AWS Solutions Architecture Associate Practice Questions Part 4

What are the characteristics of Elastic Beanstalk ? (chose 2 correct
answers)

How do you achieve single sign on with AWS (chose 1 correct answers)

What is true about VPC ? (chose 3 correct answers)

An instance is connected to an ENI (Elastic Network Interface) in
one subnet. What happens when you attach an ENI of a different
subnet to this instance? (chose 1 correct answers)

You are running an ERP application on EC2 for your company that
runs 24×7 and the load is predictable and constant throughout the
year. Which is the most cost-efficient option for the EC2 purchase
model in this case ?  (chose 1 correct answers)

What are the characteristics of EBS ?  (chose 3 correct answers)

What is true about AMI  ? (chose 4 correct answers)

What is true about RDS ? (chose 3 correct answers)

What are the characteristics of Subnet ?  (chose 2 correct answers)

Which of the following can be used as an origin server in
CloudFront? ( Choose 3 correct answers ) 

You are doing a large data analysis which requires high computing
power and many instances to be launched simultaneously and then to
be retired after the analysis. If the instance is retired during the
analysis, the program automatically shifts the analysis to the other
instance. Which is the most cost-efficient option for launching the EC2
in this case? (chose 1 correct answers)

What kind of data should not be stored in S3 ? (chose 3 correct
answers)

What are the characteristics of a reserved instance ? (chose 3
correct answers)

What are the characteristics of CloudFormation ? (chose 2 correct
answers)

In Which case do you have full authority of the underlying
host ? (chose 2 correct answers)

What is true about EBS ? (chose 3 correct answers)

What is the difference between a security group in VPC and a
network ACL in VPC ? (chose 3 correct answers)

Which of the following Auto scaling cannot do ? (chose 3 correct
answers)

What is true for S3 buckets ? (chose 3 correct answers)

Choose the correct statement ? (chose 3 correct answers)

In CloudFront what happens when content is NOT present at an
Edge location and a request is made to it? (chose 1 correct answers)

Which of the following will provide the maximum IOPS for your
EC2 ? (chose 1 correct answers)

You are setting up some EBS volumes for a customer who has requested a setup which includes a RAID (redundant array of inexpensive disks ) .  AWS has some recommendations for RAID setup . Which RAID setup is not recommended for Amazon EBS ?

You are building infrastructure for a data warehousing solution and an extra request has come through that there will be a lot of business reporting queries running all the time and you are not sure if your current DB instance will be able to handle it. What would be the best solution for this?

You receive a bill from AWS but are confused as the exact same storage size you have in different regions on Amazon S3 are incurring different costs. You enquire to AWS as to why this is so. What response would you expect to receive from AWS ?

“You’re consulting for a new customer, who is attempting to create a hybrid network between AWS and their on-premise data centers. Currently, they have internal databases running on-premise that, due to licensing reasons, cannot be migrated to AWS. The front end of the application has been migrated to AWS and uses the DB hostname “”db.internalapp.local”” to communicate with the on-premise database servers. Hostnames provide an easy method for updating IP addresses in event of failover instead of having to update the IP address in the code.

Given the current architecture what is the best way to configure internal DNS for this hybrid application? (Choose Two)”

“BCJC has many employees who need to run internal applications that access the company’s AWS resources. These employees already have user credentials in the company’s current identity authentication system, which does not support SAML 2.0. The company does not want to create a separate IAM user for each company employee.

How should the SSO setup be designed?

Choose the 2 correct answers:”

You have been given a new brief from your supervisor for a client who needs a web application set up on AWS. The most important requirement is that MySQL must be used as the database, and this database must not be hosted in the public cloud, but rather at the client’s data center due to security risks. Which of the following solutions would be the best to assure that the client’s requirements are met?

A few weeks into your dream job with the large scientific institution, a group of EC2 instances that you set up in a Placement Group doesn’t seem to run as efficiently as you expected it to and seems to be suffering from low performance of packets, high latency and lots of jitter. Consequently, you have started to look at ways to fix this. Which of the following solutions would create enhanced networking capabilities on instances that would result in higher instances of packets per second, lower latency, and reduced jitter?

You are setting up a website for a small startup company. You have built them what you believe to be a great solution on AWS for the money they wanted to spend. It is a very image intensive site, so you have utilized CloudFront to help with the serving of images. The client complains to you, however, that he requires a custom domain name when serving up this content that should work with https from CloudFront, so rather than being provided with a xxxx.cloudfront.net domain he wants a custom domain such as ssuc.com. What would you need to do to accomplish what the customer is asking?

BCJC has a legacy application with licensing that is attached to a single MAC address. Since an EC2 instance can receive a new MAC address when launching new instances, how can you ensure that your EC2 instance can maintain a single MAC address for licensing?

Once again your security officer is on your case and this time is asking you to make sure the AWS Key Management Service (AWS KMS) is working as it is supposed to. You are initially not too sure how KMS even works, however after some intense late night reading you think you have come up with a reasonable definition. Which of the following best describes how the AWS Key Management Service works?

“You’ve recently migrated an application from a customer’s on-premise data center to the AWS cloud. Currently, you’re using the ELB to serve traffic to the legacy application. The ELP is also using HTTP port 80 as the health check ping port. The application is currently responding by returning a website on port 80 when you test the IP address directly. However, the instance is not registering as healthy even though the appropriate amount of time has passed for the health check to register as healthy.

How might the issue be resolved?”

DDoS attacks that happen at the application layer commonly target web applications with lower volumes of traffic compared to infrastructure attacks. To mitigate these types of attacks, you should probably want to include a WAF (Web Application Firewall) as part of your infrastructure. To inspect all HTTP requests, WAFs sit in-line with your application traffic. Unfortunately, this creates a scenario where WAFs can become a point of failure or bottleneck. To mitigate this problem, you need the ability to run multiple WAFs on demand during traffic spikes. This type of scaling for WAF is done via a “WAF sandwich.” Which of the following statements best describes what a “WAF sandwich” is?

“You’re working as a consultant for a company that has a three tier application. The application layer of this architecture sends over 20Gbps of data per seconds during peak hours to and from Amazon S3. Currently, you’re running two NAT gateways in two subnets to transfer the data from your private application layer to Amazon S3. You will also need to ensure that the instances receive software patches from a third party repository.

What architecture changes should be made, if any?”

BCJC is running an Amazon Redshift cluster with four nodes running 24/7/365 and expects, potentially, to add one on-demand node for one to two days once during the year. Which architecture would have the lowest possible cost for the cluster requirement?

“BCJC has a library of on-demand MP4 files needing to be streamed publicly on their new video webinar website. The video files are archived and are expected to be streamed globally, primarily on mobile devices.

Given the requirements what would be the best architecture for BCJC to design?”

After the Government organization you work for suffers it’s 3rd DDOS attack of the year you have been handed one part of a strategy to try and stop this from happening again. You have been told that your job is to minimize the attack surface area. You do have a vague idea of some of the things you need to put in place to achieve this. Which of the following is NOT one of the ways to minimize the attack surface area as a DDOS minimization strategy?

“You want to set up a public website on AWS. The things that you require are as follows:

– You want the database and the application server running on AWS VPC.
– You want the database to be able to connect to the Internet, specifically for any patch upgrades.
– You do not want to receive any incoming requests from the Internet to the database.

Which of the following solutions would be the best to satisfy all the above requirements for your planned public website on AWS?”

A large multi-national corporation has come to you and asked if you can provide a high availability and disaster recovery plan for their organization. Their primary concern is not to lose any data so they are fine if there is a longer recovery time as it will presumably save on cost. Which of the following options would be the best one for this corporation, given the concerns that they have outlined to you above?

You have created a VPC with CIDR block 10.0.0.0/24, which supports 256 IP addresses. You want to now split this into two subnets, each supporting 128 IP addresses. Can this be done and if so how will the allocation of IP addresses be configured?

BCJC is running a production load Redshift cluster for a client. The client has an RTO objective of one hour and an RPO of one day. While configuring the initial cluster what configuration would best meet the recovery needs of the client for this specific Redshift cluster configuration?

You are designing multi-region architecture and you want to send users to a geographic location based on latency- based routing, which seems simple enough; however, you also want to use weighted-based routing among resources within that region. Which of the below setups would best accomplish this?

When you create a subnet, you specify the CIDR block for the subnet. The CIDR block of a subnet can be the same as the CIDR block for the VPC (for a single subnet in the VPC), or a subset (to enable multiple subnets). The allowed block size is between a /28 netmask and /16 netmask. You decide to you create a VPC with CIDR block 10.0.0.0/24. Therefore what is the maximum allowed number of IP addresses and the minimum allowed number of IP addresses according to AWS and what is the number of IP addresses supported by the VPC you created?

You have been told by your security officer that you need to give a presentation on encryption on data at rest on AWS to 50 of your co-workers. You feel like you understand this extremely well regarding data stored on AWS S3 so you aren’t too concerned, but you begin to panic a little when you realize you also probably need to talk about encryption on data stored on your databases, namely Amazon RDS. Regarding Amazon RDS encryption, which of the following statements is the truest?

You’ve been tasked with creating file level restore on your EC2 instances. You need to be able to restore an individual lost file on an EC2 instance within 15 minutes of a reported loss of information. The acceptable RPO is several hours. How would you perform this on an EC2 instance?

“In an attempt to cut costs your accounts manager has come to you and tells you that he thinks that if the company starts to use consolidated billing that it will save some money. He also wants the billing set up in such a way that it is relatively simple, and it gives insights into the environment regarding utilization of resources. Which of the following consolidated billing setups would satisfy your account manager’s needs?

Choose the 2 correct answers:”

“BCJC is hosting an Nginx web application. They want to use EMR to create EMR jobs that shift through all of the web server logs and error logs to pull statistics on click stream and errors based off of client IP address.

Given the requirements what would be the best method for collecting the log data and analyzing it automatically?”

“You’re working as a constant for a company designing a new hybrid architecture to manage part of their application infrastructure in the cloud and on-premise. As part of the infrastructure, they need to consistently transfer high amounts of data. They require a low latency and high consistency traffic to AWS. The company is looking to keep costs as low possible and is willing to accept slow traffic in the event of primary failure.

Given these requirements how would you design a hybrid architecture?”

“BCJC has developed a sensor intended to be placed inside of people’s shoes, monitoring the number of steps taken every day. BCJC is expecting thousands of sensors reporting in every minute and hopes to scale to millions by the end of the year. A requirement for the project is it needs to be able to accept the data, run it through ETL to store in warehouse and archive it on Amazon Glacier, with room for a real-time dashboard for the sensor data to be added at a later date.

What is the best method for architecting this application given the requirements?”

You have just set up your first AWS Data Pipeline. AWS Data Pipeline is a web service that you can use to automate the movement and transformation of data. With AWS Data Pipeline, you can define data-driven workflows, so that tasks can be dependent on the successful completion of previous tasks. You are pretty excited that it is about to run; however, when it finally kicks off, you receive a “400 Error Code: PipelineNotFoundException.” Which of the following explanations is the most accurate in describing what this error probably means?

Your final task that will complete a cloud migration for a customer is to set up an Active Directory service for him so that he can use Microsoft Active Directory with the newly-deployed AWS services. After reading the AWS documentation for this, you discover there are 3 options available to set up the AWS Directory Service. You call the customer for more information about his requirements, and he tells you he has 10,000 users on his AD service and wants to be able to use his existing on-premises directory with AWS services. Which of the following options for setting up the AWS Directory Service would be the most appropriate for your customer?

“BCJC (Big Cloud Jumbo Corp) has placed a set of on-premise resources with an AWS Direct Connect provider. After establishing connections to a local AWS region in the US, BCJC needs to establish a low latency dedicated connection to an S3 public endpoint over the Direct Connect dedicated low latency connection.

What steps need to be taken to accomplish configuring a direct connection to a public S3 endpoint?”

“Big Brother Bank has been acquiring smaller banks. BBB has a security requirement that all bank employees are required to log into a central identity solution, so that when they log on they gain access to central bank resources. Given that each bank has their own AWS account, and existing application instances with which to run their bank software, how would BBB connect each bank’s AWS networks to the central VPC, as to allow each bank to use the central identity solution?

Each bank runs their VPC in the US-West-1 region, requires a high availability solution, and regulation does not allow each bank access to the others’ resources. How would you best design this solution?”

“BCJC has two batch processing applications that consume financial data about the day’s stock transactions. Each transaction needs to be stored durably and guarantee that a record of each application is delivered so the audit and billing batch processing applications can process the data. However, the two applications run separately and several hours apart and need access to the same transaction information. After reviewing the transaction information for the day, the information no longer needs to be stored.

What is the best way to architect this application?”

Your CIO has become very paranoid recently after a series of security breaches and wants you to start providing additional layers of security to all your company’s AWS resources. First up he wants you to provide additional layers of protection to all your EC2 resources. Which of the following would be a way of providing that additional layer of protection to all your EC2 resources?

You are excited that your company has just purchased a Direct Connect link from AWS as everything you now do on AWS should be much faster and more reliable. Your company is based in Sydney, Australia so obviously the Direct Connect Link to AWS will go into the Asia Pacific (Sydney) region. Your first job after the new link purchase is to create a multi-region design across the Asia Pacific(Sydney) region and the US West (N. California) region. You soon discover that all the infrastructure you deploy in the Asia Pacific(Sydney) region is extremely fast and reliable, however the infrastructure you deploy in the US West(N. California) region is much slower and unreliable. Which of the following would be the best option to make the US West(N. California) region a more reliable connection?

You have just developed a new mobile application that handles analytics workloads on large scale datasets that are stored on Amazon Redshift. Consequently, the application needs to access Amazon Redshift tables. Which of the below methods would be the best, both practically and security-wise, to access the tables?

You have a legacy application running that uses an m4.large instance size and cannot scale with Auto Scaling, but only has peak performance 5% of the time. This is a huge waste of resources and money so your Senior Technical Manager has set you the task of trying to reduce costs while still keeping the legacy application running as it should. Which of the following would best accomplish the task your manager has set you?

“BCJC is managing a customer’s application which currently includes a three-tier application configuration. The first tier manages the web instances and is configured in a public subnet. The second layer is the application layer. As part of the application code, the application instances upload large amounts of data to Amazon S3. Currently, the private subnets that the application instances are running on have a route to a single NAT t2.micro NAT instance.

The application, during peak loads, becomes slow and customer uploads from the application to S3 are not completing and taking a long time.

Which steps might you take to solve the issue using the most cost efficient method?”

You work for a large university whose AWS infrastructure has grown significantly over the last year and consequently the IT department has hired four new AWS System Administrators who will each manage a different Availability Zone in your infrastructure. You have 4 AZs. You have been given the task of giving these new staff access to be able to launch and manage instances in their zone only and should not be able to modify any of the other administrators’ zones. Which of the following options is the best solution to accomplish your task?

“BCJC is building out an AWS Cloud Environment for a financial regulatory firm. Part of the requirements are being able to monitor all changes in an environment and all traffic sent to and from the environment.

What suggestions would you make to ensure all the requirements for monitoring the financial architecture are satisfied? (Choose Two)

Choose the 2 correct answers:”

BCJC has hired a third-party security auditor, and the auditor needs read-only access to all AWS resources and logs of all VPC records and events that have occurred on AWS. How can BCJC meet the auditor’s requirements without comprising security in the AWS environment?

BCJC has a Redshift cluster for petabyte-scale data warehousing. The data within the cluster is easily reproducible from additional data stored on Amazon S3. BCJC wants to reduce the overall total cost of running this Redshift cluster. Which scenario would best meet the needs of the running cluster, while still reducing total overall ownership of the cluster?

One of your work colleagues has just left and you have been handed some of the infrastructure he set up. In one of the setups you start looking at, he has created multiple components of a single application and all the components are hosted on a single EC2 instance (without an ELB) in a VPC. You have been told that this needs to be set up with two separate SSLs for each component. Which of the following would best achieve the setting up off the two separate SSLs while using still only using one EC2 instance?

“You’ve configured an AWS VPC and several EC2 instances running MongoDB with an internal IP address of 10.0.2.1. To simplify failover and connectivity to the instance, you create an internal Route 53 A record called mongodb.example.com. You have a VPN connection from on-premise to your VPC and are attempting to connect an on-premise VMWare instance to mongodb.example.com, but the DNS will not resolve.
Given the current design, why is the internal DNS record not resolving on-premise?”

You have been given the task of designing a backup strategy for your organization’s AWS resources with the only caveat being that you must use the AWS Storage Gateway. Which of the following is the most correct statement surrounding the backup strategy on the AWS Storage Gateway?

“Given the following IAM policy assign to user “”jeff””

{
“”Version””: “”2012-10-17″”,
“”Statement””: [
{
“”Action””: [
“”ec2:StartInstances””,
“”ec2:StopInstances””,
“”ec2:RebootInstances””,
“”ec2:TerminateInstances””
],
“”Condition””: {
“”StringEquals””: {
“”ec2:ResourceTag/env””:””production””
}
},
“”Resource””: [
“”arn:aws:ec2:us-east-1:account-id:instance/*””

],
“”Effect””: “”Deny””
}
]
}”

You are the administrator for a new startup company which has a production account and a development account on AWS. Up until this point, no one has had access to the production account except yourself. There are 20 people on the development account who now need various levels of access provided to them on the production account. 10 of them need read-only access to all resources on the production account, 5 of them need read/write access to EC2 resources, and the remaining 5 only need read-only access to S3 buckets. Which of the following options would be the best way, both practically and security-wise, to accomplish this task?

“You’re consulting for company that is migrating it’s legacy application to the AWS cloud. In order to apply high availability, you’ve decided to implement Elastic Load Balancer and Auto Scaling services to serve traffic to this legacy application.

The legacy application is not a standard HTTP web application but is a custom application with custom codes that is run internally for the employees of the company you are consulting.

The ports required to be open are port 80 and port 8080. What listener configuration would you create?”

Due to a lot of your EC2 services going off line at least once a week for no apparent reason your security officer has told you that you need to tighten up the logging of all events that occur on your AWS account. He wants to be able to access all events that occur on the account across all regions quickly and in the simplest way possible. He also wants to make sure he is the only person that has access to these events in the most secure way possible. Which of the following would be the best solution to assure his requirements are met?

“An auditor needs access to logs that record all API events on AWS. The auditor only needs read-only access to the log files and does not need access to each AWS account. BCJC has multiple AWS accounts, and the auditor needs access to all the logs for all the accounts. What is the best way to configure access for the auditor to view event logs from all accounts?

Given the current requirements, assume the method of “”least privilege”” security design and only allow the auditor access to the minimum amount of AWS resources as possible.”

BCJC is running data application on-premise that requires large amounts of data to be transferred to a VPC containing EC2 instances in an AWS region. BCJC is concerned about the total overall transfer costs required for this application and is potentially not going deploy a hybrid environment for the customer-facing part of the application to run in a VPC. Given that the data transferred to AWS is new data every time, what suggestions could you make to BCJC to help reduce the overall cost of data transfer to AWS?

“You’ve been working on a CloudFront whole site CDN for BCJC client. After configuring the whole site CDN with a custom CNAME and supported HTTPS custom domain (i.e., https://example.com) you open example.com and are receiving the following error: CloudFront wasn’t able to connect to the origin.

What might be the most likely cause of this error and how would you fix it?”

“A third party auditor is being brought in to review security processes and configurations for all of BCJC’s AWS accounts. Currently, BCJC does not use any on-premise identity provider. Instead, they rely on IAM accounts in each of their AWS accounts. The auditor needs read-only access to all AWS resources for each AWS account.

Given the requirements, what is the best security method for architecting access for the security auditor?”

“BCJC needs to configure a NAT gateway for its internal AWS applications to be able to download patches and package software. Currently, they are running a NAT instance that is using the floating IP scripting configuration to create fault tolerance for the NAT. The NAT gateway needs to be built with fault tolerance in mind to meet the needs of BCJC.

What is the best way to configure the NAT gateway with fault tolerance?”

You have acquired a new contract from a client to move all of his existing infrastructure onto AWS. You notice that he is running some of his applications using multicast, and he needs to keep it running as such when it is migrated to AWS. You discover that multicast is not available on AWS, as you cannot manage multiple subnets on a single interface on AWS and a subnet can only belong to one availability zone. Which of the following would enable you to deploy legacy applications on AWS that require multicast?

After having created a VPC with CIDR block 10.0.0.0/24 and launching it as a working network you decide a few weeks later that it is too small and you wish to make it larger. Which of the below options would accomplish this successfully?

A new client may use your company to move all their existing Data Center applications and infrastructure to AWS. This is going to be a huge contract for your company, and you have been handed the entire contract and need to provide an initial scope to this possible new client. One of the things you notice concerning the existing infrastructure is that it has a small amount of legacy applications that you are almost certain will not work on AWS. Which of the following would be the best strategy to employ regarding the migration of these legacy applications?

You are setting up a video streaming service with the main components of the set up being S3, CloudFront and Transcoder. Your video content will be stored on AWS S3, and your first job is to upload 10 videos to S3 and make sure they are secure before you even begin to start thinking of streaming the videos. The 10 videos have just finished uploading to S3, so you now need to secure them with encryption at rest. Which of the following would be the best way to do this?

Your job at a large scientific institution is moving along nicely. It is at the forefront of the latest research on nano-technology, of which you have become very passionate. You have been put in charge of scaling up some existing infrastructure which currently has 9 EC2 instances running in a Placement Group. All these 9 instances were initially launched at the same time and seem to be performing as expected. You decide that you need to add 2 new instances to the group; however, when you attempt to do this you receive a ‘capacity error’. Which of the following actions will most likely fix this problem?

Your company has just purchased some very expensive software which also involved the addition of a unique license for it. You have been told to set this up on an AWS EC2 instance; however, one of the problems is that the software license has to be tied to a specific MAC address and from your experience with AWS you know that every time an instance is restarted it will almost certainly lose it’s MAC address. What would be a possible solution to this given the options below?

The Dynamic Host Configuration Protocol (DHCP) provides a standard for passing configuration information to hosts on a TCP/IP network. You can have multiple sets of DHCP options, but you can associate only one set of DHCP options with a VPC at a time. You have just created your first set of DHCP options, associated it with your VPC but now realize that you have made an error in setting them up and you need to change the options. Which of the following options do you need to take to achieve this?

BCJC is running a MySQL RDS instance inside of AWS; however, a new requirement for disaster recovery is keeping a read replica of the production RDS instance in an on-premise data center. What is the securest way of performing this replication?

“BCJC has an employee that keeps terminating EC2 instances on the production environment. You’ve determined the best way to ensure this doesn’t happen is to add an extra layer of defense against terminating the instances. What is the best method to ensure the employee does not terminate the production instances?
Choose the 2 correct answers:”

“You’ve created a temporary application that accepts image uploads, stores them in S3, and records information about the image in RDS. After building this architecture and accepting images for the duration required, it’s time to delete the CloudFormation template. However, your manager has informed you that for archival reasons the RDS data needs to be stored and the S3 bucket with the images needs to remain. Your manager has also instructed you to ensure that the application can be restored by a CloudFormation template and run next year during the same period.

Knowing that when a CloudFormation template is deleted, it will remove the resources it created, what is the best method for achieving the desired goals?”

The company you work for has a huge amount of infrastructure built on AWS. However there has been some concerns recently about the security of this infrastructure, and an external auditor has been given the task of running a thorough check of all of your company’s AWS assets. The auditor will be in the USA while your company’s infrastructure resides in the Asia Pacific (Sydney) region on AWS. Initially, he needs to check all of your VPC assets, specifically, security groups and NACLs You have been assigned the task of providing the auditor with a login to be able to do this. Which of the following would be the best and most secure solution to provide the auditor with so he can begin his initial investigations?

“You are setting up a VPN for a customer to connect his remote network to his Amazon VPC environment. There are a number of ways to accomplish this and to help you decide you have been given a list of the things that the customer has specified that the network needs to be able to do. They are as follows:

– Predictable network performance
– Support for BGP peering and routing policies
– A secure IPsec VPN connection but not over the Internet
Which of the following VPN options would best satisfy the customer’s requirements?”

BCJC is running a web application that has a high amount of dynamic content. BCJC is looking to reduce load time by implementing a caching solution that will help reduce load times for clients requesting the application. What is the best possible solution and why?

BCJC has developed a viral marketing website that specializes in posting blog posts that go viral. The posts usually receive 90% of the viral traffic within 24 hours of being posted and often need to be updated with corrections during the first 24 hours. What would be the best method for implementing a solution to help handle the scale of requests given the behavior of the blog posts?

“You’re migrating an existing application to the AWS cloud. The application will be primarily using EC2 instances. This application needs to be built with the highest availability architecture available. The application currently relies on hardcoded hostnames for intercommunication between the three tiers. You’ve migrated the application and configured the multi-tiers using the internal Elastic Load Balancer for serving the traffic. The load balancer hostname is example-app.us-east-1.elb.amazonaws.com. The current hard-coded hostname in your application used to communicate between your multi-tier application is applayer.example.com.

What is the best method for architecting this setup to have as much high availability as possible?”

Your company has just set up a new document server on it’s AWS VPC, and it has four very important clients that it wants to give access to. These clients also have VPCs on AWS and it is through these VPCs that they will be given accessibility to the document server. In addition, each of the clients should not have access to any of the other clients’ VPCs.

Amazon ElastiCache currently supports two different in-memory key-value engines, Memcached and Redis. You are launching your first ElastiCache cache cluster, and you have to choose which engine you prefer. You are not 100% sure but you decide on Memcached, which you know has a few key features different to Redis. Which of the following is NOT one of those key features?

“BCJC has developed a Ruby on Rails content management platform. Currently, BCJC is using OpsWorks with several stacks for dev, staging, and production to deploy and manage the application.

BCJC is about to implement a new feature on the CMS application using Python instead of Ruby.

How should BCJC deploy this new application feature?”

BCJC (Big Cloud Jumbo Corp) is designing a high availability solution for a customer. This customer’s requirements are that their application needs to be able to handle an unexpected amount of load and allow site visitors to read data from a DynamoDB table, which contains the results of an online polling system. Given this information, what would be the best and most cost-saving method for architecting and developing this application?

You are excited to have just been employed by a large scientific institution that is at the cutting edge of high-performance computing. Your first job is to launch 10 Large EC2 instances which will all be used to crunch huge amounts of data and will also need to pass this data back and forth between each other. Which of the following would be the most efficient setup to achieve this?

BCJC is consulting for a company that runs their current application entirely all on-premise. However, they are expecting a big boost in traffic tomorrow and need to figure out a way to decrease the load to handle the scale. Unfortunately, they cannot migrate their application to AWS in the period required. What could they do with their current on-premise application to help offload some of the traffic and scale to meet the demand expected in 24 hours?

You’ve created a mobile application that serves data stored in an Amazon DynamoDB table. Your primary concern is scalability of the application and being able to handle millions of visitors and data requests. As part of your application, the customer needs access to the data located in the DynamoDB table. Given the application requirements, what would be the best method for designing the application?

Due to cost-cutting measurements being implemented by your organization, you have been told that you need to migrate some of your existing resources to another region. The first task you have been given is to copy all of your Amazon Machine Images from Asia Pacific (Sydney) to US West (Oregon). One of the things that you are unsure of is how the PEM keys on your Amazon Machine Images need to be migrated. Which of the following best describes how your PEM keys are affected when AMIs are migrated between regions?

BCJC is running Oracle DB workloads on AWS. Currently, they are running the Oracle RAC configuration on the AWS public cloud. You’ve been tasked with configuring backups on the RAC cluster to enable durability. What is the best method for configuring backups?

BCJC has three consolidated billing accounts; dev, staging, and production. The dev account has purchased two reserved instances with instance type of m4.large in Availability Zone 1a. However, no instances are running on the dev account, but a m4.large is running in the staging account inside of availability zone 1a. Who can receive the pricing?

You have two different groups using Redshift to analyze data of a petabyte-scale data warehouse. Each query issued by the first group takes approximately 1-2 hours to analyze the data while the second group’s queries only take between 5-10 minutes to analyze data. You don’t want the second group’s queries to wait until the first group’s queries are finished. You need to design a solution so that this does not happen. Which of the following would be the best and cheapest solution to deploy to solve this dilemma?

You’re building a mobile application game. The application needs permissions for each user to communicate and store data in DynamoDB tables. What is the best method for granting each mobile device that installs your application to access DynamoDB tables for storage when required?

“After configuring a whole site CDN on CloudFront you receive the following error: This distribution is not configured to allow the HTTP request method that was used for this request. The distribution supports only cachable requests.

What is the most likely cause of this?”