Aws Solution Architect

Welcome to download the Newest 2passeasy AWS-Solution-Architect-Associate dumps
https://www.2passeasy.com/dumps/AWS-Solution-Architect-Associate/ (615 New Questions)
Exam Questions AWS-Solution-Architect-Associate

Amazon AWS Certified Solutions Architect - Associate
https://www.2passeasy.com/dumps/AWS-Solution-Architect-Associate/
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

NEW QUESTION 1
In Amazon EC2 Container Service components, what is the name of a logical grouping of container instances on which you can place tasks?
A. A cluster
B. A container instance
C. A container
D. A task definition
Answer: A
Explanation:
Amazon ECS contains the following components:
A Cluster is a logical grouping of container instances that you can place tasks on.
A Container instance is an Amazon EC2 instance that is running the Amazon ECS agent and has been registered into a cluster.
A Task definition is a description of an application that contains one or more container definitions. A Scheduler is the method used for placing tasks on container
instances.
A Service is an Amazon ECS service that allows you to run and maintain a specified number of instances of a task definition simultaneously.
A Task is an instantiation of a task definition that is running on a container instance. A Container is a Linux container that was created as part of a task.
Reference: http://docs.aws.amazon.com/AmazonECS/latest/developerguide/Welcome.html
NEW QUESTION 2
Amazon EBS provides the ability to create backups of any Amazon EC2 volume into what is known as
A. snapshots
B. images
C. instance backups
D. mirrors
Answer: A
Explanation:
Amazon allows you to make backups of the data stored in your EBS volumes through snapshots that can later be used to create a new EBS volume.
Reference: http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/Storage.htmI
NEW QUESTION 3
After you recommend Amazon Redshift to a client as an alternative solution to paying data warehouses to analyze his data, your client asks you to explain why you
are recommending Redshift. Which of the following would be a reasonable response to his request?
A. It has high performance at scale as data and query complexity grows.

B. It prevents reporting and analytic processing from interfering with the performance of OLTP workloads.
C. You don't have the administrative burden of running your own data warehouse and dealing with setup, durability, monitoring, scaling, and patching.
D. All answers listed are a reasonable response to his QUESTION
Answer: D
Explanation:
Amazon Redshift delivers fast query performance by using columnar storage technology to improve I/O efficiency and parallelizing queries across multiple nodes.
Redshift uses standard PostgreSQL JDBC and ODBC drivers, allowing you to use a wide range of familiar SQL clients. Data load speed scales linearly with cluster
size, with integrations to Amazon S3, Amazon DynamoDB, Amazon Elastic MapReduce,
Amazon Kinesis or any SSH-enabled host.
AWS recommends Amazon Redshift for customers who have a combination of needs, such as: High performance at scale as data and query complexity grows
Desire to prevent reporting and analytic processing from interfering with the performance of OLTP workloads
Large volumes of structured data to persist and query using standard SQL and existing BI tools Desire to the administrative burden of running one's own data
warehouse and dealing with setup, durability, monitoring, scaling and patching
Reference: https://aws.amazon.com/running_databases/#redshift_anchor
NEW QUESTION 4
A user is launching an EC2 instance in the US East region. Which of the below mentioned options is recommended by AWS with respect to the selection of the
availability zone?
A. Always select the AZ while launching an instance

B. Always select the US-East-1-a zone for HA
C. Do not select the AZ; instead let AWS select the AZ
D. The user can never select the availability zone while launching an instance
Answer: C
Explanation:
When launching an instance with EC2, AWS recommends not to select the availability zone (AZ). AWS specifies that the default Availability Zone should be
accepted. This is because it enables AWS to select the best Availability Zone based on the system health and available capacity. If the user launches additional
instances, only then an Availability Zone should be specified. This is to specify the same or different AZ from the running instances.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html
NEW QUESTION 5
A user is storing a large number of objects on AWS S3. The user wants to implement the search functionality among the objects. How can the user achieve this?
A. Use the indexing feature of S3.

B. Tag the objects with the metadata to search on that.

C. Use the query functionality of S3.
D. Make your own DB system which stores the S3 metadata for the search functionalit
Answer: D
Explanation:
In Amazon Web Services, AWS S3 does not provide any query facility. To retrieve a specific object the user needs to know the exact bucket / object key. In this
case it is recommended to have an own DB system which manages the S3 metadata and key mapping.
Reference: http://media.amazonwebservices.com/AWS_Storage_Options.pdf
NEW QUESTION 6
You are looking at ways to improve some existing infrastructure as it seems a lot of engineering resources are being taken up with basic management and
monitoring tasks and the costs seem to be excessive.
You are thinking of deploying Amazon E|asticCache to help. Which of the following statements is true in regards to EIasticCache?
A. You can improve load and response times to user actions and queries however the cost associated with scaling web applications will be more.
B. You can't improve load and response times to user actions and queries but you can reduce the cost associated with scaling web applications.
C. You can improve load and response times to user actions and queries however the cost associated with scaling web applications will remain the same.
D. You can improve load and response times to user actions and queries and also reduce the cost associated with scaling web applications.
Answer: D
Explanation:
Amazon EIastiCache is a web service that makes it easy to deploy and run Memcached or Redis protocol-compliant server nodes in the cloud. Amazon
EIastiCache improves the performance of web applications by allowing you to retrieve information from a fast, managed, in-memory caching system, instead of
relying entirely on slower disk-based databases. The service simplifies and offloads the management, monitoring and operation of in-memory cache environments,
enabling your engineering resources to focus on developing applications.
Using Amazon EIastiCache, you can not only improve load and response times to user actions and queries, but also reduce the cost associated with scaling web
applications.
Reference: https://aws.amazon.com/eIasticache/faqs/
NEW QUESTION 7
Your supervisor has asked you to build a simple file synchronization service for your department. He doesn't want to spend too much money and he wants to be
notified of any changes to files by email. What do you think would be the best Amazon service to use for the email solution?
A. Amazon SES
B. Amazon CIoudSearch
C. Amazon SWF
D. Amazon AppStream
Answer: A
Explanation:
File change notifications can be sent via email to users following the resource with Amazon Simple Email Service (Amazon SES), an easy-to-use, cost-effective
email solution.
Reference: http://media.amazonwebservices.com/architecturecenter/AWS_ac_ra_fiIesync_08.pdf
NEW QUESTION 8
Amazon EC2 provides a . It is an HTTP or HTTPS request that uses the HTTP verbs GET or POST.
A. web database
B. .net framework
C. Query API
D. C library
Answer: C
Explanation:
Amazon EC2 provides a Query API. These requests are HTTP or HTTPS requests that use the HTTP verbs GET or POST and a Query parameter named Action.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/APIReference/making-api-requests.html
NEW QUESTION 9
In Amazon AWS, which of the following statements is true of key pairs?
A. Key pairs are used only for Amazon SDKs.

B. Key pairs are used only for Amazon EC2 and Amazon CIoudFront.
C. Key pairs are used only for Elastic Load Balancing and AWS IAM.
D. Key pairs are used for all Amazon service
Answer: B
Explanation:
Key pairs consist of a public and private key, where you use the private key to create a digital signature, and then AWS uses the corresponding public key to
validate the signature. Key pairs are used only for Amazon EC2 and Amazon CIoudFront.
Reference: http://docs.aws.amazon.com/generaI/latest/gr/aws-sec-cred-types.html

NEW QUESTION 10
A user has created an EBS volume with 1000 IOPS. What is the average IOPS that the user will get for most of the year as per EC2 SLA if the instance is attached
to the EBS optimized instance?
A. 950
B. 990
C. 1000
D. 900
Answer: D
Explanation:
As per AWS SLA if the instance is attached to an EBS-Optimized instance, then the Provisioned IOPS volumes are designed to deliver within 10% of the
provisioned IOPS performance 99.9% of the time in a given year. Thus, if the user has created a volume of 1000 IOPS, the user will get a minimum 900 IOPS
99.9% time of the year.
Reference: http://aws.amazon.com/ec2/faqs/
NEW QUESTION 10
You need to migrate a large amount of data into the cloud that you have stored on a hard disk and you decide that the best way to accomplish this is with AWS
Import/Export and you mail the hard disk to AWS. Which of the following statements is incorrect in regards to AWS Import/Export?
A. It can export from Amazon S3

B. It can Import to Amazon Glacier
C. It can export from Amazon Glacier.
D. It can Import to Amazon EBS
Answer: C
Explanation:
AWS Import/Export supports: Import to Amazon S3
Export from Amazon S3 Import to Amazon EBS Import to Amazon Glacier
AWS Import/Export does not currently support export from Amazon EBS or Amazon Glacier. Reference:
https://docs.aws.amazon.com/AWSImportExport/Iatest/DG/whatisdisk.html
NEW QUESTION 11
A user wants to use an EBS-backed Amazon EC2 instance for a temporary job. Based on the input data, the job is most likely to finish within a week. Which of the
following steps should be followed to terminate the instance automatically once the job is finished?
A. Configure the EC2 instance with a stop instance to terminate it.

B. Configure the EC2 instance with ELB to terminate the instance when it remains idle.
C. Configure the CIoudWatch alarm on the instance that should perform the termination action once the instance is idle.
D. Configure the Auto Scaling schedule actMty that terminates the instance after 7 day
Answer: C
Explanation:
Auto Scaling can start and stop the instance at a pre-defined time. Here, the total running time is unknown. Thus, the user has to use the CIoudWatch alarm, which
monitors the CPU utilization. The user can create an alarm that is triggered when the average CPU utilization percentage has been lower than 10 percent
for 24 hours, signaling that it is idle and no longer in use. When the utilization is below the threshold limit, it will terminate the instance as a part of the instance
action.
Reference: http://docs.aws.amazon.com/AmazonCIoudWatch/|atest/Deve|operGuide/UsingAIarmActions.html
NEW QUESTION 13
Which of the following is true of Amazon EC2 security group?
A. You can modify the outbound rules for EC2-Classic.

B. You can modify the rules for a security group only if the security group controls the traffic for just one instance.
C. You can modify the rules for a security group only when a new instance is created.
D. You can modify the rules for a security group at any tim
Answer: D
Explanation:
A security group acts as a virtual firewall that controls the traffic for one or more instances. When you launch an instance, you associate one or more security
groups with the instance. You add rules to each security group that allow traffic to or from its associated instances. You can modify the rules for a security group at
any time; the new rules are automatically applied to all instances that are associated with the security group.
Reference: http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/using-network-security.htmI
NEW QUESTION 17
In Amazon EC2, partial instance-hours are billed .
A. per second used in the hour

B. per minute used
C. by combining partial segments into full hours
D. as full hours
Answer: D

Explanation:
Partial instance-hours are billed to the next hour. Reference: http://aws.amazon.com/ec2/faqs/
NEW QUESTION 18
You have been asked to build a database warehouse using Amazon Redshift. You know a little about it, including that it is a SQL data warehouse solution, and
uses industry standard ODBC and JDBC connections and PostgreSQL drivers. However you are not sure about what sort of storage it uses for database tables.
What sort of storage does Amazon Redshift use for database tables?
A. InnoDB Tables
B. NDB data storage
C. Columnar data storage
D. NDB CLUSTER Storage
Answer: C
Explanation:
Amazon Redshift achieves efficient storage and optimum query performance through a combination of massively parallel processing, columnar data storage, and
very efficient, targeted data compression encoding schemes.
Columnar storage for database tables is an important factor in optimizing analytic query performance because it drastically reduces the overall disk I/O
requirements and reduces the amount of data you need to load from disk.
Reference: http://docs.aws.amazon.com/redshift/latest/dg/c_co|umnar_storage_disk_mem_mgmnt.html
NEW QUESTION 21
Which of the below mentioned options is not available when an instance is launched by Auto Scaling with EC2 Classic?
A. Public IP
B. Elastic IP
C. Private DNS
D. Private IP
Answer: B
Explanation:
Auto Scaling supports both EC2 classic and EC2-VPC. When an instance is launched as a part of EC2 classic, it will have the public IP and DNS as well as the
private IP and DNS.
Reference: http://docs.aws.amazon.com/AutoScaIing/latest/DeveIoperGuide/GettingStartedTutoriaI.html
NEW QUESTION 26
You have been given a scope to deploy some AWS infrastructure for a large organisation. The requirements are that you will have a lot of EC2 instances but may
need to add more when the average utilization of your Amazon EC2 fileet is high and conversely remove them when CPU utilization is low. Which AWS services
would be best to use to accomplish this?
A. Auto Scaling, Amazon CIoudWatch and AWS Elastic Beanstalk

B. Auto Scaling, Amazon CIoudWatch and Elastic Load Balancing.
C. Amazon CIoudFront, Amazon CIoudWatch and Elastic Load Balancing.
D. AWS Elastic Beanstalk , Amazon CIoudWatch and Elastic Load Balancin
Answer: B
Explanation:
Auto Scaling enables you to follow the demand curve for your applications closely, reducing the need to manually provision Amazon EC2 capacity in advance. For
example, you can set a condition to add new
Amazon EC2 instances in increments to the Auto Scaling group when the average utilization of your Amazon EC2 fileet is high; and similarly, you can set a
condition to remove instances in the same increments when CPU utilization is low. If you have predictable load changes, you can set a schedule through Auto
Scaling to plan your scaling actMties. You can use Amazon CIoudWatch to send alarms to trigger scaling actMties and Elastic Load Balancing to help distribute
traffic to your instances within Auto Scaling groups. Auto Scaling enables you to run your Amazon EC2 fileet at optimal utilization. Reference:
http://aws.amazon.com/autoscaIing/
NEW QUESTION 28
You are building infrastructure for a data warehousing solution and an extra request has come through that there will be a lot of business reporting queries running
all the time and you are not sure if your current DB instance will be able to handle it. What would be the best solution for this?
A. DB Parameter Groups
B. Read Replicas
C. Multi-AZ DB Instance deployment
D. Database Snapshots
Answer: B
Explanation:
Read Replicas make it easy to take advantage of MySQL’s built-in replication functionality to elastically scale out beyond the capacity constraints of a single DB
Instance for read-heavy database workloads. There are a variety of scenarios where deploying one or more Read Replicas for a given source DB Instance may
make sense. Common reasons for deploying a Read Replica include:
Scaling beyond the compute or I/O capacity of a single DB Instance for read-heavy database workloads. This excess read traffic can be directed to one or more
Read Replicas.
Serving read traffic while the source DB Instance is unavailable. If your source DB Instance cannot take I/O requests (e.g. due to I/O suspension for backups or
scheduled maintenance), you can direct read traffic to your Read RepIica(s). For this use case, keep in mind that the data on the Read Replica may be "staIe"
since the source DB Instance is unavailable.
Business reporting or data warehousing scenarios; you may want business reporting queries to run against a Read Replica, rather than your primary, production

DB Instance.
Reference: https://aws.amazon.com/rds/faqs/
NEW QUESTION 29
Much of your company's data does not need to be accessed often, and can take several hours for retrieval time, so it's stored on Amazon Glacier. However
someone within your organization has expressed concerns that his data is more sensitive than the other data, and is wondering whether the high
level of encryption that he knows is on S3 is also used on the much cheaper Glacier service. Which of the following statements would be most applicable in
regards to this concern?
A. There is no encryption on Amazon Glacier, that's why it is cheaper.

B. Amazon Glacier automatically encrypts the data using AES-128 a lesser encryption method than Amazon S3 but you can change it to AES-256 if you are willing
to pay more.
C. Amazon Glacier automatically encrypts the data using AES-256, the same as Amazon S3.
D. Amazon Glacier automatically encrypts the data using AES-128 a lesser encryption method than Amazon S3.
Answer: C
Explanation:
Like Amazon S3, the Amazon Glacier service provides low-cost, secure, and durable storage. But where S3 is designed for rapid retrieval, Glacier is meant to be
used as an archival service for data that is not accessed often, and for which retrieval times of several hours are suitable.
Amazon Glacier automatically encrypts the data using AES-256 and stores it durably in an immutable form. Amazon Glacier is designed to provide average annual
durability of 99.999999999% for an archive. It stores each archive in multiple facilities and multiple devices. Unlike traditional systems which can require laborious
data verification and manual repair, Glacier performs regular, systematic data integrity checks, and is built to be automatically self-healing.
Reference: http://d0.awsstatic.com/whitepapers/Security/AWS%20Security%20Whitepaper.pdf
NEW QUESTION 33
You need to set up a complex network infrastructure for your organization that will be reasonably easy to deploy, replicate, control, and track changes on. Which
AWS service would be best to use to help you accomplish this?
A. AWS Import/Export
B. AWS CIoudFormation
C. Amazon Route 53
D. Amazon CIoudWatch
Answer: B
Explanation:
AWS CIoudFormation is a service that helps you model and set up your Amazon Web Services resources so that you can spend less time managing those
resources and more time focusing on your applications that run in AWS. You create a template that describes all the AWS resources that you want (like Amazon
EC2 instances or Amazon RDS DB instances), and AWS CIoudFormation takes care of provisioning and configuring those resources for you. You don't need to
indMdually create and configure AWS resources
and figure out what's dependent on what. AWS CIoudFormation handles all of that.
Reference: http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/WeIcome.htmI
NEW QUESTION 36
Which of the following AWS CLI commands is syntactically incorrect?
1. $ aws ec2 describe-instances
2. $ aws ec2 start-instances --instance-ids i-1348636c
3. $ aws sns publish --topic-arn arn:aws:sns:us-east-1:546419318123:OperationsError -message "Script Failure"
4. $ aws sqs receive-message --queue-urI https://queue.amazonaws.com/546419318123/Test
A. 3
B. 4
C. 2
D. 1
Answer: A
Explanation:
The following CLI command is missing a hyphen before "-message".
aws sns publish --topic-arn arn:aws:sns:us-east-1:546419318123:OperationsError -message "Script Failure"
It has been added below in red
aws sns publish --topic-arn arn:aws:sns:us-east-1:546419318123:OperationsError ---message "Script Failure"
Reference: http://aws.amazon.com/c|i/
NEW QUESTION 41
An organization has developed a mobile application which allows end users to capture a photo on their mobile device, and store it inside an application. The
application internally uploads the data to AWS S3. The organization wants each user to be able to directly upload data to S3 using their Google ID. How will the
mobile app allow this?
A. Use the AWS Web identity federation for mobile applications, and use it to generate temporary security credentials for each user.
B. It is not possible to connect to AWS S3 with a Google ID.
C. Create an IAM user every time a user registers with their Google ID and use IAM to upload files to S3.
D. Create a bucket policy with a condition which allows everyone to upload if the login ID has a Google part to it.
Answer: A
Explanation:
For Amazon Web Services, the Web identity federation allows you to create cloud-backed mobile apps that use public identity providers, such as login with

Facebook, Google, or Amazon. It will create temporary security credentials for each user, which will be authenticated by the AWS services, such as S3.
Reference: http://docs.aws.amazon.com/STS/latest/UsingSTS/CreatingWIF.htmI
NEW QUESTION 46
Once again your customers are concerned about the security of their sensitive data and with their latest enquiry ask about what happens to old storage devices on
AWS. What would be the best answer to this QUESTION ?
A. AWS reformats the disks and uses them again.

B. AWS uses the techniques detailed in DoD 5220.22-M to destroy data as part of the decommissioning process.
C. AWS uses their own proprietary software to destroy data as part of the decommissioning process.
D. AWS uses a 3rd party security organization to destroy data as part of the decommissioning proces
Answer: B
Explanation:
When a storage device has reached the end of its useful life, AWS procedures include a decommissioning process that is designed to prevent customer data from
being exposed to unauthorized indMduals.
AWS uses the techniques detailed in DoD 5220.22-M ("Nationa| Industrial Security Program Operating ManuaI ") or NIST 800-88 ("GuideIines for Media
Sanitization") to destroy data as part of the decommissioning process.
All decommissioned magnetic storage devices are degaussed and physically destroyed in accordance
with industry-standard practices.
Reference: http://d0.awsstatic.com/whitepapers/Security/AWS%20Security%20Whitepaper.pdf
NEW QUESTION 49
Your company has been storing a lot of data in Amazon Glacier and has asked for an inventory of what is in there exactly. So you have decided that you need to
download a vault inventory. Which of the following statements is incorrect in relation to Vault Operations in Amazon Glacier?
A. You can use Amazon Simple Notification Service (Amazon SNS) notifications to notify you when the job completes.
B. A vault inventory refers to the list of archives in a vault.
C. You can use Amazon Simple Queue Service (Amazon SQS) notifications to notify you when the job completes.
D. Downloading a vault inventory is an asynchronous operatio
Answer: C
Explanation:
Amazon Glacier supports various vault operations.
A vault inventory refers to the list of archives in a vault. For each archive in the list, the inventory provides archive information such as archive ID, creation date,
and size. Amazon Glacier updates the vault inventory approximately once a day, starting on the day the first archive is uploaded to the vault. A vault inventory
must exist for you to be able to download it.
Downloading a vault inventory is an asynchronous operation. You must first initiate a job to download the inventory. After receMng the job request, Amazon Glacier
prepares your inventory for download. After the job completes, you can download the inventory data.
Given the asynchronous nature of the job, you can use Amazon Simple Notification Service (Amazon SNS) notifications to notify you when the job completes. You
can specify an Amazon SNS topic for each indMdual job request or configure your vault to send a notification when specific vault events occur. Amazon Glacier
prepares an inventory for each vault periodically, every 24 hours. If there have been no archive additions or deletions to the vault since the last inventory, the
inventory date is not updated. When you initiate a job for a vault inventory, Amazon Glacier returns the last inventory it generated, which is a point-in-time snapshot
and not real-time data. You might not find it useful to retrieve vault inventory for each archive upload. However, suppose you maintain a database on the client-side
associating metadata about the archives you upload to Amazon Glacier. Then, you might find the vault inventory useful to reconcile information in your database
with the actual vault inventory.
Reference: http://docs.aws.amazon.com/amazongIacier/latest/dev/working-with-vaults.html
NEW QUESTION 50
A customer enquires about whether all his data is secure on AWS and is especially concerned about Elastic Map Reduce (EMR) so you need to inform him of
some of the security features in place for AWS. Which of the below statements would be an incorrect response to your customers enquiry?
A. Amazon ENIR customers can choose to send data to Amazon S3 using the HTTPS protocol for secure transmission.
B. Amazon S3 provides authentication mechanisms to ensure that stored data is secured against unauthorized access.
C. Every packet sent in the AWS network uses Internet Protocol Security (IPsec).
D. Customers may encrypt the input data before they upload it to Amazon S3.
Answer: C
Explanation:
Amazon S3 provides authentication mechanisms to ensure that stored data is secured against unauthorized access. Unless the customer who is uploading the
data specifies otherwise, only that customer can access the data. Amazon EMR customers can also choose to send data to Amazon S3
using the HTTPS protocol for secure transmission. In addition, Amazon EMR always uses HTTPS to send data between Amazon S3 and Amazon EC2. For added
security, customers may encrypt the input data before they upload it to Amazon S3 (using any common data compression tool); they then need to add a decryption
step to the beginning of their cluster when Amazon EMR fetches the data from Amazon S3. Reference: https://aws.amazon.com/elasticmapreduce/faqs/
NEW QUESTION 51
You need to measure the performance of your EBS volumes as they seem to be under performing. You have come up with a measurement of 1,024 KB I/O but
your colleague tells you that EBS volume performance is measured in IOPS. How many IOPS is equal to 1,024 KB I/O?
A. 16
B. 256
C. 8
D. 4
Answer: D

Explanation:
Several factors can affect the performance of Amazon EBS volumes, such as instance configuration, I/O characteristics, workload demand, and storage
configuration.
IOPS are input/output operations per second. Amazon EBS measures each I/O operation per second
(that is 256 KB or smaller) as one IOPS. I/O operations that are larger than 256 KB are counted in 256 KB capacity units.
For example, a 1,024 KB I/O operation would count as 4 IOPS.
When you provision a 4,000 IOPS volume and attach it to an EBS-optimized instance that can provide the necessary bandwidth, you can transfer up to 4,000
chunks of data per second (provided that the I/O does not exceed the 128 MB/s per volume throughput limit of General Purpose (SSD) and Provisioned IOPS
(SSD) volumes).
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSPerformance.htmI
NEW QUESTION 54
Having set up a website to automatically be redirected to a backup website if it fails, you realize that there are different types of failovers that are possible. You
need all your resources to be available the majority of the time. Using Amazon Route 53 which configuration would best suit this requirement?
A. Active-active failover.
B. Non
C. Route 53 can't failover.
D. Active-passive failover.
E. Active-active-passive and other mixed configuration
Answer: A
Explanation:
You can set up a variety of failover configurations using Amazon Route 53 alias: weighted, latency, geolocation routing, and failover resource record sets.
Active-active failover: Use this failover configuration when you want all of your resources to be available the majority of the time. When a resource becomes
unavailable, Amazon Route 53 can detect that it's unhealthy and stop including it when responding to queries.
Active-passive failover: Use this failover configuration when you want a primary group of resources to be available the majority of the time and you want a
secondary group of resources to be on standby in case all of the primary resources become unavailable. When responding to queries, Amazon Route 53 includes
only the healthy primary resources. If all of the primary resources are unhealthy, Amazon Route 53 begins to include only the healthy secondary resources in
response to DNS queries.
Active-active-passive and other mixed configurations: You can combine alias and non-alias resource record sets to produce a variety of Amazon Route 53
behaviors.
Reference: http://docs.aws.amazon.com/Route53/Iatest/DeveIoperGuide/dns-failover.html
NEW QUESTION 59
You decide that you need to create a number of Auto Scaling groups to try and save some money as you have noticed that at certain times most of your EC2
instances are not being used. By default, what is the maximum number of Auto Scaling groups that AWS will allow you to create?
A. 12
B. Unlimited
C. 20
D. 2
Answer: C
Explanation:
Auto Scaling is an AWS service that allows you to increase or decrease the number of EC2 instances within your appIication's architecture. With Auto Scaling, you
create collections of EC2 instances, called Auto Scaling groups. You can create these groups from scratch, or from existing EC2 instances that are already in
production.
Reference: http://docs.aws.amazon.com/general/latest/gr/aws_service_|imits.htm|#Iimits_autoscaIing
NEW QUESTION 63
Does AWS CIoudFormation support Amazon EC2 tagging?
A. Yes, AWS CIoudFormation supports Amazon EC2 tagging

B. No, CIoudFormation doesn’t support any tagging
C. No, it doesn’t support Amazon EC2 tagging.
D. It depends if the Amazon EC2 tagging has been defined in the templat
Answer: A
Explanation:
In AWS CIoudFormation, Amazon EC2 resources that support the tagging feature can also be tagged in an AWS template. The tag values can refer to template
parameters, other resource names, resource attribute values (e.g. addresses), or values computed by simple functions (e.g., a concatenated list of strings).
Reference: http://aws.amazon.com/c|oudformation/faqs/
NEW QUESTION 67
Amazon S3 allows you to set per-file permissions to grant read and/or write access. However you have decided that you want an entire bucket with 100 files
already in it to be accessible to the public. You don't want to go through 100 files indMdually and set permissions. What would be the best way to do this?
A. Move the bucket to a new region

B. Add a bucket policy to the bucket.
C. Move the files to a new bucket.
D. Use Amazon EBS instead of S3
Answer: B
Explanation:

Amazon S3 supports several mechanisms that give you filexibility to control who can access your data as well as how, when, and where they can access it.
Amazon S3 provides four different access control mechanisms: AWS Identity and Access Management (IAM) policies, Access Control Lists (ACLs), bucket
policies, and query string authentication. IAM enables organizations to create and manage multiple users under a single AWS account. With IAM policies, you can
grant IAM users fine-grained control to your Amazon S3 bucket or objects. You can use ACLs to selectively add (grant) certain permissions on indMdual objects.
Amazon S3 bucket policies can be used to add or deny permissions across some or all of the objects within a single bucket.
With Query string authentication, you have the ability to share Amazon S3 objects through URLs that are
valid for a specified period of time.
Reference: http://aws.amazon.com/s3/detai|s/#security
NEW QUESTION 70
Which of the following statements is true of creating a launch configuration using an EC2 instance?
A. The launch configuration can be created only using the Query APIs.
B. Auto Scaling automatically creates a launch configuration directly from an EC2 instance.
C. A user should manually create a launch configuration before creating an Auto Scaling group.
D. The launch configuration should be created manually from the AWS CL
Answer: B
Explanation:
You can create an Auto Scaling group directly from an EC2 instance. When you use this feature, Auto Scaling automatically creates a launch configuration for you
as well.
Reference:
http://docs.aws.amazon.com/AutoScaling/latest/DeveIoperGuide/create-Ic-with-instancelD.htmI
NEW QUESTION 75
A user has created an application which will be hosted on EC2. The application makes calls to DynamoDB to fetch certain data. The application is using the
DynamoDB SDK to connect with from the EC2 instance. Which of the below mentioned statements is true with respect to the best practice for security in this
scenario?
A. The user should create an IAM user with DynamoDB access and use its credentials within the application to connect with DynamoDB
B. The user should attach an IAM role with DynamoDB access to the EC2 instance
C. The user should create an IAM role, which has EC2 access so that it will allow deploying the application
D. The user should create an IAM user with DynamoDB and EC2 acces
E. Attach the user with the application so that it does not use the root account credentials
Answer: B
Explanation:
With AWS IAM a user is creating an application which runs on an EC2 instance and makes requests to
AWS, such as DynamoDB or S3 calls. Here it is recommended that the user should not create an IAM user and pass the user's credentials to the application or
embed those credentials inside the application. Instead, the user should use roles for EC2 and give that role access to DynamoDB /S3. When the roles are
attached to EC2, it will give temporary security credentials to the application hosted on that EC2, to connect with DynamoDB / S3.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_WorkingWithGroupsAndUsers.htmI
NEW QUESTION 79
You are building a system to distribute confidential documents to employees. Using CIoudFront, what method could be used to serve content that is stored in S3,
but not publically accessible from S3 directly?
A. Add the CIoudFront account security group "amazon-cf/amazon-cf-sg" to the appropriate S3 bucket policy.
B. Create a S3 bucket policy that lists the C|oudFront distribution ID as the Principal and the target bucket as the Amazon Resource Name (ARN).
C. Create an Identity and Access Management (IAM) User for CIoudFront and grant access to the objects in your S3 bucket to that IAM User.
D. Create an Origin Access Identity (OAI) for CIoudFront and grant access to the objects in your S3 bucket to that OAI.
Answer: D
Explanation:
You restrict access to Amazon S3 content by creating an origin access identity, which is a special CIoudFront user. You change Amazon S3 permissions to give
the origin access identity permission to access your objects, and to remove permissions from everyone else. When your users access your Amazon S3 objects
using CIoudFront URLs, the CIoudFront origin access identity gets the objects on your users' behalf. If your users try to access objects using Amazon S3 URLs,
they're denied access. The origin access identity has permission to access objects in your Amazon S3 bucket, but users don't. Reference:
http://docs.aws.amazon.com/AmazonCIoudFront/latest/Deve|operGuide/private-content-restricting-acces s-to-s3.htmI
NEW QUESTION 84
Which one of the following answers is not a possible state of Amazon CIoudWatch Alarm?
A. INSUFFICIENT_DATA
B. ALARM
C. OK
D. STATUS_CHECK_FAILED
Answer: D
Explanation:
Amazon CIoudWatch Alarms have three possible states: OK: The metric is within the defined threshold ALARM: The metric is outside of the defined threshold
INSUFFICIENT_DATA: The alarm has just started, the metric is not available, or not enough data is available for the metric to determine the alarm state
Reference: http://docs.aws.amazon.com/AmazonCIoudWatch/latest/DeveloperGuide/AlarmThatSendsEmaiI.html

NEW QUESTION 88
A user is planning to launch a scalable web application. Which of the below mentioned options will not affect the latency of the application?
A. Region.
B. Provisioned IOPS.
C. Availability Zone.
D. Instance siz
Answer: C
Explanation:
In AWS, the instance size decides the I/O characteristics. The provisioned IOPS ensures higher throughput, and lower latency. The region does affect the latency;
latency will always be less when the instance is near to the end user. Within a region the user uses any AZ and this does not affect the latency. The AZ is mainly
for fault toleration or HA.
Reference: http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf
NEW QUESTION 90
Name the disk storage supported by Amazon Elastic Compute Cloud (EC2).
A. None of these
B. Amazon AppStream store
C. Amazon SNS store
D. Amazon Instance Store
Answer: D
Explanation:
Amazon EC2 supports the following storage options: Amazon Elastic Block Store (Amazon EBS) Amazon EC2 Instance Store Amazon Simple Storage Service
(Amazon S3)
Reference: http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/Storage.html
NEW QUESTION 95
A scope has been handed to you to set up a super fast gaming server and you decide that you will use Amazon DynamoDB as your database. For efficient access
to data in a table, Amazon DynamoDB creates and maintains indexes for the primary key attributes. A secondary index is a data structure that contains a subset of
attributes from a table, along with an alternate key to support Query operations. How many types of secondary indexes does DynamoDB support?
A. 2
B. 16
C. 4
D. As many as you nee
Answer: A
Explanation:
DynamoDB supports two types of secondary indexes:
Local secondary index — an index that has the same hash key as the table, but a different range key. A local secondary index is "IocaI" in the sense that every
partition of a local secondary index is scoped to a table partition that has the same hash key.
Global secondary index — an index with a hash and range key that can be different from those on the table. A global secondary index is considered "gIobaI"
because queries on the index can span all of the data in a table, across all partitions.
Reference: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Secondarylndexes.html
NEW QUESTION 96
A user has set up the CIoudWatch alarm on the CPU utilization metric at 50%, with a time interval of 5 minutes and 10 periods to monitor. What will be the state of
the alarm at the end of 90 minutes, if the CPU utilization is constant at 80%?
A. ALERT
B. ALARM
C. OK
D. INSUFFICIENT_DATA
Answer: B
Explanation:
In this case the alarm watches a metric every 5 minutes for 10 intervals. Thus, it needs at least 50 minutes to come to the "OK" state.
Till then it will be in the |NSUFFUCIENT_DATA state.
Since 90 minutes have passed and CPU utilization is at 80% constant, the state of alarm will be "ALARNI". Reference:
http://docs.aws.amazon.com/AmazonCIoudWatch/latest/DeveloperGuide/AlarmThatSendsEmaiI.html
NEW QUESTION 99
You need to set up security for your VPC and you know that Amazon VPC provides two features that you can use to increase security for your VPC: security
groups and network access control lists (ACLs). You have already looked into security groups and you are now trying to understand ACLs. Which statement below
is incorrect in relation to ACLs?
A. Supports allow rules and deny rules.

B. Is stateful: Return traffic is automatically allowed, regardless of any rules.
C. Processes rules in number order when deciding whether to allow traffic.
D. Operates at the subnet level (second layer of defense).
Answer:

Explanation:
Amazon VPC provides two features that you can use to increase security for your VPC:
Security groups—Act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level
Network access control lists (ACLs)—Act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level
Security groups are stateful: (Return traffic is automatically allowed, regardless of any rules) Network ACLs are stateless: (Return traffic must be explicitly allowed
by rules)
Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Security.html
NEW QUESTION 102

You have multiple VPN connections and want to provide secure communication between sites using the AWS VPN CIoudHub. Which statement is the most
accurate in describing what you must do to set this up correctly?
A. Create a virtual private gateway with multiple customer gateways, each with unique Border Gateway Protocol (BGP) Autonomous System Numbers (ASNs)
B. Create a virtual private gateway with multiple customer gateways, each with a unique set of keys
C. Create a virtual public gateway with multiple customer gateways, each with a unique Private subnet
D. Create a virtual private gateway with multiple customer gateways, each with unique subnet id
Answer: A
Explanation:
If you have multiple VPN connections, you can provide secure communication between sites using the AWS VPN CIoudHub. The VPN CIoudHub operates on a
simple hub-and-spoke model that you can use with or without a VPC. This design is suitable for customers with multiple branch offices and existing Internet
connections who'd like to implement a convenient, potentially low-cost hub-and-spoke model for primary or backup connectMty between these remote offices.
To use the AWS VPN CIoudHub, you must create a virtual private gateway with multiple customer
gateways, each with unique Border Gateway Protocol (BGP) Autonomous System Numbers (ASNs). Customer gateways advertise the appropriate routes (BGP
prefixes) over their VPN connections. These routing advertisements are received and re-advertised to each BGP peer, enabling each site to send data to and
receive data from the other sites. The routes for each spoke must have unique ASNs and the sites must not have overlapping IP ranges. Each site can also send
and receive data from the VPC as if they were using a standard VPN connection.
Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPN_CIoudHub.htmI
NEW QUESTION 104

Which one of the below is not an AWS Storage Service?
A. Amazon S3
B. Amazon Glacier
C. Amazon CIoudFront
D. Amazon EBS
Answer: C
Explanation:
AWS Storage Services are: Amazon S3
Amazon Glacier Amazon EBS
AWS Storage Gateway
Reference: https://consoIe.aws.amazon.com/console
NEW QUESTION 107

Regarding Amazon Route 53, if your application is running on Amazon EC2 instances in two or more Amazon EC2 regions and if you have more than one Amazon
EC2 instance in one or more regions, you can use to route traffic to the correct region and then use to route traffic to instances
within the region, based on probabilities that you specify.
A. weighted-based routing; alias resource record sets

B. latency-based routing; weighted resource record sets
C. weighted-based routing; weighted resource record sets
D. latency-based routing; alias resource record sets
Answer: B
Explanation:
Regarding Amazon Route 53, if your application is running on Amazon EC2 instances in two or more Amazon EC2 regions, and if you have more than one
Amazon EC2 instance in one or more regions, you can use latency-based routing to route traffic to the correct region and then use weighted resource record sets
to route traffic to instances within the region based on weights that you specify.
Reference: http://docs.aws.amazon.com/Route53/Iatest/DeveIoperGuide/Tutorials.html
NEW QUESTION 109

A user is currently building a website which will require a large number of instances in six months, when a demonstration of the new site will be given upon launch.
Which of the below mentioned options allows the user to procure the resources beforehand so that they need not worry about infrastructure availability during the
demonstration?
A. Procure all the instances as reserved instances beforehand.

B. Launch all the instances as part of the cluster group to ensure resource availability.
C. Pre-warm all the instances one month prior to ensure resource availability.
D. Ask AWS now to procure the dedicated instances in 6 month
Answer: A
Explanation:

Amazon Web Services has massive hardware resources at its data centers, but they are finite. The best way for users to maximize their access to these resources
is by reserving a portion of the computing capacity that they require. This can be done through reserved instances. With reserved instances, the user literally
reserves the computing capacity in the Amazon Web Services cloud.
Reference: http://media.amazonwebservices.com/AWS_Building_FauIt_To|erant_AppIications.pdf
NEW QUESTION 110

You receive a bill from AWS but are confused because you see you are incurring different costs for the exact same storage size in different regions on Amazon S3.
You ask AWS why this is so. What response would you expect to receive from AWS?
A. We charge less in different time zones.

B. We charge less where our costs are less.
C. This will balance out next bill.
D. It must be a mistak
Answer: B
Explanation:
Amazon S3 is storage for the internet. |t’s a simple storage service that offers software developers a highly-scalable, reliable, and low-latency data storage
infrastructure at very low costs.
AWS charges less where their costs are less.
For example, their costs are lower in the US Standard Region than in the US West (Northern California) Region.
Reference: https://aws.amazon.com/s3/faqs/
NEW QUESTION 112

What is the default maximum number of Access Keys per user?
A. 10
B. 15
C. 2
D. 20
Answer: C
Explanation:
The default maximum number of Access Keys per user is 2.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.htmI
NEW QUESTION 113

Doug has created a VPC with CIDR 10.201.0.0/16 in his AWS account. In this VPC he has created a public subnet with CIDR block 10.201.31.0/24. While
launching a new EC2 from the console, he is not able to assign the private IP address 10.201.31.6 to this instance. Which is the most likely reason for this issue?
A. Private IP address 10.201.31.6 is blocked via ACLs in Amazon infrastructure as a part of platform security.
B. Private address IP 10.201.31.6 is currently assigned to another interface.
C. Private IP address 10.201.31.6 is not part of the associated subnet's IP address range.
D. Private IP address 10.201.31.6 is reserved by Amazon for IP networking purpose
Answer: B
Explanation:
In Amazon VPC, you can assign any Private IP address to your instance as long as it is: Part of the associated subnet's IP address range
Not reserved by Amazon for IP networking purposes Not currently assigned to another interface Reference: http://aws.amazon.com/vpc/faqs/
NEW QUESTION 116

Which of the following statements is true of tagging an Amazon EC2 resource?
A. You don't need to specify the resource identifier while terminating a resource.
B. You can terminate, stop, or delete a resource based solely on its tags.
C. You can't terminate, stop, or delete a resource based solely on its tags.
D. You don't need to specify the resource identifier while stopping a resourc
Answer: C
Explanation:
You can assign tags only to resources that already exist. You can't terminate, stop, or delete a resource based solely on its tags; you must specify the resource
identifier.
Reference: http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/Using_Tags.html
NEW QUESTION 121

You have three Amazon EC2 instances with Elastic IP addresses in the US East (Virginia) region, and you want to distribute requests across all three IPs evenly
for users for whom US East (Virginia) is the appropriate region.
How many EC2 instances would be sufficient to distribute requests in other regions?
A. 3
B. 9
C. 2
D. 1
Answer:

Explanation:
If your application is running on Amazon EC2 instances in two or more Amazon EC2 regions, and if you have more than one Amazon EC2 instance in one or more
regions, you can use latency-based routing to route traffic to the correct region and then use weighted resource record sets to route traffic to instances within the
region based on weights that you specify.
For example, suppose you have three Amazon EC2 instances with Elastic IP addresses in the US East (Virginia) region and you want to distribute requests across
all three IPs evenly for users for whom US East (Virginia) is the appropriate region. Just one Amazon EC2 instance is sufficient in the other regions, although you
can apply the same technique to many regions at once.
NEW QUESTION 125

In Amazon EC2, what is the limit of Reserved Instances per Availability Zone each month?
A. 5
B. 20
C. 50
D. 10
Answer: B
Explanation:
There are 20 Reserved Instances per Availability Zone in each month.
Reference: http://docs.aws.amazon.com/generaI/latest/gr/aws_service_Iimits.html
NEW QUESTION 130

You have just finshed setting up an advertisement server in which one of the obvious choices for a service was Amazon Elastic Map Reduce( EMR) and are now
troubleshooting some weird cluster states that you are seeing. Which of the below is not an Amazon EMR cluster state?
A. STARTING
B. STOPPED
C. RUNNING
D. WAITING
Answer: B
Explanation:
Amazon Elastic Map Reduce (EMR) is a web service that enables businesses, researchers, data analysts, and developers to easily and cost-effectively process
vast amounts of data.
Amazon EMR historically referred to an Amazon EMR cluster (and all processing steps assigned to it) as a "c|uster". Every cluster has a unique identifier that
starts with "j-".
The different cluster states of an Amazon EMR cluster are listed below. STARTING — The cluster provisions, starts, and configures EC2 instances.
BOOTSTRAPPING — Bootstrap actions are being executed on the cluster. RUNNING — A step for the cluster is currently being run.
WAITING — The cluster is currently active, but has no steps to run. TERMINATING - The cluster is in the process of shutting down. TERMINATED - The cluster
was shut down without error. TERMINATED_W|TH_ERRORS - The cluster was shut down with errors.
Reference: https://aws.amazon.com/elasticmapreduce/faqs/
NEW QUESTION 135

Is it possible to get a history of all EC2 API calls made on your account for security analysis and operational troubleshooting purposes?
A. Yes, by default, the history of your API calls is logged.

B. Yes, you should turn on the CIoudTraiI in the AWS console.
C. No, you can only get a history of VPC API calls.
D. No, you cannot store history of EC2 API calls on Amazon.
Answer: B
Explanation:
To get a history of all EC2 API calls (including VPC and EBS) made on your account, you simply turn on C|oudTrai| in the AWS Management Console.
Reference: https://aws.amazon.com/ec2/faqs/
NEW QUESTION 139

What happens to Amazon EBS root device volumes, by default, when an instance terminates?
A. Amazon EBS root device volumes are moved to IAM.

B. Amazon EBS root device volumes are copied into Amazon RDS.
C. Amazon EBS root device volumes are automatically deleted.
D. Amazon EBS root device volumes remain in the database until you delete the
Answer: C
Explanation:
By default, Amazon EBS root device volumes are automatically deleted when the instance terminates. Reference:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html
NEW QUESTION 144

Mike is appointed as Cloud Consultant in Netcrak Inc. Netcrak has the following VPCs set-up in the US East Region:

A VPC with CIDR block 10.10.0.0/16, a subnet in that VPC with CIDR block 10.10.1.0/24 A VPC with CIDR block 10.40.0.0/16, a subnet in that VPC with CIDR
block 10.40.1.0/24
Netcrak Inc is trying to establish network connection between two subnets, a subnet with CIDR block 10.10.1.0/24 and another subnet with CIDR block
10.40.1.0/24. Which one of the following solutions should Mke recommend to Netcrak Inc?
A. Create 2 Virtual Private Gateways and configure one with each VPC.
B. Create one EC2 instance in each subnet, assign Elastic IPs to both instances, and configure a set up Site-to-Site VPN connection between both EC2 instances.
C. Create a VPC Peering connection between both VPCs.
D. Create 2 Internet Gateways, and attach one to each VP
Answer: C
Explanation:
A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IP addresses. EC2
instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your own
VPCs, or with a VPC in another AWS account within a single region.
AWS uses the existing infrastructure of a VPC to create a VPC peering connection; it is neither a gateway nor a VPN connection, and does not rely on a separate
piece of physical hardware.
Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-peering.htm|
NEW QUESTION 147

How many types of block devices does Amazon EC2 support?
A. 4
B. 5
C. 2
D. 1
Answer: C
Explanation:
Amazon EC2 supports 2 types of block devices. Reference:
http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html
NEW QUESTION 148

You are setting up some IAM user policies and have also become aware that some services support resource-based permissions, which let you attach policies to
the service's resources instead of to IAM users or groups. Which of the below statements is true in regards to resource-level permissions?
A. All services support resource-level permissions for all actions.

B. Resource-level permissions are supported by Amazon CIoudFront
C. All services support resource-level permissions only for some actions.
D. Some services support resource-level permissions only for some action
Answer: D
Explanation:
AWS Identity and Access Management is a web service that enables Amazon Web Services (AWS) customers to manage users and user permissions in AWS.
The service is targeted at organizations with multiple users or systems that use AWS products such as Amazon EC2, Amazon RDS, and the AWS Management
Console. With IAM, you can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users can
access.
In addition to supporting IAM user policies, some services support resource-based permissions, which let you attach policies to the service's resources instead of
to IAM users or groups. Resource-based permissions are supported by Amazon S3, Amazon SNS, and Amazon SQS.
The resource-level permissions service supports IAM policies in which you can specify indMdual resources using Amazon Resource Names (ARNs) in the poIicy's
Resource element.
Some services support resource-level permissions only for some actions.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_SpecificProducts.html
NEW QUESTION 149

You have created a Route 53 latency record set from your domain to a machine in Northern Virginia and a similar record to a machine in Sydney.
When a user located in U S visits your domain he will be routed to:
A. Northern Virginia
B. Sydney
C. Both, Northern Virginia and Sydney
D. Depends on the Weighted Resource Record Sets
Answer: A
Explanation:
If your application is running on Amazon EC2 instances in two or more Amazon EC2 regions, and if you have more than one Amazon EC2 instance in one or more
regions, you can use latency-based routing to route traffic to the correct region and then use weighted resource record sets to route traffic to instances within the
region based on weights that you specify.
For example, suppose you have three Amazon EC2 instances with Elastic IP addresses in the US East (Virginia) region and you want to distribute requests across
all three IPs evenly for users for whom US East (Virginia) is the appropriate region. Just one Amazon EC2 instance is sufficient in the other regions, although you
can apply the same technique to many regions at once.
NEW QUESTION 153

A for a VPC is a collection of subnets (typically private) that you may want to designate for your backend RDS DB Instances.

A. DB Subnet Set
B. RDS Subnet Group
C. DB Subnet Group
D. DB Subnet Collection
Answer: C
Explanation:
DB Subnet Groups are a set of subnets (one per Availability Zone of a particular region) designed for your DB instances that reside in a VPC. They make easy to
manage Multi-AZ deployments as well as the conversion from a Single-AZ to a Mut|i-AZ one.
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.RDSVPC.htmI
NEW QUESTION 156

An organization has a statutory requirement to protect the data at rest for the S3 objects. Which of the below mentioned options need not be enabled by the
organization to achieve data security?
A. MFA delete for S3 objects

B. Client side encryption
C. Bucket versioning
D. Data replication
Answer: D
Explanation:
AWS S3 provides multiple options to achieve the protection of data at REST. The options include Permission (Policy), Encryption (Client and Server Side), Bucket
Versioning and MFA based delete. The user can enable any of these options to achieve data protection. Data replication is an internal facility by AWS where S3
replicates each object across all the Availability Zones and the organization need not
enable it in this case.
Reference: http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf
NEW QUESTION 160

In Amazon Elastic Compute Cloud, which ofthe following is used for communication between instances in the same network (EC2-Classic or a VPC)?
A. Private IP addresses
B. Elastic IP addresses
C. Static IP addresses
D. Public IP addresses
Answer: A
Explanation:
A private IP address is an IP address that's not reachable over the Internet. You can use private IP addresses for communication between instances in the same
network (EC2-Classic or a VPC). Reference:
http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/using-instance-addressing.htmI
NEW QUESTION 165

AWS Identity and Access Management is a web service that enables Amazon Web Services (AWS) customers to manage users and user permissions in AWS. In
addition to supporting IAM user policies, some services support resource-based permissions. Which of the following services are supported by
resource-based permissions?
A. Amazon SNS, and Amazon SQS and AWS Direct Connect.

B. Amazon S3 and Amazon SQS and Amazon EIastiCache.
C. Amazon S3, Amazon SNS, Amazon SQS, Amazon Glacier and Amazon EBS.
D. Amazon Glacier, Amazon SNS, and Amazon CIoudWatch
Answer: C
Explanation:
In addition to supporting IAM user policies, some services support resource-based permissions, which let you attach policies to the service's resources instead of
to IAM users or groups. Resource-based permissions are supported by Amazon S3, Amazon SNS, Amazon SQS, Amazon Glacier and Amazon EBS.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_SpecificProducts.htm|
NEW QUESTION 170

Content and IV|edia Server is the latest requirement that you need to meet for a client.
The client has been very specific about his requirements such as low latency, high availability, durability, and access control. Potentially there will be millions of
views on this server and because of "spiky" usage patterns, operations teams will need to provision static hardware, network, and management resources to
support the maximum expected need. The Customer base will be initially low but is expected to grow and become more geographically distributed.
Which of the following would be a good solution for content distribution?
A. Amazon S3 as both the origin server and for caching

B. AWS Storage Gateway as the origin server and Amazon EC2 for caching
C. AWS CIoudFront as both the origin server and for caching
D. Amazon S3 as the origin server and Amazon CIoudFront for caching
Answer: D
Explanation:
As your customer base grows and becomes more geographically distributed, using a high- performance edge cache like Amazon CIoudFront can provide

substantial improvements in latency, fault tolerance, and cost.

By using Amazon S3 as the origin server for the Amazon CIoudFront distribution, you gain the advantages of fast in-network data transfer rates, simple
publishing/caching workflow, and a unified security framework.
Amazon S3 and Amazon CIoudFront can be configured by a web service, the AWS Management Console, or a host of third-party management tools.
Reference:http://media.amazonwebservices.com/architecturecenter/AWS_ac_ra_media_02.pdf
NEW QUESTION 175

You are setting up your first Amazon Virtual Private Cloud (Amazon VPC) network so you decide you should probably use the AWS Management Console and the
VPC Wizard. Which of the following is not an option for network architectures after launching the "Start VPC Wizard" in Amazon VPC page on the AWS
Management Console?
A. VPC with a Single Public Subnet Only

B. VPC with a Public Subnet Only and Hardware VPN Access
C. VPC with Public and Private Subnets and Hardware VPN Access
D. VPC with a Private Subnet Only and Hardware VPN Access
Answer: B
Explanation:
Amazon VPC enables you to build a virtual network in the AWS cloud - no VPNs, hardware, or physical datacenters required.
Your AWS resources are automatically provisioned in a ready-to-use default VPC. You can choose to create additional VPCs by going to Amazon VPC page on
the AWS Management Console and click on the "Start VPC Wizard" button.
You’II be presented with four basic options for network architectures. After selecting an option, you can modify the size and IP address range of the VPC and its
subnets. If you select an option with Hardware VPN Access, you will need to specify the IP address of the VPN hardware on your network. You can modify the
VPC to add more subnets or add or remove gateways at any time after the VPC has been created.
The four options are:
VPC with a Single Public Subnet Only VPC with Public and Private Subnets
VPC with Public and Private Subnets and Hardware VPN Access VPC with a Private Subnet Only and Hardware VPN Access Reference:
https://aws.amazon.com/vpc/faqs/
NEW QUESTION 177

Which one of the below doesn't affect Amazon CIoudFront billing?
A. Distribution Type
B. Data Transfer Out
C. Dedicated IP SSL Certificates
D. Requests
Answer: A
Explanation:
Amazon CIoudFront is a web service for content delivery. C|oudFront delivers your content using a global network of edge locations and works seamlessly with
Amazon S3 which durably stores the original and definitive versions of your files.
Amazon CIoudFront billing is maily affected by Data Transfer Out
Edge Location Traffic Distribution Requests
Dedicated IP SSL Certificates
Reference: http://calcu|ator.s3.amazonaws.com/index.htmI
NEW QUESTION 178

Your company has multiple IT departments, each with their own VPC. Some VPCs are located within the same AWS account, and others in a different AWS
account. You want to peer together all VPCs to enable the IT departments to have full access to each others' resources. There are certain limitations placed on
VPC peering. Which of the following statements is incorrect in relation to VPC peering?
A. Private DNS values cannot be resolved between instances in peered VPCs.

B. You can have up to 3 VPC peering connections between the same two VPCs at the same time.
C. You cannot create a VPC peering connection between VPCs in different regions.
D. You have a limit on the number active and pending VPC peering connections that you can have per VPC.
Answer: B
Explanation:
To create a VPC peering connection with another VPC, you need to be aware of the following limitations and rules:
You cannot create a VPC peering connection between VPCs that have matching or overlapping CIDR blocks.
You cannot create a VPC peering connection between VPCs in different regions.
You have a limit on the number active and pending VPC peering connections that you can have per VPC. VPC peering does not support transitive peering
relationships; in a VPC peering connection, your VPC will not have access to any other VPCs that the peer VPC may be peered with. This includes VPC peering
connections that are established entirely within your own AWS account.
You cannot have more than one VPC peering connection between the same two VPCs at the same time. The Maximum Transmission Unit (MTU) across a VPC
peering connection is 1500 bytes.
A placement group can span peered VPCs; however, you will not get full-bisection bandwidth between instances in peered VPCs.
Unicast reverse path forwarding in VPC peering connections is not supported.
You cannot reference a security group from the peer VPC as a source or destination for ingress or egress rules in your security group. Instead, reference CIDR
blocks of the peer VPC as the source or destination of your security group's ingress or egress rules.
Private DNS values cannot be resolved between instances in peered VPCs. Reference:
http://docs.aws.amazon.com/AmazonVPC/Iatest/PeeringGuide/vpc-peering-overview.htmI#vpc-peering-Ii mitations
NEW QUESTION 182

You are architecting a highly-scalable and reliable web application which will have a huge amount of content .You have decided to use Cloudfront as you know it
will speed up distribution of your static and dynamic web content and know that Amazon C|oudFront integrates with Amazon CIoudWatch metrics so that you can

monitor your web application. Because you live in Sydney you have chosen the the Asia Pacific (Sydney) region in the AWS console. However you have set up
this up but no CIoudFront metrics seem to be appearing in the CIoudWatch console. What is the most likely reason from the possible choices below for this?
A. Metrics for CIoudWatch are available only when you choose the same region as the application you aremonitoring.
B. You need to pay for CIoudWatch for it to become active.
C. Metrics for CIoudWatch are available only when you choose the US East (
D. Virginia)
E. Metrics for CIoudWatch are not available for the Asia Pacific region as ye
Answer: C
Explanation:
CIoudFront is a global service, and metrics are available only when you choose the US East (N. Virginia) region in the AWS console. If you choose another region,
no CIoudFront metrics will appear in the CIoudWatch console.
Reference:
http://docs.aws.amazon.com/AmazonCIoudFront/latest/Deve|operGuide/monitoring-using-cloudwatch.ht ml
NEW QUESTION 185

A friend wants you to set up a small BitTorrent storage area for him on Amazon S3. You tell him it is highly unlikely that AWS would allow such a thing in their
infrastructure. However you decide to investigate. Which of the following statements best describes using BitTorrent with Amazon S3?
A. Amazon S3 does not support the BitTorrent protocol because it is used for pirated software.
B. You can use the BitTorrent protocol but only for objects that are less than 100 GB in size.
C. You can use the BitTorrent protocol but you need to ask AWS for specific permissions first.
D. You can use the BitTorrent protocol but only for objects that are less than 5 GB in siz
Answer: D
Explanation:
BitTorrent is an open, peer-to-peer protocol for distributing files. You can use the BitTorrent protocol to retrieve any publicly-accessible object in Amazon S3.
Amazon S3 supports the BitTorrent protocol so that developers can save costs when distributing content at high scale. Amazon S3 is useful for simple, reliable
storage of any data. The default distribution mechanism for Amazon S3 data is via client/server download. In client/server distribution, the entire object is
transferred point-to-point from Amazon S3 to every authorized user who requests that object. While client/server delivery is appropriate for a wide variety of use
cases, it is not optimal for everybody. Specifically, the costs of client/server distribution increase linearly as the number of users downloading objects increases.
This can make it expensive to distribute popular objects.
BitTorrent addresses this problem by recruiting the very clients that are downloading the object as distributors themselves: Each client downloads some pieces of
the object from Amazon S3 and some from other clients, while simultaneously uploading pieces of the same object to other interested "peers." The benefit for
publishers is that for large, popular files the amount of data actually supplied by Amazon S3 can be substantially lower than what it would have been sewing the
same clients via client/server download. Less data transferred means lower costs for the publisher of the object.
Reference: http://docs.aws.amazon.com/AmazonS3/latest/dev/S3Torrent.html
NEW QUESTION 186

After a major security breach your manager has requested a report of all users and their credentials in AWS. You discover that in IAM you can generate and
download a credential report that lists all users in your account and the status of their various credentials, including passwords, access keys, MFA devices,
and signing certificates. Which following statement is incorrect in regards to the use of credential reports?
A. Credential reports are downloaded XML files.

B. You can get a credential report using the AWS Management Console, the AWS CLI, or the IAM API.
C. You can use the report to audit the effects of credential lifecycle requirements, such as password rotation.
D. You can generate a credential report as often as once every four hour
Answer: A
Explanation:
To access your AWS account resources, users must have credentials.
You can generate and download a credential report that lists all users in your account and the status of their various credentials, including passwords, access
keys, MFA devices, and signing certificates. You can get a credential report using the AWS Management Console, the AWS CLI, or the IAM API.
You can use credential reports to assist in your auditing and compliance efforts. You can use the report to audit the effects of credential lifecycle requirements,
such as password rotation. You can provide the report to an external auditor, or grant permissions to an auditor so that he or she can download the report directly.
You can generate a credential report as often as once every four hours. When you request a report, IAM first checks whether a report for the account has been
generated within the past four hours. If so, the most recent report is downloaded. If the most recent report for the account is more than four hours old, or if there
are no previous reports for the account, IAM generates and downloads a new report.
Credential reports are downloaded as comma-separated values (CSV) files.
You can open CSV files with common spreadsheet software to perform analysis, or you can build an application that consumes the CSV files programmatically and
performs custom analysis. Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html
NEW QUESTION 191

In the most recent company meeting, your CEO focused on the fact that everyone in the organization needs to make sure that all of the infrastructure that is built is
truly scalable. Which of the following statements is incorrect in reference to scalable architecture?
A. A scalable service is capable of handling heterogeneity.

B. A scalable service is resilient.
C. A scalable architecture won't be cost effective as it grows.
D. Increasing resources results in a proportional increase in performanc
Answer: C
Explanation:
In AWS it is critical to build a scalable architecture in order to take advantage of a scalable infrastructure. The cloud is designed to provide conceptually infinite
scalability. However, you cannot leverage all that scalability in infrastructure if your architecture is not scalable. Both have to work together. You will have to identify

the monolithic components and bottlenecks in your architecture, identify the areas where you cannot leverage the on-demand provisioning capabilities in your
architecture, and work to refactor your application, in order to leverage the scalable infrastructure and take advantage of the cloud.
Characteristics of a truly scalable application:
Increasing resources results in a proportional increase in performance A scalable service is capable of handling heterogeneity
A scalable service is operationally efficient A scalable service is resilient
A scalable service should become more cost effective when it grows (Cost per unit reduces as the number of units increases)
Reference: http://media.amazonwebservices.com/AWS_CIoud_Best_Practices.pdf
NEW QUESTION 193

A user has defined an AutoScaIing termination policy to first delete the instance with the nearest billing hour. AutoScaIing has launched 3 instances in the US-
East-1A region and 2 instances in the US-East-1 B region. One of the instances in the US-East-1B region is running nearest to the billing hour. Which instance will
AutoScaIing terminate first while executing the termination action?
A. Random Instance from US-East-1A

B. Instance with the nearest billing hour in US-East-1 B
C. Instance with the nearest billing hour in US-East-1A
D. Random instance from US-East-1B
Answer: C
Explanation:
Even though the user has configured the termination policy, before AutoScaIing selects an instance to terminate, it first identifies the Availability Zone that has
more instances than the other Availability Zones used by the group. Within the selected Availability Zone, it identifies the instance that matches the specified
termination policy.
Reference: http://docs.aws.amazon.com/AutoScaIing/latest/DeveIoperGuide/us-termination-policy.html
NEW QUESTION 198

A user has configured a website and launched it using the Apache web server on port 80. The user is using ELB with the EC2 instances for Load Balancing. What
should the user do to ensure that the EC2 instances accept requests only from ELB?
A. Configure the security group of EC2, which allows access to the ELB source security group
B. Configure the EC2 instance so that it only listens on the ELB port
C. Open the port for an ELB static IP in the EC2 security group
D. Configure the security group of EC2, which allows access only to the ELB listener
Answer: A
Explanation:
When a user is configuring ELB and registering the EC2 instances with it, ELB will create a source security group. If the user wants to allow traffic only from ELB,
he should remove all the rules set for the other requests and open the port only for the ELB source security group.
Reference:
http://docs.aws.amazon.com/EIasticLoadBaIancing/latest/DeveIoperGuide/using-elb-security-groups.htmI
NEW QUESTION 201

A user is planning a highly available application deployment with EC2. Which of the below mentioned options will not help to achieve HA?
A. Elastic IP address
B. PIOPS
C. AMI
D. Availability Zones
Answer: B
Explanation:
In Amazon Web Service, the user can achieve HA by deploying instances in multiple zones. The elastic IP helps the user achieve HA when one of the instances is
down but still keeps the same URL. The AM helps launching the new instance. The PIOPS is for the performance of EBS and does not help for HA. Reference:
http://media.amazonwebservices.com/AWS_Web_Hosting_Best_Practices.pdf
NEW QUESTION 206

After deploying a new website for a client on AWS, he asks if you can set it up so that if it fails it can be automatically redirected to a backup website that he has
stored on a dedicated server elsewhere. You are wondering whether Amazon Route 53 can do this. Which statement below is correct in regards to Amazon Route
53?
A. Amazon Route 53 can't help detect an outag

B. You need to use another service.
C. Amazon Route 53 can help detect an outage of your website and redirect your end users to alternate locations.
D. Amazon Route 53 can help detect an outage of your website but can't redirect your end users to alternate locations.
E. Amazon Route 53 can't help detect an outage of your website, but can redirect your end users to alternate locations.
Answer: B
Explanation:
With DNS Failover, Amazon Route 53 can help detect an outage of your website and redirect your end users to alternate locations where your application is
operating properly.
Reference:
http://aws.amazon.com/about-aws/whats-new/2013/02/11/announcing-dns-faiIover-for-route-53/
NEW QUESTION 207

In Route 53, what does a Hosted Zone refer to?
A. A hosted zone is a collection of geographical load balancing rules for Route 53.
B. A hosted zone is a collection of resource record sets hosted by Route 53.
C. A hosted zone is a selection of specific resource record sets hosted by CIoudFront for distribution to Route 53.
D. A hosted zone is the Edge Location that hosts the Route 53 records for a use
Answer: B
Explanation:
A Hosted Zone refers to a selection of resource record sets hosted by Route 53.
Reference: http://docs.aws.amazon.com/Route53/Iatest/DeveIoperGuide/AboutHostedZones.html
NEW QUESTION 212

While creating a network in the VPC, which of the following is true of a NAT device?
A. You have to administer the NAT Gateway Service provided by AWS.

B. You can choose to use any of the three kinds of NAT devices offered by AWS for special purposes.
C. You can use a NAT device to enable instances in a private subnet to connect to the Internet.
D. You are recommended to use AWS NAT instances over NAT gateways, as the instances provide better availability and bandwidth.
Answer: C
Explanation:
You can use a NAT device to enable instances in a private subnet to connect to the Internet (for example, for software updates) or other AWS services, but
prevent the Internet from initiating connections with the instances. AWS offers two kinds of NAT devices u a NAT gateway or a NAT instance. We recommend NAT
gateways, as they provide better availability and bandwidth over NAT instances. The NAT Gateway service is also a managed service that does not require your
administration efforts. A NAT instance is launched from a NAT AM. You can choose to use a NAT instance for special purposes.
Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat.html
NEW QUESTION 213

You need to create a management network using network interfaces for a virtual private cloud (VPC) network. Which of the following statements is incorrect
pertaining to Best Practices for Configuring Network Interfaces.
A. You can detach secondary (ethN) network interfaces when the instance is running or stoppe
B. However, you can't detach the primary (eth0) interface.
C. Launching an instance with multiple network interfaces automatically configures interfaces, private IP addresses, and route tables on the operating system of
the instance.
D. You can attach a network interface in one subnet to an instance in another subnet in the same VPC, however, both the network interface and the instance must
reside in the same Availability Zone.
E. Attaching another network interface to an instance is a valid method to increase or double the network bandwidth to or from the dual-homed instance
Answer: D
Explanation:
Best Practices for Configuring Network Interfaces
You can attach a network interface to an instance when it's running (hot attach), when it's stopped (warm attach), or when the instance is being launched (cold
attach).
You can detach secondary (ethN) network interfaces when the instance is running or stopped. However, you can't detach the primary (eth0) interface.
You can attach a network interface in one subnet to an instance in another subnet in the same VPC, however, both the network interface and the instance must
reside in the same Availability Zone.
When launching an instance from the CLI or API, you can specify the network interfaces to attach to the instance for both the primary (eth0) and additional network
interfaces.
Launching an instance with multiple network interfaces automatically configures interfaces, private IP addresses, and route tables on the operating system of the
instance.
A warm or hot attach of an additional network interface may require you to manually bring up the second interface, configure the private IP address, and modify the
route table accordingly. (Instances running Amazon Linux automatically recognize the warm or hot attach and configure themselves.)
Attaching another network interface to an instance is not a method to increase or double the network bandwidth to or from the dual-homed instance.
Reference:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.htmI#use-network-and-security-applia nces-in-your-vpc
NEW QUESTION 215

A user has launched an EC2 instance. The instance got terminated as soon as it was launched. Which of the below mentioned options is not a possible reason for
this?
A. The user account has reached the maximum volume limit

B. The AM is missin
C. It is the required part
D. The snapshot is corrupt
E. The user account has reached the maximum EC2 instance limit
Answer: D
Explanation:
When the user account has reached the maximum number of EC2 instances, it will not be allowed to launch an instance. AWS will throw an ‘Instance Limit
Exceeded’ error. For all other reasons, such as
"AMI is missing part", "Corrupt Snapshot" or "VoIume limit has reached" it will launch an EC2 instance and then terminate it.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_|nstanceStraightToTerminated.html

NEW QUESTION 219

George has launched three EC2 instances inside the US-East-1a zone with his AWS account. Ray has launched two EC2 instances in the US-East-Ia zone with
his AWS account. Which of the below mentioned statements will help George and Ray understand the availability zone (AZ) concept better?
A. All the instances of George and Ray can communicate over a private IP with a minimal cost
B. The US-East-1a region of George and Ray can be different availability zones
C. All the instances of George and Ray can communicate over a private IP without any cost
D. The instances of George and Ray will be running in the same data centre
Answer: B
Explanation:
Each AWS region has multiple, isolated locations known as Availability Zones. To ensure that the AWS resources are distributed across the Availability Zones for a
region, AWS independently maps the Availability Zones to identifiers for each account. In this case the Availability Zone US-East-Ia where George’s EC2
instances are running might not be the same location as the US-East-Ia zone of Ray’s EC2 instances. There is no way for the user to coordinate the Availability
Zones between accounts.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html
NEW QUESTION 220

Can you encrypt EBS volumes?
A. Yes, you can enable encryption when you create a new EBS volume using the AWS Management Console, API, or CLI.
B. No, you should use a third-party software to perform raw block-level encryption of an EBS volume.
C. Yes, but you must use a third-party API for encrypting data before it's loaded on EBS.
D. Yes, you can encrypt with the special "ebs_encrypt" command through Amazon API
Answer: A
Explanation:
With Amazon EBS encryption, you can now create an encrypted EBS volume and attach it to a supported instance type. Data on the volume, disk I/O, and
snapshots created from the volume are then all encrypted. The encryption occurs on the servers that host the EC2 instances, providing encryption of data as it
moves between EC2 instances and EBS storage. EBS encryption is based on the industry standard AES-256 cryptographic algorithm.
To get started, simply enable encryption when you create a new EBS volume using the AWS Management Console, API, or CLI. Amazon EBS encryption is
available for all the latest EC2 instances in all commercially available AWS regions.
Reference:
https://aws.amazon.com/about-aws/whats-new/2014/05/21/Amazon-EBS-encryption-now-avai|abIe/
NEW QUESTION 224

A user has created an ELB with Auto Scaling. Which of the below mentioned offerings from ELB helps the
user to stop sending new requests traffic from the load balancer to the EC2 instance when the instance is being deregistered while continuing in-flight requests?
A. ELB sticky session

B. ELB deregistration check
C. ELB auto registration Off
D. ELB connection draining
Answer: D
Explanation:
The Elastic Load Balancer connection draining feature causes the load balancer to stop sending new requests to the back-end instances when the instances are
deregistering or become unhealthy, while ensuring that in-flight requests continue to be served.
Reference:
http://docs.aws.amazon.com/EIasticLoadBaIancing/latest/DeveIoperGuide/config-conn-drain.htmI
NEW QUESTION 226

A user is running a webserver on EC2. The user wants to receive the SMS when the EC2 instance utilization is above the threshold limit. Which AWS services
should the user configure in this case?
A. AWS C|oudWatch + AWS SQS.

B. AWS CIoudWatch + AWS SNS.
C. AWS CIoudWatch + AWS SES.
D. AWS EC2 + AWS Cloudwatc
Answer: B
Explanation:
Amazon SNS makes it simple and cost-effective to push to mobile devices, such as iPhone, iPad, Android, Kindle Fire, and internet connected smart devices, as
well as pushing to other distributed services. In this case, the user can configure that Cloudwatch sends an alarm on when the threshold is crossed to SNS which
will trigger an SMS.
Reference: http://aws.amazon.com/sns/
NEW QUESTION 229

Your manager has come to you saying that he is very confused about the bills he is receMng from AWS as he is getting different bills for every user and needs you
to look into making it more understandable. Which of the following would be the best solution to meet his request?
A. AWS Billing Aggregation

B. Consolidated Billing
C. Deferred Billing
D. Aggregated Billing

Answer: B
Explanation:
Consolidated Billing enables you to consolidate payment for multiple AWS accounts within your company by designating a single paying account. Consolidated
Billing enables you to see a combined view of AWS costs incurred by all accounts, as well as obtain a detailed cost report for each of the indMdual AWS accounts
associated with your "Paying Account". Consolidated Billing is offered at no additional charge. Reference: https://aws.amazon.com/bi|Iing/faqs/
NEW QUESTION 231

A user is planning to host a mobile game on EC2 which sends notifications to active users on either high score or the addition of new features. The user should get
this notification when he is online on his mobile device. Which of the below mentioned AWS services can help achieve this functionality?
A. AWS Simple Notification Service.

B. AWS Simple Email Service.
C. AWS Nlobile Communication Service.
D. AWS Simple Queue Service.
Answer: A
Explanation:
Amazon Simple Notification Service (Amazon SNS) is a fast, filexible, and fully managed push messaging service. Amazon SNS makes it simple and cost-effective
to push to mobile devices, such as iPhone, iPad, Android, Kindle Fire, and internet connected smart devices, as well as pushing to other distributed services.
Reference: http://aws.amazon.com/sns
NEW QUESTION 236

You have written a CIoudFormation template that creates I Elastic Load Balancer fronting 2 EC2 Instances. Which section of the template should you edit so that
the DNS of the load balancer is returned upon creation of the stack?
A. Resources
B. Outputs
C. Parameters
D. Mappings
Answer: B
Explanation:
You can use AWS CIoudFormation’s sample templates or create your own templates to describe the AWS resources, and any associated dependencies or
runtime parameters, required to run your application.
Reference:
http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/outputs-section-structure.html
NEW QUESTION 237

You have been asked to set up monitoring of your network and you have decided that Cloudwatch would be the best service to use. Amazon CIoudWatch monitors
your Amazon Web Services (AWS) resources and the applications you run on AWS in real-time. You can use CIoudWatch to collect and track metrics, which are
the variables you want to measure for your resources and applications. Which of the following items listed can AWS Cloudwatch monitor?
A. Log files your applications generate.

B. All of the items listed on this page.
C. System-wide visibility into resource utilization, application performance, and operational health.
D. Custom metrics generated by your applications and services .
Answer: B
Explanation:
Amazon CIoudWatch can monitor AWS resources such as Amazon EC2 instances, Amazon DynamoDB tables, and Amazon RDS DB instances, as well as
custom metrics generated by your applications and services, and any log files your applications generate. You can use Amazon CIoudWatch to gain
system-wide visibility into resource utilization, application performance, and operational health. You can use these insights to react and keep your application
running smoothly.
Reference: http://aws.amazon.com/cIoudwatch/
NEW QUESTION 241

How can you apply more than 100 rules to an Amazon EC2-Classic?
A. By adding more security groups

B. You need to create a default security group specifying your required rules if you need to use more than 100 rules per security group.
C. By default the Amazon EC2 security groups support 500 rules.
D. You can't add more than 100 rules to security groups for an Amazon EC2 instanc
Answer: D
Explanation:
In EC2-Classic, you can associate an instance with up to 500 security groups and add up to 100 rules to a security group.
Reference: http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/using-network-security.htmI
NEW QUESTION 246

You need to quickly set up an email-sending service because a client needs to start using it in the next hour. Amazon Simple Email Service (Amazon SES) seems
to be the logical choice but there are several options available to set it up. Which of the following options to set up SES would best meet the needs of the client?

A. Amazon SES console

B. AWS CIoudFormation
C. SMTP Interface
D. AWS Elastic Beanstalk
Answer: A
Explanation:
Amazon SES is an outbound-only email-sending service that provides an easy, cost-effective way for you to send email.
There are several ways that you can send an email by using Amazon SES. You can use the Amazon SES console, the Simple Mail Transfer Protocol (SMTP)
interface, or you can call the Amazon SES API. Amazon SES consoIe—This method is the quickest way to set up your system
Reference: http://docs.aws.amazon.com/ses/latest/DeveIoperGuide/\NeIcome.html
NEW QUESTION 250

Identify a true statement about the On-Demand instances purchasing option provided by Amazon EC2.
A. Pay for the instances that you use by the hour, with no long-term commitments or up-front payments.
B. Make a low, one-time, up-front payment for an instance, reserve it for a one- or three-year term, and pay a significantly lower hourly rate for these instances.
C. Pay for the instances that you use by the hour, with long-term commitments or up-front payments.
D. Make a high, one-time, all-front payment for an instance, reserve it for a one- or three-year term, andpay a significantly higher hourly rate for these instance
Answer: A
Explanation:
On-Demand instances allow you to pay for the instances that you use by the hour, with no long-term commitments or up-front payments.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/reserved-instances-offerings.html
NEW QUESTION 255

In Amazon EC2, how many Elastic IP addresses can you have by default?
A. 10
B. 2
C. 5
D. 20
Answer: C
Explanation:
The number of Elastic IP addresses you can have in EC2 is 5.
Reference: http://docs.aws.amazon.com/generaI/latest/gr/aws_service_Iimits.htmI#|imits_ec2
NEW QUESTION 260

After deciding that EMR will be useful in analysing vast amounts of data for a gaming website that you are architecting you have just deployed an Amazon EMR
Cluster and wish to monitor the cluster performance. Which of the following tools cannot be used to monitor the cluster performance?
A. Kinesis
B. Ganglia
C. C|oudWatch Metrics
D. Hadoop Web Interfaces
Answer: A
Explanation:
Amazon EMR provides several tools to monitor the performance of your cluster. Hadoop Web Interfaces
Every cluster publishes a set of web interfaces on the master node that contain information about the cluster. You can access these web pages by using an SSH
tunnel to connect them on the master node. For more information, see View Web Interfaces Hosted on Amazon EMR Clusters.
CIoudWatch Metrics
Every cluster reports metrics to CIoudWatch. CIoudWatch is a web service that tracks metrics, and which you can use to set alarms on those metrics. For more
information, see Monitor Metrics with CIoudWatch. Ganglia
Ganglia is a cluster monitoring tool. To have this available, you have to install Ganglia on the cluster when you launch it. After you've done so, you can monitor the
cluster as it runs by using an SSH tunnel to connect to the Ganglia UI running on the master node. For more information, see Monitor Performance with Ganglia.
Reference:
http://docs.aws.amazon.com/EIasticMapReduce/latest/DeveIoperGuide/emr-troubleshoot-tooIs.htmI
NEW QUESTION 261

Can you move a Reserved Instance from one Availability Zone to another?
A. Yes, but each Reserved Instance is associated with a specific Region that cannot be changed.
B. Yes, only in US-West-2.
C. Yes, only in US-East-1.
D. No
Answer: A
Explanation:
Each Reserved Instance is associated with a specific Region, which is fixed for the lifetime of the reservation and cannot be changed. Each reservation can,
however, be used in any of the available AZs within the associated Region.
Reference: https://aws.amazon.com/rds/faqs/

NEW QUESTION 262

When controlling access to Amazon EC2 resources, each Amazon EBS Snapshot has a attribute that controls which AWS accounts can use the snapshot.
A. createVoIumePermission
B. LaunchPermission
C. SharePermission
D. RequestPermission
Answer: A
Explanation:
Each Amazon EBS Snapshot has a createVoIumePermission attribute that you can set to one or more AWS Account IDs to share the AM with those AWS
Accounts. To allow several AWS Accounts to use a particular EBS snapshot, you can use the snapshots's createVoIumePermission attribute to include a list of the
accounts that can use it.
Reference: http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/UsingIAM.html
NEW QUESTION 263

A 3-tier e-commerce web application is current deployed on-premises and will be migrated to AWS for
greater scalability and elasticity The web server currently shares read-only data using a network distributed file system The app server tier uses a clustering
mechanism for discovery and shared session state that depends on I P multicast The database tier uses shared-storage clustering to provide database fail over
capability, and uses several read slaves for scaling Data on all sewers and the distributed file system directory is backed up weekly to off-site tapes
Which AWS storage and database architecture meets the requirements of the application?
A. Web sewers: store read-only data in 53, and copy from 53 to root volume at boot tim
B. App servers: share state using a combination of DynamoDB and IP unicas
C. Database: use RDS with multi-AZ deployment and one or more read replica
D. Backup: web servers, app servers, and database backed up weekly to Glacier using snapshots.
E. Web sewers: store read-only data in an EC2 NFS server, mount to each web server at boot tim
F. App servers: share state using a combination of DynamoDB and IP multicas
G. Database: use RDS with multi-AZ deployment and one or more Read Replica
H. Backup: web and app servers backed up weekly via AM Is, database backed up via DB snapshots.
I. Web servers: store read-only data in 53, and copy from 53 to root volume at boot tim
J. App servers: share state using a combination of DynamoDB and IP unicas
K. Database: use RDS with multi-AZ deployment and one or more Read Replica
L. Backup: web and app servers backed up weekly viaAM Is, database backed up via DB snapshots.
M. Web servers: store read-only data in 53, and copy from 53 to root volume at boot tim
N. App servers: share state using a combination of DynamoDB and IP unicas
O. Database: use RDS with multi-AZ deploymen
P. Backup: web and app sewers backed up weekly via ANI Is, database backed up via DB snapshots.
Answer: C
Explanation:
Amazon RDS Multi-AZ deployments provide enhanced availability and durability for Database (DB) Instances, making them a natural fit for production database
workloads. When you provision a Multi-AZ DB Instance, Amazon RDS automatically creates a primary DB Instance and synchronously replicates the data to a
standby instance in a different Availability Zone (AZ). Each AZ runs on its own physically distinct, independent infrastructure, and is engineered to be highly
reliable. In case of an infrastructure failure (for example, instance hardware failure, storage failure, or network disruption), Amazon RDS performs an automatic
failover to the standby, so that you can resume database operations as soon as the failover is complete. Since the endpoint for your DB Instance remains the
same after a failover, your application can resume database operation without the need for manual administrative intervention.
Benefits
Enhanced Durability
MuIti-AZ deployments for the MySQL, Oracle, and PostgreSQL engines utilize synchronous physical replication to keep data on the standby up-to-date with the
primary. MuIti-AZ deployments for the SQL Server engine use synchronous logical replication to achieve the same result, employing SQL
Server-native Mrroring technology. Both approaches safeguard your data in the event of a DB Instance failure or loss of an Availability Zone.
If a storage volume on your primary fails in a Multi-AZ deployment, Amazon RDS automatically initiates a failover to the up-to-date standby. Compare this to a
Single-AZ deployment: in case of a Single-AZ database failure, a user-initiated point-in-time-restore operation will be required. This operation can take several
hours to complete, and any data updates that occurred after the latest restorable time (typically within the last five minutes) will not be available.
Amazon Aurora employs a highly durable, SSD-backed virtualized storage layer purpose-built for
database workloads. Amazon Aurora automatically replicates your volume six ways, across three Availability Zones. Amazon Aurora storage is fault-tolerant,
transparently handling the loss of up to two copies of data without affecting database write availability and up to three copies without affecting read availability.
Amazon Aurora storage is also self-healing. Data blocks and disks are continuously scanned for errors and replaced automatically.
Increased Availability
You also benefit from enhanced database availability when running Multi-AZ deployments. If an Availability Zone failure or DB Instance failure occurs, your
availability impact is limited to the time automatic failover takes to complete: typically under one minute for Amazon Aurora and one to two minutes for other
database engines (see the RDS FAQ for details).
The availability benefits of MuIti-AZ deployments also extend to planned maintenance and backups.
In the case of system upgrades like OS patching or DB Instance scaling, these operations are applied first on the standby, prior to the automatic failover. As a
result, your availability impact is, again, only the time required for automatic fail over to complete.
Unlike Single-AZ deployments, 1/0 actMty is not suspended on your primary during backup for MuIti-AZ deployments for the MySOL, Oracle, and PostgreSQL
engines, because the backup is taken from the standby. However, note that you may still experience elevated latencies for a few minutes during backups for Mu|ti-
AZ deployments.
On instance failure in Amazon Aurora deployments, Amazon RDS uses RDS MuIti-AZ technology to automate failover to one of up to 15 Amazon Aurora Replicas
you have created in any of three Availability Zones. If no Amazon Aurora Replicas have been provisioned, in the case of a failure, Amazon RDS will attempt to
create a new Amazon Aurora DB instance for you automatically.
No Administrative Intervention
DB Instance failover is fully automatic and requires no administrative intervention. Amazon RDS monitors the health of your primary and standbys, and initiates a
failover automatically in response to a variety of failure conditions.
Failover conditions
Amazon RDS detects and automatically recovers from the most common failure scenarios for Multi-AZ deployments so that you can resume database operations
as quickly as possible without administrative intervention. Amazon RDS automatically performs a failover in the event of any of the following:
Loss of availability in primary Availability Zone Loss of network connectMty to primary Compute unit failure on primary

Storage failure on primary

Note: When operations such as DB Instance scaling or system upgrades like OS patching are initiated for Multi-AZ deployments, for enhanced availability, they are
applied first on the standby prior to an automatic failover. As a result, your availability impact is limited only to the time required for automatic failover to complete.
Note that Amazon RDS Multi-AZ deployments do not failover automatically in response to database operations such as long running queries, deadlocks or
database corruption errors.
NEW QUESTION 264

Your company has HQ in Tokyo and branch offices all over the world and is using a logistics software with a multi-regional deployment on AWS in Japan, Europe
and USA, The logistic software has a 3- tier architecture and currently uses MySQL 5.6 for data persistence. Each region has deployed its own database
In the HQ region you run an hourly batch process reading data from every region to compute cross regional reports that are sent by email to all offices this batch
process must be completed as fast as possible to quickly optimize logistics how do you build the database architecture in order to meet the requirements'?
A. For each regional deployment, use RDS MySQL with a master in the region and a read replica in the HQ region
B. For each regional deployment, use MySQL on EC2 with a master in the region and send hourly EBS snapshots to the HQ region
C. For each regional deployment, use RDS MySQL with a master in the region and send hourly RDS snapshots to the HQ region
D. For each regional deployment, use MySQL on EC2 with a master in the region and use 53 to copy data files hourly to the HQ region
E. Use Direct Connect to connect all regional MySQL deployments to the HQ region and reduce network latency for the batch process
Answer: A
NEW QUESTION 269

A customer has a 10 GB AWS Direct Connect connection to an AWS region where they have a web application hosted on Amazon Elastic Computer Cloud (EC2).
The application has dependencies on an on-premises mainframe database that uses a BASE (Basic Available. Sort stale Eventual consistency) rather than an
ACID (Atomicity. Consistency isolation. Durability) consistency model.
The application is exhibiting undesirable behavior because the database is not able to handle the volume of writes. How can you reduce the load on your on-
premises database resources in the most
cost-effective way?
A. Use an Amazon Elastic Map Reduce (EMR) S3DistCp as a synchronization mechanism between the on-premises database and a Hadoop cluster on AWS.
B. Modify the application to write to an Amazon SQS queue and develop a worker process to flush the queue to the on-premises database.
C. Modify the application to use DynamoDB to feed an EMR cluster which uses a map function to write to the on-premises database.
D. Provision an RDS read-replica database on AWS to handle the writes and synchronize the two databases using Data Pipeline.
Answer: A
Explanation:
Reference: https://aws.amazon.com/blogs/aws/category/amazon-elastic-map-reduce/
NEW QUESTION 272

Your company plans to host a large donation website on Amazon Web Services (AWS). You anticipate a large and undetermined amount of traffic that will create
many database writes. To be certain that you do not drop any writes to a database hosted on AWS. Which service should you use?
A. Amazon RDS with provisioned IOPS up to the anticipated peak write throughput.
B. Amazon Simple Queue Service (SOS) for capturing the writes and draining the queue to write to the database.
C. Amazon EIastiCache to store the writes until the writes are committed to the database.
D. Amazon DynamoDB with provisioned write throughput up to the anticipated peak write throughpu
Answer: B
Explanation:
Amazon Simple Queue Service (Amazon SQS) offers a reliable, highly scalable hosted queue for storing messages as they travel between computers. By using
Amazon SQS, developers can simply move data between distributed application components performing different tasks, without losing messages or requiring each
component to be always available. Amazon SQS makes it easy to build a distributed, decoupled application, working in close conjunction with the Amazon Elastic
Compute Cloud (Amazon EC2) and the other AWS infrastructure web services.
What can I do with Amazon SQS?
Amazon SQS is a web service that gives you access to a message queue that can be used to store messages while waiting for a computer to process them. This
allows you to quickly build message queuing applications that can be run on any computer on the internet. Since Amazon SQS is highly scalable and you only pay
for what you use, you can start small and grow your application as you wish, with no compromise on performance or reliability. This lets you focus on building
sophisticated message-based applications, without worrying about how the messages are stored and managed.
You can use Amazon SQS with software applications in various ways. For example, you can: Integrate Amazon SQS with other AWS infrastructure web services
to make applications more reliable and filexible.
Use Amazon SQS to create a queue of work where each message is a task that needs to be completed by a process. One or many computers can read tasks from
the queue and perform them. Build a microservices architecture, using queues to connect your microservices.
Keep notifications of significant events in a business process in an Amazon SQS queue. Each event can have a corresponding message in a queue, and
applications that need to be aware of the event can read and process the messages.
NEW QUESTION 273

You have launched an EC2 instance with four (4) 500GB EBS Provisioned IOPS volumes attached The EC2 Instance Is EBS-Optimized and supports 500 Mbps
throughput between EC2 and EBS The two EBS volumes are configured as a single RAID o device, and each Provisioned IOPS volume is provisioned with
4.000 IOPS (4 000 16KB reads or writes) for a total of 16.000 random IOPS on the instance The EC2 Instance initially delivers the expected 16 000 IOPS random
read and write performance Sometime later in order to increase the total random 1/0 performance of the instance, you add an additional two 500 GB EBS
Provisioned IOPS volumes to the RAID Each volume Is provisioned to 4.000 IOPs like the original four for a total of 24.000 IOPS on the EC2 instance Monitoring
shows that the EC2 instance CPU utilization increased from 50% to 70%. but the total random IOPS measured at the instance level does not increase at all.
What is the problem and a valid solution?
A. Larger storage volumes support higher Provisioned IOPS rates: increase the provisioned volumestorage of each of the 6 EBS volumes to ITB
B. The EBS-Optimized throughput limits the total IOPS that can be utilized use an EBS-Optimized instance that provides larger throughput.
C. Small block sizes cause performance degradation, limiting the 1'0 throughput, configure the instance device driver and file system to use 64KB blocks to
increase throughput.

D. RAID 0 only scales linearly to about 4 devices, use RAID 0 with 4 EBS Provisioned IOPS volumes but increase each Provisioned IOPS EBS volume to 6.000
IOPS.
E. The standard EBS instance root volume limits the total IOPS rate, change the instant root volume to also be a 500GB 4.000 Provisioned IOPS volume.
Answer: E
NEW QUESTION 276

You have recently joined a startup company building sensors to measure street noise and air quality in urban areas. The company has been running a pilot
deployment of around 100 sensors for 3 months each sensor uploads 1KB of sensor data every minute to a backend hosted on AWS.
During the pilot, you measured a peak or 10 IOPS on the database, and you stored an average of 3GB of sensor data per month in the database.
The current deployment consists of a load-balanced auto scaled Ingestion layer using EC2 instances and a PostgreSQL RDS database with 500GB standard
storage.
The pilot is considered a success and your CEO has managed to get the attention or some potential investors. The business plan requires a deployment of at least
IOOK sensors which needs to be supported by the backend. You also need to store sensor data for at least two years to be able to compare year over year
Improvements.
To secure funding, you have to make sure that the platform meets these requirements and leaves room for further scaling. Which setup win meet the
requirements?
A. Add an SQS queue to the ingestion layer to buffer writes to the RDS instance
B. Ingest data into a DynamoDB table and move old data to a Redshift cluster
C. Replace the RDS instance with a 6 node Redshift cluster with 96TB of storage
D. Keep the current architecture but upgrade RDS storage to 3TB and IOK provisioned IOPS
Answer: C
NEW QUESTION 280

Your company is in the process of developing a next generation pet collar that collects biometric information to assist families with promoting healthy lifestyles for
their pets Each collar will push 30kb of biometric data In JSON format every 2 seconds to a collection platform that will process and analyze the data providing
health trending information back to the pet owners and veterinarians via a web portal Management has tasked you to architect the collection platform ensuring the
following requirements are met.
Provide the ability for real-time analytics of the inbound biometric data Ensure processing of the biometric data is highly durable. Elastic and parallel The results of
the analytic processing should be persisted for data mining
Which architecture outlined below win meet the initial requirements for the collection platform?
A. Utilize 53 to collect the inbound sensor data analyze the data from 53 with a daily scheduled Data Pipeline and save the results to a Redshift Cluster.
B. Utilize Amazon Kinesis to collect the inbound sensor data, analyze the data with Kinesis clients and save the results to a Red shift cluster using EMR.
C. Utilize SQS to collect the inbound sensor data analyze the data from SQS with Amazon Kinesis and save the results to a Mcrosoft SQL Server RDS instance.
D. Utilize EMR to collect the inbound sensor data, analyze the data from EUR with Amazon Kinesis and save me results to Dynamo DB.
Answer: B
NEW QUESTION 285

You need a persistent and durable storage to trace call actMty of an IVR (Interactive Voice Response) system. Call duration is mostly in the 2-3 minutes
timeframe. Each traced call can be either active or terminated. An external application needs to know each minute the list of currently active calls, which are
usually a few calls/second. Put once per month there is a periodic peak up to 1000 calls/second for a few hours. The system is open 24/7 and any downtime
should be avoided.
Historical data is periodically archived to files. Cost saving is a priority for this project.
What database implementation would better fit this scenario, keeping costs as low as possible?
A. Use RDS Multi-AZ with two tables, one for -Active calls" and one for -Terminated ca Ils". In this way the "Active caIIs_ table is always small and effective to
access.
B. Use DynamoDB with a "Calls" table and a Global Secondary Index on a "IsActive"' attribute that is present for active calls only In this way the Global Secondary
index is sparse and more effective.
C. Use DynamoDB with a 'Calls" table and a Global secondary index on a 'State" attribute that can equal to "active" or "terminated" in this way the Global
Secondary index can be used for all Items in the table.
D. Use RDS Multi-AZ with a "CALLS" table and an Indexed "STATE* field that can be equal to 'ACTIVE" or -TERMNATED" In this way the SOL query Is optimized
by the use of the Index.
Answer: A
NEW QUESTION 287

You have been asked to design the storage layer for an application. The application requires disk
performance of at least 100,000 IOPS in addition, the storage layer must be able to survive the loss of an indMdual disk. EC2 instance, or Availability Zone without
any data loss. The volume you provide must have a capacity of at least 3 TB. Which of the following designs will meet these objectives'?
A. Instantiate a c3.8x|arge instance in us-east-1. Provision 4x1TB EBS volumes, attach them to the instance, and configure them as a single RAID 5 volum
B. Ensure that EBS snapshots are performed every 15 minutes.
C. Instantiate a c3.8xIarge instance in us-east-1. Provision 3xiTB EBS volumes, attach them to the Instance, and configure them as a single RAID 0 volum
D. Ensure that EBS snapshots are performed every 15 minutes.
E. Instantiate an i2.8xIarge instance in us-east-I
F. Create a RAID 0 volume using the four 800GB SSD ephemeral disks provided with the instanc
G. Provision 3x1TB EBS volumes, attach them to the instance, and configure them as a second RAID 0 volum
H. Configure synchronous, block-level replication from the ephemeral-backed volume to the EBS-backed volume.
I. Instantiate a c3.8xIarge instance in us-east-1. Provision an AWS Storage Gateway and configure it for 3 TB of storage and 100,000 IOP
J. Attach the volume to the instanc
K. Instantiate an i2.8x|arge instance in us-east-I
L. Create a RAID 0 volume using the four 800GB SSD ephemeral disks provided with the instanc
M. Configure synchronous, block- level replication to an identically configured instance inus-east-I

Answer: C
NEW QUESTION 291

Your company runs a customer facing event registration site This site is built with a 3-tier architecture with web and application tier servers and a MySQL database
The application requires 6 web tier servers and 6 application tier servers for normal operation, but can run on a minimum of 65% server capacity and a single
MySQL database. When deploying this application in a region with three availability zones (AZs) which architecture provides high availability?
A. A web tier deployed across 2 AZs with 3 EC2 (Elastic Compute Cloud) instances in each AZ inside an Auto Scaling Group behind an ELB (elastic load
balancer), and an application tier deployed across 2 AZs with 3 EC2 instances in each AZ inside an Auto Scaling Group behind an ELB, and one RDS (Relational
Database Service) instance deployed with read replicas in the other AZ.
B. A web tier deployed across 3 AZs with 2 EC2 (Elastic Compute Cloud) instances in each AZ inside an Auto Scaling Group behind an ELB (elastic load balancer)
and an application tier deployed across 3 AZs with 2 EC2 instances in each AZ inside an Auto Scaling Group behind an ELB and one RDS (Relational Database
Service) Instance deployed with read replicas in the two other AZs.
C. A web tier deployed across 2 AZs with 3 EC2 (Elastic Compute Cloud) instances in each AZ inside an Auto Scaling Group behind an ELB (elastic load
balancer) and an application tier deployed across 2 AZs with 3 EC2 instances m each AZ inside an Auto Scaling Group behind an ELS and a Multi-AZ RDS
(Relational Database Service) deployment.
D. A web tier deployed across 3 AZs with 2 EC2 (Elastic Compute Cloud) instances in each AZ Inside an Auto Scaling Group behind an ELB (elastic load
balancer). And an application tier deployed across 3 AZs with 2 EC2 instances in each AZ inside an Auto Scaling Group behind an EL
E. And a MuIti-AZ RDS (Relational Database services) deployment.
Answer: D
Explanation:
Amazon RDS MuIti-AZ Deployments
Amazon RDS Multi-AZ deployments provide enhanced availability and durability for Database (DB) Instances, making them a natural fit for production database
workloads. When you provision a MuIti-AZ DB Instance, Amazon RDS automatically creates a primary DB Instance and synchronously replicates the data to a
standby instance in a different Availability Zone (AZ). Each AZ runs on its own physically distinct, independent infrastructure, and is engineered to be highly
reliable. In case of an infrastructure failure (for example, instance hardware failure, storage failure, or network disruption), Amazon RDS performs an automatic
failover to the standby, so that you can resume database operations as soon as the failover is complete. Since the endpoint for your DB Instance remains the
same after a failover, your application can resume database operation without the need for manual administrative intervention.
Enhanced Durability
MuIti-AZ deployments for the MySQL, Oracle, and PostgreSQL engines utilize synchronous physical replication to keep data on the standby up-to-date with the
primary. MuIti-AZ deployments for the SQL Server engine use synchronous logical replication to achieve the same result, employing SQL
Server-native Mrroring technology. Both approaches safeguard your data in the event of a DB Instance failure or loss of an Availability Zone.
If a storage volume on your primary fails in a Multi-AZ deployment, Amazon RDS automatically initiates a failover to the up-to-date standby. Compare this to a
Single-AZ deployment: in case of a Single-AZ database failure, a user-initiated point-in-time-restore operation will be required. This operation can take several
hours to complete, and any data updates that occurred after the latest restorable time (typically within the last five minutes) will not be available.
Amazon Aurora employs a highly durable, SSD-backed virtualized storage layer purpose-built for database workloads. Amazon Aurora automatically replicates
your volume six ways, across three Availability Zones. Amazon Aurora storage is fault-tolerant, transparently handling the loss of up to two copies of data without
affecting database write availability and up to three copies without affecting read availability. Amazon Aurora storage is also self-healing. Data blocks and disks are
continuously scanned for errors and replaced automatically.
Increased Availability
You also benefit from enhanced database availability when running Multi-AZ deployments. If an Availability Zone failure or DB Instance failure occurs, your
availability impact is limited to the time automatic failover takes to complete: typically under one minute for Amazon Aurora and one to two minutes for other
database engines (see the RDS FAQ for details).
The availability benefits of MuIti-AZ deployments also extend to planned maintenance and backups. In the case of system upgrades like QS patching or DB
Instance scaling, these operations are applied first on
the standby, prior to the automatic failover. As a result, your availability impact is, again, only the time required for automatic failover to complete.
Unlike Single-AZ deployments, 1/0 actMty is not suspended on your primary during backup for MuIti-AZ deployments for the MySQL, Oracle, and PostgreSQL
engines, because the backup is taken from the standby. However, note that you may still experience elevated latencies for a few minutes during backups for MuIti-
AZ deployments.
On instance failure in Amazon Aurora deployments, Amazon RDS uses RDS MuIti-AZ technology to automate failover to one of up to 15 Amazon Aurora Replicas
you have created in any of three Availability Zones. If no Amazon Aurora Replicas have been provisioned, in the case of a failure, Amazon RDS will attempt to
create a new Amazon Aurora DB instance for you automatically.
NEW QUESTION 295

......

THANKS FOR TRYING THE DEMO OF OUR PRODUCT
Visit Our Site to Purchase the Full Set of Actual AWS-Solution-Architect-Associate Exam Questions With
Answers.
We Also Provide Practice Exam Software That Simulates Real Exam Environment And Has Many Self-Assessment Features. Order the AWS-
Solution-Architect-Associate Product From:
https://www.2passeasy.com/dumps/AWS-Solution-Architect-Associate/
Money Back Guarantee
AWS-Solution-Architect-Associate Practice Exam Features:
* AWS-Solution-Architect-Associate Questions and Answers Updated Frequently
* AWS-Solution-Architect-Associate Practice Questions Verified by Expert Senior Certified Staff
* AWS-Solution-Architect-Associate Most Realistic Questions that Guarantee you a Pass on Your FirstTry
* AWS-Solution-Architect-Associate Practice Test Questions in Multiple Choice Formats and Updatesfor 1 Year

Powered by TCPDF (www.tcpdf.org)

Aws Solution Architect

Uploaded by

Copyright:

Available Formats

Aws Solution Architect

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Aws Solution Architect

Uploaded by

Copyright:

Available Formats

Welcome to download the Newest 2passeasy AWS-Solution-Architect-Associate dumps

https://www.2passeasy.com/dumps/AWS-Solution-Architect-Associate/ (615 New Questions)

Exam Questions AWS-Solution-Architect-Associate

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

A. It has high performance at scale as data and query complexity grows.

A. Always select the AZ while launching an instance

A. Use the indexing feature of S3.

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

B. Tag the objects with the metadata to search on that.

A. Key pairs are used only for Amazon SDKs.

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

A. It can export from Amazon S3

A. Configure the EC2 instance with a stop instance to terminate it.

A. You can modify the outbound rules for EC2-Classic.

A. per second used in the hour

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

A. Auto Scaling, Amazon CIoudWatch and AWS Elastic Beanstalk

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

A. There is no encryption on Amazon Glacier, that's why it is cheaper.

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

A. AWS reformats the disks and uses them again.

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

A. Yes, AWS CIoudFormation supports Amazon EC2 tagging

A. Move the bucket to a new region

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

A. Supports allow rules and deny rules.

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

NEW QUESTION 102

NEW QUESTION 104

NEW QUESTION 107

A. weighted-based routing; alias resource record sets

NEW QUESTION 109

A. Procure all the instances as reserved instances beforehand.

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

NEW QUESTION 110

A. We charge less in different time zones.

NEW QUESTION 112

NEW QUESTION 113

NEW QUESTION 116

NEW QUESTION 121

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

NEW QUESTION 125

NEW QUESTION 130

NEW QUESTION 135

A. Yes, by default, the history of your API calls is logged.

NEW QUESTION 139

A. Amazon EBS root device volumes are moved to IAM.

NEW QUESTION 144

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

NEW QUESTION 147

NEW QUESTION 148

A. All services support resource-level permissions for all actions.

NEW QUESTION 149

NEW QUESTION 153

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

NEW QUESTION 156

A. MFA delete for S3 objects

NEW QUESTION 160