AWS Solutions Architecture Associate Practice Questions Part 4
iam.awslagi2020-04-29T13:14:11+07:00Notes: Hi all, AWS Solutions Architect Associate Practice Exam will familiarize you with types of questions you may encounter on the certification exam and help you determine your readiness or if you need more preparation and/or experience. Successful completion of the practice exam does not guarantee you will pass the certification exam as the actual exam is longer and covers a wider range of topics.
We highly recommend you should take AWS Solutions Architect Associate Guarantee Part because it include real questions and highlighted answers are collected in our exam. It will help you pass exam in easier way.
Quiz-summary
0 of 104 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
Information
Practice Questions Part 4
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 104 questions answered correctly
Time has elapsed
You have reached 0 of 0 points, (0)
Average score | |
Your score |
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- Answered
- Review
- Question 1 of 104
1. Question
What are the characteristics of Elastic Beanstalk ? (chose 2 correct
answers)CorrectIncorrect - Question 2 of 104
2. Question
How do you achieve single sign on with AWS (chose 1 correct answers)
CorrectIncorrect - Question 3 of 104
3. Question
What is true about VPC ? (chose 3 correct answers)
CorrectIncorrect - Question 4 of 104
4. Question
An instance is connected to an ENI (Elastic Network Interface) in
one subnet. What happens when you attach an ENI of a different
subnet to this instance? (chose 1 correct answers)CorrectIncorrect - Question 5 of 104
5. Question
You are running an ERP application on EC2 for your company that
runs 24×7 and the load is predictable and constant throughout the
year. Which is the most cost-efficient option for the EC2 purchase
model in this case ? (chose 1 correct answers)CorrectIncorrect - Question 6 of 104
6. Question
What are the characteristics of EBS ? (chose 3 correct answers)
CorrectIncorrect - Question 7 of 104
7. Question
What is true about AMI ? (chose 4 correct answers)
CorrectIncorrect - Question 8 of 104
8. Question
What is true about RDS ? (chose 3 correct answers)
CorrectIncorrect - Question 9 of 104
9. Question
What are the characteristics of Subnet ? (chose 2 correct answers)
CorrectIncorrect - Question 10 of 104
10. Question
Which of the following can be used as an origin server in
CloudFront? ( Choose 3 correct answers )CorrectIncorrect - Question 11 of 104
11. Question
You are doing a large data analysis which requires high computing
power and many instances to be launched simultaneously and then to
be retired after the analysis. If the instance is retired during the
analysis, the program automatically shifts the analysis to the other
instance. Which is the most cost-efficient option for launching the EC2
in this case? (chose 1 correct answers)CorrectIncorrect - Question 12 of 104
12. Question
What kind of data should not be stored in S3 ? (chose 3 correct
answers)CorrectIncorrect - Question 13 of 104
13. Question
What are the characteristics of a reserved instance ? (chose 3
correct answers)CorrectIncorrect - Question 14 of 104
14. Question
What are the characteristics of CloudFormation ? (chose 2 correct
answers)CorrectIncorrect - Question 15 of 104
15. Question
In Which case do you have full authority of the underlying
host ? (chose 2 correct answers)CorrectIncorrect - Question 16 of 104
16. Question
What is true about EBS ? (chose 3 correct answers)
CorrectIncorrect - Question 17 of 104
17. Question
What is the difference between a security group in VPC and a
network ACL in VPC ? (chose 3 correct answers)CorrectIncorrect - Question 18 of 104
18. Question
Which of the following Auto scaling cannot do ? (chose 3 correct
answers)CorrectIncorrect - Question 19 of 104
19. Question
What is true for S3 buckets ? (chose 3 correct answers)
CorrectIncorrect - Question 20 of 104
20. Question
Choose the correct statement ? (chose 3 correct answers)
CorrectIncorrect - Question 21 of 104
21. Question
In CloudFront what happens when content is NOT present at an
Edge location and a request is made to it? (chose 1 correct answers)CorrectIncorrect - Question 22 of 104
22. Question
Which of the following will provide the maximum IOPS for your
EC2 ? (chose 1 correct answers)CorrectIncorrect - Question 23 of 104
23. Question
You are setting up some EBS volumes for a customer who has requested a setup which includes a RAID (redundant array of inexpensive disks ) . AWS has some recommendations for RAID setup . Which RAID setup is not recommended for Amazon EBS ?
CorrectIncorrect - Question 24 of 104
24. Question
You are building infrastructure for a data warehousing solution and an extra request has come through that there will be a lot of business reporting queries running all the time and you are not sure if your current DB instance will be able to handle it. What would be the best solution for this?
CorrectIncorrect - Question 25 of 104
25. Question
You receive a bill from AWS but are confused as the exact same storage size you have in different regions on Amazon S3 are incurring different costs. You enquire to AWS as to why this is so. What response would you expect to receive from AWS ?
CorrectAmazon S3 is storage for the Internet. It’s a simple storage service that offers software developers a highly-scalable. reliable, and low-latency data storage infrastructure at very low costs.
AWS charges less where their costs are less.
For example. their costs are lower in the US Standard Region than in the US West (Northern California) Region.
LEARN MORE: https://aws.amazon.com/s3/faqs/IncorrectAmazon S3 is storage for the Internet. It’s a simple storage service that offers software developers a highly-scalable. reliable, and low-latency data storage infrastructure at very low costs.
AWS charges less where their costs are less.
For example. their costs are lower in the US Standard Region than in the US West (Northern California) Region.
LEARN MORE: https://aws.amazon.com/s3/faqs/ - Question 26 of 104
26. Question
“You’re consulting for a new customer, who is attempting to create a hybrid network between AWS and their on-premise data centers. Currently, they have internal databases running on-premise that, due to licensing reasons, cannot be migrated to AWS. The front end of the application has been migrated to AWS and uses the DB hostname “”db.internalapp.local”” to communicate with the on-premise database servers. Hostnames provide an easy method for updating IP addresses in event of failover instead of having to update the IP address in the code.
Given the current architecture what is the best way to configure internal DNS for this hybrid application? (Choose Two)”
CorrectIncorrect - Question 27 of 104
27. Question
“BCJC has many employees who need to run internal applications that access the company’s AWS resources. These employees already have user credentials in the company’s current identity authentication system, which does not support SAML 2.0. The company does not want to create a separate IAM user for each company employee.
How should the SSO setup be designed?
Choose the 2 correct answers:”
CorrectIncorrect - Question 28 of 104
28. Question
You have been given a new brief from your supervisor for a client who needs a web application set up on AWS. The most important requirement is that MySQL must be used as the database, and this database must not be hosted in the public cloud, but rather at the client’s data center due to security risks. Which of the following solutions would be the best to assure that the client’s requirements are met?
CorrectIncorrect - Question 29 of 104
29. Question
A few weeks into your dream job with the large scientific institution, a group of EC2 instances that you set up in a Placement Group doesn’t seem to run as efficiently as you expected it to and seems to be suffering from low performance of packets, high latency and lots of jitter. Consequently, you have started to look at ways to fix this. Which of the following solutions would create enhanced networking capabilities on instances that would result in higher instances of packets per second, lower latency, and reduced jitter?
CorrectIncorrect - Question 30 of 104
30. Question
You are setting up a website for a small startup company. You have built them what you believe to be a great solution on AWS for the money they wanted to spend. It is a very image intensive site, so you have utilized CloudFront to help with the serving of images. The client complains to you, however, that he requires a custom domain name when serving up this content that should work with https from CloudFront, so rather than being provided with a xxxx.cloudfront.net domain he wants a custom domain such as ssuc.com. What would you need to do to accomplish what the customer is asking?
CorrectIncorrect - Question 31 of 104
31. Question
BCJC has a legacy application with licensing that is attached to a single MAC address. Since an EC2 instance can receive a new MAC address when launching new instances, how can you ensure that your EC2 instance can maintain a single MAC address for licensing?
CorrectIncorrect - Question 32 of 104
32. Question
Once again your security officer is on your case and this time is asking you to make sure the AWS Key Management Service (AWS KMS) is working as it is supposed to. You are initially not too sure how KMS even works, however after some intense late night reading you think you have come up with a reasonable definition. Which of the following best describes how the AWS Key Management Service works?
CorrectIncorrect - Question 33 of 104
33. Question
“You’ve recently migrated an application from a customer’s on-premise data center to the AWS cloud. Currently, you’re using the ELB to serve traffic to the legacy application. The ELP is also using HTTP port 80 as the health check ping port. The application is currently responding by returning a website on port 80 when you test the IP address directly. However, the instance is not registering as healthy even though the appropriate amount of time has passed for the health check to register as healthy.
How might the issue be resolved?”
CorrectIncorrect - Question 34 of 104
34. Question
DDoS attacks that happen at the application layer commonly target web applications with lower volumes of traffic compared to infrastructure attacks. To mitigate these types of attacks, you should probably want to include a WAF (Web Application Firewall) as part of your infrastructure. To inspect all HTTP requests, WAFs sit in-line with your application traffic. Unfortunately, this creates a scenario where WAFs can become a point of failure or bottleneck. To mitigate this problem, you need the ability to run multiple WAFs on demand during traffic spikes. This type of scaling for WAF is done via a “WAF sandwich.” Which of the following statements best describes what a “WAF sandwich” is?
CorrectIncorrect - Question 35 of 104
35. Question
“You’re working as a consultant for a company that has a three tier application. The application layer of this architecture sends over 20Gbps of data per seconds during peak hours to and from Amazon S3. Currently, you’re running two NAT gateways in two subnets to transfer the data from your private application layer to Amazon S3. You will also need to ensure that the instances receive software patches from a third party repository.
What architecture changes should be made, if any?”
CorrectIncorrect - Question 36 of 104
36. Question
BCJC is running an Amazon Redshift cluster with four nodes running 24/7/365 and expects, potentially, to add one on-demand node for one to two days once during the year. Which architecture would have the lowest possible cost for the cluster requirement?
CorrectIncorrect - Question 37 of 104
37. Question
“BCJC has a library of on-demand MP4 files needing to be streamed publicly on their new video webinar website. The video files are archived and are expected to be streamed globally, primarily on mobile devices.
Given the requirements what would be the best architecture for BCJC to design?”
CorrectIncorrect - Question 38 of 104
38. Question
After the Government organization you work for suffers it’s 3rd DDOS attack of the year you have been handed one part of a strategy to try and stop this from happening again. You have been told that your job is to minimize the attack surface area. You do have a vague idea of some of the things you need to put in place to achieve this. Which of the following is NOT one of the ways to minimize the attack surface area as a DDOS minimization strategy?
CorrectIncorrect - Question 39 of 104
39. Question
“You want to set up a public website on AWS. The things that you require are as follows:
– You want the database and the application server running on AWS VPC.
– You want the database to be able to connect to the Internet, specifically for any patch upgrades.
– You do not want to receive any incoming requests from the Internet to the database.Which of the following solutions would be the best to satisfy all the above requirements for your planned public website on AWS?”
CorrectIncorrect - Question 40 of 104
40. Question
A large multi-national corporation has come to you and asked if you can provide a high availability and disaster recovery plan for their organization. Their primary concern is not to lose any data so they are fine if there is a longer recovery time as it will presumably save on cost. Which of the following options would be the best one for this corporation, given the concerns that they have outlined to you above?
CorrectIncorrect - Question 41 of 104
41. Question
You have created a VPC with CIDR block 10.0.0.0/24, which supports 256 IP addresses. You want to now split this into two subnets, each supporting 128 IP addresses. Can this be done and if so how will the allocation of IP addresses be configured?
CorrectIncorrect - Question 42 of 104
42. Question
BCJC is running a production load Redshift cluster for a client. The client has an RTO objective of one hour and an RPO of one day. While configuring the initial cluster what configuration would best meet the recovery needs of the client for this specific Redshift cluster configuration?
CorrectIncorrect - Question 43 of 104
43. Question
You are designing multi-region architecture and you want to send users to a geographic location based on latency- based routing, which seems simple enough; however, you also want to use weighted-based routing among resources within that region. Which of the below setups would best accomplish this?
CorrectIncorrect - Question 44 of 104
44. Question
When you create a subnet, you specify the CIDR block for the subnet. The CIDR block of a subnet can be the same as the CIDR block for the VPC (for a single subnet in the VPC), or a subset (to enable multiple subnets). The allowed block size is between a /28 netmask and /16 netmask. You decide to you create a VPC with CIDR block 10.0.0.0/24. Therefore what is the maximum allowed number of IP addresses and the minimum allowed number of IP addresses according to AWS and what is the number of IP addresses supported by the VPC you created?
CorrectIncorrect - Question 45 of 104
45. Question
You have been told by your security officer that you need to give a presentation on encryption on data at rest on AWS to 50 of your co-workers. You feel like you understand this extremely well regarding data stored on AWS S3 so you aren’t too concerned, but you begin to panic a little when you realize you also probably need to talk about encryption on data stored on your databases, namely Amazon RDS. Regarding Amazon RDS encryption, which of the following statements is the truest?
CorrectIncorrect - Question 46 of 104
46. Question
You’ve been tasked with creating file level restore on your EC2 instances. You need to be able to restore an individual lost file on an EC2 instance within 15 minutes of a reported loss of information. The acceptable RPO is several hours. How would you perform this on an EC2 instance?
CorrectIncorrect - Question 47 of 104
47. Question
“In an attempt to cut costs your accounts manager has come to you and tells you that he thinks that if the company starts to use consolidated billing that it will save some money. He also wants the billing set up in such a way that it is relatively simple, and it gives insights into the environment regarding utilization of resources. Which of the following consolidated billing setups would satisfy your account manager’s needs?
Choose the 2 correct answers:”
CorrectIncorrect - Question 48 of 104
48. Question
“BCJC is hosting an Nginx web application. They want to use EMR to create EMR jobs that shift through all of the web server logs and error logs to pull statistics on click stream and errors based off of client IP address.
Given the requirements what would be the best method for collecting the log data and analyzing it automatically?”
CorrectIncorrect - Question 49 of 104
49. Question
“You’re working as a constant for a company designing a new hybrid architecture to manage part of their application infrastructure in the cloud and on-premise. As part of the infrastructure, they need to consistently transfer high amounts of data. They require a low latency and high consistency traffic to AWS. The company is looking to keep costs as low possible and is willing to accept slow traffic in the event of primary failure.
Given these requirements how would you design a hybrid architecture?”
CorrectIncorrect - Question 50 of 104
50. Question
“BCJC has developed a sensor intended to be placed inside of people’s shoes, monitoring the number of steps taken every day. BCJC is expecting thousands of sensors reporting in every minute and hopes to scale to millions by the end of the year. A requirement for the project is it needs to be able to accept the data, run it through ETL to store in warehouse and archive it on Amazon Glacier, with room for a real-time dashboard for the sensor data to be added at a later date.
What is the best method for architecting this application given the requirements?”
CorrectIncorrect - Question 51 of 104
51. Question
You have just set up your first AWS Data Pipeline. AWS Data Pipeline is a web service that you can use to automate the movement and transformation of data. With AWS Data Pipeline, you can define data-driven workflows, so that tasks can be dependent on the successful completion of previous tasks. You are pretty excited that it is about to run; however, when it finally kicks off, you receive a “400 Error Code: PipelineNotFoundException.” Which of the following explanations is the most accurate in describing what this error probably means?
CorrectIncorrect - Question 52 of 104
52. Question
Your final task that will complete a cloud migration for a customer is to set up an Active Directory service for him so that he can use Microsoft Active Directory with the newly-deployed AWS services. After reading the AWS documentation for this, you discover there are 3 options available to set up the AWS Directory Service. You call the customer for more information about his requirements, and he tells you he has 10,000 users on his AD service and wants to be able to use his existing on-premises directory with AWS services. Which of the following options for setting up the AWS Directory Service would be the most appropriate for your customer?
CorrectIncorrect - Question 53 of 104
53. Question
“BCJC (Big Cloud Jumbo Corp) has placed a set of on-premise resources with an AWS Direct Connect provider. After establishing connections to a local AWS region in the US, BCJC needs to establish a low latency dedicated connection to an S3 public endpoint over the Direct Connect dedicated low latency connection.
What steps need to be taken to accomplish configuring a direct connection to a public S3 endpoint?”
CorrectIncorrect - Question 54 of 104
54. Question
“Big Brother Bank has been acquiring smaller banks. BBB has a security requirement that all bank employees are required to log into a central identity solution, so that when they log on they gain access to central bank resources. Given that each bank has their own AWS account, and existing application instances with which to run their bank software, how would BBB connect each bank’s AWS networks to the central VPC, as to allow each bank to use the central identity solution?
Each bank runs their VPC in the US-West-1 region, requires a high availability solution, and regulation does not allow each bank access to the others’ resources. How would you best design this solution?”
CorrectIncorrect - Question 55 of 104
55. Question
“BCJC has two batch processing applications that consume financial data about the day’s stock transactions. Each transaction needs to be stored durably and guarantee that a record of each application is delivered so the audit and billing batch processing applications can process the data. However, the two applications run separately and several hours apart and need access to the same transaction information. After reviewing the transaction information for the day, the information no longer needs to be stored.
What is the best way to architect this application?”
CorrectIncorrect - Question 56 of 104
56. Question
Your CIO has become very paranoid recently after a series of security breaches and wants you to start providing additional layers of security to all your company’s AWS resources. First up he wants you to provide additional layers of protection to all your EC2 resources. Which of the following would be a way of providing that additional layer of protection to all your EC2 resources?
CorrectIncorrect - Question 57 of 104
57. Question
You are excited that your company has just purchased a Direct Connect link from AWS as everything you now do on AWS should be much faster and more reliable. Your company is based in Sydney, Australia so obviously the Direct Connect Link to AWS will go into the Asia Pacific (Sydney) region. Your first job after the new link purchase is to create a multi-region design across the Asia Pacific(Sydney) region and the US West (N. California) region. You soon discover that all the infrastructure you deploy in the Asia Pacific(Sydney) region is extremely fast and reliable, however the infrastructure you deploy in the US West(N. California) region is much slower and unreliable. Which of the following would be the best option to make the US West(N. California) region a more reliable connection?
CorrectIncorrect - Question 58 of 104
58. Question
You have just developed a new mobile application that handles analytics workloads on large scale datasets that are stored on Amazon Redshift. Consequently, the application needs to access Amazon Redshift tables. Which of the below methods would be the best, both practically and security-wise, to access the tables?
CorrectIncorrect - Question 59 of 104
59. Question
You have a legacy application running that uses an m4.large instance size and cannot scale with Auto Scaling, but only has peak performance 5% of the time. This is a huge waste of resources and money so your Senior Technical Manager has set you the task of trying to reduce costs while still keeping the legacy application running as it should. Which of the following would best accomplish the task your manager has set you?
CorrectIncorrect - Question 60 of 104
60. Question
“BCJC is managing a customer’s application which currently includes a three-tier application configuration. The first tier manages the web instances and is configured in a public subnet. The second layer is the application layer. As part of the application code, the application instances upload large amounts of data to Amazon S3. Currently, the private subnets that the application instances are running on have a route to a single NAT t2.micro NAT instance.
The application, during peak loads, becomes slow and customer uploads from the application to S3 are not completing and taking a long time.
Which steps might you take to solve the issue using the most cost efficient method?”
CorrectIncorrect - Question 61 of 104
61. Question
You work for a large university whose AWS infrastructure has grown significantly over the last year and consequently the IT department has hired four new AWS System Administrators who will each manage a different Availability Zone in your infrastructure. You have 4 AZs. You have been given the task of giving these new staff access to be able to launch and manage instances in their zone only and should not be able to modify any of the other administrators’ zones. Which of the following options is the best solution to accomplish your task?
CorrectIncorrect - Question 62 of 104
62. Question
“BCJC is building out an AWS Cloud Environment for a financial regulatory firm. Part of the requirements are being able to monitor all changes in an environment and all traffic sent to and from the environment.
What suggestions would you make to ensure all the requirements for monitoring the financial architecture are satisfied? (Choose Two)
Choose the 2 correct answers:”
CorrectIncorrect - Question 63 of 104
63. Question
BCJC has hired a third-party security auditor, and the auditor needs read-only access to all AWS resources and logs of all VPC records and events that have occurred on AWS. How can BCJC meet the auditor’s requirements without comprising security in the AWS environment?
CorrectIncorrect - Question 64 of 104
64. Question
BCJC has a Redshift cluster for petabyte-scale data warehousing. The data within the cluster is easily reproducible from additional data stored on Amazon S3. BCJC wants to reduce the overall total cost of running this Redshift cluster. Which scenario would best meet the needs of the running cluster, while still reducing total overall ownership of the cluster?
CorrectIncorrect - Question 65 of 104
65. Question
One of your work colleagues has just left and you have been handed some of the infrastructure he set up. In one of the setups you start looking at, he has created multiple components of a single application and all the components are hosted on a single EC2 instance (without an ELB) in a VPC. You have been told that this needs to be set up with two separate SSLs for each component. Which of the following would best achieve the setting up off the two separate SSLs while using still only using one EC2 instance?
CorrectIncorrect - Question 66 of 104
66. Question
“You’ve configured an AWS VPC and several EC2 instances running MongoDB with an internal IP address of 10.0.2.1. To simplify failover and connectivity to the instance, you create an internal Route 53 A record called mongodb.example.com. You have a VPN connection from on-premise to your VPC and are attempting to connect an on-premise VMWare instance to mongodb.example.com, but the DNS will not resolve.
Given the current design, why is the internal DNS record not resolving on-premise?”CorrectIncorrect - Question 67 of 104
67. Question
You have been given the task of designing a backup strategy for your organization’s AWS resources with the only caveat being that you must use the AWS Storage Gateway. Which of the following is the most correct statement surrounding the backup strategy on the AWS Storage Gateway?
CorrectIncorrect - Question 68 of 104
68. Question
“Given the following IAM policy assign to user “”jeff””
{
“”Version””: “”2012-10-17″”,
“”Statement””: [
{
“”Action””: [
“”ec2:StartInstances””,
“”ec2:StopInstances””,
“”ec2:RebootInstances””,
“”ec2:TerminateInstances””
],
“”Condition””: {
“”StringEquals””: {
“”ec2:ResourceTag/env””:””production””
}
},
“”Resource””: [
“”arn:aws:ec2:us-east-1:account-id:instance/*””],
“”Effect””: “”Deny””
}
]
}”CorrectIncorrect - Question 69 of 104
69. Question
You are the administrator for a new startup company which has a production account and a development account on AWS. Up until this point, no one has had access to the production account except yourself. There are 20 people on the development account who now need various levels of access provided to them on the production account. 10 of them need read-only access to all resources on the production account, 5 of them need read/write access to EC2 resources, and the remaining 5 only need read-only access to S3 buckets. Which of the following options would be the best way, both practically and security-wise, to accomplish this task?
CorrectIncorrect - Question 70 of 104
70. Question
“You’re consulting for company that is migrating it’s legacy application to the AWS cloud. In order to apply high availability, you’ve decided to implement Elastic Load Balancer and Auto Scaling services to serve traffic to this legacy application.
The legacy application is not a standard HTTP web application but is a custom application with custom codes that is run internally for the employees of the company you are consulting.
The ports required to be open are port 80 and port 8080. What listener configuration would you create?”
CorrectIncorrect - Question 71 of 104
71. Question
Due to a lot of your EC2 services going off line at least once a week for no apparent reason your security officer has told you that you need to tighten up the logging of all events that occur on your AWS account. He wants to be able to access all events that occur on the account across all regions quickly and in the simplest way possible. He also wants to make sure he is the only person that has access to these events in the most secure way possible. Which of the following would be the best solution to assure his requirements are met?
CorrectIncorrect - Question 72 of 104
72. Question
“An auditor needs access to logs that record all API events on AWS. The auditor only needs read-only access to the log files and does not need access to each AWS account. BCJC has multiple AWS accounts, and the auditor needs access to all the logs for all the accounts. What is the best way to configure access for the auditor to view event logs from all accounts?
Given the current requirements, assume the method of “”least privilege”” security design and only allow the auditor access to the minimum amount of AWS resources as possible.”
CorrectIncorrect - Question 73 of 104
73. Question
BCJC is running data application on-premise that requires large amounts of data to be transferred to a VPC containing EC2 instances in an AWS region. BCJC is concerned about the total overall transfer costs required for this application and is potentially not going deploy a hybrid environment for the customer-facing part of the application to run in a VPC. Given that the data transferred to AWS is new data every time, what suggestions could you make to BCJC to help reduce the overall cost of data transfer to AWS?
CorrectIncorrect - Question 74 of 104
74. Question
“You’ve been working on a CloudFront whole site CDN for BCJC client. After configuring the whole site CDN with a custom CNAME and supported HTTPS custom domain (i.e., https://example.com) you open example.com and are receiving the following error: CloudFront wasn’t able to connect to the origin.
What might be the most likely cause of this error and how would you fix it?”
CorrectIncorrect - Question 75 of 104
75. Question
“A third party auditor is being brought in to review security processes and configurations for all of BCJC’s AWS accounts. Currently, BCJC does not use any on-premise identity provider. Instead, they rely on IAM accounts in each of their AWS accounts. The auditor needs read-only access to all AWS resources for each AWS account.
Given the requirements, what is the best security method for architecting access for the security auditor?”
CorrectIncorrect - Question 76 of 104
76. Question
“BCJC needs to configure a NAT gateway for its internal AWS applications to be able to download patches and package software. Currently, they are running a NAT instance that is using the floating IP scripting configuration to create fault tolerance for the NAT. The NAT gateway needs to be built with fault tolerance in mind to meet the needs of BCJC.
What is the best way to configure the NAT gateway with fault tolerance?”
CorrectIncorrect - Question 77 of 104
77. Question
You have acquired a new contract from a client to move all of his existing infrastructure onto AWS. You notice that he is running some of his applications using multicast, and he needs to keep it running as such when it is migrated to AWS. You discover that multicast is not available on AWS, as you cannot manage multiple subnets on a single interface on AWS and a subnet can only belong to one availability zone. Which of the following would enable you to deploy legacy applications on AWS that require multicast?
CorrectIncorrect - Question 78 of 104
78. Question
After having created a VPC with CIDR block 10.0.0.0/24 and launching it as a working network you decide a few weeks later that it is too small and you wish to make it larger. Which of the below options would accomplish this successfully?
CorrectIncorrect - Question 79 of 104
79. Question
A new client may use your company to move all their existing Data Center applications and infrastructure to AWS. This is going to be a huge contract for your company, and you have been handed the entire contract and need to provide an initial scope to this possible new client. One of the things you notice concerning the existing infrastructure is that it has a small amount of legacy applications that you are almost certain will not work on AWS. Which of the following would be the best strategy to employ regarding the migration of these legacy applications?
CorrectIncorrect - Question 80 of 104
80. Question
You are setting up a video streaming service with the main components of the set up being S3, CloudFront and Transcoder. Your video content will be stored on AWS S3, and your first job is to upload 10 videos to S3 and make sure they are secure before you even begin to start thinking of streaming the videos. The 10 videos have just finished uploading to S3, so you now need to secure them with encryption at rest. Which of the following would be the best way to do this?
CorrectIncorrect - Question 81 of 104
81. Question
Your job at a large scientific institution is moving along nicely. It is at the forefront of the latest research on nano-technology, of which you have become very passionate. You have been put in charge of scaling up some existing infrastructure which currently has 9 EC2 instances running in a Placement Group. All these 9 instances were initially launched at the same time and seem to be performing as expected. You decide that you need to add 2 new instances to the group; however, when you attempt to do this you receive a ‘capacity error’. Which of the following actions will most likely fix this problem?
CorrectIncorrect - Question 82 of 104
82. Question
Your company has just purchased some very expensive software which also involved the addition of a unique license for it. You have been told to set this up on an AWS EC2 instance; however, one of the problems is that the software license has to be tied to a specific MAC address and from your experience with AWS you know that every time an instance is restarted it will almost certainly lose it’s MAC address. What would be a possible solution to this given the options below?
CorrectIncorrect - Question 83 of 104
83. Question
The Dynamic Host Configuration Protocol (DHCP) provides a standard for passing configuration information to hosts on a TCP/IP network. You can have multiple sets of DHCP options, but you can associate only one set of DHCP options with a VPC at a time. You have just created your first set of DHCP options, associated it with your VPC but now realize that you have made an error in setting them up and you need to change the options. Which of the following options do you need to take to achieve this?
CorrectIncorrect - Question 84 of 104
84. Question
BCJC is running a MySQL RDS instance inside of AWS; however, a new requirement for disaster recovery is keeping a read replica of the production RDS instance in an on-premise data center. What is the securest way of performing this replication?
CorrectIncorrect - Question 85 of 104
85. Question
“BCJC has an employee that keeps terminating EC2 instances on the production environment. You’ve determined the best way to ensure this doesn’t happen is to add an extra layer of defense against terminating the instances. What is the best method to ensure the employee does not terminate the production instances?
Choose the 2 correct answers:”CorrectIncorrect - Question 86 of 104
86. Question
“You’ve created a temporary application that accepts image uploads, stores them in S3, and records information about the image in RDS. After building this architecture and accepting images for the duration required, it’s time to delete the CloudFormation template. However, your manager has informed you that for archival reasons the RDS data needs to be stored and the S3 bucket with the images needs to remain. Your manager has also instructed you to ensure that the application can be restored by a CloudFormation template and run next year during the same period.
Knowing that when a CloudFormation template is deleted, it will remove the resources it created, what is the best method for achieving the desired goals?”
CorrectIncorrect - Question 87 of 104
87. Question
The company you work for has a huge amount of infrastructure built on AWS. However there has been some concerns recently about the security of this infrastructure, and an external auditor has been given the task of running a thorough check of all of your company’s AWS assets. The auditor will be in the USA while your company’s infrastructure resides in the Asia Pacific (Sydney) region on AWS. Initially, he needs to check all of your VPC assets, specifically, security groups and NACLs You have been assigned the task of providing the auditor with a login to be able to do this. Which of the following would be the best and most secure solution to provide the auditor with so he can begin his initial investigations?
CorrectIncorrect - Question 88 of 104
88. Question
“You are setting up a VPN for a customer to connect his remote network to his Amazon VPC environment. There are a number of ways to accomplish this and to help you decide you have been given a list of the things that the customer has specified that the network needs to be able to do. They are as follows:
– Predictable network performance
– Support for BGP peering and routing policies
– A secure IPsec VPN connection but not over the Internet
Which of the following VPN options would best satisfy the customer’s requirements?”CorrectIncorrect - Question 89 of 104
89. Question
BCJC is running a web application that has a high amount of dynamic content. BCJC is looking to reduce load time by implementing a caching solution that will help reduce load times for clients requesting the application. What is the best possible solution and why?
CorrectIncorrect - Question 90 of 104
90. Question
BCJC has developed a viral marketing website that specializes in posting blog posts that go viral. The posts usually receive 90% of the viral traffic within 24 hours of being posted and often need to be updated with corrections during the first 24 hours. What would be the best method for implementing a solution to help handle the scale of requests given the behavior of the blog posts?
CorrectIncorrect - Question 91 of 104
91. Question
“You’re migrating an existing application to the AWS cloud. The application will be primarily using EC2 instances. This application needs to be built with the highest availability architecture available. The application currently relies on hardcoded hostnames for intercommunication between the three tiers. You’ve migrated the application and configured the multi-tiers using the internal Elastic Load Balancer for serving the traffic. The load balancer hostname is example-app.us-east-1.elb.amazonaws.com. The current hard-coded hostname in your application used to communicate between your multi-tier application is applayer.example.com.
What is the best method for architecting this setup to have as much high availability as possible?”
CorrectIncorrect - Question 92 of 104
92. Question
Your company has just set up a new document server on it’s AWS VPC, and it has four very important clients that it wants to give access to. These clients also have VPCs on AWS and it is through these VPCs that they will be given accessibility to the document server. In addition, each of the clients should not have access to any of the other clients’ VPCs.
CorrectIncorrect - Question 93 of 104
93. Question
Amazon ElastiCache currently supports two different in-memory key-value engines, Memcached and Redis. You are launching your first ElastiCache cache cluster, and you have to choose which engine you prefer. You are not 100% sure but you decide on Memcached, which you know has a few key features different to Redis. Which of the following is NOT one of those key features?
CorrectIncorrect - Question 94 of 104
94. Question
“BCJC has developed a Ruby on Rails content management platform. Currently, BCJC is using OpsWorks with several stacks for dev, staging, and production to deploy and manage the application.
BCJC is about to implement a new feature on the CMS application using Python instead of Ruby.
How should BCJC deploy this new application feature?”
CorrectIncorrect - Question 95 of 104
95. Question
BCJC (Big Cloud Jumbo Corp) is designing a high availability solution for a customer. This customer’s requirements are that their application needs to be able to handle an unexpected amount of load and allow site visitors to read data from a DynamoDB table, which contains the results of an online polling system. Given this information, what would be the best and most cost-saving method for architecting and developing this application?
CorrectIncorrect - Question 96 of 104
96. Question
You are excited to have just been employed by a large scientific institution that is at the cutting edge of high-performance computing. Your first job is to launch 10 Large EC2 instances which will all be used to crunch huge amounts of data and will also need to pass this data back and forth between each other. Which of the following would be the most efficient setup to achieve this?
CorrectIncorrect - Question 97 of 104
97. Question
BCJC is consulting for a company that runs their current application entirely all on-premise. However, they are expecting a big boost in traffic tomorrow and need to figure out a way to decrease the load to handle the scale. Unfortunately, they cannot migrate their application to AWS in the period required. What could they do with their current on-premise application to help offload some of the traffic and scale to meet the demand expected in 24 hours?
CorrectIncorrect - Question 98 of 104
98. Question
You’ve created a mobile application that serves data stored in an Amazon DynamoDB table. Your primary concern is scalability of the application and being able to handle millions of visitors and data requests. As part of your application, the customer needs access to the data located in the DynamoDB table. Given the application requirements, what would be the best method for designing the application?
CorrectIncorrect - Question 99 of 104
99. Question
Due to cost-cutting measurements being implemented by your organization, you have been told that you need to migrate some of your existing resources to another region. The first task you have been given is to copy all of your Amazon Machine Images from Asia Pacific (Sydney) to US West (Oregon). One of the things that you are unsure of is how the PEM keys on your Amazon Machine Images need to be migrated. Which of the following best describes how your PEM keys are affected when AMIs are migrated between regions?
CorrectIncorrect - Question 100 of 104
100. Question
BCJC is running Oracle DB workloads on AWS. Currently, they are running the Oracle RAC configuration on the AWS public cloud. You’ve been tasked with configuring backups on the RAC cluster to enable durability. What is the best method for configuring backups?
CorrectIncorrect - Question 101 of 104
101. Question
BCJC has three consolidated billing accounts; dev, staging, and production. The dev account has purchased two reserved instances with instance type of m4.large in Availability Zone 1a. However, no instances are running on the dev account, but a m4.large is running in the staging account inside of availability zone 1a. Who can receive the pricing?
CorrectIncorrect - Question 102 of 104
102. Question
You have two different groups using Redshift to analyze data of a petabyte-scale data warehouse. Each query issued by the first group takes approximately 1-2 hours to analyze the data while the second group’s queries only take between 5-10 minutes to analyze data. You don’t want the second group’s queries to wait until the first group’s queries are finished. You need to design a solution so that this does not happen. Which of the following would be the best and cheapest solution to deploy to solve this dilemma?
CorrectIncorrect - Question 103 of 104
103. Question
You’re building a mobile application game. The application needs permissions for each user to communicate and store data in DynamoDB tables. What is the best method for granting each mobile device that installs your application to access DynamoDB tables for storage when required?
CorrectIncorrect - Question 104 of 104
104. Question
“After configuring a whole site CDN on CloudFront you receive the following error: This distribution is not configured to allow the HTTP request method that was used for this request. The distribution supports only cachable requests.
What is the most likely cause of this?”
CorrectIncorrect
Leave a Reply