AWS Solution Architect Associate Dump2

Welcome to download the Newest 2passeasy AWS-Solution-Architect-Associate dumps Welcome to download the Newest 2passeasy AWS-Solution-Architect-Associate dumps
https://www.2passeasy.com/dumps/AWS-Solution-Architect-Associate/ (615 New Questions) https://www.2passeasy.com/dumps/AWS-Solution-Architect-Associate/ (615 New Questions)
B. Tag the objects with the metadata to search on that.

C. Use the query functionality of S3.
NEW QUESTION 1 D. Make your own DB system which stores the S3 metadata for the search functionalit
In Amazon EC2 Container Service components, what is the name of a logical grouping of container instances on which you can place tasks?
Answer: D
A. A cluster
B. A container instance Explanation:
C. A container In Amazon Web Services, AWS S3 does not provide any query facility. To retrieve a specific object the user needs to know the exact bucket / object key. In this
D. A task definition case it is recommended to have an own DB system which manages the S3 metadata and key mapping.
Reference: http://media.amazonwebservices.com/AWS_Storage_Options.pdf
Answer: A
Explanation: NEW QUESTION 6

Amazon ECS contains the following components: You are looking at ways to improve some existing infrastructure as it seems a lot of engineering resources are being taken up with basic management and
A Cluster is a logical grouping of container instances that you can place tasks on. monitoring tasks and the costs seem to be excessive.
A Container instance is an Amazon EC2 instance that is running the Amazon ECS agent and has been registered into a cluster. You are thinking of deploying Amazon E|asticCache to help. Which of the following statements is true in regards to EIasticCache?
A Task definition is a description of an application that contains one or more container definitions. A Scheduler is the method used for placing tasks on container
instances. A. You can improve load and response times to user actions and queries however the cost associated with scaling web applications will be more.
A Service is an Amazon ECS service that allows you to run and maintain a specified number of instances of a task definition simultaneously. B. You can't improve load and response times to user actions and queries but you can reduce the cost associated with scaling web applications.
A Task is an instantiation of a task definition that is running on a container instance. A Container is a Linux container that was created as part of a task. C. You can improve load and response times to user actions and queries however the cost associated with scaling web applications will remain the same.
Reference: http://docs.aws.amazon.com/AmazonECS/latest/developerguide/Welcome.html D. You can improve load and response times to user actions and queries and also reduce the cost associated with scaling web applications.
Answer: D
NEW QUESTION 2
Amazon EBS provides the ability to create backups of any Amazon EC2 volume into what is known as Explanation:
Amazon EIastiCache is a web service that makes it easy to deploy and run Memcached or Redis protocol-compliant server nodes in the cloud. Amazon
A. snapshots EIastiCache improves the performance of web applications by allowing you to retrieve information from a fast, managed, in-memory caching system, instead of
B. images relying entirely on slower disk-based databases. The service simplifies and offloads the management, monitoring and operation of in-memory cache environments,
C. instance backups enabling your engineering resources to focus on developing applications.
D. mirrors Using Amazon EIastiCache, you can not only improve load and response times to user actions and queries, but also reduce the cost associated with scaling web
applications.
Answer: A Reference: https://aws.amazon.com/eIasticache/faqs/
Explanation:
Amazon allows you to make backups of the data stored in your EBS volumes through snapshots that can later be used to create a new EBS volume. NEW QUESTION 7
Reference: http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/Storage.htmI Your supervisor has asked you to build a simple file synchronization service for your department. He doesn't want to spend too much money and he wants to be
notified of any changes to files by email. What do you think would be the best Amazon service to use for the email solution?
NEW QUESTION 3 A. Amazon SES

After you recommend Amazon Redshift to a client as an alternative solution to paying data warehouses to analyze his data, your client asks you to explain why you B. Amazon CIoudSearch
are recommending Redshift. Which of the following would be a reasonable response to his request? C. Amazon SWF
D. Amazon AppStream
A. It has high performance at scale as data and query complexity grows.
B. It prevents reporting and analytic processing from interfering with the performance of OLTP workloads. Answer: A
C. You don't have the administrative burden of running your own data warehouse and dealing with setup, durability, monitoring, scaling, and patching.
D. All answers listed are a reasonable response to his QUESTION Explanation:
File change notifications can be sent via email to users following the resource with Amazon Simple Email Service (Amazon SES), an easy-to-use, cost-effective
Answer: D email solution.
Reference: http://media.amazonwebservices.com/architecturecenter/AWS_ac_ra_fiIesync_08.pdf
Explanation:
Amazon Redshift delivers fast query performance by using columnar storage technology to improve I/O efficiency and parallelizing queries across multiple nodes.
Redshift uses standard PostgreSQL JDBC and ODBC drivers, allowing you to use a wide range of familiar SQL clients. Data load speed scales linearly with cluster NEW QUESTION 8
size, with integrations to Amazon S3, Amazon DynamoDB, Amazon Elastic MapReduce, Amazon EC2 provides a . It is an HTTP or HTTPS request that uses the HTTP verbs GET or POST.
Amazon Kinesis or any SSH-enabled host.
AWS recommends Amazon Redshift for customers who have a combination of needs, such as: High performance at scale as data and query complexity grows A. web database
Desire to prevent reporting and analytic processing from interfering with the performance of OLTP workloads B. .net framework
Large volumes of structured data to persist and query using standard SQL and existing BI tools Desire to the administrative burden of running one's own data C. Query API
warehouse and dealing with setup, durability, monitoring, scaling and patching D. C library
Reference: https://aws.amazon.com/running_databases/#redshift_anchor
Answer: C
NEW QUESTION 4 Explanation:

A user is launching an EC2 instance in the US East region. Which of the below mentioned options is recommended by AWS with respect to the selection of the Amazon EC2 provides a Query API. These requests are HTTP or HTTPS requests that use the HTTP verbs GET or POST and a Query parameter named Action.
availability zone? Reference: http://docs.aws.amazon.com/AWSEC2/latest/APIReference/making-api-requests.html
A. Always select the AZ while launching an instance

B. Always select the US-East-1-a zone for HA NEW QUESTION 9
C. Do not select the AZ; instead let AWS select the AZ In Amazon AWS, which of the following statements is true of key pairs?
D. The user can never select the availability zone while launching an instance
A. Key pairs are used only for Amazon SDKs.
Answer: C B. Key pairs are used only for Amazon EC2 and Amazon CIoudFront.
C. Key pairs are used only for Elastic Load Balancing and AWS IAM.
Explanation: D. Key pairs are used for all Amazon service
When launching an instance with EC2, AWS recommends not to select the availability zone (AZ). AWS specifies that the default Availability Zone should be
accepted. This is because it enables AWS to select the best Availability Zone based on the system health and available capacity. If the user launches additional Answer: B
instances, only then an Availability Zone should be specified. This is to specify the same or different AZ from the running instances.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html Explanation:
Key pairs consist of a public and private key, where you use the private key to create a digital signature, and then AWS uses the corresponding public key to
validate the signature. Key pairs are used only for Amazon EC2 and Amazon CIoudFront.
NEW QUESTION 5 Reference: http://docs.aws.amazon.com/generaI/latest/gr/aws-sec-cred-types.html
A user is storing a large number of objects on AWS S3. The user wants to implement the search functionality among the objects. How can the user achieve this?
A. Use the indexing feature of S3.
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

A user has created an EBS volume with 1000 IOPS. What is the average IOPS that the user will get for most of the year as per EC2 SLA if the instance is attached Partial instance-hours are billed to the next hour. Reference: http://aws.amazon.com/ec2/faqs/
to the EBS optimized instance?
A. 950 NEW QUESTION 18

B. 990 You have been asked to build a database warehouse using Amazon Redshift. You know a little about it, including that it is a SQL data warehouse solution, and
C. 1000 uses industry standard ODBC and JDBC connections and PostgreSQL drivers. However you are not sure about what sort of storage it uses for database tables.
D. 900 What sort of storage does Amazon Redshift use for database tables?
Answer: D A. InnoDB Tables

B. NDB data storage
Explanation: C. Columnar data storage
As per AWS SLA if the instance is attached to an EBS-Optimized instance, then the Provisioned IOPS volumes are designed to deliver within 10% of the D. NDB CLUSTER Storage
provisioned IOPS performance 99.9% of the time in a given year. Thus, if the user has created a volume of 1000 IOPS, the user will get a minimum 900 IOPS
99.9% time of the year. Answer: C
Reference: http://aws.amazon.com/ec2/faqs/
Explanation:
Amazon Redshift achieves efficient storage and optimum query performance through a combination of massively parallel processing, columnar data storage, and
NEW QUESTION 10 very efficient, targeted data compression encoding schemes.
You need to migrate a large amount of data into the cloud that you have stored on a hard disk and you decide that the best way to accomplish this is with AWS Columnar storage for database tables is an important factor in optimizing analytic query performance because it drastically reduces the overall disk I/O
Import/Export and you mail the hard disk to AWS. Which of the following statements is incorrect in regards to AWS Import/Export? requirements and reduces the amount of data you need to load from disk.
Reference: http://docs.aws.amazon.com/redshift/latest/dg/c_co|umnar_storage_disk_mem_mgmnt.html
A. It can export from Amazon S3
B. It can Import to Amazon Glacier
C. It can export from Amazon Glacier. NEW QUESTION 21
D. It can Import to Amazon EBS Which of the below mentioned options is not available when an instance is launched by Auto Scaling with EC2 Classic?
Answer: C A. Public IP
B. Elastic IP
Explanation: C. Private DNS
AWS Import/Export supports: Import to Amazon S3 D. Private IP
Export from Amazon S3 Import to Amazon EBS Import to Amazon Glacier
AWS Import/Export does not currently support export from Amazon EBS or Amazon Glacier. Reference: Answer: B
https://docs.aws.amazon.com/AWSImportExport/Iatest/DG/whatisdisk.html
Explanation:
Auto Scaling supports both EC2 classic and EC2-VPC. When an instance is launched as a part of EC2 classic, it will have the public IP and DNS as well as the
NEW QUESTION 11 private IP and DNS.
A user wants to use an EBS-backed Amazon EC2 instance for a temporary job. Based on the input data, the job is most likely to finish within a week. Which of the Reference: http://docs.aws.amazon.com/AutoScaIing/latest/DeveIoperGuide/GettingStartedTutoriaI.html
following steps should be followed to terminate the instance automatically once the job is finished?
A. Configure the EC2 instance with a stop instance to terminate it. NEW QUESTION 26
B. Configure the EC2 instance with ELB to terminate the instance when it remains idle. You have been given a scope to deploy some AWS infrastructure for a large organisation. The requirements are that you will have a lot of EC2 instances but may
C. Configure the CIoudWatch alarm on the instance that should perform the termination action once the instance is idle. need to add more when the average utilization of your Amazon EC2 fileet is high and conversely remove them when CPU utilization is low. Which AWS services
D. Configure the Auto Scaling schedule actMty that terminates the instance after 7 day would be best to use to accomplish this?
Answer: C A. Auto Scaling, Amazon CIoudWatch and AWS Elastic Beanstalk

B. Auto Scaling, Amazon CIoudWatch and Elastic Load Balancing.
Explanation: C. Amazon CIoudFront, Amazon CIoudWatch and Elastic Load Balancing.
Auto Scaling can start and stop the instance at a pre-defined time. Here, the total running time is unknown. Thus, the user has to use the CIoudWatch alarm, which D. AWS Elastic Beanstalk , Amazon CIoudWatch and Elastic Load Balancin
monitors the CPU utilization. The user can create an alarm that is triggered when the average CPU utilization percentage has been lower than 10 percent
for 24 hours, signaling that it is idle and no longer in use. When the utilization is below the threshold limit, it will terminate the instance as a part of the instance Answer: B
action.
Reference: http://docs.aws.amazon.com/AmazonCIoudWatch/|atest/Deve|operGuide/UsingAIarmActions.html Explanation:
Auto Scaling enables you to follow the demand curve for your applications closely, reducing the need to manually provision Amazon EC2 capacity in advance. For
example, you can set a condition to add new
NEW QUESTION 13 Amazon EC2 instances in increments to the Auto Scaling group when the average utilization of your Amazon EC2 fileet is high; and similarly, you can set a
Which of the following is true of Amazon EC2 security group? condition to remove instances in the same increments when CPU utilization is low. If you have predictable load changes, you can set a schedule through Auto
Scaling to plan your scaling actMties. You can use Amazon CIoudWatch to send alarms to trigger scaling actMties and Elastic Load Balancing to help distribute
A. You can modify the outbound rules for EC2-Classic. traffic to your instances within Auto Scaling groups. Auto Scaling enables you to run your Amazon EC2 fileet at optimal utilization. Reference:
B. You can modify the rules for a security group only if the security group controls the traffic for just one instance. http://aws.amazon.com/autoscaIing/
C. You can modify the rules for a security group only when a new instance is created.
D. You can modify the rules for a security group at any tim
NEW QUESTION 28
Answer: D You are building infrastructure for a data warehousing solution and an extra request has come through that there will be a lot of business reporting queries running
all the time and you are not sure if your current DB instance will be able to handle it. What would be the best solution for this?
Explanation:
A security group acts as a virtual firewall that controls the traffic for one or more instances. When you launch an instance, you associate one or more security A. DB Parameter Groups
groups with the instance. You add rules to each security group that allow traffic to or from its associated instances. You can modify the rules for a security group at B. Read Replicas
any time; the new rules are automatically applied to all instances that are associated with the security group. C. Multi-AZ DB Instance deployment
Reference: http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/using-network-security.htmI D. Database Snapshots
Answer: B
NEW QUESTION 17
In Amazon EC2, partial instance-hours are billed . Explanation:
Read Replicas make it easy to take advantage of MySQL’s built-in replication functionality to elastically scale out beyond the capacity constraints of a single DB
A. per second used in the hour Instance for read-heavy database workloads. There are a variety of scenarios where deploying one or more Read Replicas for a given source DB Instance may
B. per minute used make sense. Common reasons for deploying a Read Replica include:
C. by combining partial segments into full hours Scaling beyond the compute or I/O capacity of a single DB Instance for read-heavy database workloads. This excess read traffic can be directed to one or more
D. as full hours Read Replicas.
Serving read traffic while the source DB Instance is unavailable. If your source DB Instance cannot take I/O requests (e.g. due to I/O suspension for backups or
Answer: D scheduled maintenance), you can direct read traffic to your Read RepIica(s). For this use case, keep in mind that the data on the Read Replica may be "staIe"
since the source DB Instance is unavailable.
Business reporting or data warehousing scenarios; you may want business reporting queries to run against a Read Replica, rather than your primary, production
DB Instance. Facebook, Google, or Amazon. It will create temporary security credentials for each user, which will be authenticated by the AWS services, such as S3.
Reference: https://aws.amazon.com/rds/faqs/ Reference: http://docs.aws.amazon.com/STS/latest/UsingSTS/CreatingWIF.htmI
NEW QUESTION 29 NEW QUESTION 46

Much of your company's data does not need to be accessed often, and can take several hours for retrieval time, so it's stored on Amazon Glacier. However Once again your customers are concerned about the security of their sensitive data and with their latest enquiry ask about what happens to old storage devices on
someone within your organization has expressed concerns that his data is more sensitive than the other data, and is wondering whether the high AWS. What would be the best answer to this QUESTION ?
level of encryption that he knows is on S3 is also used on the much cheaper Glacier service. Which of the following statements would be most applicable in
regards to this concern? A. AWS reformats the disks and uses them again.
B. AWS uses the techniques detailed in DoD 5220.22-M to destroy data as part of the decommissioning process.
A. There is no encryption on Amazon Glacier, that's why it is cheaper. C. AWS uses their own proprietary software to destroy data as part of the decommissioning process.
B. Amazon Glacier automatically encrypts the data using AES-128 a lesser encryption method than Amazon S3 but you can change it to AES-256 if you are willing D. AWS uses a 3rd party security organization to destroy data as part of the decommissioning proces
to pay more.
C. Amazon Glacier automatically encrypts the data using AES-256, the same as Amazon S3. Answer: B
D. Amazon Glacier automatically encrypts the data using AES-128 a lesser encryption method than Amazon S3.
Explanation:
Answer: C When a storage device has reached the end of its useful life, AWS procedures include a decommissioning process that is designed to prevent customer data from
being exposed to unauthorized indMduals.
Explanation: AWS uses the techniques detailed in DoD 5220.22-M ("Nationa| Industrial Security Program Operating ManuaI ") or NIST 800-88 ("GuideIines for Media
Like Amazon S3, the Amazon Glacier service provides low-cost, secure, and durable storage. But where S3 is designed for rapid retrieval, Glacier is meant to be Sanitization") to destroy data as part of the decommissioning process.
used as an archival service for data that is not accessed often, and for which retrieval times of several hours are suitable. All decommissioned magnetic storage devices are degaussed and physically destroyed in accordance
Amazon Glacier automatically encrypts the data using AES-256 and stores it durably in an immutable form. Amazon Glacier is designed to provide average annual with industry-standard practices.
durability of 99.999999999% for an archive. It stores each archive in multiple facilities and multiple devices. Unlike traditional systems which can require laborious Reference: http://d0.awsstatic.com/whitepapers/Security/AWS%20Security%20Whitepaper.pdf
data verification and manual repair, Glacier performs regular, systematic data integrity checks, and is built to be automatically self-healing.
Reference: http://d0.awsstatic.com/whitepapers/Security/AWS%20Security%20Whitepaper.pdf
NEW QUESTION 49
Your company has been storing a lot of data in Amazon Glacier and has asked for an inventory of what is in there exactly. So you have decided that you need to
NEW QUESTION 33 download a vault inventory. Which of the following statements is incorrect in relation to Vault Operations in Amazon Glacier?
You need to set up a complex network infrastructure for your organization that will be reasonably easy to deploy, replicate, control, and track changes on. Which
AWS service would be best to use to help you accomplish this? A. You can use Amazon Simple Notification Service (Amazon SNS) notifications to notify you when the job completes.
B. A vault inventory refers to the list of archives in a vault.
A. AWS Import/Export C. You can use Amazon Simple Queue Service (Amazon SQS) notifications to notify you when the job completes.
B. AWS CIoudFormation D. Downloading a vault inventory is an asynchronous operatio
C. Amazon Route 53
D. Amazon CIoudWatch Answer: C
Answer: B Explanation:
Amazon Glacier supports various vault operations.
Explanation: A vault inventory refers to the list of archives in a vault. For each archive in the list, the inventory provides archive information such as archive ID, creation date,
AWS CIoudFormation is a service that helps you model and set up your Amazon Web Services resources so that you can spend less time managing those and size. Amazon Glacier updates the vault inventory approximately once a day, starting on the day the first archive is uploaded to the vault. A vault inventory
resources and more time focusing on your applications that run in AWS. You create a template that describes all the AWS resources that you want (like Amazon must exist for you to be able to download it.
EC2 instances or Amazon RDS DB instances), and AWS CIoudFormation takes care of provisioning and configuring those resources for you. You don't need to Downloading a vault inventory is an asynchronous operation. You must first initiate a job to download the inventory. After receMng the job request, Amazon Glacier
indMdually create and configure AWS resources prepares your inventory for download. After the job completes, you can download the inventory data.
and figure out what's dependent on what. AWS CIoudFormation handles all of that. Given the asynchronous nature of the job, you can use Amazon Simple Notification Service (Amazon SNS) notifications to notify you when the job completes. You
Reference: http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/WeIcome.htmI can specify an Amazon SNS topic for each indMdual job request or configure your vault to send a notification when specific vault events occur. Amazon Glacier
prepares an inventory for each vault periodically, every 24 hours. If there have been no archive additions or deletions to the vault since the last inventory, the
inventory date is not updated. When you initiate a job for a vault inventory, Amazon Glacier returns the last inventory it generated, which is a point-in-time snapshot
NEW QUESTION 36 and not real-time data. You might not find it useful to retrieve vault inventory for each archive upload. However, suppose you maintain a database on the client-side
Which of the following AWS CLI commands is syntactically incorrect? associating metadata about the archives you upload to Amazon Glacier. Then, you might find the vault inventory useful to reconcile information in your database
1. $ aws ec2 describe-instances with the actual vault inventory.
2. $ aws ec2 start-instances --instance-ids i-1348636c Reference: http://docs.aws.amazon.com/amazongIacier/latest/dev/working-with-vaults.html
3. $ aws sns publish --topic-arn arn:aws:sns:us-east-1:546419318123:OperationsError -message "Script Failure"
4. $ aws sqs receive-message --queue-urI https://queue.amazonaws.com/546419318123/Test
NEW QUESTION 50
A. 3 A customer enquires about whether all his data is secure on AWS and is especially concerned about Elastic Map Reduce (EMR) so you need to inform him of
B. 4 some of the security features in place for AWS. Which of the below statements would be an incorrect response to your customers enquiry?
C. 2
D. 1 A. Amazon ENIR customers can choose to send data to Amazon S3 using the HTTPS protocol for secure transmission.
B. Amazon S3 provides authentication mechanisms to ensure that stored data is secured against unauthorized access.
Answer: A C. Every packet sent in the AWS network uses Internet Protocol Security (IPsec).
D. Customers may encrypt the input data before they upload it to Amazon S3.
Explanation:
The following CLI command is missing a hyphen before "-message". Answer: C
aws sns publish --topic-arn arn:aws:sns:us-east-1:546419318123:OperationsError -message "Script Failure"
It has been added below in red Explanation:
aws sns publish --topic-arn arn:aws:sns:us-east-1:546419318123:OperationsError ---message "Script Failure" Amazon S3 provides authentication mechanisms to ensure that stored data is secured against unauthorized access. Unless the customer who is uploading the
Reference: http://aws.amazon.com/c|i/ data specifies otherwise, only that customer can access the data. Amazon EMR customers can also choose to send data to Amazon S3
using the HTTPS protocol for secure transmission. In addition, Amazon EMR always uses HTTPS to send data between Amazon S3 and Amazon EC2. For added
security, customers may encrypt the input data before they upload it to Amazon S3 (using any common data compression tool); they then need to add a decryption
NEW QUESTION 41 step to the beginning of their cluster when Amazon EMR fetches the data from Amazon S3. Reference: https://aws.amazon.com/elasticmapreduce/faqs/
An organization has developed a mobile application which allows end users to capture a photo on their mobile device, and store it inside an application. The
application internally uploads the data to AWS S3. The organization wants each user to be able to directly upload data to S3 using their Google ID. How will the
mobile app allow this? NEW QUESTION 51
You need to measure the performance of your EBS volumes as they seem to be under performing. You have come up with a measurement of 1,024 KB I/O but
A. Use the AWS Web identity federation for mobile applications, and use it to generate temporary security credentials for each user. your colleague tells you that EBS volume performance is measured in IOPS. How many IOPS is equal to 1,024 KB I/O?
B. It is not possible to connect to AWS S3 with a Google ID.
C. Create an IAM user every time a user registers with their Google ID and use IAM to upload files to S3. A. 16
D. Create a bucket policy with a condition which allows everyone to upload if the login ID has a Google part to it. B. 256
C. 8
Answer: A D. 4
Explanation: Answer: D
For Amazon Web Services, the Web identity federation allows you to create cloud-backed mobile apps that use public identity providers, such as login with
Explanation: Amazon S3 supports several mechanisms that give you filexibility to control who can access your data as well as how, when, and where they can access it.
Several factors can affect the performance of Amazon EBS volumes, such as instance configuration, I/O characteristics, workload demand, and storage Amazon S3 provides four different access control mechanisms: AWS Identity and Access Management (IAM) policies, Access Control Lists (ACLs), bucket
configuration. policies, and query string authentication. IAM enables organizations to create and manage multiple users under a single AWS account. With IAM policies, you can
IOPS are input/output operations per second. Amazon EBS measures each I/O operation per second grant IAM users fine-grained control to your Amazon S3 bucket or objects. You can use ACLs to selectively add (grant) certain permissions on indMdual objects.
(that is 256 KB or smaller) as one IOPS. I/O operations that are larger than 256 KB are counted in 256 KB capacity units. Amazon S3 bucket policies can be used to add or deny permissions across some or all of the objects within a single bucket.
For example, a 1,024 KB I/O operation would count as 4 IOPS. With Query string authentication, you have the ability to share Amazon S3 objects through URLs that are
When you provision a 4,000 IOPS volume and attach it to an EBS-optimized instance that can provide the necessary bandwidth, you can transfer up to 4,000 valid for a specified period of time.
chunks of data per second (provided that the I/O does not exceed the 128 MB/s per volume throughput limit of General Purpose (SSD) and Provisioned IOPS Reference: http://aws.amazon.com/s3/detai|s/#security
(SSD) volumes).
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSPerformance.htmI
NEW QUESTION 70
Which of the following statements is true of creating a launch configuration using an EC2 instance?
NEW QUESTION 54
Having set up a website to automatically be redirected to a backup website if it fails, you realize that there are different types of failovers that are possible. You A. The launch configuration can be created only using the Query APIs.
need all your resources to be available the majority of the time. Using Amazon Route 53 which configuration would best suit this requirement? B. Auto Scaling automatically creates a launch configuration directly from an EC2 instance.
C. A user should manually create a launch configuration before creating an Auto Scaling group.
A. Active-active failover. D. The launch configuration should be created manually from the AWS CL
B. Non
C. Route 53 can't failover. Answer: B
D. Active-passive failover.
E. Active-active-passive and other mixed configuration Explanation:
You can create an Auto Scaling group directly from an EC2 instance. When you use this feature, Auto Scaling automatically creates a launch configuration for you
Answer: A as well.
Reference:
Explanation: http://docs.aws.amazon.com/AutoScaling/latest/DeveIoperGuide/create-Ic-with-instancelD.htmI
You can set up a variety of failover configurations using Amazon Route 53 alias: weighted, latency, geolocation routing, and failover resource record sets.
Active-active failover: Use this failover configuration when you want all of your resources to be available the majority of the time. When a resource becomes
unavailable, Amazon Route 53 can detect that it's unhealthy and stop including it when responding to queries. NEW QUESTION 75
Active-passive failover: Use this failover configuration when you want a primary group of resources to be available the majority of the time and you want a A user has created an application which will be hosted on EC2. The application makes calls to DynamoDB to fetch certain data. The application is using the
secondary group of resources to be on standby in case all of the primary resources become unavailable. When responding to queries, Amazon Route 53 includes DynamoDB SDK to connect with from the EC2 instance. Which of the below mentioned statements is true with respect to the best practice for security in this
only the healthy primary resources. If all of the primary resources are unhealthy, Amazon Route 53 begins to include only the healthy secondary resources in scenario?
response to DNS queries.
Active-active-passive and other mixed configurations: You can combine alias and non-alias resource record sets to produce a variety of Amazon Route 53 A. The user should create an IAM user with DynamoDB access and use its credentials within the application to connect with DynamoDB
behaviors. B. The user should attach an IAM role with DynamoDB access to the EC2 instance
Reference: http://docs.aws.amazon.com/Route53/Iatest/DeveIoperGuide/dns-failover.html C. The user should create an IAM role, which has EC2 access so that it will allow deploying the application
D. The user should create an IAM user with DynamoDB and EC2 acces
E. Attach the user with the application so that it does not use the root account credentials
NEW QUESTION 59
You decide that you need to create a number of Auto Scaling groups to try and save some money as you have noticed that at certain times most of your EC2 Answer: B
instances are not being used. By default, what is the maximum number of Auto Scaling groups that AWS will allow you to create?
Explanation:
A. 12 With AWS IAM a user is creating an application which runs on an EC2 instance and makes requests to
B. Unlimited AWS, such as DynamoDB or S3 calls. Here it is recommended that the user should not create an IAM user and pass the user's credentials to the application or
C. 20 embed those credentials inside the application. Instead, the user should use roles for EC2 and give that role access to DynamoDB /S3. When the roles are
D. 2 attached to EC2, it will give temporary security credentials to the application hosted on that EC2, to connect with DynamoDB / S3.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_WorkingWithGroupsAndUsers.htmI
Answer: C
Explanation: NEW QUESTION 79

Auto Scaling is an AWS service that allows you to increase or decrease the number of EC2 instances within your appIication's architecture. With Auto Scaling, you You are building a system to distribute confidential documents to employees. Using CIoudFront, what method could be used to serve content that is stored in S3,
create collections of EC2 instances, called Auto Scaling groups. You can create these groups from scratch, or from existing EC2 instances that are already in but not publically accessible from S3 directly?
production.
Reference: http://docs.aws.amazon.com/general/latest/gr/aws_service_|imits.htm|#Iimits_autoscaIing A. Add the CIoudFront account security group "amazon-cf/amazon-cf-sg" to the appropriate S3 bucket policy.
B. Create a S3 bucket policy that lists the C|oudFront distribution ID as the Principal and the target bucket as the Amazon Resource Name (ARN).
C. Create an Identity and Access Management (IAM) User for CIoudFront and grant access to the objects in your S3 bucket to that IAM User.
NEW QUESTION 63 D. Create an Origin Access Identity (OAI) for CIoudFront and grant access to the objects in your S3 bucket to that OAI.
Does AWS CIoudFormation support Amazon EC2 tagging?
Answer: D
A. Yes, AWS CIoudFormation supports Amazon EC2 tagging
B. No, CIoudFormation doesn’t support any tagging Explanation:
C. No, it doesn’t support Amazon EC2 tagging. You restrict access to Amazon S3 content by creating an origin access identity, which is a special CIoudFront user. You change Amazon S3 permissions to give
D. It depends if the Amazon EC2 tagging has been defined in the templat the origin access identity permission to access your objects, and to remove permissions from everyone else. When your users access your Amazon S3 objects
using CIoudFront URLs, the CIoudFront origin access identity gets the objects on your users' behalf. If your users try to access objects using Amazon S3 URLs,
Answer: A they're denied access. The origin access identity has permission to access objects in your Amazon S3 bucket, but users don't. Reference:
http://docs.aws.amazon.com/AmazonCIoudFront/latest/Deve|operGuide/private-content-restricting-acces s-to-s3.htmI
Explanation:
In AWS CIoudFormation, Amazon EC2 resources that support the tagging feature can also be tagged in an AWS template. The tag values can refer to template
parameters, other resource names, resource attribute values (e.g. addresses), or values computed by simple functions (e.g., a concatenated list of strings). NEW QUESTION 84
Reference: http://aws.amazon.com/c|oudformation/faqs/ Which one of the following answers is not a possible state of Amazon CIoudWatch Alarm?
A. INSUFFICIENT_DATA
NEW QUESTION 67 B. ALARM
Amazon S3 allows you to set per-file permissions to grant read and/or write access. However you have decided that you want an entire bucket with 100 files C. OK
already in it to be accessible to the public. You don't want to go through 100 files indMdually and set permissions. What would be the best way to do this? D. STATUS_CHECK_FAILED
A. Move the bucket to a new region Answer: D

B. Add a bucket policy to the bucket.
C. Move the files to a new bucket. Explanation:
D. Use Amazon EBS instead of S3 Amazon CIoudWatch Alarms have three possible states: OK: The metric is within the defined threshold ALARM: The metric is outside of the defined threshold
INSUFFICIENT_DATA: The alarm has just started, the metric is not available, or not enough data is available for the metric to determine the alarm state
Answer: B Reference: http://docs.aws.amazon.com/AmazonCIoudWatch/latest/DeveloperGuide/AlarmThatSendsEmaiI.html
Explanation:
NEW QUESTION 88 B
A user is planning to launch a scalable web application. Which of the below mentioned options will not affect the latency of the application?
Explanation:
A. Region. Amazon VPC provides two features that you can use to increase security for your VPC:
B. Provisioned IOPS. Security groups—Act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level
C. Availability Zone. Network access control lists (ACLs)—Act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level
D. Instance siz Security groups are stateful: (Return traffic is automatically allowed, regardless of any rules) Network ACLs are stateless: (Return traffic must be explicitly allowed
by rules)
Answer: C Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Security.html
Explanation:
In AWS, the instance size decides the I/O characteristics. The provisioned IOPS ensures higher throughput, and lower latency. The region does affect the latency; NEW QUESTION 102
latency will always be less when the instance is near to the end user. Within a region the user uses any AZ and this does not affect the latency. The AZ is mainly You have multiple VPN connections and want to provide secure communication between sites using the AWS VPN CIoudHub. Which statement is the most
for fault toleration or HA. accurate in describing what you must do to set this up correctly?
Reference: http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf
A. Create a virtual private gateway with multiple customer gateways, each with unique Border Gateway Protocol (BGP) Autonomous System Numbers (ASNs)
B. Create a virtual private gateway with multiple customer gateways, each with a unique set of keys
NEW QUESTION 90 C. Create a virtual public gateway with multiple customer gateways, each with a unique Private subnet
Name the disk storage supported by Amazon Elastic Compute Cloud (EC2). D. Create a virtual private gateway with multiple customer gateways, each with unique subnet id
A. None of these Answer: A

B. Amazon AppStream store
C. Amazon SNS store Explanation:
D. Amazon Instance Store If you have multiple VPN connections, you can provide secure communication between sites using the AWS VPN CIoudHub. The VPN CIoudHub operates on a
simple hub-and-spoke model that you can use with or without a VPC. This design is suitable for customers with multiple branch offices and existing Internet
Answer: D connections who'd like to implement a convenient, potentially low-cost hub-and-spoke model for primary or backup connectMty between these remote offices.
To use the AWS VPN CIoudHub, you must create a virtual private gateway with multiple customer
Explanation: gateways, each with unique Border Gateway Protocol (BGP) Autonomous System Numbers (ASNs). Customer gateways advertise the appropriate routes (BGP
Amazon EC2 supports the following storage options: Amazon Elastic Block Store (Amazon EBS) Amazon EC2 Instance Store Amazon Simple Storage Service prefixes) over their VPN connections. These routing advertisements are received and re-advertised to each BGP peer, enabling each site to send data to and
(Amazon S3) receive data from the other sites. The routes for each spoke must have unique ASNs and the sites must not have overlapping IP ranges. Each site can also send
Reference: http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/Storage.html and receive data from the VPC as if they were using a standard VPN connection.
Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPN_CIoudHub.htmI
NEW QUESTION 95
A scope has been handed to you to set up a super fast gaming server and you decide that you will use Amazon DynamoDB as your database. For efficient access NEW QUESTION 104
to data in a table, Amazon DynamoDB creates and maintains indexes for the primary key attributes. A secondary index is a data structure that contains a subset of Which one of the below is not an AWS Storage Service?
attributes from a table, along with an alternate key to support Query operations. How many types of secondary indexes does DynamoDB support?
A. Amazon S3
A. 2 B. Amazon Glacier
B. 16 C. Amazon CIoudFront
C. 4 D. Amazon EBS
D. As many as you nee
Answer: C
Answer: A
Explanation:
Explanation: AWS Storage Services are: Amazon S3
DynamoDB supports two types of secondary indexes: Amazon Glacier Amazon EBS
Local secondary index — an index that has the same hash key as the table, but a different range key. A local secondary index is "IocaI" in the sense that every AWS Storage Gateway
partition of a local secondary index is scoped to a table partition that has the same hash key. Reference: https://consoIe.aws.amazon.com/console
Global secondary index — an index with a hash and range key that can be different from those on the table. A global secondary index is considered "gIobaI"
because queries on the index can span all of the data in a table, across all partitions.
Reference: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Secondarylndexes.html NEW QUESTION 107
Regarding Amazon Route 53, if your application is running on Amazon EC2 instances in two or more Amazon EC2 regions and if you have more than one Amazon
EC2 instance in one or more regions, you can use to route traffic to the correct region and then use to route traffic to instances
NEW QUESTION 96 within the region, based on probabilities that you specify.
A user has set up the CIoudWatch alarm on the CPU utilization metric at 50%, with a time interval of 5 minutes and 10 periods to monitor. What will be the state of
the alarm at the end of 90 minutes, if the CPU utilization is constant at 80%? A. weighted-based routing; alias resource record sets
B. latency-based routing; weighted resource record sets
A. ALERT C. weighted-based routing; weighted resource record sets
B. ALARM D. latency-based routing; alias resource record sets
C. OK
D. INSUFFICIENT_DATA Answer: B
Answer: B Explanation:
Regarding Amazon Route 53, if your application is running on Amazon EC2 instances in two or more Amazon EC2 regions, and if you have more than one
Explanation: Amazon EC2 instance in one or more regions, you can use latency-based routing to route traffic to the correct region and then use weighted resource record sets
In this case the alarm watches a metric every 5 minutes for 10 intervals. Thus, it needs at least 50 minutes to come to the "OK" state. to route traffic to instances within the region based on weights that you specify.
Till then it will be in the |NSUFFUCIENT_DATA state. Reference: http://docs.aws.amazon.com/Route53/Iatest/DeveIoperGuide/Tutorials.html
Since 90 minutes have passed and CPU utilization is at 80% constant, the state of alarm will be "ALARNI". Reference:
http://docs.aws.amazon.com/AmazonCIoudWatch/latest/DeveloperGuide/AlarmThatSendsEmaiI.html
NEW QUESTION 109
A user is currently building a website which will require a large number of instances in six months, when a demonstration of the new site will be given upon launch.
NEW QUESTION 99 Which of the below mentioned options allows the user to procure the resources beforehand so that they need not worry about infrastructure availability during the
You need to set up security for your VPC and you know that Amazon VPC provides two features that you can use to increase security for your VPC: security demonstration?
groups and network access control lists (ACLs). You have already looked into security groups and you are now trying to understand ACLs. Which statement below
is incorrect in relation to ACLs? A. Procure all the instances as reserved instances beforehand.
B. Launch all the instances as part of the cluster group to ensure resource availability.
A. Supports allow rules and deny rules. C. Pre-warm all the instances one month prior to ensure resource availability.
B. Is stateful: Return traffic is automatically allowed, regardless of any rules. D. Ask AWS now to procure the dedicated instances in 6 month
C. Processes rules in number order when deciding whether to allow traffic.
D. Operates at the subnet level (second layer of defense). Answer: A
Answer: Explanation:
Amazon Web Services has massive hardware resources at its data centers, but they are finite. The best way for users to maximize their access to these resources D
is by reserving a portion of the computing capacity that they require. This can be done through reserved instances. With reserved instances, the user literally
reserves the computing capacity in the Amazon Web Services cloud. Explanation:
Reference: http://media.amazonwebservices.com/AWS_Building_FauIt_To|erant_AppIications.pdf If your application is running on Amazon EC2 instances in two or more Amazon EC2 regions, and if you have more than one Amazon EC2 instance in one or more
regions, you can use latency-based routing to route traffic to the correct region and then use weighted resource record sets to route traffic to instances within the
region based on weights that you specify.
NEW QUESTION 110 For example, suppose you have three Amazon EC2 instances with Elastic IP addresses in the US East (Virginia) region and you want to distribute requests across
You receive a bill from AWS but are confused because you see you are incurring different costs for the exact same storage size in different regions on Amazon S3. all three IPs evenly for users for whom US East (Virginia) is the appropriate region. Just one Amazon EC2 instance is sufficient in the other regions, although you
You ask AWS why this is so. What response would you expect to receive from AWS? can apply the same technique to many regions at once.
Reference: http://docs.aws.amazon.com/Route53/Iatest/DeveIoperGuide/Tutorials.html
A. We charge less in different time zones.
B. We charge less where our costs are less.
C. This will balance out next bill. NEW QUESTION 125
D. It must be a mistak In Amazon EC2, what is the limit of Reserved Instances per Availability Zone each month?
Answer: B A. 5
B. 20
Explanation: C. 50
Amazon S3 is storage for the internet. |t’s a simple storage service that offers software developers a highly-scalable, reliable, and low-latency data storage D. 10
infrastructure at very low costs.
AWS charges less where their costs are less. Answer: B
For example, their costs are lower in the US Standard Region than in the US West (Northern California) Region.
Reference: https://aws.amazon.com/s3/faqs/ Explanation:
There are 20 Reserved Instances per Availability Zone in each month.
Reference: http://docs.aws.amazon.com/generaI/latest/gr/aws_service_Iimits.html
NEW QUESTION 112
What is the default maximum number of Access Keys per user?
NEW QUESTION 130
A. 10 You have just finshed setting up an advertisement server in which one of the obvious choices for a service was Amazon Elastic Map Reduce( EMR) and are now
B. 15 troubleshooting some weird cluster states that you are seeing. Which of the below is not an Amazon EMR cluster state?
C. 2
D. 20 A. STARTING
B. STOPPED
Answer: C C. RUNNING
D. WAITING
Explanation:
The default maximum number of Access Keys per user is 2. Answer: B
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.htmI
Explanation:
Amazon Elastic Map Reduce (EMR) is a web service that enables businesses, researchers, data analysts, and developers to easily and cost-effectively process
NEW QUESTION 113 vast amounts of data.
Doug has created a VPC with CIDR 10.201.0.0/16 in his AWS account. In this VPC he has created a public subnet with CIDR block 10.201.31.0/24. While Amazon EMR historically referred to an Amazon EMR cluster (and all processing steps assigned to it) as a "c|uster". Every cluster has a unique identifier that
launching a new EC2 from the console, he is not able to assign the private IP address 10.201.31.6 to this instance. Which is the most likely reason for this issue? starts with "j-".
The different cluster states of an Amazon EMR cluster are listed below. STARTING — The cluster provisions, starts, and configures EC2 instances.
A. Private IP address 10.201.31.6 is blocked via ACLs in Amazon infrastructure as a part of platform security. BOOTSTRAPPING — Bootstrap actions are being executed on the cluster. RUNNING — A step for the cluster is currently being run.
B. Private address IP 10.201.31.6 is currently assigned to another interface. WAITING — The cluster is currently active, but has no steps to run. TERMINATING - The cluster is in the process of shutting down. TERMINATED - The cluster
C. Private IP address 10.201.31.6 is not part of the associated subnet's IP address range. was shut down without error. TERMINATED_W|TH_ERRORS - The cluster was shut down with errors.
D. Private IP address 10.201.31.6 is reserved by Amazon for IP networking purpose Reference: https://aws.amazon.com/elasticmapreduce/faqs/
Answer: B
NEW QUESTION 135
Explanation: Is it possible to get a history of all EC2 API calls made on your account for security analysis and operational troubleshooting purposes?
In Amazon VPC, you can assign any Private IP address to your instance as long as it is: Part of the associated subnet's IP address range
Not reserved by Amazon for IP networking purposes Not currently assigned to another interface Reference: http://aws.amazon.com/vpc/faqs/ A. Yes, by default, the history of your API calls is logged.
B. Yes, you should turn on the CIoudTraiI in the AWS console.
C. No, you can only get a history of VPC API calls.
NEW QUESTION 116 D. No, you cannot store history of EC2 API calls on Amazon.
Which of the following statements is true of tagging an Amazon EC2 resource?
Answer: B
A. You don't need to specify the resource identifier while terminating a resource.
B. You can terminate, stop, or delete a resource based solely on its tags. Explanation:
C. You can't terminate, stop, or delete a resource based solely on its tags. To get a history of all EC2 API calls (including VPC and EBS) made on your account, you simply turn on C|oudTrai| in the AWS Management Console.
D. You don't need to specify the resource identifier while stopping a resourc Reference: https://aws.amazon.com/ec2/faqs/
Answer: C
NEW QUESTION 139
Explanation: What happens to Amazon EBS root device volumes, by default, when an instance terminates?
You can assign tags only to resources that already exist. You can't terminate, stop, or delete a resource based solely on its tags; you must specify the resource
identifier. A. Amazon EBS root device volumes are moved to IAM.
Reference: http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/Using_Tags.html B. Amazon EBS root device volumes are copied into Amazon RDS.
C. Amazon EBS root device volumes are automatically deleted.
D. Amazon EBS root device volumes remain in the database until you delete the
NEW QUESTION 121
You have three Amazon EC2 instances with Elastic IP addresses in the US East (Virginia) region, and you want to distribute requests across all three IPs evenly Answer: C
for users for whom US East (Virginia) is the appropriate region.
How many EC2 instances would be sufficient to distribute requests in other regions? Explanation:
By default, Amazon EBS root device volumes are automatically deleted when the instance terminates. Reference:
A. 3 http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html
B. 9
C. 2
D. 1 NEW QUESTION 144
Mike is appointed as Cloud Consultant in Netcrak Inc. Netcrak has the following VPCs set-up in the US East Region:
Answer:
A VPC with CIDR block 10.10.0.0/16, a subnet in that VPC with CIDR block 10.10.1.0/24 A VPC with CIDR block 10.40.0.0/16, a subnet in that VPC with CIDR A. DB Subnet Set
block 10.40.1.0/24 B. RDS Subnet Group
Netcrak Inc is trying to establish network connection between two subnets, a subnet with CIDR block 10.10.1.0/24 and another subnet with CIDR block C. DB Subnet Group
10.40.1.0/24. Which one of the following solutions should Mke recommend to Netcrak Inc? D. DB Subnet Collection
A. Create 2 Virtual Private Gateways and configure one with each VPC. Answer: C
B. Create one EC2 instance in each subnet, assign Elastic IPs to both instances, and configure a set up Site-to-Site VPN connection between both EC2 instances.
C. Create a VPC Peering connection between both VPCs. Explanation:
D. Create 2 Internet Gateways, and attach one to each VP DB Subnet Groups are a set of subnets (one per Availability Zone of a particular region) designed for your DB instances that reside in a VPC. They make easy to
manage Multi-AZ deployments as well as the conversion from a Single-AZ to a Mut|i-AZ one.
Answer: C Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.RDSVPC.htmI
Explanation:
A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IP addresses. EC2 NEW QUESTION 156
instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your own An organization has a statutory requirement to protect the data at rest for the S3 objects. Which of the below mentioned options need not be enabled by the
VPCs, or with a VPC in another AWS account within a single region. organization to achieve data security?
AWS uses the existing infrastructure of a VPC to create a VPC peering connection; it is neither a gateway nor a VPN connection, and does not rely on a separate
piece of physical hardware. A. MFA delete for S3 objects
Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-peering.htm| B. Client side encryption
C. Bucket versioning
D. Data replication
NEW QUESTION 147
How many types of block devices does Amazon EC2 support? Answer: D
A. 4 Explanation:
B. 5 AWS S3 provides multiple options to achieve the protection of data at REST. The options include Permission (Policy), Encryption (Client and Server Side), Bucket
C. 2 Versioning and MFA based delete. The user can enable any of these options to achieve data protection. Data replication is an internal facility by AWS where S3
D. 1 replicates each object across all the Availability Zones and the organization need not
enable it in this case.
Answer: C Reference: http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf
Explanation:
Amazon EC2 supports 2 types of block devices. Reference: NEW QUESTION 160
http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html In Amazon Elastic Compute Cloud, which ofthe following is used for communication between instances in the same network (EC2-Classic or a VPC)?
A. Private IP addresses
NEW QUESTION 148 B. Elastic IP addresses
You are setting up some IAM user policies and have also become aware that some services support resource-based permissions, which let you attach policies to C. Static IP addresses
the service's resources instead of to IAM users or groups. Which of the below statements is true in regards to resource-level permissions? D. Public IP addresses
A. All services support resource-level permissions for all actions. Answer: A

B. Resource-level permissions are supported by Amazon CIoudFront
C. All services support resource-level permissions only for some actions. Explanation:
D. Some services support resource-level permissions only for some action A private IP address is an IP address that's not reachable over the Internet. You can use private IP addresses for communication between instances in the same
network (EC2-Classic or a VPC). Reference:
Answer: D http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/using-instance-addressing.htmI
Explanation:
AWS Identity and Access Management is a web service that enables Amazon Web Services (AWS) customers to manage users and user permissions in AWS. NEW QUESTION 165
The service is targeted at organizations with multiple users or systems that use AWS products such as Amazon EC2, Amazon RDS, and the AWS Management AWS Identity and Access Management is a web service that enables Amazon Web Services (AWS) customers to manage users and user permissions in AWS. In
Console. With IAM, you can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users can addition to supporting IAM user policies, some services support resource-based permissions. Which of the following services are supported by
access. resource-based permissions?
In addition to supporting IAM user policies, some services support resource-based permissions, which let you attach policies to the service's resources instead of
to IAM users or groups. Resource-based permissions are supported by Amazon S3, Amazon SNS, and Amazon SQS. A. Amazon SNS, and Amazon SQS and AWS Direct Connect.
The resource-level permissions service supports IAM policies in which you can specify indMdual resources using Amazon Resource Names (ARNs) in the poIicy's B. Amazon S3 and Amazon SQS and Amazon EIastiCache.
Resource element. C. Amazon S3, Amazon SNS, Amazon SQS, Amazon Glacier and Amazon EBS.
Some services support resource-level permissions only for some actions. D. Amazon Glacier, Amazon SNS, and Amazon CIoudWatch
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_SpecificProducts.html
Answer: C

You have created a Route 53 latency record set from your domain to a machine in Northern Virginia and a similar record to a machine in Sydney. In addition to supporting IAM user policies, some services support resource-based permissions, which let you attach policies to the service's resources instead of
When a user located in U S visits your domain he will be routed to: to IAM users or groups. Resource-based permissions are supported by Amazon S3, Amazon SNS, Amazon SQS, Amazon Glacier and Amazon EBS.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_SpecificProducts.htm|
A. Northern Virginia
B. Sydney
C. Both, Northern Virginia and Sydney NEW QUESTION 170
D. Depends on the Weighted Resource Record Sets Content and IV|edia Server is the latest requirement that you need to meet for a client.
The client has been very specific about his requirements such as low latency, high availability, durability, and access control. Potentially there will be millions of
Answer: A views on this server and because of "spiky" usage patterns, operations teams will need to provision static hardware, network, and management resources to
support the maximum expected need. The Customer base will be initially low but is expected to grow and become more geographically distributed.
Explanation: Which of the following would be a good solution for content distribution?
If your application is running on Amazon EC2 instances in two or more Amazon EC2 regions, and if you have more than one Amazon EC2 instance in one or more
regions, you can use latency-based routing to route traffic to the correct region and then use weighted resource record sets to route traffic to instances within the A. Amazon S3 as both the origin server and for caching
region based on weights that you specify. B. AWS Storage Gateway as the origin server and Amazon EC2 for caching
For example, suppose you have three Amazon EC2 instances with Elastic IP addresses in the US East (Virginia) region and you want to distribute requests across C. AWS CIoudFront as both the origin server and for caching
all three IPs evenly for users for whom US East (Virginia) is the appropriate region. Just one Amazon EC2 instance is sufficient in the other regions, although you D. Amazon S3 as the origin server and Amazon CIoudFront for caching
can apply the same technique to many regions at once.
Reference: http://docs.aws.amazon.com/Route53/Iatest/DeveIoperGuide/Tutorials.html Answer: D
Explanation:
NEW QUESTION 153 As your customer base grows and becomes more geographically distributed, using a high- performance edge cache like Amazon CIoudFront can provide
A for a VPC is a collection of subnets (typically private) that you may want to designate for your backend RDS DB Instances.
substantial improvements in latency, fault tolerance, and cost. monitor your web application. Because you live in Sydney you have chosen the the Asia Pacific (Sydney) region in the AWS console. However you have set up
By using Amazon S3 as the origin server for the Amazon CIoudFront distribution, you gain the advantages of fast in-network data transfer rates, simple this up but no CIoudFront metrics seem to be appearing in the CIoudWatch console. What is the most likely reason from the possible choices below for this?
publishing/caching workflow, and a unified security framework.
Amazon S3 and Amazon CIoudFront can be configured by a web service, the AWS Management Console, or a host of third-party management tools. A. Metrics for CIoudWatch are available only when you choose the same region as the application you aremonitoring.
Reference:http://media.amazonwebservices.com/architecturecenter/AWS_ac_ra_media_02.pdf B. You need to pay for CIoudWatch for it to become active.
C. Metrics for CIoudWatch are available only when you choose the US East (
D. Virginia)
NEW QUESTION 175 E. Metrics for CIoudWatch are not available for the Asia Pacific region as ye
You are setting up your first Amazon Virtual Private Cloud (Amazon VPC) network so you decide you should probably use the AWS Management Console and the
VPC Wizard. Which of the following is not an option for network architectures after launching the "Start VPC Wizard" in Amazon VPC page on the AWS Answer: C
Management Console?
Explanation:
A. VPC with a Single Public Subnet Only CIoudFront is a global service, and metrics are available only when you choose the US East (N. Virginia) region in the AWS console. If you choose another region,
B. VPC with a Public Subnet Only and Hardware VPN Access no CIoudFront metrics will appear in the CIoudWatch console.
C. VPC with Public and Private Subnets and Hardware VPN Access Reference:
D. VPC with a Private Subnet Only and Hardware VPN Access http://docs.aws.amazon.com/AmazonCIoudFront/latest/Deve|operGuide/monitoring-using-cloudwatch.ht ml
Answer: B
NEW QUESTION 185
Explanation: A friend wants you to set up a small BitTorrent storage area for him on Amazon S3. You tell him it is highly unlikely that AWS would allow such a thing in their
Amazon VPC enables you to build a virtual network in the AWS cloud - no VPNs, hardware, or physical datacenters required. infrastructure. However you decide to investigate. Which of the following statements best describes using BitTorrent with Amazon S3?
Your AWS resources are automatically provisioned in a ready-to-use default VPC. You can choose to create additional VPCs by going to Amazon VPC page on
the AWS Management Console and click on the "Start VPC Wizard" button. A. Amazon S3 does not support the BitTorrent protocol because it is used for pirated software.
You’II be presented with four basic options for network architectures. After selecting an option, you can modify the size and IP address range of the VPC and its B. You can use the BitTorrent protocol but only for objects that are less than 100 GB in size.
subnets. If you select an option with Hardware VPN Access, you will need to specify the IP address of the VPN hardware on your network. You can modify the C. You can use the BitTorrent protocol but you need to ask AWS for specific permissions first.
VPC to add more subnets or add or remove gateways at any time after the VPC has been created. D. You can use the BitTorrent protocol but only for objects that are less than 5 GB in siz
The four options are:
VPC with a Single Public Subnet Only VPC with Public and Private Subnets Answer: D
VPC with Public and Private Subnets and Hardware VPN Access VPC with a Private Subnet Only and Hardware VPN Access Reference:
https://aws.amazon.com/vpc/faqs/ Explanation:
BitTorrent is an open, peer-to-peer protocol for distributing files. You can use the BitTorrent protocol to retrieve any publicly-accessible object in Amazon S3.
Amazon S3 supports the BitTorrent protocol so that developers can save costs when distributing content at high scale. Amazon S3 is useful for simple, reliable
NEW QUESTION 177 storage of any data. The default distribution mechanism for Amazon S3 data is via client/server download. In client/server distribution, the entire object is
Which one of the below doesn't affect Amazon CIoudFront billing? transferred point-to-point from Amazon S3 to every authorized user who requests that object. While client/server delivery is appropriate for a wide variety of use
cases, it is not optimal for everybody. Specifically, the costs of client/server distribution increase linearly as the number of users downloading objects increases.
A. Distribution Type This can make it expensive to distribute popular objects.
B. Data Transfer Out BitTorrent addresses this problem by recruiting the very clients that are downloading the object as distributors themselves: Each client downloads some pieces of
C. Dedicated IP SSL Certificates the object from Amazon S3 and some from other clients, while simultaneously uploading pieces of the same object to other interested "peers." The benefit for
D. Requests publishers is that for large, popular files the amount of data actually supplied by Amazon S3 can be substantially lower than what it would have been sewing the
same clients via client/server download. Less data transferred means lower costs for the publisher of the object.
Answer: A Reference: http://docs.aws.amazon.com/AmazonS3/latest/dev/S3Torrent.html
Explanation:
Amazon CIoudFront is a web service for content delivery. C|oudFront delivers your content using a global network of edge locations and works seamlessly with NEW QUESTION 186
Amazon S3 which durably stores the original and definitive versions of your files. After a major security breach your manager has requested a report of all users and their credentials in AWS. You discover that in IAM you can generate and
Amazon CIoudFront billing is maily affected by Data Transfer Out download a credential report that lists all users in your account and the status of their various credentials, including passwords, access keys, MFA devices,
Edge Location Traffic Distribution Requests and signing certificates. Which following statement is incorrect in regards to the use of credential reports?
Dedicated IP SSL Certificates
Reference: http://calcu|ator.s3.amazonaws.com/index.htmI A. Credential reports are downloaded XML files.
B. You can get a credential report using the AWS Management Console, the AWS CLI, or the IAM API.
C. You can use the report to audit the effects of credential lifecycle requirements, such as password rotation.
NEW QUESTION 178 D. You can generate a credential report as often as once every four hour
Your company has multiple IT departments, each with their own VPC. Some VPCs are located within the same AWS account, and others in a different AWS
account. You want to peer together all VPCs to enable the IT departments to have full access to each others' resources. There are certain limitations placed on Answer: A
VPC peering. Which of the following statements is incorrect in relation to VPC peering?
Explanation:
A. Private DNS values cannot be resolved between instances in peered VPCs. To access your AWS account resources, users must have credentials.
B. You can have up to 3 VPC peering connections between the same two VPCs at the same time. You can generate and download a credential report that lists all users in your account and the status of their various credentials, including passwords, access
C. You cannot create a VPC peering connection between VPCs in different regions. keys, MFA devices, and signing certificates. You can get a credential report using the AWS Management Console, the AWS CLI, or the IAM API.
D. You have a limit on the number active and pending VPC peering connections that you can have per VPC. You can use credential reports to assist in your auditing and compliance efforts. You can use the report to audit the effects of credential lifecycle requirements,
such as password rotation. You can provide the report to an external auditor, or grant permissions to an auditor so that he or she can download the report directly.
Answer: B You can generate a credential report as often as once every four hours. When you request a report, IAM first checks whether a report for the account has been
generated within the past four hours. If so, the most recent report is downloaded. If the most recent report for the account is more than four hours old, or if there
Explanation: are no previous reports for the account, IAM generates and downloads a new report.
To create a VPC peering connection with another VPC, you need to be aware of the following limitations and rules: Credential reports are downloaded as comma-separated values (CSV) files.
You cannot create a VPC peering connection between VPCs that have matching or overlapping CIDR blocks. You can open CSV files with common spreadsheet software to perform analysis, or you can build an application that consumes the CSV files programmatically and
You cannot create a VPC peering connection between VPCs in different regions. performs custom analysis. Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html
You have a limit on the number active and pending VPC peering connections that you can have per VPC. VPC peering does not support transitive peering
relationships; in a VPC peering connection, your VPC will not have access to any other VPCs that the peer VPC may be peered with. This includes VPC peering
connections that are established entirely within your own AWS account. NEW QUESTION 191
You cannot have more than one VPC peering connection between the same two VPCs at the same time. The Maximum Transmission Unit (MTU) across a VPC In the most recent company meeting, your CEO focused on the fact that everyone in the organization needs to make sure that all of the infrastructure that is built is
peering connection is 1500 bytes. truly scalable. Which of the following statements is incorrect in reference to scalable architecture?
A placement group can span peered VPCs; however, you will not get full-bisection bandwidth between instances in peered VPCs.
Unicast reverse path forwarding in VPC peering connections is not supported. A. A scalable service is capable of handling heterogeneity.
You cannot reference a security group from the peer VPC as a source or destination for ingress or egress rules in your security group. Instead, reference CIDR B. A scalable service is resilient.
blocks of the peer VPC as the source or destination of your security group's ingress or egress rules. C. A scalable architecture won't be cost effective as it grows.
Private DNS values cannot be resolved between instances in peered VPCs. Reference: D. Increasing resources results in a proportional increase in performanc
http://docs.aws.amazon.com/AmazonVPC/Iatest/PeeringGuide/vpc-peering-overview.htmI#vpc-peering-Ii mitations
Answer: C

You are architecting a highly-scalable and reliable web application which will have a huge amount of content .You have decided to use Cloudfront as you know it In AWS it is critical to build a scalable architecture in order to take advantage of a scalable infrastructure. The cloud is designed to provide conceptually infinite
will speed up distribution of your static and dynamic web content and know that Amazon C|oudFront integrates with Amazon CIoudWatch metrics so that you can scalability. However, you cannot leverage all that scalability in infrastructure if your architecture is not scalable. Both have to work together. You will have to identify
the monolithic components and bottlenecks in your architecture, identify the areas where you cannot leverage the on-demand provisioning capabilities in your In Route 53, what does a Hosted Zone refer to?
architecture, and work to refactor your application, in order to leverage the scalable infrastructure and take advantage of the cloud.
Characteristics of a truly scalable application: A. A hosted zone is a collection of geographical load balancing rules for Route 53.
Increasing resources results in a proportional increase in performance A scalable service is capable of handling heterogeneity B. A hosted zone is a collection of resource record sets hosted by Route 53.
A scalable service is operationally efficient A scalable service is resilient C. A hosted zone is a selection of specific resource record sets hosted by CIoudFront for distribution to Route 53.
A scalable service should become more cost effective when it grows (Cost per unit reduces as the number of units increases) D. A hosted zone is the Edge Location that hosts the Route 53 records for a use
Reference: http://media.amazonwebservices.com/AWS_CIoud_Best_Practices.pdf
Answer: B

A user has defined an AutoScaIing termination policy to first delete the instance with the nearest billing hour. AutoScaIing has launched 3 instances in the US- A Hosted Zone refers to a selection of resource record sets hosted by Route 53.
East-1A region and 2 instances in the US-East-1 B region. One of the instances in the US-East-1B region is running nearest to the billing hour. Which instance will Reference: http://docs.aws.amazon.com/Route53/Iatest/DeveIoperGuide/AboutHostedZones.html
AutoScaIing terminate first while executing the termination action?
A. Random Instance from US-East-1A NEW QUESTION 212

B. Instance with the nearest billing hour in US-East-1 B While creating a network in the VPC, which of the following is true of a NAT device?
C. Instance with the nearest billing hour in US-East-1A
D. Random instance from US-East-1B A. You have to administer the NAT Gateway Service provided by AWS.
B. You can choose to use any of the three kinds of NAT devices offered by AWS for special purposes.
Answer: C C. You can use a NAT device to enable instances in a private subnet to connect to the Internet.
D. You are recommended to use AWS NAT instances over NAT gateways, as the instances provide better availability and bandwidth.
Explanation:
Even though the user has configured the termination policy, before AutoScaIing selects an instance to terminate, it first identifies the Availability Zone that has Answer: C
more instances than the other Availability Zones used by the group. Within the selected Availability Zone, it identifies the instance that matches the specified
termination policy. Explanation:
Reference: http://docs.aws.amazon.com/AutoScaIing/latest/DeveIoperGuide/us-termination-policy.html You can use a NAT device to enable instances in a private subnet to connect to the Internet (for example, for software updates) or other AWS services, but
prevent the Internet from initiating connections with the instances. AWS offers two kinds of NAT devices u a NAT gateway or a NAT instance. We recommend NAT
gateways, as they provide better availability and bandwidth over NAT instances. The NAT Gateway service is also a managed service that does not require your
NEW QUESTION 198 administration efforts. A NAT instance is launched from a NAT AM. You can choose to use a NAT instance for special purposes.
A user has configured a website and launched it using the Apache web server on port 80. The user is using ELB with the EC2 instances for Load Balancing. What Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat.html
should the user do to ensure that the EC2 instances accept requests only from ELB?
A. Configure the security group of EC2, which allows access to the ELB source security group NEW QUESTION 213
B. Configure the EC2 instance so that it only listens on the ELB port You need to create a management network using network interfaces for a virtual private cloud (VPC) network. Which of the following statements is incorrect
C. Open the port for an ELB static IP in the EC2 security group pertaining to Best Practices for Configuring Network Interfaces.
D. Configure the security group of EC2, which allows access only to the ELB listener
A. You can detach secondary (ethN) network interfaces when the instance is running or stoppe
Answer: A B. However, you can't detach the primary (eth0) interface.
C. Launching an instance with multiple network interfaces automatically configures interfaces, private IP addresses, and route tables on the operating system of
Explanation: the instance.
When a user is configuring ELB and registering the EC2 instances with it, ELB will create a source security group. If the user wants to allow traffic only from ELB, D. You can attach a network interface in one subnet to an instance in another subnet in the same VPC, however, both the network interface and the instance must
he should remove all the rules set for the other requests and open the port only for the ELB source security group. reside in the same Availability Zone.
Reference: E. Attaching another network interface to an instance is a valid method to increase or double the network bandwidth to or from the dual-homed instance
http://docs.aws.amazon.com/EIasticLoadBaIancing/latest/DeveIoperGuide/using-elb-security-groups.htmI
Answer: D

A user is planning a highly available application deployment with EC2. Which of the below mentioned options will not help to achieve HA? Best Practices for Configuring Network Interfaces
You can attach a network interface to an instance when it's running (hot attach), when it's stopped (warm attach), or when the instance is being launched (cold
A. Elastic IP address attach).
B. PIOPS You can detach secondary (ethN) network interfaces when the instance is running or stopped. However, you can't detach the primary (eth0) interface.
C. AMI You can attach a network interface in one subnet to an instance in another subnet in the same VPC, however, both the network interface and the instance must
D. Availability Zones reside in the same Availability Zone.
When launching an instance from the CLI or API, you can specify the network interfaces to attach to the instance for both the primary (eth0) and additional network
Answer: B interfaces.
Launching an instance with multiple network interfaces automatically configures interfaces, private IP addresses, and route tables on the operating system of the
Explanation: instance.
In Amazon Web Service, the user can achieve HA by deploying instances in multiple zones. The elastic IP helps the user achieve HA when one of the instances is A warm or hot attach of an additional network interface may require you to manually bring up the second interface, configure the private IP address, and modify the
down but still keeps the same URL. The AM helps launching the new instance. The PIOPS is for the performance of EBS and does not help for HA. Reference: route table accordingly. (Instances running Amazon Linux automatically recognize the warm or hot attach and configure themselves.)
http://media.amazonwebservices.com/AWS_Web_Hosting_Best_Practices.pdf Attaching another network interface to an instance is not a method to increase or double the network bandwidth to or from the dual-homed instance.
Reference:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.htmI#use-network-and-security-applia nces-in-your-vpc
NEW QUESTION 206
After deploying a new website for a client on AWS, he asks if you can set it up so that if it fails it can be automatically redirected to a backup website that he has
stored on a dedicated server elsewhere. You are wondering whether Amazon Route 53 can do this. Which statement below is correct in regards to Amazon Route NEW QUESTION 215
53? A user has launched an EC2 instance. The instance got terminated as soon as it was launched. Which of the below mentioned options is not a possible reason for
this?
A. Amazon Route 53 can't help detect an outag
B. You need to use another service. A. The user account has reached the maximum volume limit
C. Amazon Route 53 can help detect an outage of your website and redirect your end users to alternate locations. B. The AM is missin
D. Amazon Route 53 can help detect an outage of your website but can't redirect your end users to alternate locations. C. It is the required part
E. Amazon Route 53 can't help detect an outage of your website, but can redirect your end users to alternate locations. D. The snapshot is corrupt
E. The user account has reached the maximum EC2 instance limit
Answer: B
Answer: D
Explanation:
With DNS Failover, Amazon Route 53 can help detect an outage of your website and redirect your end users to alternate locations where your application is Explanation:
operating properly. When the user account has reached the maximum number of EC2 instances, it will not be allowed to launch an instance. AWS will throw an ‘Instance Limit
Reference: Exceeded’ error. For all other reasons, such as
http://aws.amazon.com/about-aws/whats-new/2013/02/11/announcing-dns-faiIover-for-route-53/ "AMI is missing part", "Corrupt Snapshot" or "VoIume limit has reached" it will launch an EC2 instance and then terminate it.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_|nstanceStraightToTerminated.html
NEW QUESTION 207
NEW QUESTION 219 Answer: B

George has launched three EC2 instances inside the US-East-1a zone with his AWS account. Ray has launched two EC2 instances in the US-East-Ia zone with
his AWS account. Which of the below mentioned statements will help George and Ray understand the availability zone (AZ) concept better? Explanation:
Consolidated Billing enables you to consolidate payment for multiple AWS accounts within your company by designating a single paying account. Consolidated
A. All the instances of George and Ray can communicate over a private IP with a minimal cost Billing enables you to see a combined view of AWS costs incurred by all accounts, as well as obtain a detailed cost report for each of the indMdual AWS accounts
B. The US-East-1a region of George and Ray can be different availability zones associated with your "Paying Account". Consolidated Billing is offered at no additional charge. Reference: https://aws.amazon.com/bi|Iing/faqs/
C. All the instances of George and Ray can communicate over a private IP without any cost
D. The instances of George and Ray will be running in the same data centre
NEW QUESTION 231
Answer: B A user is planning to host a mobile game on EC2 which sends notifications to active users on either high score or the addition of new features. The user should get
this notification when he is online on his mobile device. Which of the below mentioned AWS services can help achieve this functionality?
Explanation:
Each AWS region has multiple, isolated locations known as Availability Zones. To ensure that the AWS resources are distributed across the Availability Zones for a A. AWS Simple Notification Service.
region, AWS independently maps the Availability Zones to identifiers for each account. In this case the Availability Zone US-East-Ia where George’s EC2 B. AWS Simple Email Service.
instances are running might not be the same location as the US-East-Ia zone of Ray’s EC2 instances. There is no way for the user to coordinate the Availability C. AWS Nlobile Communication Service.
Zones between accounts. D. AWS Simple Queue Service.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html
Answer: A

Can you encrypt EBS volumes? Amazon Simple Notification Service (Amazon SNS) is a fast, filexible, and fully managed push messaging service. Amazon SNS makes it simple and cost-effective
to push to mobile devices, such as iPhone, iPad, Android, Kindle Fire, and internet connected smart devices, as well as pushing to other distributed services.
A. Yes, you can enable encryption when you create a new EBS volume using the AWS Management Console, API, or CLI. Reference: http://aws.amazon.com/sns
B. No, you should use a third-party software to perform raw block-level encryption of an EBS volume.
C. Yes, but you must use a third-party API for encrypting data before it's loaded on EBS.
D. Yes, you can encrypt with the special "ebs_encrypt" command through Amazon API NEW QUESTION 236
You have written a CIoudFormation template that creates I Elastic Load Balancer fronting 2 EC2 Instances. Which section of the template should you edit so that
Answer: A the DNS of the load balancer is returned upon creation of the stack?
Explanation: A. Resources
With Amazon EBS encryption, you can now create an encrypted EBS volume and attach it to a supported instance type. Data on the volume, disk I/O, and B. Outputs
snapshots created from the volume are then all encrypted. The encryption occurs on the servers that host the EC2 instances, providing encryption of data as it C. Parameters
moves between EC2 instances and EBS storage. EBS encryption is based on the industry standard AES-256 cryptographic algorithm. D. Mappings
To get started, simply enable encryption when you create a new EBS volume using the AWS Management Console, API, or CLI. Amazon EBS encryption is
available for all the latest EC2 instances in all commercially available AWS regions. Answer: B
Reference:
https://aws.amazon.com/about-aws/whats-new/2014/05/21/Amazon-EBS-encryption-now-avai|abIe/ Explanation:
You can use AWS CIoudFormation’s sample templates or create your own templates to describe the AWS resources, and any associated dependencies or
runtime parameters, required to run your application.
NEW QUESTION 224 Reference:
A user has created an ELB with Auto Scaling. Which of the below mentioned offerings from ELB helps the http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/outputs-section-structure.html
user to stop sending new requests traffic from the load balancer to the EC2 instance when the instance is being deregistered while continuing in-flight requests?
A. ELB sticky session NEW QUESTION 237

B. ELB deregistration check You have been asked to set up monitoring of your network and you have decided that Cloudwatch would be the best service to use. Amazon CIoudWatch monitors
C. ELB auto registration Off your Amazon Web Services (AWS) resources and the applications you run on AWS in real-time. You can use CIoudWatch to collect and track metrics, which are
D. ELB connection draining the variables you want to measure for your resources and applications. Which of the following items listed can AWS Cloudwatch monitor?
Answer: D A. Log files your applications generate.

B. All of the items listed on this page.
Explanation: C. System-wide visibility into resource utilization, application performance, and operational health.
The Elastic Load Balancer connection draining feature causes the load balancer to stop sending new requests to the back-end instances when the instances are D. Custom metrics generated by your applications and services .
deregistering or become unhealthy, while ensuring that in-flight requests continue to be served.
Reference: Answer: B
http://docs.aws.amazon.com/EIasticLoadBaIancing/latest/DeveIoperGuide/config-conn-drain.htmI
Explanation:
Amazon CIoudWatch can monitor AWS resources such as Amazon EC2 instances, Amazon DynamoDB tables, and Amazon RDS DB instances, as well as
NEW QUESTION 226 custom metrics generated by your applications and services, and any log files your applications generate. You can use Amazon CIoudWatch to gain
A user is running a webserver on EC2. The user wants to receive the SMS when the EC2 instance utilization is above the threshold limit. Which AWS services system-wide visibility into resource utilization, application performance, and operational health. You can use these insights to react and keep your application
should the user configure in this case? running smoothly.
Reference: http://aws.amazon.com/cIoudwatch/
A. AWS C|oudWatch + AWS SQS.
B. AWS CIoudWatch + AWS SNS.
C. AWS CIoudWatch + AWS SES. NEW QUESTION 241
D. AWS EC2 + AWS Cloudwatc How can you apply more than 100 rules to an Amazon EC2-Classic?
Answer: B A. By adding more security groups

B. You need to create a default security group specifying your required rules if you need to use more than 100 rules per security group.
Explanation: C. By default the Amazon EC2 security groups support 500 rules.
Amazon SNS makes it simple and cost-effective to push to mobile devices, such as iPhone, iPad, Android, Kindle Fire, and internet connected smart devices, as D. You can't add more than 100 rules to security groups for an Amazon EC2 instanc
well as pushing to other distributed services. In this case, the user can configure that Cloudwatch sends an alarm on when the threshold is crossed to SNS which
will trigger an SMS. Answer: D
Reference: http://aws.amazon.com/sns/
Explanation:
In EC2-Classic, you can associate an instance with up to 500 security groups and add up to 100 rules to a security group.
NEW QUESTION 229 Reference: http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/using-network-security.htmI
Your manager has come to you saying that he is very confused about the bills he is receMng from AWS as he is getting different bills for every user and needs you
to look into making it more understandable. Which of the following would be the best solution to meet his request?
NEW QUESTION 246
A. AWS Billing Aggregation You need to quickly set up an email-sending service because a client needs to start using it in the next hour. Amazon Simple Email Service (Amazon SES) seems
B. Consolidated Billing to be the logical choice but there are several options available to set it up. Which of the following options to set up SES would best meet the needs of the client?
C. Deferred Billing
D. Aggregated Billing
A. Amazon SES console

B. AWS CIoudFormation NEW QUESTION 262
C. SMTP Interface When controlling access to Amazon EC2 resources, each Amazon EBS Snapshot has a attribute that controls which AWS accounts can use the snapshot.
D. AWS Elastic Beanstalk
A. createVoIumePermission
Answer: A B. LaunchPermission
C. SharePermission
Explanation: D. RequestPermission
Amazon SES is an outbound-only email-sending service that provides an easy, cost-effective way for you to send email.
There are several ways that you can send an email by using Amazon SES. You can use the Amazon SES console, the Simple Mail Transfer Protocol (SMTP) Answer: A
interface, or you can call the Amazon SES API. Amazon SES consoIe—This method is the quickest way to set up your system
Reference: http://docs.aws.amazon.com/ses/latest/DeveIoperGuide/\NeIcome.html Explanation:
Each Amazon EBS Snapshot has a createVoIumePermission attribute that you can set to one or more AWS Account IDs to share the AM with those AWS
Accounts. To allow several AWS Accounts to use a particular EBS snapshot, you can use the snapshots's createVoIumePermission attribute to include a list of the
NEW QUESTION 250 accounts that can use it.
Identify a true statement about the On-Demand instances purchasing option provided by Amazon EC2. Reference: http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/UsingIAM.html
A. Pay for the instances that you use by the hour, with no long-term commitments or up-front payments.
B. Make a low, one-time, up-front payment for an instance, reserve it for a one- or three-year term, and pay a significantly lower hourly rate for these instances. NEW QUESTION 263
C. Pay for the instances that you use by the hour, with long-term commitments or up-front payments. A 3-tier e-commerce web application is current deployed on-premises and will be migrated to AWS for
D. Make a high, one-time, all-front payment for an instance, reserve it for a one- or three-year term, andpay a significantly higher hourly rate for these instance greater scalability and elasticity The web server currently shares read-only data using a network distributed file system The app server tier uses a clustering
mechanism for discovery and shared session state that depends on I P multicast The database tier uses shared-storage clustering to provide database fail over
Answer: A capability, and uses several read slaves for scaling Data on all sewers and the distributed file system directory is backed up weekly to off-site tapes
Which AWS storage and database architecture meets the requirements of the application?
Explanation:
On-Demand instances allow you to pay for the instances that you use by the hour, with no long-term commitments or up-front payments. A. Web sewers: store read-only data in 53, and copy from 53 to root volume at boot tim
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/reserved-instances-offerings.html B. App servers: share state using a combination of DynamoDB and IP unicas
C. Database: use RDS with multi-AZ deployment and one or more read replica
D. Backup: web servers, app servers, and database backed up weekly to Glacier using snapshots.
NEW QUESTION 255 E. Web sewers: store read-only data in an EC2 NFS server, mount to each web server at boot tim
In Amazon EC2, how many Elastic IP addresses can you have by default? F. App servers: share state using a combination of DynamoDB and IP multicas
G. Database: use RDS with multi-AZ deployment and one or more Read Replica
A. 10 H. Backup: web and app servers backed up weekly via AM Is, database backed up via DB snapshots.
B. 2 I. Web servers: store read-only data in 53, and copy from 53 to root volume at boot tim
C. 5 J. App servers: share state using a combination of DynamoDB and IP unicas
D. 20 K. Database: use RDS with multi-AZ deployment and one or more Read Replica
L. Backup: web and app servers backed up weekly viaAM Is, database backed up via DB snapshots.
Answer: C M. Web servers: store read-only data in 53, and copy from 53 to root volume at boot tim
N. App servers: share state using a combination of DynamoDB and IP unicas
Explanation: O. Database: use RDS with multi-AZ deploymen
The number of Elastic IP addresses you can have in EC2 is 5. P. Backup: web and app sewers backed up weekly via ANI Is, database backed up via DB snapshots.
Reference: http://docs.aws.amazon.com/generaI/latest/gr/aws_service_Iimits.htmI#|imits_ec2
Answer: C

After deciding that EMR will be useful in analysing vast amounts of data for a gaming website that you are architecting you have just deployed an Amazon EMR Amazon RDS Multi-AZ deployments provide enhanced availability and durability for Database (DB) Instances, making them a natural fit for production database
Cluster and wish to monitor the cluster performance. Which of the following tools cannot be used to monitor the cluster performance? workloads. When you provision a Multi-AZ DB Instance, Amazon RDS automatically creates a primary DB Instance and synchronously replicates the data to a
standby instance in a different Availability Zone (AZ). Each AZ runs on its own physically distinct, independent infrastructure, and is engineered to be highly
A. Kinesis reliable. In case of an infrastructure failure (for example, instance hardware failure, storage failure, or network disruption), Amazon RDS performs an automatic
B. Ganglia failover to the standby, so that you can resume database operations as soon as the failover is complete. Since the endpoint for your DB Instance remains the
C. C|oudWatch Metrics same after a failover, your application can resume database operation without the need for manual administrative intervention.
D. Hadoop Web Interfaces Benefits
Enhanced Durability
Answer: A MuIti-AZ deployments for the MySQL, Oracle, and PostgreSQL engines utilize synchronous physical replication to keep data on the standby up-to-date with the
primary. MuIti-AZ deployments for the SQL Server engine use synchronous logical replication to achieve the same result, employing SQL
Explanation: Server-native Mrroring technology. Both approaches safeguard your data in the event of a DB Instance failure or loss of an Availability Zone.
Amazon EMR provides several tools to monitor the performance of your cluster. Hadoop Web Interfaces If a storage volume on your primary fails in a Multi-AZ deployment, Amazon RDS automatically initiates a failover to the up-to-date standby. Compare this to a
Every cluster publishes a set of web interfaces on the master node that contain information about the cluster. You can access these web pages by using an SSH Single-AZ deployment: in case of a Single-AZ database failure, a user-initiated point-in-time-restore operation will be required. This operation can take several
tunnel to connect them on the master node. For more information, see View Web Interfaces Hosted on Amazon EMR Clusters. hours to complete, and any data updates that occurred after the latest restorable time (typically within the last five minutes) will not be available.
CIoudWatch Metrics Amazon Aurora employs a highly durable, SSD-backed virtualized storage layer purpose-built for
Every cluster reports metrics to CIoudWatch. CIoudWatch is a web service that tracks metrics, and which you can use to set alarms on those metrics. For more database workloads. Amazon Aurora automatically replicates your volume six ways, across three Availability Zones. Amazon Aurora storage is fault-tolerant,
information, see Monitor Metrics with CIoudWatch. Ganglia transparently handling the loss of up to two copies of data without affecting database write availability and up to three copies without affecting read availability.
Ganglia is a cluster monitoring tool. To have this available, you have to install Ganglia on the cluster when you launch it. After you've done so, you can monitor the Amazon Aurora storage is also self-healing. Data blocks and disks are continuously scanned for errors and replaced automatically.
cluster as it runs by using an SSH tunnel to connect to the Ganglia UI running on the master node. For more information, see Monitor Performance with Ganglia. Increased Availability
Reference: You also benefit from enhanced database availability when running Multi-AZ deployments. If an Availability Zone failure or DB Instance failure occurs, your
http://docs.aws.amazon.com/EIasticMapReduce/latest/DeveIoperGuide/emr-troubleshoot-tooIs.htmI availability impact is limited to the time automatic failover takes to complete: typically under one minute for Amazon Aurora and one to two minutes for other
database engines (see the RDS FAQ for details).
The availability benefits of MuIti-AZ deployments also extend to planned maintenance and backups.
NEW QUESTION 261 In the case of system upgrades like OS patching or DB Instance scaling, these operations are applied first on the standby, prior to the automatic failover. As a
Can you move a Reserved Instance from one Availability Zone to another? result, your availability impact is, again, only the time required for automatic fail over to complete.
Unlike Single-AZ deployments, 1/0 actMty is not suspended on your primary during backup for MuIti-AZ deployments for the MySOL, Oracle, and PostgreSQL
A. Yes, but each Reserved Instance is associated with a specific Region that cannot be changed. engines, because the backup is taken from the standby. However, note that you may still experience elevated latencies for a few minutes during backups for Mu|ti-
B. Yes, only in US-West-2. AZ deployments.
C. Yes, only in US-East-1. On instance failure in Amazon Aurora deployments, Amazon RDS uses RDS MuIti-AZ technology to automate failover to one of up to 15 Amazon Aurora Replicas
D. No you have created in any of three Availability Zones. If no Amazon Aurora Replicas have been provisioned, in the case of a failure, Amazon RDS will attempt to
create a new Amazon Aurora DB instance for you automatically.
Answer: A No Administrative Intervention
DB Instance failover is fully automatic and requires no administrative intervention. Amazon RDS monitors the health of your primary and standbys, and initiates a
Explanation: failover automatically in response to a variety of failure conditions.
Each Reserved Instance is associated with a specific Region, which is fixed for the lifetime of the reservation and cannot be changed. Each reservation can, Failover conditions
however, be used in any of the available AZs within the associated Region. Amazon RDS detects and automatically recovers from the most common failure scenarios for Multi-AZ deployments so that you can resume database operations
Reference: https://aws.amazon.com/rds/faqs/ as quickly as possible without administrative intervention. Amazon RDS automatically performs a failover in the event of any of the following:
Loss of availability in primary Availability Zone Loss of network connectMty to primary Compute unit failure on primary
Storage failure on primary D. RAID 0 only scales linearly to about 4 devices, use RAID 0 with 4 EBS Provisioned IOPS volumes but increase each Provisioned IOPS EBS volume to 6.000
Note: When operations such as DB Instance scaling or system upgrades like OS patching are initiated for Multi-AZ deployments, for enhanced availability, they are IOPS.
applied first on the standby prior to an automatic failover. As a result, your availability impact is limited only to the time required for automatic failover to complete. E. The standard EBS instance root volume limits the total IOPS rate, change the instant root volume to also be a 500GB 4.000 Provisioned IOPS volume.
Note that Amazon RDS Multi-AZ deployments do not failover automatically in response to database operations such as long running queries, deadlocks or
database corruption errors. Answer: E
NEW QUESTION 264 NEW QUESTION 276

Your company has HQ in Tokyo and branch offices all over the world and is using a logistics software with a multi-regional deployment on AWS in Japan, Europe You have recently joined a startup company building sensors to measure street noise and air quality in urban areas. The company has been running a pilot
and USA, The logistic software has a 3- tier architecture and currently uses MySQL 5.6 for data persistence. Each region has deployed its own database deployment of around 100 sensors for 3 months each sensor uploads 1KB of sensor data every minute to a backend hosted on AWS.
In the HQ region you run an hourly batch process reading data from every region to compute cross regional reports that are sent by email to all offices this batch During the pilot, you measured a peak or 10 IOPS on the database, and you stored an average of 3GB of sensor data per month in the database.
process must be completed as fast as possible to quickly optimize logistics how do you build the database architecture in order to meet the requirements'? The current deployment consists of a load-balanced auto scaled Ingestion layer using EC2 instances and a PostgreSQL RDS database with 500GB standard
storage.
A. For each regional deployment, use RDS MySQL with a master in the region and a read replica in the HQ region The pilot is considered a success and your CEO has managed to get the attention or some potential investors. The business plan requires a deployment of at least
B. For each regional deployment, use MySQL on EC2 with a master in the region and send hourly EBS snapshots to the HQ region IOOK sensors which needs to be supported by the backend. You also need to store sensor data for at least two years to be able to compare year over year
C. For each regional deployment, use RDS MySQL with a master in the region and send hourly RDS snapshots to the HQ region Improvements.
D. For each regional deployment, use MySQL on EC2 with a master in the region and use 53 to copy data files hourly to the HQ region To secure funding, you have to make sure that the platform meets these requirements and leaves room for further scaling. Which setup win meet the
E. Use Direct Connect to connect all regional MySQL deployments to the HQ region and reduce network latency for the batch process requirements?
Answer: A A. Add an SQS queue to the ingestion layer to buffer writes to the RDS instance
B. Ingest data into a DynamoDB table and move old data to a Redshift cluster
C. Replace the RDS instance with a 6 node Redshift cluster with 96TB of storage
NEW QUESTION 269 D. Keep the current architecture but upgrade RDS storage to 3TB and IOK provisioned IOPS
A customer has a 10 GB AWS Direct Connect connection to an AWS region where they have a web application hosted on Amazon Elastic Computer Cloud (EC2).
The application has dependencies on an on-premises mainframe database that uses a BASE (Basic Available. Sort stale Eventual consistency) rather than an Answer: C
ACID (Atomicity. Consistency isolation. Durability) consistency model.
The application is exhibiting undesirable behavior because the database is not able to handle the volume of writes. How can you reduce the load on your on-
premises database resources in the most NEW QUESTION 280
cost-effective way? Your company is in the process of developing a next generation pet collar that collects biometric information to assist families with promoting healthy lifestyles for
their pets Each collar will push 30kb of biometric data In JSON format every 2 seconds to a collection platform that will process and analyze the data providing
A. Use an Amazon Elastic Map Reduce (EMR) S3DistCp as a synchronization mechanism between the on-premises database and a Hadoop cluster on AWS. health trending information back to the pet owners and veterinarians via a web portal Management has tasked you to architect the collection platform ensuring the
B. Modify the application to write to an Amazon SQS queue and develop a worker process to flush the queue to the on-premises database. following requirements are met.
C. Modify the application to use DynamoDB to feed an EMR cluster which uses a map function to write to the on-premises database. Provide the ability for real-time analytics of the inbound biometric data Ensure processing of the biometric data is highly durable. Elastic and parallel The results of
D. Provision an RDS read-replica database on AWS to handle the writes and synchronize the two databases using Data Pipeline. the analytic processing should be persisted for data mining
Which architecture outlined below win meet the initial requirements for the collection platform?
Answer: A
A. Utilize 53 to collect the inbound sensor data analyze the data from 53 with a daily scheduled Data Pipeline and save the results to a Redshift Cluster.
Explanation: B. Utilize Amazon Kinesis to collect the inbound sensor data, analyze the data with Kinesis clients and save the results to a Red shift cluster using EMR.
Reference: https://aws.amazon.com/blogs/aws/category/amazon-elastic-map-reduce/ C. Utilize SQS to collect the inbound sensor data analyze the data from SQS with Amazon Kinesis and save the results to a Mcrosoft SQL Server RDS instance.
D. Utilize EMR to collect the inbound sensor data, analyze the data from EUR with Amazon Kinesis and save me results to Dynamo DB.
NEW QUESTION 272 Answer: B

Your company plans to host a large donation website on Amazon Web Services (AWS). You anticipate a large and undetermined amount of traffic that will create
many database writes. To be certain that you do not drop any writes to a database hosted on AWS. Which service should you use?
NEW QUESTION 285
A. Amazon RDS with provisioned IOPS up to the anticipated peak write throughput. You need a persistent and durable storage to trace call actMty of an IVR (Interactive Voice Response) system. Call duration is mostly in the 2-3 minutes
B. Amazon Simple Queue Service (SOS) for capturing the writes and draining the queue to write to the database. timeframe. Each traced call can be either active or terminated. An external application needs to know each minute the list of currently active calls, which are
C. Amazon EIastiCache to store the writes until the writes are committed to the database. usually a few calls/second. Put once per month there is a periodic peak up to 1000 calls/second for a few hours. The system is open 24/7 and any downtime
D. Amazon DynamoDB with provisioned write throughput up to the anticipated peak write throughpu should be avoided.
Historical data is periodically archived to files. Cost saving is a priority for this project.
Answer: B What database implementation would better fit this scenario, keeping costs as low as possible?
Explanation: A. Use RDS Multi-AZ with two tables, one for -Active calls" and one for -Terminated ca Ils". In this way the "Active caIIs_ table is always small and effective to
Amazon Simple Queue Service (Amazon SQS) offers a reliable, highly scalable hosted queue for storing messages as they travel between computers. By using access.
Amazon SQS, developers can simply move data between distributed application components performing different tasks, without losing messages or requiring each B. Use DynamoDB with a "Calls" table and a Global Secondary Index on a "IsActive"' attribute that is present for active calls only In this way the Global Secondary
component to be always available. Amazon SQS makes it easy to build a distributed, decoupled application, working in close conjunction with the Amazon Elastic index is sparse and more effective.
Compute Cloud (Amazon EC2) and the other AWS infrastructure web services. C. Use DynamoDB with a 'Calls" table and a Global secondary index on a 'State" attribute that can equal to "active" or "terminated" in this way the Global
What can I do with Amazon SQS? Secondary index can be used for all Items in the table.
Amazon SQS is a web service that gives you access to a message queue that can be used to store messages while waiting for a computer to process them. This D. Use RDS Multi-AZ with a "CALLS" table and an Indexed "STATE* field that can be equal to 'ACTIVE" or -TERMNATED" In this way the SOL query Is optimized
allows you to quickly build message queuing applications that can be run on any computer on the internet. Since Amazon SQS is highly scalable and you only pay by the use of the Index.
for what you use, you can start small and grow your application as you wish, with no compromise on performance or reliability. This lets you focus on building
sophisticated message-based applications, without worrying about how the messages are stored and managed. Answer: A
You can use Amazon SQS with software applications in various ways. For example, you can: Integrate Amazon SQS with other AWS infrastructure web services
to make applications more reliable and filexible.
Use Amazon SQS to create a queue of work where each message is a task that needs to be completed by a process. One or many computers can read tasks from NEW QUESTION 287
the queue and perform them. Build a microservices architecture, using queues to connect your microservices. You have been asked to design the storage layer for an application. The application requires disk
Keep notifications of significant events in a business process in an Amazon SQS queue. Each event can have a corresponding message in a queue, and performance of at least 100,000 IOPS in addition, the storage layer must be able to survive the loss of an indMdual disk. EC2 instance, or Availability Zone without
applications that need to be aware of the event can read and process the messages. any data loss. The volume you provide must have a capacity of at least 3 TB. Which of the following designs will meet these objectives'?
A. Instantiate a c3.8x|arge instance in us-east-1. Provision 4x1TB EBS volumes, attach them to the instance, and configure them as a single RAID 5 volum
NEW QUESTION 273 B. Ensure that EBS snapshots are performed every 15 minutes.
You have launched an EC2 instance with four (4) 500GB EBS Provisioned IOPS volumes attached The EC2 Instance Is EBS-Optimized and supports 500 Mbps C. Instantiate a c3.8xIarge instance in us-east-1. Provision 3xiTB EBS volumes, attach them to the Instance, and configure them as a single RAID 0 volum
throughput between EC2 and EBS The two EBS volumes are configured as a single RAID o device, and each Provisioned IOPS volume is provisioned with D. Ensure that EBS snapshots are performed every 15 minutes.
4.000 IOPS (4 000 16KB reads or writes) for a total of 16.000 random IOPS on the instance The EC2 Instance initially delivers the expected 16 000 IOPS random E. Instantiate an i2.8xIarge instance in us-east-I
read and write performance Sometime later in order to increase the total random 1/0 performance of the instance, you add an additional two 500 GB EBS F. Create a RAID 0 volume using the four 800GB SSD ephemeral disks provided with the instanc
Provisioned IOPS volumes to the RAID Each volume Is provisioned to 4.000 IOPs like the original four for a total of 24.000 IOPS on the EC2 instance Monitoring G. Provision 3x1TB EBS volumes, attach them to the instance, and configure them as a second RAID 0 volum
shows that the EC2 instance CPU utilization increased from 50% to 70%. but the total random IOPS measured at the instance level does not increase at all. H. Configure synchronous, block-level replication from the ephemeral-backed volume to the EBS-backed volume.
What is the problem and a valid solution? I. Instantiate a c3.8xIarge instance in us-east-1. Provision an AWS Storage Gateway and configure it for 3 TB of storage and 100,000 IOP
J. Attach the volume to the instanc
A. Larger storage volumes support higher Provisioned IOPS rates: increase the provisioned volumestorage of each of the 6 EBS volumes to ITB K. Instantiate an i2.8x|arge instance in us-east-I
B. The EBS-Optimized throughput limits the total IOPS that can be utilized use an EBS-Optimized instance that provides larger throughput. L. Create a RAID 0 volume using the four 800GB SSD ephemeral disks provided with the instanc
C. Small block sizes cause performance degradation, limiting the 1'0 throughput, configure the instance device driver and file system to use 64KB blocks to M. Configure synchronous, block- level replication to an identically configured instance inus-east-I
increase throughput.
Welcome to download the Newest 2passeasy AWS-Solution-Architect-Associate dumps
https://www.2passeasy.com/dumps/AWS-Solution-Architect-Associate/ (615 New Questions)
Answer: C
NEW QUESTION 291

Your company runs a customer facing event registration site This site is built with a 3-tier architecture with web and application tier servers and a MySQL database
The application requires 6 web tier servers and 6 application tier servers for normal operation, but can run on a minimum of 65% server capacity and a single
MySQL database. When deploying this application in a region with three availability zones (AZs) which architecture provides high availability?
A. A web tier deployed across 2 AZs with 3 EC2 (Elastic Compute Cloud) instances in each AZ inside an Auto Scaling Group behind an ELB (elastic load
balancer), and an application tier deployed across 2 AZs with 3 EC2 instances in each AZ inside an Auto Scaling Group behind an ELB, and one RDS (Relational
Database Service) instance deployed with read replicas in the other AZ.
B. A web tier deployed across 3 AZs with 2 EC2 (Elastic Compute Cloud) instances in each AZ inside an Auto Scaling Group behind an ELB (elastic load balancer)
and an application tier deployed across 3 AZs with 2 EC2 instances in each AZ inside an Auto Scaling Group behind an ELB and one RDS (Relational Database
Service) Instance deployed with read replicas in the two other AZs.
C. A web tier deployed across 2 AZs with 3 EC2 (Elastic Compute Cloud) instances in each AZ inside an Auto Scaling Group behind an ELB (elastic load
balancer) and an application tier deployed across 2 AZs with 3 EC2 instances m each AZ inside an Auto Scaling Group behind an ELS and a Multi-AZ RDS
(Relational Database Service) deployment.
D. A web tier deployed across 3 AZs with 2 EC2 (Elastic Compute Cloud) instances in each AZ Inside an Auto Scaling Group behind an ELB (elastic load
balancer). And an application tier deployed across 3 AZs with 2 EC2 instances in each AZ inside an Auto Scaling Group behind an EL
E. And a MuIti-AZ RDS (Relational Database services) deployment.
Answer: D
Explanation:
Amazon RDS MuIti-AZ Deployments
Amazon RDS Multi-AZ deployments provide enhanced availability and durability for Database (DB) Instances, making them a natural fit for production database
workloads. When you provision a MuIti-AZ DB Instance, Amazon RDS automatically creates a primary DB Instance and synchronously replicates the data to a
standby instance in a different Availability Zone (AZ). Each AZ runs on its own physically distinct, independent infrastructure, and is engineered to be highly
reliable. In case of an infrastructure failure (for example, instance hardware failure, storage failure, or network disruption), Amazon RDS performs an automatic
failover to the standby, so that you can resume database operations as soon as the failover is complete. Since the endpoint for your DB Instance remains the
same after a failover, your application can resume database operation without the need for manual administrative intervention.
Enhanced Durability
MuIti-AZ deployments for the MySQL, Oracle, and PostgreSQL engines utilize synchronous physical replication to keep data on the standby up-to-date with the
primary. MuIti-AZ deployments for the SQL Server engine use synchronous logical replication to achieve the same result, employing SQL
Server-native Mrroring technology. Both approaches safeguard your data in the event of a DB Instance failure or loss of an Availability Zone.
If a storage volume on your primary fails in a Multi-AZ deployment, Amazon RDS automatically initiates a failover to the up-to-date standby. Compare this to a
Single-AZ deployment: in case of a Single-AZ database failure, a user-initiated point-in-time-restore operation will be required. This operation can take several
hours to complete, and any data updates that occurred after the latest restorable time (typically within the last five minutes) will not be available.
Amazon Aurora employs a highly durable, SSD-backed virtualized storage layer purpose-built for database workloads. Amazon Aurora automatically replicates
your volume six ways, across three Availability Zones. Amazon Aurora storage is fault-tolerant, transparently handling the loss of up to two copies of data without
affecting database write availability and up to three copies without affecting read availability. Amazon Aurora storage is also self-healing. Data blocks and disks are
continuously scanned for errors and replaced automatically.
Increased Availability
You also benefit from enhanced database availability when running Multi-AZ deployments. If an Availability Zone failure or DB Instance failure occurs, your
availability impact is limited to the time automatic failover takes to complete: typically under one minute for Amazon Aurora and one to two minutes for other
database engines (see the RDS FAQ for details).
The availability benefits of MuIti-AZ deployments also extend to planned maintenance and backups. In the case of system upgrades like QS patching or DB
Instance scaling, these operations are applied first on
the standby, prior to the automatic failover. As a result, your availability impact is, again, only the time required for automatic failover to complete.
Unlike Single-AZ deployments, 1/0 actMty is not suspended on your primary during backup for MuIti-AZ deployments for the MySQL, Oracle, and PostgreSQL
engines, because the backup is taken from the standby. However, note that you may still experience elevated latencies for a few minutes during backups for MuIti-
AZ deployments.
On instance failure in Amazon Aurora deployments, Amazon RDS uses RDS MuIti-AZ technology to automate failover to one of up to 15 Amazon Aurora Replicas
you have created in any of three Availability Zones. If no Amazon Aurora Replicas have been provisioned, in the case of a failure, Amazon RDS will attempt to
create a new Amazon Aurora DB instance for you automatically.
NEW QUESTION 295

......
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

AWS Solution Architect Associate Dump2

Uploaded by

Copyright:

Available Formats

AWS Solution Architect Associate Dump2

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AWS Solution Architect Associate Dump2

Uploaded by

Copyright:

Available Formats

Welcome to download the Newest 2passeasy AWS-Solution-Architect-Associate dumps Welcome to download the Newest 2passeasy AWS-Solution-Architect-Associate dumps

https://www.2passeasy.com/dumps/AWS-Solution-Architect-Associate/ (615 New Questions) https://www.2passeasy.com/dumps/AWS-Solution-Architect-Associate/ (615 New Questions)

B. Tag the objects with the metadata to search on that.

Explanation: NEW QUESTION 6

NEW QUESTION 3 A. Amazon SES

NEW QUESTION 4 Explanation:

A. Always select the AZ while launching an instance

A. Use the indexing feature of S3.

NEW QUESTION 10 Explanation:

A. 950 NEW QUESTION 18

Answer: D A. InnoDB Tables

Answer: C A. Auto Scaling, Amazon CIoudWatch and AWS Elastic Beanstalk

NEW QUESTION 29 NEW QUESTION 46

Explanation: NEW QUESTION 79

A. Move the bucket to a new region Answer: D

A. None of these Answer: A

A. All services support resource-level permissions for all actions. Answer: A

NEW QUESTION 149 Explanation:

NEW QUESTION 182 Explanation:

NEW QUESTION 193 Explanation:

A. Random Instance from US-East-1A NEW QUESTION 212

NEW QUESTION 201 Explanation:

NEW QUESTION 207

NEW QUESTION 219 Answer: B

NEW QUESTION 220 Explanation:

A. ELB sticky session NEW QUESTION 237

Answer: D A. Log files your applications generate.

Answer: B A. By adding more security groups

A. Amazon SES console

NEW QUESTION 260 Explanation:

NEW QUESTION 264 NEW QUESTION 276

NEW QUESTION 272 Answer: B

NEW QUESTION 291

NEW QUESTION 295

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

You might also like