Jump to content

AWS Certified folks

Batman_fan

By Batman_fan
in Discussions

 Share

Recommended Posts
  • Replies 86
  • Created
  • Last Reply

Top Posters In This Topic

  • katuri

    19

  • Batman_fan

    15

  • micxas

    13

  • ARYA

    9

Popular Days

Top Posters In This Topic

Popular Days

katuri Hero

katuri

Posted
Posted

AWS Certified Solutions Architect - Associate
Exam: AWS-SAA
Edition: 3.0
AWS-SAA
1
http://www.examarea.com
http://www.fravo.com
QUESTION: 1
An ERP application is deployed across multiple AZs in a single region. In the
event of failure, the Recovery Time Objective (RTO) must be less than 3 hours,
and the Recovery Point Objective (RPO) must be 15 minutes the customer
realizes that data corruption occurred roughly 1.5 hours ago. What DR strategy
could be used to achieve this RTO and RPO in the event of this kind of failure?
A. Take hourly DB backups to S3, with transaction logs stored in S3 every 5
minutes.
B. Use synchronous database master-slave replication between two availability
zones.
C. Take hourly DB backups to EC2 Instance store volumes with transaction logs
stored In S3 every 5 minutes.
D. Take 15 minute DB backups stored In Glacier with transaction logs stored in
S3 every 5 minutes.
Answer: C
QUESTION: 2
You are designing a social media site and are considering how to mitigate
distributed denial-of-service (DDoS) attacks. Which of the below are viable
mitigation techniques? (Choose 3 answers)
A. Add multiple elastic network interfaces (ENIs) to each EC2 instance to
increase the network bandwidth.
B. Use dedicated instances to ensure that each instance has the maximum
performance possible.
C. Use an Amazon CloudFront distribution for both static and dynamic content.
D. Use an Elastic Load Balancer with auto scaling groups at the web. App and
Amazon Relational Database Service (RDS) tiers
E. Add alert Amazon CloudWatch to look for high Network in and CPU
utilization.
F. Create processes and capabilities to quickly add and remove rules to the
instance OS firewall.
Answer: B, D, F
QUESTION: 3
You would like to create a mirror image of your production environment in
another region for disaster recovery purposes. Which of the following AWS
resources do not need to be recreated in the second region? (Choose 2 answers)
AWS-SAA
2
http://www.examarea.com
http://www.fravo.com
A. Route 53 Record Sets
B. IM1 Roles
C. Elastic IP Addresses (EIP)
D. EC2 Key Pairs
E. Launch configurations
F. Security Groups
Answer: A, C
Reference:
http://ltech.com/wpcontent/
themes/optimize/download/AWS_Disaster_Recovery.pdf (page 6)
QUESTION: 4
You are responsible for a legacy web application whose server environment is
approaching end of life You would like to migrate this application to AWS as
quickly as possible, since the application environment currently has the following
limitations:
✑ The VM's single 10GB VMDK is almost full
✑ Me virtual network interface still uses the 10Mbps driver, which leaves your
100Mbps WAN connection completely underutilized
✑ It is currently running on a highly customized. Windows VM within a
VMware environment:
✑ You do not have me installation media
This is a mission critical application with an RTO (Recovery Time Objective) of
8 hours. RPO (Recovery Point Objective) of 1 hour. How could you best migrate
this application to AWS while meeting your business continuity requirements?
A. Use the EC2 VM Import Connector for vCenter to import the VM into EC2.
B. Use Import/Export to import the VM as an ESS snapshot and attach to EC2.
C. Use S3 to create a backup of the VM and restore the data into EC2.
D. Use me ec2-bundle-instance API to Import an Image of the VM into EC2
Answer: A
QUESTION: 5
A newspaper organization has a on-premises application which allows the public
to search its back catalogue and retrieve individual newspaper pages via a website
written in Java They have scanned the old newspapers into JPEGs (approx 17TB)
and used Optical Character Recognition (OCR) to populate a commercial search
product. The hosting platform and software are now end of life and the
AWS-SAA
3
http://www.examarea.com
http://www.fravo.com
organization wants to migrate Its archive to AWS and produce a cost efficient
architecture and still be designed for availability and durability Which is the most
appropriate?
A. Use S3 with reduced redundancy lo store and serve the scanned files, install
the commercial search application on EC2 Instances and configure with autoscaling
and an Elastic Load Balancer.
B. Model the environment using CloudFormation use an EC2 instance running
Apache webserver and an open source search application, stripe multiple standard
EBS volumes together to store the JPEGs and search index.
C. Use S3 with standard redundancy to store and serve the scanned files, use
CloudSearch for query processing, and use Elastic Beanstalk to host the website
across multiple availability zones.
D. Use a single-AZ RDS MySQL instance lo store the search index 33d the JPEG
images use an EC2 instance to serve the website and translate user queries into
SQL.
E. Use a CloudFront download distribution to serve the JPEGs to the end users
and Install the current commercial search product, along with a Java Container
Tor the website on EC2 instances and use Route53 with DNS round-robin.
Answer: B
QUESTION: 6
Your system recently experienced down time during the troubleshooting process.
You found that a new administrator mistakenly terminated several production
EC2 instances. Which of the following strategies will help prevent a similar
situation in the future? The administrator still must be able to:
- launch, start stop, and terminate development resources.
- launch and start production instances.
A. Create an IAM user, which is not allowed to terminate instances by leveraging
production EC2 termination protection.
B. Leverage resource based tagging along with an IAM user, which can prevent
specific users from terminating production EC2 resources.
C. Leverage EC2 termination protection and multi-factor authentication, which
together require users to authenticate before terminating EC2 instances
D. Create an IAM user and apply an IAM role which prevents users from
terminating production EC2 instances.
Answer: D
QUESTION: 7
AWS-SAA
4
http://www.examarea.com
http://www.fravo.com
You are designing Internet connectivity for your VPC. The Web servers must be
available on the Internet. The application must have a highly available
architecture. Which alternatives should you consider? (Choose 2 answers)
A. Configure a NAT instance in your VPC Create a default route via the NAT
instance and associate it with all subnets Configure a DNS A record that points to
the NAT instance public IP address.
B. Configure a CloudFront distribution and configure the origin to point to the
private IP addresses of your Web servers Configure a Route53 CNAME record to
your CloudFront distribution.
C. Place all your web servers behind EL8 Configure a Route53 CNMIE to point
to the ELB DNS name.
D. Assign BPs to all web servers. Configure a Route53 record set with all EIPs.
With health checks and DNS failover.
E. Configure ELB with an EIP Place all your Web servers behind ELB Configure
a Route53 A record that points to the EIP.
Answer: B, C
QUESTION: 8
An administrator is using Amazon CloudFormation to deploy a three tier web
application that consists of a web tier and application tier that will utilize Amazon
DynamoDB for storage when creating the CloudFormation template which of the
following would allow the application instance access to the DynamoDB tables
without exposing API credentials?
A. Create an Identity and Access Management Role that has the required
permissions to read and write from the required DynamoDB table and associate
the Role to the application instances by referencing an instance profile.
B. Use me Parameter section in the Cloud Formation template to nave the user
input Access and Secret Keys from an already created IAM user that has me
permissions required to read and write from the required DynamoDB table.
C. Create an Identity and Access Management Role that has the required
permissions to read and write from the required DynamoDB table and reference
the Role in the instance profile property of the application instance.
D. Create an identity and Access Management user in the CloudFormation
template that has permissions to read and write from the required DynamoDB
table, use the GetAtt function to retrieve the Access and secret keys and pass them
to the application instance through user-data.
Answer: C
AWS-SAA
5
http://www.examarea.com
http://www.fravo.com
QUESTION: 9
Your company has recently extended its datacenter into a VPC on AVVS to add
burst computing capacity as needed Members of your Network Operations Center
need to be able to go to the AWS Management Console and administer Amazon
EC2 instances as necessary You don't want to create new IAM users for each
NOC member and make those users sign in again to the AWS Management
Console Which option below will meet the needs for your NOC members?
A. Use OAuth 2 0 to retrieve temporary AWS security credentials to enable your
NOC members to sign in to the AVVS Management Console.
B. Use web Identity Federation to retrieve AWS temporary security credentials to
enable your NOC members to sign in to the AWS Management Console.
C. Use your on-premises SAML 2 O-compliant identity provider (IDP) to grant
the NOC members federated access to the AWS Management Console via the
AWS single sign-on (SSO) endpoint.
D. Use your on-premises SAML2.0-compliam identity provider (IDP) to retrieve
temporary security credentials to enable NOC members to sign in to the AWS
Management Console.
Answer: D
QUESTION: 10
Your website is serving on-demand training videos to your workforce. Videos are
uploaded monthly in high resolution MP4 format. Your workforce is distributed
globally often on the move and using company-provided tablets that require the
HTTP Live Streaming (HLS) protocol to watch a video. Your company has no
video transcoding expertise and it required you may need to pay for a consultant.
How do you implement the most cost-efficient architecture without compromising
high availability and quality of video delivery'?
A. Elastic Transcoder to transcode original high-resolution MP4 videos to HLS
S3 to host videos with Utecycle Management to archive original flies to Glacier
after a few days CloudFront to serve HLS transcoded videos from S3
B. A video transcoding pipeline running on EC2 using SQS to distribute tasks and
Auto Scaling to adjust the number or nodes depending on the length of the queue
S3 to host videos with Lifecycle Management to archive all files to Glacier after a
few days CloudFront to serve HLS transcoding videos from Glacier
C. Elastic Transcoder to transcode original nigh-resolution MP4 videos to HLS
EBS volumes to host videos and EBS snapshots to incrementally backup original
rues after a few days CloudFront to serve HLS transcoded videos from EC2.
D. A video transcoding pipeline running on EC2 using SOS to distribute tasks and
Auto Scaling to adjust the number of nodes depending on the length of the queue
E8S volumes to host videos and EBS snapshots to incrementally backup original
files after a few days CloudFront to serve HLS transcoded videos from EC2
AWS-SAA
6
http://www.examarea.com
http://www.fravo.com
Answer: A
QUESTION: 11
You are implementing AWS Direct Connect. You intend to use AWS public
service end points such as Amazon S3, across the AWS Direct Connect link. You
want other Internet traffic to use your existing link to an Internet Service Provider.
What is the correct way to configure AWS Direct connect for access to services
such as Amazon S3?
A. Configure a public Interface on your AWS Direct Connect link Configure a
static route via your AWS Direct Connect link that points to Amazon S3
Advertise a default route to AWS using BGP.
B. Create a private interface on your AWS Direct Connect link. Configure a static
route via your AWS Direct connect link that points to Amazon S3 Configure
specific routes to your network in your VPC.
C. Create a public interface on your AWS Direct Connect link Redistribute BGP
routes into your existing routing infrastructure advertise specific routes for your
network to AWS.
D. Create a private interface on your AWS Direct connect link. Redistribute BGP
routes into your existing routing infrastructure and advertise a default route to
AWS.
Answer: C
QUESTION: 12
You require the ability to analyze a customer's clickstream data on a website so
they can do behavioral analysis. Your customer needs to know what sequence of
pages and ads their customer clicked on. This data will be used in real time to
modify the page layouts as customers click through the site to increase stickiness
and advertising click-through. Which option meets the requirements for
captioning and analyzing this data?
A. Log clicks in weblogs by URL store to Amazon S3, and then analyze with
Elastic MapReduce
B. Push web clicks by session to Amazon Kinesis and analyze behavior using
Kinesis workers
C. Write click events directly to Amazon Redshift and then analyze with SQL
D. Publish web clicks by session to an Amazon SQS queue men periodically drain
these events to Amazon RDS and analyze with sol
AWS-SAA
7
http://www.examarea.com
http://www.fravo.com
Answer: B
Reference:
http://www.slideshare.net/AmazonWebServices/aws-webcast-introduction-toamazon-
kinesis
QUESTION: 13
You have deployed a web application targeting a global audience across multiple
AWS Regions under the domain name.example.com. You decide to use Route53
Latency-Based Routing to serve web requests to users from the region closest to
the user. To provide business continuity in the event of server downtime you
configure weighted record sets associated with two web servers in separate
Availability Zones per region. Dunning a DR test you notice that when you
disable all web servers in one of the regions Route53 does not automatically
direct all users to the other region. What could be happening? (Choose 2 answers)
A. Latency resource record sets cannot be used in combination with weighted
resource record sets.
B. You did not setup an http health check tor one or more of the weighted
resource record sets associated with me disabled web servers.
C. The value of the weight associated with the latency alias resource record set in
the region with the disabled servers is higher than the weight for the other region.
D. One of the two working web servers in the other region did not pass its HTTP
health check.
E. You did not set "Evaluate Target Health" to "Yes" on the latency alias resource
record set associated with example com in the region where you disabled the
servers.
Answer: B, D
QUESTION: 14
A customer has established an AWS Direct Connect connection to AWS. The link
is up and routes are being advertised from the customer's end, however the
customer is unable to connect from EC2 instances inside its VPC to servers
residing in its datacenter. Which of the following options provide a viable
solution to remedy this situation? (Choose 2 answers)
A. Add a route to the route table with an iPsec VPN connection as the target.
B. Enable route propagation to the virtual pinnate gateway (VGW).
C. Enable route propagation to the customer gateway (CGW).
D. Modify the route table of all Instances using the 'route' command.
E. Modify the Instances VPC subnet route table by adding a route back to the
customer's on-premises environment.
AWS-SAA
8
http://www.examarea.com
http://www.fravo.com
Answer: A, C
QUESTION: 15
Your company is in the process of developing a next generation pet collar that
collects biometric information to assist families with promoting healthy lifestyles
for their pets Each collar will push 30kb of biometric data In JSON format every
2 seconds to a collection platform that will process and analyze the data providing
health trending information back to the pet owners and veterinarians via a web
portal Management has tasked you to architect the collection platform ensuring
the following requirements are met. Provide the ability for real-time analytics of
the inbound biometric data Ensure processing of the biometric data is highly
durable. Elastic and parallel The results of the analytic processing should be
persisted for data mining Which architecture outlined below win meet the initial
requirements for the collection platform?
A. Utilize S3 to collect the inbound sensor data analyze the data from S3 with a
daily scheduled Data Pipeline and save the results to a Redshift Cluster.
B. Utilize Amazon Kinesis to collect the inbound sensor data, analyze the data
with Kinesis clients and save the results to a Redshift cluster using EMR.
C. Utilize SQS to collect the inbound sensor data analyze the data from SQS with
Amazon Kinesis and save the results to a Microsoft SQL Server RDS instance.
D. Utilize EMR to collect the inbound sensor data, analyze the data from EUR
with Amazon Kinesis and save me results to DynamoDB.
Answer: B
QUESTION: 16
Your company produces customer commissioned one-of-a-kind skiing helmets
combining nigh fashion with custom technical enhancements Customers can show
off their Individuality on the ski slopes and have access to head-up-displays. GPS
rear-view cams and any other technical innovation they wish to embed in the
helmet. The current manufacturing process is data rich and complex including
assessments to ensure that the custom electronics and materials used to assemble
the helmets are to the highest standards Assessments are a mixture of human and
automated assessments you need to add a new set of assessment to model the
failure modes of the custom electronics using GPUs with CUDA. across a cluster
of servers with low latency networking. What architecture would allow you to
automate the existing process using a hybrid approach and ensure that the
architecture can support the evolution of processes over time?
A. Use AWS Data Pipeline to manage movement of data & meta-data and
AWS-SAA
9
http://www.examarea.com
http://www.fravo.com
assessments Use an auto-scaling group of G2 instances in a placement group.
B. Use Amazon Simple Workflow (SWF) 10 manages assessments, movement of
data & meta-data Use an auto-scaling group of G2 instances in a placement group.
C. Use Amazon Simple Workflow (SWF) lo manages assessments movement of
data & meta-data Use an auto-scaling group of C3 instances with SR-IOV (Single
Root I/O Virtualization).
D. Use AWS data Pipeline to manage movement of data & meta-data and
assessments use auto-scaling group of C3 with SR-IOV (Single Root I/O
virtualization).
Answer: A
QUESTION: 17
You are designing a data leak prevention solution for your VPC environment.
You want your VPC Instances to be able to access software depots and
distributions on the Internet for product updates. The depots and distributions are
accessible via third party CONs by their URLs. You want to explicitly deny any
other outbound connections from your VPC instances to hosts on the internet.
Which of the following options would you consider?
A. Configure a web ***** server in your VPC and enforce URL-based rules for
outbound access Remove default routes.
B. Implement security groups and configure outbound rules to only permit traffic
to software depots.
C. Move all your instances into private VPC subnets remove default routes from
all routing tables and add specific routes to the software depots and distributions
only.
D. Implement network access control lists to all specific destinations, with an
Implicit deny as a rule.
Answer: A
QUESTION: 18
You are looking to migrate your Development (Dev) and Test environments to
AWS. You have decided to use separate AWS accounts to host each environment.
You plan to link each accounts bill to a Master AWS account using Consolidated
Billing. To make sure you Keep within budget you would like to implement a
way for administrators in the Master account to have access to stop, delete and/or
terminate resources in both the Dev and Test accounts. Identify which option will
allow you to achieve this goal.
A. Create IAM users in the Master account with full Admin permissions. Create
AWS-SAA
10
http://www.examarea.com
http://www.fravo.com
cross- account roles in the Dev and Test accounts that grant the Master account
access to the resources in the account by inheriting permissions from the Master
account.
B. Create IAM users and a cross-account role in the Master account that grants
full Admin permissions to the Dev and Test accounts.
C. Create IAM users in the Master account Create cross-account roles in the Dev
and Test accounts that have full Admin permissions and grant the Master account
access.
D. Link the accounts using Consolidated Billing. This will give IAM users in the
Master account access to resources in the Dev and Test accounts
Answer: A
QUESTION: 19
You require the ability to analyze a large amount of data, which is stored on
Amazon S3 using Amazon Elastic Map Reduce. You are using the cc2 8x large
Instance type, whose CPUs are mostly idle during processing. Which of the below
would be the most cost efficient way to reduce the runtime of the job?
A. Create more smaller flies on Amazon S3.
B. Add additional cc2 8x large instances by introducing a task group.
C. Use smaller instances that have higher aggregate I/O performance.
D. Create fewer, larger files on Amazon S3.
Answer: C
QUESTION: 20
You are designing a photo sharing mobile app the application will store all
pictures in a single Amazon S3 bucket. Users will upload pictures from their
mobile device directly to Amazon S3 and will be able to view and download their
own pictures directly from Amazon S3. You want to configure security to handle
potentially millions of users in the most secure manner possible. What should
your server-side application do when a new user registers on the photo-sharing
mobile application?
A. Create a set of long-term credentials using AWS Security Token Service with
appropriate permissions Store these credentials in the mobile app and use them to
access Amazon S3.
B. Record the user's Information in Amazon RDS and create a role in IAM with
appropriate permissions. When the user uses their mobile app create temporary
credentials using the AWS Security Token Service 'AssumeRole' function Store
these credentials in the mobile app's memory and use them to access Amazon S3
AWS-SAA
11
http://www.examarea.com
http://www.fravo.com
Generate new credentials the next time the user runs the mobile app.
C. Record the user's Information In Amazon DynamoDB. When the user uses
their mobile app create temporary credentials using AWS Security Token Service
with appropriate permissions Store these credentials in the mobile app's memory
and use them to access Amazon S3 Generate new credentials the next time the
user runs the mobile app.
D. Create IAM user. Assign appropriate permissions to the IAM user Generate an
access key and secret key for the IAM user, store them in the mobile app and use
these credentials to access Amazon S3.
E. Create an IAM user. Update the bucket policy with appropriate permissions for
the IAM user Generate an access Key and secret Key for the IAM user, store them
In the mobile app and use these credentials to access Amazon S3.
Answer: B
QUESTION: 21
A corporate web application is deployed within an Amazon Virtual Private Cloud
(VPC) and is connected to the corporate data center via an iPsec VPN. The
application must authenticate against the on-premises LDAP server. After
authentication, each logged-in user can only access an Amazon Simple Storage
Space (S3) keyspace specific to that user. Which two approaches can satisfy these
objectives? (Choose 2 answers)
A. Develop an identity broker that authenticates against IAM security Token
service to assume a IAM role in order to get temporary AWS security credentials
The application calls the identity broker to get AWS temporary security
credentials with access to the appropriate S3 bucket.
B. The application authenticates against LOAP and retrieves the name of an
IAMrole associated with the user. The application then calls the IAM Security
Token Service to assume that IAM role The application can use the temporary
credentials to access the appropriate S3 bucket.
C. Develop an identity broker that authenticates against LDAP and then calls
IAM Security Token Service to get IAM federated user credentials The
application calls the identity broker to get IAM federated user credentials with
access to the appropriate S3 bucket.
D. The application authenticates against LDAP the application then calls the
AWS identity and Access Management (IAM) Security service to log in to IAM
using the LDAP credentials the application can use the IAM temporary
credentials to access the appropriate S3 bucket.
E. The application authenticates against IAM Security Token Service using the
LDAP credentials the application uses those temporary AWS security credentials
to access the appropriate S3 bucket.
Answer: A, E
AWS-SAA
12
http://www.examarea.com
http://www.fravo.com
QUESTION: 22
An AWS customer runs a public blogging website. The site users upload two
million blog entries a month The average blog entry size is 200 KB. The access
rate to blog entries drops to negligible 6 months after publication and users rarely
access a blog entry 1 year after publication. Additionally, blog entries have a high
update rate during the first 3 months following publication, this drops to no
updates after 6 months. The customer wants to use CloudFront to improve his
user's load times. Which of the following recommendations would you make to
the customer?
A. Duplicate entries into two different buckets and create two separate
CloudFront distributions where S3 access is restricted only to Cloud Front
identity
B. Create a CloudFront distribution with "US'Europe price class for US/Europe
users and a different CloudFront distribution with All Edge Locations' for the
remaining users.
C. Create a CloudFront distribution with S3 access restricted only to the
CloudFront identity and partition the blog entry's location in S3 according to the
month it was uploaded to be used with CloudFront behaviors.
D. Create a CloudFronl distribution with Restrict Viewer Access Forward Query
string set to true and minimum TTL of 0.
Answer: C
QUESTION: 23
A customer has a 10 GB AWS Direct Connect connection to an AWS region
where they have a web application hosted on Amazon Elastic Computer Cloud
(EC2). The application has dependencies on an on-premises mainframe database
that uses a BASE (Basic Available. Sort stale Eventual consistency) rather than an
ACID (Atomicity. Consistency isolation. Durability) consistency model. The
application is exhibiting undesirable behavior because the database is not able to
handle the volume of writes. How can you reduce the load on your on-premises
database resources in the most cost-effective way?
A. Use an Amazon Elastic Map Reduce (EMR) S3DistCp as a synchronization
mechanism between the on-premises database and a Hadoop cluster on AWS.
B. Modify the application to write to an Amazon SQS queue and develop a
worker process to flush the queue to the on-premises database.
C. Modify the application to use DynamoDB to feed an EMR cluster which uses a
map function to write to the on-premises database.
D. Provision an RDS read-replica database on AWS to handle the writes and
synchronize the two databases using Data Pipeline.
AWS-SAA
13
http://www.examarea.com
http://www.fravo.com
Answer: A
Reference:
https://aws.amazon.com/blogs/aws/category/amazon-elastic-map-reduce/
QUESTION: 24
You have an application running on an EC2 Instance which will allow users to
download flies from a private S3 bucket using a pre-assigned URL. Before
generating the URL the application should verify the existence of the file in S3.
How should the application use AWS credentials to access the S3 bucket
securely?
A. Use the AWS account access Keys the application retrieves the credentials
from the source code of the application.
B. Create a IAM user for the application with permissions that allow list access to
the S3 bucket launch the instance as the IAM user and retrieve the IAM user's
credentials from the EC2 instance user data.
C. Create an IAM role for EC2 that allows list access to objects in the S3 bucket.
Launch the instance with the role, and retrieve the role's credentials from the EC2
Instance metadata
D. Create an IAM user for the application with permissions that allow list access
to the S3 bucket. The application retrieves the IAM user credentials from a
temporary directory with permissions that allow read access only to the
application user.
Answer: B
QUESTION: 25
You are the new IT architect in a company that operates a mobile sleep tracking
application When activated at night, the mobile app is sending collected data
points of 1 kilobyte every 5 minutes to your backend The backend takes care of
authenticating the user and writing the data points into an Amazon DynamoDB
table. Every morning, you scan the table to extract and aggregate last night's data
on a per user basis, and store the results in Amazon S3. Users are notified via
Amazon SMS mobile push notifications that new data is available, which is
parsed and visualized by (The mobile app Currently you have around 100k users
who are mostly based out of North America. You have been tasked to optimize
the architecture of the backend system to lower cost what would you recommend?
(Choose 2 answers)
A. Create a new Amazon DynamoDB (able each day and drop the one for the
previous day after its data is on Amazon S3.
B. Have the mobile app access Amazon DynamoDB directly instead of JSON
AWS-SAA
14
http://www.examarea.com
http://www.fravo.com
files stored on Amazon S3.
C. Introduce an Amazon SQS queue to buffer writes to the Amazon DynamoDB
table and reduce provisioned write throughput.
D. Introduce Amazon Elasticache lo cache reads from the Amazon DynamoDB
table and reduce provisioned read throughput.
E. Write data directly into an Amazon Redshift cluster replacing both Amazon
DynamoDB and Amazon S3.
Answer: B, D
QUESTION: 26
Your company is getting ready to do a major public announcement of a social
media site on AWS. The website is running on EC2 instances deployed across
multiple Availability Zones with a Multi-AZ RDS MySQL Extra Large DB
Instance. The site performs a high number of small reads and writes per second
and relies on an eventual consistency model. After comprehensive tests you
discover that there is read contention on RDS MySQL. Which are the best
approaches to meet these requirements? (Choose 2 answers)
A. Deploy ElasticCache in-memory cache running in each availability zone
B. Implement sharding to distribute load to multiple RDS MySQL instances
C. Increase the RDS MySQL Instance size and Implement provisioned IOPS
D. Add an RDS MySQL read replica in each availability zone
Answer: A, C
QUESTION: 27
Your company has an on-premises multi-tier PHP web application, which
recently experienced downtime due to a large burst In web traffic due to a
company announcement Over the coming days, you are expecting similar
announcements to drive similar unpredictable bursts, and are looking to find ways
to quickly improve your infrastructures ability to handle unexpected increases in
traffic. The application currently consists of 2 tiers a web tier which consists of a
load balancer and several Linux Apache web servers as well as a database tier
which hosts a Linux server hosting a MySQL database. Which scenario below
will provide full site functionality, while helping to improve the ability of your
application in the short timeframe required?
A. Offload traffic from on-premises environment Setup a CloudFront distribution
and configure CloudFront to cache objects from a custom origin Choose to
customize your object cache behavior, and select a TTL that objects should exist
in cache.
B. Migrate to AWS Use VM import ‘Export to quickly convert an on-premises
AWS-SAA
15
http://www.examarea.com
http://www.fravo.com
web server to an AMI create an Auto Scaling group, which uses the imported
AMI to scale the web tier based on incoming traffic Create an RDS read replica
and setup replication between the RDS instance and on-premises MySQL server
to migrate the database.
C. Failover environment: Create an S3 bucket and configure it tor website hosting
Migrate your DNS to Route53 using zone (lie import and leverage Route53 DNS
failover to failover to the S3 hosted website.
D. Hybrid environment Create an AMI which can be used of launch web serfers
in EC2 Create an Auto Scaling group which uses the * AMI to scale the web tier
based on incoming traffic Leverage Elastic Load Balancing to balance traffic
between on-premises web servers and those hosted in AWS.
Answer: C
QUESTION: 28
Your company policies require encryption of sensitive data at rest. You are
considering the possible options for protecting data while storing it at rest on an
EBS data volume, attached to an EC2 instance. Which of these options would
allow you to encrypt your data at rest? (Choose 3 answers)
A. Implement third party volume encryption tools
B. Do nothing as EBS volumes are encrypted by default
C. Encrypt data inside your applications before storing it on EBS
D. Encrypt data using native data encryption drivers at the file system level
E. Implement SSL/TLS for all services running on the server
Answer: C, D, E
QUESTION: 29
A benefits enrollment company is hosting a 3-tier web application running in a
VPC on AWS which includes a NAT (Network Address Translation) instance in
the public Web tier. There is enough provisioned capacity for the expected
workload tor the new fiscal year benefit enrollment period plus some extra
overhead Enrollment proceeds nicely for two days and then the web tier becomes
unresponsive, upon investigation using CloudWatch and other monitoring tools it
is discovered that there is an extremely large and unanticipated amount of
inbound traffic coming from a set of 15 specific IP addresses over port 80 from a
country where the benefits company has no customers. The web tier instances are
so overloaded that benefit enrollment administrators cannot even SSH into them.
Which activity would be useful in defending against this attack?
A. Create a custom route table associated with the web tier and block the
AWS-SAA
16
http://www.examarea.com
http://www.fravo.com
attacking IP addresses from the IGW (internet Gateway)
B. Change the EIP (Elastic IP Address) of the NAT instance in the web tier subnet
and update the Main Route Table with the new EIP
C. Create 15 Security Group rules to block the attacking IP addresses over port 80
D. Create an inbound NACL (Network Access control list) associated with the
web tier subnet with deny rules to block the attacking IP addresses
Answer: A
QUESTION: 30
An enterprise wants to use a third-party SaaS application. The SaaS application
needs to have access to issue several API commands to discover Amazon EC2
resources running within the enterprise's account The enterprise has internal
security policies that require any outside access to their environment must
conform to the principles of least privilege and there must be controls in place to
ensure that the credentials used by the SaaS vendor cannot be used by any other
third party. Which of the following would meet all of these conditions?
A. From the AWS Management Console, navigate to the Security Credentials
page and retrieve the access and secret key for your account.
B. Create an IAM user within the enterprise account assign a user policy to the
IAM user that allows only the actions required by the SaaS application create a
new access and secret key for the user and provide these credentials to the SaaS
provider.
C. Create an IAM role for cross-account access allows the SaaS provider's
account to assume the role and assign it a policy that allows only the actions
required by the SaaS application.
D. Create an IAM role for EC2 instances, assign it a policy mat allows only the
actions required tor the Saas application to work, provide the role ARM to the
SaaS provider to use when launching their application instances.
Answer: D
QUESTION: 31
You're running an application on-premises due to its dependency on non-x86
hardware and want to use AWS for data backup. Your backup application is only
able to write to POSIX-compatible block-based storage. You have 140TB of data
and would like to mount it as a single folder on your file server Users must be
able to access portions of this data while the backups are taking place. What
backup solution would be most appropriate for this use case?
A. Use Storage Gateway and configure it to use Gateway Cached volumes.
AWS-SAA
17
http://www.examarea.com
http://www.fravo.com
B. Configure your backup software to use S3 as the target for your data backups.
C. Configure your backup software to use Glacier as the target for your data
backups.
D. Use Storage Gateway and configure it to use Gateway Stored volumes.
Answer: C
QUESTION: 32
Your customer wishes to deploy an enterprise application to AWS which will
consist of several web servers, several application servers and a small (50GB)
Oracle database information is stored, both in the database and the file systems of
the various servers. The backup system must support database recovery whole
server and whole disk restores, and individual file restores with a recovery time of
no more than two hours. They have chosen to use RDS Oracle as the database
Which backup architecture will meet these requirements?
A. Backup RDS using automated daily DB backups Backup the EC2 instances
using AMIs and supplement with file-level backup to S3 using traditional
enterprise backup software to provide file level restore
B. Backup RDS using a Multi-AZ Deployment Backup the EC2 instances using
Amis, and supplement by copying file system data to S3 to provide file level
restore.
C. Backup RDS using automated daily DB backups Backup the EC2 instances
using EBS snapshots and supplement with file-level backups to Amazon Glacier
using traditional enterprise backup software to provide file level restore
D. Backup RDS database to S3 using Oracle RMAN Backup the EC2 instances
using Amis, and supplement with EBS snapshots for individual volume restore.
Answer: C
Reference:
http://www.boyter.org/wp-content/uploads/2014/12/Backup-And-Recovery-
Approaches-Using-Aws.pdf
QUESTION: 33
An International company has deployed a multi-tier web application that relies on
DynamoDB in a single region For regulatory reasons they need disaster recovery
capability In a separate region with a Recovery Time Objective of 2 hours and a
Recovery Point Objective of 24 hours They should synchronize their data on a
regular basis and be able to provision me web application rapidly using
CloudFormation. The objective is to minimize changes to the existing web
application, control the throughput of DynamoDB used for the synchronization of
data and synchronize only the modified elements. Which design would you
choose to meet these requirements?
AWS-SAA
18
http://www.examarea.com
http://www.fravo.com
A. Use AWS data Pipeline to schedule a DynamoDB cross region copy once a
day. create a Lastupdated' attribute in your DynamoDB table that would represent
the timestamp of the last update and use it as a filter.
B. Use EMR and write a custom script to retrieve data from DynamoDB in the
current region using a SCAN operation and push it to QynamoDB in the second
region.
C. Use AWS data Pipeline to schedule an export of the DynamoDB table to S3 in
the current region once a day then schedule another task immediately after it that
will import data from S3 to DynamoDB in the other region.
D. Send also each Ante into an SQS queue in me second region; use an autoscaiing
group behind the SQS queue to replay the write in the second region.
Answer: C
QUESTION: 34
You are tasked with moving a legacy application from a virtual machine running
Inside your datacenter to an Amazon VPC Unfortunately this app requires access
to a number of on- premises services and no one who configured the app still
works for your company. Even worse there's no documentation for it. What will
allow the application running inside the VPC to reach back and access its internal
dependencies without being reconfigured? (Choose 3 answers)
A. An AWS Direct Connect link between the VPC and the network housing the
internal services.
B. An Internet Gateway to allow a VPN connection.
C. An Elastic IP address on the VPC instance
D. An IP address space that does not conflict with the one on-premises
E. Entries in Amazon Route 53 that allow the Instance to resolve its dependencies'
IP addresses
F. A VM Import of the current virtual machine
Answer: A, C, F
QUESTION: 35
A read only news reporting site with a combined web and application tier and a
database tier that receives large and unpredictable traffic demands must be able to
respond to these traffic fluctuations automatically. What AWS services should be
used meet these requirements?
A. Stateless instances for the web and application tier synchronized using
AWS-SAA
19
http://www.examarea.com
http://www.fravo.com
Elasticache Memcached in an autoscaimg group monitored with CloudWatch.
And RDSwith read replicas
B. Stateful instances for me web and application tier in an autoscaling group
monitored with CloudWatch and RDS with read replicas
C. Stateful instances for the web and application tier in an autoscaling group
monitored with CloudWatch. And multi-AZ RDS
D. Stateless instances for the web and application tier synchronized using
ElastiCache Memcached in an autoscaling group monitored with CloudWatch and
multi-AZ RDS
Answer: B
QUESTION: 36
Your company currently has a 2-tier web application running in an on-premises
data center. You have experienced several infrastructure failures in the past two
months resulting in significant financial losses. Your CIO is strongly agreeing to
move the application to AWS. While working on achieving buy-in from the other
company executives, he asks you to develop a disaster recovery plan to help
improve Business continuity in the short term. He specifies a target Recovery
Time Objective (RTO) of 4 hours and a Recovery Point Objective (RPO) of 1
hour or less. He also asks you to implement the solution within 2 weeks. Your
database is 200GB in size and you have a 20Mbps Internet connection. How
would you do this while minimizing costs?
A. Create an EBS backed private AMI which includes a fresh install or your
application. Setup a script in your data center to backup the local database every 1
hour and to encrypt and copy the resulting file to an S3 bucket using multi-part
upload.
B. Install your application on a compute-optimized EC2 instance capable of
supporting the application's average load synchronously replicate transactions
from your on-premises database to a database instance in AWS across a secure
Direct Connect connection.
C. Deploy your application on EC2 instances within an Auto Scaling group across
multiple availability zones asynchronously replicate transactions from your onpremises
database to a database instance in AWS across a secure VPN
connection.
D. Create an EBS backed private AMI that includes a fresh install of your
application. Develop a Cloud Formation template which includes your Mil and
the required EC2. Auto- Scaling and ELB resources to support deploying the
application across Multiple-Ability Zones. Asynchronously replicate transactions
from your on-premises database to a database instance in AWS across a secure
VPN connection.
Answer: A
AWS-SAA
20
http://www.examarea.com
http://www.fravo.com
QUESTION: 37
You have recently joined a startup company building sensors to measure street
noise and air quality in urban areas. The company has been running a pilot
deployment of around 100 sensors for 3 months each sensor uploads 1KB of
sensor data every minute to a backend hosted on AWS. During the pilot, you
measured a peak or 10 IOPS on the database, and you stored an average of 3GB
of sensor data per month in the database.The current deployment consists of a
load-balanced auto scaled Ingestion layer using EC2 instances and a PostgreSQL
RDS database with 500GB standard storage. The pilot is considered a success and
your CEO has managed to get the attention or some potential investors. The
business plan requires a deployment of at least 1O0K sensors which needs to be
supported by the backend. You also need to store sensor data for at least two years
to be able to compare year over year Improvements. To secure funding, you have
to make sure that the platform meets these requirements and leaves room for
further scaling. Which setup win meet the requirements?
A. Add an SOS queue to the ingestion layer to buffer writes to the RDS instance
B. Ingest data into a DynamoDB table and move old data to a Redshift cluster
C. Replace the RDS instance with a 6 node Redshift cluster with 96TB of storage
D. Keep the current architecture but upgrade RDS storage to 3TB and 10K
provisioned IOPS
Answer: C
QUESTION: 38
Exhibit
AWS-SAA
21
http://www.examarea.com
http://www.fravo.com
Refer to the architecture diagram above of a batch processing solution using
Simple Queue Service (SOS) to set up a message queue between EC2 instances
which are used as batch processors Cloud Watch monitors the number of Job
requests (queued messages) and an Auto Scaling group adds or deletes batch
servers automatically based on parameters set in Cloud Watch alarms. You can
use this architecture to implement which of the following features in a cost
effective and efficient manner?
A. Reduce the overall lime for executing jobs through parallel processing by
allowing a busy EC2 instance that receives a message to pass it to the next
instance in a daisy-chain setup.
B. Implement fault tolerance against EC2 instance failure since messages would
remain in SQS and worn can continue with recovery of EC2 instances implement
fault tolerance against SQS failure by backing up messages to S3.
C. Implement message passing between EC2 instances within a batch by
exchanging messages through SOS.
D. Coordinate number of EC2 instances with number of job requests
automatically thus Improving cost effectiveness.
E. Handle high priority jobs before lower priority jobs by assigning a priority
metadata field to SQS messages.
Answer: B
AWS-SAA
22
http://www.examarea.com
http://www.fravo.com
QUESTION: 39
A company is building a voting system for a popular TV show, viewers win
watch the performances then visit the show's website to vote for their favorite
performer. It is expected that in a short period of time after the show has finished
the site will receive millions of visitors. The visitors will first login to the site
using their Amazon.com credentials and then submit their vote. After the voting is
completed the page will display the vote totals. The company needs to build the
site such that can handle the rapid influx of traffic while maintaining good
performance but also wants to keep costs to a minimum. Which of the design
patterns below should they use?
A. Use CloudFront and an Elastic Load balancer in front of an auto-scaled set of
web servers, the web servers will first can the Login With Amazon service to
authenticate the user then process the users vote and store the result into a multi-
AZ Relational Database Service instance.
B. Use CloudFront and the static website hosting feature of S3 with the Javascript
SDK to call the Login With Amazon service to authenticate the user, use IAM
Roles to gain permissions to a DynamoDB table to store the users vote.
C. Use CloudFront and an Elastic Load Balancer in front of an auto-scaled set of
web servers, the web servers will first call the Login with Amazon service to
authenticate the user, the web servers will process the users vote and store the
result into a DynamoDB table using IAM Roles for EC2 instances to gain
permissions to the DynamoDB table.
D. Use CloudFront and an Elastic Load Balancer in front of an auto-scaled set of
web servers, the web servers will first call the Login. With Amazon service to
authenticate the user, the web servers win process the users vote and store the
result into an SQS queue using IAM Roles for EC2 Instances to gain permissions
to the SQS queue. A set of application servers will then retrieve the items from
the queue and store the result into a DynamoDB table.
Answer: D
QUESTION: 40
You have a periodic Image analysis application that gets some files In Input
analyzes them and tor each file writes some data in output to a ten file the number
of files in input per day is high and concentrated in a few hours of the day.
Currently you have a server on EC2 with a large EBS volume that hosts the input
data and the results it takes almost 20 hours per day to complete the process What
services could be used to reduce the elaboration time and improve the availability
of
the solution?
AWS-SAA
23
http://www.examarea.com
http://www.fravo.com
A. S3 to store I/O files. SQS to distribute elaboration commands to a group of
hosts working in parallel. Auto scaling to dynamically size the group of hosts
depending on the length of the SQS queue
B. EBS with Provisioned IOPS (PIOPS) to store I/O files. SNS to distribute
elaboration commands to a group of hosts working in parallel Auto Scaling to
dynamically size the group of hosts depending on the number of SNS
notifications
C. S3 to store I/O files, SNS to distribute evaporation commands to a group of
hosts working in parallel. Auto scaling to dynamically size the group of hosts
depending on the number of SNS notifications
D. EBS with Provisioned IOPS (PIOPS) to store I/O files SOS to distribute
elaboration commands to a group of hosts working in parallel Auto Scaling to
dynamically size the group ot hosts depending on the length of the SQS queue.
Answer: C
QUESTION: 41
You've been brought in as solutions architect to assist an enterprise customer with
their migration of an e-commerce platform to Amazon Virtual Private Cloud
(VPC) The previous architect has already deployed a 3-tier VPC.
The configuration is as follows: VPC vpc-2f8t>C447
IGVV ig-2d8bc445 NACL acl-2080c448
Subnets and Route Tables: Web server’s subnet-258Dc44d
Application server’s suDnet-248bc44c Database server’s subnet-9189c6f9
Route Tables: rrb-218DC449
rtb-238bc44b
Associations:
subnet-258bc44d: rtb-2i8bc449 Subnet-248DC44C rtb-238tX44b subnet-
9189c6f9 rtb-238Dc 44b You are now ready to begin deploying EC2 instances
into the VPC Web servers must have direct access to the internet Application and
database servers cannot have direct access to the internet. Which configuration
below will allow you the ability to remotely administer your application and
database servers, as well as allow these servers to retrieve updates from the
Internet?
A. Create a bastion and NAT Instance in subnet-248bc44c and add a route from
rtb- 238bc44b to subnet-258bc44d.
B. Add a route from rtD-238bc44D to igw-2d8bc445 and add a bastion and NAT
instance within suonet-248bc44c.
C. Create a bastion and MAT Instance In subnet-258bc44d. Add a route from rtb-
238bc44b to igw-2d8bc445. And a new NACL that allows access between subnet-
258bc44d and subnet-248bc44c.
D. Create a bastion and mat instance in suDnet-258Dc44d and add a route from
rtD- 238Dc44D to the mat instance.
AWS-SAA
24
http://www.examarea.com
http://www.fravo.com
Answer: A
QUESTION: 42
You are designing an intrusion detection prevention (IDS/IPS) solution for a
customer web application in a single VPC. You are considering the options for
implementing IOS IPS protection for traffic coming from the Internet. Which of
the following options would you consider? (Choose 2 answers)
A. Implement IDS/IPS agents on each Instance running In VPC
B. Configure an instance in each subnet to switch its network interface card to
promiscuous mode and analyze network traffic.
C. Implement Elastic Load Balancing with SSL listeners In front of the web
applications
D. Implement a reverse ***** layer in front of web servers and configure IDS/IPS
agents on each reverse ***** server.
Answer: C, D
QUESTION: 43
Your company previously configured a heavily used, dynamically routed VPN
connection between your on-premises data center and AWS. You recently
provisioned a DirectConnect connection and would like to start using the new
connection. After configuring DirectConnect settings in the AWS Console, which
of the following options win provide the most seamless transition for your users?
A. Delete your existing VPN connection to avoid routing loops configure your
DirectConnect router with the appropriate settings and verity network traffic is
leveraging DirectConnect.
B. Configure your DireclConnect router with a higher 8GP priority man your
VPN router, verify network traffic is leveraging Directconnect and then delete
your existing VPN connection.
C. Update your VPC route tables to point to the DirectConnect connection
configure your DirectConnect router with the appropriate settings verify network
traffic is leveraging DirectConnect and then delete the VPN connection.
D. Configure your DireclConnect router, update your VPC route tables to point to
the DirectConnect connection, configure your VPN connection with a higher BGP
pointy. And verify network traffic is leveraging the DirectConnect connection.
Answer: D
QUESTION: 44
AWS-SAA
25
http://www.examarea.com
http://www.fravo.com
You are migrating a legacy client-server application to AWS The application
responds to a specific DNS domain (e g www example com) and has a 2-tier
architecture, with multiple application servers and a database server Remote
clients use TCP to connect to the application servers. The application servers need
to know the IP address of the clients in order to function properly and are
currently taking that information from the TCP socket A Multi-AZ RDS MySQL
instance will be used for the database. During the migration you can change the
application code but you have to file a change request. How would you implement
the architecture on AWS In order to maximize scalability and high ability?
A. File a change request to implement ***** Protocol support In the application
Use an EL8 with a TCP Listener and ***** Protocol enabled to distribute load on
two application servers in different AZs.
B. File a change request to Implement Cross-Zone support in the application Use
an EL8 with a TCP Listener and Cross-Zone Load Balancing enabled, two
application servers in different AZs.
C. File a change request to implement Latency Based Routing support in the
application Use Route 53 with Latency Based Routing enabled to distribute load
on two application servers in different AZs.
D. File a change request to implement Alias Resource support in the application
Use Route 53 Alias Resource Record to distribute load on two application servers
in different AZs.
Answer: D
QUESTION: 45
Your company has HQ in Tokyo and branch offices all over the world and is
using a logistics software with a multi-regional deployment on AWS in Japan,
Europe and USA. The logistic software has a 3-tier architecture and currently uses
MySQL 5.6 for data persistence. Each region has deployed its own database In
the HQ region you run an hourly batch process reading data from every region to
compute cross-regional reports that are sent by email to all offices this batch
process must be completed as fast as possible to quickly optimize logistics how
do you build the database architecture in order to meet the requirements’?
A. For each regional deployment, use RDS MySQL with a master in the region
and a read replica in the HQ region
B. For each regional deployment, use MySQL on EC2 with a master in the region
and send hourly EBS snapshots to the HQ region
C. For each regional deployment, use RDS MySQL with a master in the region
and send hourly RDS snapshots to the HQ region
D. For each regional deployment, use MySQL on EC2 with a master in the region
and use S3 to copy data files hourly to the HQ region
E. Use Direct Connect to connect all regional MySQL deployments to the HQ
AWS-SAA
26
http://www.examarea.com
http://www.fravo.com
region and reduce network latency for the batch process
Answer: A
QUESTION: 46
You have deployed a three-tier web application in a VPC with a CIOR block of
10 0 0 0/28 You initially deploy two web servers, two application servers, two
database servers and one NAT instance tor a total of seven EC2 instances The
web. Application and database servers are deployed across two availability zones
(AZs). You also deploy an ELB in front of the two web servers, and use Route53
for DNS Web (raffle gradually increases in the first few days following the
deployment, so you attempt to double the number of instances in each tier of the
application to handle the new load unfortunately some of these new instances fail
to launch.
Which of the following could De the root caused? (Choose 2 answers)
A. The Internet Gateway (IGW) of your VPC has scaled-up adding more
instances to handle the traffic spike, reducing the number of available private IP
addresses for new instance launches.
B. AWS reserves one IP address In each subnet's CIDR block for Route53 so you
do not have enough addresses left to launch all of the new EC2 instances.
C. AWS reserves the first and the last private IP address in each subnet's CIDR
block so you do not have enough addresses left to launch all of the new EC2
instances.
D. The ELB has scaled-up. Adding more instances to handle the traffic reducing
the number of available private IP addresses for new instance launches.
E. AWS reserves the first tour and the last IP address in each subnet's CIDR block
so you do not have enough addresses left to launch all of the new EC2 instances.
Answer: D, E
QUESTION: 47
An AWS customer is deploying an application mat is composed of an
AutoScaling group of EC2 Instances. The customers security policy requires that
every outbound connection from these instances to any other service within the
customers
Virtual Private Cloud must be authenticated using a unique x 509 certificate that
contains the specific instance-id. In addition an x 509 certificates must Designed
by the customer's Key management service in order to be trusted for
authentication.
Which of the following configurations will support these requirements?
A. Configure an IAM Role that grants access to an Amazon S3 object containing
a signed certificate and configure me Auto Scaling group to launch instances with
AWS-SAA
27
http://www.examarea.com
http://www.fravo.com
this role Have the instances bootstrap get the certificate from Amazon S3 upon
first boot.
B. Embed a certificate into the Amazon Machine Image that is used by the Auto
Scaling group Have the launched instances generate a certificate signature request
with the instance's assigned instance-id to the Key management service for
signature.
C. Configure the Auto Scaling group to send an SNS notification of the launch of
a new instance to the trusted key management service. Have the Key management
service generate a signed certificate and send it directly to the newly launched
instance.
D. Configure the launched instances to generate a new certificate upon first boot
Have the Key management service poll the AutoScaling group for associated
instances and send new instances a certificate signature (hat contains the specific
instance-id.
Answer: A
QUESTION: 48
Company B is launching a new game app for mobile devices. Users will log into
the game using their existing social media account to streamline data capture.
Company B would like to directly save player data and scoring information from
the mobile app to a DynamoDS table named Score Data When a user saves their
game the progress data will be stored to the Game state S3 bucket. What is the
best approach for storing data to DynamoDB and S3?
A. Use an EC2 Instance that is launched with an EC2 role providing access to the
Score Data DynamoDB table and the GameState S3 bucket that communicates
with the mobile app via web services.
B. Use temporary security credentials that assume a role providing access to the
Score Data DynamoDB table and the Game State S3 bucket using web identity
federation.
C. Use Login with Amazon allowing users to sign in with an Amazon account
providing the mobile app with access to the Score Data DynamoDB table and the
Game State S3 bucket.
D. Use an IAM user with access credentials assigned a role providing access to
the Score Data DynamoDB table and the Game State S3 bucket for distribution
with the mobile app.
Answer: A
QUESTION: 49
A web-startup runs its very successful social news application on Amazon EC2
with an Elastic Load Balancer, an Auto-Scaling group of Java/Tomcat
AWS-SAA
28
http://www.examarea.com
http://www.fravo.com
application-servers, and DynamoDB as data store. The main web-application best
runs on m2 x large instances since it is highly memory- bound Each new
deployment requires semi-automated creation and testing of a new AMI for the
application servers which takes quite a while ana is therefore only done once per
week. Recently, a new chat feature has been implemented in nodejs and wails to
be integrated in the architecture. First tests show that the new component is CPU
bound Because the company has some experience with using Chef, they decided
to streamline the deployment process and use AWS Ops Works as an application
life cycle tool to simplify management of the application and reduce the
deployment cycles. What configuration in AWS Ops Works is necessary to
integrate the new chat module in the most cost-efficient and flexible way?
A. Create one AWS Ops Works stack, create one AWS Ops Works layer, create
one custom recipe
B. Create one AWS Ops Works stack create two AWS Ops Works layers create
one custom recipe
C. Create two AWS Ops Works stacks create two AWS Ops Works layers create
one custom recipe
D. Create two AWS Ops Works stacks create two AWS Ops Works layers create
two custom recipe
Answer: C
QUESTION: 50
You are implementing a URL whitelisting system for a company that wants to
restrict outbound HTTP'S connections to specific domains from their EC2-hosted
applications you deploy a single EC2 instance running ***** software and
configure It to accept traffic from all subnets and EC2 instances in the VPC. You
configure the ***** to only pass through traffic to domains that you define in its
whitelist configuration You have a nightly maintenance window or 10 minutes
where ail instances fetch new software updates. Each update Is about 200MB In
size and there are 500 instances In the VPC that routinely fetch updates After a
few days you notice that some machines are failing to successfully download
some, but not all of their updates within the maintenance window. The download
URLs used for these updates are correctly listed in the *****'s whitelist
configuration and you are able to access them manually using a web browser on
the instances. What might be happening? (Choose 2 answers)
A. You are running the ***** on an undersized EC2 instance type so network
throughput is not sufficient for all instances to download their updates in time.
B. You have not allocated enough storage to the EC2 instance running me *****
so the network buffer is filling up. causing some requests to fall
C. You are running the ***** in a public subnet but have not allocated enough
EIPs lo support the needed network throughput through the Internet Gateway
AWS-SAA
29
http://www.examarea.com
http://www.fravo.com
(IGW)
D. You are running the ***** on a affilelentiy-sized EC2 instance in a private
subnet and its network throughput is being throttled by a NAT running on an
undersized EO£ instance
E. The route table for the subnets containing the affected EC2 instances is not
configured to direct network traffic for the software update locations to the *****.
Answer: B, C
QUESTION: 51
Your fortune 500 company has under taken a TCO analysis evaluating the use of
Amazon S3 versus acquiring more hardware The outcome was that ail employees
would be granted access to use Amazon S3 for storage of their personal
documents.
Which of the following will you need to consider so you can set up a solution that
incorporates single sign-on from your corporate AD or LDAP directory and
restricts access for each user to a designated user folder in a bucket? (Choose 3
Answers)
A. Setting up a federation ***** or identity provider
B. Using AWS Security Token Service to generate temporary tokens
C. Tagging each folder in the bucket
D. Configuring IAM role
E. Setting up a matching IAM user for every user in your corporate directory that
needs access to a folder in the bucket
Answer: A, B, C
QUESTION: 52
To serve Web traffic for a popular product your chief financial officer and IT
director have purchased 10 ml large heavy utilization Reserved Instances (RIs)
evenly spread across two availability zones: Route 53 is used to deliver the traffic
to an Elastic Load Balancer (ELB). After several months, the product grows even
more popular and you need additional capacity As a result, your company
purchases two C3.2xlarge medium utilization Ris You register the two c3 2xlarge
instances with your ELB and quickly find that the ml large instances are at 100%
of capacity and the c3 2xlarge instances have significant capacity that's unused
Which option is the most cost effective and uses EC2 capacity most effectively?
A. Use a separate ELB for each instance type and distribute load to ELBs with
Route 53 weighted round robin
B. Configure Autoscaning group and Launch Configuration with ELB to add up
AWS-SAA
30
http://www.examarea.com
http://www.fravo.com
to 10 more on-demand mi large instances when triggered by Cloudwatch shut off
c3 2xiarge instances
C. Route traffic to EC2 ml large and c3 2xlarge instances directly using Route 53
latency based routing and health checks shut off ELB
D. Configure ELB with two c3 2xiarge Instances and use on-demand Autoscailng
group for up to two additional c3.2xlarge instances Shut on mi .large instances.
Answer: D
QUESTION: 53
A web design company currently runs several FTP servers that their 250
customers use to upload and download large graphic files They wish to move this
system to AWS to make it more scalable, but they wish to maintain customer
privacy and Keep costs to a minimum. What AWS architecture would you
recommend?
A. ASK their customers to use an S3 client instead of an FTP client. Create a
single S3 bucket Create an IAM user for each customer Put the IAM Users in a
Group that has an IAM policy that permits access to sub-directories within the
bucket via use of the 'username' Policy variable.
B. Create a single S3 bucket with Reduced Redundancy Storage turned on and ask
their customers to use an S3 client instead of an FTP client Create a bucket for
each customer with a Bucket Policy that permits access only to that one customer.
C. Create an auto-scaling group of FTP servers with a scaling policy to
automatically scale- in when minimum network traffic on the auto-scaling group
is below a given threshold. Load a central list of ftp users from S3 as part of the
user Data startup script on each Instance.
D. Create a single S3 bucket with Requester Pays turned on and ask their
customers to use an S3 client instead of an FTP client Create a bucket tor each
customer with a Bucket Policy that permits access only to that one customer.
Answer: C
QUESTION: 54
You are running a news website in the eu-west-1 region that updates every 15
minutes. The website has a world-wide audience it uses an Auto Scaling group
behind an Elastic Load Balancer and an Amazon RDS database Static content
resides on Amazon S3, and is distributed through Amazon CloudFront. Your
Auto Scaling group is set to trigger a scale up event at 60% CPU utilization, you
use an Amazon RDS extra large DB instance with 10.000 Provisioned IOPS its
CPU utilization is around 80%. While freeable memory is in the 2 GB range.
Web analytics reports show that the average load time of your web pages is
around 1 5 to 2 seconds, but your SEO consultant wants to bring down the
average load time to under 0.5 seconds. How would you improve page load times
AWS-SAA
31
http://www.examarea.com
http://www.fravo.com
for your users? (Choose 3 answers)
A. Lower the scale up trigger of your Auto Scaling group to 30% so it scales more
aggressively.
B. Add an Amazon ElastiCache caching layer to your application for storing
sessions and frequent DB queries
C. Configure Amazon CloudFront dynamic content support to enable caching of
re-usable content from your site
D. Switch Amazon RDS database to the high memory extra large Instance type
E. Set up a second installation in another region, and use the Amazon Route 53
latency- based routing feature to select the right region.
Answer: A, B, D
QUESTION: 55
You have been asked to design the storage layer for an application. The
application requires disk performance of at least 100,000 IOPS in addition, the
storage layer must be able to survive the loss of an individual disk. EC2 instance,
or Availability Zone without any data loss. The volume you provide must have a
capacity of at least 3 TB. Which of the following designs will meet these
objectives'?
A. Instantiate an 12 8xlarge instance in us-east-1a Create a RAID 0 volume using
the four 800GB SSD ephemeral disks provided with the instance Provision 3x1
TB EBS volumes attach them to the instance and configure them as a second
RAID 0 volume Configure synchronous, block-level replication from the
ephemeral-backed volume to the EBS-backed volume.
B. Instantiate an 12 8xlarge instance in us-east-1a create a raid 0 volume using the
four 800GB SSD ephemeral disks provide with the Instance Configure
synchronous block-level replication to an Identically configured Instance in useast-
1b.
C. Instantiate a c3 8xlarge Instance In us-east-1 Provision an AWS Storage
Gateway and configure it for 3 TB of storage and 100 000 IOPS Attach the
volume to the instance.
D. Instantiate a c3 8xlarge instance in us-east-i provision 4x1TB EBS volumes,
attach them to the instance, and configure them as a single RAID 5 volume
Ensure that EBS snapshots are performed every 15 minutes.
E. Instantiate a c3 8xlarge Instance in us-east-1 Provision 3x1TB EBS volumes
attach them to the instance, and configure them as a single RAID 0 volume
Ensure that EBS snapshots are performed every 15 minutes.
Answer: D
AWS-SAA
32
http://www.examarea.com
http://www.fravo.com
QUESTION: 56
You are designing a connectivity solution between on-premises infrastructure and
Amazon VPC Your server’s on-premises will De communicating with your VPC
instances You will De establishing IPSec tunnels over the internet You will be
using VPN gateways and terminating the IPsec tunnels on AWS-supported
customer gateways. Which of the following objectives would you achieve by
implementing an IPSec tunnel as outlined above? (Choose 4 answers)
A. End-to-end protection of data in transit
B. End-to-end Identity authentication
C. Data encryption across the Internet
D. Protection of data in transit over the Internet
E. Peer identity authentication between VPN gateway and customer gateway
F. Data integrity protection across the Internet
Answer: C, D, E, F
QUESTION: 57
Your company plans to host a large donation website on Amazon Web Services
(AWS). You anticipate a large and undetermined amount of traffic that will create
many database writes. To be certain that you do not drop any writes to a database
hosted on AWS. Which service should you use?
A. Amazon RDS with provisioned IOPS up to the anticipated peak write
throughput.
B. Amazon Simple Queue Service (SOS) for capturing the writes and draining the
queue to write to the database.
C. Amazon ElastiCache to store the writes until the writes are committed to the
database.
D. Amazon DynamoDB with provisioned write throughput up to the anticipated
peak write throughput.
Answer: A
Reference:
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html
QUESTION: 58
Your team has a tomcat-based Java application you need to deploy into
development, test and production environments. After some research, you opt to
use Elastic Beanstalk due to its tight integration with your developer tools and
RDS due to its ease of management. Your QA team lead points out that you need
AWS-SAA
33
http://www.examarea.com
http://www.fravo.com
to roll a sanitized set of production data into your environment on a nightly basis.
Similarly, other software teams in your org want access to that same restored data
via their EC2 instances in your VPC .The optimal setup for persistence and
security that meets the above requirements would be the following.
A. Create your RDS instance as part of your Elastic Beanstalk definition and alter
its security group to allow access to it from hosts in your application subnets.
B. Create your RDS instance separately and add its IP address to your
application's DB connection strings in your code Alter its security group to allow
access to it from hosts within your VPC's IP address block.
C. Create your RDS instance separately and pass its DNS name to your app's DB
connection string as an environment variable. Create a security group for client
machines and add it as a valid source for DB traffic to the security group of the
RDS instance itself.
D. Create your RDS instance separately and pass its DNS name to your's DB
connection string as an environment variable Alter its security group to allow
access to It from hosts In your application subnets.
Answer: A
QUESTION: 59
Your firm has uploaded a large amount of aerial image data to S3 In the past, in
your on- premises environment, you used a dedicated group of servers to oaten
process this data and used Rabbit MQ - An open source messaging system to get
job information to the servers. Once processed the data would go to tape and be
shipped offsite. Your manager told you to stay with the current design, and
leverage AWS archival storage and messaging services to minimize cost. Which
is correct?
A. Use SQS for passing job messages use Cloud Watch alarms to terminate EC2
worker instances when they become idle. Once data is processed, change the
storage class of the S3 objects to Reduced Redundancy Storage.
B. Setup Auto-Scaled workers triggered by queue depth that use spot instances to
process messages in SOS Once data is processed,
C. Change the storage class of the S3 objects to Reduced Redundancy Storage.
Setup Auto-Scaled workers triggered by queue depth that use spot instances to
process messages in SQS Once data is processed, change the storage class of the
S3 objects to Glacier.
D. Use SNS to pass job messages use Cloud Watch alarms to terminate spot
worker instances when they become idle. Once data is processed, change the
storage class of the S3 object to Glacier.
Answer: D
AWS-SAA
34
http://www.examarea.com
http://www.fravo.com
QUESTION: 60
You need a persistent and durable storage to trace call activity of an IVR
(Interactive Voice Response) system. Call duration is mostly in the 2-3 minutes
timeframe. Each traced call can be either active or terminated. An external
application needs to know each minute the list of currently active calls, which are
usually a few calls/second. Put once per month there is a periodic peak up to 1000
calls/second for a few hours. The system is open 24/7 and any downtime should
be avoided. Historical data is periodically archived to files. Cost saving is a
priority for this project. What database implementation would better fit this
scenario, keeping costs as low as possible?
A. Use RDS Multi-AZ with two tables, one for -Active calls" and one for -
Terminated calls". In this way the "Active calls_ table is always small and
effective to access.
B. Use DynamoDB with a "Calls" table and a Global Secondary Index on a
"IsActive'" attribute that is present for active calls only In this way the Global
Secondary index is sparse and more effective.
C. Use DynamoDB with a 'Calls" table and a Global secondary index on a 'State"
attribute that can equal to "active" or "terminated" in this way the Global
Secondary index can be used for all Items in the table.
D. Use RDS Multi-AZ with a "CALLS" table and an Indexed "STATE* field that
can be equal to 'ACTIVE" or -TERMINATED" In this way the SOL query Is
optimized by the use of the Index.
Answer: A
QUESTION: 61
A web company is looking to implement an external payment service into their
highly available application deployed in a VPC Their application EC2 instances
are behind a public lacing ELB Auto scaling is used to add additional instances as
traffic increases under normal load the application runs 2 instances in the Auto
Scaling group but at peak it can scale 3x in size. The application instances need to
communicate with the payment service over the Internet which requires
whitelisting of all public IP addresses used to communicate with it. A maximum
of 4 whitelisting IP addresses are allowed at a time and can be added through an
API.
How should they architect their solution?
A. Route payment requests through two NAT instances setup for High
Availability and whitelist the Elastic IP addresses attached to the MAT instances.
B. Whitelist the VPC Internet Gateway Public IP and route payment requests
through the Internet Gateway.
AWS-SAA
35
http://www.examarea.com
http://www.fravo.com
C. Whitelist the ELB IP addresses and route payment requests from the
Application servers through the ELB.
D. Automatically assign public IP addresses to the application instances in the
Auto Scaling group and run a script on boot that adds each instances public IP
address to the payment validation whitelist API.
Answer: B
QUESTION: 62
You deployed your company website using Elastic Beanstalk and you enabled log
file rotation to S3. An Elastic Map Reduce job is periodically analyzing the logs
on S3 to build a usage dashboard that you share with your CIO. You recently
improved overall performance of the website using Cloud Front for dynamic
content delivery and your website as the origin After this architectural change, the
usage dashboard shows that the traffic on your website dropped by an order of
magnitude. How do you fix your usage dashboard'?
A. Enable Cloud Front to deliver access logs to S3 and use them as input of the
Elastic Map Reduce job.
B. Turn on Cloud Trail and use trail log tiles on S3 as input of the Elastic Map
Reduce job
C. Change your log collection process to use Cloud Watch ELB metrics as input
of the Elastic Map Reduce job
D. Use Elastic Beanstalk "Rebuild Environment" option to update log delivery to
the Elastic Map Reduce job.
E. Use Elastic Beanstalk 'Restart App server(s)" option to update log delivery to
the Elastic Map Reduce job.
Answer: D
QUESTION: 63
You currently operate a web application In the AWS US-East region The
application runs on an auto-scaled layer of EC2 instances and an RDS Multi-AZ
database Your IT security compliance officer has tasked you to develop a reliable
and durable logging solution to track changes made to your EC2.IAM And RDS
resources. The solution must ensure the integrity and confidentiality of your log
data. Which of these solutions would you recommend?
A. Create a new CloudTrail trail with one new S3 bucket to store the logs and
with the global services option selected Use IAM roles S3 bucket policies and
Multi Factor Authentication (MFA) Delete on the S3 bucket that stores your logs.
B. Create a new CloudTrail with one new S3 bucket to store the logs Configure
AWS-SAA
36
http://www.examarea.com
http://www.fravo.com
SNS to send log file delivery notifications to your management system Use IAM
roles and S3 bucket policies on the S3 bucket mat stores your logs.
C. Create a new CloudTrail trail with an existing S3 bucket to store the logs and
with the global services option selected Use S3 ACLs and Multi Factor
Authentication (MFA) Delete on the S3 bucket that stores your logs.
D. Create three new CloudTrail trails with three new S3 buckets to store the logs
one for the AWS Management console, one for AWS SDKs and one for
command line tools Use IAM roles and S3 bucket policies on the S3 buckets that
store your logs.
Answer: A
QUESTION: 64
Your department creates regular analytics reports from your company's log files
All log data is collected in Amazon S3 and processed by daily Amazon Elastic
MapReduce (EMR) jobs that generate daily PDF reports and aggregated tables in
CSV format for an Amazon Redshift data warehouse. Your CFO requests that you
optimize the cost structure for this system. Which of the following alternatives
will lower costs without compromising average performance of the system or data
integrity for the raw data?
A. Use reduced redundancy storage (RRS) for PDF and csv data in Amazon S3.
Add Spot instances to Amazon EMR jobs Use Reserved Instances for Amazon
Redshift.
B. Use reduced redundancy storage (RRS) for all data in S3. Use a combination of
Spot instances and Reserved Instances for Amazon EMR jobs use Reserved
instances for Amazon Redshift.
C. Use reduced redundancy storage (RRS) for all data in Amazon S3 Add Spot
Instances to Amazon EMR jobs Use Reserved Instances for Amazon Redshitf.
D. Use reduced redundancy storage (RRS) for PDF and csv data in S3 Add Spot
Instances to EMR jobs Use Spot Instances for Amazon Redshift.
Answer: B
QUESTION: 65
A large real-estate brokerage is exploring the option o( adding a cost-effective
location based alert to their existing mobile application The application backend
infrastructure currently runs on AWS Users who opt in to this service will receive
alerts on their mobile device regarding real-estate otters in proximity to their
location. For the alerts to be relevant delivery time needs to be in the low minute
count the existing mobile app has 5 million users across the us Which one of the
following architectural suggestions would you make to the customer?
AWS-SAA
37
http://www.examarea.com
http://www.fravo.com
A. The mobile application will submit its location to a web service endpoint
utilizing Elastic Load Balancing and EC2 instances: DynamoDB will be used to
store and retrieve relevant otters EC2 instances will communicate with mobile
earners/device providers to push alerts back to mobile application.
B. Use AWS DirectConnect or VPN to establish connectivity with mobile carriers
EC2 instances will receive the mobile applications ' location through carrier
connection: ROS will be used to store and relevant relevant offers EC2 instances
will communicate with mobile carriers to push alerts back to the mobile
application
C. The mobile application will send device location using SQS. EC2 instances
will retrieve the relevant others from DynamoDB AWS Mobile Push will be used
to send offers to the mobile application
D. The mobile application will send device location using AWS Mobile Push EC2
instances will retrieve the relevant offers from DynamoDB EC2 instances will
communicate with mobile carriers/device providers to push alerts back to the
mobile application.
Answer: A
QUESTION: 66
Your customer is willing to consolidate their log streams (access logs application
logs security logs etc.) in one single system. Once consolidated, the customer
wants to analyze these logs in real time based on heuristics. From time to time,
the customer needs to validate heuristics, which requires going back to data
samples extracted from the last 12 hours? What is the best approach to meet your
customer’s requirements?
A. Send all the log events to Amazon SQS. Setup an Auto Scaling group of EC2
servers to consume the logs and apply the heuristics.
B. Send all the log events to Amazon Kinesis develop a client process to apply
heuristics on the logs
C. Configure Amazon Cloud Trail to receive custom logs, use EMR to apply
heuristics the logs
D. Setup an Auto Scaling group of EC2 syslogd servers, store the logs on S3 use
EMR to apply heuristics on the logs
Answer: C
QUESTION: 67
Your startup wants to implement an order fulfillment process for selling a
personalized gadget that needs an average of 3-4 days to produce with some
orders taking up to 6 months you expect 10 orders per day on your first day. 1000
orders per day after 6 months and 10,000 orders after 12 months. Orders coming
in are checked for consistency men dispatched to your manufacturing plant for
AWS-SAA
38
http://www.examarea.com
http://www.fravo.com
production quality control packaging shipment and payment processing If the
product does not meet the quality standards at any stage of the process employees
may force the process to repeat a step Customers are notified via email about
order status and any critical issues with their orders such as payment failure. Your
case architecture includes AWS Elastic Beanstalk for your website with an RDS
MySQL instance for customer data and orders. How can you implement the order
fulfillment process while making sure that the emails are delivered reliably?
A. Add a business process management application to your Elastic Beanstalk app
servers and re-use the ROS database for tracking order status use one of the
Elastic Beanstalk instances to send emails to customers.
B. Use SWF with an Auto Scaling group of activity workers and a decider
instance in another Auto Scaling group with min/max=1 Use the decider instance
to send emails to customers.
C. Use SWF with an Auto Scaling group of activity workers and a decider
instance in another Auto Scaling group with min/max=1 use SES to send emails
to customers.
D. Use an SQS queue to manage all process tasks Use an Auto Scaling group of
EC2 Instances that poll the tasks and execute them. Use SES to send emails to
customers.
Answer: C
QUESTION: 68
You are designing the network infrastructure for an application server in Amazon
VPC Users will access all the application instances from the Internet as well as
from an on- premises network The on-premises network is connected to your
VPC over an AWS Direct Connect link. How would you design routing to meet
the above requirements?
A. Configure a single routing Table with a default route via the Internet gateway
Propagate a default route via BGP on the AWS Direct Connect customer router
Associate the routing table with all VPC subnets.
B. Configure a single routing table with a default route via the internet gateway
Propagate specific routes for the on-premises networks via BGP on the AWS
Direct Connect customer router Associate the routing table with all VPC subnets.
C. Configure a single routing table with two default routes: one to the internet via
an Internet gateway the other to the on-premises network via the VPN gateway
use this routing table across all subnets in your VPC.
D. Configure two routing tables one that has a default route via the Internet
gateway and another that has a default route via the VPN gateway Associate both
routing tables with each VPC subnet.
AWS-SAA
39
http://www.examarea.com
http://www.fravo.com
Answer: A
QUESTION: 69
A company is running a batch analysis every hour on their main transactional DB.
running on an RDS MySQL instance to populate their central Data Warehouse
running on Redshift During the execution of the batch their transactional
applications are very slow When the batch completes they need to update the top
management dashboard with the new data The dashboard is produced by another
system running on-premises that is currently started when a manually-sent email
notifies that an update is required The on-premises system cannot be modified
because is managed by another team. How would you optimize this scenario to
solve performance issues and automate the process as much as possible?
A. Replace RDS with Redshift for the batch analysis and SNS to notify the onpremises
system to update the dashboard
B. Replace ROS with Redsnift for the oaten analysis and SQS to send a message
to the on-premises system to update the dashboard
C. Create an RDS Read Replica for the batch analysis and SNS to notify me onpremises
system to update the dashboard
D. Create an RDS Read Replica for the batch analysis and SQS to send a message
to the on-premises system to update the dashboard.
Answer: D
QUESTION: 70
Your application is using an ELB in front of an Auto Scaling group of
web/application servers deployed across two AZs and a Multi-AZ RDS Instance
for data persistence. The database CPU is often above 80% usage and 90% of I/O
operations on the database are reads. To improve performance you recently added
a single-node Memcached ElastiCache Cluster to cache frequent DB query
results. In the next weeks the overall workload is expected to grow by 30%. Do
you need to change anything in the architecture to maintain the high availability
or the application with the anticipated additional load'* Why?
A. Yes. you should deploy two Memcached ElastiCache Clusters in different AZs
because the ROS Instance will not Be able to handle the load It me cache node
fails.
B. No. if the cache node fails the automated ElastiCache node recovery feature
will prevent any availability impact.
C. Yes you should deploy the Memcached ElastiCache Cluster with two nodes in
the same AZ as the RDS DB master instance to handle the load if one cache node
fails.
D. No if the cache node fails you can always get the same data from the DB
AWS-SAA
40
http://www.examarea.com
http://www.fravo.com
without having any availability impact.
Answer: B
QUESTION: 71
A 3-tier e-commerce web application is current deployed on-premises and will be
migrated to AWS for greater scalability and elasticity The web server currently
shares read-only data using a network distributed file system The app server tier
uses a clustering mechanism for discovery and shared session state that depends
on IP multicast The database tier uses shared-storage clustering to provide
database fall over capability, and uses several read slaves for scaling Data on all
servers and the distributed file system directory is backed up weekly to off-site
tapes Which AWS storage and database architecture meets the requirements of
the application?
A. Web servers, store read-only data in S3, and copy from S3 to root volume at
boot time App servers snare state using a combination or DynamoDB and IP
unicast Database use RDS with multi-AZ deployment and one or more Read
Replicas Backup web and app servers backed up weekly via Mils database backed
up via DB snapshots.
B. Web servers store -read-only data in S3, and copy from S3 to root volume at
boot time App servers share state using a combination of DynamoDB and IP
unicast Database, use RDS with multi-AZ deployment and one or more read
replicas Backup web servers app servers, and database backed up weekly to
Glacier using snapshots.
C. Web servers store read-only data In S3 and copy from S3 to root volume at
boot time App servers share state using a combination of DynamoDB and IP
unicast Database use RDS with multi-AZ deployment Backup web and app
servers backed up weekly via AM is. Database backed up via DB snapshots
D. Web servers, store read-only data in an EC2 NFS server, mount to each web
server at boot time App servers share state using a combination of DynamoDB
and IP multicast Database use RDS with multi-AZ deployment and one or more
Read Replicas Backup web and app servers backed up weekly via Mils database
backed up via DB snapshots
Answer: B
QUESTION: 72
Your company hosts a social media site supporting users in multiple countries.
You have been asked to provide a highly available design tor the application that
leverages multiple regions tor the most recently accessed content and latency
sensitive portions of the wet) site The most latency sensitive component of the
application involves reading user preferences to support web site personalization
AWS-SAA
41
http://www.examarea.com
http://www.fravo.com
and ad selection. In addition to running your application in multiple regions,
which option will support this application’s requirements?
A. Serve user content from S3. CloudFront and use Route53 latency-based
routing between ELBs in each region Retrieve user preferences from a local
DynamoDB table in each region and leverage SQS to capture changes to user
preferences with SOS workers for propagating updates to each table.
B. Use the S3 Copy API to copy recently accessed content to multiple regions and
serve user content from S3. CloudFront with dynamic content and an ELB in each
region Retrieve user preferences from an ElasticCache cluster in each region and
leverage SNS notifications to propagate user preference changes to a worker node
in each region.
C. Use the S3 Copy API to copy recently accessed content to multiple regions and
serve user content from S3 CloudFront and Route53 latency-based routing
Between ELBs In each region Retrieve user preferences from a DynamoDB table
and leverage SQS to capture changes to user preferences with SOS workers for
propagating DynamoDB updates.
D. Serve user content from S3. CloudFront with dynamic content, and an ELB in
each region Retrieve user preferences from an ElastiCache cluster in each region
and leverage Simple Workflow (SWF) to manage the propagation of user
preferences from a centralized OB to each ElastiCache cluster.
Answer: A
QUESTION: 73
You are running a successful multitier web application on AWS and your
marketing department has asked you to add a reporting tier to the application. The
reporting tier will aggregate and publish status reports every 30 minutes from
user-generated information that is being stored in your web application s database.
You are currently running a Multi- AZ RDS MySQL instance for the database
tier. You also have implemented Elasticache as a database caching layer between
the application tier and database tier. Please select the answer that will allow you
to successfully implement the reporting tier with as little impact as possible to
your database.
A. Continually send transaction logs from your master database to an S3 bucket
and generate the reports off the S3 bucket using S3 byte range requests.
B. Generate the reports by querying the synchronously replicated standby RDS
MySQL instance maintained through Multi-AZ.
C. Launch a RDS Read Replica connected to your Multi AZ master database and
generate reports by querying the Read Replica.
D. Generate the reports by querying the ElastiCache database caching tier.
AWS-SAA
42
http://www.examarea.com
http://www.fravo.com
Answer: A
QUESTION: 74
You are developing a new mobile application and are considering storing user
preferences in AWS.2w This would provide a more uniform cross-device
experience to users using multiple mobile devices to access the application. The
preference data for each user is estimated to be 50KB in size Additionally 5
million customers are expected to use the application on a regular basis. The
solution needs to be cost-effective, highly available, scalable and secure, how
would you design a solution to meet the above requirements?
A. Setup an RDS MySQL instance in 2 availability zones to store the user
preference data. Deploy a public facing application on a server in front of the
database to manage security and access credentials
B. Setup a DynamoDB table with an item for each user having the necessary
attributes to hold the user preferences. The mobile application will query the user
preferences directly from the DynamoDB table. Utilize STS. Web Identity
Federation, and DynamoDB Fine Grained Access Control to authenticate and
authorize access.
C. Setup an RDS MySQL instance with multiple read replicas in 2 availability
zones to store the user preference data .The mobile application will query the user
preferences from the read replicas. Leverage the MySQL user management and
access privilege system to manage security and access credentials.
D. Store the user preference data in S3 Setup a DynamoDB table with an item for
each user and an item attribute pointing to the user’ S3 object. The mobile
application will retrieve the S3 URL from DynamoDB and then access the S3
object directly utilize STS, Web identity Federation, and S3 ACLs to authenticate
and authorize access.
Answer: B
QUESTION: 75
A web company is looking to implement an intrusion detection and prevention
system into their deployed VPC. This platform should have the ability to scale to
thousands of instances running inside of the VPC. How should they architect their
solution to achieve these goals?
A. Configure an instance with monitoring software and the elastic network
interface (ENI) set to promiscuous mode packet sniffing to see an traffic across
the VPC.
B. Create a second VPC and route all traffic from the primary application VPC
through the second VPC where the scalable virtualized IDS/IPS platform resides.
C. Configure servers running in the VPC using the host-based 'route' commands
AWS-SAA
43
http://www.examarea.com
http://www.fravo.com
to send all traffic through the platform to a scalable virtualized IDS/IPS.
D. Configure each host with an agent that collects all network traffic and sends
that traffic to the IDS/IPS platform for inspection.
Answer: C
QUESTION: 76
You are designing an SSUTLS solution that requires HTTPS clients to be
authenticated by the Web server using client certificate authentication. The
solution must be resilient. Which of the following options would you consider for
configuring the web server infrastructure? (Choose 2 answers)
A. Configure ELB with TCP listeners on TCP/4d3. And place the Web servers
behind it.
B. Configure your Web servers with EIPS Place the Web servers in a Route53
Record Set and configure health checks against all Web servers.
C. Configure ELB with HTTPS listeners, and place the Web servers behind it.
D. Configure your web servers as the origins for a CloudFront distribution. Use
custom SSL certificates on your CloudFront distribution.
Answer: A, B
QUESTION: 77
You are designing a multi-platform web application for AWS The application will
run on EC2 instances and will be accessed from PCs. tablets and smart phones
Supported accessing platforms are Windows. MACOS. IOS and Android Separate
sticky session and SSL certificate setups are required for different platform types
which of the following describes the most cost effective and performance efficient
architecture setup?
A. Setup a hybrid architecture to handle session state and SSL certificates onprem
and separate EC2 Instance groups running web applications for different
platform types running in a VPC.
B. Set up one ELB for all platforms to distribute load among multiple instance
under it Each EC2 instance implements ail functionality for a particular platform.
C. Set up two ELBs The first ELB handles SSL certificates for all platforms and
the second ELB handles session stickiness for all platforms for each ELB run
separate EC2 instance groups to handle the web application for each platform.
D. Assign multiple ELBS to an EC2 instance or group of EC2 instances running
the common components of the web application, one ELB for each platform type
Session stickiness and SSL termination are done at the ELBs.
AWS-SAA
44
http://www.examarea.com
http://www.fravo.com
Answer: D
QUESTION: 78
You have launched an EC2 instance with four (4) 500 GB EBS Provisioned IOPS
volumes attached The EC2 Instance Is EBS-Optimized and supports 500 Mbps
throughput between EC2 and EBS The two EBS volumes are configured as a
single RAID o device, and each Provisioned IOPS volume is provisioned with
4.000 IOPS (4 000 16KB reads or writes) for a total of 16.000 random IOPS on
the instance The EC2 Instance initially delivers the expected 16 000 IOPS random
read and write performance Sometime later in order to increase the total random
I/O performance of the instance, you add an additional two 500 GB EBS
Provisioned IOPS volumes to the RAID Each volume Is provisioned to 4.000
IOPs like the original four for a total of 24.000 IOPS on the EC2 instance
Monitoring shows that the EC2 instance CPU utilization increased from 50% to
70%. but the total random IOPS measured at the instance level does not increase
at all. What is the problem and a valid solution?
A. Larger storage volumes support higher Provisioned IOPS rates: increase the
provisioned volume storage of each of the 6 EBS volumes to 1TB.
B. The EBS-Optimized throughput limits the total IOPS that can be utilized use
an EBS- Optimized instance that provides larger throughput.
C. Small block sizes cause performance degradation, limiting the I'O throughput,
configure the instance device driver and file system to use 64KB blocks to
increase throughput.
D. RAID 0 only scales linearly to about 4 devices, use RAID 0 with 4 EBS
Provisioned IOPS volumes but increase each Provisioned IOPS EBS volume to
6.000 IOPS.
E. The standard EBS instance root volume limits the total IOPS rate, change the
instant root volume to also be a 500GB 4.000 Provisioned IOPS volume.
Answer: E
QUESTION: 79
You've been hired to enhance the overall security posture for a very large ecommerce
site They have a well architected multi-tier application running in a
VPC that uses ELBs in front of both the web and the app tier with static assets
served directly from S3 They are using a combination of RDS and DynamoOB
for their dynamic data and then archiving nightly into S3 for further processing
with EMR They are concerned because they found questionable log entries and
suspect someone is attempting to gain unauthorized access. Which approach
provides a cost effective scalable mitigation to this kind of attack?
A. Recommend mat they lease space at a DirectConnect partner location and
AWS-SAA
45
http://www.examarea.com
http://www.fravo.com
establish a 1G DirectConnect connection to theirvPC they would then establish
Internet connectivity into their space, filter the traffic in hardware Web
Application Firewall (WAF). And then pass the traffic through the DirectConnect
connection into their application running in their VPC.
B. Add previously identified hostile source IPs as an explicit INBOUND DENY
NACL to the web tier subnet.
C. Add a WAF tier by creating a new ELB and an AutoScalmg group of EC2
Instances running a host-based WAF They would redirect Route 53 to resolve to
the new WAF tier ELB The WAF tier would thier pass the traffic to the current
web tier The web tier Security Groups would be updated to only allow traffic
from the WAF tier Security Group
D. Remove all but TLS 1 2 from the web tier ELB and enable Advanced Protocol
Filtering This will enable the ELB itself to perform WAF functionality.
Answer: C
QUESTION: 80
Your company runs a customer facing event registration site This site is built with
a 3-tier architecture with web and application tier servers and a MySQL database
The application requires 6 web tier servers and 6 application tier servers for
normal operation, but can run on a minimum of 65% server capacity and a single
MySQL database. When deploying this application in a region with three
availability zones (AZs) which architecture provides high availability?
A. A web tier deployed across 2 AZs with 3 EC2 (Elastic Compute Cloud)
instances in each AZ inside an Auto Scaling Group behind an ELB (elastic load
balancer), and an application tier deployed across 2 AZs with 3 EC2 instances in
each AZ inside an Auto Scaling Group behind an ELB. and one RDS (Relational
Database Service) instance deployed with read replicas in the other AZ.
B. A web tier deployed across 3 AZs with 2 EC2 (Elastic Compute Cloud)
instances in each A2 inside an Auto Scaling Group behind an ELB (elastic load
balancer) and an application tier deployed across 3 AZs with 2 EC2 instances in
each AZ inside an Auto Scaling Group behind an ELB and one RDS (Relational
Database Service) Instance deployed with read replicas in the two other AZs.
C. d A web tier deployed across 2 AZs with 3 EC2 (Elastic Compute Cloud)
instances in each AZ inside an Auto Scaling Group behind an ELB (elastic load
balancer) and an application tier deployed across 2 AZs with 3 EC2 instances m
each AZ inside an Auto Scaling Group behind an ELS and a Multi-AZ RDS
(Relational Database Service) deployment.
D. A web tier deployed across 3 AZs with 2 EC2 (Elastic Compute Cloud)
instances in each AZ Inside an Auto Scaling Group behind an ELB (elastic load
balancer). And an application tier deployed across 3 AZs with 2 EC2 instances In
each AZ inside an Auto Scaling Group behind an ELB. And a Multi-AZ RDS
(Relational Database services) deployment.
Answer: D
AWS-SAA
46
http://www.examarea.com
http://www.fravo.com
QUESTION: 81
True or False: When using IAM to control access to your RDS resources, the key
names that can be used are case sensitive. For example, aws:CurrentTime is NOT
equivalent to AWS:currenttime.
A. TRUE
B. FALSE
Answer: A
QUESTION: 82
Groups can't___________
A. be nested more than 3 levels
B. be nested at all
C. be nested more than 4 levels
D. be nested more than 2 levels
Answer: B
QUESTION: 83
What is the Reduced Redundancy option in Amazon S3?
A. Less redundancy for a lower cost.
B. It doesn't exist in Amazon S3, but in Amazon EBS.
C. It allows you to destroy any copy of your files outside a specific jurisdiction.
D. It doesn't exist at all
Answer: A
QUESTION: 84
Can Amazon S3 uploads resume on failure or do they need to restart?
A. Restart from beginning
B. You can resume them, if you flag the "resume on failure" option before
uploading.
AWS-SAA
47
http://www.examarea.com
http://www.fravo.com
C. Resume on failure
D. Depends on the file size
Answer: C
QUESTION: 85
Out of the stripping options available for the EBS volumes, which one has the
following disadvantage : 'Doubles the amount of I/O required from the instance to
EBS compared to RAID 0, because you're mirroring all writes to a pair of
volumes, limiting how much you can stripe.' ?
A. Raid 0
B. RAID 1+0 (RAID 10)
C. Raid 1
D. Raid
Answer: B
QUESTION: 86
Can we attach an EBS volume to more than one EC2 instance at the same time?
A. No
B. Yes.
C. Only EC2-optimized EBS volumes.
D. Only in read mode.
Answer: A
QUESTION: 87
Which Amazon Storage behaves like raw, unformatted, external block devices
that you can attach to your instances?
A. None of these.
B. Amazon Instance Storage
C. Amazon EBS
D. All of these
Answer: C
AWS-SAA
48
http://www.examarea.com
http://www.fravo.com
QUESTION: 88
All Amazon EC2 instances are assigned two IP addresses at launch, out of which
one can only be reached from within the Amazon EC2 network?
A. Multiple IP address
B. Public IP address
C. Private IP address
D. Elastic IP Address
Answer: C
QUESTION: 89
You must increase storage size in increments of at least %
A. 40
B. 20
C. 50
D. 10
Answer: D
QUESTION: 90
Amazon SWF is designed to help users...
A. Design graphical user interface interactions
B. Manage user identification and authorization
C. Store Web content
D. Coordinate synchronous and asynchronous tasks which are distributed and
fault tolerant.
Answer: D
QUESTION: 91
EBS Snapshots occur _________
A. Asynchronously
AWS-SAA
49
http://www.examarea.com
http://www.fravo.com
B. Synchronously
C. Weekly
Answer: A
QUESTION: 92
Read Replicas require a transactional storage engine and are only supported for
the
__________ storage engine
A. OracleISAM
B. MSSQLDB
C. InnoDB
D. MyISAM
Answer: C
QUESTION: 93
If I want an instance to have a public IP address, which IP address should I use?
A. Elastic IP Address
B. Class B IP Address
C. Class A IP Address
D. Dynamic IP Address
Answer: A
QUESTION: 94
What is the minimum charge for the data transferred between Amazon RDS and
Amazon EC2 Instances in the same Availability Zone?
A. USD 0.10 per GB
B. No charge. It is free.
C. USD 0.02 per GB
D. USD 0.01 per GB
Answer: B
AWS-SAA
50
http://www.examarea.com
http://www.fravo.com
QUESTION: 95
What will be the status of the snapshot until the snapshot is complete.
A. running
B. working
C. progressing
D. pending
Answer: D
QUESTION: 96
In the Launch Db Instance Wizard, where can I select the backup and
maintenance options?
A. Under DB INSTANCE DETAILS
B. Under REVIEW
C. Under MANAGEMENT OPTIONS
D. Under ENGINE SELECTION
Answer: C
QUESTION: 97
What does the following command do with respect to the Amazon EC2 security
groups? ec2-create-group CreateSecurityGroup
A. Groups the user created security groups in to a new group for easy access.
B. Creates a new security group for use with your account.
C. Creates a new group inside the security group.
D. Creates a new rule inside the security group.
Answer: B
QUESTION: 98
Provisioned IOPS Costs: you are charged for the IOPS and storage whether or not
you use them in a given month.
A. FALSE
B. TRUE
AWS-SAA
51
http://www.examarea.com
http://www.fravo.com
Answer: B
QUESTION: 99
Will my standby RDS instance be in the same Availability Zone as my primary?
A. Only for Oracle RDS types
B. Yes
C. Only if configured at launch
D. No
Answer: D
QUESTION: 100
Which service enables AWS customers to manage users and permissions in
AWS?
A. AWS Access Control Service (ACS)
B. AWS Identity and Access Management (IAM)
C. AWS Identity Manager (AIM)
Answer: B
QUESTION: 101
A/An acts as a firewall that controls the traffic allowed to reach one or more
instances.
A. security group
B. ACL
C. IAM
D. Private IP Addresses
Answer: A
QUESTION: 102
To view information about an Amazon EBS volume, open the Amazon EC2
console at https://console.aws.amazon.com/ec2/, click in the Navigation
pane.
AWS-SAA
52
http://www.examarea.com
http://www.fravo.com
A. EBS
B. Describe
C. Details
D. Volumes
Answer: D
QUESTION: 103
What are the initial settings of an user created security group?
A. Allow all inbound traffic and Allow no outbound traffic
B. Allow no inbound traffic and Allow no outbound traffic
C. Allow no inbound traffic and Allow all outbound traffic
D. Allow all inbound traffic and Allow all outbound traffic
Answer: C
QUESTION: 104
While creating an Amazon RDS DB, your first task is to set up a DB that
controls what IP addresses or EC2 instances have access to your DB Instance.
A. Security Pool
B. Secure Zone
C. Security Token Pool
D. Security Group
Answer: D
QUESTION: 105
Fill in the blanks: Resources that are created in AWS are identified by a unique
identifier called an
A. Amazon Resource Number
B. Amazon Resource Nametag
C. Amazon Resource Name
D. Amazon Reesource Namespace
AWS-SAA
53
http://www.examarea.com
http://www.fravo.com
Answer: C
QUESTION: 106
Amazon RDS automated backups and DB Snapshots are currently supported for
only the___________ storage engine
A. InnoDB
B. MyISAM
Answer: A
QUESTION: 107
What is Amazon Glacier?
A. You mean Amazon "Iceberg": it's a low-cost storage service.
B. A security tool that allows to "freeze" an EBS volume and perform computer
forensics on it.
C. A low-cost storage service that provides secure and durable storage for data
archiving and backup.
D. It's a security tool that allows to "freeze" an EC2 instance and perform
computer forensics on it.
Answer: C
QUESTION: 108
Fill in the blanks: The base URI for all requests for instance metadata is
A. http://254.169.169.254/latest/
B. http://169.169.254.254/latest/
C. http://127.0.0.1/latest/
D. http://169.254.169.254/latest/
Answer: D
QUESTION: 109
What does a "Domain" refer to in Amazon SWF?
A. A security group in which only tasks inside can communicate with each other
AWS-SAA
54
http://www.examarea.com
http://www.fravo.com
B. A special type of worker
C. A collection of related Workflows
D. The DNS record for the Amazon SWF service
Answer: C
QUESTION: 110
Before I delete an EBS volume, what can I do if I want to recreate the volume
later?
A. Create a copy of the EBS volume (not a snapshot)
B. Store a snapshot of the volume
C. Download the content to an EC2 instance
D. Back up the data in to a physical disk
Answer: B
QUESTION: 111
Using Amazon CloudWatch's Free Tier, what is the frequency of metric updates
which you receive?
A. 5 minutes
B. 500 milliseconds.
C. 30 seconds
D. 1 minute
Answer: A
QUESTION: 112
Typically, you want your application to check whether a request generated an
error before you spend any time processing results. The easiest way to find out if
an error occurred is to look for an_______ node in the response from the Amazon
RDS API.
A. Incorrect
B. Error
C. FALSE
AWS-SAA
55
http://www.examarea.com
http://www.fravo.com
Answer: B
QUESTION: 113
What does the AWS Storage Gateway provide?
A. It allows to integrate on-premises IT environments with Cloud Storage.
B. A direct encrypted connection to Amazon S3.
C. It's a backup solution that provides an on-premises Cloud storage.
D. It provides an encrypted SSL endpoint for backups in the Cloud.
Answer: A
QUESTION: 114
While launching an RDS DB instance, on which page I can select the Availability
Zone?
A. REVIEW
B. DB INSTANCE DETAILS
C. MANAGEMENT OPTIONS
D. ADDITIONAL CONFIGURATION
Answer: D
QUESTION: 115
What does specifying the mapping /dev/sdc=none when launching an instance do?
A. Prevents /dev/sdc from creating the instance.
B. Prevents /dev/sdc from deleting the instance.
C. Set the value of /dev/sdc to 'zero'.
D. Prevents /dev/sdc from attaching to the instance.
Answer: D
QUESTION: 116
What is the durability of S3 RRS?
AWS-SAA
56
http://www.examarea.com
http://www.fravo.com
A. 99.99%
B. 99.95%
C. 99.995%
D. 99.999999999%
Answer: A
QUESTION: 117
What does Amazon SWF stand for?
A. Simple Web Flow
B. Simple Work Flow
C. Simple Wireless Forms
D. Simple Web Form
Answer: B
QUESTION: 118
What is the maximum key length of a tag?
A. 512 Unicode characters
B. 64 Unicode characters
C. 256 Unicode characters
D. 128 Unicode characters
Answer: D
QUESTION: 119
While performing the volume status checks, if the status is insufficient-data, what
does it mean?
A. the checks may still be in progress on the volume
B. the check has passed
C. the check has failed
Answer: A
QUESTION: 120
What is Oracle SQL Developer?
AWS-SAA
57
http://www.examarea.com
http://www.fravo.com
A. An AWS developer who is an expert in Amazon RDS using both the Oracle
and SQL Server DB engines
B. A graphical Java tool distributed without cost by Oracle.
C. It is a variant of the SQL Server Management Studio designed by Microsoft to
support Oracle DBMS functionalities
D. A different DBMS released by Microsoft free of cost
Answer: B
QUESTION: 121
True or False: When you perform a restore operation to a point in time or from a
DB Snapshot, a new DB Instance is created with a new endpoint.
A. FALSE
B. TRUE
Answer: B
QUESTION: 122
Fill in the blanks:____ let you categorize your EC2 resources in different ways,
for example, by purpose, owner, or environment.
A. wildcards
B. pointers
C. Tags
D. special filters
Answer: C
QUESTION: 123
Is creating a Read Replica of another Read Replica supported?
A. Only in certain regions
B. Only with MSSQL based RDS
C. Only for Oracle RDS types
D. No
Answer: D
AWS-SAA
58
http://www.examarea.com
http://www.fravo.com
QUESTION: 124
What happens to the data on an instance if the instance reboots (intentionally or
unintentionally)?
A. Data will be lost
B. Data persists
C. Data may persist however cannot be sure
Answer: B
QUESTION: 125
Does Amazon RDS allow direct host access via Telnet, Secure Shell (SSH), or
Windows Remote Desktop Connection?
A. Yes
B. No
C. Depends on if it is in VPC or not
Answer: B
QUESTION: 126
SQL Server store logins and passwords in the master database.
A. can be configured to but by default does not
B. doesn't
C. does
Answer: C
QUESTION: 127
Is there a limit to how many groups a user can be in?
A. Yes for all users
B. Yes for all users except root
C. No
D. Yes unless special permission granted
AWS-SAA
59
http://www.examarea.com
http://www.fravo.com
Answer: A
QUESTION: 128
IAM provides several policy templates you can use to automatically assign
permissions to the groups you create. The policy template gives the Admins
group permission to access all account resources, except your AWS account
information
A. Read Only Access
B. Power User Access
C. AWS Cloud Formation Read Only Access
D. Administrator Access
Answer: D
QUESTION: 129
Disabling automated backups disable the point-in-time recovery.
A. if configured to can
B. will never
C. will
Answer: C
QUESTION: 130
When should I choose Provisioned IOPS over Standard RDS storage?
A. If you have batch-oriented workloads
B. If you use production online transaction processing (OLTP) workloads.
C. If you have workloads that are not sensitive to consistent performance
Answer: B
QUESTION: 131
What does RRS stand for when talking about S3?
AWS-SAA
60
http://www.examarea.com
http://www.fravo.com
A. Redundancy Removal System
B. Relational Rights Storage
C. Regional Rights Standard
D. Reduced Redundancy Storage
Answer: D
QUESTION: 132
What does Amazon S3 stand for?
A. Simple Storage Solution.
B. Storage Storage Storage (triple redundancy Storage).
C. Storage Server Solution.
D. Simple Storage Service.
Answer: D
QUESTION: 133
Can I move a Reserved Instance from one Region to another?
A. No
B. Only if they are moving into GovCloud
C. Yes
D. Only if they are moving to US East from another region
Answer: A
QUESTION: 134
Is Federated Storage Engine currently supported by Amazon RDS for MySQL?
A. Only for Oracle RDS instances
B. No
C. Yes
D. Only in VPC
Answer: B
AWS-SAA
61
http://www.examarea.com
http://www.fravo.com
QUESTION: 135
What is the maximum write throughput I can provision for a single Dynamic DB
table?
A. 1,000 write capacity units
B. 100,000 write capacity units
C. Dynamic DB is designed to scale without limits, but if you go beyond 10,000
you have to contact AWS first.
D. 10,000 write capacity units
Answer: C
QUESTION: 136
What does the following command do with respect to the Amazon EC2 security
groups? ec2-revoke RevokeSecurityGroupIngress
A. Removes one or more security groups from a rule.
B. Removes one or more security groups from an Amazon EC2 instance.
C. Removes one or more rules from a security group.
D. Removes a security group from our account.
Answer: C
QUESTION: 137
How many types of block devices does Amazon EC2 support A
A. 2
B. 3
C. 4
D. 1
Answer: A
QUESTION: 138
How can I change the security group membership for interfaces owned by other
AWS, such as Elastic Load Balancing?
A. By using the service specific console or API\CLI commands
AWS-SAA
62
http://www.examarea.com
http://www.fravo.com
B. None of these
C. Using Amazon EC2 API/CLI
D. using all these methods
Answer: A
QUESTION: 139
While signing in REST/ Query requests, for additional security, you should
transmit your requests using Secure Sockets Layer (SSL) by using ___________
A. HTTP
B. Internet Protocol Security(IPsec)
C. TLS (Transport Layer Security)
D. HTTPS
Answer: D
QUESTION: 140
Can a 'user' be associated with multiple AWS accounts?
A. No
B. Yes
Answer: A
QUESTION: 141
IAM's Policy Evaluation Logic always starts with a default for every request,
except for those that use the AWS account's root security credentials b
A. Permit
B. Deny
C. Cancel
Answer: B
QUESTION: 142
Select the most correct answer: The device name /dev/sda1 (within Amazon EC2)
AWS-SAA
63
http://www.examarea.com
http://www.fravo.com
is _________
A. Possible for EBS volumes
B. Reserved for the root device
C. Recommended for EBS volumes
D. Recommended for instance store volumes
Answer: B
QUESTION: 143
For each DB Instance class, what is the maximum size of associated storage
capacity?
A. 5GB
B. 1TB
C. 2TB
D. 500GB
Answer: B
QUESTION: 144
What is an isolated database environment running in the cloud (Amazon RDS)
called?
A. DB Instance
B. DB Server
C. DB Unit
D. DB Volume
Answer: A
QUESTION: 145
What are the Amazon EC2 API tools?
A. They don't exist. The Amazon EC2 AMI tools, instead, are used to manage
permissions.
B. Command-line tools to the Amazon EC2 web service.
C. They are a set of graphical tools to manage EC2 instances.
AWS-SAA
64
http://www.examarea.com
http://www.fravo.com
D. They don't exist. The Amazon API tools are a client interface to Amazon Web
Services.
Answer: B
QUESTION: 146
Changes to the backup window take effect .
A. from the next billing cycle
B. after 30 minutes
C. immediately
D. after 24 hours
Answer: C
QUESTION: 147
In the 'Detailed' monitoring data available for your Amazon EBS volumes,
Provisioned IOPS volumes automatically send______ minute metrics to Amazon
CloudWatch.
A. 3
B. 1
C. 5
D. 2
Answer: B
QUESTION: 148
While creating the snapshots using the API, which Action should I be using?
A. MakeSnapShot
B. FreshSnapshot
C. DeploySnapshot
D. CreateSnapshot
Answer: D
AWS-SAA
65
http://www.examarea.com
http://www.fravo.com
QUESTION: 149
Every user you create in the IAM system starts with .
A. Partial permissions
B. Full permissions
C. No permissions
Answer: C
QUESTION: 150
What does Amazon EC2 provide?
A. Virtual servers in the Cloud.
B. A platform to run code (Java, PHP, Python), paying on an hourly basis.
C. Computer Clusters in the Cloud.
D. Physical servers, remotely managed by the customer.
Answer: A
QUESTION: 151
Will my standby RDS instance be in the same Region as my primary?
A. Only for Oracle RDS types
B. Yes
C. Only if configured at launch
D. No
Answer: B
QUESTION: 152
While creating the snapshots using the command line tools, which command
should I be using?
A. ec2-deploy-snapshot
B. ec2-fresh-snapshot
C. ec2-create-snapshot
D. ec2-new-snapshot
AWS-SAA
66
http://www.examarea.com
http://www.fravo.com
Answer: C
QUESTION: 153
True or False: Automated backups are enabled by default for a new DB Instance.
A. TRUE
B. FALSE
Answer: A
QUESTION: 154
What are the two types of licensing options available for using Amazon RDS for
Oracle?
A. BYOL and Enterprise License
B. BYOL and License Included
C. Enterprise License and License Included
D. Role based License and License Included
Answer: B
QUESTION: 155
When running my DB Instance as a Multi-AZ deployment, can I use the standby
for read or write operations?
A. Yes
B. Only with MSSQL based RDS
C. Only for Oracle RDS instances
D. No
Answer: D
QUESTION: 156
In the Amazon cloudwatch, which metric should I be checking to ensure that your
DB Instance has enough free storage space?
AWS-SAA
67
http://www.examarea.com
http://www.fravo.com
A. FreeStorage
B. FreeStorageSpace
C. FreeStorageVolume
D. FreeDBStorageSpace
Answer: B
QUESTION: 157
How many relational database engines does RDS currently support?
A. Three: MySQL, Oracle and Microsoft SQL Server.
B. Just two: MySQL and Oracle.
C. Five: MySQL, PostgreSQL, MongoDB, Cassandra and SQLite.
D. Just one: MySQL.
Answer: A
QUESTION: 158
Which of the following cannot be used in Amazon EC2 to control who has access
to specific Amazon EC2 instances?
A. Security Groups
B. IAM System
C. SSH keys
D. Windows passwords
Answer: B
QUESTION: 159
By default, when an EBS volume is attached to a Windows instance, it may show
up as any drive letter on the instance. You can change the settings of the Service
to set the drive letters of the EBS volumes per your specifications.
A. EBSConfig Service
B. AMIConfig Service
C. Ec2Config Service
D. Ec2-AMIConfig Service
AWS-SAA
68
http://www.examarea.com
http://www.fravo.com
Answer: C
QUESTION: 160
Amazon RDS DB snapshots and automated backups are stored in
A. Amazon S3
B. Amazon ECS Volume
C. Amazon RDS
D. Amazon EMR
Answer: A
QUESTION: 161
If I write the below command, what does it do? ec2-run ami-e3a5408a -n 20 -g
appserver
A. Start twenty instances as members of appserver group.
B. Creates 20 rules in the security group named appserver
C. Terminate twenty instances as members of appserver group.
D. Start 20 security groups
Answer: A
QUESTION: 162
Which is the default region in AWS?
A. eu-west-1
B. us-east-1
C. us-east-2
D. ap-southeast-1
Answer: B
QUESTION: 163
If I modify a DB Instance or the DB parameter group associated with the instance,
should I reboot the instance for the changes to take effect?
AWS-SAA
69
http://www.examarea.com
http://www.fravo.com
A. No
B. Yes
Answer: B
QUESTION: 164
True or False: Manually created DB Snapshots are deleted after the DB Instance
is deleted.
A. TRUE
B. FALSE
Answer: A
QUESTION: 165
What are the two permission types used by AWS?
A. Resource-based and Product-based
B. Product-based and Service-based
C. Service-based
D. User-based and Resource-based
Answer: D
QUESTION: 166
Using Amazon IAM, can I give permission based on organizational groups?
A. Yes but only in certain cases
B. No
C. Yes always
Answer: C
QUESTION: 167
Are Reserved Instances available for Multi-AZ Deployments?
AWS-SAA
70
http://www.examarea.com
http://www.fravo.com
A. Only for Cluster Compute instances
B. Yes for all instance types
C. Only for M3 instance types
D. No
Answer: B
QUESTION: 168
By default, EBS volumes that are created and attached to an instance at launch are
deleted when that instance is terminated. You can modify this behavior by
changing the value of the flagto false when you launch the instance
A. DeleteOnTermination
B. RemoveOnDeletion
C. RemoveOnTermination
D. TerminateOnDeletion
Answer: A
QUESTION: 169
Can you create IAM security credentials for existing users?
A. Yes, existing users can have security credentials associated with their account.
B. No, IAM requires that all users who have credentials set up are not existing
users
C. No, security credentials are created within GROUPS, and then users are
associated to GROUPS at a later time.
D. Yes, but only IAM credentials, not ordinary security credentials.
Answer: A
QUESTION: 170
When you view the block device mapping for your instance, you can see only the
EBS volumes, not the instance store volumes.
A. Depends on the instance type
B. FALSE
C. Depends on whether you use API call
D. TRUE
AWS-SAA
71
http://www.examarea.com
http://www.fravo.com
Answer: D
QUESTION: 171
You must assign each server to at least________ security group
A. 3
B. 2
C. 4
D. 1
Answer: D
QUESTION: 172
When you run a DB Instance as a Multi-AZ deployment, the "__________ "
serves database writes and reads
A. secondary
B. backup
C. stand by
D. primary
Answer: D
QUESTION: 173
What does Amazon Elastic Beanstalk provide?
A. A scalable storage appliance on top of Amazon Web Services.
B. An application container on top of Amazon Web Services.
C. A service by this name doesn't exist.
D. A scalable cluster of EC2 instances.
Answer: B
QUESTION: 174
Can I control if and when MySQL based RDS Instance is upgraded to new
supported versions?
AWS-SAA
72
http://www.examarea.com
http://www.fravo.com
A. No
B. Only in VPC
C. Yes
Answer: C
QUESTION: 175
What happens to the I/O operations while you take a database snapshot?
A. I/O operations to the database are suspended for a few minutes while the
backup is in progress.
B. I/O operations to the database are sent to a Replica (if available) for a few
minutes while the backup is in progress.
C. I/O operations will be functioning normally
D. I/O operations to the database are suspended for an hour while the backup is in
progress
Answer: A
QUESTION: 176
Which AWS instance address has the following characteristics? :"If you stop an
instance, its Elastic IP address is unmapped, and you must remap it when you
restart the instance."
A. Both A and B
B. None of these
C. VPC Addresses
D. EC2 Addresses
Answer: A
QUESTION: 177
The one-time payment for Reserved Instances is_________ refundable if the
reservation is cancelled.
A. always
B. in some circumstances
C. never
AWS-SAA
73
http://www.examarea.com
http://www.fravo.com
Answer: C
QUESTION: 178
If I scale the storage capacity provisioned to my DB Instance by mid of a billing
month, how will I be charged?
A. You will be charged for the highest storage capacity you have used
B. On a proration basis
C. You will be charged for the lowest storage capacity you have used
Answer: B
QUESTION: 179
Because of the extensibility limitations of striped storage attached to Windows
Server, Amazon RDS does not currently support increasing storage on a DB
Instance.
A. SQL Server
B. MySQL
C. Oracle
Answer: A
QUESTION: 180
Is there a method in the IAM system to allow or deny access to a specific
instance?
A. Only for VPC based instances
B. Yes
C. No
Answer: C
QUESTION: 181
Which features can be used to restrict access to data in S3? Choose 2 answers
AWS-SAA
74
http://www.examarea.com
http://www.fravo.com
A. Set an S3 ACL on the bucket or the object.
B. Create a CloudFront distribution for the bucket.
C. Set an S3 bucket policy.
D. Enable IAM Identity Federation
E. Use S3 Virtual Hosting
Answer: C, D
Reference:
http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/privatecontent-
restricting-access-to-s3.html
QUESTION: 182
__________ embodies the "share-nothing" architecture and essentially involves
breaking a large database into several smaller databases. Common ways to split a
database include 1) splitting tables that are not joined in the same query onto
different hosts or 2) duplicating a table across multiple hosts and then using a
hashing algorithm to determine which host receives a given update.
A. Sharding
B. Failure recovery
C. Federation
D. DDL operations
Answer: A
QUESTION: 183
What does Amazon Elastic Beanstalk provide?
A. An application container on top of Amazon Web Services.
B. A scalable storage appliance on top of Amazon Web Services.
C. A scalable cluster of EC2 instances.
D. A service by this name doesn't exist.
Answer: A
QUESTION: 184
What does Amazon RDS stand for?
AWS-SAA
75
http://www.examarea.com
http://www.fravo.com
A. Regional Data Server.
B. Relational Database Service.
C. Nothing.
D. Regional Database Service.
Answer: B
QUESTION: 185
After an Amazon VPC instance is launched, can I change the VPC security
groups it belongs to?
A. Only if the tag "VPC_Change_Group" is true
B. Yes. You can.
C. No. You cannot.
D. Only if the tag "VPC Change Group" is true
Answer: B
QUESTION: 186
How can the domain's zone apex, for example, "myzoneapexdomain.com", be
pointed towards an Elastic Load Balancer?
A. By using an Amazon Route 53 Alias record
B. By using an AAAA record
C. By using an Amazon Route 53 CNAME record
D. By using an A record
Answer: A
QUESTION: 187
Does Amazon RDS for SQL Server currently support importing data into the
msdb database?
A. No
B. Yes
Answer: A
AWS-SAA
76
http://www.examarea.com
http://www.fravo.com
QUESTION: 188
Please select the Amazon EC2 resource which cannot be tagged.
A. images (AMIs, kernels, RAM disks)
B. Amazon EBS volumes
C. Elastic IP addresses
D. VPCs
Answer: C
QUESTION: 189
If your DB instance runs out of storage space or file system resources, its status
will change to and your DB Instance will no longer be available.
A. storage-overflow
B. storage-full
C. storage-exceed
D. storage-overage
Answer: B
QUESTION: 190
Are you able to integrate a multi-factor token service with the AWS Platform?
A. Yes, using the AWS multi-factor token devices to authenticate users on the
AWS platform.
B. No, you cannot integrate multi-factor token devices with the AWS platform.
C. Yes, you can integrate private multi-factor token devices to authenticate users
to the AWS platform.
Answer: A
QUESTION: 191
Multi-AZ deployment supported for Microsoft SQL Server DB Instances.
A. is not currently
B. is as of 2013
C. is planned to be in 2014
AWS-SAA
77
http://www.examarea.com
http://www.fravo.com
D. will never be
Answer: A
QUESTION: 192
You have a video transcoding application running on Amazon EC2. Each instance
polls a queue to find out which video should be transcoded, and then runs a
transcoding process. If this process is interrupted, the video will be transcoded by
another instance based on the queuing system. You have a large backlog of videos
which need to be transcoded and would like to reduce this backlog by adding
more instances. You will need these instances only until the backlog is reduced.
Which type of Amazon EC2 instances should you use to reduce the backlog in the
most cost efficient way?
A. Reserved instances
B. Spot instances
C. Dedicated instances
D. On-demand instances
Answer: B
Reference:
http://aws.amazon.com/ec2/purchasing-options/spot-instances/
QUESTION: 193
Select the correct set of options. These are the initial settings for the default
security group:
A. Allow no inbound traffic, Allow all outbound traffic and Allow instances
associated with this security group to talk to each other
B. Allow all inbound traffic, Allow no outbound traffic and Allow instances
associated with this security group to talk to each other
C. Allow no inbound traffic, Allow all outbound traffic and Does NOT allow
instances associated with this security group to talk to each other
D. Allow all inbound traffic, Allow all outbound traffic and Does NOT allow
instances associated with this security group to talk to each other
Answer: A
AWS-SAA
78
http://www.examarea.com
http://www.fravo.com
QUESTION: 194
Select the correct statement:
A. You don't need not specify the resource identifier while stopping a resource
B. You can terminate, stop, or delete a resource based solely on its tags
C. You can't terminate, stop, or delete a resource based solely on its tags
D. You don't need to specify the resource identifier while terminating a resource
Answer: C
QUESTION: 195
What happens to the I/O operations while you take a database snapshot?
A. I/O operations to the database are suspended for an hour while the backup is in
progress.
B. I/O operations to the database are sent to a Replica (if available) for a few
minutes while the backup is in progress.
C. I/O operations will be functioning normally
D. I/O operations to the database are suspended for a few minutes while the
backup is in progress.
Answer: D
QUESTION: 196
What does Amazon Cloud Formation provide?
A. The ability to setup Autoscaling for Amazon EC2 instances.
B. None of these.
C. A templated resource creation for Amazon Web Services.
D. A template to map network resources for Amazon Web Services.
Answer: C
QUESTION: 197
Through which of the following interfaces is AWS Identity and Access
Management available?
A) AWS Management Console
B) Command line interface (CLI)
C) IAM Query API
AWS-SAA
79
http://www.examarea.com
http://www.fravo.com
D) Existing libraries
A. Only through Command line interface (CLI)
B. A, B and C
C. A and C
D. All of the above
Answer: D
QUESTION: 198
True or False: Without IAM, you cannot control the tasks a particular user or
system can do and what AWS resources they might use.
A. FALSE
B. TRUE
Answer: B
QUESTION: 199
In the 'Detailed' monitoring data available for your Amazon EBS volumes,
Provisioned IOPS volumes automatically send________ minute metrics to
Amazon CloudWatch.
A. 5
B. 2
C. 1
D. 3
Answer: C
QUESTION: 200
What is the maximum response time for a Business level Premium Support case?
A. 30 minutes
B. 1 hour
C. 12 hours

D. 10 minutes
AWS-SAA
80

Answer: B
AWS-SAA
81
http://www.examarea.com
http://www.fravo.com

Link to comment
Share on other sites
maverick23 Celebrity

maverick23

Posted
Posted

Just my 2 cents,maa team lo Cloud engineer with AWS kosam chustunaam....chala profiles AWS certified vunna,they could not able to pass the interview....just AWS will not cut it for jobs

Link to comment
Share on other sites
tennisluvr LEGEND

tennisluvr

Posted
Posted
5 hours ago, maverick23 said:

Just my 2 cents,maa team lo Cloud engineer with AWS kosam chustunaam....chala profiles AWS certified vunna,they could not able to pass the interview....just AWS will not cut it for jobs

What else would they need then? 

Link to comment
Share on other sites
xxxmen LEGEND

xxxmen

Posted
Posted
15 minutes ago, tennisluvr said:

What else would they need then? 

in depth knowledge in how Iaas works(Storage/Network/Compute) aws just services interview lo mostly underlay tech gurinchi adugutaru 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...