Whizlabs Practice Test I
Whizlabs Practice Test I
State Finished
Result FAIL
QUESTION 1
INCORRECT
MARK 0 OUT OF 1
Submit Feedback
You currently have an EC2 instance hosting a web application. The number of users is expected to increase in
the coming months and hence you need to add more elasticity to your setup. Which of the following methods
can help add elasticity to your existing setup. Choose 2 answers from the options given below
Please select :
A. Setup your web app on more EC2 instances and set them behind an Elastic Load balancer
C. Setup your web app on more EC2 instances and use Route53 to route requests accordingly.
Answer – A and C
The Elastic Load balancer is one of the most the ideal solution for adding elasticity to your application.
The below snapshot is an example where you can add 3 EC2 Instances to an ELB. All requests can then be routed
accordingly to these instances.
For more information on Elastic Load Balancer, please visit the below URL:
https://aws.amazon.com/elasticloadbalancing/
The other alternative is to create a routing policy in Route53 with Weighted routing policy . Weighted resource record
sets let you associate multiple resources with a single DNS name. Weighted routing policy enables Route 53 to route
tra c to di erent resources in speci ed proportions (weights).To create a group of weighted resource record sets, two
or more resource record sets can be created that have the same combination of DNS name and type, and each
resource record set is assigned a unique identi er and a relative weight.
http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/Welcome.html
Option B is not valid because this will just cache the reads , and will not add that desired elasticity to your application.
Option D is not valid , because there is no mention of a persistence layer in the question , that would require the use of
DynamoDB.
The correct answers are: Setup your web app on more EC2 instances and set them behind an Elastic Load balancer,
Setup your web app on more EC2 instances and use Route53 to route requests accordingly.
QUESTION 2
INCORRECT
MARK 0 OUT OF 1
Submit Feedback
You are creating a Provisioned IOPS volume in AWS. The size of the volume is 8 GiB. Which of the following are
the possible values that can put for the IOPS of the volume
Please select :
A. 400
B. 500
C. 600
D. 1000
Answer – A
The Maximum ratio of IOPS to volume size is 50:1 , so if the volume size is 8 GiB , the maximum IOPS of the volume can
be 400. If you go beyond this value , you will get an error as shown in the screenshot below.
For more information on Provisioned IOPS, please visit the below URL:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html
QUESTION 3
CORRECT
MARK 1 OUT OF 1
Submit Feedback
A company is hosting EC2 instances which focuses on work-loads are on non-production and non-priority
batch loads. Also these processes can be interrupted at any time. What is the best pricing model which can be
used for EC2 instances in this case?
Please select :
A. Reserved Instances
B. On-Demand Instances
C. Spot Instances
D. Regular Instances
Answer – C
Spot instances enable you to bid on unused EC2 instances, which can lower your Amazon EC2 costs signi cantly. The
hourly price for a Spot instance (of each instance type in each Availability Zone) is set by Amazon EC2, and uctuates
depending on the supply of and demand for Spot instances. Your Spot instance runs whenever your bid exceeds the
current market price.
Spot instances are a cost-e ective choice if you can be exible about when your applications run and if your
applications can be interrupted. For example, Spot instances are well-suited for data analysis, batch jobs, background
processing, and optional tasks
Option A is invalid because even though Reserved instances can reduce costs , its best for workloads that would be
active for a longer period of time rather than for batch load processes which could last for a shorter period of time.
Option B is not right because On-Demand Instances tend to be more expensive than Spot Instances.
For more information on Spot Instances, please visit the below URL:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-spot-instances.html
QUESTION 4
CORRECT
MARK 1 OUT OF 1
Submit Feedback
You have 2 Ubuntu instances located in di erent subnets in the same VPC. Now to your understanding these
instances should be able to communicate with each other, but when you try to ping from one instance to
another, you get a timeout. The Route tables seem to be valid and has the entry for the Target ‘local’ for your
VPC CIDR. Which of the following could be a valid reason for this issue.
Please select :
A. The Instances are of the wrong AMI , hence you are not able to ping the instances.
B. The Security Group has not been modi ed for allow the required tra c.
C. The Instances don’t have Public IP, so that the ping commands can be routed
D. The Instances don’t have Elastic IP, so that the ping commands can be routed
Answer – B
The security groups need to con gured to ensure that ping commands can go through. The below snapshot shows that
the ICMP protocol needs to be allowed to ensure that the ping packets can be routed to the instances. You need to edit
the Inbound Rules of the Web Security Group.
Option A is invalid because the AMI will not impact the ping command
Option C and D are invalid because even if you have a Public IP and Elastic IP allocated to the Instance, you need to
ensure there is a route to the internet gateway and the Web Security Groups are con gured accordingly.
For more information on Security Groups, please visit the below URL:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html
The correct answer is: The Security Group has not been modi ed for allow the required tra c.
QUESTION 5
CORRECT
MARK 1 OUT OF 1
Submit Feedback
What is the best way to move an EBS volume currently attached to an EC2 instance from one
availability zone to another ?
Please select :
A. Detach the volume and attach to an EC2 instance in another AZ.
B. Create a new volume in the other AZ and specify the current volume as the source.
C. Create a snapshot of the volume and then create a volume from the snapshot in the other AZ
D. Create a new volume in the AZ and do a disk copy of contents from one volume to another.
Answer – C
In order for a volume to be available in another availability zone, you need to rst create a snapshot from the volume.
Then in the snapshot from creating a volume from the snapshot , you can then specify the new availability zone
accordingly.
Option A is invalid, because the Instance and Volume have to be in the same AZ in order for it to be attached to the
instance
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.html
The correct answer is: Create a snapshot of the volume and then create a volume from the snapshot in the other AZ
CORRECT
MARK 1 OUT OF 1
Submit Feedback
When it comes to API credentials, what is the best practise recommended by AWS?
Please select :
A. Create a role which has the necessary and can be assumed by the EC2 instance.
Answer – A
IAM roles are designed in such a way so that your applications can securely make API requests from your instances,
without requiring you to manage the security credentials that the applications use.
Option B,C and D are invalid because it is not secure to use API credentials from any EC2 instance. The API credentials
can be tampered with and hence is not the ideal secure way to make API calls.
For more information on IAM roles for EC2, please visit the below URL:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html
The correct answer is: Create a role which has the necessary and can be assumed by the EC2 instance.
QUESTION 7
INCORRECT
MARK 0 OUT OF 1
Submit Feedback
You want to retrieve the Public IP addresses assigned to a running instance via the Instance metadata. Which
of the below urls is valid for retrieving this data.
Please select :
A. http://169.254.169.254/latest/meta-data/public-ipv4
B. http://254.169.254.169/latest/meta-data/public-ipv4
C. http://254.169.254.169/meta-data/latest/public-ipv4
D. http://169.254.169.254/meta-data/latest/public-ipv4
Your answer is incorrect.
Answer - A
As per the AWS documentation, below is the right way to access the instance metadata
For more information on Instance metadata, please visit the below URL:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
QUESTION 8
INCORRECT
MARK 0 OUT OF 1
Submit Feedback
You are planning to use the MySQL RDS in AWS. You have a requirement to ensure that you are available to
recover from a database crash. Which of the below is not a recommended practise when you want to ful l this
requirement
Please select :
A. Ensure that automated backups are enabled for the RDS
B. Ensure that you use the MyISAM storage engine for MySQL
For more information on best practices for MySQL Storage, please visit the below URL:
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_BestPractices.html#CHAP_BestPractices.MySQLStorage
The correct answer is: Ensure that you use the MyISAM storage engine for MySQL
QUESTION 9
CORRECT
MARK 1 OUT OF 1
Submit Feedback
Please select :
A. demo
B. Example
C. .example
D. demo.
Answer - A
Option C is invalid because the bucket name cannot start with a period (.).
Option D is invalid because the bucket name cannot end with a period (.).
For more information on S3 Bucket restrictions, please visit the below URL:
http://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html
QUESTION 10
CORRECT
MARK 1 OUT OF 1
Submit Feedback
Please select :
A. Registration of Domain Names
Answer – C
The below features are available for Route53 hence option A,B and D are valid.
Register domain names – Your website needs a name, such as example.com. Amazon Route 53 lets you register a
name for your website or web application, known as a domain name.
Route internet tra c to the resources for your domain – When a user opens a web browser and enters your domain
name in the address bar, Amazon Route 53 helps the Domain Name System (DNS) connect the browser with your
website or web application.
Check the health of your resources – Amazon Route 53 sends automated requests over the internet to a resource,
such as a web server, to verify that it's reachable, available, and functional. You also can choose to receive
noti cations when a resource becomes unavailable and choose to route internet tra c away from unhealthy
resources.
http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/Welcome.html
The correct answer is: O oading content to cache locations
QUESTION 11
INCORRECT
MARK 0 OUT OF 1
Submit Feedback
When working with API gateways in AWS , what is the type of endpoints that are exposed
Please select :
A. HTTP
B. HTTPS
C. JSON
D. XML
Answer - B
All of the endpoints created with the API gateway are of HTTPS.
Option A is incorrect because Amazon API Gateway does not support unencrypted (HTTP) endpoints
Option C and D are invalid because API gateway expose HTTPS endpoints only
For more information on API Gateways, please visit the below URL:
https://aws.amazon.com/api-gateway/faqs/
QUESTION 12
CORRECT
MARK 1 OUT OF 1
Submit Feedback
Which of the following verbs are supported with the API Gateway
Please select :
A. GET
B. POST
C. PUT
Answer - D
Each resource within a REST API can support one or more of the standard HTTP methods. You de ne which verbs
should be supported for each resource (GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS) and their implementation.
For more information on API Gateways, please visit the below URL:
https://aws.amazon.com/api-gateway/faqs/
QUESTION 13
INCORRECT
MARK 0 OUT OF 1
Submit Feedback
Which of the following container technologies are currently supported by the AWS ECS service?
Choose 2 answers.
Please select :
A. Kubernetes
B. Docker
C. Mesosphere
D. Canonical LXD
Currently Kubernetes and Docker are the container platform supported by EC2 Container Service.
QUESTION 14
INCORRECT
MARK 0 OUT OF 1
Submit Feedback
Which of the following when used alongside with the AWS Secure Token service can be used to provide a
single sign-on experience for existing users who are part of an organization using on-premise applications
Please select :
A. OpenID Connect
B. JSON
C. SAML 2.0
D. OAuth
Answer - C
You can authenticate users in your organization's network, and then provide those users access to AWS without
creating new AWS identities for them and requiring them to sign in with a separate user name and password. This is
known as the single sign-on (SSO) approach to temporary access. AWS STS supports open standards like Security
Assertion Markup Language (SAML) 2.0, with which you can use Microsoft AD FS to leverage your Microsoft Active
Directory.
Option A and D are incorrect because these are used when you want users to sign in using a well-known third party
identity provider such as Login with Amazon, Facebook, Google.
http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html
QUESTION 15
CORRECT
MARK 1 OUT OF 1
Submit Feedback
While performing status checks on your volume in AWS , you can see that the volume check has a status of
"insu cient-data". What can you derive from this status check
Please select :
A. All checks have passed
Answer - D
Volume status checks enable you to better understand, track, and manage potential inconsistencies in the data on an
Amazon EBS volume. They are designed to provide you with the information that you need to determine whether your
Amazon EBS volumes are impaired, and to help you control how a potentially inconsistent volume is handled.
If the status is insu cient-data, the checks may still be in progress on the volume.
Option A is incorrect because if all checks have passed, then the status of the volume is OK.
Option B and C are incorrect because if a check fails, then the status of the volume is impaired
For more information on Volume status checks, please visit the below URL:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-volume-status.html
The correct answer is: The check on the volume is still in progress.
QUESTION 16
CORRECT
MARK 1 OUT OF 1
Submit Feedback
Please select :
A. This is the basic AMI which is available in AWS.
C. This refers to an AMI that has been constructed from a customized Image.
Answer - C
You can customize an Amazon EC2 instance and then save its con guration by creating an Amazon Machine Image
(AMI). You can launch as many instances from the AMI as you need, and they will all include those customizations that
you’ve made. Each time you want to change your con guration you will need to create a new golden image, so you will
need to have a versioning convention to manage your golden images over time
Because of the above explanation , all of the remaining options are automatically invalid.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html
The correct answer is: This refers to an AMI that has been constructed from a customized Image.
CORRECT
MARK 1 OUT OF 1
Submit Feedback
When designing a health check for your web application which is hosted behind an elastic load balancer, which
of the following health checks is ideal to implement
Please select :
A. A TCP health check
Answer - C
Option B and D is invalid because UDP health checks are not possible
Option A is partially valid. A simple TCP health check would not detect the scenario where the instance itself is healthy,
but the web server process has crashed. Instead, you should assess whether the web server can return a HTTP 200
response for some simple request.
For more information on ELB health checks, please visit the below URL:
http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-healthchecks.html
QUESTION 18
INCORRECT
MARK 0 OUT OF 1
Submit Feedback
Which of the following is an example of synchronous replication which occurs in the AWS service?
Please select :
A. AWS RDS Read Replica's for MySQL, MariaDB and PostgreSQL
Answer - B
Amazon RDS Multi-AZ deployments provide enhanced availability and durability for Database (DB) Instances, making
them a natural t for production database workloads. When you provision a Multi-AZ DB Instance, Amazon RDS
automatically creates a primary DB Instance and synchronously replicates the data to a standby instance in a di erent
Availability Zone (AZ).
https://aws.amazon.com/rds/details/multi-az/
Option A is invalid because Amazon RDS takes a snapshot of the source instance and creates a read-only instance from
the snapshot. For MySQL, MariaDB and PostgreSQL, Amazon RDS uses those engines' native asynchronous replication
to update the read replica whenever there is a change to the source DB instance.
Option C is invalid, because the Redis engine for Amazon ElastiCache supports replication with automatic failover, but
the Redis engine’s replication is asynchronous
QUESTION 19
CORRECT
MARK 1 OUT OF 1
Submit Feedback
You want to get the reason for your EC2 Instance termination from the CLI. Which of the below commands is
ideal in getting the reason.
Please select :
A. aws ec2 describe-instances
Answer - A
When you execute the AWS ec2 describe-instances CLI command with the instance_id as shown below
An example is shown below. This will help in understanding why the instance was shutdown.
"StateReason": {
},
For more information on the command, please visit the below URL:
http://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html
Option B is invalid because this command describes one or more of the images (AMIs, AKIs, and ARIs) available to you
Option C is invalid because retrieve a JPG-format screenshot of a running instance. This might not help to the complete
extent of understanding why the instance was terminated.
Option D is invalid because this command describes the status of the speci ed volumes.
QUESTION 20
INCORRECT
MARK 0 OUT OF 1
Submit Feedback
When using the following AWS services, which should be implemented in multiple Availability Zones for high
availability solutions?
Choose 2 answers from the options below.
Please select :
A. Amazon DynamoDB
Answer – B and C
The below snapshot from the AWS documentation shows how the ELB and EC2 instances get setup for high availability.
You have the ELB placed in front of the instances. The instances are placed in di erent AZ’s.
For more information on the ELB, please visit the below URL:
https://aws.amazon.com/elasticloadbalancing/
Option A is wrong because the service runs across Amazon’s proven, high-availability data centers. The service
replicates data across three facilities in an AWS Region to provide fault tolerance in the event of a server failure or
Availability Zone outage.
Option D is wrong because Amazon S3 Standard and Standard - IA redundantly stores your objects on multiple devices
across multiple facilities in an Amazon S3 Region. The service is designed to sustain concurrent device failures by
quickly detecting and repairing any lost redundancy
The correct answers are: Amazon Elastic Compute Cloud (EC2), Amazon Elastic Load Balancing
QUESTION 21
CORRECT
MARK 1 OUT OF 1
Submit Feedback
An application is currently con gured on an EC2 instance to process messages in SQS. The queue has been
created with the default settings. The application is con gured to just read the messages once a week. It has
been noticed that not all the messages are being picked by the application. What could be the issue?
Please select :
A. The application is con gured to long polling, so some messages are not being picked up
B. The application is con gured to short polling, so some messages are not being picked up
C. Some of the messages have surpassed the retention period de ned for the queue
D. Some of the messages don’t have the right permissions to be picked up by the application
Your answer is correct.
Answer - C
When you create an SQS with the default options , the message retention period is 4 days. So if the application is
processing the messages just once a week there are chances that messages sent at the start of the week will get
deleted before it can be picked up by the application.
Option A and B are invalid , because even if you use short or long polling , the application should be able to read the
messages eventually.
Option D is invalid because you can provide permissions at the queue level.
https://aws.amazon.com/sqs/faqs/
The correct answer is: Some of the messages have surpassed the retention period de ned for the queue
QUESTION 22
CORRECT
MARK 1 OUT OF 1
Submit Feedback
Your application is on an EC2 instance in AWS. Users use the application to upload a le to S3. The message
rst goes to an SQS queue , before it is picked up by a worker process, which fetches the object and uploads it
to S3. An email is then sent on successful completion of the upload. You notice though that you are getting
numerous emails for each request, when ideally you should be getting only one nal email noti cation for
each successful upload. Which of the below could be the possible reasons for this.
Please select :
A. The application is con gured for long polling so the messages are being picked up multiple times.
C. The application is con gured to short polling, so some messages are not being picked up
D. The application is not reading the message properly from the SQS queue.
Answer – B
When you look at the Message lifecycle from AWS for SQS queues , one of the most important aspect is to delete the
messages after they have been read from the queue.
Option A and C are invalid because even if you use short or long polling , the application should be able to read the
messages eventually. The main part is that the deletion of messages is not happening after they have been read.
Option D is invalid because if the messages are not being read properly , then the application should not send
successful noti cations.
For more information on SQS message lifecycle, please visit the below URL:
http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-message-lifecycle.html
The correct answer is: The application is not deleting the messages from SQS.
QUESTION 23
INCORRECT
MARK 0 OUT OF 1
Submit Feedback
You have created your own VPC and subnet in AWS. You have launched an instance in that subnet. You have
noticed that the instance is not receiving a DNS name. Which of the below options could be a valid reason for
this issue.
Please select :
A. The CIDR block for the VPC is invalid
Answer – C
If the DNS hostnames option of the VPC is not set to ‘Yes’ then the instances launched in the subnet will not get DNS
Names.
You can change the option by choosing your VPC and clicking on ‘Edit DNS Hostnames’
Option A and B are invalid because if the CIDR blocks were invalid then the VPC or subnet would not be created.
Option D is invalid because the subnet con guration does not have the e ect on the DNS hostnames.
https://aws.amazon.com/vpc/
The correct answer is: The VPC con guration needs to be changed.
QUESTION 24
INCORRECT
MARK 0 OUT OF 1
Submit Feedback
You have created your own VPC and subnet in AWS. You have launched an instance in that subnet. You have
attached an internet gateway to the VPC and seen that the instance has a public IP. The Route table is shown
below
The instance still cannot be reached from the Internet. Which of the below changes need to be made to the
route table to ensure that the issue can be resolved.
Please select :
A. Add the following entry to the route table – 0.0.0.0/0->Internet Gateway
C. Add the following entry to the route table – 10.0.0.0/16 ->Internet Gateway
Answer – A
The Route table need to be modi ed as shown below to ensure that the routes from the internet can reach the
instance
For more information on Route Tables, please visit the below URL:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Route_Tables.html
The correct answer is: Add the following entry to the route table – 0.0.0.0/0->Internet Gateway
QUESTION 25
INCORRECT
MARK 0 OUT OF 1
Submit Feedback
You wanted to have a VPC created in AWS which will host an application. The application will just consist of
web and database servers. The application just requires to be accessed from the internet by internet users.
Which of the following VPC con guration wizards options would you use
Please select :
A. VPC with a Single Public Subnet Only
C. VPC with Public and Private Subnets and Hardware VPN Access
Answer – B
The con guration for this scenario includes a virtual private cloud (VPC) with a public subnet and a private subnet. We
recommend this scenario if you want to run a public-facing web application, while maintaining back-end servers that
aren't publicly accessible. A common example is a multi-tier website, with the web servers in a public subnet and the
database servers in a private subnet. You can set up security and routing so that the web servers can communicate
with the database servers.
Option A is invalid , because ideally you need a private subnet to host the database server.
Option C and D are invalid because there is no case of accessing the application from on-premise locations using VPN
connections.
For more information on this scenario, please visit the below URL:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html
The correct answer is: VPC with Public and Private Subnets
QUESTION 26
INCORRECT
MARK 0 OUT OF 1
Submit Feedback
Which of the following statements are true with regards to EBS Volumes. Choose 3 correct answers from the
options given below
Please select :
A. EBS Volumes are automatically replicated within that zone to prevent data loss due to failure of any single
hardware component
C. After you attach a volume, it appears as a native block device similar to a hard drive or other physical device.
Answer - A, C and D
When you create an EBS volume in an Availability Zone, it is automatically replicated within that zone to prevent data
loss due to failure of any single hardware component. After you create a volume, you can attach it to any EC2 instance
in the same Availability Zone. After you attach a volume, it appears as a native block device similar to a hard drive or
other physical device. At that point, the instance can interact with the volume just as it would with a local drive; the
instance can format the EBS volume with a le system, such as ext3, and then install applications.
An EBS volume can be attached to only one instance at a time within the same Availability Zone. However, multiple
volumes can be attached to a single instance.
Option B is invalid because you can attach EBS Volumes to any EC2 instance in the same Availability Zone only
For more information on EBS Volumes, please visit the below URL:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumes.html
The correct answers are: EBS Volumes are automatically replicated within that zone to prevent data loss due to failure
of any single hardware component, After you attach a volume, it appears as a native block device similar to a hard drive
or other physical device., An EBS volume can be attached to only one instance at a time
QUESTION 27
INCORRECT
MARK 0 OUT OF 1
Submit Feedback
You are a solutions architect working for a large oil and gas company. Your company runs their production
environment on AWS and has a custom VPC. The VPC contains 3 subnets, 1 of which is public and the other 2
are private. Inside the public subnet is a eet of EC2 instances which are the result of an autoscaling group. All
EC2 instances are in the same security group. Your company has created a new custom application which
connects to mobile devices using a custom port. This application has been rolled out to production and you
need to open this port globally to the internet. What steps should you take to do this, and how quickly will the
change occur?
Please select :
A. Open the port on the existing network Access Control List. Your EC2 instances will be able to communicate on
this port after a reboot.
B. Open the port on the existing network Access Control List. Your EC2 instances will be able to
communicate over this port immediately.
C. Open the port on the existing security group. Your EC2 instances will be able to communicate over this
port immediately.
D. Open the port on the existing security group. Your EC2 instances will be able to communicate over this port as
soon as the relevant Time To Live (TTL) expires.
One can use the Security Group , change the Inbound Rules so that the tra c will be allowed on the custom port.
When you make a change to the Security Groups or Network ACL’s , they are applied immediately
For more information on Security Groups, please refer to the below link
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html
The correct answer is: Open the port on the existing security group. Your EC2 instances will be able to communicate
over this port immediately.
QUESTION 28
CORRECT
MARK 1 OUT OF 1
Submit Feedback
You are designing various CloudFormation templates, each template to be used for a di erent purpose. What
determines the cost of using the CloudFormation templates?
Please select :
A. CloudFormation does not have a cost itself.
C. You are charged based on the time it takes to launch the template.
Answer – A
You only get charged for the underlying resources created using Cloud Formation templates.
https://aws.amazon.com/cloudformation/faqs/
The correct answer is: CloudFormation does not have a cost itself.
QUESTION 29
INCORRECT
MARK 0 OUT OF 1
Submit Feedback
You are creating a number of EBS Volumes for your EC2 instances. You are concerned on the backups of the
EBS Volumes. Which of the below is a way to backup the EBS Volumes
Please select :
A. Con gure Amazon Storage Gateway with EBS volumes as the data source and store the backups on premise
through the storage gateway
B. Write a cronjob that uses the AWS CLI to take a snapshot of production EBS volumes.
C. Use a lifecycle policy to back up EBS volumes stored on Amazon S3 for durability
D. Write a cronjob on the server that compresses the data and then copy it to Glacier
Answer – B
A point-in-time snapshot of an EBS volume, can be used as a baseline for new volumes or for data backup. If you make
periodic snapshots of a volume, the snapshots are incremental—only the blocks on the device that have changed after
your last snapshot are saved in the new snapshot. Even though snapshots are saved incrementally, the snapshot
deletion process is designed so that you need to retain only the most recent snapshot in order to restore the entire
volume.
Option A is incorrect because you normally use the Storage gateway to backup your on-premise data.
Option D is incorrect because compression is another maintenance task and storing it in Glacier is not an ideal option
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-creating-snapshot.html
The correct answer is: Write a cronjob that uses the AWS CLI to take a snapshot of production EBS volumes.
QUESTION 30
CORRECT
MARK 1 OUT OF 1
Submit Feedback
You are planning on hosting a static website on an EC2 Instance. Which of the below aspects can be used to
create a highly available environment. Choose 3 answers from the options given below
Please select :
A. An auto scaling group to recover from EC2 instance failures
C. An SQS queue
The diagram below shows an example of a high available architecture for hosting EC2 Instances
1) ELB which is placed in front of the users which helps in directing the tra c to the EC2 Instances.
2) The EC2 Instances which are placed as part of an AutoScaling Group
3) And then you have multiple subnets which are mapped to multiple availability zones
For a static web site , the SQS is not required to build such an environment. If you have a system such as an order
processing systems , which has that sort of queuing of requests , then that could be a candidate for using SQS Queues.
For more information on high availability, please visit the below URL:
https://media.amazonwebservices.com/architecturecenter/AWS_ac_ra_ftha_04.pdf
The correct answers are: An auto scaling group to recover from EC2 instance failures, Elastic Load Balancer, Multiple
Availability Zones
QUESTION 31
INCORRECT
MARK 0 OUT OF 1
Submit Feedback
You have a set of IIS Servers running on EC2 instances for a high tra c web site. You want to collect and
process the log les generated from the IIS Servers. Which of the below services is ideal to run in this scenario
Please select :
A. Amazon S3 for storing the log les and Amazon EMR for processing the log les
B. Amazon S3 for storing the log les and EC2 Instances for processing the log les
D. Amazon DynamoDB to store the logs and EC2 for running custom log analysis scripts
Answer – A
Amazon EMR is a managed cluster platform that simpli es running big data frameworks, such as Apache
Hadoop and Apache Spark, on AWS to process and analyze vast amounts of data. By using these frameworks and
related open-source projects, such as Apache Hive and Apache Pig, you can process data for analytics purposes and
business intelligence workloads. Additionally, you can use Amazon EMR to transform and move large amounts of data
into and out of other AWS data stores and databases, such as Amazon Simple Storage Service (Amazon S3) and
Amazon DynamoDB.
Option B and C , even though partially correct would be an overhead for EC2 Instances to process the log les when
you already have a ready made service which can help in this regard
Option D is in invalid because DynamoDB is not an ideal option to store log les.
http://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-what-is-emr.html
The correct answer is: Amazon S3 for storing the log les and Amazon EMR for processing the log les
QUESTION 32
CORRECT
MARK 1 OUT OF 1
Submit Feedback
You are trying to con gure Cross Region Replication for your S3 bucket. But you are not able to select the
option of Cross Region Replication and is disabled.
Which of the below could be the possible reasons for this ?
Please select :
A. The feature is not available in that region
Answer – B
The destination bucket owner needs to grant these permissions via a bucket policy.
Option C is invalid because if so, then you would not be able to access S3 in that region
Option D is invalid because you have not reached the con guration stage to select the destination bucket
For more information on S3 Cross Region Replication, please visit the below URL:
https://docs.aws.amazon.com/AmazonS3/latest/dev/crr.html
The correct answer is: You need to enable versioning on the bucket
QUESTION 33
CORRECT
MARK 1 OUT OF 1
Submit Feedback
What is the amount of temp space is allocated to you when using Lambda functions per invocation.
Please select :
A. 256 MB
B. 512 MB
C. 2 GiB
D. 16 GiB
Answer – B
The below snapshot from the AWS documentation lists some of the service limits with AWS Lambda
For more information on AWS Lambda, please visit the below URL:
http://docs.aws.amazon.com/lambda/latest/dg/limits.html
QUESTION 34
INCORRECT
MARK 0 OUT OF 1
Submit Feedback
You have a requirement to create a subnet in an AWS VPC which will host around 20 hosts. This subnet will be
used to host web servers. Which of the below could be the possible CIDR block allocated for the subnet
Please select :
A. 10.0.1.0/27
B. 10.0.1.0/28
C. 10.0.1.0/29
D. 10.0.1.0/30
Answer - A
With this con guration you can have 27 allowable hosts which ts the requirement.
Option B is invalid because you can have only a maxiumum of 16 hosts with this con guration
Option C and D are invalid because you can assign a single CIDR block to a VPC. The allowed block size is between a /16
netmask and /28 netmask.
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html
QUESTION 35
CORRECT
MARK 1 OUT OF 1
Submit Feedback
You run a website which hosts videos and you have two types of members, premium fee paying members and
free members. All videos uploaded by both your premium members and free members are processed by a
eet of EC2 instances which will poll SQS as videos are uploaded. However you need to ensure that your
premium fee paying members videos have a higher priority than your free members. How do you design SQS?
Please select :
A. SQS allows you to set priorities on individual items within the queue, so simply set the fee paying members at
a higher priority than your free members.
B. Create two SQS queues, one for premium members and one for free members. Program your EC2 eet to poll
the premium queue rst and if empty, to then poll your free members SQS queue.
C. SQS would not be suitable for this scenario. It would be much better to use SNS to encode the videos.
D. Use SNS to notify when a premium member has uploaded a video and then process that video accordingly.
Answer – B
In this case, you can have multiple SQS queues. The SQS queues for the premium members can be polled rst by the
EC2 Instances and then those messages can be processed.
For information on SQS best practices, please refer to the below link
http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-best-practices.html
The correct answer is: Create two SQS queues, one for premium members and one for free members. Program your
EC2 eet to poll the premium queue rst and if empty, to then poll your free members SQS queue.
QUESTION 36
INCORRECT
MARK 0 OUT OF 1
Submit Feedback
Which of the following services does not natively encrypts data at rest within an AWS region? (Choose two.)
Please select :
A. AWS Storage Gateway
B. Amazon DynamoDB
C. Amazon CloudFront
D. Amazon Glacier
Answer – C and E
https://aws.amazon.com/glacier/faqs/
For information on Amazon Storage gateways, please refer to the below link:
https://aws.amazon.com/storagegateway/faqs/
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/EncryptionAtRest.html
The correct answers are: Amazon CloudFront, Amazon Simple Queue Service
QUESTION 37
CORRECT
MARK 1 OUT OF 1
Submit Feedback
In a VPC, you have launched two web servers and attached to an internet facing ELB. Both your web servers
and ELB are located in the public subnet. Yet, you are still not able to access your web application via the ELB's
DNS through the internet. What could be done to resolve this issue?
Please select :
A. Attach an Internet gateway to the VPC and route it to the subnet
C. Use Amazon Elastic Load Balancer to serve requests to your instances located in the internal subnet
Answer – A
You need to ensure that the VPC has an internet gateway attached and the route table properly con gured for the
subnet.
Option B is invalid because even the ELB is not accessible from the internet.
Option C is invalid because the instances and ELB is not reachable via internet if no internet gateway is attached to the
VPC.
Option D is invalid because this will not have an impact on the issue.
For more information on troubleshooting ELB, please visit the below URL:
https://aws.amazon.com/premiumsupport/knowledge-center/elb-connectivity-troubleshooting/
The correct answer is: Attach an Internet gateway to the VPC and route it to the subnet
QUESTION 38
INCORRECT
MARK 0 OUT OF 1
Submit Feedback
You want to ensure that you keep a check on the Active Volumes , Active snapshots and Elastic IP addresses
you use so that you don’t go beyond the service limit. Which of the below services can help in this regard?
Please select :
A. AWS Cloudwatch
B. AWS EC2
D. AWS SNS
Answer - C
An online resource to help you reduce cost, increase performance, and improve security by optimizing your AWS
environment, Trusted Advisor provides real time guidance to help you provision your resources following AWS best
practices.
Option A is invalid because even though you can monitor resources , it cannot be checked against the service limit.
Option D is invalid because it can be send noti cation but not check on service limits
For more information on the Trusted Advisor monitoring, please visit the below URL:
https://aws.amazon.com/premiumsupport/ta-faqs/
QUESTION 39
CORRECT
MARK 1 OUT OF 1
Submit Feedback
You are building an automated transcription service in which Amazon EC2 worker instances process an
uploaded audio le and generate a text le. You must store both of these les in the same durable storage
until the text le is retrieved. You do not know what the storage capacity requirements are. Which storage
option is both cost-e cient and scalable?
Please select :
A. Multiple Amazon EBS volume with snapshots
Answer – C
The AWS Simple Storage service is the best option for this scenario. The AWS documentation provides the following
information on the Simple Storage service
Amazon S3 is object storage built to store and retrieve any amount of data from anywhere – web sites and mobile
apps, corporate applications, and data from IoT sensors or devices. It is designed to deliver 99.999999999% durability,
and stores data for millions of applications used by market leaders in every industry
For more information on the Simple Storage Service, please refer to the below link
https://aws.amazon.com/s3/
QUESTION 40
CORRECT
MARK 1 OUT OF 1
Submit Feedback
You are an AWS Administrator for your company. The company currently has a set of AWS resources hosted in
a particular region. You have been requested by your supervisor to create a script which could create
duplicate resources in another region incase of a disaster. Which of the below AWS services could help ful l
this requirement.
Please select :
A. AWS Elastic Beanstalk
B. AWS SQS
C. AWS Cloudformation
D. AWS SNS
Answer – C
AWS CloudFormation is a service that helps you model and set up your Amazon Web Services resources so that you
can spend less time managing those resources and more time focusing on your applications that run in AWS. You
create a template that describes all the AWS resources that you want (like Amazon EC2 instances or Amazon RDS DB
instances), and AWS CloudFormation takes care of provisioning and con guring those resources for you.
Option A is invalid because this is good to get a certain set of de ned resources up and running. But It cannot be used
to duplicate infrastructure as code.
Option B is invalid because this is the Simple Queue Service which is used for sending messages.
Option D is invalid because this is the Simple Noti cation service that is used for sending noti cations.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html
CORRECT
MARK 1 OUT OF 1
Submit Feedback
Please select :
A. They are instances in the public subnet which are used as a jump server to resources within other subnets.
B. They are instances in the private subnet which are used as a jump server to resources within other subnets.
C. They are instances in the public subnet which are used to host web resources that can be accessed by users.
D. They are instances in the private subnet which are used to host web resources that can be accessed by users.
Answer – A
As the number of EC2 instances in your AWS environment grows, so too does the number of administrative access
points to those instances. Depending on where your administrators connect to your instances from, you may consider
enforcing stronger network-based access controls. A best practice in this area is to use a bastion. A bastion is a special
purpose server instance that is designed to be the primary access point from the Internet and acts as a proxy to your
other EC2 instances.
The below picture from the AWS documentation shows the setup of the bastion hosts in a public subnet.
Option C and D are invalid because bastion hosts are not used to host web resources.
For more information on Bastion hosts, please visit the below URL:
https://aws.amazon.com/blogs/security/controlling-network-access-to-ec2-instances-using-a-bastion-server/
The correct answer is: They are instances in the public subnet which are used as a jump server to resources within
other subnets.
Feedback about this question and answer
QUESTION 42
INCORRECT
MARK 0 OUT OF 1
Submit Feedback
You have several AWS reserved instances in your account. They have been running for some time, but now
need to be shutdown since they are no longer required. The data is still required for future purposes. Which of
the below possible 2 steps can be taken.
Please select :
A. Convert the instance to on-demand instances
Answer - B and C
The Reserved Instance Marketplace is a platform that supports the sale of third-party and AWS customers' unused
Standard Reserved Instances, which vary in term lengths and pricing options. For example, you may want to sell
Reserved Instances after moving instances to a new AWS region, changing to a new instance type, ending projects
before the term expiration, when your business needs change, or if you have unneeded capacity
For more information on selling instances, please visit the below URL:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html
Since the data is still required , its better to take snapshots of the existing volumes and then terminate the instances.
For more information on EBS Snapshots, please visit the below URL:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.html
Option A and D are invalid , because you cannot convert Reserved instances to either on-demand instances or Spot
Instances.
The correct answers are: Sell the instances on the AWS Reserved Instance Marketplace, Take snapshots of the EBS
volumes and terminate the instances
QUESTION 43
CORRECT
MARK 1 OUT OF 1
Submit Feedback
You have an EC2 Instance in a particular region. This EC2 Instance has a precon gured software running on it.
You have been requested to create a disaster recovery solution incase the instance in the region fails. Which of
the following is the best solution.
Please select :
A. Create a duplicate EC2 Instance in another AZ. Keep it in the shutdown state. When required , bring it back up.
B. Backup the EBS data volume. If the instance fails , bring up a new EC2 instance and attach the volume.
C. Store the EC2 data on S3. If the instance fails , bring up a new EC2 instance and restore the data from S3.
Answer - D
You can copy an Amazon Machine Image (AMI) within or across an AWS region using the AWS Management Console,
the AWS command line tools or SDKs, or the Amazon EC2 API, all of which support the CopyImage action. You can copy
both Amazon EBS-backed AMIs and instance store-backed AMIs. You can copy AMIs with encrypted snapshots and
encrypted AMIs.
Copying a source AMI results in an identical but distinct target AMI with its own unique identi er. In the case of an
Amazon EBS-backed AMI, each of its backing snapshots is, by default, copied to an identical but distinct target
snapshot.
Option B is invalid , because the pre-con gured software could have settings on the root volume
Option C is invalid because this is a long and ine cient way to restore a failed instance
For more information on Copying AMI’s, please visit the below URL:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/CopyingAMIs.html
The correct answer is: Create an AMI of the EC2 Instance and copy it to another region
QUESTION 44
INCORRECT
MARK 0 OUT OF 1
Submit Feedback
You have an EC2 instance located in a subnet in AWS. You have installed a web application on this instance.
The security group attached to this instance is shown below
You can SSH into the instance from the internet, but you are not able to access the web server via the web
browser. Which of the below steps would resolve the issue?
Please select :
A. Add an HTTP rule to the Security Group
Answer – A
You need to add the following security rule so that you can access HTTP tra c to the server. Add the rules to the
security group as desired.
Option B is invalid because then you will not be able to access the server via SSH
Option C and D are invalid because these routes are not ideal routes to add to the VPC.
For more information on security groups, please visit the below URL:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html
The correct answer is: Add an HTTP rule to the Security Group
QUESTION 45
INCORRECT
MARK 0 OUT OF 1
Submit Feedback
Amazon’s Redshift uses which block size for its columnar storage
Please select :
A. 2KB
B. 8KB
C. 16KB
D. 32KB
E. 1024KB
Answer - E
Columnar storage for database tables is an important factor in optimizing analytic query performance because it
drastically reduces the overall disk I/O requirements and reduces the amount of data you need to load from disk.
Typical database block sizes range from 2 KB to 32 KB. Amazon Redshift uses a block size of 1 MB, which is more
e cient and further reduces the number of I/O requests needed to perform any database loading or other operations
that are part of query execution.
For more information on Redshift column storage, please visit the below URL:
http://docs.aws.amazon.com/redshift/latest/dg/c_columnar_storage_disk_mem_mgmnt.html
QUESTION 46
CORRECT
MARK 1 OUT OF 1
Submit Feedback
You working in the media industry and you have created a web application where users will be able to upload
photos they create to your website. This web application must be able to call the S3 API in order to be able to
function. Where should you store your API credentials whilst maintaining the maximum level of security.
Please select :
A. Save the API credentials to your php les.
B. Don’t save your API credentials. Instead create a role in IAM and assign this role to an EC2 instance when you
rst create it.
Answer – B
Applications must sign their API requests with AWS credentials. Therefore, if you are an application developer, you
need a strategy for managing credentials for your applications that run on EC2 instances. For example, you can
securely distribute your AWS credentials to the instances, enabling the applications on those instances to use your
credentials to sign requests, while protecting your credentials from other users. However, it's challenging to securely
distribute credentials to each instance, especially those that AWS creates on your behalf, such as Spot Instances or
instances in Auto Scaling groups. You must also be able to update the credentials on each instance when you rotate
your AWS credentials.
IAM roles are designed so that your applications can securely make API requests from your instances, without
requiring you to manage the security credentials that the applications use.
For more information on IAM Roles, please visit the below URL:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html
The correct answer is: Don’t save your API credentials. Instead create a role in IAM and assign this role to an EC2
instance when you rst create it.
QUESTION 47
INCORRECT
MARK 0 OUT OF 1
Submit Feedback
You are a systems administrator and you need to monitor the health of your production environment. You
decide to do this using Cloud Watch, however you notice that you cannot see the health of every important
metric in the default dash board. Which of the following metrics do you need to design a custom cloud watch
metric for, when monitoring the health of your EC2 instances?
Please select :
A. CPU Usage
B. Memory usage
D. Network in
Answer - B
When you look at your cloudwatch metric dashboard , you can see the metrics for CPU Usage , Disk read operations
and Network in
You need to add a custom metric for Memory Usage. An example of enabling the custom metric is shown below URL:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/mon-scripts.html
QUESTION 48
CORRECT
MARK 1 OUT OF 1
Submit Feedback
In order for an EC2 instance to be accessed from the internet , which of the following are required. Choose 3
answers from the options given below
Please select :
A. An Internet gateway attached to the VPC
The below image shows the con guration of an instance which can be accessed from the internet. The key
requirements are
1) An Internet gateway attached to the VPC
Option B is invalid , because this is only required for communication between instances in the VPC.
For more information on Public subnets , please refer to the below URL:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario1.html
The correct answers are: An Internet gateway attached to the VPC, A public IP address attached to the instance, A route
entry to the Internet gateway in the Route table
QUESTION 49
CORRECT
MARK 1 OUT OF 1
Submit Feedback
You are IOT sensors to monitor the number of bags that are handled at an airport. The data gets sent back to
a Kinesis stream with default settings. Every alternate day, the data from the stream is sent to S3 for
processing. But you notice that S3 is not receiving all of the data that is being sent to the Kinesis stream. What
could be the reason for this.
Please select :
A. The sensors probably stopped working on some days hence data is not sent to the stream.
B. S3 can only store data for a day
C. Data records are only accessible for a default of 24 hours from the time they are added to a stream
Answer – C
Kinesis Streams supports changes to the data record retention period of your stream. An Kinesis stream is an ordered
sequence of data records meant to be written to and read from in real-time. Data records are therefore stored in
shards in your stream temporarily. The time period from when a record is added to when it is no longer accessible is
called the retention period. An Kinesis stream stores records from 24 hours by default, up to 168 hours.
Option A , even though a possibility , cannot be taken for granted as the right option.
Option B is invalid since S3 can store data inde ntely unless you have a lifecycle policy de ned.
Option D is invalid because the Kinesis service is perfect for this sort of data injestion
For more information on Kinesis data retention , please refer to the below URL:
http://docs.aws.amazon.com/streams/latest/dev/kinesis-extended-retention.html
The correct answer is: Data records are only accessible for a default of 24 hours from the time they are added to a
stream
QUESTION 50
INCORRECT
MARK 0 OUT OF 1
Submit Feedback
A customer wants to track access to their Amazon Simple Storage Service (S3) buckets and also use this
information for their internal security and access audits. Which of the following will meet the Customer
requirement?
Please select :
A. Enable AWS CloudTrail to audit all Amazon S3 bucket access.
C. Enable the Requester Pays option to track access via AWS Billing
Answer – B
In order to track requests for access to your bucket, you can enable access logging. Each access log record provides
details about a single access request, such as the requester, bucket name, request time, request action, response
status, and error code, if any. Access log information can be useful in security and access audits.
For more information on the Simple Storage Service logging, please refer to the below link
http://docs.aws.amazon.com/AmazonS3/latest/dev/ServerLogs.html
The correct answer is: Enable server access logging for all required Amazon S3 buckets.
QUESTION 51
INCORRECT
MARK 0 OUT OF 1
Submit Feedback
You are de ned the following Network ACL for your subnet
What will be the outcome when a workstation of IP 54.12.34.34 tries to access your subnet
Please select :
A. The request will be allowed
Answer - A
Rule number. Rules are evaluated starting with the lowest numbered rule. As soon as a rule matches tra c, it's
applied regardless of any higher-numbered rule that may contradict it.
Now since the rst rule number is 100 and allows all tra c , no matter what rule you put after that all tra c will be
allowed. Hence, all options except A are incorrect
For more information on Network ACL , please refer to the below URL:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html
CORRECT
MARK 1 OUT OF 1
Submit Feedback
Which procedure for backing up a relational database on EC2 that is using a set of RAlDed EBS volumes for
storage minimizes the time during which the database cannot be written to and results in a consistent
backup?
Please select :
A. 1. Detach EBS volumes, 2. Start EBS snapshot of volumes, 3. Re-attach EBS volumes
C. 1. Suspend disk I/O, 2. Create an image of the EC2 Instance, 3. Resume disk I/O
D. 1. Suspend disk I/O, 2. Start EBS snapshot of volumes, 3. Resume disk I/O
E. 1. Suspend disk I/O, 2. Start EBS snapshot of volumes, 3. Wait for snapshots to complete, 4. Resume disk
Answer – E
The AWS Documentation mentions the following when considering snapshot for EBS Volumes in a RAID con guration
When you take a snapshot of an attached Amazon EBS volume that is in use, the snapshot excludes data cached by
applications or the operating system. For a single EBS volume, this is often not a problem. However, when cached data
is excluded from snapshots of multiple EBS volumes in a RAID array, restoring the volumes from the snapshots can
degrade the integrity of the array.
When creating snapshots of EBS volumes that are con gured in a RAID array, it is critical that there is no data I/O to or
from the volumes when the snapshots are created. RAID arrays introduce data interdependencies and a level of
complexity not present in a single EBS volume con guration.
https://aws.amazon.com/premiumsupport/knowledge-center/snapshot-ebs-raid-array/
The correct answer is: 1. Suspend disk I/O, 2. Start EBS snapshot of volumes, 3. Wait for snapshots to complete, 4.
Resume disk
QUESTION 53
CORRECT
MARK 1 OUT OF 1
Submit Feedback
You are a solutions architect working for a company. They store their data on S3, however recently an
someone accidentally deleted some critical les in S3. You’ve been asked to prevent this from happening in
the future. What options below can prevent this?
Please select :
A. Make sure you provide signed URL's to all users.
Answer - B
Versioning is a means of keeping multiple variants of an object in the same bucket. You can use versioning to preserve,
retrieve, and restore every version of every object stored in your Amazon S3 bucket. With versioning, you can easily
recover from both unintended user actions and application failures.
You can optionally add another layer of security by con guring a bucket to enable MFA (Multi-Factor Authentication)
Delete, which requires additional authentication for either of the following operations.
Option C is invalid because changing the storage option will not prevent accidential deletion.
Option D is invalid because the question does not ask to remove the delete permission completely.
http://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html
The correct answer is: Enable S3 versioning and Multifactor Authentication (MFA) on the bucket.
QUESTION 54
CORRECT
MARK 1 OUT OF 1
Submit Feedback
You run an automobile reselling company that has a popular online store on AWS. The application sits behind
an Auto Scaling group and requires new instances of the Auto Scaling group to identify their public and private
IP addresses. How can you achieve this?
Please select :
A. By using Ipcon g for windows or Ifcon g for Linux.
C. Using a Curl or Get Command to get the latest meta-data from http://169.254.169.254/latest/meta-data/
D. Using a Curl or Get Command to get the latest user-data from http://169.254.169.254/latest/user-data/
Answer – C
To get the private and public IP addresses , you can run the following commands on the running instance
http://169.254.169.254/latest/meta-data/local-ipv4
http://169.254.169.254/latest/meta-data/public-ipv4
Option A is partially correct , but is an overhead when you already have the service running in AWS.
Option B is incorrect , because you cannot get the IP address from the cloudwatch metric.
For more information on instance metadata , please refer to the below URL:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
The correct answer is: Using a Curl or Get Command to get the latest meta-data from
http://169.254.169.254/latest/meta-data/
QUESTION 55
CORRECT
MARK 1 OUT OF 1
Submit Feedback
You are the solution architect for a company. The company has a requirement to deploy an application
which will need to have session management in place. Which of the following services can be used to
store session data for session management?
Please select :
A. AWS Storage Gateway, Elasticache & ELB
Answer – D
These options are the best when it comes to storing session data.
Amazon ElastiCache is a web service that makes it easy to deploy, operate, and scale an in-memory data store or cache
in the cloud. The service improves the performance of web applications by allowing you to retrieve information from
fast, managed, in-memory data stores, instead of relying entirely on slower disk-based databases
For more information , please visit the below URL:
https://aws.amazon.com/elasticache/
http://docs.aws.amazon.com/gettingstarted/latest/awsgsg-intro/gsg-aws-database.html
And by default , in the industry , RDS have been used to store session data.
The Elastic Load Balancer , AWS Storage Gateway and Cloudwatch cannot store session data.
QUESTION 56
INCORRECT
MARK 0 OUT OF 1
Submit Feedback
You are working for an Enterprise and have been asked to get a support plan in place from AWS.
1) 24x7 access to support
2) Access to the full set of Trusted Advisor checks
Which of the following would meet these requirements ensuring that cost is kept at a minimum
Please select :
A. Basic
B. Developer
C. Business
D. Enterprise
Answer - C
1) 24x7 access to customer service, documentation, whitepapers, and support forums
3) 24x7 access to Cloud Support Engineers via email, chat & phone
Option A and B are invalid because they have Access to 6 core Trusted Advisor checks only. And they don’t have 24*7
support
Option D is invalid because even though it ful ls all requirements , it is an expensive option and since Business support
already covers the requirement , this should be selected , when you are taking cost as an option.
https://aws.amazon.com/premiumsupport/compare-plans/
QUESTION 57
CORRECT
MARK 1 OUT OF 1
Submit Feedback
Please select :
A. In Amazon EC2 classic, the private IP addresses are only returned to Amazon EC2 when the instance is
stopped or terminated
B. In Amazon VPC, an instance retains its private IP addresses when the instance is stopped.
C. In Amazon VPC, an instance does NOT retain its private IP addresses when the instance is stopped.
D. In Amazon EC2 classic, the private IP address is associated exclusively with the instance for its lifetime
Answer - C
For instances launched in a VPC, a private IPv4 address remains associated with the network interface when the
instance is stopped and restarted, and is released when the instance is terminated.
For instances launched in EC2-Classic, we release the private IPv4 address when the instance is stopped or terminated.
If you restart your stopped instance, it receives a new private IPv4 address
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html
The correct answer is: In Amazon VPC, an instance does NOT retain its private IP addresses when the instance is
stopped.
QUESTION 58
CORRECT
MARK 1 OUT OF 1
Submit Feedback
Which of the following are best practices for monitoring your EC2 Instances
Please select :
A. Create and implement a monitoring plan that collects monitoring data from all of the parts in your AWS
solution
Answer – D
Use the following best practices for monitoring to help you with your Amazon EC2 monitoring tasks.
Make monitoring a priority to head o small problems before they become big ones.
Create and implement a monitoring plan that collects monitoring data from all of the parts in your AWS solution so
that you can more easily debug a multi-point failure if one occurs. Your monitoring plan should address, at a
minimum, the following questions:
What are your goals for monitoring?
What resources you will monitor?
How often you will monitor these resources?
What monitoring tools will you use?
Who will perform the monitoring tasks?
Who should be noti ed when something goes wrong?
Automate monitoring tasks as much as possible.
Check the log les on your EC2 instances.
For more information on monitoring EC2 , please refer to the below link:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring_ec2.html
QUESTION 59
INCORRECT
MARK 0 OUT OF 1
Submit Feedback
For which of the following use cases are Simple Work ow Service (SWF) and Amazon EC2 an appropriate
solution? Choose two answers from the options given below
Please select :
A. Using as an endpoint to collect thousands of data points per hour from a distributed eet of sensors
D. Using as an SNS (Simple Noti cation Service) endpoint to trigger execution of video transcoding jobs
Answer- B and C
The AWS Documentation mentions the following on the AWS Simple Work ow service
The Amazon Simple Work ow Service (Amazon SWF) makes it easier to develop asynchronous and distributed
applications by providing a programming model and infrastructure for coordinating distributed components and
maintaining their execution state in a reliable way. By relying on Amazon SWF, you are freed to focus on building the
aspects of your application that di erentiate it.
For more information on the simple work ow service, please refer to the below link:
http://docs.aws.amazon.com/amazonswf/latest/developerguide/swf-dg-intro-to-swf.html
The correct answers are: Managing a multi-step and multi-decision checkout process of an e-commerce website,
Orchestrating the execution of distributed and auditable business processes
QUESTION 60
CORRECT
MARK 1 OUT OF 1
Submit Feedback
You work for a major news network in Europe. They have just released a new app which allows users to report
on events as and when they happen using their mobile phone. Users are able to upload pictures from the app
and then other users will be able to view these pics. Your organization expects this app to grow very quickly,
essentially doubling it’s user base every month. The app uses S3 to store the media and you are expecting
sudden and large increases in tra c to S3 when a major news event takes place as people will be uploading
content in huge numbers). You need to keep your storage costs to a minimum however and it does not matter
if some objects are lost. Which storage media should you use to keep costs as low as possible?
Please select :
A. S3 – Infrequently Accessed Storage.
C. Glacier.
D. S3 – Provisioned IOPS.
Answer – B
Since the requirement mentions that it does not matter if objects are lost and you need a low cost storage option then
Reduced Redundancy Storage is the best option.
Reduced Redundancy Storage (RRS) is an Amazon S3 storage option that enables customers to store noncritical,
reproducible data at lower levels of redundancy than Amazon S3’s standard storage. It provides a highly available
solution for distributing or sharing content that is durably stored elsewhere, or for storing thumbnails, transcoded
media, or other processed data that can be easily reproduced
https://aws.amazon.com/s3/reduced-redundancy/
Company
About Us
Discussions
Blog
Support
Contact Us
Follow Us