 39 of 60
39. Question
Your web service has a performance SLA to respond to requests in < 1 second. Under normal and heavy operations. distributing requests over four instances meets this SLA. What architecture ensures high availability and fault-tolerant operation of your service if an AZ becomes unreachable ?
CorrectIncorrect - Question 40 of 60
40. Question
A cell phone company is running dynamic-content television commercials for a contest. They want their website to handle traffic spikes that come after a commercial airs. The website is interactive, offering personalized content to each visitor based on location. purchase history. and the current commercial airing. Which architecture will configure Auto Scaling to scale out to respond to spikes of demand. while minimizing costs during quiet periods?
CorrectIncorrect - Question 41 of 60
41. Question
For an application running in ap-northeast-1 with three Availability Zones ( ap-northeast-la , ap-northeast-1b , and ap-northeast-1c ) . which instance deployment provides high availability for the application that normally requires nine running Amazon EC2 instances but can run on a minimum of 65% capacity while Auto Scaling launches replacement instances in the remaining Availability Zones?
CorrectIncorrect - Question 42 of 60
42. Question
Which of the following are characteristics of the Auto Scaling service on AWS? (choose 3)
CorrectIncorrect - Question 43 of 60
43. Question
An Amazon EC2 instance is launched. and an Elastic IP address (EIP) is associated with the instance. How can an application running on the Amazon EC2 instance determine the instance’s new public DNS name?
CorrectIncorrect - Question 44 of 60
44. Question
What happens to an Amazon RDS multi-AZ deployment if the primary DB instance fails? (choose 3)
CorrectIncorrect - Question 45 of 60
45. Question
To maximize I/O throughput and consistency on an Amazon EC2 instance running a database on several Amazon EBS volumes. you should deploy using: (choose 2)
CorrectIncorrect - Question 46 of 60
46. Question
Your AWS Account Administrator left your company today The Administrator had access to the Master account and a personal IAM Administrator account. With these accounts he generated other IAM accounts and keys. Which of the following should you do today to protect your AWS infrastructure? (Choose 3)
CorrectIncorrect - Question 47 of 60
47. Question
You have deployed an instance in a subnet in your VPC. What steps below will allow access to Amazon
CorrectIncorrect - Question 48 of 60
48. Question
Your company has confidential information that, according to security policies, must be stored in an encrypted format Which of the following services provide an encryption feature? (Choose 3)
CorrectIncorrect - Question 49 of 60
49. Question
Which of the following actions can be controlled with IAM policies? (Choose 3)
CorrectIncorrect - Question 50 of 60
50. Question
You have a publicly facing web application where users self-register to sign up for an account. The account shares static objects with authenticated users of your application You want to store this content on Amazon S3 and make it available only to properly authorized users over the web. What is the most cost-effective and performant method for achieving this?
CorrectIncorrect - Question 51 of 60
51. Question
You have an existing VPC with the default routing table. and several Linux instances running a single subnet. You launch a Windows instance from an Amazon-provided AMI in the same subnet. using the same security group. The Windows instance is running. but you cannot connect to it via RDP. However, you can connect to the Linux instances via SSH, and from there can successfully ping the Windows instance. What is the likely problem?
CorrectIncorrect - Question 52 of 60
52. Question
You have just discovered that you can upload your objects to Amazon S3 using Multipart Upload API. You start to test it out and but are unsure of the benefits that it would provide. Which of the following is not a benefit of using multipart uploads?
CorrectMultipart upload in Amazon S3 allows you to upload a single object as a set of parts. Each part is a contiguous portion of the object’s data. You can upload these object parts independently and in any order. If transmission of any part fails. you can retransmit that part without affecting other parts. After all parts of your object are uploaded. Amazon S3 assembles these parts and creates the object. In general. when your object size reaches 100 MB. you should consider using multipart uploads instead of uploading the object in a single operation. Using multipart upload provides the following advantages:
1. Improved throughput-You can upload parts in parallel to improve throughput.
2. Quick recovery from any network issues-Smaller part size minimizes the impact of restarting a failed upload due to a network error.
3. Pause and resume object uploads-You can upload object parts over time. Once you initiate a multipart upload there is no expiry: you must explicitly complete or abort the multipart upload.
4. Begin an upload before you know the final object size-You can upload an object as you are creating it.IncorrectMultipart upload in Amazon S3 allows you to upload a single object as a set of parts. Each part is a contiguous portion of the object’s data. You can upload these object parts independently and in any order. If transmission of any part fails. you can retransmit that part without affecting other parts. After all parts of your object are uploaded. Amazon S3 assembles these parts and creates the object. In general. when your object size reaches 100 MB. you should consider using multipart uploads instead of uploading the object in a single operation. Using multipart upload provides the following advantages:
1. Improved throughput-You can upload parts in parallel to improve throughput.
2. Quick recovery from any network issues-Smaller part size minimizes the impact of restarting a failed upload due to a network error.
3. Pause and resume object uploads-You can upload object parts over time. Once you initiate a multipart upload there is no expiry: you must explicitly complete or abort the multipart upload.
4. Begin an upload before you know the final object size-You can upload an object as you are creating it. - Question 53 of 60
53. Question
One of the criteria for a new deployment is that the customer wants to use AWS Storage Gateway. However you are not sure whether you should use gateway-cached volumes or gateway-stored volumes or even what the differences are. Which statement below best describes those differences?
CorrectAWS Storage Gateway offers two volume-based storage solutions, gateway-cached volumes and gateway-stored volumes. The gateway-cached solution lets you create storage volumes and mount them as Internet Small Computer System Interface (iSCSI) devices from your on-premises application servers. In this solution. the gateway stores data you write to your gateway-cached volume in Amazon Simple Storage Service (Amazon S3) and stores only a cache of frequently accessed data on your on-premises storage hardware. The gateway-stored solution lets you store all your data locally in storage volumes on your on-premises storage hardware. In this solution, the gateway periodically takes snapshots as incremental backups and stores them in Amazon S3.
LEARN MORE: http://docs.aws.amazon.com/storagegatewaylatest/userguide/volume-gateway.htmlIncorrectAWS Storage Gateway offers two volume-based storage solutions, gateway-cached volumes and gateway-stored volumes. The gateway-cached solution lets you create storage volumes and mount them as Internet Small Computer System Interface (iSCSI) devices from your on-premises application servers. In this solution. the gateway stores data you write to your gateway-cached volume in Amazon Simple Storage Service (Amazon S3) and stores only a cache of frequently accessed data on your on-premises storage hardware. The gateway-stored solution lets you store all your data locally in storage volumes on your on-premises storage hardware. In this solution, the gateway periodically takes snapshots as incremental backups and stores them in Amazon S3.
LEARN MORE: http://docs.aws.amazon.com/storagegatewaylatest/userguide/volume-gateway.html - Question 54 of 60
54. Question
A user is assigning an elastic IP to an instance when the instance is booted. The user is running AWS CLI inside instance to assign the IP. The AWS CLI requires the AWS credentials to execute the action. Which of the below mentioned options is a possible solution to achieve the above task without compromising on the AWS credentials security?
CorrectA user can create a specific IAM user which will have access only to the required API. In this case the user can assign I P related permissions to the user. Generate credentials for that user and use it inside the application. The IAM role is the best solution for this. However, the option mentions using the IAM role credentials which is not possible.
LEARN MORE: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.htmlIncorrectA user can create a specific IAM user which will have access only to the required API. In this case the user can assign I P related permissions to the user. Generate credentials for that user and use it inside the application. The IAM role is the best solution for this. However, the option mentions using the IAM role credentials which is not possible.
LEARN MORE: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html - Question 55 of 60
55. Question
You need to set up security for your VPC and you know that Amazon VPC provides two features that you can use to increase security for your VPC. Security groups and Network access control lists (ACLs). You start to look into Security groups first. Which statement below is incorrect in relation to Security groups?
CorrectAmazon VPC provides two features that you can use to increase security for your VPC: Security groups-Act as a firewall for associated Amazon EC2 instances. controlling both inbound and outbound traffic at the instance level and supports allow rules only Network access control lists (ACLs)-Act as a firewall for associated subnets. controlling both inbound and outbound traffic at the subnet level and supports allow rules and deny rules
LEARN MORE: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuideNPC Security.htmlIncorrectAmazon VPC provides two features that you can use to increase security for your VPC: Security groups-Act as a firewall for associated Amazon EC2 instances. controlling both inbound and outbound traffic at the instance level and supports allow rules only Network access control lists (ACLs)-Act as a firewall for associated subnets. controlling both inbound and outbound traffic at the subnet level and supports allow rules and deny rules
LEARN MORE: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuideNPC Security.html - Question 56 of 60
56. Question
After setting up a data streaming service for a media corporation they are complaining about their data limits being exceeded so you begin to investigate. What happens if the capacity limits of an Amazon Kinesis stream are exceeded while the data producer puts data into the stream?
CorrectAmazon Kinesis is a fully managed streaming data service. You can continuously put various types of data such as clickstreams. application logs, and social media into an Amazon Kinesis stream from hundreds of thousands of sources. Within seconds. the data will be available for your Amazon Kinesis Applications to read and process from the stream. The capacity limits of an Amazon Kinesis stream are defined by the number of shards within the streamThe limits can be exceeded by either data throughput or the number of put data transactions. While the capacity limits are exceeded. the put data transaction will be rejected with a ProvisionedThroughputExceeded exception. If this is due to a temporary rise of the stream’s input data rate. retry by the data producer will eventually lead to completion of the requests. If this is due to a sustained rise of the stream’s input data rate, you should increase the number of shards within your stream to provide enough capacity for the put data transactions to consistently succeed. In both cases. Amazon Cloud Watch metrics allow you to learn about the change of the stream’s input data rate and the occurrence of ProvisionedThroughputExceeded exceptions.
LEARN MORE: http://aws.amazon.com/kinesis/faqs/IncorrectAmazon Kinesis is a fully managed streaming data service. You can continuously put various types of data such as clickstreams. application logs, and social media into an Amazon Kinesis stream from hundreds of thousands of sources. Within seconds. the data will be available for your Amazon Kinesis Applications to read and process from the stream. The capacity limits of an Amazon Kinesis stream are defined by the number of shards within the streamThe limits can be exceeded by either data throughput or the number of put data transactions. While the capacity limits are exceeded. the put data transaction will be rejected with a ProvisionedThroughputExceeded exception. If this is due to a temporary rise of the stream’s input data rate. retry by the data producer will eventually lead to completion of the requests. If this is due to a sustained rise of the stream’s input data rate, you should increase the number of shards within your stream to provide enough capacity for the put data transactions to consistently succeed. In both cases. Amazon Cloud Watch metrics allow you to learn about the change of the stream’s input data rate and the occurrence of ProvisionedThroughputExceeded exceptions.
LEARN MORE: http://aws.amazon.com/kinesis/faqs/ - Question 57 of 60
57. Question
As AWS grows most of of your clients main concerns seem to be about security especially when all of their competitors seem to be using AWS also. Consequently one of your clients asks you if one of your competitors EC2 instances are on the same physical host would that make it easier for them to hack into your data. Which of the following statements would be the best choice to put your clients mind at rest?
CorrectAmazon Elastic Compute Cloud (EC2) is a key component in Amazon’s Infrastructure as a Service (laaS), providing resizable computing capacity using server instances in AWS’s data centers. Amazon EC2 is designed to make web-scale computing easier by enabling you to obtain and configure capacity with minimal friction. You create and launch instances, which are collections of platform hardware and software. Different instances running on the same physical machine are isolated from each other via the Xen hypervisor. Amazon is active in the Xen community. which provides awareness of the latest developments. In addition, the AWS firewall resides within the hypervisor layer. between the physical network interface and the instance’s virtual interface. All packets must pass through this layer. thus an instance’s neighbors have no more access to that instance than any other host on the Internet and can be treated as if they are on separate physical hosts. The physical RAM is separated using similar mechanisms.
LEARN MORE: http://d0.awsstatic.com/whitepapers/Security/AWS%20Security%20Whitepaper.pdfIncorrectAmazon Elastic Compute Cloud (EC2) is a key component in Amazon’s Infrastructure as a Service (laaS), providing resizable computing capacity using server instances in AWS’s data centers. Amazon EC2 is designed to make web-scale computing easier by enabling you to obtain and configure capacity with minimal friction. You create and launch instances, which are collections of platform hardware and software. Different instances running on the same physical machine are isolated from each other via the Xen hypervisor. Amazon is active in the Xen community. which provides awareness of the latest developments. In addition, the AWS firewall resides within the hypervisor layer. between the physical network interface and the instance’s virtual interface. All packets must pass through this layer. thus an instance’s neighbors have no more access to that instance than any other host on the Internet and can be treated as if they are on separate physical hosts. The physical RAM is separated using similar mechanisms.
LEARN MORE: http://d0.awsstatic.com/whitepapers/Security/AWS%20Security%20Whitepaper.pdf - Question 58 of 60
58. Question
You configured ELB to perform health checks on EC2 instances. If
an instance fails to pass health checks, which statement will be true?
(chose 1 correct answers)CorrectIncorrect - Question 59 of 60
59. Question
What are the characteristics of Dynamo DB ? (chose 3 correct answers)
CorrectIncorrect - Question 60 of 60
60. Question
You have a business critical application that requires it to be
highly available with 6 instances always running. What should you do
to achieve this ? (chose 3 correct answers)CorrectIncorrect
Leave a Reply