Archive for February 2018

You are responsible for your company's AWS resources, and you notice a significant amount of traffic from an IP address in a foreign country in which your company does not have customers. Further investigation of the traffic indicates the source of the traffic is scanning for open ports on your EC2-VPC instances.

You are responsible for your company's AWS resources, and you notice a significant amount of traffic from an IP address in a foreign country in which your company does not have customers. Further investigation of the traffic indicates the source of the traffic is scanning for open ports on your EC2-VPC instances. 

Which one of the following resources can deny the traffic from reaching the instances?


A. Security group
B. Network ACL
C. NAT instance
D. An Amazon VPC endpoint





Answer: B

Which of the following will occur when an Amazon Elastic Block Store (Amazon EBS)- backed Amazon EC2 instance in an Amazon VPC with an associated EIP is stopped and started? (Choose 2 answers)

Which of the following will occur when an Amazon Elastic Block Store (Amazon EBS)- backed Amazon EC2 instance in an Amazon VPC with an associated EIP is stopped and started? (Choose 2 answers)



A. The EIP will be dissociated from the instance.
B. All data on instance-store devices will be lost.
C. All data on Amazon EBS devices will be lost.
D. The ENI is detached.
E. The underlying host for the instance is changed.




Answer: B E

You have created a custom Amazon VPC with both private and public subnets. You have created a NAT instance and deployed this instance to a public subnet. You have attached an EIP address and added your NAT to the route table. Unfortunately, instances in your private subnet still cannot access the Internet. What may be the cause of this?

You have created a custom Amazon VPC with both private and public subnets. You have created a NAT instance and deployed this instance to a public subnet. You have attached an EIP address and added your NAT to the route table. Unfortunately, instances in your private subnet still cannot access the Internet.
What may be the cause of this?



A. Your NAT is in a public subnet, but it needs to be in a private subnet.
B. Your NAT should be behind an Elastic Load Balancer.
C. You should disable source/destination checks on the NAT.
D. Your NAT has been deployed on a Windows instance, but your other instances are Linux. You should redeploy the NAT onto a Linux instance.




Answer: C

You create a new VPC in US-East-1 and provision three subnets inside this Amazon VPC. Which of the following statements is true?

You create a new VPC in US-East-1 and provision three subnets inside this Amazon VPC.
Which of the following statements is true?



A. By default, these subnets will not be able to communicate with each other; you will need to create routes.
B. All subnets are public by default.
C. All subnets will be able to communicate with each other by default.
D. Each subnet will have identical CIDR blocks.



Answer: C

What happens when you create a new Amazon VPC?

What happens when you create a new Amazon VPC?



A. A main route table is created by default.
B. Three subnets are created by default—one for each Availability Zone.
C. Three subnets are created by default in one Availability Zone.
D. An IGW is created by default.



Answer: A

You are a solutions architect working for a large travel company that is migrating its existing server estate to AWS. You have recommended that they use a custom Amazon VPC, and they have agreed to proceed. They will need a public subnet for their web servers and a private subnet in which to place their databases. They also require that the web servers and database servers be highly available and that there be a minimum of two web servers and two database servers each. How many subnets should you have to maintain high availability?

You are a solutions architect working for a large travel company that is migrating its existing server estate to AWS. You have recommended that they use a custom Amazon VPC, and they have agreed to proceed. They will need a public subnet for their web servers and a private subnet in which to place their databases. They also require that the web servers and database servers be highly available and that there be a minimum of two web servers and two database servers each.
How many subnets should you have to maintain high availability?



A. 2
B. 3
C. 4
D. 1



Answer: C

Which statements about Amazon Glacier are true? (Choose 3 answers)

Which statements about Amazon Glacier are true? (Choose 3 answers)



A. Amazon Glacier stores data in objects that live in archives.
B. Amazon Glacier archives are identified by user-specified key names.
C. Amazon Glacier archives take three to five hours to restore.
D. Amazon Glacier vaults can be locked.
E. Amazon Glacier can be used as a standalone service and as an Amazon S3 storage class.




Answer: C D E

You have valuable media files hosted on AWS and want them to be served only to authenticated users of your web application. You are concerned that your content could be stolen and distributed for free. How can you protect your content?

You have valuable media files hosted on AWS and want them to be served only to authenticated users of your web application. You are concerned that your content could be stolen and distributed for free. How can you protect your content?



A. Use static web hosting.
B. Generate pre-signed URLs for content in the web application.
C. Use AWS Identity and Access Management (IAM) policies to restrict access.
D. Use logging to track your content.




Answer: B

What must be done to host a static website in an Amazon Simple Storage Service (Amazon S3) bucket? (Choose 3 answers)

What must be done to host a static website in an Amazon Simple Storage Service (Amazon S3) bucket? (Choose 3 answers)



A. Configure the bucket for static hosting and specify an index and error document.
B. Create a bucket with the same name as the website.
C. Enable File Transfer Protocol (FTP) on the bucket.
D. Make the objects in the bucket world-readable.
E. Enable HTTP on the bucket.




Answer: A B D

Amazon Simple Storage Service (Amazon S3) is an eventually consistent storage system. For what kinds of operations is it possible to get stale data as a result of eventual consistency? (Choose 2 answers)

Amazon Simple Storage Service (Amazon S3) is an eventually consistent storage system. For what kinds of operations is it possible to get stale data as a result of eventual consistency? (Choose 2 answers)



A. GET after PUT of a new object
B. GET or LIST after a DELETE
C. GET after overwrite PUT (PUT to an existing key)
D. DELETE after PUT of new object



Answer: B C

Your company has 100TB of financial records that need to be stored for seven years by law. Experience has shown that any record more than one-year old is unlikely to be accessed. Which of the following storage plans meets these needs in the most cost efficient manner?

Your company has 100TB of financial records that need to be stored for seven years by law. Experience has shown that any record more than one-year old is unlikely to be accessed. Which of the following storage plans meets these needs in the most cost efficient manner?




A. Store the data on Amazon Elastic Block Store (Amazon EBS) volumes attached to
t2.micro instances.
B. Store the data on Amazon Simple Storage Service (Amazon S3) with lifecycle policies that change the storage class to Amazon Glacier after one year and delete the object after seven years.
C. Store the data in Amazon DynamoDB and run daily script to delete data older than seven years.
D. Store the data in Amazon Elastic MapReduce (Amazon EMR).



Answer: B

What is needed before you can enable cross-region replication on an Amazon Simple Storage Service (Amazon S3) bucket? (Choose 2 answers)

What is needed before you can enable cross-region replication on an Amazon Simple Storage Service (Amazon S3) bucket? (Choose 2 answers)



A. Enable versioning on the bucket.
B. Enable a lifecycle rule to migrate data to the second region.
C. Enable static website hosting.
D. Create an AWS Identity and Access Management (IAM) policy to allow Amazon S3 to replicate objects on your behalf.



Answer: A D

You have a popular web application that accesses data stored in an Amazon Simple Storage Service (Amazon S3) bucket. You expect the access to be very read-intensive, with expected request rates of up to 500 GETs per second from many clients. How can you increase the performance and scalability of Amazon S3 in this case?

You have a popular web application that accesses data stored in an Amazon Simple Storage Service (Amazon S3) bucket. You expect the access to be very read-intensive, with expected request rates of up to 500 GETs per second from many clients. How can you increase the performance and scalability of Amazon S3 in this case?



A. Turn on cross-region replication to ensure that data is served from multiple
locations.
B. Ensure randomness in the namespace by including a hash prefix to key names.
C. Turn on server access logging.
D. Ensure that key names are sequential to enable pre-fetch.



Answer: B

Your company requires that all data sent to external storage be encrypted before being sent. Which Amazon Simple Storage Service (Amazon S3) encryption solution will meet this requirement?

Your company requires that all data sent to external storage be encrypted before being sent. Which Amazon Simple Storage Service (Amazon S3) encryption solution will meet this requirement?



A. Server-Side Encryption (SSE) with AWS-managed keys (SSE-S3)
B. SSE with customer-provided keys (SSE-C)
C. Client-side encryption with customer-managed keys
D. Server-side encryption with AWS Key Management Service (AWS KMS) keys (SSEKMS)




Answer: C

What are some reasons to enable cross-region replication on an Amazon Simple Storage Service (Amazon S3) bucket? (Choose 2 answers)

What are some reasons to enable cross-region replication on an Amazon Simple Storage Service (Amazon S3) bucket? (Choose 2 answers)



A. You want a backup of your data in case of accidental deletion.
B. You have a set of users or customers who can access the second bucket with lower latency.
C. For compliance reasons, you need to store data in a location at least 300 miles away from the first region.
D. Your data needs at least five nines of durability.


Answer: B C

To have a record of who accessed your Amazon Simple Storage Service (Amazon S3) data and from where, you should do what?

To have a record of who accessed your Amazon Simple Storage Service (Amazon S3) data and from where, you should do what?



A. Enable versioning on the bucket.
B. Enable website hosting on the bucket.
C. Enable server access logs on the bucket.
D. Create an AWS Identity and Access Management (IAM) bucket policy.
E. Enable Amazon CloudWatch logs.




Answer: C

Based on the following Amazon Simple Storage Service (Amazon S3) URL, which one of the following statements is correct?

Based on the following Amazon Simple Storage Service (Amazon S3) URL, which one of the following statements is correct?


https://bucket1.abc.com.s3.amazonaws.com/folderx/myfile.doc


A. The object "myfile.doc" is stored in the folder "folderx" in the bucket "bucket1.abc.com."
B. The object "myfile.doc" is stored in the bucket "bucket1.abc.com."
C. The object "folderx/myfile.doc" is stored in the bucket "bucket1.abc.com."
D. The object "myfile.doc" is stored in the bucket "bucket1."



Answer: C

How is data stored in Amazon Simple Storage Service (Amazon S3) for high durability?

How is data stored in Amazon Simple Storage Service (Amazon S3) for high durability?



A. Data is automatically replicated to other regions.
B. Data is automatically replicated within a region.
C. Data is replicated only if versioning is enabled on the bucket.
D. Data is automatically backed up on tape and restored if needed.



Answer: B

Your company stores documents in Amazon Simple Storage Service (Amazon S3), but it wants to minimize cost. Most documents are used actively for only about a month, then much less frequently. However, all data needs to be available within minutes when requested. How can you meet these requirements?

Your company stores documents in Amazon Simple Storage Service (Amazon S3), but it wants to minimize cost. Most documents are used actively for only about a month, then much less frequently. However, all data needs to be available within minutes when requested.  How can you meet these requirements?



A. Migrate the data to Amazon S3 Reduced Redundancy Storage (RRS) after 30 days.
B. Migrate the data to Amazon Glacier after 30 days.
C. Migrate the data to Amazon S3 Standard - Infrequent Access (IA) after 30 days.
D. Turn on versioning, then migrate the older version to Amazon Glacier.




Answer: C

Your application stores critical data in Amazon Simple Storage Service (Amazon S3), which must be protected against inadvertent or intentional deletion. How can this data be protected? (Choose 2 answers)

Your application stores critical data in Amazon Simple Storage Service (Amazon S3), which must be protected against inadvertent or intentional deletion. How can this data be protected? (Choose 2 answers)



A. Use cross-region replication to copy data to another bucket automatically.
B. Set a vault lock.
C. Enable versioning on the bucket.
D. Use a lifecycle policy to migrate data to Amazon Glacier.
E. Enable MFA Delete on the bucket.




Answer: C E

Which features can be used to restrict access to Amazon Simple Storage Service (Amazon S3) data? (Choose 3 answers)

Which features can be used to restrict access to Amazon Simple Storage Service (Amazon S3) data? (Choose 3 answers)



A. Enable static website hosting on the bucket.
B. Create a pre-signed URL for an object.
C. Use an Amazon S3 Access Control List (ACL) on a bucket or object.
D. Use a lifecycle policy.
E. Use an Amazon S3 bucket policy.




Answer: B C E

What are some of the key characteristics of Amazon Simple Storage Service (Amazon S3)? (Choose 3 answers)

What are some of the key characteristics of Amazon Simple Storage Service (Amazon S3)? (Choose 3 answers)



A. All objects have a URL.
B. Amazon S3 can store unlimited amounts of data.
C. Objects are world-readable by default.
D. Amazon S3 uses a REST (Representational State Transfer) Application Program Interface (API).
E. You must pre-allocate the storage in a bucket.



Answer: A B D

Which of the following are not appropriates use cases for Amazon Simple Storage Service (Amazon S3)? (Choose 2 answers)

Which of the following are not appropriates use cases for Amazon Simple Storage Service (Amazon S3)? (Choose 2 answers)



A. Storing web content
B. Storing a file system mounted to an Amazon Elastic Compute Cloud (Amazon EC2) instance
C. Storing backups for a relational database
D. Primary storage for a database
E. Storing logs for analytics



Answer: B D

In what ways does Amazon Simple Storage Service (Amazon S3) object storage differ from block and file storage? (Choose 2 answers)

In what ways does Amazon Simple Storage Service (Amazon S3) object storage differ from block and file storage? (Choose 2 answers)



A. Amazon S3 stores data in fixed size blocks.
B. Objects are identified by a numbered address.
C. Objects can be any size.
D. Objects contain both data and metadata.
E. Objects are stored in buckets.



Answer: D E

How are you billed for elastic IP addresses?

How are you billed for elastic IP addresses?



A. Hourly when they are associated with an instance
B. Hourly when they are not associated with an instance
C. Based on the data that flows through them
D. Based on the instance type to which they are attached



Answer: B

You have a workload that requires 1 TB of durable block storage at 1,500 IOPS during normal use. Every night there is an Extract, Transform, Load (ETL) task that requires 3,000 IOPS for 15 minutes. What is the most appropriate volume type for this workload?

You have a workload that requires 1 TB of durable block storage at 1,500 IOPS during normal use. Every night there is an Extract, Transform, Load (ETL) task that requires 3,000 IOPS for 15 minutes. What is the most appropriate volume type for this workload?




A. Use a Provisioned IOPS SSD volume at 3,000 IOPS.
B. Use an instance store.
C. Use a general-purpose SSD volume.
D. Use a magnetic volume.



Answer: C

Using the correctly decrypted Administrator password and RDP, you cannot log in to a Windows instance you just launched. Which of the following is a possible reason?

Using the correctly decrypted Administrator password and RDP, you cannot log in to a Windows instance you just launched.  Which of the following is a possible reason?



A. There is no security group rule that allows RDP access over port 3389 from your IP address.
B. The instance is a Reserved Instance.
C. The instance is not using enhanced networking.
D. The instance is not an Amazon EBS-optimized instance.


Answer: A

How can you connect to a new Linux instance using SSH?

How can you connect to a new Linux instance using SSH?



A. Decrypt the root password.
B. Using a certificate
C. Using the private half of the instance's key pair
D. Using Multi-Factor Authentication (MFA)




Answer: C

Which of the following can be accomplished through bootstrapping?

Which of the following can be accomplished through bootstrapping?


A. Install the most current security updates.
B. Install the current version of the application.
C. Configure Operating System (OS) services.
D. All of the above.




Answer: D

You are restoring an Amazon Elastic Block Store (Amazon EBS) volume from a snapshot. How long will it be before the data is available?

You are restoring an Amazon Elastic Block Store (Amazon EBS) volume from a snapshot. How long will it be before the data is available? 



A. It depends on the provisioned size of the volume.
B. The data will be available immediately.
C. It depends on the amount of data stored on the volume.
D. It depends on whether the attached instance is an Amazon EBS-optimized instance.



Answer: B

You have a workload that requires 15,000 consistent IOPS for data that must be durable. What combination of the following steps do you need? (Choose 2 answers)

You have a workload that requires 15,000 consistent IOPS for data that must be durable. What combination of the following steps do you need? (Choose 2 answers)



A. Use an Amazon Elastic Block Store (Amazon EBS)-optimized instance.
B. Use an instance store.
C. Use a Provisioned IOPS SSD volume.
D. Use a magnetic volume.


Answer: A C

You need to take a snapshot of an Amazon Elastic Block Store (Amazon EBS) volume. How long will the volume be unavailable?

You need to take a snapshot of an Amazon Elastic Block Store (Amazon EBS) volume. How long will the volume be unavailable?



A. It depends on the provisioned size of the volume.
B. The volume will be available immediately.
C. It depends on the amount of data stored on the volume.
D. It depends on whether the attached instance is an Amazon EBS-optimized instance.


Answer: B

Which of the following are features of Amazon Elastic Block Store (Amazon EBS)? (Choose 2 answers)

Which of the following are features of Amazon Elastic Block Store (Amazon EBS)? (Choose 2 answers)



A. Data stored on Amazon EBS is automatically replicated within an Availability Zone.
B. Amazon EBS data is automatically backed up to tape.
C. Amazon EBS volumes can be encrypted transparently to workloads on the attached instance.
D. Data on an Amazon EBS volume is lost when the attached instance is stopped.



Answer: A C

You are creating a High-Performance Computing (HPC) cluster and need very low latency and high bandwidth between instances. What combination of the following will allow this? (Choose 3 answers)

You are creating a High-Performance Computing (HPC) cluster and need very low latency and high bandwidth between instances. What combination of the following will allow this? (Choose 3 answers)



A. Use an instance type with 10 Gbps network performance.
B. Put the instances in a placement group.
C. Use Dedicated Instances.
D. Enable enhanced networking on the instances.
E. Use Reserved Instances.



Answer: A B D

Your instance is associated with two security groups. The first allows Remote Desktop Protocol (RDP) access over port 3389 from Classless Inter-Domain Routing (CIDR) block 72.14.0.0/16. The second allows HTTP access over port 80 from CIDR block 0.0.0.0/0. What traffic can reach your instance?

Your instance is associated with two security groups. The first allows Remote Desktop Protocol (RDP) access over port 3389 from Classless Inter-Domain Routing (CIDR) block 72.14.0.0/16. The second allows HTTP access over port 80 from CIDR block 0.0.0.0/0. What traffic can reach your instance?



A. RDP and HTTP access from CIDR block 0.0.0.0/0
B. No traffic is allowed.
C. RDP and HTTP traffic from 72.14.0.0/16
D. RDP traffic over port 3389 from 72.14.0.0/16 and HTTP traffic over port 80 from 0.0.00/0




Answer: D

Your order-processing application processes orders extracted from a queue with two Reserved Instances processing 10 orders/minute. If an order fails during processing, then it is returned to the queue without penalty. Due to a weekend sale, the queues have several hundred orders backed up. While the backup is not catastrophic, you would like to drain it so that customers get their confirmation emails faster. What is a cost-effective way to drain the queue for orders?

Your order-processing application processes orders extracted from a queue with two Reserved Instances processing 10 orders/minute. If an order fails during processing, then it is returned to the queue without penalty. Due to a weekend sale, the queues have several hundred orders backed up. While the backup is not catastrophic, you would like to drain it so that customers get their confirmation emails faster. What is a cost-effective way to drain the queue for orders?



A. Create more queues.
B. Deploy additional Spot Instances to assist in processing the orders.
C. Deploy additional Reserved Instances to assist in processing the orders.
D. Deploy additional On-Demand Instances to assist in processing the orders.



Answer: B

Your web application needs four instances to support steady traffic nearly all of the time. On the last day of each month, the traffic triples. What is a cost-effective way to handle this traffic pattern?

Your web application needs four instances to support steady traffic nearly all of the time. On the last day of each month, the traffic triples. What is a cost-effective way to handle this traffic pattern?



A. Run 12 Reserved Instances all of the time.
B. Run four On-Demand Instances constantly, then add eight more On-Demand Instances on the last day of each month.
C. Run four Reserved Instances constantly, then add eight On-Demand Instances on the last day of each month.
D. Run four On-Demand Instances constantly, then add eight Reserved Instances on the last day of each month.




Answer: C

Your company provides a mobile voting application for a popular TV show, and 5 to 25 million viewers all vote in a 15-second timespan. What mechanism can you use to decouple the voting application from your back-end services that tally the votes?

Your company provides a mobile voting application for a popular TV show, and 5 to 25 million viewers all vote in a 15-second timespan. What mechanism can you use to decouple the voting application from your back-end services that tally the votes?



A. AWS CloudTrail
B. Amazon Simple Queue Service (Amazon SQS)
C. Amazon Redshift
D. Amazon Simple Notification Service (Amazon SNS)



Answer: B

What AWS Cloud service provides a logically isolated section of the AWS Cloud where organizations can launch AWS resources in a virtual network that they define?

What AWS Cloud service provides a logically isolated section of the AWS Cloud where organizations can launch AWS resources in a virtual network that they define?



A. Amazon Simple Workflow Service (Amazon SWF)
B. Amazon Route 53
C. Amazon Virtual Private Cloud (Amazon VPC)
D. AWS CloudFormation


Answer: C

Your company runs an Amazon Elastic Compute Cloud (Amazon EC2) instance periodically to perform a batch processing job on a large and growing filesystem. At the end of the batch job, you shut down the Amazon EC2 instance to save money but need to persist the filesystem on the Amazon EC2 instance from the previous batch runs. What AWS Cloud service can you leverage to meet these requirements?

Your company runs an Amazon Elastic Compute Cloud (Amazon EC2) instance periodically to perform a batch processing job on a large and growing filesystem. At the end of the batch job, you shut down the Amazon EC2 instance to save money but need to persist the filesystem on the Amazon EC2 instance from the previous batch runs.  What AWS Cloud service can you leverage to meet these requirements?



A. Amazon Elastic Block Store (Amazon EBS)
B. Amazon DynamoDB
C. Amazon Glacier
D. AWS CloudFormation



Answer: A

Your company provides an online photo sharing service. The development team is looking for ways to deliver image files with the lowest latency to end users so the website content is delivered with the best possible performance. What service can help speed up distribution of these image files to end users around the world?

Your company provides an online photo sharing service. The development team is looking for ways to deliver image files with the lowest latency to end users so the website content is delivered with the best possible performance. What service can help speed up distribution of these image files to end users around the world?



A. Amazon Elastic Compute Cloud (Amazon EC2)
B. Amazon Route 53
C. AWS Storage Gateway
D. Amazon CloudFront



Answer: D

Your company experiences fluctuations in traffic patterns to their e-commerce website based on flash sales. What service can help your company dynamically match the required compute capacity to the spike in traffic during flash sales?

Your company experiences fluctuations in traffic patterns to their e-commerce website based on flash sales. What service can help your company dynamically match the required compute capacity to the spike in traffic during flash sales?



A. Auto Scaling
B. Amazon Glacier
C. Amazon Simple Notification Service (Amazon SNS)
D. Amazon Virtual Private Cloud (Amazon VPC)



Answer: A

Each AWS region is composed of two or more locations that offer organizations the ability to operate production systems that are more highly available, fault-tolerant, and scalable than would be possible using a single data center. What are these locations called?

Each AWS region is composed of two or more locations that offer organizations the ability to operate production systems that are more highly available, fault-tolerant, and scalable than would be possible using a single data center. What are these locations called?



A. Availability Zones
B. Replication areas
C. Geographic districts
D. Compute centers



Answer: A
Subscribe to: Posts (Atom)