AWS Certified Developer Associate EXAM DUMP -3

NEW QUESTION 1 

In regard to DynamoDB, which of the following statements is correct? 

A. An Item should have at least two value sets, a primary key and another attribute. 

B. An Item can have more than one attributes. 

C. A primary key should be single-valued. 

D. An attribute can have one or several other attribute 

Answer:

Explanation:  

In Amazon DynamoDB, a database is a collection of tables. A table is a collection of items and each item 

is a collection of attributes. 

Reference: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/DataModeI.html 

NEW QUESTION 2 

Which one of the following operations is NOT a DynamoDB operation? 

A. BatchWrite|tem 

B. DescribeTabIe 

C. BatchGetItem 

D. BatchDeIeteItem 

Answer:

Explanation:  

In DynamoDB, Deleteltem deletes a single item in a table by primary key, but BatchDeIeteItem doesn’t exist. 

Reference: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/operationIist.htmI 

NEW QUESTION 3 

True or False: In DynamoDB, Scan operations are always eventually consistent. 

A. No, scan is like Query operation 

B. Yes 

C. No, scan is strongly consistent by default 

D. No, you can optionally request strongly consistent sca 

Answer:

Explanation:  

In DynamoDB, Scan operations are always eventually consistent. 

Reference: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/APISummary.htmI 

NEW QUESTION 4 

Regarding Amazon SNS, when you want to subscribe to a topic and receive notifications to your email, in the Protocol drop-down box, you should select . 

A. Email 

B. Message 

C. SMTP 

D. IMAP 

Answer:

Explanation:  

In Amazon SNS, when you want to subscribe to a topic and receive notifications to your email, select Email in the Protocol drop-down box. Enter an email address you can use to receive the notification in the Endpoint field. 

Reference: http://docs.aws.amazon.com/sns/latest/dg/SubscribeTopic.html 

NEW QUESTION 5 

In Amazon EC2, which of the following is the type of monitoring data for Amazon EBS volumes that is available automatically in 5-minute periods at no charge? 

A. Primary 

B. Basic 

C. Initial 

D. Detailed 

Answer:

Explanation:  

Basic is the type of monitoring data (for Amazon EBS volumes) which is available automatically in 5-minute periods at no charge called. Reference: 

http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/monitoring-volume-status.html 

NEW QUESTION 6 

In DynamoDB, to get a detailed listing of secondary indexes on a table, you can use the action. 

A. DescribeTabIe 

B. BatchGetItem 

C. Getltem 

D. TabIeName 

Answer:

Explanation:  

In DynamoDB, DescribeTab|e returns information about the table, including the current status ofthe table, when it was created, the primary key schema, and any indexes on the table. 

Reference: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Secondarylndexes.htmI 

NEW QUESTION 7 

A user has launched an EC2 instance. However, due to some reason the instance was terminated. If the user wants to find out the reason for termination, where can he find the details? 

A. The user can get information from the AWS console, by checking the Instance description under the State transition reason label B. The user can get information from the AWS console, by checking the Instance description under the Instance Termination reason label C. The user can get information from the AWS console, by checking the Instance description under the Instance Status Change reason label D. It is not possible to find the details after the instance is terminated 

Answer:

Explanation:  

An EC2 instance, once terminated, may be available in the AWS console for a while after termination. The user can find the details about the termination from the description tab under the label State transition reason. If the instance is still running, there will be no reason listed. If the user has explicitly stopped or terminated the instance, the reason will be “User initiated shutdown”. 

Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_|nstanceStraightToTerminated.html 

NEW QUESTION 8 

is a task coordination and state management service for cloud applications. 

A. Amazon SES 

B. Amazon SWF 

C. Amazon FPS 

D. Amazon SNS 

Answer:

Explanation:  

Amazon Simple Workflow (Amazon SWF) is a task coordination and state management service for cloud applications. With Amazon SWF, you can stop writing complex glue-code and state machinery and invest more in the business logic that makes your applications unique. 

Reference: http://aws.amazon.com/swf/ 

NEW QUESTION 9 

A user is planning to create a structured database in the cloud. Which of the below mentioned AWS offerings help the user achieve the goal? 

A. AWS DynamoDB 

B. AWS RDS 

C. AWS Simp|eDB 

D. AWS RSD 

Answer:

Explanation:  

AWS RDS is a managed database server offered by AWS, which makes it easy to set up, operate, and scale a relational database or structured data in cloud. Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html 

NEW QUESTION 10 

Which one of the following data types does Amazon DynamoDB not support? 

A. Arrays 

B. String 

C. Binary 

D. Number Set 

Answer:

Explanation:  

Amazon DynamoDB supports the following data types: Scalar data types (like Number, String, and Binary) 

Multi-valued types (like String Set, Number Set, and Binary Set). Reference: 

http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/DataModeI.htmI#DataModeI.Data Types 

NEW QUESTION 10 

A user plans to use RDS as a managed DB platform. Which of the below mentioned features is not supported by RDS? 

A. Automated backup 

B. Automated scaling to manage a higher load 

C. Automated failure detection and recovery 

D. Automated software patching 

Answer:

Explanation:  

AWS RDS provides a managed DB platform, which offers features, such as automated backup, patch management, automated failure detection and recovery. The scaling is not automated and the user needs to plan it with a few clicks. 

Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html 

NEW QUESTION 11 

A user has created a queue named “myqueue” with SQS. There are four messages published to queue which are not received by the consumer yet. If the user tries to delete the queue, what will happen? 

A. A user can never delete a queue manuall 

B. AWS deletes it after 30 days of inactMty on queue 

C. It will initiate the delete but wait for four days before deleting until all messages are deleted automatically. 

D. It will ask user to delete the messages first 

E. It will delete the queue 

Answer:

Explanation:  

SQS allows the user to move data between distributed components of applications so they can perform different tasks without losing messages or requiring each component to be always available. The user can delete a queue at any time, whether it is empty or not. It is important to note that queues retain messages for a set period of time. By default, a queue retains messages for four days. Reference: 

http://docs.aws.amazon.com/AWSSimpIeQueueService/latest/SQSDeveIoperGuide/SQSConcepts.html 

NEW QUESTION 15 

In relation to Amazon SQS, how can you ensure that messages are delivered in order? 

A. Increase the size of your queue 

B. Send them with a timestamp 

C. Give each message a unique id. 

D. AWS cannot guarantee that you will receive messages in the exact order you sent them 

Answer:

Explanation:  

Amazon SQS makes a best effort to preserve order in messages, but due to the distributed nature of the queue, AWS cannot guarantee that you will receive messages in the exact order you sent them. You typically place sequencing information or timestamps in your messages so that you can reorder them upon receipt. 

Reference: https://aws.amazon.com/items/1343?externaI|D=1343 

NEW QUESTION 16 

In relation to Amazon SQS, how many queues and messages can you have per queue for each user? 

A. Unlimited 

B. 10 

C. 256 

D. 500 

Answer:

Explanation:  

Amazon SQS supports an unlimited number of queues and unlimited number of messages per queue for each user. Please be aware that Amazon SQS automatically deletes messages that have been in the queue for more than 4 days. 

Reference: https://aws.amazon.com/items/1343?externaIID=1343 

NEW QUESTION 21 

Regarding Amazon SNS, to begin using Amazon SNS mobile push notifications, you first need that uses one of the supported push notification services: APNS, GCM, or ADM. 

A. an access policy for the mobile endpoints 

B. to active push notification service of Amazon SNS 

C. to know the type of mobile device operating system 

D. an app for the mobile endpoints 

Answer:

Explanation:  

In Amazon SNS, to begin using Amazon SNS mobile push notifications, you first need an app for the mobile endpoints that uses one of the supported push notification services: APNS, GCM, or ADM. After you’ve registered and configured the app to use one of these services, you configure Amazon SNS to send push notifications to the mobile endpoints. 

Reference: http://docs.aws.amazon.com/sns/latest/dg/SNSMobiIePush.htmI 

NEW QUESTION 25 

How many types of block devices does Amazon EC2 support? 

A. 5 

B. 1 

C. 2 

D. 4 

Answer:

Explanation:  

Amazon EC2 supports 2 types of block devices. Reference: 

http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html 

NEW QUESTION 26 

In regard to DynamoDB, can I delete local secondary indexes? 

A. Yes, if it is a primary hash key index 

B. No 

C. Yes, if it is a local secondary indexes 

D. Yes, if it is a Global secondary indexes 

Answer:

Explanation:  

In DynamoDB, an index cannot be modified once it is created. Reference: http://aws.amazon.com/dynamodb/faqs/#security_anchor 

NEW QUESTION 31 

Can you SSH to your private machines that reside in a VPC from outside without elastic IP? 

A. Yes, but only if you have direct connect or vpn 

B. Only if you are using a non-US region 

C. Only if you are using a US region 

D. No 

Answer:

Explanation:  

The instances that reside in the private subnets of your VPC are not reachable from the Internet, meAMng that is not possible to ssh into them. To interact with them you can use a bastion server, located in a public subnet, that will act as a proxy for them. 

You can also connect if you have direct connect or vpn. 

Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html 

NEW QUESTION 36 

Does AWS CIoudFormation support Amazon EC2 tagging? 

A. It depends if the Amazon EC2 tagging has been defined in the template. 

B. No, it doesn’t support Amazon EC2 tagging. 

C. No, CIoudFormation doesn’t support any tagging 

D. Yes, AWS CIoudFormation supports Amazon EC2 tagging 

Answer:

Explanation:  

In AWS CIoudFormation, Amazon EC2 resources that support the tagging feature can also be tagged in an AWS template. The tag values can refer to template parameters, other resource names, resource attribute values (e.g. addresses), or values computed by simple functions (e.g., a concatenated list of strings). Reference: http://aws.amazon.com/c|oudformation/faqs/ 

NEW QUESTION 40 

A user is planning to host a web server as well as an app server on a single EC2 instance which is a part of the public subnet of a VPC. How can the user setup to have two separate public IPs and separate security groups for both the application as well as the web server? 

A. Launch a VPC instance with two network interface 

B. Assign a separate security group to each and AWS will assign a separate public IP to them. 

C. Launch VPC with two separate subnets and make the instance a part of both the subnets. 

D. Launch a VPC instance with two network interface 

E. Assign a separate security group and elastic IP to them. 

F. Launch a VPC with ELB such that it redirects requests to separate VPC instances of the public subne 

Answer:

Explanation:  

If you need to host multiple websites(with different IPs) on a single EC2 instance, the following is the suggested method from AWS. Launch a VPC instance with two network interfaces 

Assign elastic IPs from VPC EIP pool to those interfaces (Because, when the user has attached more than one network interface with an instance, AWS cannot assign public IPs to them.) 

Assign separate Security Groups if separate Security Groups are needed 

This scenario also helps for operating network appliances, such as firewalls or load balancers that have multiple private IP addresses for each network interface. 

Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/MuItipIeIP.html 

NEW QUESTION 45 

A user has attached one RDS security group with 5 RDS instances. The user has changed the ingress rule for the security group. What will be the initial status of the ingress rule? 

A. Approving 

B. Implementing 

C. Authorizing 

D. It is not possible to assign a single group to multiple DB instances 

Answer:

Explanation:  

When the user makes any changes to the RDS security group the rule status will be authorizing for some time until the changes are applied to all instances that the group is connected with. Once the changes are propagated the rule status will change to authorized. 

Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithSecurityGroups.html 

NEW QUESTION 50 

A user wants to configure AutoScaIing which scales up when the CPU utilization is above 70% and scales down when the CPU utilization is below 30%. How can the user configure AutoScaIing for the above mentioned condition? 

A. Use AutoScaIing with a schedule 

B. Configure ELB to notify AutoScaIing on load increase or decrease 

C. Use dynamic AutoScaIing with a policy 

D. Use AutoScaIing by manually modifying the desired capacity during a condition 

Answer:

Explanation:  

The user can configure the AutoScaIing group to automatically scale up and then scale down based on the specified conditions. To configure this, the user must setup policies which will get triggered by the C|oudWatch alarms. 

Reference: 

http://docs.aws.amazon.com/AutoScaling/latest/DeveIoperGuide/as-scaIe-based-on-demand.html 

NEW QUESTION 53 

A user has created an application which sends data to a log file. The server hosting the log files can be unavailable due to any reason. The user wants to make it so that whenever the log server is up it should be receMng the messages. Which of the below mentioned AWS services helps achieve this functionality? 

A. AWS Simple Workflow 

B. AWS Simple Task Service 

C. AWS Simple Notification Service 

D. AWS Simple Queue Service 

Answer:

Explanation:  

Amazon Simple Queue Service (SQS) is a fast, reliable, scalable, and fully managed message queuing service. SQS provides a simple and cost-effective way to decouple the components of an application. The user can use SQS to transmit any volume of data without losing messages or requiring other services to always be available. Using SQS, the application has to just send the data to SQS and SQS transmits it to the log file whenever it is available. Reference: http://aws.amazon.com/sqs/ 

NEW QUESTION 54 

In AWS Elastic Beanstalk, you can update your deployed application even while it is part of a running environment. For a Java application, you can also use to update your deployed application. 

A. the AWS Toolkit for Eclipse 

B. the AWS Toolkit for Visual Studio 

C. the AWS Toolkit for JVM 

D. the AWS Toolkit for Netbeans 

Answer:

Explanation:  

In AWS Elastic Beanstalk, you can update your deployed application, even while it is part of a running environment. For a Java application, you can also use the AWS Toolkit for Eclipse to update your deployed application. 

Reference: http://docs.aws.amazon.com/elasticbeanstaIk/latest/dg/GettingStarted.WaIkthrough.htmI 

NEW QUESTION 56 

You have a number of image files to encode. In an Amazon SQS worker queue, you create an Amazon SQS message for each file specifying the command (jpeg encode) and the location of the file in Amazon S3. Which of the following statements best describes the functionality of Amazon SQS? 

A. Amazon SQS is for single-threaded sending or receMng speeds. 

B. Amazon SQS is a non-distributed queuing system. 

C. Amazon SQS is a distributed queuing system that is optimized for horizontal scalability, not for single-threaded sending or receMng speeds. D. Amazon SQS is a distributed queuing system that is optimized for vertical scalability and for single-threaded sending or receMng speeds. 

Answer:  

Explanation:  

Amazon SQS is a distributed queuing system that is optimized for horizontal scalability, not for 

single-threaded sending or receMng speeds. A single client can send or receive Amazon SQS messages at a rate of about 5 to 50 messages per second. Higher receive performance can be achieved by requesting multiple messages (up to 10) in a single call. It may take several seconds before a message that has been to a queue is available to be received. 

Reference: http://media.amazonwebservices.com/AWS_Storage_Options.pdf 

NEW QUESTION 58 

A user is creating an ELB with VPC. Which of the following options is available as a part of the “Add EC2 instances” page? 

A. Select Subnet 

B. Select IAM 

C. Select ENI 

D. Select VPC 

Answer:

Explanation:  

When a user is launching an ELB with VPC, he/she has to select the options, such as subnet and security group before selecting the instances part of that subnet. Reference: 

http://docs.aws.amazon.com/EIasticLoadBaIancing/latest/Deve|operGuide/elb-getting-started.htmI 

NEW QUESTION 63 

You want to have multiple versions of your application running at the same time, with all versions launched via AWS Elastic Beanstalk. Is this possible? 

A. N 

B. However if you have 2 AWS accounts this can be done 

C. N 

D. AWS Elastic Beanstalk is not designed to support multiple running environments 

E. Ye 

F. AWS Elastic Beanstalk is designed to support a number of multiple running environments 

G. Ye 

H. However AWS Elastic Beanstalk is designed to support only 2 multiple running environments 

Answer:

Explanation:  

AWS Elastic Beanstalk is designed to support multiple running environments. As an example you could have one for integration testing, one for pre-production, and one for production, with each environment independently configured and running on its own separate AWS resources. 

Reference: https://aws.amazon.com/elasticbeansta|k/faqs/ 

NEW QUESTION 65 

When using Amazon SQS how much data can you store in a message? 

A. 8 KB 

B. 2 KB 

C. 16 KB 

D. 4 KB 

Answer:

Explanation:  

With Amazon SQS version 2008-01-01, the maximum message size for both SOAP and Query requests is 8KB. 

If you need to send messages to the queue that are larger than 8 KB, AWS recommends that you split the information into separate messages. Alternatively, you could use Amazon S3 or Amazon Simp|eDB to hold the information and include the pointer to that information in the Amazon SQS message. If you send a message that is larger than 8KB to the queue, you will receive a MessageTooLong error with HTTP code 400. Reference: https://aws.amazon.com/items/1343?externaI|D=1343 

NEW QUESTION 70 

A user has launched one EC2 instance in the US West region. The user wants to access the RDS instance launched in the US East region from that EC2 instance. How can the user configure the access for that EC2 instance? 

A. It is not possible to access RDS of the US East region from the US West region 

B. Open the security group of the US West region in the RDS security group’s ingress rule 

C. Configure the IP range of the US West region instance as the ingress security rule of RDS 

D. Create an IAM role which has access to RDS and launch an instance in the US West region with it 

Answer:

Explanation:  

The user cannot authorize an Amazon EC2 security group if it is in a different AWS Region than the RDS DB instance. The user can authorize an IP range or specify an Amazon EC2 security group in the same region that refers to an IP address in another region. 

Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithSecurityGroups.html 

NEW QUESTION 71 

In regard to DynamoDB, what is the Global secondary index? 

A. An index with a hash and range key that can be different from those on the table. 

B. An index that has the same range key as the table, but a different hash key 

C. An index that has the same hash key and range key as the table 

D. An index that has the same hash key as the table, but a different range key 

Answer:

Explanation:  

Global secondary index – an index with a hash and range key that can be different from those on the table. 

Reference: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/DataModel.html 

NEW QUESTION 75 

Which of the below mentioned options is not a best practice to securely manage the AWS access credentials? 

A. Enable MFA for prMleged users 

B. Create indMdual IAM users 

C. Keep rotating your secure access credentials at regular intervals 

D. Create strong access key and secret access key and attach to the root account 

Answer:

Explanation:  

It is a recommended approach to avoid using the access and secret access keys of the root account. 

Thus, do not download or delete it. Instead make the IAM user as powerful as the root account and use its credentials. The user cannot generate their own access and secret access keys as they are always generated by AWS. 

Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/IAMBestPractices.html 

NEW QUESTION 76 

You have been given a scope to deploy some AWS infrastructure for a large orgAMsation. The requirements are that you will have a lot of EC2 instances but may need to add more when the average utilization of your Amazon EC2 fileet is high and conversely remove them when CPU utilization is low. Which AWS services would be best to use to accomplish this? 

A. Amazon CIoudFront, Amazon CIoudWatch and Elastic Load Balancing. 

B. Auto Scaling, Amazon CIoudWatch and AWS CIoudTraiI. 

C. Auto Scaling, Amazon CIoudWatch and Elastic Load Balancing. 

D. Auto Scaling, Amazon CIoudWatch and AWS Elastic Beanstalk 

Answer:

Explanation:  

Auto Scaling enables you to follow the demand curve for your applications closely, reducing the need to manually provision Amazon EC2 capacity in advance. For example, you can set a condition to add new Amazon EC2 instances in increments to the Auto Scaling group when the average utilization of your Amazon EC2 fileet is high; and similarly, you can set a condition to remove instances in the same increments when CPU utilization is low. If you have predictable load changes, you can set a schedule through Auto Scaling to plan your scaling actMties. You can use Amazon CIoudWatch to send alarms to trigger scaling actMties and Elastic Load Balancing to help distribute traffic to your instances within Auto Scaling groups. Auto Scaling enables you to run your Amazon EC2 fileet at optimal utilization. Reference: http://aws.amazon.com/autoscaIing/ 

NEW QUESTION 78 

A user has launched an EC2 instance and installed a website with the Apache webserver. The webserver is running but the user is not able to access the website from the internet. What can be the possible reason for this failure? 

A. The security group of the instance is not configured properly. 

B. The instance is not configured with the proper key-pairs. 

C. The Apache website cannot be accessed from the internet. 

D. Instance is not configured with an elastic I 

Answer:

Explanation:  

In Amazon Web Services, when a user has configured an instance with Apache, the user needs to ensure that the ports in the security group are opened as configured in Apache config. E.g. If Apache is running on port 80, the user should open port 80 in the security group. 

Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html 

NEW QUESTION 79 

Can one instance be registered with two ELBs in the same region? 

A. No 

B. Yes, provided both ELBs have the same health check configuration 

C. Yes, always 

D. Yes, provided both ELBs are in the same AZ 

Answer:

Explanation:  

Yes, it is possible to have one instance part of two separate ELBs, though both ELBs have different configurations. ELBs are never launched in specific zones. Reference: 

http://docs.aws.amazon.com/EIasticLoadBaIancing/latest/DeveIoperGuide/enable-disable-az.html 

NEW QUESTION 80 

What does Amazon SQS provide? 

A. An asynchronous message queue service. 

B. A Simple Query Sewer, managed directly by Amazon Web Services. 

C. None of these. 

D. A synchronous message queue service. 

Answer:

Explanation:  

Amazon SQS stands for Simple Queue Services, and provides a cost-effective way to decouple the components of your application through an asynchronous message queue service 

Reference: http://aws.amazon.com/sqs/ 

NEW QUESTION 82 

A user has created a blank EBS volume in the US-East-1 region. The user is unable to attach the volume to a running instance in the same region. What could be the possible reason for this? 

A. The instance must be in a running stat 

B. It is required to stop the instance to attach volume 

C. The AZ for the instance and volume are different 

D. The instance is from an instance store backed AMI 

E. The instance has enabled the volume attach protection 

Answer:

Explanation:  

An EBS volume provides persistent data storage. The user can attach a volume to any instance provided they are both in the same AZ. Even if they are in the same region but in a different AZ, it will not be able to attach the volume to that instance. 

Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.htmI 

NEW QUESTION 87 

In DynamoDB, could you use IAM to grant access to Amazon DynamoDB resources and API actions? 

A. Yes 

B. Depended to the type of access 

C. In DynamoDB there is no need to grant access 

D. No 

Answer:

Explanation:  

Amazon DynamoDB integrates with AWS Identity and Access Management (IAM). You can use AWS IAM to grant access to Amazon DynamoDB resources and API actions. To do this, you first write an AWS IAM policy, which is a document that explicitly lists the permissions you want to grant. You then attach that policy to an AWS IAM user or role. 

Reference: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/UsingIAMWithDDB.htmI 

NEW QUESTION 88 

An orgAMzation is setting up their website on AWS. The orgAMzation is working on various security measures to be performed on the AWS EC2 instances. Which of the below mentioned security mechAMsms will not help the orgAMzation to avoid future data leaks and identify security weaknesses? 

A. Perform SQL injection for application testing. 

B. Run penetration testing on AWS with prior approval from Amazon. 

C. Perform a hardening test on the AWS instance. 

D. Perform a Code Check for any memory leak 

Answer:

Explanation:  

AWS security follows the shared security model where the user is as much responsible as Amazon. Since Amazon is a public cloud it is bound to be targeted by hackers. If an orgAMzation is planning to host their application on AWS EC2, they should perform the below mentioned security checks as a measure to find any security weakness/data leaks: 

Perform penetration testing as performed by attackers to find any vulnerability. The orgAMzation must take an approval from AWS before performing penetration testing 

Perform hardening testing to find if there are any unnecessary ports open Perform SQL injection to find any DB security issues The code memory checks are generally useful when the orgAMzation wants to improve the application performance. 

Reference: http://aws.amazon.com/security/penetration-testing/ 

NEW QUESTION 92 

Regarding Amazon SQS, what happens if there is no actMty against a queue for more than 30 consecutive days? 

A. Your account will be suspended 

B. The queue may be deleted 

C. Nothing 

D. The queue will be deleted 

Answer:

Explanation:  

AWS reserve the right to delete a queue if none of the following requests have been issued against the queue for more than 30 consecutive days: SendMessage ReceiveMessage DeIeteMessage GetQueueAttributes SetQueueAttributes 

You should design your application with this in mind. Reference: https://aws.amazon.com/sqs/faqs/ 

NEW QUESTION 96 

Which of the below mentioned commands allows the user to share the AMI with his peers using the AWS EC2 CLI? 

A. ec2-share-image-public 

B. ec2-share-image-account 

C. ec2-share-image 

D. ec2-modify-image-attribute 

Answer:

Explanation:  

A user can share an AMI with another user / peer using the command: ec2-modify-image-attribute 

<AMI-ID> -| -a <AWS Account |D> 

Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sharingamis-expIicit.htmI 

NEW QUESTION 98 

A user has created a new EBS volume from an existing snapshot. The user mounts the volume on the instance to which it is attached. Which of the below mentioned options is a required step before the user can mount the volume? 

A. Run a cyclic check on the device for data consistency 

B. Create the file system of the volume 

C. Resize the volume as per the original snapshot size 

D. No step is require 

E. The user can directly mount the device 

Answer:

Explanation:  

When a user is trying to mount a blank EBS volume, it is required that the user first creates a file system within the volume. If the volume is created from an existing snapshot then the user needs not to create a file system on the volume as it will wipe out the existing data. 

Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-using-volumes.htmI 

NEW QUESTION 103 

In regards to Amazon SQS how many times will you receive each message? 

A. At least twice 

B. Exactly once 

C. As many times as you want 

D. At least once 

Answer:

Explanation:  

Amazon SQS is engineered to provide “at least once” delivery of all messages in its queues. Although most of the time, each message will be delivered to your application exactly once, you should design your system so that processing a message more than once does not create any errors or inconsistencies. Reference: https://aws.amazon.com/sqs/faqs/ 

NEW QUESTION 107 

A user is enabling logging on a particular bucket. Which of the below mentioned options may be best suitable to allow access to the log bucket? 

A. Create an IAM policy and allow log access 

B. It is not possible to enable logging on the S3 bucket 

C. Create an IAM Role which has access to the log bucket 

D. Provide ACL for the logging group 

Answer:

Explanation:  

The only recommended use case for the S3 bucket ACL is to grant the write permission to the Amazon S3 Log Delivery group to write access log objects to the user’s bucket. 

Reference: http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-alternatives-guidelines.html 

NEW QUESTION 112 

A user is trying to share a video file with all his friends. Which of the below mentioned AWS services will be cheapest and easy to use? 

A. AWS S3 

B. AWS EC2 

C. AWS RRS 

D. AWS Glacier 

Answer:

Explanation:  

AWS RRS provides the same functionality as AWS S3, but at a cheaper rate. It is ideally suited for non mission critical applications. It provides less durability than S3, but is a cheaper option. 

Reference: http://docs.aws.amazon.com/AmazonS3/Iatest/dev/UsingRRS.htmI 

NEW QUESTION 117 

A user has configured ELB. Which of the below mentioned protocols the user can configure for ELB health checks while setting up ELB? 

A. All of the options 

B. TCP 

C. HTTPS 

D. SSL 

Answer:

Explanation:  

An ELB performs a health check on its instances to ensure that it diverts traffic only to healthy instances. The ELB can perform a health check on HTTP, HTTPS, TCP and SSL protocols. 

Reference: http://docs.aws.amazon.com/EIasticLoadBaIancing/latest/Deve|operGuide/Welcome.html 

NEW QUESTION 119 

Is it possible to create an S3 bucket accessible only by a certain IAM user, using policies in a C|oudFormation template? 

A. No, you can only create the S3 bucket but not the IAM user. 

B. S3 is not supported by CIoudFormation. 

C. Yes, all these resources can be created using a CIoudFormation template 

D. No, in the same template you can only create the S3 bucket and the realtive polic 

Answer:

Explanation:  

With AWS Identity and Access Management (IAM), you can create IAM users to control who has access to which resources in your AWS account. You can use IAM with AWS CIoudFormation to control what AWS CIoudFormation actions users can perform, such as view stack templates, create stacks, or delete stacks. In addition to AWS CIoudFormation actions, you can manage what AWS services and resources are available to each user. 

NEW QUESTION 122 

A user has launched an RDS instance. The user has created 3 databases on the same server. What can the maximum size be for each database? 

A. The size of each DB cannot be more than 3 TB 

B. It is not possible to have more than one DB on a single instance 

C. The total instance storage size cannot be more than 3 TB 

D. The size of each DB cannot be more than 1 TB 

Answer:

Explanation:  

The AWS RDS DB instance is an isolated DB environment provided by AWS in which the user can create more than 1 database. The maximum size ofthe instance should be between 5 GB and 3 TB. The size of each DB can be anything in this range. 

Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html 

NEW QUESTION 125 

In relation to Amazon Simple Workflow Service (Amazon SWF),what is an “ActMty Worker”? 

A. An indMdual task undertaken by a workflow 

B. The automation of a business process 

C. A piece of software that implements tasks 

D. All answers listed are correct 

Answer:

Explanation:  

In relation to Amazon Simple Workflow Service (Amazon SWF), an actMty worker is a program that receives actMty tasks, performs them, and provides results back. Which translates to a piece of software that implements tasks. 

Reference: http://docs.aws.amazon.com/amazonswf/latest/developerguide/swf-dg-develop-actMty.html 

NEW QUESTION 126 

You cannot access your AWS console, so you revert to using the CLI that you are not familiar with. Which of the following commands is not a valid CLI command for EC2 instances? 

A. ec2-allocate-address 

B. ec2-attach-internet-gateway 

C. ec2-associate-route-table 

D. ec2-allocate-interface 

Answer:

Explanation:  

You can use the CLI tools to manage your Amazon EC2 resources (such as instances, security groups, and volumes) and your Amazon VPC resources (such as VPCs, subnets, route tables, and Internet gateways). Before you can start using the tools, you must download and configure them. The following are valid CLI commands for EC2 instances: ec2-accept-vpc-peering-connection 

ec2-allocate-address 

ec2-assign-private-ip-addresses ec2-associate-address 

ec2-associate-dhcp-options ec2-associate-route-table 

ec2-attach-internet-gateway 

ec2-attach-network-interface (not ec2-allocate-interface) Reference: 

http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/command-reference.html 

NEW QUESTION 129 

When AutoScaIing is launching a new instance based on condition, which of the below mentioned policies will it follow? 

A. Based on the criteria defined with cross zone Load balancing 

B. Launch an instance which has the highest load distribution 

C. Launch an instance in the AZ with the fewest instances 

D. Launch an instance in the AZ which has the highest instances 

Answer:

Explanation:  

AutoScaIing attempts to distribute instances evenly between the Availability Zones that are enabled for the user’s AutoScaIing group. Auto Scaling does this by attempting to launch new instances in the Availability Zone with the fewest instances. 

Reference:http://docs.aws.amazon.com/AutoScaIing/latest/Deve|operGuide/AS_Concepts.htmI 

NEW QUESTION 133 

Which Amazon service is not used by Elastic Beanstalk? 

A. Amazon S3 

B. Amazon ELB 

C. Auto scaling 

D. Amazon EMR 

Answer:

Explanation:  

Elastic Beanstalk leverages AWS services such as Amazon Elastic Cloud Compute (Amazon EC2), Amazon Simple Storage Service (Amazon S3), Amazon Simple Notification Service (Amazon SNS), Elastic Load Balancing and Auto Scaling to deliver the same highly reliable, scalable, and cost-effective infrastructure that hundreds of thousands of businesses depend on today. 

Reference: http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/\NeIcome.html 

NEW QUESTION 138 

Which of the below mentioned options can be a good use case for storing content in AWS RRS? 

A. Storing mission critical data Files 

B. Storing infrequently used log files 

C. Storing a video file which is not reproducible 

D. Storing image thumbnails 

Answer:

Explanation:  

AWS RRS provides the same functionality as AWS S3, but at a cheaper rate. It is ideally suited for non-mission, critical applications, such as files which can be reproduced. 

Reference: http://docs.aws.amazon.com/AmazonS3/Iatest/dev/UsingRRS.htmI 

NEW QUESTION 139 

Which header received at the EC2 instance identifies the port used by the client while requesting ELB? 

A. X-Forvvarded-Proto 

B. X-Requested-Proto 

C. X-Forvvarded-Port 

D. X-Requested-Port 

Answer:

Explanation:  

The X-Forvvarded-Port request header helps the user identify the port used by the client while sending a request to ELB. 

Reference: http://docs.aws.amazon.com/EIasticLoadBalancing/latest/DeveIoperGuide/TerminologyandKeyConcepts. html 

NEW QUESTION 141 

When you register an actMty in Amazon SWF, you provide the following information, except: 

A. a name 

B. timeout values 

C. a domain 

D. version 

Answer:

Explanation:  

When designing an Amazon SWF workflow, you precisely define each of the required actMties. You then register each actMty with Amazon SWF as an actMty type. When you register the actMty, you provide information such as a name and version, and some timeout values based on how long you expect the actMty to take. 

Reference: http://docs.aws.amazon.com/amazonswf/latest/developerguide/swf-dg-intro-to-swf.html 

NEW QUESTION 145 

A user is trying to create a policy for an IAM user from the AWS console. Which of the below mentioned options is not available to the user while configuring policy? 

A. Use policy generator to create policy 

B. Use custom policy to create policy 

C. Use policy simulator to create policy 

D. Assign No permission 

Answer:

Explanation:  

When a user is trying to create a policy from the AWS console, it will have options such as create policy from templates or use a policy generator. The user can also define a custom policy or chose the option to have no permission. The policy simulator is not available in the console. 

Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/IAMBestPractices.html 

NEW QUESTION 148 

A user wants to access RDS from an EC2 instance using IP addresses. Both RDS and EC2 are in the same region, but different AZs. Which of the below mentioned options help configure that the instance is accessed faster? 

A. Configure the Private IP of the Instance in RDS security group 

B. Security group of EC2 allowed in the RDS security group 

C. Configuring the elastic IP of the instance in RDS security group 

D. Configure the Public IP of the instance in RDS security group 

Answer:

Explanation:  

If the user is going to specify an IP range in RDS security group, AWS recommends using the private IP address of the Amazon EC2 instance. This provides a more direct network route from the Amazon EC2 instance to the Amazon RDS DB instance, and does not incur network charges for the data sent outside of the Amazon network. 

Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithSecurityGroups.html 

NEW QUESTION 150 

A user is creating a snapshot of an EBS volume. Which of the below statements is incorrect in relation to the creation of an EBS snapshot? 

A. Its incremental 

B. It can be used to launch a new instance 

C. It is stored in the same AZ as the volume 

D. It is a point in time backup of the EBS volume 

Answer:

Explanation:  

The EBS snapshots are a point in time backup of the EBS volume. It is an incremental snapshot, but is always specific to the region and never specific to a single AZ. 

Hence the statement “|t is stored in the same AZ as the volume” is incorrect. 

Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.htmI 

NEW QUESTION 154 

A user is planning to use EBS for his DB requirement. The user already has an EC2 instance running in the VPC private subnet. How can the user attach the EBS volume to a running instance? 

A. The user must create EBS within the same VPC and then attach it to a running instance. 

B. The user can create EBS in the same zone as the subnet of instance and attach that EBS to instance. 

C. It is not possible to attach an EBS to an instance running in VPC until the instance is stopped. 

D. The user can specify the same subnet while creating EBS and then attach it to a running instanc 

Answer:

Explanation:  

A Virtual Private Cloud (VPC) is a virtual network dedicated to the user’s AWS account. The user can create subnets as per the requirement within a VPC. The VPC is always specific to a region. The user can create a VPC which can span multiple Availability Zones by adding one or more subnets in each Availability Zone. The instance launched will always be in the same availability zone of the respective subnet. When creating an EBS the user cannot specify the subnet or VPC. However, the user must create the EBS in the same zone as the instance so that it can attach the EBS volume to the running instance. Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.htm|#VPCSubnet 

NEW QUESTION 158 

Your manager has requested you to tag EC2 instances to orgAMze and manage a load balancer. Which of the following statements about tag restrictions is incorrect? 

A. The maximum key length is 127 Unicode characters. 

B. The maximum value length is 255 Unicode characters. 

C. Tag keys and values are case sensitive. 

D. The maximum number of tags per load balancer is 20. 

Answer:

Explanation:  

Tags help you to categorize your load balancers in different ways, for example, by purpose, owner, or environment. The following basic restrictions apply to tags: The maximum number of tags per resource is 

10. The maximum key length is 127 Unicode characters. The maximum value length that can be used is 255 Unicode characters. The tag keys and values are case sensitive. Allowed characters are letters, spaces, and numbers representable in UTF-8, plus the following special characters: + – =. _ : / @. Do not use leading or trailing spaces. Do not use the aws: prefix in your tag names or values because it is reserved for AWS use. You can’t edit or delete tag names or values with this prefix. Tags with this prefix do not count against your tags per resource limit. 

Reference: 

http://docs.aws.amazon.com/EIasticLoadBaIancing/latest/DeveIoperGuide/add-remove-tags.htmI#tag-res trictions 

NEW QUESTION 162 

How do you configure SQS to support longer message retention? 

A. Set the lVIessageRetentionPeriod attribute using the SetQueueAttributes method 

B. Using a Lambda function 

C. You can’ 

D. It is set to 14 days and cannot be changed 

E. You need to request it from AWS 

Answer:

Explanation:  

To configure the message retention period, set the lVIessageRetentionPeriod attribute using the SetQueueAttributes method. This attribute is used to specify the number of seconds a message will be retained by SQS. Currently the default value for the message retention period is 4 days. Using the lVIessageRetentionPeriod attribute, the message retention period can be set anywhere from 60 seconds (1 minute), up to 1209600 seconds (14 days). Reference: https://aws.amazon.com/sqs/faqs/ 

NEW QUESTION 163 

A user is trying to configure access with S3. Which of the following options is not possible to provide access to the S3 bucket / object? 

A. Define the policy for the IAM user 

B. Define the ACL for the object 

C. Define the policy for the object 

D. Define the policy for the bucket 

Answer:

Explanation:  

Amazon S3 offers access policy options broadly categorized as resource-based policies and user policies. 

Access policies, such as ACL and resource policy can be attached to the bucket. With the object the user can only have ACL and not an object policy. The user can also attach access policies to the IAM users in the account. These are called user policies. 

Reference: http://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html 

NEW QUESTION 165 

A user has developed an application which is required to send the data to a NoSQL database. The user wants to decouple the data sending such that the application keeps processing and sending data but 

does not wait for an acknowledgement of DB. Which of the below mentioned applications helps in this scenario? 

A. AWS Simple Notification Service 

B. AWS Simple Workflow 

C. AWS Simple Query Service 

D. AWS Simple Queue Service 

Answer:

Explanation:  

Amazon Simple Queue Service (SQS) is a fast, reliable, scalable, and fully managed message queuing service. SQS provides a simple and cost-effective way to decouple the components of an application. In this case, the user can use AWS SQS to send messages which are received from an application and sent to DB. The application can continue processing data without waiting for any acknowledgement from DB. The user can use SQS to transmit any volume of data without losing messages or requiring other services to always be available. 

Reference: http://aws.amazon.com/sqs/ 

NEW QUESTION 170 

An ELB is diverting traffic across 5 instances. One of the instances was unhealthy only for 20 minutes. What will happen after 20 minutes when the instance becomes healthy? 

A. ELB will never divert traffic back to the same instance 

B. ELB will not automatically send traffic to the same instanc 

C. However, the user can configure to start sending traffic to the same instance 

D. ELB starts sending traffic to the instance once it is healthy 

E. ELB terminates the instance once it is unhealth 

F. Thus, the instance cannot be healthy after 10 minutes 

Answer:

Explanation:  

AWS Elastic Load Balancing continuously checks the health of an instance. If one of the instances is unhealthy it stops sending traffic to it and automatically reroutes the traffic to the remaining running EC2 instances. If the failed EC2 instance is restored, Elastic Load Balancing will again start sending traffic to that instance. 

Reference: http://docs.aws.amazon.com/E|asticLoadBaIancing/latest/DeveIoperGuide/Svclntro.htm| 

NEW QUESTION 171 

An orgAMzation has created an application which is hosted on the AWS EC2 instance. The application stores images to S3 when the end user uploads to it. The orgAMzation does not want to store the AWS secure credentials required to access the S3 inside the instance. Which of the below mentioned options is a possible solution to avoid any security threat? 

A. Use the IAM role and assign it to the instance. 

B. Since the application is hosted on EC2, it does not need credentials to access S3. 

C. Use the X.509 certificates instead of the access and the secret access keys. 

D. Use the IAM based single sign between the AWS resources and the orgAMzation applicatio 

Answer:

Explanation:  

The AWS IAM role uses temporary security credentials to access AWS services. Once the role is assigned to an instance, it will not need any security credentials to be stored on the instance. Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html 

NEW QUESTION 173 

A user is creating an EBS volume. He asks for your advice. Which advice mentioned below should you not give to the user for creating an EBS volume? 

A. Take the snapshot of the volume when the instance is stopped 

B. Stripe multiple volumes attached to the same instance 

C. Create an AMI from the attached volume 

D. Attach multiple volumes to the same instance 

Answer:

Explanation:  

When a user creates an EBS volume, the user can attach it to a running instance. The user can attach multiple volumes to the same instance and stripe them together to increase the I/O. The user can take a snapshot from the existing volume but cannot create an AMI from the volume. However, the user can create an AMI from a snapshot. 

Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVoIumes.htmI 

NEW QUESTION 176 

In regards to VPC, select the correct statement: 

A. You can associate multiple subnets with the same Route Table. 

B. You can associate multiple subnets with the same Route Table, but you can’t associate a subnet with only one Route Table. C. You can’t associate multiple subnets with the same Route Table. 

D. None of thes 

Answer:

Explanation:  

Every subnet in your VPC must be associated with exactly one Route Table. However, multiple subnets can be associated with the same Route Table. Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Route_TabIes.html 

NEW QUESTION 178 

A user has hosted a website on AWS and uses ELB to load balance the multiple instances. The user application does not have any cookie management. How can the user bind the session of the requestor with a particular instance? 

A. Bind the IP address with a sticky cookie 

B. Create a cookie at the application level to set at ELB 

C. Use session synchronization with ELB 

D. Let ELB generate a cookie for a specified duration 

Answer:

Explanation:  

The key to manage the sticky session is determining how long the load balancer should route the user’s request to the same application instance. If the application has its own session cookie, then the user can set the Elastic Load Balancing to create the session cookie to follow the duration specified by the appIication’s session cookie. If the user’s application does not have its own session cookie, then he can set the Elastic Load Balancing to create a session cookie by specifying his own stickiness duration. Reference: http://docs.aws.amazon.com/EIasticLoadBaIancing/latest/DeveIoperGuide/US_StickySessions.html 

NEW QUESTION 180 

A user is uploading archives to Glacier. The user is trying to understand key Glacier resources. Which of the below mentioned options is not a Glacier resource? 

A. Notification configuration 

B. Archive ID 

C. Job 

D. Archive 

Answer:

Explanation:  

AWS Glacier has four resources. Vault and Archives are core data model concepts. Job is required to initiate download of archive. The notification configuration is required to send user notification when archive is available for download. 

Reference: http://docs.aws.amazon.com/amazongIacier/latest/dev/amazon-glacier-data-model.html 

NEW QUESTION 182 

An orgAMzation has 10 departments. The orgAMzation wants to track the AWS usage of each department. Which of the below mentioned options meets the requirement? 

A. Setup IAM groups for each department and track their usage 

B. Create separate accounts for each department, but use consolidated billing for payment and tracking 

C. Create separate accounts for each department and track them separately 

D. Setup IAM users for each department and track their usage 

Answer:

Explanation:  

The cost of an IAM user or groups can never be tracked separately for the purpose of billing. The best solution in this case is to create a separate account for each department and use consolidated billing. Reference: http://docs.aws.amazon.com/IAM/|atest/UserGuide/|AM_|ntroduction.htmI 

NEW QUESTION 185 

In regard to DynamoDB, for which one of the following parameters does Amazon not charge you? 

A. Cost per provisioned write units 

B. Cost per provisioned read units 

C. Storage cost 

D. I/O usage within the same Region 

Answer:

Explanation:  

In DynamoDB, you will be charged for the storage and the throughput you use rather than for the I/O which has been used. Reference: http://aws.amazon.com/dynamodb/pricing/ 

NEW QUESTION 190 

An EC2 instance has one additional EBS volume attached to it. How can a user attach the same volume to another running instance in the same AZ? 

A. Terminate the first instance and only then attach to the new instance 

B. Attach the volume as read only to the second instance 

C. Detach the volume first and attach to new instance 

D. No need to detac 

E. Just select the volume and attach it to the new instance, it will take care of mapping internally 

Answer:

Explanation:  

If an EBS volume is attached to a running EC2 instance, the user needs to detach the volume from the original instance and then attach it to a new running instance. The user doesn’t need to stop / terminate the original instance. 

Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-detaching-volume.html 

NEW QUESTION 191 

A root AWS account owner has created three IAM users: Bob, John and Michael. Michael is the IAM administrator. Bob and John are not the superpower users, but users with some pre-defined policies. John does not have access to modify his password. Thus, he asks Bob to change his password. How can Bob change John’s password? 

A. This statement is fals 

B. It should be Michael who changes the password for John 

C. It is not possible that John cannot modify his password 

D. Provided Bob is the manager of John 

E. Provided Michael has added Bob to a group, which has permissions to modify the IAM passwords 

Answer:

Explanation:  

Generally with IAM users, the password can be modified in two ways. The first option is to define the IAM level policy which allows each user to modify their own passwords. The other option is to create a group and create a policy for the group which can change the passwords of various IAM users. Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/HowToPwdIAMUser.htmI 

NEW QUESTION 194 

Regarding Amazon SNS, to send messages to a queue through a topic, you must subscribe the queue to the Amazon SNS topic. You specify the queue by its . 

A. ARN 

B. Token 

C. Registration ID 

D. URL 

Answer:

Explanation:  

In Amazon SNS, to send messages to a queue through a topic, you must subscribe the queue to the Amazon SNS topic. You specify the queue by its ARN. Reference: http://docs.aws.amazon.com/sns/latest/dg/SendMessageToSQS.htmI 

NEW QUESTION 195 

To scale up the AWS resources using manual AutoScaIing, which of the below mentioned parameters should the user change? 

A. Maximum capacity 

B. Desired capacity 

C. Preferred capacity 

D. Current capacity 

Answer:

Explanation:  

The Manual Scaling as part of Auto Scaling allows the user to change the capacity of Auto Scaling group. The user can add / remove EC2 instances on the fly. To execute manual scaling, the user should modify the desired capacity. AutoScaIing will adjust instances as per the requirements. If the user is trying to CLI, he can use command as-set-desired-capacity <Auto Scaling Group Name> –desired-capacity <New Capacity> 

Reference: http://docs.aws.amazon.com/AutoScaIing/latest/DeveIoperGuide/as-manual-scaling.htmI 

NEW QUESTION 199 

A bucket owner has allowed another account’s IAM users to upload or access objects in his bucket. The IAM user of Account A is trying to access an object created by the IAM user of account B. What will happen in this scenario? 

A. The bucket policy may not be created as S3 will give error due to conflict of Access Rights 

B. It is not possible to give permission to multiple IAM users 

C. AWS S3 will verify proper rights given by the owner of Account A, the bucket owner as well as by the IAM user B to the object D. It is not possible that the IAM user of one account accesses objects of the other IAM user 

Answer:

Explanation:  

If a IAM user is trying to perform some action on an object belonging to another AWS user’s bucket, S3 will verify whether the owner of the IAM user has given sufficient permission to him. It also verifies the policy for the bucket as well as the policy defined by the object owner. 

Reference: 

http://docs.aws.amazon.com/AmazonS3/Iatest/dev/access-control-auth-workflow-object-operation.htmI 

NEW QUESTION 202 

Which statements about DynamoDB are true? Choose 2 answers 

A. DynamoDB uses a pessimistic locking model 

B. DynamoDB uses optimistic concurrency control 

C. DynamoDB uses conditional writes for consistency 

D. DynamoDB restricts item access during reads 

E. DynamoDB restricts item access during writes 

Answer: BC 

NEW QUESTION 204 

You have an environment that consists of a public subnet using Amazon VPC and 3 instances that are running in this subnet. These three instances can successfully communicate with other hosts on the Internet. You launch a fourth instance in the same subnet, using the same AMI and security group configuration you used for the others, but find that this instance cannot be accessed from the Internet. What should you do to enable internet access? 

A. Deploy a NAT instance into the public subnet. 

B. Modify the routing table for the public subnet 

C. Configure a publically routable IP Address In the host OS of the fourth instance. 

D. Assign an Elastic IP address to the fourth instanc 

Answer:

NEW QUESTION 206 

How can you secure data at rest on an EBS volume? 

A. Attach the volume to an instance using EC2’s SSL interface. 

B. Write the data randomly instead of sequentially. 

C. Use an encrypted file system on top of the BBS volume. 

D. Encrypt the volume using the S3 server-side encryption service. 

E. Create an IAM policy that restricts read and write access to the volum 

Answer:

NEW QUESTION 208 

Which of the following statements about SWF are true? Choose 3 answers 

A. SWF tasks are assigned once and never duplicated 

B. SWF requires an S3 bucket for workflow storage 

C. SWF workflow executions can last up to a year 

D. SWF triggers SNS notifications on task assignment 

E. SWF uses deciders and workers to complete tasks 

F. SWF requires atleast 1 EC2 instance per domain 

Answer: ACE 

NEW QUESTION 210 

Which of the following are correct statements with policy evaluation logic in AWS Identity and Access Management? Choose 2 answers 

A. By default, all requests are denied 

B. An explicit allow overrides an explicit deny 

C. An explicit allow overrides default deny. 

D. An explicit deny does not override an explicit allow 

E. By default, all request are allowed 

Answer: AC 

NEW QUESTION 212 

What is one key difference between an Amazon EBS-backed and an instance-store backed instance? 

A. Virtual Private Cloud requires EBS backed instances 

B. Amazon EBS-backed instances can be stopped and restarted 

C. Auto scaling requires using Amazon EBS-backed instances. 

D. Instance-store backed instances can be stopped and restarte 

Answer:

NEW QUESTION 216 

You have written an application that uses the Elastic Load Balancing service to spread traffic to several web servers Your users complain that they are sometimes forced to login again in the middle of using your application, after they have already togged in. This is not behavior you have designed. What is a possible solution to prevent this happening? 

A. Use instance memory to save session state. 

B. Use instance storage to save session state. 

C. Use EBS to save session state 

D. Use EIastiCache to save session state. 

E. Use Glacier to save session slat 

Answer:

NEW QUESTION 217 

When uploading an object, what request header can be explicitly specified in a request to Amazon S3 to encrypt object data when saved on the server side? 

A. x-amz-storage-class 

B. Content-MD5 

C. x-amz-security-token 

D. x-amz-server-side-encryption 

Answer:

NEW QUESTION 222 

In AWS, which security aspects are the customer’s responsibility? Choose 4 answers 

A. Life-cycle management of IAM credentials 

B. Decommissioning storage devices 

C. Security Group and ACL (Access Control List) settings 

D. Encryption of EBS (Elastic Block Storage) volumes 

E. Controlling physical access to compute resources 

F. Patch management on the EC2 instance’s operating system 

Answer: ABCF 

NEW QUESTION 224 

You are providing AWS consulting services for a company developing a new mobile application that will be leveraging Amazon SNS Mobile Push for push notifications. In order to send direct notification messages to indMdual devices each device registration identifier or token needs to be registered with SNS; 

however the developers are not sure of the best way to do this. 

You advise them to: 

A. Bulk upload the device tokens contained in a CSV file via the AWS Management Console. 

B. Let the push notification service (e. 

C. Amazon Device Messaging) handle the registration. 

D. Implement a token vending service to handle the registration. 

E. Call the CreatePIatformEndPoint API function to register multiple device token 

Answer:

NEW QUESTION 226 

In DynamoDB, what type of HTTP response codes indicate that a problem was found with the client request sent to the service? 

A. 5xx HTTP response code 

B. 200 HTTP response code 

C. 306 HTTP response code 

D. 4xx HTTP response code 

Answer:

NEW QUESTION 230 

Which of the following are valid arguments for an SNS Publish request? Choose 3 answers 

A. TopicAm 

B. Subject 

C. Destination 

D. Format 

E. Message F.Language 

Answer: ABE 

NEW QUESTION 233 

When a Simple Queue Service message triggers a task that takes 5 minutes to complete, which process below will result in successful processing of the message and remove it from the queue while minimizing the chances of duplicate processing? 

A. Retrieve the message with an increased visibility timeout, process the message, delete the message from the queue 

B. Retrieve the message with an increased visibility timeout, delete the message from the queue, process the message 

C. Retrieve the message with increased DeIaySeconds, process the message, delete the message from the queue 

D. Retrieve the message with increased DeIaySeconds, delete the message from the queue, process the message 

Answer:

NEW QUESTION 234 

You are inserting 1000 new items every second in a DynamoDB table. Once an hour these items are analyzed and then are no longer needed. You need to minimize provisioned throughput, storage, and API calls. 

Given these requirements, what is the most efficient way to manage these Items after the analysis? 

A. Retain the items in a single table 

B. Delete items indMdually over a 24 hour period 

C. Delete the table and create a new table per hour 

D. Create a new table per hour 

Answer:

NEW QUESTION 237 

Company B provides an online image recognition service and utilizes SOS to decouple system components for scalability The SQS consumers poll the imaging queue as often as possible to keep 

end-to-end throughput as high as possible. However, Company B is realizing that polling in tight loops is burning CPU cycles and increasing costs with empty responses. 

How can Company B reduce the number of empty responses? 

A. Set the imaging queue visibility Timeout attribute to 20 seconds 

B. Set the Imaging queue ReceiveMessageWaitTimeSeconds attribute to 20 seconds 

C. Set the imaging queue MessageRetentionPeriod attribute to 20 seconds 

D. Set the DeIaySeconds parameter of a message to 20 seconds 

Answer:

NEW QUESTION 239 

What AWS products and features can be deployed by Elastic Beanstalk? Choose 3 answers 

A. Auto scaling groups 

B. Route 53 hosted zones 

C. Elastic Load Balancers 

D. RDS Instances 

E. Elastic IP addresses 

F. SQS Queues 

Answer: ACD 

NEW QUESTION 243 

Which code snippet below returns the URL of a load balanced web site created in CIoudFormation with an AWS::EIasticLoadBaIancing::LoadBaIancer resource name “EIasticLoad BaIancer”? 

A. “Fn::Join” : [ ‘‘’‘ . [“http://”, {“Fn::GetAtr” : [“EIasticLoadBalancer”,”DNSName”]}]] 

B. “Fn::Join” : [ ‘‘’‘ . [“http://”, {“Fn::GetAtr” : [“E|asticLoadBa|ancer”,”Ur|”]}]] 

C. “Fn::Join” : [ ‘‘’‘ . [“http://”, {“Ref” : “EIasticLoadBaIancerUr|”}]] 

D. “Fn::Join” : [“http://”, {“Ref” : “EIasticLoadBaIancerDNSName”}]] 

Answer:

NEW QUESTION 246 

How can software determine the public and private IP addresses of the Amazon EC2 instance that it is running on? 

A. Query the appropriate Amazon CIoudWatch metric. 

B. Use ipconfig or ifconfig command. 

C. Query the local instance userdata. 

D. Query the local instance metadat 

Answer:

NEW QUESTION 251 

How is provisioned throughput affected by the chosen consistency model when reading data from a DynamoDB table? 

A. Strongly consistent reads use the same amount of throughput as eventually consistent reads 

B. Strongly consistent reads use more throughput than eventually consistent reads. 

C. Strongly consistent reads use less throughput than eventually consistent reads 

D. Strongly consistent reads use variable throughput depending on read actMty 

Answer:

NEW QUESTION 254 

What type of block cipher does Amazon S3 offer for server side encryption? 

A. Triple DES 

B. Advanced Encryption Standard 

C. Blowfish 

D. RC5 

Answer:

NEW QUESTION 259 

A corporate web application is deployed within an Amazon VPC, and is connected to the corporate data center via IPSec VPN. The application must authenticate against the on-premise LDAP server. Once authenticated, logged-in users can only access an S3 keyspace specific to the user. Which two approaches can satisfy the objectives? Choose 2 answers 

A. The application authenticates against LDA 

B. The application then calls the IAM Security Service to login to IAM using the LDAP credential 

C. The application can use the IAM temporary credentials to access the appropriate S3 bucket. 

D. The application authenticates against LDAP, and retrieves the name of an IAM role associated with the use 

E. The application then calls the IAM Security Token Service to assume that IAM Rol 

F. The application can use the temporary credentials to access the appropriate S3 bucket. 

G. The application authenticates against IAM Security Token Service using the LDAP credential 

H. The application uses those temporary AWS security credentials to access the appropriate S3 bucket. 

I. Develop an identity broker which authenticates against LDAP, and then calls IAM Security Token Service to get IAM federated user credential J. The application calls the identity broker to get IAM federated user credentials with access to the appropriate S3 bucket. 

K. Develop an identity broker which authenticates against IAM Security Token Service to assume an IAM Role to get temporary AWS security credential L. The application calls the identity broker to get AWS temporary security credentials with access to the appropriate S3 bucket. 

Answer: BD 

NEW QUESTION 262 

You run an ad-supported photo sharing website using S3 to serve photos to visitors of your site. At some point you find out that other sites have been linking to the photos on your site, causing loss to your business. 

What is an effective method to mitigate this? 

A. Store photos on an EBS volume ofthe web server 

B. Remove public read access and use signed URLs with expiry dates. 

C. Use C|oudFront distributions for static content. 

D. Block the IPs of the offending websites in Security Group 

Answer:

NEW QUESTION 265 

Company A has an S3 bucket containing premier content that they intend to make available to only paid subscribers of their website. The S3 bucket currently has default permissions of all objects being private to prevent inadvertent exposure of the premier content to non-paying website visitors. How can Company A provide only paid subscribers the ability to download a premier content file in the S3 bucket? 

A. Apply a bucket policy that grants anonymous users to download the content from the S3 bucket 

B. Generate a pre-signed object URL for the premier content file when a paid subscriberrequests adownload 

C. Add a bucket policy that requires Multi-Factor Authentication for requests to access the S3 bucket objects 

D. Enable server side encryption on the S3 bucket for data protection against the non-paying website visitors 

Answer:

NEW QUESTION 267 

Which of the following is chosen as the default region when making an API call with an AWS SDK? 

A. ap-northeast-1 

B. us-west-2 

C. us-east-1 

D. eu-west-1 

E. us-central-1 

Answer:

NEW QUESTION 272 

What happens, by default, when one of the resources in a CIoudFormation stack cannot be created? 

A. Previously-created resources are kept but the stack creation terminates. 

B. Previously-created resources are deleted and the stack creation terminates. 

C. The stack creation continues, and the final results indicate which steps failed. 

D. CIoudFormation templates are parsed in advance so stack creation is guaranteed to succee 

Answer:

NEW QUESTION 276 

Which of the following statements about SQS is true? 

A. Messages will be delivered exactly once and messages will be delivered in First in, First out order 

B. Messages will be delivered exactly once and message delivery order is indeterminate 

C. Messages will be delivered one or more times and messages will be delivered in First in, First out order 

D. Messages will be delivered one or more times and message delivery order is indeterminate 

Answer:

amazon.certshared.aws-certified-developer-associate.practice.test.2021-aug-06.by.eugene.315q.vce
Source : https://www.dumpscollection.net/dumps/AWS-Certified-Developer-Associate/

Leave a Reply

Your email address will not be published. Required fields are marked *