AWS Certified Solutions Architect: Associate Exam Practice … · 2018-07-28 · AWS cloud...
Transcript of AWS Certified Solutions Architect: Associate Exam Practice … · 2018-07-28 · AWS cloud...
CopyrightNoticeAWSCertifiedSolutionsArchitectAssociatePracticeQuestionsCopyright©2018ShaunL.HummelAllRightsReserved.Nopartofthisworkmaybesold,reproducedortransmittedinanyformorbyanymeanswithoutwrittenpermissionfromtheauthor.
DisclaimerThisbookwaswrittenasastudyguideforobtainingAWScertification.Whileeveryefforthasbeenmadetomakethisbookasaccurateaspossiblenowarrantyisimplied.Theauthorshallnotbeliableorresponsibleforanylossordamagearisingfromtheinformationcontainedinthisbook.
AboutTheAuthorShaunHummelisaSeniorNetworkEngineerwith15yearsenterprisenetworkplanning,designandimplementationexperience.AuthorofAWSCertifiedSolutionsArchitectAssociate:ExamStudyNotes.
ContentsIntroduction
1.0EC2Compute2.0VirtualPrivateCloud3.0StorageServices4.0SecurityArchitecture5.0DatabaseServices6.0FaultTolerantSystems7.0DeploymentandOrchestration8.0MonitoringServicesAnswerKey
IntroductionTheskillsrequiredforinformationtechnologyarechangingrapidlywithcloudcomputingandnetworkprogrammability.Thevirtualizationofservers,applicationsandnetworkdevicesiscausinganoverlapofmanagementdomainsfornetwork,systemsandsecurityengineers.Thenetworkdevicesandapplicationsnowresideatnetworkserversasvirtualmachines(VM).Inadditionthereisashifttowardaninternet-basedconnectivitymodelthatischanginghowthenetworkismanaged.Theserver-centricarchitectureredefineshownetworkcapacityismanagedaswell.Therearenewervirtualizedmanagementsolutionshavebeendevelopedforintegratingphysicalandvirtualplatforms.Eachgroupmustdevelopnewskillsforvirtualization,server-basedtroubleshootingandcloudmanagement.Thevirtualizationofapplicationsanddevicesallowforanon-demandconnectivityandoperationalmodel.Itischaracterizedbyadynamic,elastic,scalablearchitecturethatishardwareindependent.ThenewnetworkingparadigmusesOpenAPIs,overlaysandSDNprogrammablenetworkdevices.Thevirtualizationoverlayabstractstheunderlyingnetworkinfrastructurefromtheapplicationlayer.Thevirtualizationarchitectureisnowenablingseamlessaccessandglobalconnectivityofenterpriseandclouddatacenterapplications.Theincreasingpopularityofcloudcomputingistheresultofanoperationalmodelthatnowhascompaniesmigratingdatacenterapplicationstocloudfacilities.Accordingtoastudyalmost70%ofallIPinternettrafficwillterminateatacloudfacilityby2018.AWScertificationhasbecomepopularasatrainingplatformforsystemsadministrators,engineersandarchitects.Candidatesmustanswertechnicalquestionsandhavetheskillsrequiredtoselect,deploy,integrateandmaintainAWScloudsolutions.Thestudyguideiscomprisedof300+practicequestions.AllquestionsarebasedonofficialAWScertificationguidelinesthatcoverallexamtopicsrequiredtopassAWSCertifiedSolutionsArchitectAssociateexam.
AWSCertifiedSolutionsArchitect:AssociateExamReadeachquestioncarefullyandselectthecorrectanswer/sfromtheoptionsprovided.Useatexteditor(notepad)torecordyouranswersforeachquestion.EC2ComputeQuestion1:WhatthreeattributesareselectablewhencreatinganEBSvolumeforanEC2instance?
A. volumetypeB. IOPSC. regionD. CMKE. ELBF. EIP
Question2:Youhavebeenaskedtomigratea10GBunencryptedEBSvolumetoanencryptedvolumeforsecuritypurposes.Whatarethreekeystepsrequiredaspartofthemigration?
A. pausetheunencryptedinstanceB. createanewencryptedvolumeofthesamesizeandavailabilityzoneC. createanewencryptedvolumeofthesamesizeinanyavailabilityzoneD. startconverterinstanceE. shutdownanddetachtheunencryptedinstance
Question3:WhatisEC2instanceprotection?
A. preventsAutoScalingfromselectingspecificEC2instancetobereplacedwhenscalingin
B. preventsAutoScalingfromselectingspecificEC2instancetobereplacedwhenscalingout
C. preventsAutoScalingfromselectingspecificEC2instanceforterminationwhenscalingout
D. preventsAutoScalingfromselectingspecificEC2instanceforterminationwhenscalingin
E. preventsAutoScalingfromselectingspecificEC2instanceforterminationwhenpaused
F. preventsAutoScalingfromselectingspecificEC2instanceforterminationwhenstopped
Question4:
WhattwofeaturesaresupportedwithEBSvolumeSnapshotfeature?
A. EBSreplicationacrossregions
B. EBSmulti-zonereplication
C. EBSsingleregiononly
D. fullsnapshotdataonly
E. unencryptedsnapshotonly
Question5:
WhattworesourcetagsaresupportedforanEC2instance?
A. VPCendpoint
B. EIP
C. networkinterface
D. securitygroup
E. FlowLog
Question6:
WhattwooptionsareavailabletoalerttenantswhenanEC2instanceisterminated?
A. SNS
B. CloudTrail
C. Lambdafunction
D. SQS
E. STS
Question7:
WhatclassofEC2instancetypeisrecommendedforrunningdataanalytics?
A. memoryoptimized
B. computeoptimized
C. storageoptimized
D. generalpurposeoptimized
Question8:
WhatclassofEC2instancetypeisrecommendedfordatabaseservers?
A. memoryoptimized
B. computeoptimized
C. storageoptimized
D. generalpurposeoptimized
Question9:
Whattwoattributesdistinguisheachpricingmodel?
A. reliability
B. amazonservice
C. discount
D. performance
E. redundancy
Question10:
WhatarethreestandardAWSpricingmodels?
A. elastic
B. spot
C. reserved
D. dynamic
E. demand
Question11:HowisanEBSrootvolumecreatedwhenlaunchinganEC2instancefromanewEBS-backedAMI?
A. S3template
B. originalAMI
C. snapshot
D. instancestore
Question12:
WhatAmazonAWSsourcesareavailableforcreatinganEBS-BackedLinuxAMI?(selecttwo)
A. EC2instance
B. AmazonSMS
C. VMImport/Export
D. EBSSnapshot
E. S3bucket
Question13:
Whatisrequiredtopreventaninstancefrombeinglaunchedandincurringcosts?
A. stopinstance
B. terminateinstance
C. terminateAMIandde-registerinstance
D. stopandde-registerinstance
E. stop,deregisterAMIandterminateinstance
Question14:
WhatisanEBSSnapshot?
A. backupofanEBSrootvolumeandinstancedata
B. backupofanEC2instance
C. backupofconfigurationsettings
D. backupofinstancestore
Question15:
WhereareELBandAuto-Scalinggroupsdeployedasaunifiedsolutionforhorizontalscaling?
A. databaseinstances
B. allinstances
C. webserverinstances
D. defaultVPConly
Question16:
WhatfeatureissupportedwhenattachingordetachinganEBSvolumefromanEC2instance?
A. EBSvolumecanbeattachedanddetachedtoanEC2instanceinthesameregion
B. EBSvolumecanbeattachedanddetachedtoanEC2instancethatiscross-region
C. EBSvolumecanonlybecopiedandattachedtoanEC2instancethatiscross-region
D. EBSvolumecanonlybeattachedanddetachedtoanEC2instanceinthesameAvailabilityZone
Question17:
WhattwostatementscorrectlydescribehowtoaddormodifyIAMrolestoarunningEC2instance?
A. attachanIAMroletoanexistingEC2instancefromtheEC2consoleB. replaceanIAMroleattachedtoanexistingEC2instancefromtheEC2
consoleC. attachanIAMroletotheuseraccountandrelaunchtheEC2instanceD. addtheEC2instancetoagroupwheretheroleisamember
Question18:WhatisthedefaultbehaviorforanEC2instancewhenterminated?(Selecttwo)
A. DeleteOnTerminationattributecannotbemodifiedB. EBSrootdevicevolumeandadditionalattachedvolumesaredeleted
immediatelyC. EBSdatavolumesthatyouattachatlaunchpersistD. EBSrootdevicevolumeisautomaticallydeletedwheninstance
terminates
Question19:
HowdoyoulaunchanEC2instanceafteritisterminated?(Selecttwo)
A. launchanewinstanceusingthesameAMI
B. rebootinstancefromCLI
C. launchanewinstancefromaSnapshot
D. rebootinstancefrommanagementconsole
E. contactAWSsupporttoreset
Question20:
WhatservicecanautomateEBSsnapshots(backups)forrestoringEBSvolumes?
A. CloudWatchevent
B. SNStopic
C. CloudTrail
D. AmazonInspector
E. CloudWatchalarm
Question21:
WhatwillcauseAWStoterminateanEC2instanceonlaunch?(Selecttwo)
A. securitygrouperror
B. numberofEC2instancesonAWSaccountexceeded
C. EBSvolumelimitsexceeded
D. multipleIPaddressesassignedtoinstance
E. unsupportedinstancetypeassigned
Question22:
YourecentlymadesomeconfigurationchangestoanEC2instance.YouthenlaunchedanewEC2instancefromthesameAMIhowevernoneofthesettingsweresaved.Whatisthecauseofthiserror?
A. didnotsaveconfigurationchangestoEC2instanceB. didnotsaveconfigurationchangestoAMIC. didnotcreatenewAMID. didnotrebootEC2instancetoenablechanges
Question23:WhatstatementsarecorrectconcerningDisableApiTerminationattribute?(Selecttwo)
A. cannotenableterminationprotectionforSpotinstancesB. terminationprotectionisdisabledbydefaultforanEC2instanceC. terminationprotectionisenabledbydefaultforanEC2instanceD. canenableterminationprotectionforSpotinstancesE. DisableApiTerminationattributesupportedforEBS-backedinstances
only
Question24:
WhatisrequiredtocopyanencryptedEBSsnapshotcross-account?(Selecttwo)A. copytheunencryptedEBSsnapshottoanS3bucketB. distributethecustomkeyfromCloudFrontC. sharethecustomkeyforthesnapshotwiththetargetaccountD. sharetheencryptedEBSsnapshotwiththetargetaccountE. sharetheencryptedEBSsnapshotspubliclyF. enablerootaccesssecurityonbothaccounts
Question25:
WhatthreeservicesenableSingle-AZasadefault?
A. EC2
B. ELB
C. Auto-Scaling
D. DynamoDB
E. S3
Question26:
WhatAWSserviceautomaticallypublishesaccesslogseveryfiveminutes?
A. VPCFlowLogs
B. ElasticLoadBalancer
C. CloudTrail
D. DNSRoute53
Question27:
Youhavedevelopedaweb-basedapplicationforfilesharingthatwillallowcustomerstoaccessfiles.Thereareavarietyofsizesthatincludelarger.pdfandvideofiles.Whattwosolutionstackscouldtenantsuseforanonlinefilesharingservice?(Selecttwo)
A. EC2,ELB,Auto-Scaling,S3B. Route53,Auto-Scaling,DynamoDBC. EC2,Auto-Scaling,RDSD. CloudFront
Question28:
WhatinfrastructureservicesareprovidedtoEC2instances?(Selectthree)
A. VPN
B. storage
C. compute
D. transport
E. security
F. support
Question29:
WhatstepsarerequiredfromAWSconsoletocopyanEBS-backedAMIforadatabaseinstancecross-region?
A. createSnapshotofdatavolume,selectCopy,selectdestinationregionB. selectCopyEBS-backedAMIoptionanddestinationregionC. selectcopydatabasevolumeanddestinationregionD. createSnapshotofEBS-backedAMI,selectCopySnapshotoption,
selectdestinationregionE. createSnapshotofInstance-storeAMI,selectCopyAMIoption,select
destinationregion
Question30:
Howiscapacity(compute,storageandnetworkspeed)managedandassignedtoEC2instances?
A. AMI
B. instancetype
C. IOPS
D. Auto-Scaling
Question31:
WhatstoragetypeenablepermanentattachmentofvolumestoEC2instances?
A. S3
B. RDS
C. TDS
D. EBS
E. instancestore
Question32:Whatistherecommendedmethodformigrating(copying)anEC2instancetoadifferentregion?
A. terminateinstance,selectregion,copyinstancetodestinationregionB. selectAMIassociatedwithEC2instanceanduseCopyAMIoptionC. stopinstanceandcopyAMItodestinationregionD. cross-regioncopyisnotcurrentlysupported
Question33:
WhataretwoattributesthatdefineanEC2instancetype?
A. vCPU
B. licensetype
C. EBSvolumestorage
D. IPaddress
E. Auto-Scaling
Question34:
HowisanAmazonElasticLoadBalancer(ELB)assigned?
A. perEC2instance
B. perAuto-Scalinggroup
C. persubnet
D. perVPC
Question35:
WhatmethoddetectswhentoreplaceanEC2instancethatisassignedtoanAuto-Scalinggroup?
A. healthcheck
B. loadbalancingalgorithm
C. EC2healthcheck
D. notcurrentlysupported
E. dynamicpathdetection
F. Auto-Scaling
Question36:
WhattwostatementscorrectlydescribeAuto-Scalinggroups?
A. horizontalscalingofcapacity
B. decreasenumberofinstancesonly
C. EC2instancesareassignedtoagroup
D. databaseinstancesonly
E. nosupportformultipleavailabilityzones
Question37:
WhatisthedefaultmaximumnumberofElasticIPaddressesassignableperAmazonAWSregion?
A. 1
B. 100
C. 5
D. unlimited
Question38:
HowaresnapshotsforanEBSvolumecreatedwhenitistherootdeviceforaninstance?
A. pauseinstance,unmountvolumeandsnapshot
B. terminateinstanceandsnapshot
C. unencryptvolumeandsnapshotdynamically
D. stopinstance,unmountvolumeandsnapshot
Question39:
WhatcloudcomputecomponentsareconfiguredbytenantsandnotAmazonAWSsupportengineers?(Selectthree)
A. hypervisor
B. upstreamphysicalswitch
C. virtualappliances
D. guestoperatingsystem
E. applicationsanddatabases
F. RDS
Question40:
WhatthreeattributesareusedtodefinealaunchconfigurationtemplateforanAuto-Scalinggroup?
A. instancetype
B. privateIPaddress
C. ElasticIP
D. securitygroup
E. AMI
Question41:
WhatthreecharacteristicsorlimitationsdifferentiateEC2instancetypes?
A. VPConlyB. applicationtypeC. EBSvolumeonlyD. virtualizationtypeE. AWSserviceselected
Question42:
SelecttwodifferencebetweenHVMandPVvirtualizationtypes?
A. HVMsupportsallcurrentgenerationinstancetypesB. HVMissimilartobaremetalhypervisorarchitectureC. PVprovidesbetterperformancethanHVMformostinstancetypes
D. HVMdoesn’tsupportenhancednetworkingE. HVMdoesn’tsupportcurrentgenerationinstancetypes
VirtualPrivateCloud(VPC)Question1:Whataretheminimumcomponentsrequiredtoenableaweb-basedapplicationwithpublicwebserversandaprivatedatabasetier?(Selectthree)
A. InternetgatewayB. AssignEIPaddressingtodatabaseinstancesonprivatesubnetC. VirtualprivategatewayD. AssigndatabaseinstancestoprivatesubnetandprivateIPaddressingE. AssignEIPandprivateIPaddressingtowebserversonpublicsubnet
Question2:
Refertothenetworkdrawing.Howarepacketsroutedfromprivatesubnettopublicsubnetforthefollowingweb-basedapplicationwithadatabasetier?
A. Internetgateway
B. customroutetable
C. 10.0.0.0/16
D. nat-instance-id
E. igw-id
F. addcustomroutetable
Question3:
WhatVPCcomponentprovidesNetworkAddressTranslation?
A. NATinstance
B. NATgateway
C. virtualprivategateway
D. Internetgateway
E. ECS
Question4:
WhataretheadvantagesofNATgatewayoverNATinstance?(Selecttwo)
A. NATgatewayrequiresasingleEC2instance
B. NATgatewayisscalable
C. NATgatewaytranslatesfaster
D. NATgatewaysisamanagedservice
E. NATgatewayisLinux-based
Question5:
WhatisthemanagementresponsibilityoftenantsandnotAmazonAWS?
A. EC2instances
B. RDS
C. Beanstalk
D. NATinstance
Question6:
Whattwofeaturesprovideanencrypted(VPN)connectionfromVPCtoanenterprisedatacenter?
A. Internetgateway
B. AmazonRDS
C. Virtualprivategateway
D. CSR1000Vrouter
E. NATgateway
Question7:
WhattwoattributesaresupportedwhenconfiguringanAmazonVirtualprivategateway(VPG)?
A. routepropagation
B. ElasticIP(EIP)
C. DHCP
D. publicIPv4address
E. publicsubnets
Question8:
WhattwofeaturesareavailablewithAWSDirectConnectservice?
A. internetaccess
B. extendon-premisesVLANstocloud
C. bidirectionalforwardingdetection(BFD)
D. loadbalancingbetweenDirectConnectandVPNconnection
E. publicandprivateAWSservices
Question9:
WhenisDirectConnectapreferredsolutionoverVPNIPsec?
A. fastandreliableconnection
B. redundancyisakeyrequirement
C. fastandeasytodeploy
D. layer3connectivity
E. layer2connectivity
Question10:
YouhavebeenaskedtosetupaVPCendpointconnectionbetweenVPCandS3bucketsforstoringbackupsandsnapshots.WhatAWScomponentsarecurrentlyrequiredwhenconfiguringaVPCendpoint?
A. Internetgateway
B. NATinstance
C. ElasticIP
D. privateIPaddress
Question11:
WhataretheprimaryadvantagesofVPCendpoints?(Selecttwo)
A. reliability
B. cost
C. throughput
D. security
Question12:
WhataretheDHCPoptionattributesusedtoassignprivateDNSserverstoyourVPC?
A. dnsresolutionanddomainname
B. hostnamesandinternetdomain
C. domainserversanddomainname
D. domain-name-serversanddomain-name
Question13:
WhatDNSattributesareconfiguredwhenDefaultVPCoptionisselected?
A. DNSresolution:yes/DNShostnames:yes
B. DNSresolution:yes/DNShostnames:no
C. DNSresolution:no/DNShostnames:yes
D. DNSresolution:no/DNShostnames:no
Question14:
WhatconfigurationsettingsarerequiredfromtheremoteVPCinordertocreatecross-accountpeering?(Selectthree)
A. VPCID
B. accountusername
C. accountID
D. CMKkeys
E. VPCCIDRblock
F. volumetype
Question15:
WhatCIDRblockrangeissupportedforIPv4addressingandsubnettingwithinasingleVPC?
A. /16to/32
B. /16to/24
C. /16to/28
D. /16to/20
Question16:WhatproblemiscausedbythefactthatVPCpeeringdoesnotpermittransitiverouting?
A. additionalVPCroutetablestomanageB. virtualprivategatewayisrequiredC. InternetgatewayisrequiredforeachVPCD. routingbetweenconnectedspokesthroughhubVPCiscomplexE. increasednumberofpeerlinksrequired
Question17:
WhattwostatementscorrectlydescribesElasticLoadBalanceroperation?
A. spansmultipleregions
B. assignedperEC2instance
C. assignedpersubnet
D. assignedperAuto-Scalinggroup
E. nocross-regionsupport
Question18:
WhataretwoadvantagesofElasticIP(EIP)overAWSpublicIPv4addresses?
A. EIPcanbereassigned
B. EIPisprivate
C. EIPisdynamic
D. EIPispersistent
E. EIPispublicandprivate
Question19:
WhatAWSservicesaregloballymanaged?(Selectfour)
A. IAM
B. S3
C. CloudFront
D. Route53
E. DynamoDB
F. WAF
G. ELB
Question20:
WhatmethodsareavailableforcreatingaVPC?(Selectthree)
A. AWSmanagementconsole
B. AWSmarketplace
C. VPCwizard
D. VPCconsole
E. DirectConnect
Question21:WhattwodefaultsettingsareconfiguredfortenantsbyAWSwhenDefaultVPCoptionisselected?
A. createsasize/20defaultsubnetineachAvailabilityZoneB. createsanInternetgatewayC. createsamainroutetablewithlocalroute10.0.0.0/16D. createavirtualprivategatewayE. createasecuritygroupthatexplicitlydeniesalltraffic
Question22:
WhatthreestatementscorrectlydescribesIPaddressallocationwithinaVPC?A. EC2instancemustbeterminatedtoreassignanIPaddressB. EC2instancethatispausedcanreassignIPaddressC. EC2instancethatisstoppedcanreassignIPaddressD. privateIPaddressesareallocatedfromapoolandcanbereassignedE. privateIPaddressescanbeassignedbytenantF. VPCsupportsdualstackmode(IPv4/IPv6)
Question23:
WhataretwoadvantagesofselectingdefaulttenancyoptionforyourVPCwhencreatingit?
A. performanceandreliability
B. someAWSservicesdonotworkwithadedicatedtenancyVPC
C. tenantcanlaunchinstanceswithinVPCasdefaultordedicatedinstances
D. instancelaunchisfaster
Question24:WhatisthepurposeofalocalroutewithinaVPCroutetable?
A. localrouteisderivedfromthedefaultVPCCIDRblock10.0.0.0/16B. communicatebetweeninstanceswithinthesamesubnetordifferent
subnetsC. usedtocommunicatebetweeninstanceswithinthesamesubnetD. defaultrouteforcommunicatingbetweenprivateandpublicsubnetsE. onlyinstalledinthemainroutetable
Question25:
WhatisthedefaultbehaviorwhenaddinganewsubnettoyourVPC?(Selecttwo)
A. newsubnetisassociatedwiththemainroutetableB. newsubnetisassociatedwiththecustomroutetableC. newsubnetisassociatedwithanyselectedroutetableD. newsubnetisassignedtothedefaultsubnetE. newsubnetisassignedfromtheVPCCIDRblock
Question26:YouhaveenabledAmazonRDSdatabaseservicesinVPC1foranapplicationthathaspublicwebserversinVPC2.HowdoyouconnectthewebserverstotheRDSdatabaseinstancesotheycancommunicateconsideringtheVPC'sareinthesameregion?
A. VPCendpointsB. VPNgatewayC. path-basedroutingD. VPCpeeringE. AWSNetworkLoadBalancer
Question27:
WhatAWSservicesnowsupportVPCendpointsfeatureforoptimizingsecurity?(Selectthree)
A. Kinesis
B. DNSRoute53
C. S3
D. DynamoDB
E. RDS
Question28:
WhatarethreecharacteristicsofanAmazonVirtualPrivateCloud?
A. publicandprivateIPaddressing
B. broadcasts
C. multipleprivateIPaddressespernetworkinterface
D. dedicatedsingletenanthardwareonly
E. persistentpublicIPaddresses
F. HSRP
Question29:WhatisthedifferencebetweenVPCmainroutetableandcustomroutetable?
A. VPConlycreatesamainroutetablewhenstartedB. customroutetableisthedefaultC. customroutetableiscreatedforpublicsubnetsD. customroutetableiscreatedforprivatesubnetsE. mainroutetableiscreatedforpublicandprivatesubnets
Question30:
WhatisthepurposeofthenativeVPCrouter?
A. routepacketsacrosstheinternet
B. routepacketsbetweenprivatecloudinstances
C. routepacketsbetweensubnets
D. routepacketsfrominstancestoS3storagevolumes
E. routepacketsacrossVPN
Question31:
HowareprivateDNSserversassignedtoanAmazonVPC?
A. notsupported
B. selectnondefaultVPC
C. selectdefaultVPC
D. selectEC-2classic
Question32:
WhataretwocharacteristicsofanAmazonsecuritygroup?
A. instancelevelpacketfiltering
B. denyrulesonly
C. permitrulesonly
D. subnetlevelpacketfiltering
E. inboundonly
Question33:
WhatstatementistrueofNetworkAccessControlLists(ACL)operationwithinanAmazonVPC?
A. instanceandsubnetlevelpacketfiltering
B. subnetlevelpacketfiltering
C. inboundonly
D. onlyoneACLallowedperVPC
E. outboundonly
Question34:
HowarepacketsforwardedbetweenpublicandprivatesubnetswithinVPC?
A. EIP
B. NAT
C. mainroutetable
D. VPN
Question35:
WhattwostatementsaccuratelydescribeAmazonVPCarchitecture?
A. ElasticLoadBalancer(ELB)cannotspanmultipleavailabilityzones
B. VPCdoesnotsupportDMVPNconnection
C. VPCsubnetcannotspanmultipleavailabilityzones
D. VPCcannotspanmultipleregions
E. FlowlogsarenotsupportedwithinaVPC
Question36:
WhatisarequirementforattachingEC2instancestoon-premisesclientsandapplications?
A. AmazonVirtualPrivateGateway(VPN)
B. AmazonInternetGateway
C. VPNConnection
D. ElasticLoadBalancer(ELB)
E. NAT
Question37:
WhattwostatementscorrectlydescribeAmazonvirtualprivategateway?
A. assigntoprivatesubnetsonly
B. assigntopublicsubnetsonly
C. singlevirtualprivategatewayperVPC
D. multiplevirtualprivategatewaysperVPC
E. singlevirtualprivategatewayperregion
Question38:
WhatisthemaximumaccessportspeedavailablewithAmazonDirectConnectservice?
A. 1Gbps
B. 10Gbps
C. 500Mbps
D. 100Gbps
E. 100Mbps
Question39:
Refertothedrawing.YourcompanyhasaskedyoutoconfigureapeeringlinkbetweentwoVPCsthatarecurrentlynotconnectedorexchanginganypackets.WhatdestinationandtargetisconfiguredintheroutingtableofVPC1toenablepacketforwardingtoVPC2?
A.destination=172.16.0.0/16target=pcx-vpc2vpc1
B.destination=10.0.0.0/16target=pcx-vpc2
C.destination=172.16.0.0/16target=10.0.0.0/16
D.destination=172.16.0.0/16target=pcx-vpc1vpc2
E.defaultrouteonly
Question40:
HowisroutingenabledbydefaultwithinaVPCforanEC2instance?
A. addadefaultroute
B. mainroutetable
C. customroutetable
D. mustbeconfiguredexplicitly
Question41:
WhatthreefeaturesarenotsupportedwithVPCpeering?
A. overlappingCIDRblocks
B. IPv6addressing
C. Gateways
D. transitiverouting
E. RedShift
F. ElastiCache
Question42:
WhatrouteisusedinaVPCroutingtableforpacketforwardingtoaGateway?
A. staticroute
B. 10.0.0.0/16
C. tenantconfigured
D. 0.0.0.0/0
E. 0.0.0.0/16
Question43:Youareaskedtodeployawebapplicationcomprisedofmultiplepublicwebserverswithonlyprivateaddressingassigned.WhatAmazonAWSsolutionsenablesmultipleserversonaprivatesubnetwithonlyasingleEIPrequiredandAvailabilityZoneredundancy?
A. NATinstanceB. InternetgatewayC. virtualprivategatewayD. NATgatewayE. ElasticNetworkInterface(ENI)
Question44:
WhatistheIPaddressingschemaassignedtoadefaultVPC?
A. 172.31.0.0/16CIDRblocksubnettedwith172.31.0.0/20
B. 172.16.0.0/16CIDRblocksubnettedwith172.16.0.0/24
C. 10.0.0.0/16CIDRblocksubnettedwith10.0.0.0/24
D. 172.16.0.0/24CIDRblocksubnettedwith172.31.0.0/18
Question45:
WhatdefaultconfigurationandcomponentsareaddedbyAWSwhenDefaultVPCtypeisselected?(Selectthree)
A. Internetgateway
B. virtualprivategateway
C. NATinstance
D. securitygroup
E. DNS
Question46:
Whatfeaturerequirestenantstodisablesource/destinationcheck?
A. ElasticIP(EIP)
B. datareplication
C. VPCpeering
D. NAT
E. Internetgateway
StorageServicesQuestion1:
WhatAWSstoragesolutionallowsthousandsofEC2instancestosimultaneouslyupload,access,deleteandsharefiles?
A. EBS
B. S3
C. Glacier
D. EFS
Question2:
WhatisrequiredforanEFSmounttarget?(Selecttwo)
A. EIP
B. DNSname
C. IPaddress
D. DHCP
E. IAMrole
Question3:
Whatconnectivityfeaturesarerecommendedforcopyingon-premisesfilestoEFS?(Selecttwo)
A. VPNIPsec
B. InternetGateway
C. DirectConnect
D. FileSync
E. FTP
F. AWSStorageGateway
Question4:
WhatAWSservicesencryptsdataatrestbydefault?(Selecttwo)
A. S3
B. AWSStorageGateway
C. EBS
D. Glacier
E. RDS
Question5:
WhatfaulttolerantfeaturesdoesS3storageprovide?(Selectthree)
A. cross-regionreplication
B. versioningmustbedisabled
C. cross-regionasynchronousreplicationofobjects
D. synchronousreplicationofobjectswithinaregion
E. multipledestinationbuckets
Question6:
Whatisthefastesttechniquefordeleting900objectsinanS3bucketwithasingleHTTPrequest?
A. Multi-PartDeleteAPI
B. Multi-ObjectDeleteAPI
C. 100objectsismaximumperrequest
D. Fast-DeleteAPI
Question7:
WhatsecuritycontrolstechniqueisrecommendedforS3cross-accountaccess?
A. IAMgroup
B. securitygroups
C. S3ACL
D. bucketpolicies
Question8:
Whataretwoadvantagesofcross-regionreplicationofanS3bucket?
A. cost
B. securitycompliance
C. scalability
D. Beanstalksupport
E. minimizelatency
Question9:
WhataretwoprimarydifferencebetweenAmazonS3StandardandS3/RRSstorageclasses?
A. AmazonStandarddoesnotreplicateatall
B. RRSprovideshigherdurability
C. RRSprovideshigheravailability
D. RRSdoesnotreplicateobjectsasmanytimes
E. applicationusageisdifferent
Question10:
WhattwofeaturesareenabledwithS3services?
A. storeobjectsofanysize
B. dynamicwebcontent
C. supportsProvisionedIOPS
D. storevirtuallyunlimitedamountsofdata
E. bucketnamesaregloballyunique
Question11:
WhatnewfeaturewasrecentlyaddedtoSQSthatdefineshowmessagesareordered?
A. streams
B. SNS
C. FIFO
D. TLS
E. decoupling
Question12:
WhattwoAWSstoragetypesarepersistent?
A. ephemeral
B. S3
C. EBS
D. instancestore
E. SAML
Question13:
Selectthreeon-premisesbackupsolutionsusedforcopyingdatatoanAmazonAWSS3bucket?
A. AWSImport/Export
B. RDS
C. Snowball
D. AvailabilityZone(AZ)replication
E. AWSStorageGateway
Question14:
Youhave1TBofdataandwanttoarchivethedatathatwon'tbeaccessedthatoften.WhatAmazonAWSstoragesolutionisrecommended?
A. Glacier
B. EBS
C. ephemeral
D. CloudFront
Question15:
WhatarethreemethodsofaccessingDynamoDBforcustomizationpurposes?
A. CLI
B. AWSconsole
C. APIcall
D. vCenter
E. Beanstalk
Question16:
WhataretwoprimarydifferencesbetweenGlacierandS3storageservices?
A. Glacierislowercost
B. S3islowercost
C. Glacierispreferredforfrequentdataaccesswithlowerlatency
D. S3ispreferredforfrequentdataaccesswithlowerlatency
E. S3supportslargerfilesize
Question17:
WhatstatementcorrectlydescribestheoperationofAWSGlacierarchive?
A. archiveisagroupofvaults
B. archiveisanunencryptedvault
C. archivesupportsaggregatedfilesonly
D. maximumfilesizeis1TB
E. archivesupportssingleandaggregatedfiles
Question18:WhatarethreeprimarydifferencesbetweenS3vsEBS?
A. S3isamulti-purposepublicinternet-basedstorageB. EBSisdirectlyassignedtoatenantVPCEC2instanceC. EBSandS3providepersistentstorageD. EBSsnapshotsaretypicallystoredonS3bucketsE. EBSandS3usebucketstomanagefilesF. EBSandS3arebasedonblocklevelstorage
Question19:
Whaton-premisessolutionisavailablefromAmazonAWStominimizelatencyforalldata?
A. Gateway-VTL
B. Gateway-cachedvolumes
C. Gateway-storedvolumes
D. EBS
E. S3bucket
F. ElastiCache
Question20:
WhatfeaturetransitionsS3storagetoStandard-IAforcostoptimization?
A. RRS/S3
B. Glaciervault
C. storageclassanalysis
D. path-basedrouting
Question21:
HowdoesAWSuniquelyidentifyS3objects?
A. bucketname
B. version
C. key
D. objecttag
Question22:
Whatistheadvantageofread-after-writeconsistencyforS3buckets?
A. nostalereadsforPUTofanynewobjectinallregions
B. higherthroughputforallrequests
C. stalereadsforPUTrequestsinsomeregions
D. nostalereadsforGETrequestsinasingleregions
Question23:
WhatisthemaximumsinglefileobjectsizesupportedwithAmazonS3?
A. 5GB
B. 5TB
C. 1TB
D. 100GB
Question24:
WhatsecurityproblemissolvedbyusingCross-OriginResourceSharing(CORS)?
A. enableHTTPrequestsfromwithinscriptstoadifferentdomain
B. enablesharingofweb-basedfilesbetweendifferentbuckets
C. providesecurityforthirdpartyobjectswithinAWS
D. permitssharingobjectsbetweenAWSservices
Question25:
Whatisrecommendedformigrating40TBofdatafromon-premisestoS3whentheinternetlinkisoftenoverutilized?
A. AWSStoragegateway
B. AWSSnowball
C. AWSImport/Export
D. AWSElasticFileSystem
E. AWSElasticsearch
F. AWSMulti-PartUploadAPI
Question26:
YourcompanyispublishinganonlinecatalogofbooksthatiscurrentlyusingDynamoDBforstoringtheinformationassociatedwitheachitem.Thereisarequirementtoaddimagesforeachbook.Whatsolutionismostcosteffectiveanddesignedforthatpurpose?
A. RedShiftB. EBSC. RDSD. S3E. Kinesis
Question27:
Youhaveanapplicationthatcollectsmonitoringdatafrom10,000sensors(IoT)deployedintheUSA.Thedatapointsarecomprisedofvideoeventsforhomesecurityandenvironmentstatusalerts.TheapplicationwillbedeployedtoAWSwithEC2instancesasdatacollectors.WhatAWSstorageserviceispreferredforstoringvideofilesfromsensors?
A. RedShiftB. RDSC. S3D. DynamoDB
SecurityArchitectureQuestion1:
WhatstatementscorrectlydescribesecuritygroupswithinaVPC?(Selectthree)
A. defaultsecuritygrouponlypermitinboundtraffic
B. securitygroupsarestatefulfirewalls
C. onlyallowrulesaresupported
D. allowanddenyrulesaresupported
E. securitygroupsareassociatedtonetworkinterfaces
Question2:
Whatthreeitemsarerequiredtoconfigureasecuritygrouprule?
A. protocoltype
B. VPCname
C. portnumber
D. sourceIP
E. destinationIP
F. description
Question3:
WhattwosourceIPaddresstypesarepermittedinasecuritygrouprule?
A. onlyCIDRblockswith/16subnetmask
B. sourceIPaddress0.0.0.0/0
C. singlesourceIPaddresswith/24subnetmask
D. securitygroupid
E. IPv6addresswith/64prefixlength
Question4:
WhatprotocolsmustbeenabledforremoteaccesstoLinux-basedandWindows-basedEC2instances?
A. SSH,ICMP,Telnet
B. SSH,HTTP,RDP
C. SSH,HTTP,SSL
D. SSH,RDP,ICMP
Question5:
DistinguishnetworkACLsfromsecuritygroupswithinaVPC?(Selectthree)
A. ACLfiltersatthesubnetlevel
B. ACLisbasedondenyrulesonly
C. ACLisappliedtoinstancesandsubnets
D. ACLisstateless
E. ACLsupportsanumberedlistforfiltering
Question6:WhathappenstothesecuritypermissionsofatenantwhenanIAMroleisgranted?(Selecttwo)
A. tenantinheritsonlypermissionsassignedtotheIAMroletemporarilyB. addsecuritypermissionsoftheIAMroletoexistingpermissionsC. previoussecuritypermissionsarenolongerineffectD. previoussecuritypermissionsaredeletedunlessreconfiguredE. tenantinheritsonlyreadpermissionsassignedtotheIAMrole
Question7:
WhereareIAMpermissionsgrantedtoinvokeandexecuteaLambdafunctionforS3access?(Selecttwo)
A. S3bucket
B. EC2instance
C. Lambdafunction
D. IAMrole
E. eventmapping
Question8:
YouhavesomedevelopersworkingoncodeforanapplicationandtheyrequiretemporaryaccesstoAWSclouduptoanhour.Whatistheeasiestweb-basedsolutionfromAWStoprovidesaccessandminimizesecurityexposure?
A. ACL
B. securitygroup
C. IAMgroup
D. STS
E. EFS
Question9:
WhattwomethodsareusedtorequesttemporarycredentialsbasedonAWSSecurityTokenService(STS)?
A. WebIdentityFederation
B. LDAP
C. IAMidentity
D. dynamicACL
E. privatekeyrotation
Question10:
WhattwocomponentsarerequiredforenablingSAMLauthenticationrequeststoAWSIdentityandAccessManagement(IAM)?
A. accesskeys
B. sessiontoken
C. SSO
D. identityprovider(IdP)
E. SAMLproviderentity
Question11:
WhataretworeasonsfordeployingOriginAccessIdentity(OAI)whenenablingCloudFront?
A. preventusersfromdeletingobjectsinS3bucketsB. mitigatedistributeddenialofserviceattacks(DDoS)C. preventusersfromaccessingobjectswithAmazonS3URLD. preventusersfromaccessingobjectswithCloudFrontURLE. replaceIAMforinternet-basedcustomerauthentication
Question12:
WhatsolutionsarerecommendedtomitigateDDoSattacks?(Selectthree)
A. host-basedfirewall
B. elasticloadbalancer
C. WAF
D. SSL/TLS
E. Bastionhost
F. NATgateway
Question13:
WhatfeaturesarerequiredtopreventusersfrombypassingAWSCloudFrontsecurity?(Selectthree)
A. Bastionhost
B. signedURL
C. IPwhitelist
D. signedcookies
E. originaccessidentity(OAI)
Question14:
Whatistheadvantageofresource-basedpoliciesforcross-accountaccess?
A. trustedaccountpermissionsarenotreplaced
B. trustedaccountpermissionsarereplaced
C. resource-basedpoliciesareeasiertodeploy
D. trustingaccountmanagesallpermissions
Question15:
SelectthreerequirementsforconfiguringaBastionhost?
A. EIP
B. SSHinboundpermission
C. defaultroute
D. CloudWatchlogsgroup
E. VPN
F. Auto-Scaling
Question16:
WhatrulemustbeaddedtothesecuritygroupassignedtoamounttargetinstancethatenablesEFSaccessfromanEC2instance?
A. Type=EC2,protocol=IP,port=2049,source=remotesecuritygroupid
B. Type=EC2,protocol=EFS,port=2049,source=0.0.0.0/0C. Type=NFS,protocol=TCP,port=2049,source=remotesecurity
groupidD. Type=NFSv4,protocol=UDP,port=2049,source=remotesecurity
groupid
Question17:
WhatstatementcorrectlydescribesIAMarchitecture?A. IAMsecurityisunifiedperregionandreplicatedbasedonrequirements
foranAWStenantaccountB. IAMsecurityisdefinedperregionforrolesonlyonanAWStenant
accountC. IAMsecurityisgloballyunifiedacrosstheAWScloudforanAWS
tenantaccountD. IAMsecurityisdefinedseparatelyperregionandcross-regionsecurity
enabledforanAWStenantaccount
Question18:
Whataretwoadvantagesofcustomer-managedencryptionkeys(CMK)?
A. createandrotateencryptionkeys
B. AES-128cipherfordataatrest
C. auditencryptionkeys
D. encryptsdatain-transitforserver-sideencryptiononly
Question19:
WhatfeatureisnotavailablewithAWSTrustedAdvisor?
A. costoptimization
B. infrastructurebestpractices
C. vulnerabilityassessment
D. monitorapplicationmetrics
Question20:
WhatisrequiredtoPingfromasourceinstancetoadestinationinstance?A.NetworkACL:notrequiredSecurityGroup:allowICMPoutboundonsource/destinationEC2instancesB.NetworkACL:allowICMPinbound/outboundonsource/destinationsubnetsSecurityGroup:notrequiredC.NetworkACL:allowICMPinbound/outboundonsource/destinationsubnetsSecurityGroup:allowICMPoutboundonsourceEC2instanceSecurityGroup:allowICMPinboundondestinationEC2instanceD.NetworkACL:allowTCPinbound/outboundonsource/destinationsubnetsSecurityGroup:allowTCPandICMPinboundonsourceEC2instance
Question21:
Whattwostepsarerequiredtograntcross-accountpermissionsbetweenAWSaccounts?
A. createanIAMuser
B. attachatrustpolicytoS3
C. createatransitivepolicy
D. attachatrustpolicytotherole
E. createanIAMrole
Question22:YouhaveconfiguredasecuritygrouptoallowICMP,SSHandRDPinboundandassignedthesecuritygrouptoallinstancesinasubnet.ThereisnoaccesstoanyLinux-basedorWindows-basedinstancesandyoucannotPinganyinstances.ThenetworkACLforthesubnetisconfiguredtoallowallinboundtraffictothesubnet.Whatisthemostprobablecause?
A. on-premisesfirewallrulesB. securitygroupandnetworkACLoutboundrulesC. networkACLoutboundrulesD. securitygroupoutboundrulesE. Bastionhostrequired
Question23:
WhatthreetechniquesprovideauthenticationsecurityonS3volumes?
A. bucketpolicies
B. networkACL
C. IdentityandAccessManagement(IAM)
D. encryption
E. AES256
Question24:WhatstatementcorrectlydescribessupportforAWSencryptionofS3objects?
A. tenantsmanageencryptionforserver-sideencryptionofS3objectsB. Amazonmanagesencryptionforserver-sideencryptionofS3objectsC. client-sideencryptionofS3objectsisnotsupportedD. S3bucketsareencryptedonlyE. SSLisonlysupportedwithGlacierstorage
Question25:
WhatauthenticationmethodprovidesFederatedSingleSign-On(SSO)forcloudapplications?
A. ADS
B. ISE
C. RADIUS
D. TACACS
E. SAML
Question26:
BasedontheAmazonsecuritymodel,whatinfrastructureconfigurationandassociatedsecurityistheresponsibilityoftenantsandnotAmazonAWS?(Selecttwo)
A. dedicatedcloudserver
B. hypervisor
C. operatingsystemlevel
D. applicationlevel
E. upstreamphysicalswitch
Question27:
WhatsecurityauthenticationisrequiredbeforeconfiguringormodifyingEC2instances?(Selectthree)
A. authenticationattheoperatingsystemlevel
B. EC2instanceauthenticationwithasymmetrickeys
C. authenticationattheapplicationlevel
D. Telnetusernameandpassword
E. SSH/RDPsessionconnection
Question28:
WhatfeatureispartofAmazonTrustedAdvisor?
A. securitycompliance
B. troubleshootingtool
C. EC2configurationtool
D. securitycertificates
Question29:
WhataretwobestpracticesforaccountmanagementwithinAmazonAWS?A. donotuserootaccountforcommonadministrativetasksB. createasingleAWSaccountwithmultipleIAMusersthathaveroot
privilegeC. createmultipleAWSaccountswithmultipleIAMusersperAWS
accountD. userootaccountforalladministrativetasksE. createmultiplerootuseraccountsforredundancy
Question30:
WhatAWSfeatureisrecommendedforoptimizingdatasecurity?
A. Multi-factorauthentication
B. usernameandencryptedpassword
C. Two-factorauthentication
D. SAML
E. FederatedLDAP
Question31:
WhatIAMclassenablesanEC2instancetoaccessafileobjectinanS3bucket?
A. user
B. root
C. role
D. group
Question32:
Whatarethreerecommendedsolutionsthatprovideprotectionandmitigationfromdistributeddenialofservice(DDoS)attacks?
A. securitygroups
B. CloudWatch
C. encryption
D. WAF
E. datareplication
F. Auto-Scaling
Question33:
WhatarethreerecommendedbestpracticeswhenconfiguringIdentityandAccessManagement(IAM)securityservices?
A. LockordeleteyourrootaccesskeyswhennotrequiredB. IAMgroupsarenotrecommendedforstoragesecurityC. createanIAMuserwithadministratorprivilegesD. shareyourpasswordand/oraccesskeyswithmembersofyourgroup
onlyE. deleteanyAWSaccountwheretheaccesskeysareunknown
Question34:
WhattwofeaturescreatesecurityzonesbetweenEC2instanceswithinaVPC?
A. securitygroups
B. VirtualSecurityGateway
C. networkACL
D. WAF
Question35:
WhatAWSserviceprovidesvulnerabilityassessmentservicestotenantswithinthecloud?
A. AmazonWAFB. AmazonInspectorC. AmazonCloudLogicD. AmazonTrustedAdvisor
Question36:
WhataretwoprimarydifferencesbetweenADConnectorandSimpleADforclouddirectoryservices?
A. SimpleADrequiresanon-premisesADSdirectoryB. SimpleADisfullymanagedandsetupinminutesC. ADConnectorrequiresanon-premisesADSdirectoryD. SimpleADismorescalablethanADConnectorE. SimpleADprovidesenhancedintegrationwithIAM
DatabaseServicesQuestion1:
Howisloadbalancingenabledformultipletaskstothesamecontainerinstance?
A. path-basedrouting
B. reverseproxy
C. NAT
D. dynamicportmapping
E. dynamiclisteners
Question2:
WhatencryptionsupportisavailablefortenantsthataredeployingAWSDynamoDB?
A. server-sideencryption
B. client-sideencryption
C. client-sideandserver-sideencryption
D. encryptionnotsupported
E. blocklevelencryption
Question3:
WhatarethreeprimaryreasonsfordeployingElastiCache?
A. datasecurity
B. managedservice
C. replicationwithRedis
D. durability
E. lowlatency
Question4:
Whatservicedoesnotsupportsessiondatapersistencestoretoenableweb-basedstatefulapplications?
A. RDS
B. Memcached
C. DynamoDB
D. Redis
E. RedShift
Question5:
HowdoesMemcachedimplementhorizontalscaling?
A. Auto-Scaling
B. databasestore
C. partitioning
D. EC2instances
E. S3bucket
Question6:
WhattwooptionsareavailablefortenantstoaccessElastiCache?
A. VPCpeeringlink
B. EC2instances
C. EFSmount
D. cross-regionVPC
Question7:
Whattwostatementscorrectlydescribein-transitencryptionsupportonElastiCacheplatform?
A. notsupportedforElastiCacheplatform
B. supportedonRedisreplicationgroup
C. encryptscacheddataatrest
D. notsupportedonMemcachedcluster
E. IPsecmustbeenabledfirst
Question8:
WhatAmazonAWSplatformisdesignedforcomplexanalyticsofavarietyoflargedatasetsbasedoncustomcode.Theapplicationsincludemachinelearninganddatatransformation?
A. EC2
B. Beanstalk
C. Redshift
D. EMR
Question9:
WhataretwoprimaryadvantagesofDynamoDB?
A. SQLsupport
B. managedservice
C. performance
D. CloudFrontintegration
Question10:
WhattwofaulttolerantfeaturesdoesAmazonRDSsupport?
A. copysnapshottoadifferentregion
B. createreadreplicatoadifferentregion
C. copyunencryptedread-replicaonly
D. copyread/writereplicaandsnapshot
Question11:
WhatmanagedservicesareincludedwithAmazonRDS?(selectfour)
A. assignnetworkcapacitytodatabaseinstances
B. installdatabasesoftware
C. performregularbackups
D. datareplicationacrossmultipleavailabilityzones
E. datareplicationacrosssingleavailabilityzoneonly
F. configuredatabase
G. performancetuning
Question12:
Whattwoconfigurationfeaturesarerequiredtocreateaprivatedatabaseinstance?
A. securitygroup
B. networkACL
C. CloudWatch
D. ElasticIP(EIP)
E. NondefaultVPC
F. DNS
Question13:
Whatstoragetypeisrecommendedforanonlinetransactionprocessing(OLTP)applicationdeployedtoMulti-AZRDSwithsignificantworkloads?
A. GeneralPurposeSSD
B. Magnetic
C. EBSvolumes
D. ProvisionedIOPS
Question14:
WhatfeaturesaresupportedwithAmazonRDS?(Selectthree)
A. horizontalscalingwithmultiplereadreplicas
B. elasticloadbalancingRDSreadreplicas
C. replicatereadreplicascross-region
D. automaticfailovertomasterdatabaseinstance
E. applicationloadbalancer(ALB)
Question15:
WhatarethreeadvantagesofstandbyreplicainaMulti-AZRDSdeployment?
A. faulttolerance
B. eliminateI/Ofreezes
C. horizontalscaling
D. verticalscaling
E. dataredundancy
Question16:
WhatconsistencymodelisthedefaultusedbyDynamoDB?
A. stronglyconsistent
B. eventuallyconsistent
C. nodefaultmodel
D. casualconsistency
E. sequentialconsistency
Question17:
WhatdoesRDSusefordatabaseandlogstorage?
A. EBS
B. S3
C. instancestore
D. localstore
E. SSD
Question18:
WhatstatementscorrectlydescribesupportforMicrosoftSQLServerwithinAmazonVPC?(Selectthree)
A. read/writereplica
B. readreplicaonly
C. verticalscaling
D. nativeloadbalancing
E. EBSstorageonly
F. S3storageonly
Question19:
SelecttwofeaturesavailablewithAmazonRDSforMySQL?
A. Auto-Scaling
B. readrequeststostandbyreplicas
C. real-timedatabasereplication
D. activereadrequestsonly
Question20:
WhataretwocharacteristicsofAmazonRDS?
A. databasemanagedservice
B. NoSQLqueries
C. nativeloadbalancer
D. databasewritereplicas
E. automaticfailoverofreadreplica
Question21:
WhatcachingenginesaresupportedwithAmazonElastiCache?(Selecttwo)
A. HAProxy
B. Route53
C. RedShift
D. Redis
E. Memcached
F. CloudFront
Question22:
WhatarethreeprimarycharacteristicsofDynamoDB?
A. lessscalablethanRDS
B. staticcontent
C. storemetadataforS3objects
D. replicationtothreeAvailabilityZones
E. highread/writethroughput
Question23:
WhatarethreeexamplesofusingLambdafunctionstomovedatabetweenAWSservices?
A. readdatadirectlyfromDynamoDBstreamstoRDSB. readdatafromKinesisstreamandwritedatatoDynamoDBC. readdatafromDynamoDBstreamtoFirehoseandwritetoS3D. readdatafromS3andwritemetadatatoDynamoDBE. readdatafromKinesisFirehosetoKinesisdatastream
Question24:YouhaveenabledAmazonRDSdatabaseservicesinVPC1foranapplicationwithpublicwebserversinVPC2.HowdoyouconnectthewebserverstotheRDSdatabaseinstancesotheycancommunicateconsideringtheVPC'sareindifferentregions?
A. VPCendpointsB. VPNgatewayC. path-basedroutingD. publiclyaccessibledatabaseE. VPCpeering
Question25:
YouhavearequirementtocreateanindextosearchcustomerobjectsstoredinS3buckets.ThesolutionshouldenableyoutocreateametadatasearchindexforeachobjectstoredtoanS3bucket.Selectthemostscalableandcosteffectivesolution?
A. RDS,ElastiCacheB. DynamoDB,LambdaC. RDS,EMR,ALBD. RedShift
Question26:WhatarethreeadvantagesofusingDynamoDBoverS3forstoringIoTsensordatawherethereare100,000datapointsamplessentperminute?
A. S3mustcreateasinglefileforeacheventB. IoTcanwritedatadirectlytoDynamoDBC. DynamoDBprovidesfastread/writestoastructuredtableforqueriesD. DynamoDBisdesignedforfrequentaccessandfastlookupofsmall
recordsE. S3isdesignedforfrequentaccessandfastlookupofsmallerrecordsF. IoTcanwritedatadirectlytoS3
Question27:
Yourcompanyisaproviderofonlinegamingthatcustomersaccesswithvariousnetworkaccessdevicesincludingmobilephones.Whatisadatawarehousingsolutionsforlargeamountsofinformationonplayerbehavior,statisticsandeventsforanalysisusingSQLtools?
A. RedShiftB. DynamoDBC. RDSD. DynamoDBE. Elasticsearch
Question28:WhattwostatementsarecorrectwhencomparingElasticsearchandRedShiftasanalyticaltools?
A. ElasticsearchisatextsearchengineanddocumentindexingtoolB. RedShiftsupportscomplexSQL-basedquerieswithPetabytesizeddata
storeC. ElasticsearchsupportsSQLqueriesD. RedShiftprovidesonlybasicanalyticalservicesE. ElasticsearchdoesnotsupportJSONdatatype
Question29:
Whathappenswhenreadorwriterequestsexceedcapacityunits(throughputcapacity)foraDynamoDBtableorindex?(Selecttwo)
A. DynamoDBautomaticallyincreasesread/writeunitsB. DynamoDBcanthrottlerequestssothatrequestsarenotexceededC. HTTP400codeisreturned(BadRequest)D. HTTP500codeisreturned(ServerError)E. DynamoDBautomaticallyincreasesread/writeunitsifprovisioned
throughputisenabled
Question30:
WhatreadconsistencymethodprovideslowerlatencyforGetItemrequests?
A. stronglypersistentB. eventuallyconsistentC. stronglyconsistentD. writeconsistent
Question31:
YoumustspecifystronglyconsistentreadandwritecapacityforyourDynamoDBdatabase.Youhavedeterminedreadcapacityof128Kbpsandwritecapacityof25Kbpsisrequiredforyourapplication.WhatisthereadandwritecapacityunitsrequiredforDynamoDBtable?
A. 32readunits,25writeunitsB. 1readunit,1writeunitC. 16readunits,2.5writeunitsD. 64readunits,10writeunits
Question32:
WhatDynamoDBcapacitymanagementtechniqueisbasedonthetenantspecifyinganupperandlowerrangeforread/writecapacityunits?
A. demandB. provisionedthroughputC. reservedcapacityD. autoscalingE. generalpurpose
Question33:
WhatisthemaximumvolumesizeofaMySQLRDSdatabase?
A. 6TBB. 3TBC. 16TBD. unlimited
Question34:
WhatisthemaximumsizeofaDynamoDBrecord(item)?
A. 400KBB. 64KBC. 1KBD. 10KB
FaultTolerantSystemsQuestion1:
WhattwofeaturesdescribeanApplicationLoadBalancer(ALB)?
A. dynamicportmapping
B. SSLlistener
C. layer7loadbalancer
D. backendserverauthentication
E. multi-regionforwarding
Question2:
Whatenablesloadbalancingbetweenmultipleapplicationsperloadbalancer?
A. listeners
B. stickysessions
C. path-basedrouting
D. backendserverauthentication
Question3:
WhatthreefeaturesarecharacteristicofClassicLoadBalancer?
A. dynamicportmapping
B. path-basedrouting
C. SSLlistener
D. backendserverauthentication
E. ECS
F. Layer4basedloadbalancer
Question4:
WhatsecurityfeatureisonlyavailablewithClassicLoadBalancer?
A. IAMrole
B. SAML
C. back-endserverauthentication
D. securitygroups
E. LDAP
Question5:
WhatisaprimarydifferencebetweenClassicandNetworkLoadBalancer?
A. IPaddresstarget
B. Auto-Scaling
C. protocoltarget
D. cross-zoneloadbalancing
E. listener
Question6:
WhatarethefirsttwoconditionsusedbyAmazonAWSdefaultterminationpolicyforMulti-AZarchitecture?
A. unprotectedinstancewitholdestlaunchconfigurationB. AvailabilityZone(AZ)withthemostinstancesC. atleastoneinstancethatisnotprotectedfromscaleinD. unprotectedinstanceclosesttothenextbillinghourE. randomselectionofanyunprotectedinstance
Question7:
WhatfeatureisusedforhorizontalscalingofconsumerstoprocessdatarecordsfromaKinesisdatastream?
A. verticalscalingshards
B. Auto-Scaling
C. Lambda
D. ElasticLoadBalancer
Question8:
WhatDNSrecordscanbeusedforpointingazoneapextoanElasticLoadBalancerorCloudFrontdistribution?(Selecttwo)
A. Alias
B. CNAME
C. MX
D. A
E. NameServer
Question9:
WhatservicesareprimarilyprovidedbyDNSRoute53?(Selectthree)A. loadbalancingwebserverswithinaprivatesubnetB. resolvehostnamesandIPaddressesC. loadbalancingwebserverswithinapublicsubnetD. loadbalancingdatareplicationrequestsbetweenECScontainersE. resolvequeriesandrouteinternettraffictoAWSresourcesF. automatedhealthcheckstoEC2instances
Question10:
WhataretwofeaturesthatcorrectlydescribeAvailabilityZone(AZ)architecture?
A. multipleregionsperAZ
B. interconnectedwithprivateWANlinks
C. multipleAZperregion
D. interconnectedwithpublicWANlinks
E. dataauto-replicatedbetweenzonesindifferentregions
F. DirectConnectsupportsLayer2connectivitytoregion
Question11:
HowisRoute53configuredforWarmStandbyfaulttolerance?(Selecttwo)
A. automatedhealthchecks
B. path-basedrouting
C. failoverrecords
D. Aliasrecords
Question12:
HowisDNSRoute53configuredforMulti-Sitefaulttolerance?(Selecttwo)
A. IPaddress
B. weightedrecords(non-zero)
C. healthchecks
D. Aliasrecords
E. zeroweightedrecords
Question13:
WhatisanAvailabilityZone?
A. datacenter
B. multipleVPCs
C. multipleregions
D. singleregion
E. multipleEC2serverinstances
Question14:
HowareDNSrecordsmanagedwithAmazonAWStoenablehighavailability?
A. Auto-Scaling
B. serverhealthchecks
C. reverseproxy
D. elasticloadbalancing
Question15:
WhatisthedifferencebetweenWarmStandbyandMulti-Sitefaulttolerance?(Selecttwo)
A. Multi-SiteenableslowerRTOandmostrecentRPOB. WarmStandbyenableslowerRTOandmostrecentRPOC. Multi-Siteprovidesactive/activeloadbalancingD. Multi-Siteprovidesactive/standbyloadbalancingE. DNSRoute53isnotrequiredforWarmStandby
Question16:
WhatAWSbestpracticeisrecommendedforcreatingfaulttolerantsystems?
A. verticalscaling
B. ElasticIP(EIP)
C. securitygroups
D. horizontalscaling
E. RedShift
Question17:
WhattwostatementscorrectlydescribeversioningforprotectingdataatrestonS3buckets?
A. enabledbydefault
B. overwritesmostcurrentfileversion
C. restoresdeletedfiles
D. savesmultipleversionsofasinglefile
E. disabledbydefault
Question18:
WhattwomethodsarerecommendedbyAWSforprotectingEBSdataatrest?
A. replication
B. snapshots
C. encryption
D. VPN
Question19:
YouhaveanElasticLoadBalancerassignedtoaVPCwithpublicandprivatesubnets.ELBisconfiguredtoloadbalancetraffictoagroupofEC2instancesassignedtoanAuto-Scalinggroup.Whatthreestatementsarecorrect?
A. ElasticLoadBalancerisassignedtoapublicsubnetB. networkACLisassignedtoElasticLoadBalancerC. securitygroupisassignedtoElasticLoadBalancerD. cross-zoneloadbalancingisnotsupportedE. ElasticLoadBalancerforwardstraffictoprimaryprivateIPaddress
(eth0interface)oneachinstance
DeploymentandOrchestrationQuestion1:
WhatAmazonAWSserviceisavailableforcontainermanagement?
A. ECS
B. Docker
C. Kinesis
D. Lambda
Question2:
WhatisassociatedwithMicroservices?(Selecttwo)
A. ApplicationLoadBalancer
B. Kinesis
C. RDS
D. DynamoDB
E. ECS
Question3:
WheredoesAmazonretrievewebcontentwhenitisnotinthenearestCloudFrontedgelocation?
A. secondarylocation
B. fileserver
C. EBS
D. S3bucket
Question4:
WhattwofeaturesofanAPIGatewayminimizetheeffectsofpeaktrafficeventsandminimizelatency?
A. loadbalancing
B. firewalling
C. throttling
D. scaling
E. caching
Question5:
WhatthreecharacteristicsdifferentiateLambdafromtraditionalEC2deploymentorcontainerization?
A. LambdaisbasedonKinesisscripts
B. Lambdaisserverless
C. tenanthasownershipofEC2instances
D. tenanthasnocontrolofEC2instances
E. Lambdaisacode-basedservice
F. LambdasupportsonlyS3andGlacier
Question6:
HowiscodeuploadedtoLambda?
A. Lambdainstance
B. Lambdacontainer
C. Lambdaentrypoint
D. Lambdafunction
E. LambdaAMI
Question7:
HowareLambdafunctionstriggered?
A. EC2instance
B. hypervisor
C. Kinesis
D. operatingsystem
E. eventsource
Question8:WhatthreestatementscorrectlydescribestandardLambdaoperation?
A. Lambdafunctionisallocated500MBephemeraldiskspaceB. Lambdafunctionisallocated100MBEBSstorageC. LambdastorescodeinS3D. LambdastorescodeinaGlaciervaultE. LambdastorescodeincontainersF. maximumexecutiontimeis300seconds
Question9:
WhatnetworkeventsarerestrictedbyLambda?(Selecttwo)
A. onlyinboundTCPnetworkconnectionsareblockedbyAWSLambda
B. allinboundnetworkconnectionsareblockedbyAWSLambda
C. allinboundandoutboundconnectionsareblocked
D. outboundconnectionssupportonlyTCP/IPsockets
E. outboundconnectionssupportonlySSLsockets
Question10:
HowisversioningsupportedwithLambda?(Selecttwo)
A. Lambdanativesupport
B. ECScontainer
C. notsupported
D. Aliases
E. replication
F. S3versioning
Question11:
WhatisthedifferencebetweenStream-basedandAWSServiceswhenenablingLambda?
A. streamsmaintainseventsourcemappinginLambdaB. streamsmaintainseventsourcemappingineventsourceC. streamsmaintainseventsourcemappinginEC2instanceD. streamsmaintainseventsourcemappinginnotificationE. streamsmaintainseventsourcemappinginAPI
Question12:
Selecttwocustomoriginserversfromthefollowing?
A. S3bucket
B. S3object
C. EC2instance
D. ElasticLoadBalancer
E. APIgateway
Question13:
WhattwoattributesareonlyassociatedwithCloudFrontprivatecontent?
A. AmazonS3URL
B. signedcookies
C. webdistribution
D. signedURL
E. object
Question14:
HowareoriginserverslocatedwithinCloudFront(Selecttwo)
A. DNSrequest
B. distributionlist
C. webdistribution
D. RTMPprotocol
E. sourcemapping
Question15:
WhereareHTMLfilessourcedfromwhentheyarenotcachedataCloudFrontedgelocation?
A. S3object
B. originHTTPserver
C. S3bucket
D. nearestedgelocation
E. RTMPserver
F. failoveredgelocation
Question16:
WhatisthecapacityofasingleKinesisshard?(Selecttwo)
A. 2000PUTrecordspersecond
B. 1MB/secdatainputand2MB/secdataoutput
C. 10MB/secdatainputand10MB/secdataoutput
D. 1000PUTrecordspersecond
E. unlimited
Question17:
WhatAmazonAWSservicesupportsreal-timeprocessingofdatastreamfrommultipleconsumersandreplayofrecords?
A. DynamoDB
B. EMR
C. Kinesisdatastreams
D. SQS
E. RedShift
Question18:Yourcompanyhasaskedyoutocaptureandforwardareal-timedatastreamonamassivescaledirectlytoRedShiftforanalysiswithBItools.WhatAWStoolismostappropriatethatprovidesthefeaturesetandcosteffective?
A. DynamoDBB. SQSC. ElasticMapReduceD. KinesisFirehoseE. SNSF. CloudFront
Question19:
WhatfeaturepermitstenantstouseaprivatedomainnameinsteadofthedomainnamethatCloudFrontassignstoadistribution?
A. Route53
B. CNAMErecord
C. MXrecord
D. RTMP
E. SignedURL
Question20:
WhatAmazonAWSserviceisavailabletoguaranteetheconsumingofauniquemessageonlyonce?
A. Beanstalk
B. SQL
C. Exchange
D. SQS
Question21:
Whatisthefastestandeasiestmethodformigratinganon-premisesVMwarevirtualmachinetotheAWScloud?
A. AmazonMarketplace
B. AWSServerMigrationService
C. AWSStorageGateway
D. EC2Import/Export
Question22:
Selectthestatelessprotocolfromthefollowing?
A. FTP
B. TCP
C. HTTP
D. SSH
Question23:
WhatarethreevalidendpointsforanAPIgateway?
A. RESTfulAPI
B. Lambdafunction
C. AWSservice
D. webserver
E. HTTPmethod
Question24:
Howisavolumeselected(identified)whenmakinganEBSSnapshot?
A. accountid
B. volumeid
C. tag
D. ARN
Question25:
WhatdeploymentserviceenablestenantstoreplicateanexistingAWSstack?
A. Beanstalk
B. CloudFormation
C. RedShift
D. EMR
Question26:
WhatthreeservicescaninvokeaLambdafunction?
A. SNStopic
B. CloudWatchevent
C. EC2instance
D. securitygroup
E. S3bucketnotification
Question27:
WhattwoservicesenableautomaticpollingofastreamfornewrecordsonlyandforwardthemtoanAWSstorageservice?
A. SNS
B. Kinesis
C. Lambda
D. DynamoDB
Question28:
YourcompanyisdeployingawebsitewithdynamiccontenttocustomersinUS,EUandAPACregionsoftheworld.Contentwillincludelivestreamingvideostocustomers.SSLcertificatesarerequiredforsecuritypurposes.SelecttheAWSservicedeliversallrequirementsandprovidesthelowestlatency?
A. DynamoDBB. CloudFrontC. S3D. Redis
Question29:
WhataretheadvantagesofBeanstalk?(Selecttwo)
A. orchestrationanddeploymentabstraction
B. template-orienteddeploymentservice
C. easiestsolutionfordeveloperstodeploycloudapplications
D. doesnotsupportcloudcontainers
Question30:
YouareanetworkanalystwithJSONscriptingexperienceandaskedtoselectanAWSsolutionthatenablesautomateddeploymentofcloudservices.ThetemplatedesignwouldincludeanondefaultVPCwithEC2instances,ELB,Auto-Scalingandactive/activefailover.WhatAWSsolutionisrecommended?
A. BeanstalkB. OpsWorksC. CloudTrailD. CloudFormation
Question31:
SelecttwostatementsthatcorrectlydescribeOpsWorks?
A. Opsworksprovidesoperationalandconfigurationautomation
B. OpsWorksisalowercostalternativetoBeanStalk
C. OpsWorksisprimarilyamonitoringservice
D. Chefscripts(recipes)areakeyaspectofOpsWorks
Question32:
YourcompanyhasdevelopedanIoTapplicationthatsendsTelemetrydatafrom100,000sensors.Thesensorssendadatapointof1KBatone-minuteintervalstoaDynamoDBcollectorformonitoringpurposes.WhatAWSstackwouldenableyoutostoredataforreal-timeprocessingandanalyticsusingBItools?
A. Sensors->KinesisStream->Firehose->DynamoDBB. Sensors->KinesisStream->Firehose->DynamoDB->S3C. Sensors->AWSIoT->Firehose->RedShiftD. Sensors->KinesisDataStreams->Firehose->RDS
Question33:
YourcompanyhasanapplicationthatwasdevelopedandmigratedtoAWScloud.TheapplicationleveragessomeAWSservicesaspartofthearchitecture.ThestackincludesEC2instances,RDSdatabase,S3buckets,RedShiftandLambdafunctions.InadditionthereisIAMsecuritypermissionsconfiguredwithdefinedusers,groupsandroles.TheapplicationismonitoredwithCloudWatchandSTSwasrecentlyaddedforpermittingWebIdentityFederationsign-onfromGoogleaccounts.YouwantasolutionthatcanleveragetheexperienceofyouremployeeswithAWScloudinfrastructureaswell.WhatAWSservicecancreateatemplateofthedesignandconfigurationforeasierdeploymentoftheapplicationtomultipleregions?
A. SnowballB. OpsworksC. CloudFormationD. Beanstalk
MonitoringServicesQuestion1:
WhatstatementcorrectlydescribesCloudWatchoperationwithinAWScloud?
A. logdataisstoredindefinitely
B. logdataisstoredfor15days
C. alarmhistoryisneverdeleted
D. ELBisnotsupported
Question2:
WhataretwoAWSsubscriberendpointservicesthataresupportedwithSNS?
A. RDS
B. Kinesis
C. SQS
D. Lambda
E. EBS
F. ECS
Question3:
WhatAWSservicesworkinconcerttointegratesecuritymonitoringandauditwithinaVPC?(Selectthree)
A. Syslog
B. CloudWatch
C. WAF
D. CloudTrail
E. VPCFlowLog
Question4:
HowisCloudWatchintegratedwithLambda?(Selecttwo)
A. tenantmustenableCloudWatchmonitoring
B. networkmetricssuchaslatencyarenotmonitored
C. LambdafunctionsareautomaticallymonitoredthroughLambdaservice
D. loggroupiscreatedforeacheventsource
E. loggroupiscreatedforeachfunction
Question5:
WhattwostatementscorrectlydescribeAWSmonitoringandauditoperations?A. CloudTrailcapturesAPIcalls,storestheminanS3bucketandgenerates
aCloudwatcheventB. CloudWatchalarmcansendamessagetoaLambdafunctionC. CloudWatchalarmcansendamessagetoanSNSTopicthattriggersan
eventforaLambdafunctionD. CloudTrailcapturesallAWSeventsandstorestheminalogfileE. VPClogsdonotsupporteventsforsecuritygroups
Question6:
WhatisrequiredforremotemanagementaccesstoyourLinux-basedinstance?
A. ACL
B. Telnet
C. SSH
D. RDP
Question7:
WhataretwofeaturesofCloudWatchoperation?A. CloudWatchdoesnotsupportcustommetricsB. CloudWatchpermissionsaregrantedperfeatureandnotAWSresourceC. collectandmonitoroperatingsystemandapplicationgeneratedlogfilesD. AWSservicesautomaticallycreatelogsforCloudWatchE. CloudTrailgenerateslogsautomaticallywhenAWSaccountisactivated
Question8:
YouareaskedtoselectanAWSsolutionthatwillcreatealogentryanytimeasnapshotofanRDSdatabaseinstanceanddeletestheoriginalinstance.SelecttheAWSservicethatwouldprovidethatfeature?
A. VPCFlowLogs
B. RDSAccessLogs
C. CloudWatch
D. CloudTrail
Question9:
WhatisrequiredtoenableapplicationandoperatingsystemgeneratedlogsandpublishtoCloudWatchLogs?
A. Syslog
B. enableaccesslogs
C. IAMcross-accountenabled
D. CloudWatchLogAgent
Question10:
WhatisthepurposeofVPCFlowLogs?
A. captureVPCerrormessages
B. captureIPtrafficonnetworkinterfaces
C. monitornetworkperformance
D. monitornetflowdatafromsubnets
E. enableSyslogservicesforVPC
Question11:
Selecttwocloudinfrastructureservicesand/orcomponentsincludedwithdefaultCloudWatchmonitoring?
A. SQSqueues
B. operatingsystemmetrics
C. hypervisormetrics
D. virtualappliances
E. applicationlevelmetrics
Question12:
WhatfeatureenablesCloudWatchtomanagecapacitydynamicallyforEC2instances?
A. replicationlag
B. Auto-Scaling
C. ElasticLoadBalancer
D. verticalscaling
Question13:
WhatAWSserviceisusedtomonitortenantremoteaccessandvarioussecurityerrorsincludingauthenticationretries?
A. SSH
B. Telnet
C. CloudFront
D. CloudWatch
Question14:
HowdoesAmazonAWSisolatemetricsfromdifferentapplicationsformonitoring,storeandreportingpurposes?
A. EC2instances
B. Beanstalk
C. CloudTrail
D. namespaces
E. Docker
Question15:
WhatAmazonAWSserviceprovidesaccounttransactionmonitoringandsecurityaudit?
A. CloudFront
B. CloudTrail
C. CloudWatch
D. securitygroup
Question16:
WhattwostatementscorrectlydescribeCloudWatchmonitoringofdatabaseinstances?
A. metricsaresentautomaticallyfromDynamoDBandRDStoCloudWatch
B. alarmsmustbeconfiguredforDynamoDBandRDSwithinCloudWatchC. metricsarenotenabledautomaticallyforDynamoDBandRDSD. RDSdoesnotsupportmonitoringofoperatingsystemmetrics
Question17:
WhatAWSservicecansendnotificationstocustomersmartphonesandmobileapplicationswithattachedvideoand/oralerts?
A. EMRB. LambdaC. SQSD. SNSE. CloudTrail
***AnswerKey***EC2ComputeQuestion1:
WhatthreeattributesareselectablewhencreatinganEBSvolumeforanEC2instance?
A. volumetypeB. IOPSC. regionD. CMKE. ELBF. EIP
Answer(A,B,D)
Question2:Youhavebeenaskedtomigratea10GBunencryptedEBSvolumetoanencryptedvolumeforsecuritypurposes.Whatarethreekeystepsrequiredaspartofthemigration?
A. pausetheunencryptedinstanceB. createanewencryptedvolumeofthesamesizeandavailabilityzoneC. createanewencryptedvolumeofthesamesizeinanyavailabilityzoneD. startconverterinstanceE. shutdownanddetachtheunencryptedinstance
Answer(B,D,E)
Question3:WhatisEC2instanceprotection?
A. preventsAutoScalingfromselectingspecificEC2instancetobereplacedwhenscalingin
B. preventsAutoScalingfromselectingspecificEC2instancetobereplacedwhenscalingout
C. preventsAutoScalingfromselectingspecificEC2instanceforterminationwhenscalingout
D. preventsAutoScalingfromselectingspecificEC2instanceforterminationwhenscalingin
E. preventsAutoScalingfromselectingspecificEC2instanceforterminationwhenpaused
F. preventsAutoScalingfromselectingspecificEC2instanceforterminationwhenstopped
Answer(D)
Question4:
WhattwofeaturesaresupportedwithEBSvolumeSnapshotfeature?
A. EBSreplicationacrossregions
B. EBSmulti-zonereplication
C. EBSsingleregiononly
D. fullsnapshotdataonly
E. unencryptedsnapshotonlyAnswer(A,B)
Question5:
WhattworesourcetagsaresupportedforanEC2instance?
A. VPCendpoint
B. EIP
C. networkinterface
D. securitygroup
E. FlowLogAnswer(A,E)
Question6:
WhattwooptionsareavailabletoalerttenantswhenanEC2instanceisterminated?
A. SNS
B. CloudTrail
C. Lambdafunction
D. SQS
E. STSAnswer(A,C)
Question7:
WhatclassofEC2instancetypeisrecommendedforrunningdataanalytics?
A. memoryoptimized
B. computeoptimized
C. storageoptimized
D. generalpurposeoptimized
Answer(B)
Question8:
WhatclassofEC2instancetypeisrecommendedfordatabaseservers?
A. memoryoptimized
B. computeoptimized
C. storageoptimized
D. generalpurposeoptimizedAnswer(A)
Question9:
Whattwoattributesdistinguisheachpricingmodel?
A. reliability
B. amazonservice
C. discount
D. performance
E. redundancyAnswer(A,C)
Question10:
WhatarethreestandardAWSpricingmodels?
A. elastic
B. spot
C. reserved
D. dynamic
E. demandAnswer(B,C,E)
Question11:HowisanEBSrootvolumecreatedwhenlaunchinganEC2instancefromanewEBS-backedAMI?
A. S3template
B. originalAMI
C. snapshot
D. instancestore
Answer(C)
Question12:
WhatAmazonAWSsourcesareavailableforcreatinganEBS-BackedLinuxAMI?(selecttwo)
A. EC2instance
B. AmazonSMS
C. VMImport/Export
D. EBSSnapshot
E. S3bucketAnswer(A,D)
Question13:
Whatisrequiredtopreventaninstancefrombeinglaunchedandincurringcosts?
A. stopinstance
B. terminateinstance
C. terminateAMIandde-registerinstance
D. stopandde-registerinstance
E. stop,deregisterAMIandterminateinstanceAnswer(E)
Question14:
WhatisanEBSSnapshot?
A. backupofanEBSrootvolumeandinstancedata
B. backupofanEC2instance
C. backupofconfigurationsettings
D. backupofinstancestoreAnswer(A)
Question15:
WhereareELBandAuto-Scalinggroupsdeployedasaunifiedsolutionforhorizontalscaling?
A. databaseinstances
B. allinstances
C. webserverinstances
D. defaultVPConlyAnswer(C)
Question16:WhatfeatureissupportedwhenattachingordetachinganEBSvolumefromanEC2instance?
A. EBSvolumecanbeattachedanddetachedtoanEC2instanceinthesameregion
B. EBSvolumecanbeattachedanddetachedtoanEC2instancethatiscross-region
C. EBSvolumecanonlybecopiedandattachedtoanEC2instancethatiscross-region
D. EBSvolumecanonlybeattachedanddetachedtoanEC2instanceinthesameAvailabilityZone
Answer(D)
Question17:
WhattwostatementscorrectlydescribehowtoaddormodifyIAMrolestoarunningEC2instance?
A. attachanIAMroletoanexistingEC2instancefromtheEC2consoleB. replaceanIAMroleattachedtoanexistingEC2instancefromtheEC2
consoleC. attachanIAMroletotheuseraccountandrelaunchtheEC2instanceD. addtheEC2instancetoagroupwheretheroleisamember
Answer(A,B)
Question18:WhatisthedefaultbehaviorforanEC2instancewhenterminated?(Selecttwo)
A. DeleteOnTerminationattributecannotbemodifiedB. EBSrootdevicevolumeandadditionalattachedvolumesaredeleted
immediatelyC. EBSdatavolumesthatyouattachatlaunchpersistD. EBSrootdevicevolumeisautomaticallydeletedwheninstance
terminatesAnswer(C,D)
Question19:
HowdoyoulaunchanEC2instanceafteritisterminated?(Selecttwo)
A. launchanewinstanceusingthesameAMI
B. rebootinstancefromCLI
C. launchanewinstancefromaSnapshot
D. rebootinstancefrommanagementconsole
E. contactAWSsupporttoresetAnswer(A,C)
Question20:
WhatservicecanautomateEBSsnapshots(backups)forrestoringEBSvolumes?
A. CloudWatchevent
B. SNStopic
C. CloudTrail
D. AmazonInspector
E. CloudWatchalarmAnswer(A)
Question21:
WhatwillcauseAWStoterminateanEC2instanceonlaunch?(Selecttwo)
A. securitygrouperror
B. numberofEC2instancesonAWSaccountexceeded
C. EBSvolumelimitsexceeded
D. multipleIPaddressesassignedtoinstance
E. unsupportedinstancetypeassigned
Answer(B,C)
Question22:YourecentlymadesomeconfigurationchangestoanEC2instance.YouthenlaunchedanewEC2instancefromthesameAMIhowevernoneofthesettingsweresaved.Whatisthecauseofthiserror?
A. didnotsaveconfigurationchangestoEC2instanceB. didnotsaveconfigurationchangestoAMIC. didnotcreatenewAMID. didnotrebootEC2instancetoenablechanges
Answer(C)
Question23:WhatstatementsarecorrectconcerningDisableApiTerminationattribute?(Selecttwo)
A. cannotenableterminationprotectionforSpotinstancesB. terminationprotectionisdisabledbydefaultforanEC2instanceC. terminationprotectionisenabledbydefaultforanEC2instanceD. canenableterminationprotectionforSpotinstancesE. DisableApiTerminationattributesupportedforEBS-backedinstances
onlyAnswer(A,B)
Question24:
WhatisrequiredtocopyanencryptedEBSsnapshotcross-account?(Selecttwo)A. copytheunencryptedEBSsnapshottoanS3bucketB. distributethecustomkeyfromCloudFrontC. sharethecustomkeyforthesnapshotwiththetargetaccountD. sharetheencryptedEBSsnapshotwiththetargetaccountE. sharetheencryptedEBSsnapshotspubliclyF. enablerootaccesssecurityonbothaccounts
Answer(C,D)
Question25:
WhatthreeservicesenableSingle-AZasadefault?
A. EC2
B. ELB
C. Auto-Scaling
D. DynamoDB
E. S3
Answer(A,B,C)
Question26:
WhatAWSserviceautomaticallypublishesaccesslogseveryfiveminutes?
A. VPCFlowLogs
B. ElasticLoadBalancer
C. CloudTrail
D. DNSRoute53Answer(B)
Question27:
Youhavedevelopedaweb-basedapplicationforfilesharingthatwillallowcustomerstoaccessfiles.Thereareavarietyofsizesthatincludelarger.pdfandvideofiles.Whattwosolutionstackscouldtenantsuseforanonlinefilesharingservice?(Selecttwo)
A. EC2,ELB,Auto-Scaling,S3B. Route53,Auto-Scaling,DynamoDBC. EC2,Auto-Scaling,RDSD. CloudFront
Answer(A,D)
Question28:
WhatinfrastructureservicesareprovidedtoEC2instances?(Selectthree)
A. VPN
B. storage
C. compute
D. transport
E. security
F. support
Answer(B,C,D)
Question29:
WhatstepsarerequiredfromAWSconsoletocopyanEBS-backedAMIforadatabaseinstancecross-region?
A. createSnapshotofdatavolume,selectCopy,selectdestinationregionB. selectCopyEBS-backedAMIoptionanddestinationregionC. selectcopydatabasevolumeanddestinationregionD. createSnapshotofEBS-backedAMI,selectCopySnapshotoption,
selectdestinationregionE. createSnapshotofInstance-storeAMI,selectCopyAMIoption,select
destinationregionAnswer(D)
Question30:
Howiscapacity(compute,storageandnetworkspeed)managedandassignedtoEC2instances?
A. AMI
B. instancetype
C. IOPS
D. Auto-ScalingAnswer(B)
Question31:
WhatstoragetypeenablepermanentattachmentofvolumestoEC2instances?
A. S3
B. RDS
C. TDS
D. EBS
E. instancestoreAnswer(D)
Question32:Whatistherecommendedmethodformigrating(copying)anEC2instancetoadifferentregion?
A. terminateinstance,selectregion,copyinstancetodestinationregionB. selectAMIassociatedwithEC2instanceanduseCopyAMIoptionC. stopinstanceandcopyAMItodestinationregionD. cross-regioncopyisnotcurrentlysupported
Answer(B)
Question33:
WhataretwoattributesthatdefineanEC2instancetype?
A. vCPU
B. licensetype
C. EBSvolumestorage
D. IPaddress
E. Auto-ScalingAnswer(A,C)
Question34:
HowisanAmazonElasticLoadBalancer(ELB)assigned?
A. perEC2instance
B. perAuto-Scalinggroup
C. persubnet
D. perVPCAnswer(A)
Question35:
WhatmethoddetectswhentoreplaceanEC2instancethatisassignedtoanAuto-Scalinggroup?
A. healthcheck
B. loadbalancingalgorithm
C. EC2healthcheck
D. notcurrentlysupported
E. dynamicpathdetection
F. Auto-ScalingAnswer(A)
Question36:
WhattwostatementscorrectlydescribeAuto-Scalinggroups?
A. horizontalscalingofcapacity
B. decreasenumberofinstancesonly
C. EC2instancesareassignedtoagroup
D. databaseinstancesonly
E. nosupportformultipleavailabilityzonesAnswer(A,C)
Question37:
WhatisthedefaultmaximumnumberofElasticIPaddressesassignableperAmazonAWSregion?
A. 1
B. 100
C. 5
D. unlimitedAnswer(C)
Question38:
HowaresnapshotsforanEBSvolumecreatedwhenitistherootdeviceforaninstance?
A. pauseinstance,unmountvolumeandsnapshot
B. terminateinstanceandsnapshot
C. unencryptvolumeandsnapshotdynamically
D. stopinstance,unmountvolumeandsnapshotAnswer(D)
Question39:
WhatcloudcomputecomponentsareconfiguredbytenantsandnotAmazonAWSsupportengineers?(Selectthree)
A. hypervisor
B. upstreamphysicalswitch
C. virtualappliances
D. guestoperatingsystem
E. applicationsanddatabases
F. RDS
Answer(C,D,E)
Question40:
WhatthreeattributesareusedtodefinealaunchconfigurationtemplateforanAuto-Scalinggroup?
A. instancetype
B. privateIPaddress
C. ElasticIP
D. securitygroup
E. AMIAnswer(A,D,E)
Question41:
WhatthreecharacteristicsorlimitationsdifferentiateEC2instancetypes?
A. VPConlyB. applicationtypeC. EBSvolumeonlyD. virtualizationtypeE. AWSserviceselected
Answer(A,C,D)
Question42:
SelecttwodifferencebetweenHVMandPVvirtualizationtypes?
A. HVMsupportsallcurrentgenerationinstancetypesB. HVMissimilartobaremetalhypervisorarchitectureC. PVprovidesbetterperformancethanHVMformostinstancetypesD. HVMdoesn’tsupportenhancednetworkingE. HVMdoesn’tsupportcurrentgenerationinstancetypes
Answer(A,B)
VirtualPrivateCloud(VPC)Question1:Whataretheminimumcomponentsrequiredtoenableaweb-basedapplicationwithpublicwebserversandaprivatedatabasetier?(selectthree)
A. InternetgatewayB. AssignEIPaddressingtodatabaseinstancesonprivatesubnetC. VirtualprivategatewayD. AssigndatabaseinstancestoprivatesubnetandprivateIPaddressingE. AssignEIPandprivateIPaddressingtowebserversonpublicsubnet
Answer(A,D,E)
Question2:
Refertothenetworkdrawing.Howarepacketsroutedfromprivatesubnettopublicsubnetforthefollowingweb-basedapplicationwithadatabasetier?
A. Internetgateway
B. customroutetable
C. 10.0.0.0/16
D. nat-instance-id
E. igw-id
F. addcustomroutetableAnswer(D)
Question3:
WhatVPCcomponentprovidesNetworkAddressTranslation?
A. NATinstance
B. NATgateway
C. virtualprivategateway
D. Internetgateway
E. ECSAnswer(D)
Question4:
WhataretheadvantagesofNATgatewayoverNATinstance?(Selecttwo)
A. NATgatewayrequiresasingleEC2instance
B. NATgatewayisscalable
C. NATgatewaytranslatesfaster
D. NATgatewaysisamanagedservice
E. NATgatewayisLinux-basedAnswer(B,D)
Question5:
WhatisthemanagementresponsibilityoftenantsandnotAmazonAWS?
A. EC2instances
B. RDS
C. Beanstalk
D. NATinstanceAnswer(A,D)
Question6:
Whattwofeaturesprovideanencrypted(VPN)connectionfromVPCtoanenterprisedatacenter?
A. Internetgateway
B. AmazonRDS
C. Virtualprivategateway
D. CSR1000Vrouter
E. NATgatewayAnswer(C,D)
Question7:
WhattwoattributesaresupportedwhenconfiguringanAmazonVirtualprivategateway(VPG)?
A. routepropagation
B. ElasticIP(EIP)
C. DHCP
D. publicIPv4address
E. publicsubnetsAnswer(A,C)
Question8:
WhattwofeaturesareavailablewithAWSDirectConnectservice?
A. internetaccess
B. extendon-premisesVLANstocloud
C. bidirectionalforwardingdetection(BFD)
D. loadbalancingbetweenDirectConnectandVPNconnection
E. publicandprivateAWSservicesAnswer(C,E)
Question9:
WhenisDirectConnectapreferredsolutionoverVPNIPsec?
A. fastandreliableconnection
B. redundancyisakeyrequirement
C. fastandeasytodeploy
D. layer3connectivity
E. layer2connectivityAnswer(A)
Question10:
YouhavebeenaskedtosetupaVPCendpointconnectionbetweenVPCandS3bucketsforstoringbackupsandsnapshots.WhatAWScomponentsarecurrentlyrequiredwhenconfiguringaVPCendpoint?
A. Internetgateway
B. NATinstance
C. ElasticIP
D. privateIPaddressAnswer(D)
Question11:
WhataretheprimaryadvantagesofVPCendpoints?(Selecttwo)
A. reliability
B. cost
C. throughput
D. securityAnswer(B,D)
Question12:
WhataretheDHCPoptionattributesusedtoassignprivateDNSserverstoyourVPC?
A. dnsresolutionanddomainname
B. hostnamesandinternetdomain
C. domainserversanddomainname
D. domain-name-serversanddomain-nameAnswer(D)
Question13:
WhatDNSattributesareconfiguredwhenDefaultVPCoptionisselected?
A. DNSresolution:yes/DNShostnames:yes
B. DNSresolution:yes/DNShostnames:no
C. DNSresolution:no/DNShostnames:yes
D. DNSresolution:no/DNShostnames:noAnswer(A)
Question14:
WhatconfigurationsettingsarerequiredfromtheremoteVPCinordertocreatecross-accountpeering?(Selectthree)
A. VPCID
B. accountusername
C. accountID
D. CMKkeys
E. VPCCIDRblock
F. volumetype
Answer(A,C,E)
Question15:
WhatCIDRblockrangeissupportedforIPv4addressingandsubnettingwithinasingleVPC?
A. /16to/32
B. /16to/24
C. /16to/28
D. /16to/20Answer(C)
Question16:WhatproblemiscausedbythefactthatVPCpeeringdoesnotpermittransitiverouting?
A. additionalVPCroutetablestomanageB. virtualprivategatewayisrequiredC. InternetgatewayisrequiredforeachVPCD. routingbetweenconnectedspokesthroughhubVPCiscomplexE. increasednumberofpeerlinksrequired
Answer(E)
Question17:
WhattwostatementscorrectlydescribesElasticLoadBalanceroperation?
A. spansmultipleregions
B. assignedperEC2instance
C. assignedpersubnet
D. assignedperAuto-Scalinggroup
E. nocross-regionsupportAnswer(D,E)
Question18:
WhataretwoadvantagesofElasticIP(EIP)overAWSpublicIPv4addresses?
A. EIPcanbereassigned
B. EIPisprivate
C. EIPisdynamic
D. EIPispersistent
E. EIPispublicandprivateAnswer(A,D)
Question19:
WhatAWSservicesaregloballymanaged?(Selectfour)
A. IAM
B. S3
C. CloudFront
D. Route53
E. DynamoDB
F. WAF
G. ELB
Answer(A,C,D,F)
Question20:
WhatmethodsareavailableforcreatingaVPC?(Selectthree)
A. AWSmanagementconsole
B. AWSmarketplace
C. VPCwizard
D. VPCconsole
E. DirectConnectAnswer(A,C,D)
Question21:WhattwodefaultsettingsareconfiguredfortenantsbyAWSwhenDefaultVPCoptionisselected?
A. createsasize/20defaultsubnetineachAvailabilityZoneB. createsanInternetgatewayC. createsamainroutetablewithlocalroute10.0.0.0/16D. createavirtualprivategatewayE. createasecuritygroupthatexplicitlydeniesalltraffic
Answer(A,B)
Question22:
WhatthreestatementscorrectlydescribesIPaddressallocationwithinaVPC?A. EC2instancemustbeterminatedtoreassignanIPaddressB. EC2instancethatispausedcanreassignIPaddressC. EC2instancethatisstoppedcanreassignIPaddressD. privateIPaddressesareallocatedfromapoolandcanbereassignedE. privateIPaddressescanbeassignedbytenantF. VPCsupportsdualstackmode(IPv4/IPv6)
Answer(A,E,F)
Question23:
WhataretwoadvantagesofselectingdefaulttenancyoptionforyourVPCwhencreatingit?
A. performanceandreliability
B. someAWSservicesdonotworkwithadedicatedtenancyVPC
C. tenantcanlaunchinstanceswithinVPCasdefaultordedicatedinstances
D. instancelaunchisfasterAnswer(B,C)
Question24:WhatisthepurposeofalocalroutewithinaVPCroutetable?
A. localrouteisderivedfromthedefaultVPCCIDRblock10.0.0.0/16B. communicatebetweeninstanceswithinthesamesubnetordifferent
subnetsC. usedtocommunicatebetweeninstanceswithinthesamesubnetD. defaultrouteforcommunicatingbetweenprivateandpublicsubnetsE. onlyinstalledinthemainroutetable
Answer(C)
Question25:
WhatisthedefaultbehaviorwhenaddinganewsubnettoyourVPC?(Selecttwo)
A. newsubnetisassociatedwiththemainroutetableB. newsubnetisassociatedwiththecustomroutetableC. newsubnetisassociatedwithanyselectedroutetableD. newsubnetisassignedtothedefaultsubnetE. newsubnetisassignedfromtheVPCCIDRblock
Answer(A,E)
Question26:YouhaveenabledAmazonRDSdatabaseservicesinVPC1foranapplicationthathaspublicwebserversinVPC2.HowdoyouconnectthewebserverstotheRDSdatabaseinstancesotheycancommunicateconsideringtheVPC'sareinthesameregion?
A. VPCendpointsB. VPNgatewayC. path-basedroutingD. VPCpeeringE. AWSNetworkLoadBalancer
Answer(D)
Question27:
WhatAWSservicesnowsupportVPCendpointsfeatureforoptimizingsecurity?(Selectthree)
A. Kinesis
B. DNSRoute53
C. S3
D. DynamoDB
E. RDS
Answer(A,C,D)
Question28:
WhatarethreecharacteristicsofanAmazonVirtualPrivateCloud?
A. publicandprivateIPaddressing
B. broadcasts
C. multipleprivateIPaddressespernetworkinterface
D. dedicatedsingletenanthardwareonly
E. persistentpublicIPaddresses
F. HSRPAnswer(A,C,E)
Question29:WhatisthedifferencebetweenVPCmainroutetableandcustomroutetable?
A. VPConlycreatesamainroutetablewhenstartedB. customroutetableisthedefaultC. customroutetableiscreatedforpublicsubnetsD. customroutetableiscreatedforprivatesubnetsE. mainroutetableiscreatedforpublicandprivatesubnets
Answer(C)
Question30:
WhatisthepurposeofthenativeVPCrouter?
A. routepacketsacrosstheinternet
B. routepacketsbetweenprivatecloudinstances
C. routepacketsbetweensubnets
D. routepacketsfrominstancestoS3storagevolumes
E. routepacketsacrossVPN
Answer(C)
Question31:
HowareprivateDNSserversassignedtoanAmazonVPC?
A. notsupported
B. selectnondefaultVPC
C. selectdefaultVPC
D. selectEC-2classicAnswer(B)
Question32:
WhataretwocharacteristicsofanAmazonsecuritygroup?
A. instancelevelpacketfiltering
B. denyrulesonly
C. permitrulesonly
D. subnetlevelpacketfiltering
E. inboundonlyAnswer(A,C)
Question33:
WhatstatementistrueofNetworkAccessControlLists(ACL)operationwithinanAmazonVPC?
A. instanceandsubnetlevelpacketfiltering
B. subnetlevelpacketfiltering
C. inboundonly
D. onlyoneACLallowedperVPC
E. outboundonlyAnswer(B)
Question34:
HowarepacketsforwardedbetweenpublicandprivatesubnetswithinVPC?
A. EIP
B. NAT
C. mainroutetable
D. VPNAnswer(B)
Question35:
WhattwostatementsaccuratelydescribeAmazonVPCarchitecture?
A. ElasticLoadBalancer(ELB)cannotspanmultipleavailabilityzones
B. VPCdoesnotsupportDMVPNconnection
C. VPCsubnetcannotspanmultipleavailabilityzones
D. VPCcannotspanmultipleregions
E. FlowlogsarenotsupportedwithinaVPCAnswer(C,D)
Question36:
WhatisarequirementforattachingEC2instancestoon-premisesclientsandapplications?
A. AmazonVirtualPrivateGateway(VPN)
B. AmazonInternetGateway
C. VPNConnection
D. ElasticLoadBalancer(ELB)
E. NATAnswer(B)
Question37:
WhattwostatementscorrectlydescribeAmazonvirtualprivategateway?
A. assigntoprivatesubnetsonly
B. assigntopublicsubnetsonly
C. singlevirtualprivategatewayperVPC
D. multiplevirtualprivategatewaysperVPC
E. singlevirtualprivategatewayperregion
Answer(A,C)
Question38:
WhatisthemaximumaccessportspeedavailablewithAmazonDirectConnectservice?
A. 1Gbps
B. 10Gbps
C. 500Mbps
D. 100Gbps
E. 100MbpsAnswer(B)
Question39:
Refertothedrawing.YourcompanyhasaskedyoutoconfigureapeeringlinkbetweentwoVPCsthatarecurrentlynotconnectedorexchanginganypackets.WhatdestinationandtargetisconfiguredintheroutingtableofVPC1toenablepacketforwardingtoVPC2?
A.destination=172.16.0.0/16target=pcx-vpc2vpc1
B.destination=10.0.0.0/16target=pcx-vpc2
C.destination=172.16.0.0/16target=10.0.0.0/16
D.destination=172.16.0.0/16target=pcx-vpc1vpc2
E.defaultrouteonly
Answer(D)
Question40:
HowisroutingenabledbydefaultwithinaVPCforanEC2instance?
A. addadefaultroute
B. mainroutetable
C. customroutetable
D. mustbeconfiguredexplicitlyAnswer(B)
Question41:
WhatthreefeaturesarenotsupportedwithVPCpeering?
A. overlappingCIDRblocks
B. IPv6addressing
C. Gateways
D. transitiverouting
E. RedShift
F. ElastiCacheAnswer(A,C,D)
Question42:
WhatrouteisusedinaVPCroutingtableforpacketforwardingtoaGateway?
A. staticroute
B. 10.0.0.0/16
C. tenantconfigured
D. 0.0.0.0/0
E. 0.0.0.0/16Answer(D)
Question43:Youareaskedtodeployawebapplicationcomprisedofmultiplepublicwebserverswithonlyprivateaddressingassigned.WhatAmazonAWSsolutionsenablesmultipleserversonaprivatesubnetwithonlyasingleEIPrequiredandAvailabilityZoneredundancy?
A. NATinstanceB. InternetgatewayC. virtualprivategatewayD. NATgatewayE. ElasticNetworkInterface(ENI)
Answer(D)
Question44:
WhatistheIPaddressingschemaassignedtoadefaultVPC?
A. 172.31.0.0/16CIDRblocksubnettedwith172.31.0.0/20
B. 172.16.0.0/16CIDRblocksubnettedwith172.16.0.0/24
C. 10.0.0.0/16CIDRblocksubnettedwith10.0.0.0/24
D. 172.16.0.0/24CIDRblocksubnettedwith172.31.0.0/18Answer(A)
Question45:
WhatdefaultconfigurationandcomponentsareaddedbyAWSwhenDefaultVPCtypeisselected?(Selectthree)
A. Internetgateway
B. virtualprivategateway
C. NATinstance
D. securitygroup
E. DNSAnswer(A,D,E)
Question46:
Whatfeaturerequirestenantstodisablesource/destinationcheck?
A. ElasticIP(EIP)
B. datareplication
C. VPCpeering
D. NAT
E. InternetgatewayAnswer(D)
StorageServicesQuestion1:
WhatAWSstoragesolutionallowsthousandsofEC2instancestosimultaneouslyupload,access,deleteandsharefiles?
A. EBS
B. S3
C. Glacier
D. EFSAnswer(D)
Question2:
WhatisrequiredforanEFSmounttarget?(Selecttwo)
A. EIP
B. DNSname
C. IPaddress
D. DHCP
E. IAMrole
Answer(B,C)
Question3:
Whatconnectivityfeaturesarerecommendedforcopyingon-premisesfilestoEFS?(Selecttwo)
A. VPNIPsec
B. InternetGateway
C. DirectConnect
D. FileSync
E. FTP
F. AWSStorageGatewayAnswer(C,D)
Question4:
WhatAWSservicesencryptsdataatrestbydefault?(Selecttwo)
A. S3
B. AWSStorageGateway
C. EBS
D. Glacier
E. RDSAnswer(B,D)
Question5:
WhatfaulttolerantfeaturesdoesS3storageprovide?(Selectthree)
A. cross-regionreplication
B. versioningmustbedisabled
C. cross-regionasynchronousreplicationofobjects
D. synchronousreplicationofobjectswithinaregion
E. multipledestinationbucketsAnswer(A,C,D)
Question6:
Whatisthefastesttechniquefordeleting900objectsinanS3bucketwithasingleHTTPrequest?
A. Multi-PartDeleteAPI
B. Multi-ObjectDeleteAPI
C. 100objectsismaximumperrequest
D. Fast-DeleteAPIAnswer(B)
Question7:
WhatsecuritycontrolstechniqueisrecommendedforS3cross-accountaccess?
A. IAMgroup
B. securitygroups
C. S3ACL
D. bucketpoliciesAnswer(D)
Question8:
Whataretwoadvantagesofcross-regionreplicationofanS3bucket?
A. cost
B. securitycompliance
C. scalability
D. Beanstalksupport
E. minimizelatencyAnswer(B,E)
Question9:
WhataretwoprimarydifferencebetweenAmazonS3StandardandS3/RRSstorageclasses?
A. AmazonStandarddoesnotreplicateatall
B. RRSprovideshigherdurability
C. RRSprovideshigheravailability
D. RRSdoesnotreplicateobjectsasmanytimes
E. applicationusageisdifferentAnswer(D,E)
Question10:
WhattwofeaturesareenabledwithS3services?
A. storeobjectsofanysize
B. dynamicwebcontent
C. supportsProvisionedIOPS
D. storevirtuallyunlimitedamountsofdata
E. bucketnamesaregloballyuniqueAnswer(D,E)
Question11:
WhatnewfeaturewasrecentlyaddedtoSQSthatdefineshowmessagesareordered?
A. streams
B. SNS
C. FIFO
D. TLS
E. decouplingAnswer(C)
Question12:
WhattwoAWSstoragetypesarepersistent?
A. ephemeral
B. S3
C. EBS
D. instancestore
E. SAMLAnswer(B,C)
Question13:
Selectthreeon-premisesbackupsolutionsusedforcopyingdatatoanAmazonAWSS3bucket?
A. AWSImport/Export
B. RDS
C. Snowball
D. AvailabilityZone(AZ)replication
E. AWSStorageGatewayAnswer(A,C,E)
Question14:
Youhave1TBofdataandwanttoarchivethedatathatwon'tbeaccessedthatoften.WhatAmazonAWSstoragesolutionisrecommended?
A. Glacier
B. EBS
C. ephemeral
D. CloudFrontAnswer(A)
Question15:
WhatarethreemethodsofaccessingDynamoDBforcustomizationpurposes?
A. CLI
B. AWSconsole
C. APIcall
D. vCenter
E. BeanstalkAnswer(A,B,C)
Question16:
WhataretwoprimarydifferencesbetweenGlacierandS3storageservices?
A. Glacierislowercost
B. S3islowercost
C. Glacierispreferredforfrequentdataaccesswithlowerlatency
D. S3ispreferredforfrequentdataaccesswithlowerlatency
E. S3supportslargerfilesizeAnswer(A,D)
Question17:
WhatstatementcorrectlydescribestheoperationofAWSGlacierarchive?
A. archiveisagroupofvaults
B. archiveisanunencryptedvault
C. archivesupportsaggregatedfilesonly
D. maximumfilesizeis1TB
E. archivesupportssingleandaggregatedfilesAnswer(E)
Question18:WhatarethreeprimarydifferencesbetweenS3vsEBS?
A. S3isamulti-purposepublicinternet-basedstorageB. EBSisdirectlyassignedtoatenantVPCEC2instanceC. EBSandS3providepersistentstorageD. EBSsnapshotsaretypicallystoredonS3bucketsE. EBSandS3usebucketstomanagefilesF. EBSandS3arebasedonblocklevelstorage
Answer(A,B,D)
Question19:
Whaton-premisessolutionisavailablefromAmazonAWStominimizelatencyforalldata?
A. Gateway-VTL
B. Gateway-cachedvolumes
C. Gateway-storedvolumes
D. EBS
E. S3bucket
F. ElastiCacheAnswer(C)
Question20:
WhatfeaturetransitionsS3storagetoStandard-IAforcostoptimization?
A. RRS/S3
B. Glaciervault
C. storageclassanalysis
D. path-basedroutingAnswer(C)
Question21:
HowdoesAWSuniquelyidentifyS3objects?
A. bucketname
B. version
C. key
D. objecttagAnswer(C)
Question22:
Whatistheadvantageofread-after-writeconsistencyforS3buckets?
A. nostalereadsforPUTofanynewobjectinallregions
B. higherthroughputforallrequests
C. stalereadsforPUTrequestsinsomeregions
D. nostalereadsforGETrequestsinasingleregionsAnswer(A)
Question23:
WhatisthemaximumsinglefileobjectsizesupportedwithAmazonS3?
A. 5GB
B. 5TB
C. 1TB
D. 100GBAnswer(B)
Question24:
WhatsecurityproblemissolvedbyusingCross-OriginResourceSharing(CORS)?
A. enableHTTPrequestsfromwithinscriptstoadifferentdomain
B. enablesharingofweb-basedfilesbetweendifferentbuckets
C. providesecurityforthirdpartyobjectswithinAWS
D. permitssharingobjectsbetweenAWSservices
Answer(A)
Question25:
Whatisrecommendedformigrating40TBofdatafromon-premisestoS3whentheinternetlinkisoftenoverutilized?
A. AWSStoragegateway
B. AWSSnowball
C. AWSImport/Export
D. AWSElasticFileSystem
E. AWSElasticsearch
F. AWSMulti-PartUploadAPIAnswer(B)
Question26:
YourcompanyispublishinganonlinecatalogofbooksthatiscurrentlyusingDynamoDBforstoringtheinformationassociatedwitheachitem.Thereisarequirementtoaddimagesforeachbook.Whatsolutionismostcosteffectiveanddesignedforthatpurpose?
A. RedShiftB. EBSC. RDSD. S3E. Kinesis
Answer(D)
Question27:
Youhaveanapplicationthatcollectsmonitoringdatafrom10,000sensors(IoT)deployedintheUSA.Thedatapointsarecomprisedofvideoeventsforhomesecurityandenvironmentstatusalerts.TheapplicationwillbedeployedtoAWSwithEC2instancesasdatacollectors.WhatAWSstorageserviceispreferredforstoringvideofilesfromsensors?
A. RedShiftB. RDSC. S3D. DynamoDB
Answer(C)
SecurityArchitectureQuestion1:
WhatstatementscorrectlydescribesecuritygroupswithinaVPC?(Selectthree)
A. defaultsecuritygrouponlypermitinboundtraffic
B. securitygroupsarestatefulfirewalls
C. onlyallowrulesaresupported
D. allowanddenyrulesaresupported
E. securitygroupsareassociatedtonetworkinterfacesAnswer(B,C,E)
Question2:
Whatthreeitemsarerequiredtoconfigureasecuritygrouprule?
A. protocoltype
B. VPCname
C. portnumber
D. sourceIP
E. destinationIP
F. descriptionAnswer(A,C,D)
Question3:
WhattwosourceIPaddresstypesarepermittedinasecuritygrouprule?
A. onlyCIDRblockswith/16subnetmask
B. sourceIPaddress0.0.0.0/0
C. singlesourceIPaddresswith/24subnetmask
D. securitygroupid
E. IPv6addresswith/64prefixlengthAnswer(B,D)
Question4:
WhatprotocolsmustbeenabledforremoteaccesstoLinux-basedandWindows-basedEC2instances?
A. SSH,ICMP,Telnet
B. SSH,HTTP,RDP
C. SSH,HTTP,SSL
D. SSH,RDP,ICMPAnswer(D)
Question5:
DistinguishnetworkACLsfromsecuritygroupswithinaVPC?(Selectthree)
A. ACLfiltersatthesubnetlevel
B. ACLisbasedondenyrulesonly
C. ACLisappliedtoinstancesandsubnets
D. ACLisstateless
E. ACLsupportsanumberedlistforfilteringAnswer(A,D,E)
Question6:WhathappenstothesecuritypermissionsofatenantwhenanIAMroleisgranted?(Selecttwo)
A. tenantinheritsonlypermissionsassignedtotheIAMroletemporarilyB. addsecuritypermissionsoftheIAMroletoexistingpermissionsC. previoussecuritypermissionsarenolongerineffectD. previoussecuritypermissionsaredeletedunlessreconfiguredE. tenantinheritsonlyreadpermissionsassignedtotheIAMrole
Answer(A,C)
Question7:
WhereareIAMpermissionsgrantedtoinvokeandexecuteaLambdafunctionforS3access?(Selecttwo)
A.S3bucket
B. EC2instance
C. Lambdafunction
D. IAMrole
E. eventmappingAnswer(A,D)
Question8:
YouhavesomedevelopersworkingoncodeforanapplicationandtheyrequiretemporaryaccesstoAWSclouduptoanhour.Whatistheeasiestweb-basedsolutionfromAWStoprovidesaccessandminimizesecurityexposure?
A. ACL
B. securitygroup
C. IAMgroup
D. STS
E. EFS
Answer(D)
Question9:
WhattwomethodsareusedtorequesttemporarycredentialsbasedonAWSSecurityTokenService(STS)?
A. WebIdentityFederation
B. LDAP
C. IAMidentity
D. dynamicACL
E. privatekeyrotationAnswer(A,C)
Question10:
WhattwocomponentsarerequiredforenablingSAMLauthenticationrequeststoAWSIdentityandAccessManagement(IAM)?
A. accesskeys
B. sessiontoken
C. SSO
D. identityprovider(IdP)
E. SAMLproviderentityAnswer(D,E)
Question11:
WhataretworeasonsfordeployingOriginAccessIdentity(OAI)whenenablingCloudFront?
A. preventusersfromdeletingobjectsinS3bucketsB. mitigatedistributeddenialofserviceattacks(DDoS)C. preventusersfromaccessingobjectswithAmazonS3URLD. preventusersfromaccessingobjectswithCloudFrontURLE. replaceIAMforinternet-basedcustomerauthentication
Answer(B,C)
Question12:
WhatsolutionsarerecommendedtomitigateDDoSattacks?(Selectthree)
A. host-basedfirewall
B. elasticloadbalancer
C. WAF
D. SSL/TLS
E. Bastionhost
F. NATgatewayAnswer(B,C,E)
Question13:
WhatfeaturesarerequiredtopreventusersfrombypassingAWSCloudFrontsecurity?(Selectthree)
A. Bastionhost
B. signedURL
C. IPwhitelist
D. signedcookies
E. originaccessidentity(OAI)Answer(B,D,E)
Question14:
Whatistheadvantageofresource-basedpoliciesforcross-accountaccess?
A. trustedaccountpermissionsarenotreplaced
B. trustedaccountpermissionsarereplaced
C. resource-basedpoliciesareeasiertodeploy
D. trustingaccountmanagesallpermissions
Answer(A)
Question15:
SelectthreerequirementsforconfiguringaBastionhost?
A. EIP
B. SSHinboundpermission
C. defaultroute
D. CloudWatchlogsgroup
E. VPN
F. Auto-ScalingAnswer(A,B,D)
Question16:
WhatrulemustbeaddedtothesecuritygroupassignedtoamounttargetinstancethatenablesEFSaccessfromanEC2instance?
A. Type=EC2,protocol=IP,port=2049,source=remotesecuritygroupid
B. Type=EC2,protocol=EFS,port=2049,source=0.0.0.0/0C. Type=NFS,protocol=TCP,port=2049,source=remotesecurity
groupidD. Type=NFSv4,protocol=UDP,port=2049,source=remotesecurity
groupidAnswer(C)
Question17:WhatstatementcorrectlydescribesIAMarchitecture?
A. IAMsecurityisunifiedperregionandreplicatedbasedonrequirementsforanAWStenantaccount
B. IAMsecurityisdefinedperregionforrolesonlyonanAWStenantaccount
C. IAMsecurityisgloballyunifiedacrosstheAWScloudforanAWStenantaccount
D. IAMsecurityisdefinedseparatelyperregionandcross-regionsecurityenabledforanAWStenantaccount
Answer(C)
Question18:
Whataretwoadvantagesofcustomer-managedencryptionkeys(CMK)?
A. createandrotateencryptionkeys
B. AES-128cipherfordataatrest
C. auditencryptionkeys
D. encryptsdatain-transitforserver-sideencryptiononlyAnswer(A,C)
Question19:
WhatfeatureisnotavailablewithAWSTrustedAdvisor?
A. costoptimization
B. infrastructurebestpractices
C. vulnerabilityassessment
D. monitorapplicationmetricsAnswer(C)
Question20:
WhatisrequiredtoPingfromasourceinstancetoadestinationinstance?A.NetworkACL:notrequiredSecurityGroup:allowICMPoutboundonsource/destinationEC2instancesB.NetworkACL:allowICMPinbound/outboundonsource/destinationsubnetsSecurityGroup:notrequiredC.NetworkACL:allowICMPinbound/outboundonsource/destinationsubnetsSecurityGroup:allowICMPoutboundonsourceEC2instanceSecurityGroup:allowICMPinboundondestinationEC2instanceD.NetworkACL:allowTCPinbound/outboundonsource/destinationsubnetsSecurityGroup:allowTCPandICMPinboundonsourceEC2instanceAnswer(C)
Question21:
Whattwostepsarerequiredtograntcross-accountpermissionsbetweenAWSaccounts?
A. createanIAMuser
B. attachatrustpolicytoS3
C. createatransitivepolicy
D. attachatrustpolicytotherole
E. createanIAMrole
Answer(D,E)
Question22:YouhaveconfiguredasecuritygrouptoallowICMP,SSHandRDPinboundandassignedthesecuritygrouptoallinstancesinasubnet.ThereisnoaccesstoanyLinux-basedorWindows-basedinstancesandyoucannotPinganyinstances.ThenetworkACLforthesubnetisconfiguredtoallowallinboundtraffictothesubnet.Whatisthemostprobablecause?
A. on-premisesfirewallrulesB. securitygroupandnetworkACLoutboundrulesC. networkACLoutboundrulesD. securitygroupoutboundrulesE. Bastionhostrequired
Answer(C)
Question23:
WhatthreetechniquesprovideauthenticationsecurityonS3volumes?
A. bucketpolicies
B. networkACL
C. IdentityandAccessManagement(IAM)
D. encryption
E. AES256Answer(A,B,C)
Question24:WhatstatementcorrectlydescribessupportforAWSencryptionofS3objects?
A. tenantsmanageencryptionforserver-sideencryptionofS3objectsB. Amazonmanagesencryptionforserver-sideencryptionofS3objectsC. client-sideencryptionofS3objectsisnotsupportedD. S3bucketsareencryptedonlyE. SSLisonlysupportedwithGlacierstorage
Answer(B)
Question25:
WhatauthenticationmethodprovidesFederatedSingleSign-On(SSO)forcloudapplications?
A. ADS
B. ISE
C. RADIUS
D. TACACS
E. SAMLAnswer(E)
Question26:
BasedontheAmazonsecuritymodel,whatinfrastructureconfigurationandassociatedsecurityistheresponsibilityoftenantsandnotAmazonAWS?(Selecttwo)
A. dedicatedcloudserver
B. hypervisor
C. operatingsystemlevel
D. applicationlevel
E. upstreamphysicalswitchAnswer(C,D)
Question27:
WhatsecurityauthenticationisrequiredbeforeconfiguringormodifyingEC2instances?(Selectthree)
A. authenticationattheoperatingsystemlevel
B. EC2instanceauthenticationwithasymmetrickeys
C. authenticationattheapplicationlevel
D. Telnetusernameandpassword
E. SSH/RDPsessionconnectionAnswer(A,B,E)
Question28:
WhatfeatureispartofAmazonTrustedAdvisor?
A. securitycompliance
B. troubleshootingtool
C. EC2configurationtool
D. securitycertificatesAnswer(A)
Question29:
WhataretwobestpracticesforaccountmanagementwithinAmazonAWS?A. donotuserootaccountforcommonadministrativetasksB. createasingleAWSaccountwithmultipleIAMusersthathaveroot
privilegeC. createmultipleAWSaccountswithmultipleIAMusersperAWS
accountD. userootaccountforalladministrativetasksE. createmultiplerootuseraccountsforredundancy
Answer(A,C)
Question30:
WhatAWSfeatureisrecommendedforoptimizingdatasecurity?
A. Multi-factorauthentication
B. usernameandencryptedpassword
C. Two-factorauthentication
D. SAML
E. FederatedLDAPAnswer(A)
Question31:
WhatIAMclassenablesanEC2instancetoaccessafileobjectinanS3bucket?
A. user
B. root
C. role
D. groupAnswer(C)
Question32:
Whatarethreerecommendedsolutionsthatprovideprotectionandmitigationfromdistributeddenialofservice(DDoS)attacks?
A. securitygroups
B. CloudWatch
C. encryption
D. WAF
E. datareplication
F. Auto-ScalingAnswer(A,B,D)
Question33:
WhatarethreerecommendedbestpracticeswhenconfiguringIdentityandAccessManagement(IAM)securityservices?
A. LockordeleteyourrootaccesskeyswhennotrequiredB. IAMgroupsarenotrecommendedforstoragesecurityC. createanIAMuserwithadministratorprivilegesD. shareyourpasswordand/oraccesskeyswithmembersofyourgroup
onlyE. deleteanyAWSaccountwheretheaccesskeysareunknown
Answer(A,C,E)
Question34:
WhattwofeaturescreatesecurityzonesbetweenEC2instanceswithinaVPC?
A. securitygroups
B. VirtualSecurityGateway
C. networkACL
D. WAF
Answer(A,B)
Question35:
WhatAWSserviceprovidesvulnerabilityassessmentservicestotenantswithinthecloud?
A. AmazonWAFB. AmazonInspectorC. AmazonCloudLogicD. AmazonTrustedAdvisor
Answer(B)
Question36:
WhataretwoprimarydifferencesbetweenADConnectorandSimpleADforclouddirectoryservices?
A. SimpleADrequiresanon-premisesADSdirectoryB. SimpleADisfullymanagedandsetupinminutesC. ADConnectorrequiresanon-premisesADSdirectoryD. SimpleADismorescalablethanADConnectorE. SimpleADprovidesenhancedintegrationwithIAM
Answer(B,C)
DatabaseServicesQuestion1:
Howisloadbalancingenabledformultipletaskstothesamecontainerinstance?
A. path-basedrouting
B. reverseproxy
C. NAT
D. dynamicportmapping
E. dynamiclistenersAnswer(D)
Question2:
WhatencryptionsupportisavailablefortenantsthataredeployingAWSDynamoDB?
A. server-sideencryption
B. client-sideencryption
C. client-sideandserver-sideencryption
D. encryptionnotsupported
E. blocklevelencryption
Answer(B)
Question3:
WhatarethreeprimaryreasonsfordeployingElastiCache?
A. datasecurity
B. managedservice
C. replicationwithRedis
D. durability
E. lowlatency
Answer(B,C,E)
Question4:
Whatservicedoesnotsupportsessiondatapersistencestoretoenableweb-basedstatefulapplications?
A. RDS
B. Memcached
C. DynamoDB
D. Redis
E. RedShift
Answer(B)
Question5:
HowdoesMemcachedimplementhorizontalscaling?
A. Auto-Scaling
B. databasestore
C. partitioning
D. EC2instances
E. S3bucketAnswer(C)
Question6:
WhattwooptionsareavailablefortenantstoaccessElastiCache?
A. VPCpeeringlink
B. EC2instances
C. EFSmount
D. cross-regionVPCAnswer(A,B)
Question7:
Whattwostatementscorrectlydescribein-transitencryptionsupportonElastiCacheplatform?
A. notsupportedforElastiCacheplatform
B. supportedonRedisreplicationgroup
C. encryptscacheddataatrest
D. notsupportedonMemcachedcluster
E. IPsecmustbeenabledfirstAnswer(B,D)
Question8:
WhatAmazonAWSplatformisdesignedforcomplexanalyticsofavarietyoflargedatasetsbasedoncustomcode.Theapplicationsincludemachinelearninganddatatransformation?
A. EC2
B. Beanstalk
C. Redshift
D. EMRAnswer(D)
Question9:
WhataretwoprimaryadvantagesofDynamoDB?
A. SQLsupport
B. managedservice
C. performance
D. CloudFrontintegrationAnswer(B,C)
Question10:
WhattwofaulttolerantfeaturesdoesAmazonRDSsupport?
A. copysnapshottoadifferentregion
B. createreadreplicatoadifferentregion
C. copyunencryptedread-replicaonly
D. copyread/writereplicaandsnapshotAnswer(A,B)
Question11:
WhatmanagedservicesareincludedwithAmazonRDS?(selectfour)
A. assignnetworkcapacitytodatabaseinstances
B. installdatabasesoftware
C. performregularbackups
D. datareplicationacrossmultipleavailabilityzones
E. datareplicationacrosssingleavailabilityzoneonly
F. configuredatabase
G. performancetuningAnswer(A,B,C,D)
Question12:
Whattwoconfigurationfeaturesarerequiredtocreateaprivatedatabaseinstance?
A. securitygroup
B. networkACL
C. CloudWatch
D. ElasticIP(EIP)
E. NondefaultVPC
F. DNSAnswer(A,F)
Question13:
Whatstoragetypeisrecommendedforanonlinetransactionprocessing(OLTP)applicationdeployedtoMulti-AZRDSwithsignificantworkloads?
A. GeneralPurposeSSD
B. Magnetic
C. EBSvolumes
D. ProvisionedIOPSAnswer(D)
Question14:
WhatfeaturesaresupportedwithAmazonRDS?(Selectthree)
A. horizontalscalingwithmultiplereadreplicas
B. elasticloadbalancingRDSreadreplicas
C. replicatereadreplicascross-region
D. automaticfailovertomasterdatabaseinstance
E. applicationloadbalancer(ALB)Answer(A,C,E)
Question15:
WhatarethreeadvantagesofstandbyreplicainaMulti-AZRDSdeployment?
A. faulttolerance
B. eliminateI/Ofreezes
C. horizontalscaling
D. verticalscaling
E. dataredundancyAnswer(A,B,E)
Question16:
WhatconsistencymodelisthedefaultusedbyDynamoDB?
A. stronglyconsistent
B. eventuallyconsistent
C. nodefaultmodel
D. casualconsistency
E. sequentialconsistency
Answer(B)
Question17:
WhatdoesRDSusefordatabaseandlogstorage?
A. EBS
B. S3
C. instancestore
D. localstore
E. SSDAnswer(A)
Question18:
WhatstatementscorrectlydescribesupportforMicrosoftSQLServerwithinAmazonVPC?(Selectthree)
A. read/writereplica
B. readreplicaonly
C. verticalscaling
D. nativeloadbalancing
E. EBSstorageonly
F. S3storageonly
Answer(B,C,D)
Question19:
SelecttwofeaturesavailablewithAmazonRDSforMySQL?
A. Auto-Scaling
B. readrequeststostandbyreplicas
C. real-timedatabasereplication
D. activereadrequestsonlyAnswer(B,C)
Question20:
WhataretwocharacteristicsofAmazonRDS?
A. databasemanagedservice
B. NoSQLqueries
C. nativeloadbalancer
D. databasewritereplicas
E. automaticfailoverofreadreplicaAnswer(A,C)
Question21:
WhatcachingenginesaresupportedwithAmazonElastiCache?(Selecttwo)
A. HAProxy
B. Route53
C. RedShift
D. Redis
E. Memcached
F. CloudFrontAnswer(D,E)
Question22:
WhatarethreeprimarycharacteristicsofDynamoDB?
A. lessscalablethanRDS
B. staticcontent
C. storemetadataforS3objects
D. replicationtothreeAvailabilityZones
E. highread/writethroughput
Answer(C,D,E)
Question23:
WhatarethreeexamplesofusingLambdafunctionstomovedatabetweenAWSservices?
A. readdatadirectlyfromDynamoDBstreamstoRDSB. readdatafromKinesisstreamandwritedatatoDynamoDBC. readdatafromDynamoDBstreamtoFirehoseandwritetoS3D. readdatafromS3andwritemetadatatoDynamoDBE. readdatafromKinesisFirehosetoKinesisdatastream
Answer(B,C,D)
Question24:YouhaveenabledAmazonRDSdatabaseservicesinVPC1foranapplicationwithpublicwebserversinVPC2.HowdoyouconnectthewebserverstotheRDSdatabaseinstancesotheycancommunicateconsideringtheVPC'sareindifferentregions?
A. VPCendpointsB. VPNgatewayC. path-basedroutingD. publiclyaccessibledatabaseE. VPCpeering
Answer(D)
Question25:
YouhavearequirementtocreateanindextosearchcustomerobjectsstoredinS3buckets.ThesolutionshouldenableyoutocreateametadatasearchindexforeachobjectstoredtoanS3bucket.Selectthemostscalableandcosteffectivesolution?
A. RDS,ElastiCacheB. DynamoDB,LambdaC. RDS,EMR,ALBD. RedShift
Answer(B)
Question26:WhatarethreeadvantagesofusingDynamoDBoverS3forstoringIoTsensordatawherethereare100,000datapointsamplessentperminute?
A. S3mustcreateasinglefileforeacheventB. IoTcanwritedatadirectlytoDynamoDBC. DynamoDBprovidesfastread/writestoastructuredtableforqueriesD. DynamoDBisdesignedforfrequentaccessandfastlookupofsmall
recordsE. S3isdesignedforfrequentaccessandfastlookupofsmallerrecordsF. IoTcanwritedatadirectlytoS3
Answer(B,C,D)
Question27:
Yourcompanyisaproviderofonlinegamingthatcustomersaccesswithvariousnetworkaccessdevicesincludingmobilephones.Whatisadatawarehousingsolutionsforlargeamountsofinformationonplayerbehavior,statisticsandeventsforanalysisusingSQLtools?
A. RedShiftB. DynamoDBC. RDSD. DynamoDBE. Elasticsearch
Answer(A)
Question28:WhattwostatementsarecorrectwhencomparingElasticsearchandRedShiftasanalyticaltools?
A. ElasticsearchisatextsearchengineanddocumentindexingtoolB. RedShiftsupportscomplexSQL-basedquerieswithPetabytesizeddata
storeC. ElasticsearchsupportsSQLqueriesD. RedShiftprovidesonlybasicanalyticalservicesE. ElasticsearchdoesnotsupportJSONdatatype
Answer(A,B)
Question29:
Whathappenswhenreadorwriterequestsexceedcapacityunits(throughputcapacity)foraDynamoDBtableorindex?(Selecttwo)
A. DynamoDBautomaticallyincreasesread/writeunitsB. DynamoDBcanthrottlerequestssothatrequestsarenotexceededC. HTTP400codeisreturned(BadRequest)D. HTTP500codeisreturned(ServerError)E. DynamoDBautomaticallyincreasesread/writeunitsifprovisioned
throughputisenabledAnswer(B,C)
Question30:
WhatreadconsistencymethodprovideslowerlatencyforGetItemrequests?
A. stronglypersistentB. eventuallyconsistentC. stronglyconsistentD. writeconsistent
Answer(B)
Question31:
YoumustspecifystronglyconsistentreadandwritecapacityforyourDynamoDBdatabase.Youhavedeterminedreadcapacityof128Kbpsandwritecapacityof25Kbpsisrequiredforyourapplication.WhatisthereadandwritecapacityunitsrequiredforDynamoDBtable?
A. 32readunits,25writeunitsB. 1readunit,1writeunitC. 16readunits,2.5writeunitsD. 64readunits,10writeunits
Answer(A)
Question32:
WhatDynamoDBcapacitymanagementtechniqueisbasedonthetenantspecifyinganupperandlowerrangeforread/writecapacityunits?
A. demandB. provisionedthroughputC. reservedcapacityD. autoscalingE. generalpurpose
Answer(D)
Question33:
WhatisthemaximumvolumesizeofaMySQLRDSdatabase?
A. 6TBB. 3TBC. 16TBD. unlimited
Answer(C)
Question34:
WhatisthemaximumsizeofaDynamoDBrecord(item)?
A. 400KBB. 64KBC. 1KBD. 10KB
Answer(A)
FaultTolerantSystemsQuestion1:
WhattwofeaturesdescribeanApplicationLoadBalancer(ALB)?
A. dynamicportmapping
B. SSLlistener
C. layer7loadbalancer
D. backendserverauthentication
E. multi-regionforwardingAnswer(A,C)
Question2:
Whatenablesloadbalancingbetweenmultipleapplicationsperloadbalancer?
A. listeners
B. stickysessions
C. path-basedrouting
D. backendserverauthentication
Answer(C)
Question3:
WhatthreefeaturesarecharacteristicofClassicLoadBalancer?
A. dynamicportmapping
B. path-basedrouting
C. SSLlistener
D. backendserverauthentication
E. ECS
F. Layer4basedloadbalancerAnswer(C,D,F)
Question4:
WhatsecurityfeatureisonlyavailablewithClassicLoadBalancer?
A. IAMrole
B. SAML
C. back-endserverauthentication
D. securitygroups
E. LDAPAnswer(C)
Question5:
WhatisaprimarydifferencebetweenClassicandNetworkLoadBalancer?
A. IPaddresstarget
B. Auto-Scaling
C. protocoltarget
D. cross-zoneloadbalancing
E. listenerAnswer(A)
Question6:WhatarethefirsttwoconditionsusedbyAmazonAWSdefaultterminationpolicyforMulti-AZarchitecture?
A. unprotectedinstancewitholdestlaunchconfigurationB. AvailabilityZone(AZ)withthemostinstancesC. atleastoneinstancethatisnotprotectedfromscaleinD. unprotectedinstanceclosesttothenextbillinghourE. randomselectionofanyunprotectedinstance
Answer(B,C)
Question7:
WhatfeatureisusedforhorizontalscalingofconsumerstoprocessdatarecordsfromaKinesisdatastream?
A. verticalscalingshards
B. Auto-Scaling
C. Lambda
D. ElasticLoadBalancerAnswer(B)
Question8:
WhatDNSrecordscanbeusedforpointingazoneapextoanElasticLoadBalancerorCloudFrontdistribution?(Selecttwo)
A. Alias
B. CNAME
C. MX
D. A
E. NameServerAnswer(A,D)
Question9:WhatservicesareprimarilyprovidedbyDNSRoute53?(Selectthree)
A. loadbalancingwebserverswithinaprivatesubnetB. resolvehostnamesandIPaddressesC. loadbalancingwebserverswithinapublicsubnetD. loadbalancingdatareplicationrequestsbetweenECScontainersE. resolvequeriesandrouteinternettraffictoAWSresourcesF. automatedhealthcheckstoEC2instances
Answer(B,E,F)
Question10:
WhataretwofeaturesthatcorrectlydescribeAvailabilityZone(AZ)architecture?
A. multipleregionsperAZ
B. interconnectedwithprivateWANlinks
C. multipleAZperregion
D. interconnectedwithpublicWANlinks
E. dataauto-replicatedbetweenzonesindifferentregions
F. DirectConnectsupportsLayer2connectivitytoregionAnswer(B,C)
Question11:
HowisRoute53configuredforWarmStandbyfaulttolerance?(Selecttwo)
A. automatedhealthchecks
B. path-basedrouting
C. failoverrecords
D. AliasrecordsAnswer(A,C)
Question12:
HowisDNSRoute53configuredforMulti-Sitefaulttolerance?(Selecttwo)
A. IPaddress
B. weightedrecords(non-zero)
C. healthchecks
D. Aliasrecords
E. zeroweightedrecords
Answer(B,C)
Question13:
WhatisanAvailabilityZone?
A. datacenter
B. multipleVPCs
C. multipleregions
D. singleregion
E. multipleEC2serverinstancesAnswer(A)
Question14:
HowareDNSrecordsmanagedwithAmazonAWStoenablehighavailability?
A. Auto-Scaling
B. serverhealthchecks
C. reverseproxy
D. elasticloadbalancingAnswer(C)
Question15:
WhatisthedifferencebetweenWarmStandbyandMulti-Sitefaulttolerance?(Selecttwo)
A. Multi-SiteenableslowerRTOandmostrecentRPOB. WarmStandbyenableslowerRTOandmostrecentRPOC. Multi-Siteprovidesactive/activeloadbalancingD. Multi-Siteprovidesactive/standbyloadbalancingE. DNSRoute53isnotrequiredforWarmStandby
Answer(A,C)
Question16:
WhatAWSbestpracticeisrecommendedforcreatingfaulttolerantsystems?
A. verticalscaling
B. ElasticIP(EIP)
C. securitygroups
D. horizontalscaling
E. RedShiftAnswer(D)
Question17:
WhattwostatementscorrectlydescribeversioningforprotectingdataatrestonS3buckets?
A. enabledbydefault
B. overwritesmostcurrentfileversion
C. restoresdeletedfiles
D. savesmultipleversionsofasinglefile
E. disabledbydefaultAnswer(C,E)
Question18:
WhattwomethodsarerecommendedbyAWSforprotectingEBSdataatrest?
A. replication
B. snapshots
C. encryption
D. VPNAnswer(B,C)
Question19:YouhaveanElasticLoadBalancerassignedtoaVPCwithpublicandprivatesubnets.ELBisconfiguredtoloadbalancetraffictoagroupofEC2instancesassignedtoanAuto-Scalinggroup.Whatthreestatementsarecorrect?
A. ElasticLoadBalancerisassignedtoapublicsubnetB. networkACLisassignedtoElasticLoadBalancerC. securitygroupisassignedtoElasticLoadBalancerD. cross-zoneloadbalancingisnotsupportedE. ElasticLoadBalancerforwardstraffictoprimaryprivateIPaddress
(eth0interface)oneachinstanceAnswer(A,C,E)
DeploymentQuestion1:
WhatAmazonAWSserviceisavailableforcontainermanagement?
A. ECS
B. Docker
C. Kinesis
D. LambdaAnswer(A)
Question2:
WhatisassociatedwithMicroservices?(Selecttwo)
A. ApplicationLoadBalancer
B. Kinesis
C. RDS
D. DynamoDB
E. ECSAnswer(A,E)
Question3:
WheredoesAmazonretrievewebcontentwhenitisnotinthenearestCloudFrontedgelocation?
A. secondarylocation
B. fileserver
C. EBS
D. S3bucketAnswer(D)
Question4:
WhattwofeaturesofanAPIGatewayminimizetheeffectsofpeaktrafficeventsandminimizelatency?
A.loadbalancing
B. firewalling
C. throttling
D. scaling
E. caching
Answer(C,E)
Question5:
WhatthreecharacteristicsdifferentiateLambdafromtraditionalEC2deploymentorcontainerization?
A. LambdaisbasedonKinesisscripts
B. Lambdaisserverless
C. tenanthasownershipofEC2instances
D. tenanthasnocontrolofEC2instances
E. Lambdaisacode-basedservice
F. LambdasupportsonlyS3andGlacierAnswer(B,D,E)
Question6:
HowiscodeuploadedtoLambda?
A. Lambdainstance
B. Lambdacontainer
C. Lambdaentrypoint
D. Lambdafunction
E. LambdaAMIAnswer(D)
Question7:
HowareLambdafunctionstriggered?
A. EC2instance
B. hypervisor
C. Kinesis
D. operatingsystem
E. eventsourceAnswer(E)
Question8:WhatthreestatementscorrectlydescribestandardLambdaoperation?
A. Lambdafunctionisallocated500MBephemeraldiskspaceB. Lambdafunctionisallocated100MBEBSstorageC. LambdastorescodeinS3D. LambdastorescodeinaGlaciervaultE. LambdastorescodeincontainersF. maximumexecutiontimeis300seconds
Answer(A,C,F)
Question9:WhatnetworkeventsarerestrictedbyLambda?(Selecttwo)
A. onlyinboundTCPnetworkconnectionsareblockedbyAWSLambdaB. allinboundnetworkconnectionsareblockedbyAWSLambdaC. allinboundandoutboundconnectionsareblockedD. outboundconnectionssupportonlyTCP/IPsocketsE. outboundconnectionssupportonlySSLsockets
Answer(B,D)
Question10:
HowisversioningsupportedwithLambda?(Selecttwo)
A. Lambdanativesupport
B. ECScontainer
C. notsupported
D. Aliases
E. replication
F. S3versioningAnswer(A,D)
Question11:WhatisthedifferencebetweenStream-basedandAWSServiceswhenenablingLambda?
A. streamsmaintainseventsourcemappinginLambdaB. streamsmaintainseventsourcemappingineventsourceC. streamsmaintainseventsourcemappinginEC2instanceD. streamsmaintainseventsourcemappinginnotificationE. streamsmaintainseventsourcemappinginAPI
Answer(A)
Question12:
Selecttwocustomoriginserversfromthefollowing?
A. S3bucket
B. S3object
C. EC2instance
D. ElasticLoadBalancer
E. APIgatewayAnswer(C,D)
Question13:
WhattwoattributesareonlyassociatedwithCloudFrontprivatecontent?
A. AmazonS3URL
B. signedcookies
C. webdistribution
D. signedURL
E. objectAnswer(B,D)
Question14:
HowareoriginserverslocatedwithinCloudFront(Selecttwo)
A. DNSrequest
B. distributionlist
C. webdistribution
D. RTMPprotocol
E. sourcemappingAnswer(A,C)
Question15:
WhereareHTMLfilessourcedfromwhentheyarenotcachedataCloudFrontedgelocation?
A. S3object
B. originHTTPserver
C. S3bucket
D. nearestedgelocation
E. RTMPserver
F. failoveredgelocationAnswer(B)
Question16:
WhatisthecapacityofasingleKinesisshard?(Selecttwo)
A. 2000PUTrecordspersecond
B. 1MB/secdatainputand2MB/secdataoutput
C. 10MB/secdatainputand10MB/secdataoutput
D. 1000PUTrecordspersecond
E. unlimitedAnswer(B,D)
Question17:
WhatAmazonAWSservicesupportsreal-timeprocessingofdatastreamfrommultipleconsumersandreplayofrecords?
A. DynamoDB
B. EMR
C. Kinesisdatastreams
D. SQS
E. RedShiftAnswer(C)
Question18:Yourcompanyhasaskedyoutocaptureandforwardareal-timedatastreamonamassivescaledirectlytoRedShiftforanalysiswithBItools.WhatAWStoolismostappropriatethatprovidesthefeaturesetandcosteffective?
A. DynamoDBB. SQSC. ElasticMapReduceD. KinesisFirehoseE. SNSF. CloudFront
Answer(D)
Question19:
WhatfeaturepermitstenantstouseaprivatedomainnameinsteadofthedomainnamethatCloudFrontassignstoadistribution?
A. Route53
B. CNAMErecord
C. MXrecord
D. RTMP
E. SignedURLAnswer(B)
Question20:
WhatAmazonAWSserviceisavailabletoguaranteetheconsumingofauniquemessageonlyonce?
A. Beanstalk
B. SQL
C. Exchange
D. SQSAnswer(D)
Question21:
Whatisthefastestandeasiestmethodformigratinganon-premisesVMwarevirtualmachinetotheAWScloud?
A. AmazonMarketplace
B. AWSServerMigrationService
C. AWSStorageGateway
D. EC2Import/ExportAnswer(B)
Question22:
Selectthestatelessprotocolfromthefollowing?
A. FTP
B. TCP
C. HTTP
D. SSHAnswer(C)
Question23:
WhatarethreevalidendpointsforanAPIgateway?
A. RESTfulAPI
B. Lambdafunction
C. AWSservice
D. webserver
E. HTTPmethod
Answer(B,C,D)
Question24:
Howisavolumeselected(identified)whenmakinganEBSSnapshot?
A. accountid
B. volumeid
C. tag
D. ARNAnswer(D)
Question25:
WhatdeploymentserviceenablestenantstoreplicateanexistingAWSstack?
A. Beanstalk
B. CloudFormation
C. RedShift
D. EMR
Answer(B)
Question26:
WhatthreeservicescaninvokeaLambdafunction?
A. SNStopic
B. CloudWatchevent
C. EC2instance
D. securitygroup
E. S3bucketnotificationAnswer(A,B,E)
Question27:
WhattwoservicesenableautomaticpollingofastreamfornewrecordsonlyandforwardthemtoanAWSstorageservice?
A. SNS
B. Kinesis
C. Lambda
D. DynamoDBAnswer(B,C)
Question28:YourcompanyisdeployingawebsitewithdynamiccontenttocustomersinUS,EUandAPACregionsoftheworld.Contentwillincludelivestreamingvideostocustomers.SSLcertificatesarerequiredforsecuritypurposes.SelecttheAWSservicedeliversallrequirementsandprovidesthelowestlatency?
A. DynamoDBB. CloudFrontC. S3D. Redis
Answer(B)
Question29:
WhataretheadvantagesofBeanstalk?(Selecttwo)
A. orchestrationanddeploymentabstraction
B. template-orienteddeploymentservice
C. easiestsolutionfordeveloperstodeploycloudapplications
D. doesnotsupportcloudcontainersAnswer(A,C)
Question30:YouareanetworkanalystwithJSONscriptingexperienceandaskedtoselectanAWSsolutionthatenablesautomateddeploymentofcloudservices.ThetemplatedesignwouldincludeanondefaultVPCwithEC2instances,ELB,Auto-Scalingandactive/activefailover.WhatAWSsolutionisrecommended?
A. BeanstalkB. OpsWorksC. CloudTrailD. CloudFormation
Answer(D)
Question31:
SelecttwostatementsthatcorrectlydescribeOpsWorks?
A. Opsworksprovidesoperationalandconfigurationautomation
B. OpsWorksisalowercostalternativetoBeanStalk
C. OpsWorksisprimarilyamonitoringservice
D. Chefscripts(recipes)areakeyaspectofOpsWorksAnswer(A,D)
Question32:
YourcompanyhasdevelopedanIoTapplicationthatsendsTelemetrydatafrom100,000sensors.Thesensorssendadatapointof1KBatone-minuteintervalstoaDynamoDBcollectorformonitoringpurposes.WhatAWSstackwouldenableyoutostoredataforreal-timeprocessingandanalyticsusingBItools?
A. Sensors->KinesisStream->Firehose->DynamoDBB. Sensors->KinesisStream->Firehose->DynamoDB->S3C. Sensors->AWSIoT->Firehose->RedShiftD. Sensors->KinesisDataStreams->Firehose->RDS
Answer(C)
Question33:
YourcompanyhasanapplicationthatwasdevelopedandmigratedtoAWScloud.TheapplicationleveragessomeAWSservicesaspartofthearchitecture.ThestackincludesEC2instances,RDSdatabase,S3buckets,RedShiftandLambdafunctions.InadditionthereisIAMsecuritypermissionsconfiguredwithdefinedusers,groupsandroles.TheapplicationismonitoredwithCloudWatchandSTSwasrecentlyaddedforpermittingWebIdentityFederationsign-onfromGoogleaccounts.YouwantasolutionthatcanleveragetheexperienceofyouremployeeswithAWScloudinfrastructureaswell.WhatAWSservicecancreateatemplateofthedesignandconfigurationforeasierdeploymentoftheapplicationtomultipleregions?
A. SnowballB. OpsworksC. CloudFormationD. Beanstalk
Answer(C)
MonitoringServicesQuestion1:
WhatstatementcorrectlydescribesCloudWatchoperationwithinAWScloud?
A. logdataisstoredindefinitely
B. logdataisstoredfor15days
C. alarmhistoryisneverdeleted
D. ELBisnotsupportedAnswer(A)
Question2:
WhataretwoAWSsubscriberendpointservicesthataresupportedwithSNS?
A. RDS
B. Kinesis
C. SQS
D. Lambda
E. EBS
F. ECSAnswer(C,D)
Question3:
WhatAWSservicesworkinconcerttointegratesecuritymonitoringandauditwithinaVPC?(Selectthree)
A. Syslog
B. CloudWatch
C. WAF
D. CloudTrail
E. VPCFlowLogAnswer(B,D,E)
Question4:
HowisCloudWatchintegratedwithLambda?(Selecttwo)
A. tenantmustenableCloudWatchmonitoring
B. networkmetricssuchaslatencyarenotmonitored
C. LambdafunctionsareautomaticallymonitoredthroughLambdaservice
D. loggroupiscreatedforeacheventsource
E. loggroupiscreatedforeachfunctionAnswer(C,E)
Question5:
WhattwostatementscorrectlydescribeAWSmonitoringandauditoperations?A. CloudTrailcapturesAPIcalls,storestheminanS3bucketandgenerates
aCloudwatcheventB. CloudWatchalarmcansendamessagetoaLambdafunctionC. CloudWatchalarmcansendamessagetoanSNSTopicthattriggersan
eventforaLambdafunctionD. CloudTrailcapturesallAWSeventsandstorestheminalogfileE. VPClogsdonotsupporteventsforsecuritygroups
Answer(A,C)
Question6:
WhatisrequiredforremotemanagementaccesstoyourLinux-basedinstance?
A. ACL
B. Telnet
C. SSH
D. RDPAnswer(C)
Question7:
WhataretwofeaturesofCloudWatchoperation?A. CloudWatchdoesnotsupportcustommetricsB. CloudWatchpermissionsaregrantedperfeatureandnotAWSresourceC. collectandmonitoroperatingsystemandapplicationgeneratedlogfilesD. AWSservicesautomaticallycreatelogsforCloudWatchE. CloudTrailgenerateslogsautomaticallywhenAWSaccountisactivated
Answer(B,C)
Question8:
YouareaskedtoselectanAWSsolutionthatwillcreatealogentryanytimeasnapshotofanRDSdatabaseinstanceanddeletestheoriginalinstance.SelecttheAWSservicethatwouldprovidethatfeature?
A. VPCFlowLogs
B. RDSAccessLogs
C. CloudWatch
D. CloudTrailAnswer(D)
Question9:
WhatisrequiredtoenableapplicationandoperatingsystemgeneratedlogsandpublishtoCloudWatchLogs?
A. Syslog
B. enableaccesslogs
C. IAMcross-accountenabled
D. CloudWatchLogAgentAnswer(D)
Question10:
WhatisthepurposeofVPCFlowLogs?
A. captureVPCerrormessages
B. captureIPtrafficonnetworkinterfaces
C. monitornetworkperformance
D. monitornetflowdatafromsubnets
E. enableSyslogservicesforVPCAnswer(B)
Question11:
Selecttwocloudinfrastructureservicesand/orcomponentsincludedwithdefaultCloudWatchmonitoring?
A. SQSqueues
B. operatingsystemmetrics
C. hypervisormetrics
D. virtualappliances
E. applicationlevelmetricsAnswer(A,C)
Question12:
WhatfeatureenablesCloudWatchtomanagecapacitydynamicallyforEC2instances?
A. replicationlag
B. Auto-Scaling
C. ElasticLoadBalancer
D. verticalscalingAnswer(B)
Question13:
WhatAWSserviceisusedtomonitortenantremoteaccessandvarioussecurityerrorsincludingauthenticationretries?
A. SSH
B. Telnet
C. CloudFront
D. CloudWatchAnswer(D)
Question14:
HowdoesAmazonAWSisolatemetricsfromdifferentapplicationsformonitoring,storeandreportingpurposes?
A. EC2instances
B. Beanstalk
C. CloudTrail
D. namespaces
E. DockerAnswer(D)
Question15:
WhatAmazonAWSserviceprovidesaccounttransactionmonitoringandsecurityaudit?
A. CloudFront
B. CloudTrail
C. CloudWatch
D. securitygroupAnswer(B)
Question16:
WhattwostatementscorrectlydescribeCloudWatchmonitoringofdatabaseinstances?
A. metricsaresentautomaticallyfromDynamoDBandRDStoCloudWatch
B. alarmsmustbeconfiguredforDynamoDBandRDSwithinCloudWatchC. metricsarenotenabledautomaticallyforDynamoDBandRDSD. RDSdoesnotsupportmonitoringofoperatingsystemmetrics
Answer(A,B)
Question17:WhatAWSservicecansendnotificationstocustomersmartphonesandmobileapplicationswithattachedvideoand/oralerts?
A. EMRB. LambdaC. SQSD. SNSE. CloudTrail
Answer(D)AmazonBooks•AWSCertifiedSolutionsArchitectAssociateExam:StudyNotes•AWSCertifiedSolutionsArchitectAssociateExam:CertificationPracticeQuestions(fullanswerkeyversion)