NEW QUESTION 1
A user is running a MySQL RDS instance. The user will not use the DB for the next 3 months. How can the user save costs?
A. Pause the RDS actMties from CLI until it is required in the future
B. Stop the RDS instance
C. Create a snapshot of RDS to launch in the future and terminate the instance now
D. Change the instance size to micro
Answer: C
Explanation:
The RDS instances unlike the AWS EBS backed instances cannot be stopped or paused. The user needs to take the final snapshot, terminate the instance and launch a new instance in the future from that snapshot
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.BackingUpAndRestoringAmazonR DSInstances.htmI
NEW QUESTION 2
You have been doing a lot of testing of your VPC Network by deliberately failing EC2 instances to test whether instances are failing over properly. Your customer who will be paying the AWS bill for all this asks you if he being charged for all these instances. You try to explain to him how the billing works on EC2 instances to the best of your knowledge. What would be an appropriate response to give to the customer
in regards to this?
A. Billing commences when Amazon EC2 AMI instance is completely up and billing ends as soon as the instance starts to shutdown. B. Billing commences when Amazon EC2 initiates the boot sequence of an AMI instance and billing ends when the instance shuts down. C. Billing only commences only after 1 hour of uptime and billing ends when the instance terminates.
D. Billing commences when Amazon EC2 initiates the boot sequence of an AMI instance and billing ends as soon as the instance starts to shutdown. Answer: B
Explanation:
Billing commences when Amazon EC2 initiates the boot sequence of an AMI instance. Billing ends when the instance shuts down, which could occur through a web services command, by running “shutdown -h”, or through instance failure.
Reference: http://aws.amazon.com/ec2/faqs/#BiIIing
NEW QUESTION 3
AWS Elastic Load Balancer supports SSL termination.
A. True. For specific availability zones only.
B. False
C. True For specific regions only
D. True For all regions
Answer: D
Explanation:
You can configure your load balancer in ELB (Elastic Load Balancing) to use a SSL certificate in order to improve your system security.The load balancer uses the certificate to terminate and then decrypt requests before sending them to the back-end instances. Elastic Load Balancing uses AWS Identity and Access Management (IAM) to upload your certificate to your load balancer.
Reference: http://docs.aws.amazon.com/EIasticLoadBaIancing/latest/DeveIoperGuide/US_SettingUpLoadBaIancerH TTPS.htmI
NEW QUESTION 4
A user has launched five instances with ELB. How can the user add the sixth EC2 instance to ELB?
A. The user can add the sixth instance on the fly.
B. The user must stop the ELB and add the sixth instance.
C. The user can add the instance and change the ELB config file.
D. The ELB can only have a maximum of five instance
Answer: A
Explanation:
Elastic Load Balancing automatically distributes incoming traffic across multiple EC2 instances. You create a load balancer and register instances with the load balancer in one or more Availability Zones. The load balancer serves as a single point of contact for clients. This enables you to increase the availability of your application. You can add and remove EC2 instances from your load balancer as your needs change, without disrupting the overall flow of information. Reference: http://docs.aws.amazon.com/E|asticLoadBaIancing/latest/DeveIoperGuide/Svclntro.htm|
NEW QUESTION 5
Which one of the following statements is NOT an advantage of DyanamoDB being built on Solid State Drives:
A. serve high-scale request workloads
B. low request pricing
C. high I/O performance of WebApp on EC2 instance
D. low-latency response times
Answer:
C
Explanation:
In DynamoDB, SSDs help achieve design goals of predictable low-latency response times for storing and accessing data at any scale. The high I/O performance of SSDs also enables to serve high-scale request workloads cost efficiently, and to pass this efficiency along in low request pricing. Reference: http://aws.amazon.com/dynamodb/faqs/
NEW QUESTION 6
A user is planning to make a mobile game which can be played online or offline and will be hosted on EC2.
The user wants to ensure that if someone breaks the highest score or they achieve some milestone they can inform all their colleagues through email. Which of the below mentioned AWS services helps achieve this goal?
A. AWS Simple Workflow Service.
B. AWS Simple Queue Service.
C. Amazon Cognito
D. AWS Simple Email Servic
Answer: D
Explanation:
Amazon Simple Email Service (Amazon SES) is a highly scalable and cost-effective email-sending service for businesses and developers. It integrates with other AWS services, making it easy to send emails from applications that are hosted on AWS.
Reference: http://aws.amazon.com/ses/faqs/
NEW QUESTION 7
is a task coordination and state management service for cloud applications.
A. Amazon SES
B. Amazon SWF
C. Amazon FPS
D. Amazon SNS
Answer: B
Explanation:
Amazon Simple Workflow (Amazon SWF) is a task coordination and state management service for cloud applications. With Amazon SWF, you can stop writing complex glue-code and state machinery and invest more in the business logic that makes your applications unique.
Reference: http://aws.amazon.com/swf/
NEW QUESTION 8
When a user is detaching an EBS volume from a running instance and attaching it to a new instance, which of the below mentioned options should be followed to avoid file system damage?
A. Unmount the volume first
B. Stop all the I/O of the volume before processing
C. Take a snapshot of the volume before detaching
D. Force Detach the volume to ensure that all the data stays intact
Answer: A
Explanation:
When a user is trying to detach an EBS volume, the user can either terminate the instance or explicitly remove the volume. It is a recommended practice to unmount the volume first to avoid any file system damage.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-detaching-volume.html
NEW QUESTION 9
A user is planning to host a scalable dynamic web application on AWS. Which of the services may not be required by the user to achieve automated scalability?
A. CIoudWatch
B. S3
C. AutoScaIing
D. AWS EC2 instances
Answer: B
Explanation:
The user can achieve automated scaling by launching different EC2 instances and making them a part of an ELB. Cloudwatch will be used to monitor the resources and based on the scaling need it will trigger policies. AutoScaIing is then used to scale up or down the instances. Reference: http://docs.aws.amazon.com/AutoScaIing/latest/DeveIoperGuide/\NhatIsAutoScaIing.htmI
NEW QUESTION 10
A user has created a queue named “myqueue” with SQS. There are four messages published to queue which are not received by the consumer yet. If the user tries to delete the queue, what will happen?
A. A user can never delete a queue manuall
B. AWS deletes it after 30 days of inactMty on queue
C. It will initiate the delete but wait for four days before deleting until all messages are deleted automatically.
D. It will ask user to delete the messages first
E. It will delete the queue
Answer: D
Explanation:
SQS allows the user to move data between distributed components of applications so they can perform different tasks without losing messages or requiring each component to be always available. The user can delete a queue at any time, whether it is empty or not. It is important to note that queues retain messages for a set period of time. By default, a queue retains messages for four days. Reference:
http://docs.aws.amazon.com/AWSSimpIeQueueService/latest/SQSDeveIoperGuide/SQSConcepts.html
NEW QUESTION 10
In relation to Amazon SQS, how can you ensure that messages are delivered in order?
A. Increase the size of your queue
B. Send them with a timestamp
C. Give each message a unique id.
D. AWS cannot guarantee that you will receive messages in the exact order you sent them
Answer: D
Explanation:
Amazon SQS makes a best effort to preserve order in messages, but due to the distributed nature of the queue, AWS cannot guarantee that you will receive messages in the exact order you sent them. You typically place sequencing information or timestamps in your messages so that you can reorder them upon receipt.
Reference: https://aws.amazon.com/items/1343?externaI|D=1343
NEW QUESTION 14
An orgAMzation has launched two applications: one for blogging and one for ECM on the same AWS Linux EC2 instance running in the AWS VPC. The orgAMzation has attached two private IPs (primary and secondary) to the above mentioned instance. The orgAMzation wants the instance OS to recognize the secondary IP address. How can the orgAMzation configure this?
A. Use the ec2-net-utility package which updates routing tables, uses DHCP to refresh the secondary IP and adds the network interface. B. Use the ec2-net-utils package which will configure an additional network interface and update the routing table
C. Use the ec2-ip-update package which can configure the network interface as well as update the secondary IP with DHCP. D. Use the ec2-ip-utility package which can update the routing tables as well as refresh the secondary IP using DHCP.
Answer: B
Explanation:
A Virtual Private Cloud (VPC) is a virtual network dedicated to the user’s AWS account. It enables the
user to launch AWS resources into a virtual network that the user has defined. With VPC the user can specify multiple private IP addresses for his instances. The number of network interfaces and private IP addresses that a user can specify for an instance depends on the instance type. This scenario helps when the user wants to host multiple websites on a single EC2 instance. After the user has assigned a secondary private IP address to his instance, he needs to configure the operating system on that instance to recognize the secondary private IP address. For AWS Linux, the ec2-net-utils package can take care of this step. It configures additional network interfaces that the user can attach while the instance is running, refreshes secondary IP addresses during DHCP lease renewal, and updates the related routing rules.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/MuItipIeIP.html
NEW QUESTION 18
What kind of service is provided by AWS DynamoDB?
A. Relational Database
B. NoSQL Database
C. Dynamic Database
D. Document Database
Answer: B
Explanation:
DynamoDB is a fast, fully managed NoSQL database service. Reference: http://aws.amazon.com/dynamodb/
NEW QUESTION 21
In relation to Amazon SQS, how many queues and messages can you have per queue for each user?
A. Unlimited
B. 10
C. 256
D. 500
Answer: A
Explanation:
Amazon SQS supports an unlimited number of queues and unlimited number of messages per queue for each user. Please be aware that Amazon SQS automatically deletes messages that have been in the queue for more than 4 days.
Reference: https://aws.amazon.com/items/1343?externaIID=1343
NEW QUESTION 26
Regarding Amazon SQS, are there restrictions on the names of Amazon SQS queues?
A. No
B. Yes, Queue names must be unique within an AWS account and you cannot use hyphens (-) and underscores (_)
C. Yes, Queue names are limited to 80 characters and queue names must be unique within an AWS account
D. Yes, Queue names are limited to 80 characters but queue names do not need to be unique within an AWS account
Answer: C
Explanation:
Queue names are limited to 80 characters. Alphanumeric characters plus hyphens (-) and underscores (_) are allowed. Queue names must be unique within an AWS account. After you delete a queue, you can reuse the queue name.
Reference: https://aws.amazon.com/sqs/faqs/
NEW QUESTION 30
Regarding Amazon SNS, to begin using Amazon SNS mobile push notifications, you first need that uses one of the supported push notification services: APNS, GCM, or ADM.
A. an access policy for the mobile endpoints
B. to active push notification service of Amazon SNS
C. to know the type of mobile device operating system
D. an app for the mobile endpoints
Answer: D
Explanation:
In Amazon SNS, to begin using Amazon SNS mobile push notifications, you first need an app for the mobile endpoints that uses one of the supported push notification services: APNS, GCM, or ADM. After you’ve registered and configured the app to use one of these services, you configure Amazon SNS to send push notifications to the mobile endpoints.
Reference: http://docs.aws.amazon.com/sns/latest/dg/SNSMobiIePush.htmI
NEW QUESTION 32
ExamKiIIer (with AWS account ID H1122223333) has created 50 IAM users for its orgAMzation’s employees. ExamKiIIer wants to make the AWS console login URL for all IAM users as: https:// examkiI|er.signin.aws.amazon.com/conso|e/. How can this be configured?
A. Create a bucket with the name ExamKiI|er and map it with the IAM alias
B. It is not possible to have capital letters as a part of the alias name
C. The user needs to use Route 53 to map the ExamKiIIer domain and IAM URL
D. For the AWS account, create an alias ExamKiIIer for the IAM login
Answer: B
Explanation:
If a user wants the URL of the AWS IAM sign-in page to have the company name instead of the AWS
account ID, he can create an alias for his AWS account ID. The alias must be unique across all Amazon Webservices products and contain only digits, lowercase letters, and hyphens.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAIias.html
NEW QUESTION 37
In regard to DynamoDB, can I delete local secondary indexes?
A. Yes, if it is a primary hash key index
B. No
C. Yes, if it is a local secondary indexes
D. Yes, if it is a Global secondary indexes
Answer: B
Explanation:
In DynamoDB, an index cannot be modified once it is created. Reference: http://aws.amazon.com/dynamodb/faqs/#security_anchor
NEW QUESTION 39
Does AWS CIoudFormation support Amazon EC2 tagging?
A. It depends if the Amazon EC2 tagging has been defined in the template.
B. No, it doesn’t support Amazon EC2 tagging.
C. No, CIoudFormation doesn’t support any tagging
D. Yes, AWS CIoudFormation supports Amazon EC2 tagging
Answer: D
Explanation:
In AWS CIoudFormation, Amazon EC2 resources that support the tagging feature can also be tagged in an AWS template. The tag values can refer to template parameters, other resource names, resource attribute values (e.g. addresses), or values computed by simple functions (e.g., a concatenated list of strings).
Reference: http://aws.amazon.com/c|oudformation/faqs/
NEW QUESTION 40
A user is planning to host a web server as well as an app server on a single EC2 instance which is a part of the public subnet of a VPC. How can the user setup to have two separate public IPs and separate security groups for both the application as well as the web server?
A. Launch a VPC instance with two network interface
B. Assign a separate security group to each and AWS will assign a separate public IP to them.
C. Launch VPC with two separate subnets and make the instance a part of both the subnets.
D. Launch a VPC instance with two network interface
E. Assign a separate security group and elastic IP to them.
F. Launch a VPC with ELB such that it redirects requests to separate VPC instances of the public subne
Answer: ADE (Not sure)
Explanation:
If you need to host multiple websites(with different IPs) on a single EC2 instance, the following is the suggested method from AWS. Launch a VPC instance with two network interfaces
Assign elastic IPs from VPC EIP pool to those interfaces (Because, when the user has attached more than one network interface with an instance, AWS cannot assign public IPs to them.)
Assign separate Security Groups if separate Security Groups are needed
This scenario also helps for operating network appliances, such as firewalls or load balancers that have multiple private IP addresses for each network interface. Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/MuItipIeIP.html
NEW QUESTION 44
How long are the messages kept on an SQS queue by default?
A. If a message is not read, it is never deleted
B. 2 weeks
C. 1 day
D. 4 days
Answer: D
Explanation:
The SQS message retention period is configurable and can be set anywhere from 1 minute to 2 weeks. The default is 4 days and once the message retention limit is reached your messages will be automatically deleted. The option for longer message retention provides greater filexibility to allow for longer intervals between message production and consumption.
Reference: https://aws.amazon.com/sqs/faqs/
NEW QUESTION 48
In AWS Elastic Beanstalk, you can update your deployed application even while it is part of a running environment. For a Java application, you can also use to update your deployed application.
A. the AWS Toolkit for Eclipse
B. the AWS Toolkit for Visual Studio
C. the AWS Toolkit for JVM
D. the AWS Toolkit for Netbeans
Answer: A
Explanation:
In AWS Elastic Beanstalk, you can update your deployed application, even while it is part of a running environment. For a Java application, you can also use the AWS Toolkit for Eclipse to update your deployed application.
Reference: http://docs.aws.amazon.com/elasticbeanstaIk/latest/dg/GettingStarted.WaIkthrough.htmI
NEW QUESTION 50
You have a number of image files to encode. In an Amazon SQS worker queue, you create an Amazon SQS message for each file specifying the command (jpeg encode) and the location of the file in Amazon S3. Which of the following statements best describes the functionality of Amazon SQS?
A. Amazon SQS is for single-threaded sending or receMng speeds.
B. Amazon SQS is a non-distributed queuing system.
C. Amazon SQS is a distributed queuing system that is optimized for horizontal scalability, not for single-threaded sending or receMng speeds. D. Amazon SQS is a distributed queuing system that is optimized for vertical scalability and for single-threaded sending or receMng speeds.
Answer: C
Explanation:
Amazon SQS is a distributed queuing system that is optimized for horizontal scalability, not for
single-threaded sending or receMng speeds. A single client can send or receive Amazon SQS messages at a rate of about 5 to 50 messages per second. Higher receive performance can be achieved by requesting multiple messages (up to 10) in a single call. It may take several seconds before a message that has been to a queue is available to be received.
Reference: http://media.amazonwebservices.com/AWS_Storage_Options.pdf
NEW QUESTION 53
An account owner has created an IAM user with the name examkiller. The account owner wants to give EC2 access of only the US West region to that IAM user. How can the owner configure this?
A. While creating a policy provide the region as a part of the resources
B. Create an IAM user in the US West region and give access to EC2
C. Create an IAM policy and define the region in the condition
D. It is not possible to provide access based on the region
Answer: C
Explanation:
The IAM policy is never region specific. If the user wants to configure the region specific setting, he needs to provide conditions as part of the policy. Reference: http://awspolicygen.s3.amazonaws.com/poIicygen.htmI
NEW QUESTION 56
A user has launched an EBS backed Linux instance. How can a user detach the root device and attach it to another instance as a secondary volume?
A. Unmount the root volume first and then detach it
B. It is not possible to mount the root volume to some other instance
C. Stop the first instance and then attach instance’s root volume as a new volume to the other instance
D. It is not possible to mount the root device as a secondary volume on the other instance
Answer: C
Explanation:
If an Amazon EBS volume is the root device of an instance, it cannot be detached unless the instance is in the stopped state. Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-detaching-volume.html
NEW QUESTION 57
Which of the below mentioned options is not a best practice to securely manage the AWS access credentials?
A. Enable MFA for prMleged users
B. Create indMdual IAM users
C. Keep rotating your secure access credentials at regular intervals
D. Create strong access key and secret access key and attach to the root account
Answer: D
Explanation:
It is a recommended approach to avoid using the access and secret access keys of the root account.
Thus, do not download or delete it. Instead make the IAM user as powerful as the root account and use its credentials. The user cannot generate their own access and secret access keys as they are always generated by AWS.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/IAMBestPractices.html
NEW QUESTION 62
You have been given a scope to deploy some AWS infrastructure for a large orgAMsation. The requirements are that you will have a lot of EC2 instances but may need to add more when the average utilization of your Amazon EC2 fileet is high and conversely remove them when CPU utilization is low. Which AWS services would be best to use to accomplish this?
A. Amazon CIoudFront, Amazon CIoudWatch and Elastic Load Balancing.
B. Auto Scaling, Amazon CIoudWatch and AWS CIoudTraiI.
C. Auto Scaling, Amazon CIoudWatch and Elastic Load Balancing.
D. Auto Scaling, Amazon CIoudWatch and AWS Elastic Beanstalk
Answer: C
Explanation:
Auto Scaling enables you to follow the demand curve for your applications closely, reducing the need to manually provision Amazon EC2 capacity in advance. For example, you can set a condition to add new Amazon EC2 instances in increments to the Auto Scaling group when the average utilization of your Amazon EC2 fileet is high; and similarly, you can set a condition to remove instances in the same increments when CPU utilization is low. If you have predictable load changes, you can set a schedule through Auto Scaling to plan your scaling actMties. You can use Amazon CIoudWatch to send alarms to trigger scaling actMties and Elastic Load Balancing to help distribute traffic to your instances within Auto Scaling groups. Auto Scaling enables you to run your Amazon EC2 fileet at optimal utilization. Reference: http://aws.amazon.com/autoscaIing/
NEW QUESTION 67
You are building an online store on AWS that uses SQS to process your customer orders. Your backend system needs those messages in the same sequence the customer orders have been put in. How can you achieve that?
A. You can do this with SQS but you also need to use SWF
B. Messages will arrive in the same order by default
C. You can use sequencing information on each message
D. It is not possible to do this with SQS
Answer: C
Explanation:
Amazon SQS is engineered to always be available and deliver messages. One of the resulting tradeoffs is that SQS does not guarantee first in, first out delivery of messages. For many distributed applications, each message can stand on its own, and as long as all messages are delivered, the order is not important. If your system requires that order be preserved, you can place sequencing information in each message,
so that you can reorder the messages when the queue returns them. Reference:
http://docs.aws.amazon.com/AWSSimpIeQueueService/latest/SQSDeveIoperGuide/\NeIcome.html
NEW QUESTION 72
A user had defined an IAM policy similar to the one given below on a bucket:
{
“Version”: “2012-10-17”,
“Statement”: [{
“Effect”: “A||ow”,
“PrincipaI”: {
“AWS”: “arn:aws:iam::12112112:user/test”
}!
“Action”: [ “s3:GetBucketLocation”, “s3:ListBucket”, “s3:GetObject”
]!
“Resource”: [ “arn:aws:s3:::examkiI|er”
}
}
What will this do?
A. It will result in an error saying invalid policy statement
B. It will create an IAM policy for the user test
C. Allows the user test of the AWS account ID 12112112 to perform GetBucketLocation, ListBucket and GetObject on the bucket examkiller D. It will allow all the IAM users of the account ID 12112112 to perform GetBucketLocation, ListBucket and GetObject on bucket examkiller
Answer: C
Explanation:
The IAM policy allows to test a user in the account 12112112 to perform: s3:GetBucketLocation
s3:ListBucket s3:GetObject
Amazon S3 permissions on the examkiller bucket.
Reference: http://docs.aws.amazon.com/AmazonS3/Iatest/dev/access-policy-language-overview.html
NEW QUESTION 73
A user is planning to host a mobile game on EC2 which sends notifications to active users on either high score or the addition of new features. The user should get this notification when he is online on his mobile device. Which of the below mentioned AWS services can help achieve this functionality?
A. AWS Simple Notification Service.
B. AWS Simple Queue Service.
C. AWS Mobile Communication Service.
D. AWS Simple Email Servic
Answer: A
Explanation:
Amazon Simple Notification Service (Amazon SNS) is a fast, filexible, and fully managed push messaging service. Amazon SNS makes it simple and cost-effective to push to mobile devices, such as iPhone, iPad, Android, Kindle Fire, and internet connected smart devices, as well as pushing to other distributed services. Reference: http://aws.amazon.com/sns
NEW QUESTION 75
Regarding Amazon SQS, what happens if there is no actMty against a queue for more than 30 consecutive days?
A. Your account will be suspended
B. The queue may be deleted
C. Nothing
D. The queue will be deleted
Answer: B
Explanation:
AWS reserve the right to delete a queue if none of the following requests have been issued against the queue for more than 30 consecutive days: SendMessage ReceiveMessage DeIeteMessage GetQueueAttributes SetQueueAttributes
You should design your application with this in mind. Reference: https://aws.amazon.com/sqs/faqs/
NEW QUESTION 80
Which of the below mentioned options is a must to have an element as a part of the IAM policy?
A. Condition
B. ID
C. Statement
D. Version
Answer: C
Explanation:
The statement is the main element of the IAM policy and it is a must for a policy. Elements such as condition, version and ID are not required. Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/AccessPoIicyLanguage_EIementDescriptions.html
NEW QUESTION 85
Which of the below mentioned commands allows the user to share the AMI with his peers using the AWS EC2 CLI?
A. ec2-share-image-public
B. ec2-share-image-account
C. ec2-share-image
D. ec2-modify-image-attribute
Answer: D
Explanation:
A user can share an AMI with another user / peer using the command: ec2-modify-image-attribute
<AMI-ID> -| -a <AWS Account |D>
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sharingamis-expIicit.htmI
NEW QUESTION 86
A user is creating multiple IAM users. What advice should be given to him to enhance the security?
A. Grant least prMleges to the indMdual user
B. Grant all higher prMleges to the group
C. Grant less prMleges for user, but higher prMleges for the group
D. Grant more prMleges to the user, but least prMleges to the group
Answer: A
Explanation:
It is a recommended rule that the root user should grant the least prMleges to the IAM user or the group. The higher the prMleges, the more problems it can create.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/IAMBestPractices.htmI
NEW QUESTION 87
In regards to Amazon SQS how many times will you receive each message?
A. At least twice
B. Exactly once
C. As many times as you want
D. At least once
Answer: D
Explanation:
Amazon SQS is engineered to provide “at least once” delivery of all messages in its queues. Although most of the time, each message will be delivered to your application exactly once, you should design your system so that processing a message more than once does not create any errors or inconsistencies. Reference: https://aws.amazon.com/sqs/faqs/
NEW QUESTION 88
A user has set an IAM policy where it allows all requests if a request from IP 10.10.10.1/32. Another policy allows all the requests between 5 PM to 7 PM. What will happen when a user is requesting access from IP 10.10.10.1/32 at 6 PM?
A. IAM will throw an error for policy conflict
B. It is not possible to set a policy based on the time or IP
C. It will deny access
D. It will allow access
Answer: D
Explanation:
With regard to IAM, when a request is made, the AWS service decides whether a given request should be allowed or denied. The evaluation logic follows these rules:
By default, all requests are denied. (In general, requests made using the account credentials for resources in the account are always allowed.) An explicit allow policy overrides this default. An explicit deny policy overrides any allows. Reference:
http://docs.aws.amazon.com/IAM/latest/UserGuide/AccessPoIicyLanguage_EvaIuationLogic.htmI
NEW QUESTION 92
A user is running a webserver on EC2. The user wants to receive the SMS when the EC2 instance utilization is above the threshold limit. Which AWS services should the user configure in this case?
A. AWS CIoudWatch + AWS SES.
B. AWS CIoudWatch + AWS SNS.
C. AWS CIoudWatch + AWS SQS.
D. AWS EC2 + AWS Cloudwatc
Answer: B
Explanation:
Amazon SNS makes it simple and cost-effective to push to mobile devices, such as iPhone, iPad, Android, Kindle Fire, and internet connected smart devices, as well as pushing to other distributed services. In this case, the user can configure that Cloudwatch sends an alarm on when the threshold is crossed to SNS which will trigger an SMS.
Reference: http://aws.amazon.com/sns/
NEW QUESTION 97
A user is trying to share a video file with all his friends. Which of the below mentioned AWS services will be cheapest and easy to use?
A. AWS S3
B. AWS EC2
C. AWS RRS
D. AWS Glacier
Answer: C
Explanation:
AWS RRS provides the same functionality as AWS S3, but at a cheaper rate. It is ideally suited for non mission critical applications. It provides less durability than S3, but is a cheaper option.
Reference: http://docs.aws.amazon.com/AmazonS3/Iatest/dev/UsingRRS.htmI
NEW QUESTION 98
A user is part of a group which has a policy allowing him just read only access to EC2. The user is part of another group which has full access to EC2. What happens when the user tries to launch an instance?
A. It will allow the user to launch the instance
B. It will fail since the user has just read only access
C. It will allow or deny based on the group under which the user has logged into EC2
D. It will not allow the user to add to the conflicting groups
Answer: A
Explanation:
The IAM group policy is always aggregated. In this case, if the user does not have permission for one group, but has permission for another group, he will have full access to EC2. Unless there is specific deny policy, the user will be able to access EC2.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/PoIiciesOverview.htmI
NEW QUESTION 102
A user is creating a new EBS volume from an existing snapshot. The snapshot size shows 10 GB. Can the user create a volume of 30 GB from that snapshot?
A. Provided the original volume has set the change size attribute to true
B. Yes
C. Provided the snapshot has the modify size attribute set as true
D. No
Answer: B
Explanation:
A user can always create a new EBS volume of a higher size than the original snapshot size. The user cannot create a volume of a lower size. When the new volume is created the size in the instance will be shown as the original size. The user needs to change the size of the device with resize2fs or other OS specific commands.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-expand-volume.htmI
NEW QUESTION 104
An orgAMzation has 10000 employees. The orgAMzation wants to give restricted AWS access to each employee. How can the orgAMzation achieve this?
A. Create an IAM user for each employee and make them a part of the group
B. It is not recommended to support 10000 users with IAM
C. Use STS and create the users’ run time
D. Use Identity federation with SSO
Answer: D
Explanation:
Identity federation enables users from an existing directory to access resources within your AWS account,
making it easier to manage your users by maintaining their identities in a single place. In this case, the federated user is the only solution since AWS does not allow creating more than 5000 IAM users. Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html
NEW QUESTION 108
An orgAMzation has 20 employees. The orgAMzation wants to give all the users access to the orgAMzation AWS account. Which of the below mentioned options is the right solution?
A. Share the root credentials with all the users
B. Create an IAM user for each employee and provide access to them
C. It is not advisable to give AWS access to so many users
D. Use the IAM role to allow access based on STS
Answer: B
Explanation:
AWS Identity and Access Management is a web service that enables the AWS customers to manage users and user permissions in AWS. The IAM is targeted at orgAMzations with multiple users or systems that use AWS products such as Amazon EC2, Amazon RDS, and the AWS Management Console. With IAM, the orgAMzaiton can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users can access. Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_Introduction.htm|
NEW QUESTION 112
Which header received at the EC2 instance identifies the port used by the client while requesting ELB?
A. X-Forvvarded-Proto
B. X-Requested-Proto
C. X-Forvvarded-Port
D. X-Requested-Port
Answer: C
Explanation:
The X-Forvvarded-Port request header helps the user identify the port used by the client while sending a request to ELB.
Reference: http://docs.aws.amazon.com/EIasticLoadBalancing/latest/DeveIoperGuide/TerminologyandKeyConcepts. html
NEW QUESTION 115
When you register an actMty in Amazon SWF, you provide the following information, except:
A. a name
B. timeout values
C. a domain
D. version
Answer: C
Explanation:
When designing an Amazon SWF workflow, you precisely define each of the required actMties. You then register each actMty with Amazon SWF as an actMty type. When you register the actMty, you provide information such as a name and version, and some timeout values based on how long you expect the actMty to take.
Reference: http://docs.aws.amazon.com/amazonswf/latest/developerguide/swf-dg-intro-to-swf.html
NEW QUESTION 116
A user is using an EBS backed instance. Which of the below mentioned statements is true?
A. The user will be charged for volume and instance only when the instance is running
B. The user will be charged for the volume even if the instance is stopped
C. The user will be charged only for the instance running cost
D. The user will not be charged for the volume if the instance is stopped
Answer: B
Explanation:
If a user has launched an EBS backed instance, the user will be charged for the EBS volume even though the instance is in a stopped state. The instance will be charged for the EC2 hourly cost only when it is running.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-detaching-volume.html
NEW QUESTION 118
A user wants to access RDS from an EC2 instance using IP addresses. Both RDS and EC2 are in the same region, but different AZs. Which of the below mentioned options help configure that the instance is accessed faster?
A. Configure the Private IP of the Instance in RDS security group
B. Security group of EC2 allowed in the RDS security group
C. Configuring the elastic IP of the instance in RDS security group
D. Configure the Public IP of the instance in RDS security group
Answer: A
Explanation:
If the user is going to specify an IP range in RDS security group, AWS recommends using the private IP address of the Amazon EC2 instance. This provides a more direct network route from the Amazon EC2 instance to the Amazon RDS DB instance, and does not incur network charges for the data sent outside of the Amazon network.
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithSecurityGroups.html
NEW QUESTION 122
A user is creating a snapshot of an EBS volume. Which of the below statements is incorrect in relation to the creation of an EBS snapshot?
A. Its incremental
B. It can be used to launch a new instance
C. It is stored in the same AZ as the volume
D. It is a point in time backup of the EBS volume
Answer: C
Explanation:
The EBS snapshots are a point in time backup of the EBS volume. It is an incremental snapshot, but is always specific to the region and never specific to a single AZ.
Hence the statement “|t is stored in the same AZ as the volume” is incorrect.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.htmI
NEW QUESTION 125
Which of the following groups is AWS Elastic Beanstalk best suited for?
A. Those who want to deploy and manage their applications within minutes in the AWS cloud
B. Those who want to privately store and manage Git repositories in the AWS cloud.
C. Those who want to automate the deployment of applications to instances and to update the applications as required
D. Those who want to model, visualize, and automate the steps required to release software
Answer: A
Explanation:
AWS Elastic Beanstalk is best suited for those groups who want to deploy and manage their applications within minutes in the AWS cloud. As a bonus, you don’t even need experience with cloud computing to get started.
Reference: https://aws.amazon.com/elasticbeansta|k/faqs/
NEW QUESTION 130
You are using Amazon SQS and are getting a “Queue Deleted RecentIy” error. What is wrong?
A. The message is too big
B. You have incorrect permissions
C. Another user has deleted the queue
D. If you delete a queue, you need to wait for at least 60 seconds before creating a queue with the same name
Answer: D
Explanation:
If you delete a queue, you need to wait for at least 60 seconds before creating a queue with the same name. Please note that when you delete a queue, the deletion process takes up to 60 seconds. Requests you send to a recently deleted queue might succeed during the 60-second period. For example, a SendlVIessage request might succeed, but after 60 seconds the queue and that message you sent no longer exists.
Reference: https://aws.amazon.com/items/1343?externaI|D=1343
NEW QUESTION 133
A user is trying to find the state of an S3 bucket with respect to versioning. Which of the below mentioned states AWS will not return when queried?
A. versioning-enabled
B. versioning-suspended
C. unversioned
D. versioned
Answer: D
Explanation:
S3 buckets can be in one of the three states: unversioned (the default), versioning-enabled or versioning-suspended. The bucket owner can configure the versioning state of a bucket. The versioning state applies to all (never some) of the objects in that bucket. The first time owner enables a bucket for versioning, objects in it are thereafter always versioned and given a unique version ID.
Reference: http://docs.aws.amazon.com/AmazonS3/Iatest/dev/Versioning.htmI
NEW QUESTION 134
What is the maximum number of tags that a user can assign to an EC2 instance?
A. 50
B. 10
C. 5
D. 25
Answer: A
Explanation:
To help manage EC2 instances as well as their usage in a better way, the user can tag the instances. The tags are metadata assigned by the user which consists of a key and a value. One resource can have a maximum of 50 tags.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html
NEW QUESTION 136
A user has enabled serverside encryption with S3. The user downloads the encrypted object from S3. How can the user decrypt it?
A. S3 does not support server side encryption
B. S3 provides a server side key to decrypt the object
C. The user needs to decrypt the object using their own private key
D. S3 manages encryption and decryption automatically
Answer: D
Explanation:
If the user is using the server-side encryption feature, Amazon S3 encrypts the object data before saving it on disks in its data centres and decrypts it when the user downloads the objects. Thus, the user is free from the tasks of managing encryption, encryption keys, and related tools. Reference: http://docs.aws.amazon.com/AmazonS3/Iatest/dev/UsingEncryption.htmI
NEW QUESTION 139
A user has configured ELB with two instances running in separate AZs of the same region? Which of the below mentioned statements is true?
A. Nlulti AZ instances will provide HA with ELB
B. lVIuIti AZ instances are not possible with a single ELB
C. Nlulti AZ instances will provide scalability with ELB
D. The user can achieve both HA and scalability with ELB
Answer: A
Explanation:
If a user is running two instances in separate AZs, it will provide HA with ELB since ELB will automatically stop routing the traffic to unhealthy instances and send it to healthy instances only.
NEW QUESTION 142
Does Amazon DynamoDB support both increment and decrement atomic operations?
A. No, neither increment nor decrement operations.
B. Only increment, since decrement are inherently impossible with DynamoDB’s data model.
C. Only decrement, since increment are inherently impossible with DynamoDB’s data model.
D. Yes, both increment and decrement operation
Answer: D
Explanation:
Amazon DynamoDB supports increment and decrement atomic operations.
Reference: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/APISummary.html
NEW QUESTION 143
An orgAMzation has enabled a strict password policy for its IAM users. The orgAMzation is taking help from the IAM console to set the password policy. Which of the below mentioned rules cannot be specified by the user as a part of the policy?
A. Allow at least one lower case letter
B. Allow at least one number
C. Allow at least one non-alphanumeric character
D. Do not allow the user to use the password from the last three passwords
Answer: D
Explanation:
AWS IAM allows an orgAMzation to create multiple users and provide them access to various AWS services. By default when the user is created, he does not have password enabled and can not login to AWS console. If the orgAMzation wants to allow the users to login to AWS console, they can enable password for each user. It is required that IAM users follow certain guidelines to set their IAM login password. For this IAM provides root account owner to setup passwrod policy. The password policy also lets the specify whether all IAM users can change their own passwords. As part of policy, orgAMzation can specify that passwords for IAM users must be of a certain minimum length, must include certain characters, and a few more criteria such as below. One upper/ lower or both letters One alpha numeric
One number
Reference: http://docs.aws.amazon.com/|AM/Iatest/UserGuide/Using_ManagingPasswordPoIicies.htm|
NEW QUESTION 148
A user has developed an application which is required to send the data to a NoSQL database. The user wants to decouple the data sending such that the application keeps processing and sending data but
does not wait for an acknowledgement of DB. Which of the below mentioned applications helps in this scenario?
A. AWS Simple Notification Service
B. AWS Simple Workflow
C. AWS Simple Query Service
D. AWS Simple Queue Service
Answer: D
Explanation:
Amazon Simple Queue Service (SQS) is a fast, reliable, scalable, and fully managed message queuing service. SQS provides a simple and cost-effective way to decouple the components of an application. In this case, the user can use AWS SQS to send messages which are received from an application and sent to DB. The application can continue processing data without waiting for any acknowledgement from DB. The user can use SQS to transmit any volume of data without losing messages or requiring other services to always be available.
Reference: http://aws.amazon.com/sqs/
NEW QUESTION 151
In regard to DynamoDB, can I modify the index once it is created?
A. Yes, if it is a primary hash key index
B. Yes, if it is a Global secondary index
C. No
D. Yes, if it is a local secondary index
Answer: C
Explanation:
Currently, in DynamoDB, an index cannot be modified once it is created. Reference: http://aws.amazon.com/dynamodb/faqs/#security_anchor
NEW QUESTION 154
A user is configuring the HTTPS protocol on a front end ELB and the SSL protocol for the back-end listener in ELB. What will ELB do?
A. It will allow you to create the configuration, but the instance will not pass the health check
B. Receives requests on HTTPS and sends it to the back end instance on SSL
C. It will not allow you to create this configuration
D. It will allow you to create the configuration, but ELB will not work as expected
Answer: C
Explanation:
If a user is configuring HTTPS on the front end and TCP on the back end, ELB will not allow saving these listeners and will respond with the message. “Load Balancer protocol is an application layer protocol, but instance protocol is not. Both the Load Balancer protocol and the instance protocol should be at the same layer. Please fix.”
Reference:
http://docs.aws.amazon.com/EIasticLoadBaIancing/latest/DeveIoperGuide/elb-troubleshooting.htmI
NEW QUESTION 158
A user is planning to host MS SQL on an EBS volume. It was recommended to use the AWS RDS. What advantages will the user have if he uses RDS in comparison to an EBS based DB?
A. Better throughput with PIOPS
B. Automated backup
C. NIS SQL is not supported with RDS
D. High availability with multi AZs
Answer: B
Explanation:
Comparing with on-premises or EC2 based NIS SQL, RDS provides an automated backup feature. PIOPS is available with both RDS and EBS. However, HA is not available with NIS SQL.
Reference: https://aws.amazon.com/rds/faqs/
NEW QUESTION 162
A user has created a snapshot of an EBS volume. Which of the below mentioned usage cases is not possible with respect to a snapshot?
A. Nlirroring the volume from one AZ to another AZ
B. Launch an instance
C. Decrease the volume size
D. Increase the size of the volume
Answer: C
Explanation:
The EBS snapshots are a point in time backup ofthe volume. It is helpful to move the volume from one AZ to another or launch a new instance. The user can increase the size of the volume but cannot decrease it less than the original snapshot size.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.htmI
NEW QUESTION 166
Which of the following solutions is not supported by DynamoDB:
A. Hash secondary index
B. Local secondary index
C. Hash Primary Key
D. Global secondary index
Answer: A
Explanation:
In DynamoDB, a secondary index is a data structure that contains a subset of attributes from a table, along with an alternate key to support Query operations. DynamoDB supports the following two types of secondary indexes:
Local secondary index is an index that has the same hash key as the table, but a different range key. A local secondary index is “IocaI” in the sense that every partition of a local secondary index is scoped to a table partition that has the same hash key.
Global secondary index is an index with a hash and range key that can be different from those on the table. A global secondary index is considered “gIobaI” because queries on the index can span all of the data in a table, across all partitions.
Reference: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/DataModeI.html
NEW QUESTION 168
The AWS console for DynamoDB enables you to do all the following operations, except:
A. Set up alarms to monitor your tabIe’s capacity usage.
B. Create, update, and delete tables.
C. Import Data from other databases or from files.
D. View your tabIe’s top monitoring metrics on real-time graphs from CIoudWatc
Answer: C
Explanation:
The AWS console for DynamoDB enables you to do all the above operation but not Importing Data from other databases or from files and it is not possible to do it. Reference: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ConsoIeDynamoDB.html
NEW QUESTION 169
A user has enabled automated backup for an RDS instance. What is the longest duration for which the user can retain the automated backup?
A. 25 days
B. 15 days
C. 45 days
D. 35 days
Answer: D
Explanation:
Amazon RDS provides two different methods for backing up and restoring the Amazon DB instances: automated backups and DB snapshots. Automated backups automatically back up the DB instance during a specific, user-definable backup window, and keep the backups for a limited, user-specified period of time. The maximum period can be 35 days.
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.BackingUpAndRestoringAmazonR DSInstances.htmI
NEW QUESTION 172
An orgAMzation has created 10 IAM users. The orgAMzation wants those users to work independently and access AWS. Which of the below mentioned options is not a possible solution?
A. Create the access key and secret access key for each user and provide access to AWS using the console
B. Create the X.509 certificate for each user and provide them access to AWS CLI
C. Enable MFA for each IAM user and assign them the virtual MFA device to access the console
D. Provide each user with the IAM login and password for the AWS console
Answer: A
Explanation:
If an orgAMzation has created the IAM users, the users can access AWS services either with an IAM specific login/password or console. The orgAMzation can generate the IAM X.509 certificates to access AWS with CLI. The orgAMzation can also enable MFA for each IAM user, which allows an added security for each IAM user. If the orgAMzation has created the access key and secret key than the user cannot access the console using those keys. Access key and secret access key are useful for CLI or
Webservices.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_Introduction.htm|
NEW QUESTION 173
A user has configured an automated backup between 5 AM — 5:30 AM for the MySQL RDS DB. Will the performance of RDS get frozen momentarily during a backup?
A. No
B. Yes, only if the instance size is smaller than large size
C. Yes, provided it is a single zone implementation
D. Yes, always
Answer: C
Explanation:
Amazon RDS provides two different methods for backing up and restoring the Amazon DB instances. A brief I/O freeze, typically lasting a few seconds, occurs during both automated backups and DB snapshot operations on Single-AZ DB instances.
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.BackingUpAndRestoringAmazonR DSInstances.htmI
NEW QUESTION 176
Regarding Amazon SNS, to send messages to a queue through a topic, you must subscribe the queue to the Amazon SNS topic. You specify the queue by its .
A. ARN
B. Token
C. Registration ID
D. URL
Answer: A
Explanation:
In Amazon SNS, to send messages to a queue through a topic, you must subscribe the queue to the Amazon SNS topic. You specify the queue by its ARN. Reference: http://docs.aws.amazon.com/sns/latest/dg/SendMessageToSQS.htmI
NEW QUESTION 179
A user has configured a website and launched it using the Apache web server on port 80. The user is using ELB with the EC2 instances for Load Balancing. What should the user do to ensure that the EC2 instances accept requests only from ELB?
A. Open the port for an ELB static IP in the EC2 security group
B. Configure the security group of EC2, which allows access to the ELB source security group
C. Configure the EC2 instance so that it only listens on the ELB port
D. Configure the security group of EC2, which allows access only to the ELB listener
Answer: B
Explanation:
When a user is configuring ELB and registering the EC2 instances with it, ELB will create a source security group. If the user wants to allow traffic only from ELB, he should remove all the rules set for the other requests and open the port only for the ELB source security group.
Reference:
http://docs.aws.amazon.com/EIasticLoadBaIancing/latest/DeveIoperGuide/using-elb-security-groups.htmI
NEW QUESTION 184
A user is having access to objects of an S3 bucket which is not owned by him. If he is trying to set the objects of that bucket public, which of the below mentioned options may be a right fit for this action?
A. Make the bucket public with full access
B. Define the policy for the bucket
C. Provide ACL on the object
D. Create an IAM user with permission
Answer: C
Explanation:
An S3 object ACL is the only way to manage access to objects which are not owned by the bucket owner. An AWS account that owns the bucket can grant another AWS account permission to upload objects. The bucket owner does not own these objects. The AWS account that created the object must grant permissions using object ACLs.
Reference: http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-alternatives-guidelines.html
NEW QUESTION 189
A user is launching an instance with EC2. Which of the below mentioned options does the user need to consider before launching an instance?
A. Select the region where the instance is being launched.
B. Select the instance type.
C. All the options listed should be considered..
D. Select the OS of the AM
Answer: C
Explanation:
Regarding Amazon EC2, when launching an instance, the user needs to select the region the instance would be launched from. While launching, the user needs to plan for the instance type and the OS of the instance.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-Iaunch-instance_|inux.htmI
NEW QUESTION 190
A user has created an EBS volume with 1000 IOPS. What is the average IOPS that the user will get for most of the year as per EC2 SLA if the instance is attached to the EBS optimized instance?
A. 900
B. 990
C. 950
D. 1000
Answer: A
Explanation:
As per AWS SLA if the instance is attached to an EBS-Optimized instance, then the Provisioned IOPS volumes are designed to deliver within 10% of the provisioned IOPS performance 99.9% of the time in a given year. Thus, if the user has created a volume of 1000 IOPS, the user will get a minimum 900 IOPS 99.9% time of the year.
Reference: http://aws.amazon.com/ec2/faqs/
NEW QUESTION 193
Which statements about DynamoDB are true? Choose 2 answers
A. DynamoDB uses a pessimistic locking model
B. DynamoDB uses optimistic concurrency control
C. DynamoDB uses conditional writes for consistency
D. DynamoDB restricts item access during reads
E. DynamoDB restricts item access during writes
Answer: BC
NEW QUESTION 198
Which of the following is an example of a good DynamoDB hash key schema for provisioned throughput efficiency?
A. User ID, where the application has many different users.
B. Status Code where most status codes are the same
C. Device ID, where one is by far more popular than all the others.
D. Game Type, where there are three possible game types
Answer: A
NEW QUESTION 203
Which of the following statements about SWF are true? Choose 3 answers
A. SWF tasks are assigned once and never duplicated
B. SWF requires an S3 bucket for workflow storage
C. SWF workflow executions can last up to a year
D. SWF triggers SNS notifications on task assignment
E. SWF uses deciders and workers to complete tasks
F. SWF requires atleast 1 EC2 instance per domain
Answer: ACE
NEW QUESTION 206
Company C has recently launched an online commerce site for bicycles on AWS. They have a “Product” DynamoDB table that stores details for each bicycle, such as, manufacturer, color, price, quantity and size to display in the online store. Due to customer demand, they want to include an image for each bicycle along with the existing details.
Which approach below provides the least impact to provisioned throughput on the “Product” table?
A. Serialize the image and store it in multiple DynamoDB tables
B. Create an “Images” DynamoDB table to store the Image with a foreign key constraint to the “Product” table
C. Add an image data type to the “Product” table to store the images in binary format
D. Store the images in Amazon S3 and add an S3 URL pointer to the “Product” table item for each image
Answer: D
NEW QUESTION 210
Company D is running their corporate website on Amazon S3 accessed from http//www.companyd.com. Their marketing team has published new web fonts to a separate S3 bucket accessed by the S3 endpoint https://s3-us-westl.amazonaws.com/cdfonts. While testing the new web fonts, Company D recognized the web fonts are being blocked by the browser. What should Company D do to prevent the web fonts from being blocked by the browser?
A. Enable versioning on the cdfonts bucket for each web font
B. Create a policy on the cdfonts bucket to enable access to everyone
C. Add the Content-NI D5 header to the request for webfonts in the cdfonts bucket from the website
D. Configure the cdfonts bucket to allow cross-origin requests by creating a CORS configuration
Answer: D
NEW QUESTION 213
What is one key difference between an Amazon EBS-backed and an instance-store backed instance?
A. Virtual Private Cloud requires EBS backed instances
B. Amazon EBS-backed instances can be stopped and restarted
C. Auto scaling requires using Amazon EBS-backed instances.
D. Instance-store backed instances can be stopped and restarte
Answer: B
NEW QUESTION 215
A startup s photo-sharing site is deployed in a VPC. An ELB distributes web traffic across two subnets. ELB session stickiness is configured to use the AWS generated session cookie, with a session TTL of 5 minutes. The webserver Auto Scaling Group is configured as: min-size=4, max-size=4. The startups preparing for a public launch, by running load-testing software installed on a single EC2 instance running in us-west-2a. After 60 minutes of load testing, the webserver logs show:
Which recommendations can help ensure load-testing HTTP requests are evenly distributed across the
four webservers? Choose 2 answers
A. Launch and run the load-tester EC2 instance from us-east-1 instead.
B. Re-configure the load-testing software to re-resolve DNS for each web request.
C. Use a 3rd-party load-testing service which offers globally-distributed test clients.
D. Configure ELB and Auto Scaling to distribute across us-west-2a and us-west-2c.
E. Configure ELB session stickiness to use the app-specific session cooki
Answer: BE
NEW QUESTION 219
Which of the following are valid SNS delivery transports? Choose 2 answers
A. HTTP
B. UDP
C. SNIS
D. DynamoDB
E. Named Pipes
Answer: AC
NEW QUESTION 223
When uploading an object, what request header can be explicitly specified in a request to Amazon S3 to encrypt object data when saved on the server side?
A. x-amz-storage-class
B. Content-MD5
C. x-amz-security-token
D. x-amz-server-side-encryption
Answer: D
NEW QUESTION 224
Which DynamoDB limits can be raised by contacting AWS support? Choose 2 answers
A. The number of hash keys per account
B. The maximum storage used per account
C. The number of tables per account
D. The number of local secondary indexes per account
E. The number of provisioned throughput units per account
Answer: CE
NEW QUESTION 225
You are providing AWS consulting services for a company developing a new mobile application that will be leveraging Amazon SNS Mobile Push for push notifications. In order to send direct notification messages to indMdual devices each device registration identifier or token needs to be registered with SNS; however the developers are not sure of the best way to do this.
You advise them to:
A. Bulk upload the device tokens contained in a CSV file via the AWS Management Console.
B. Let the push notification service (e.
C. Amazon Device Messaging) handle the registration.
D. Implement a token vending service to handle the registration.
E. Call the CreatePIatformEndPoint API function to register multiple device token
Answer: B
NEW QUESTION 229
Company C is currently hosting their corporate site in an Amazon S3 bucket with Static Website Hosting enabled. Currently, when visitors go to http://www.companyc.com the index.htmI page is returned. Company C now would like a new page weIcome.htmI to be returned when a visitor enters http://www.companyc.com in the browser.
Which of the following steps will allow Company C to meet this requirement? Choose 2 answers
A. Upload an html page named we|come.htm| to their S3 bucket
B. Create a welcome subfolder in their S3 bucket
C. Set the Index Document property to weIcome.htmI
D. Move the index.htmI page to a welcome subfolder
E. Set the Error Document property to weIcome.htmI
Answer: AC
NEW QUESTION 231
What item operation allows the retrieval of multiple items from a DynamoDB table in a single API call?
A. Getltem
B. BatchGetItem
C. GetMu|tip|e|tems
D. GetItemRange
Answer: B
NEW QUESTION 234
Which EC2 API call would you use to retrieve a list of Amazon Machine Images (AMIs)?
A. Descnbelnstances
B. DescribeAMIs
C. Describelmages
D. GetAMIs
E. You cannot retrieve a list of AMIs as there are over 10,000 AMIs
Answer: E
NEW QUESTION 235
When a Simple Queue Service message triggers a task that takes 5 minutes to complete, which process below will result in successful processing of the message and remove it from the queue while minimizing the chances of duplicate processing?
A. Retrieve the message with an increased visibility timeout, process the message, delete the message from the queue
B. Retrieve the message with an increased visibility timeout, delete the message from the queue, process the message
C. Retrieve the message with increased DeIaySeconds, process the message, delete the message from the queue
D. Retrieve the message with increased DeIaySeconds, delete the message from the queue, process the message
Answer: A
NEW QUESTION 239
What is the format of structured notification messages sent by Amazon SNS?
A. An XML object containing MessageId, UnsubscribeURL, Subject, lVIessage and other values
B. An JSON object containing MessageId, DupIicateFIag, lVIessage and other values
C. An XML object containing MessageId, DupIicateFIag, lVIessage and other values
D. An JSON object containing MessageId, unsubscribeURL, Subject, lVIessage and other values
Answer: D
NEW QUESTION 243
Which code snippet below returns the URL of a load balanced web site created in CIoudFormation with an AWS::EIasticLoadBaIancing::LoadBaIancer resource name “EIasticLoad BaIancer”?
A. “Fn::Join” : [ ‘‘’‘ . [“http://”, {“Fn::GetAtr” : [“EIasticLoadBalancer”,”DNSName”]}]]
B. “Fn::Join” : [ ‘‘’‘ . [“http://”, {“Fn::GetAtr” : [“E|asticLoadBa|ancer”,”Ur|”]}]]
C. “Fn::Join” : [ ‘‘’‘ . [“http://”, {“Ref” : “EIasticLoadBaIancerUr|”}]]
D. “Fn::Join” : [“http://”, {“Ref” : “EIasticLoadBaIancerDNSName”}]]
Answer: B
NEW QUESTION 247
An Amazon S3 bucket, “myawsbucket” is configured with website hosting in Tokyo region, what is the region-specific website endpoint?
A. www.myawsbucket.ap-northeast-1.amazonaws.com
B. myawsbucket.s3-website-ap-northeast-I.amazonawscom
C. myawsbucket.amazonaws.com
D. myawsbucket.tokyo.amazonaws.com
Answer: B
NEW QUESTION 248
Your application is trying to upload a 6 GB file to Simple Storage Service and receive a “Your proposed upload exceeds the maximum allowed object size.” error message.
What is a possible solution for this?
A. None, Simple Storage Service objects are limited to 5 GB
B. Use the multi-part upload API for this object
C. Use the large object upload API for this object
D. Contact support to increase your object size limit
E. Upload to a different region
Answer: B
NEW QUESTION 253
What type of block cipher does Amazon S3 offer for server side encryption?
A. Triple DES
B. Advanced Encryption Standard
C. Blowfish
D. RC5
Answer: B
NEW QUESTION 257
You are writing to a DynamoDB table and receive the following exception:” ProvisionedThroughputExceededException”. though according to your Cloudwatch metrics for the table, you are not exceeding your provisioned throughput.
What could be an explanation for this?
A. You haven’t provisioned enough DynamoDB storage instances
B. You’re exceeding your capacity on a particular Range Key
C. You’re exceeding your capacity on a particular Hash Key
D. You’re exceeding your capacity on a particular Sort Key
E. You haven’t configured DynamoDB Auto Scaling triggers
Answer: C
NEW QUESTION 262
Company A has an S3 bucket containing premier content that they intend to make available to only paid subscribers of their website. The S3 bucket currently has default permissions of all objects being private to prevent inadvertent exposure of the premier content to non-paying website visitors. How can Company A provide only paid subscribers the ability to download a premier content file in the S3 bucket?
A. Apply a bucket policy that grants anonymous users to download the content from the S3 bucket
B. Generate a pre-signed object URL for the premier content file when a paid subscriberrequests adownload
C. Add a bucket policy that requires Multi-Factor Authentication for requests to access the S3 bucket objects
D. Enable server side encryption on the S3 bucket for data protection against the non-paying website visitors
Answer: B
NEW QUESTION 267
Which of the following is chosen as the default region when making an API call with an AWS SDK?
A. ap-northeast-1
B. us-west-2
C. us-east-1
D. eu-west-1
E. us-central-1
Answer: C
NEW QUESTION 271
After launching an instance that you intend to serve as a NAT (Network Address Translation) device in a public subnet you modify your route tables to have the NAT device be the target of internet bound traffic of your private subnet. When you try and make an outbound connection to the Internet from an instance in the private subnet, you are not successful.
Which of the following steps could resolve the issue?
A. Attaching a second Elastic Network interface (ENI) to the NAT instance, and placing it in the private subnet
B. Attaching a second Elastic Network Interface (ENI) to the instance in the private subnet, and placing it in the public subnet
C. Disabling the Source/Destination Check attribute on the NAT instance
D. Attaching an Elastic IP address to the instance in the private subnet
Answer: C
NEW QUESTION 274
What happens, by default, when one of the resources in a CIoudFormation stack cannot be created?
A. Previously-created resources are kept but the stack creation terminates.
B. Previously-created resources are deleted and the stack creation terminates.
C. The stack creation continues, and the final results indicate which steps failed.
D. CIoudFormation templates are parsed in advance so stack creation is guaranteed to succee
Answer: B
Source : https://www.dumpscollection.net/dumps/AWS-Certified-Developer-Associate/