NEW QUESTION 1
An orgAMzation has hosted an application on the EC2 instances. There will be multiple users connecting to the instance for setup and configuration of application. The orgAMzation is planning to implement certain security best practices. Which of the below mentioned pointers will not help the orgAMzation achieve better security arrangement?
A. Apply the latest patch of OS and always keep it updated.
B. Allow only IAM users to connect with the EC2 instances with their own secret access key.
C. Disable the password based login for all the user
D. All the users should use their own keys to connect with the instance securely.
E. Create a procedure to revoke the access rights of the indMdual user when they are not required to connect to EC2 instance anymore for the purpose of application configuration.
Answer: B
Explanation:
Since AWS is a public cloud any application hosted on EC2 is prone to hacker attacks. It becomes extremely important for a user to setup a proper security mechAMsm on the EC2 instances. A few of the security measures are listed below:
Always keep the OS updated with the latest patch
Always create separate users with in OS if they need to connect with the EC2 instances, create their keys and disable their password Create a procedure using which the admin can revoke the access of the user when the business work on the EC2 instance is completed Lock down unnecessary ports
Audit any proprietary applications that the user may be running on the EC2 instance
Provide temporary escalated prMleges, such as sudo for users who need to perform occasional prMleged tasks
The IAM is useful when users are required to work with AWS resources and actions, such as launching an instance. It is not useful to connect (RDP / SSH) with an instance.
Reference: http://aws.amazon.com/articles/1233/
NEW QUESTION 2
True or False: In DynamoDB, Scan operations are always eventually consistent.
A. No, scan is like Query operation
B. Yes
C. No, scan is strongly consistent by default
D. No, you can optionally request strongly consistent sca
Answer: B
Explanation:
In DynamoDB, Scan operations are always eventually consistent.
Reference: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/APISummary.htmI
NEW QUESTION 3
Regarding Amazon SNS, when you want to subscribe to a topic and receive notifications to your email, in the Protocol drop-down box, you should select .
A. Email
B. Message
C. SMTP
D. IMAP
Answer: A
Explanation:
In Amazon SNS, when you want to subscribe to a topic and receive notifications to your email, select Email in the Protocol drop-down box. Enter an email address you can use to receive the notification in the Endpoint field.
Reference: http://docs.aws.amazon.com/sns/latest/dg/SubscribeTopic.html
NEW QUESTION 4
In DynamoDB, to get a detailed listing of secondary indexes on a table, you can use the action.
A. DescribeTabIe
B. BatchGetItem
C. Getltem
D. TabIeName
Answer: A
Explanation:
In DynamoDB, DescribeTab|e returns information about the table, including the current status ofthe table, when it was created, the primary key schema, and any indexes on the table.
Reference: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Secondarylndexes.htmI
NEW QUESTION 5
When you create a table with a hash-and-range key, you must define one or more secondary indexes on that table.
A. False, hash-range key is another name for secondary index
B. False, it is optional
C. True
D. False, when you have Hash-Range key you cannot define Secondary index
Answer: B
Explanation:
When you create a table with a hash-and-range key in DynamoDB, you can also define one or more secondary indexes on that table. Reference: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/LSI.htmI
NEW QUESTION 6
A user is accessing an EC2 instance on the SSH port for IP 10.20.30.40. Which one is a secure way to
configure that the instance can be accessed only from this IP?
A. In the security group, open port 22 for IP 1020.30.40/0
B. In the security group, open port 22 for IP 10.20.30.40/32
C. In the security group, open port 22 for IP 10.20.30.40/24
D. In the security group, open port 22 for IP 10.20.30.40
Answer: B
Explanation:
In AWS EC2, while configuring a security group, the user needs to specify the IP address in CIDR notation. The CIDR IP range 10.20.30.40/32 says it is for a single IP 10.20.30.40. If the user specifies the IP as 10.20.30.40 only, the security group will not accept and ask it in a CIRD format. Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html
NEW QUESTION 7
Regarding Amazon SNS, you can send notification messages to mobile devices through any of the following supported push notification services, EXCEPT:
A. Google Cloud Messaging for Android (GCM)
B. Apple Push Notification Service (APNS)
C. Amazon Device Messaging (ADM)
D. Microsoft Windows Mobile Messaging (MWMM)
Answer: D
Explanation:
In Amazon SNS, you have the ability to send notification messages directly to apps on mobile devices. Notification messages sent to a mobile endpoint can appear in the mobile app as message alerts, badge updates, or even sound alerts. Microsoft Windows MobiIe Messaging (MWMM) doesn’t exist and is not supported by Amazon SNS.
Reference: http://docs.aws.amazon.com/sns/latest/dg/SNSMobiIePush.htmI
NEW QUESTION 8
What happens if your application performs more reads or writes than your provisioned capacity?
A. Nothing
B. requests above your provisioned capacity will be performed but you will receive 400 error codes.
C. requests above your provisioned capacity will be performed but you will receive 200 error codes.
D. requests above your provisioned capacity will be throttled and you will receive 400 error code
Answer: D
Explanation:
Speaking about DynamoDB, if your application performs more reads/second or writes/second than your tabIe’s provisioned throughput capacity allows, requests above your provisioned capacity will be throttled and you will receive 400 error codes.
Reference: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ProvisionedThroughputlntro.htmI
NEW QUESTION 9
In relation to Amazon SQS, how can you ensure that messages are delivered in order?
A. Increase the size of your queue
B. Send them with a timestamp
C. Give each message a unique id.
D. AWS cannot guarantee that you will receive messages in the exact order you sent them
Answer: D
Explanation:
Amazon SQS makes a best effort to preserve order in messages, but due to the distributed nature of the queue, AWS cannot guarantee that you will receive messages in the exact order you sent them. You typically place sequencing information or timestamps in your messages so that you can reorder them upon receipt.
Reference: https://aws.amazon.com/items/1343?externaI|D=1343
NEW QUESTION 10
What kind of service is provided by AWS DynamoDB?
A. Relational Database
B. NoSQL Database
C. Dynamic Database
D. Document Database
Answer: B
Explanation:
DynamoDB is a fast, fully managed NoSQL database service. Reference: http://aws.amazon.com/dynamodb/
NEW QUESTION 10
Regarding Amazon SQS, are there restrictions on the names of Amazon SQS queues?
A. No
B. Ye
C. Queue names must be unique within an AWS account and you cannot use hyphens (-) and underscores (_)
D. Ye
E. Queue names are limited to 80 characters and queue names must be unique within an AWS account
F. Ye
G. Queue names are limited to 80 characters but queue names do not need to be unique within an AWS account
Answer: C
Explanation:
Queue names are limited to 80 characters. Alphanumeric characters plus hyphens (-) and underscores (_) are allowed. Queue names must be unique within an AWS account. After you delete a queue, you can reuse the queue name.
Reference: https://aws.amazon.com/sqs/faqs/
NEW QUESTION 15
Regarding Amazon SNS, to begin using Amazon SNS mobile push notifications, you first need that uses one of the supported push notification services: APNS, GCM, or ADM.
A. an access policy for the mobile endpoints
B. to active push notification service of Amazon SNS
C. to know the type of mobile device operating system
D. an app for the mobile endpoints
Answer: D
Explanation:
In Amazon SNS, to begin using Amazon SNS mobile push notifications, you first need an app for the mobile endpoints that uses one of the supported push notification services: APNS, GCM, or ADM. After you’ve registered and configured the app to use one of these services, you configure Amazon SNS to send push notifications to the mobile endpoints.
Reference: http://docs.aws.amazon.com/sns/latest/dg/SNSMobiIePush.htmI
NEW QUESTION 17
In regard to DynamoDB, can I delete local secondary indexes?
A. Yes, if it is a primary hash key index
B. No
C. Yes, if it is a local secondary indexes
D. Yes, if it is a Global secondary indexes
Answer: B
Explanation:
In DynamoDB, an index cannot be modified once it is created. Reference: http://aws.amazon.com/dynamodb/faqs/#security_anchor
NEW QUESTION 20
You need to develop and run some new applications on AWS and you know that Elastic Beanstalk and CIoudFormation can both help as a deployment mechAMsm for a broad range of AWS resources. Which of the following statements best describes the differences between Elastic Beanstalk and C|oudFormation?
A. Elastic Beanstalk uses Elastic load balancing and CIoudFormation doesn’t.
B. CIoudFormation is faster in deploying applications than Elastic Beanstalk.
C. CIoudFormation is much more powerful than Elastic Beanstalk, because you can actually design and script custom resources D. Elastic Beanstalk is faster in deploying applications than C|oudFormatio
Answer: C
Explanation:
These services are designed to complement each other. AWS Elastic Beanstalk provides an environment to easily develop and run applications in the cloud. It is integrated with developer tools and provides a one-stop experience for you to manage the lifecycle of your applications. AWS CIoudFormation is a convenient deployment mechAMsm for a broad range of AWS resources. It supports the infrastructure needs of many different types of applications such as existing enterprise applications, legacy applications, applications built using a variety of AWS resources and container-based solutions (including those built using AWS Elastic Beanstalk).
AWS CIoudFormation introduces two new concepts: The template, a JSON-format, text-based file that describes all the AWS resources you need to deploy to run your application and the stack, the set of AWS resources that are created and managed as a single unit when AWS CIoudFormation instantiates a template. Reference: http://aws.amazon.com/c|oudformation/faqs/
NEW QUESTION 23
A user has created a MySQL RDS instance. Which of the below mentioned options is mandatory to configure while creating an instance?
A. MuIti AZ deployment setup
B. Automated backup window
C. Availability Zone
D. Maintenance window
Answer: A
Explanation:
When creating an RDS instance, the user needs to specify whether it is Nlulti AZ or not. If the user does not provide the value for the zone, the maintenance window or automated backup window, RDS will automatically select the value.
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.lV|u|tiAZ.htmI
NEW QUESTION 24
A user is planning to host a web server as well as an app server on a single EC2 instance which is a part of the public subnet of a VPC. How can the user setup to have two separate public IPs and separate security groups for both the application as well as the web server?
A. Launch a VPC instance with two network interface
B. Assign a separate security group to each and AWS will assign a separate public IP to them.
C. Launch VPC with two separate subnets and make the instance a part of both the subnets.
D. Launch a VPC instance with two network interface
E. Assign a separate security group and elastic IP to them.
F. Launch a VPC with ELB such that it redirects requests to separate VPC instances of the public subne
Answer: C
Explanation:
If you need to host multiple websites(with different IPs) on a single EC2 instance, the following is the suggested method from AWS. Launch a VPC instance with two network interfaces
Assign elastic IPs from VPC EIP pool to those interfaces (Because, when the user has attached more than one network interface with an instance, AWS cannot assign public IPs to them.)
Assign separate Security Groups if separate Security Groups are needed
This scenario also helps for operating network appliances, such as firewalls or load balancers that have multiple private IP addresses for each network interface. Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/MuItipIeIP.html
NEW QUESTION 28
An online gaming site asked you if you can deploy a database that is a fast, highly scalable NoSQL database service in AWS for a new site that he wants to build. Which database should you recommend?
A. Amazon Redshift
B. Amazon SimpIeDB
C. Amazon DynamoDB
D. Amazon RDS
Answer: C
Explanation:
Amazon DynamoDB is ideal for database applications that require very low latency and predictable performance at any scale but don’t need complex querying capabilities like joins or transactions. Amazon DynamoDB is a fully-managed NoSQL database service that offers high performance, predictable throughput and low cost. It is easy to set up, operate, and scale.
With Amazon DynamoDB, you can start small, specify the throughput and storage you need, and easily scale your capacity requirements on the fly. Amazon DynamoDB automatically partitions data over a
number of servers to meet your request capacity. In addition, DynamoDB automatically replicates your data synchronously across multiple Availability Zones within an AWS Region to ensure high-availability and data durability.
Reference: https://aws.amazon.com/running_databases/#dynamodb_anchor
NEW QUESTION 32
Regarding Amazon SWF, the coordination logic in a workflow is contained in a software program called a
A. Handler
B. Decider
C. Cordinator
D. Worker
Answer: B
Explanation:
In Amazon SWF, the coordination logic in a workflow is contained in a software program called a decider. The decider schedules actMty tasks, provides input data to the actMty workers, processes events that arrive while the workflow is in progress, and ultimately ends (or closes) the workflow when the objective has been completed.
Reference: http://docs.aws.amazon.com/amazonswf/latest/developerguide/swf-dg-intro-to-swf.html
NEW QUESTION 34
A user has attached one RDS security group with 5 RDS instances. The user has changed the ingress rule for the security group. What will be the initial status of the ingress rule?
A. Approving
B. Implementing
C. Authorizing
D. It is not possible to assign a single group to multiple DB instances
Answer: C
Explanation:
When the user makes any changes to the RDS security group the rule status will be authorizing for some time until the changes are applied to all instances that the group is connected with. Once the changes are propagated the rule status will change to authorized.
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithSecurityGroups.html
NEW QUESTION 39
A user has attached an EBS volume to a running Linux instance as a “/dev/sdf” device. The user is unable to see the attached device when he runs the command “df -h”. What is the possible reason for this?
A. The volume is not in the same AZ of the instance
B. The volume is not formatted
C. The volume is not attached as a root device
D. The volume is not mounted
Answer: D
Explanation:
When a user creates an EBS volume and attaches it as a device, it is required to mount the device. If the device/volume is not mounted it will not be available in the listing.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.htmI
NEW QUESTION 44
A user has setup an application on EC2 which uses the IAM user access key and secret access key to make secure calls to S3. The user wants to temporarily stop the access to S3 for that IAM user. What should the root owner do?
A. Delete the IAM user
B. Change the access key and secret access key for the users
C. Disable the access keys for the IAM user
D. Stop the instance
Answer: C
Explanation:
If the user wants to temporarily stop the access to S3 the best solution is to disable the keys. Deleting the user will result in a loss of all the credentials and the app will not be useful in the future. If the user stops the instance IAM users can still access S3. The change of the key does not help either as they are still active. The best possible solution is to disable the keys.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/NIanagingCredentia|s.html
NEW QUESTION 47
How can a user configure three termination policies for the AutoScaIing group?
A. Define multiple policies in random order
B. Define multiple policies in the ordered list
C. Keep updating the AutoScaIing group with each policy
D. The user cannot specify more than two policies for AutoScaIing
Answer: B
Explanation:
To configure the Auto Scaling termination policy, the user can either specify any one of the policies as a standalone policy or list multiple policies in an ordered list. The policies are executed in the order that they are listed.
Reference: http://docs.aws.amazon.com/AutoScaIing/latest/DeveIoperGuide/us-termination-policy.html
NEW QUESTION 49
A user is creating an ELB with VPC. Which of the following options is available as a part of the “Add EC2 instances” page?
A. Select Subnet
B. Select IAM
C. Select ENI
D. Select VPC
Answer: A
Explanation:
When a user is launching an ELB with VPC, he/she has to select the options, such as subnet and security group before selecting the instances part of that subnet. Reference:
http://docs.aws.amazon.com/EIasticLoadBaIancing/latest/Deve|operGuide/elb-getting-started.htmI
NEW QUESTION 54
An account owner has created an IAM user with the name examkiller. The account owner wants to give EC2 access of only the US West region to that IAM user. How can the owner configure this?
A. While creating a policy provide the region as a part of the resources
B. Create an IAM user in the US West region and give access to EC2
C. Create an IAM policy and define the region in the condition
D. It is not possible to provide access based on the region
Answer: C
Explanation:
The IAM policy is never region specific. If the user wants to configure the region specific setting, he needs to provide conditions as part of the policy. Reference: http://awspolicygen.s3.amazonaws.com/poIicygen.htmI
NEW QUESTION 55
When using Amazon SQS how much data can you store in a message?
A. 8 KB
B. 2 KB
C. 16 KB
D. 4 KB
Answer: A
Explanation:
With Amazon SQS version 2008-01-01, the maximum message size for both SOAP and Query requests is 8KB.
If you need to send messages to the queue that are larger than 8 KB, AWS recommends that you split the information into separate messages. Alternatively, you could use Amazon S3 or Amazon Simp|eDB to hold the information and include the pointer to that information in the Amazon SQS message. If you send a message that is larger than 8KB to the queue, you will receive a MessageTooLong error with HTTP code 400. Reference: https://aws.amazon.com/items/1343?externaI|D=1343
NEW QUESTION 59
A user has launched one EC2 instance in the US West region. The user wants to access the RDS instance launched in the US East region from that EC2 instance. How can the user configure the access for that EC2 instance?
A. It is not possible to access RDS of the US East region from the US West region
B. Open the security group of the US West region in the RDS security group’s ingress rule
C. Configure the IP range of the US West region instance as the ingress security rule of RDS
D. Create an IAM role which has access to RDS and launch an instance in the US West region with it
Answer: C
Explanation:
The user cannot authorize an Amazon EC2 security group if it is in a different AWS Region than the RDS DB instance. The user can authorize an IP range or specify an Amazon EC2 security group in the same region that refers to an IP address in another region.
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithSecurityGroups.html
NEW QUESTION 60
You are building an online store on AWS that uses SQS to process your customer orders. Your backend system needs those messages in the same sequence the customer orders have been put in. How can you achieve that?
A. You can do this with SQS but you also need to use SWF
B. Messages will arrive in the same order by default
C. You can use sequencing information on each message
D. It is not possible to do this with SQS
Answer: C
Explanation:
Amazon SQS is engineered to always be available and deliver messages. One of the resulting tradeoffs is that SQS does not guarantee first in, first out delivery of messages. For many distributed applications, each message can stand on its own, and as long as all messages are delivered, the order is not important. If your system requires that order be preserved, you can place sequencing information in each message,
so that you can reorder the messages when the queue returns them. Reference:
http://docs.aws.amazon.com/AWSSimpIeQueueService/latest/SQSDeveIoperGuide/\NeIcome.html
NEW QUESTION 61
A user has created photo editing software and hosted it on EC2. The software accepts requests from the user about the photo format and resolution and sends a message to S3 to enhance the picture accordingly. Which of the below mentioned AWS services will help make a scalable software with the AWS infrastructure in this scenario?
A. AWS Elastic Transcoder
B. AWS Simple Notification Service
C. AWS Simple Queue Service
D. AWS Glacier
Answer: C
Explanation:
Amazon Simple Queue Service (SQS) is a fast, reliable, scalable, and fully managed message queuing service. SQS provides a simple and cost-effective way to decouple the components of an application. The user can configure SQS, which will decouple the call between the EC2 application and S3. Thus, the application does not keep waiting for S3 to provide the data.
Reference: http://aws.amazon.com/sqs/faqs/
NEW QUESTION 66
In DynamoDB, could you use IAM to grant access to Amazon DynamoDB resources and API actions?
A. Yes
B. Depended to the type of access
C. In DynamoDB there is no need to grant access
D. No
Answer: A
Explanation:
Amazon DynamoDB integrates with AWS Identity and Access Management (IAM). You can use AWS IAM to grant access to Amazon DynamoDB resources and API actions. To do this, you first write an AWS IAM policy, which is a document that explicitly lists the permissions you want to grant. You then attach that policy to an AWS IAM user or role.
Reference: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/UsingIAMWithDDB.htmI
NEW QUESTION 68
A user is planning to host a mobile game on EC2 which sends notifications to active users on either high score or the addition of new features. The user should get this notification when he is online on his mobile device. Which of the below mentioned AWS services can help achieve this functionality?
A. AWS Simple Notification Service.
B. AWS Simple Queue Service.
C. AWS Mobile Communication Service.
D. AWS Simple Email Servic
Answer: A
Explanation:
Amazon Simple Notification Service (Amazon SNS) is a fast, filexible, and fully managed push messaging service. Amazon SNS makes it simple and cost-effective to push to mobile devices, such as iPhone, iPad, Android, Kindle Fire, and internet connected smart devices, as well as pushing to other distributed services. Reference: http://aws.amazon.com/sns
NEW QUESTION 72
A root account owner is trying to setup an additional level of security for all his IAM users. Which of the below mentioned options is a recommended solution for the account owner?
A. Enable access key and secret access key for all the IAM users
B. Enable MFA for all IAM users
C. Enable the password for all the IAM users
D. Enable MFA for the root account
Answer: B
Explanation:
Multi-Factor Authentication adds an extra level of security for all the users. The user can enable MFA for all IAM users which ensures that each user has to provide an extra six digit code for authentication. Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingMFA.htmI
NEW QUESTION 75
Which of the below mentioned options is a must to have an element as a part of the IAM policy?
A. Condition
B. ID
C. Statement
D. Version
Answer: C
Explanation:
The statement is the main element of the IAM policy and it is a must for a policy. Elements such as condition, version and ID are not required. Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/AccessPoIicyLanguage_EIementDescriptions.html
NEW QUESTION 79
ExamKiIIer (with AWS account ID H1122223333) has created 50 IAM users for its orgAMzation’s employees. ExamKiI|er wants to make the AWS console login URL for all IAM users like: https://examki||er.signin.aws.amazon.com/consoIe/. How can this be configured?
A. The user needs to use Route 53 to map the examkiller domain and IAM URL
B. Create an IAM AWS account alias with the name examkiller
C. It is not possible to have a personalized IAM login URL
D. Create an IAM hosted zone Identity for the domain examkiller
Answer: B
Explanation:
If a user wants the URL of the AWS IAM sign-in page to have a company name instead of the AWS account ID, he can create an alias for his AWS account ID. Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAIias.html
NEW QUESTION 80
In regards to Amazon SQS how many times will you receive each message?
A. At least twice
B. Exactly once
C. As many times as you want
D. At least once
Answer: D
Explanation:
Amazon SQS is engineered to provide “at least once” delivery of all messages in its queues. Although most of the time, each message will be delivered to your application exactly once, you should design your system so that processing a message more than once does not create any errors or inconsistencies. Reference: https://aws.amazon.com/sqs/faqs/
NEW QUESTION 83
A user has set an IAM policy where it allows all requests if a request from IP 10.10.10.1/32. Another policy allows all the requests between 5 PM to 7 PM. What will happen when a user is requesting access from IP 10.10.10.1/32 at 6 PM?
A. IAM will throw an error for policy conflict
B. It is not possible to set a policy based on the time or IP
C. It will deny access
D. It will allow access
Answer: D
Explanation:
With regard to IAM, when a request is made, the AWS service decides whether a given request should be allowed or denied. The evaluation logic follows these rules:
By default, all requests are denied. (In general, requests made using the account credentials for resources in the account are always allowed.) An explicit allow policy overrides this default. An explicit deny policy overrides any allows. Reference:
http://docs.aws.amazon.com/IAM/latest/UserGuide/AccessPoIicyLanguage_EvaIuationLogic.htmI
NEW QUESTION 85
A user has setup Multi AZ with the MS SQL RDS instance. Which of the below mentioned functionalities can be achieved by the user?
A. High availability
B. Scalability
C. MS SQL does not support Multi AZ
D. Disaster recovery
Answer: C
Explanation:
The Multi AZ feature allows the user to achieve High Availability. MS SQL does not support Multi AZ. Reference: https://aws.amazon.com/rds/faqs/#36
NEW QUESTION 90
An orgAMzation is having an application which can start and stop an EC2 instance as per schedule. The orgAMzation needs the MAC address of the instance to be registered with its software. The instance is launched in EC2-CLASSIC. How can the orgAMzation update the MAC registration every time an instance is booted?
A. The instance MAC address never change
B. Thus, it is not required to register the MAC address every time.
C. The orgAMzation should write a boot strapping script which will get the MAC address from the instance metadata and use that script to register with the application.
D. AWS never provides a MAC address to an instance; instead the instance ID is used for identifying the instance for any software registration. E. The orgAMzation should provide a MAC address as a part of the user dat
F. Thus, whenever the instance is booted the script assigns the fixed MAC address to that instance.
Answer: B
Explanation:
AWS provides an on demand, scalable infrastructure. AWS EC2 allows the user to launch On-Demand instances. AWS does not provide a fixed MAC address to the instances launched in EC2-CLASSIC. If the instance is launched as a part of EC2-VPC, it can have an ENI which can have a fixed MAC. However, with EC2-CLASSIC, every time the instance is started or stopped it will have a new MAC address.
To get this MAC, the orgAMzation can run a script on boot which can fetch the instance metadata and get the MAC address from that instance metadata. Once the MAC is received, the orgAMzation can register that MAC with the software.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AESDG-chapter-instancedata.html
NEW QUESTION 95
A user is part of a group which has a policy allowing him just read only access to EC2. The user is part of another group which has full access to EC2. What happens when the user tries to launch an instance?
A. It will allow the user to launch the instance
B. It will fail since the user has just read only access
C. It will allow or deny based on the group under which the user has logged into EC2
D. It will not allow the user to add to the conflicting groups
Answer: A
Explanation:
The IAM group policy is always aggregated. In this case, if the user does not have permission for one group, but has permission for another group, he will have full access to EC2. Unless there is specific deny policy, the user will be able to access EC2.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/PoIiciesOverview.htmI
NEW QUESTION 100
An orgAMzation has 10000 employees. The orgAMzation wants to give restricted AWS access to each employee. How can the orgAMzation achieve this?
A. Create an IAM user for each employee and make them a part of the group
B. It is not recommended to support 10000 users with IAM
C. Use STS and create the users’ run time
D. Use Identity federation with SSO
Answer: D
Explanation:
Identity federation enables users from an existing directory to access resources within your AWS account,
making it easier to manage your users by maintaining their identities in a single place. In this case, the federated user is the only solution since AWS does not allow creating more than 5000 IAM users. Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html
NEW QUESTION 103
Can a user associate and use his own DNS with ELB instead ofthe DNS provided by AWS ELB?
A. Yes, by creating a CNAME with the existing domain name provider
B. Yes, by configuring DNS in the AWS Console
C. No
D. Yes, only through Route 53 by mapping ELB and DNS
Answer: A
Explanation:
The AWS ELB allows mapping a custom domain name with ELB. The user can map ELB with DNS in two ways: 1) By creating CNAME with the existing domain name service provider or 2) By creating a record with Route 53.
Reference:
http://docs.aws.amazon.com/E|asticLoadBaIancing/latest/DeveIoperGuide/using-domain-names-with-elb. html
NEW QUESTION 108
A user has launched a MySQL RDS. The user wants to plan for the DR and automate the snapshot. Which of the below mentioned functionality offers this option with RDS?
A. Copy snapshot
B. Automated synchronization
C. Snapshot
D. Automated backup
Answer: D
Explanation:
Amazon RDS provides two different methods for backing up and restoring the Amazon DB instances: automated backups and DB snapshots. Automated backups automatically back up the DB instance during a specific, user-definable backup window, and keep the backups for a limited, user-specified period of time. Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.BackingUpAndRestoringAmazonR DSInstances.htmI
NEW QUESTION 113
You cannot access your AWS console, so you revert to using the CLI that you are not familiar with. Which of the following commands is not a valid CLI command for EC2 instances?
A. ec2-allocate-address
B. ec2-attach-internet-gateway
C. ec2-associate-route-table
D. ec2-allocate-interface
Answer: D
Explanation:
You can use the CLI tools to manage your Amazon EC2 resources (such as instances, security groups, and volumes) and your Amazon VPC resources (such as VPCs, subnets, route tables, and Internet gateways). Before you can start using the tools, you must download and configure them. The following are valid CLI commands for EC2 instances: ec2-accept-vpc-peering-connection
ec2-allocate-address
ec2-assign-private-ip-addresses ec2-associate-address
ec2-associate-dhcp-options ec2-associate-route-table
ec2-attach-internet-gateway
ec2-attach-network-interface (not ec2-allocate-interface) Reference:
http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/command-reference.html
NEW QUESTION 117
In regards to Amazon SQS how can you secure the messages in your queues?
A. You can’t
B. Amazon SQS uses either your Access Key ID or an X.509 certificate to authenticate your identity
C. Through your IAM access keys
D. Don’t use root access
Answer: B
Explanation:
Authentication mechAMsms are provided to ensure that messages stored in Amazon SQS queues are secured against unauthorized access. Only the AWS account owners can access the queues they create. Amazon SQS uses proven cryptographic methods to authenticate your identity, either through the use of your Access Key ID and request signature, or through the use of an X.509 certificate.
Reference: https://aws.amazon.com/sqs/faqs/
NEW QUESTION 120
AWS Elastic Beanstalk will change the health status of a web server environment tier to gray color when:
A. AWS Elastic Beanstalk detects other problems with the environment that are known to make the application unavailable B. Your application hasn’t responded to the application health check URL within the last one hour.
C. Your application hasn’t responded to the application health check URL within the last five minutes.
D. Your appIication’s health status is unknown because status is reported when the application is not in the ready state.
Answer: D
Explanation:
AWS Elastic Beanstalk will change the health status of a web server environment tier to gray color when your appIication’s health status is unknown (because status is reported when the application is not in the ready state).
Reference: http://docs.aws.amazon.com/elasticbeanstaIk/latest/dg/using-features.heaIthstatus.htmI
NEW QUESTION 124
A user wants to access RDS from an EC2 instance using IP addresses. Both RDS and EC2 are in the same region, but different AZs. Which of the below mentioned options help configure that the instance is accessed faster?
A. Configure the Private IP of the Instance in RDS security group
B. Security group of EC2 allowed in the RDS security group
C. Configuring the elastic IP of the instance in RDS security group
D. Configure the Public IP of the instance in RDS security group
Answer: A
Explanation:
If the user is going to specify an IP range in RDS security group, AWS recommends using the private IP address of the Amazon EC2 instance. This provides a more direct network route from the Amazon EC2 instance to the Amazon RDS DB instance, and does not incur network charges for the data sent outside of the Amazon network.
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithSecurityGroups.html
NEW QUESTION 125
A user is creating a snapshot of an EBS volume. Which of the below statements is incorrect in relation to the creation of an EBS snapshot?
A. Its incremental
B. It can be used to launch a new instance
C. It is stored in the same AZ as the volume
D. It is a point in time backup of the EBS volume
Answer: C
Explanation:
The EBS snapshots are a point in time backup of the EBS volume. It is an incremental snapshot, but is always specific to the region and never specific to a single AZ.
Hence the statement “|t is stored in the same AZ as the volume” is incorrect.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.htmI
NEW QUESTION 130
You are using Amazon SQS and are getting a “Queue Deleted RecentIy” error. What is wrong?
A. The message is too big
B. You have incorrect permissions
C. Another user has deleted the queue
D. If you delete a queue, you need to wait for at least 60 seconds before creating a queue with the same name
Answer: D
Explanation:
If you delete a queue, you need to wait for at least 60 seconds before creating a queue with the same name. Please note that when you delete a queue, the deletion process takes up to 60 seconds. Requests you send to a recently deleted queue might succeed during the 60-second period. For example, a SendlVIessage request might succeed, but after 60 seconds the queue and that message you sent no longer exists.
Reference: https://aws.amazon.com/items/1343?externaI|D=1343
NEW QUESTION 134
A user is trying to find the state of an S3 bucket with respect to versioning. Which of the below mentioned states AWS will not return when queried?
A. versioning-enabled
B. versioning-suspended
C. unversioned
D. versioned
Answer: D
Explanation:
S3 buckets can be in one of the three states: unversioned (the default), versioning-enabled or versioning-suspended. The bucket owner can configure the versioning state of a bucket. The versioning state applies to all (never some) of the objects in that bucket. The first time owner enables a bucket for versioning, objects in it are thereafter always versioned and given a unique version ID.
Reference: http://docs.aws.amazon.com/AmazonS3/Iatest/dev/Versioning.htmI
NEW QUESTION 136
What is the maximum number of tags that a user can assign to an EC2 instance?
A. 50
B. 10
C. 5
D. 25
Answer: B
Explanation:
To help manage EC2 instances as well as their usage in a better way, the user can tag the instances. The tags are metadata assigned by the user which consists of a key and a value. One resource can have a maximum of 10 tags.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html
NEW QUESTION 137
A user has enabled serverside encryption with S3. The user downloads the encrypted object from S3. How can the user decrypt it?
A. S3 does not support server side encryption
B. S3 provides a server side key to decrypt the object
C. The user needs to decrypt the object using their own private key
D. S3 manages encryption and decryption automatically
Answer: D
Explanation:
If the user is using the server-side encryption feature, Amazon S3 encrypts the object data before saving it on disks in its data centres and decrypts it when the user downloads the objects. Thus, the user is free from the tasks of managing encryption, encryption keys, and related tools. Reference: http://docs.aws.amazon.com/AmazonS3/Iatest/dev/UsingEncryption.htmI
NEW QUESTION 140
Does Amazon DynamoDB support both increment and decrement atomic operations?
A. No, neither increment nor decrement operations.
B. Only increment, since decrement are inherently impossible with DynamoDB’s data model.
C. Only decrement, since increment are inherently impossible with DynamoDB’s data model.
D. Yes, both increment and decrement operation
Answer: D
Explanation:
Amazon DynamoDB supports increment and decrement atomic operations.
Reference: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/APISummary.html
NEW QUESTION 145
A user is trying to configure access with S3. Which of the following options is not possible to provide access to the S3 bucket / object?
A. Define the policy for the IAM user
B. Define the ACL for the object
C. Define the policy for the object
D. Define the policy for the bucket
Answer: C
Explanation:
Amazon S3 offers access policy options broadly categorized as resource-based policies and user policies.
Access policies, such as ACL and resource policy can be attached to the bucket. With the object the user can only have ACL and not an object policy. The user can also attach access policies to the IAM users in the account. These are called user policies.
Reference: http://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html
NEW QUESTION 149
A user is setting up an Elastic Load BaIancer(ELB). Which of the below parameters should the user consider so as the instance gets registered with the ELB?
A. ELB DNS
B. IP address
C. Security group
D. ELB IP
Answer: B
Explanation:
The EC2 instances are registered with the load balancer using the IP addresses associated with the instances. When an instance is stopped and then started, the IP address associated with the instance changes. This prevents the load balancer from routing traffic to the restarted instance. When the user stops and then starts registered EC2 instances, it is recommended that to de-register the stopped instance from load balancer, and then register the restarted instance. Failure to do so may prevent the load balancer from performing health checks and routing the traffic to the restarted instance.
NEW QUESTION 152
True or False: AWS CIoudFormation allows you to create Microsoft Windows stacks.
A. False, AWS CIoudFormation does not support Microsoft Windows.
B. False, Amazon doesn’t support Microsoft Windows.
C. False, you cannot create Windows stacks.
D. True
Answer: D
Explanation:
AWS CIoudFormation allows you to create Microsoft Windows stacks based on Amazon EC2 Windows Amazon Machine Images (AMIs) and provides you with the ability to install software, to use remote desktop to access your stack, and to update and configure your stack.
Reference: http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/cfn-windows-stacks.html
NEW QUESTION 154
When a user is launching an instance with EC2, which of the below mentioned options is not available during the instance launch console for a key pair?
A. Proceed without the key pair
B. Upload a new key pair
C. Select an existing key pair
D. Create a new key pair
Answer: B
Explanation:
While launching an EC2 instance, the user can create a new key pair, select an existing key pair or proceed without a key pair. The user cannot upload a new key pair in the EC2 instance launch console. Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/launching-instance.html
NEW QUESTION 157
In regards to VPC, select the correct statement:
A. You can associate multiple subnets with the same Route Table.
B. You can associate multiple subnets with the same Route Table, but you can’t associate a subnet with only one Route Table. C. You can’t associate multiple subnets with the same Route Table.
D. None of thes
Answer: A
Explanation:
Every subnet in your VPC must be associated with exactly one Route Table. However, multiple subnets can be associated with the same Route Table. Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Route_TabIes.html
NEW QUESTION 158
A user is enabling a static website hosting on an S3 bucket. Which of the below mentioned parameters cannot be configured by the user?
A. Error document
B. Conditional error on object name
C. Index document
D. Conditional redirection on object name
Answer: B
Explanation:
To host a static website, the user needs to configure an Amazon S3 bucket for website hosting and then upload the website contents to the bucket. The user can configure the index, error document as well as configure the conditional routing of on object name.
Reference: http://docs.aws.amazon.com/AmazonS3/Iatest/dev/HowDoIWebsiteConfiguration.htm|
NEW QUESTION 160
A user is uploading archives to Glacier. The user is trying to understand key Glacier resources. Which of the below mentioned options is not a Glacier resource?
A. Notification configuration
B. Archive ID
C. Job
D. Archive
Answer: B
Explanation:
AWS Glacier has four resources. Vault and Archives are core data model concepts. Job is required to initiate download of archive. The notification configuration is required to send user notification when archive is available for download.
Reference: http://docs.aws.amazon.com/amazongIacier/latest/dev/amazon-glacier-data-model.html
NEW QUESTION 164
How can you peek at a message in Amazon SQS?
A. Log the message ID and the receipt handle for your messages and correlate them to confirm when a message has been received and deleted B. Send the message to Amazon S3
C. You can’t
D. Set up a CIoudWatch alarm to auto send you the message
Answer: A
Explanation:
With version 2008-01-01, the PeekMessage action has been removed from Amazon SQS. This functionality was used mainly to debug small systems — specifically to confirm a message was successfully sent to the queue or deleted from the queue.
To do this with version 2008-01-01, you can log the message ID and the receipt handle for your messages and correlate them to confirm when a message has been received and deleted. Reference: https://aws.amazon.com/items/1343?externaI|D=1343
NEW QUESTION 168
An EC2 instance has one additional EBS volume attached to it. How can a user attach the same volume to another running instance in the same AZ?
A. Terminate the first instance and only then attach to the new instance
B. Attach the volume as read only to the second instance
C. Detach the volume first and attach to new instance
D. No need to detac
E. Just select the volume and attach it to the new instance, it will take care of mapping internally
Answer: C
Explanation:
If an EBS volume is attached to a running EC2 instance, the user needs to detach the volume from the original instance and then attach it to a new running instance. The user doesn’t need to stop / terminate the original instance.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-detaching-volume.html
NEW QUESTION 169
A user has configured a website and launched it using the Apache web server on port 80. The user is using ELB with the EC2 instances for Load Balancing. What should the user do to ensure that the EC2 instances accept requests only from ELB?
A. Open the port for an ELB static IP in the EC2 security group
B. Configure the security group of EC2, which allows access to the ELB source security group
C. Configure the EC2 instance so that it only listens on the ELB port
D. Configure the security group of EC2, which allows access only to the ELB listener
Answer: B
Explanation:
When a user is configuring ELB and registering the EC2 instances with it, ELB will create a source security group. If the user wants to allow traffic only from ELB, he should remove all the rules set for the other requests and open the port only for the ELB source security group.
Reference:
http://docs.aws.amazon.com/EIasticLoadBaIancing/latest/DeveIoperGuide/using-elb-security-groups.htmI
NEW QUESTION 171
When working with AWS CIoudFormation Templates what is the maximum number of stacks that you can create?
A. 500
B. 50
C. 20
D. 10
Answer: C
Explanation:
C|oudFormation Limits
Maximum number of AWS CIoudFormation stacks that you can create is 20 stacks. Reference:
http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/cloudformation-Iimits.htmI
NEW QUESTION 173
Does DynamoDB support in-place atomic updates?
A. It is not defined
B. Yes
C. It does support in-place non-atomic updates
D. No
Answer: B
Explanation:
DynamoDB supports in-place atomic updates. Reference:
http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/\NorkingWithItems.htmI#Working WithItems.AtomicCounters
NEW QUESTION 178
A user has created an EBS volume with 1000 IOPS. What is the average IOPS that the user will get for most of the year as per EC2 SLA if the instance is attached to the EBS optimized instance?
A. 900
B. 990
C. 950
D. 1000
Answer: A
Explanation:
As per AWS SLA if the instance is attached to an EBS-Optimized instance, then the Provisioned IOPS volumes are designed to deliver within 10% of the provisioned IOPS performance 99.9% of the time in a given year. Thus, if the user has created a volume of 1000 IOPS, the user will get a minimum 900 IOPS 99.9% time of the year.
Reference: http://aws.amazon.com/ec2/faqs/
NEW QUESTION 182
You have an environment that consists of a public subnet using Amazon VPC and 3 instances that are running in this subnet. These three instances can successfully communicate with other hosts on the Internet. You launch a fourth instance in the same subnet, using the same AMI and security group configuration you used for the others, but find that this instance cannot be accessed from the Internet. What should you do to enable internet access?
A. Deploy a NAT instance into the public subnet.
B. Modify the routing table for the public subnet
C. Configure a publically routable IP Address In the host OS of the fourth instance.
D. Assign an Elastic IP address to the fourth instanc
Answer: D
NEW QUESTION 183
How can you secure data at rest on an EBS volume?
A. Attach the volume to an instance using EC2’s SSL interface.
B. Write the data randomly instead of sequentially.
C. Use an encrypted file system on top of the BBS volume.
D. Encrypt the volume using the S3 server-side encryption service.
E. Create an IAM policy that restricts read and write access to the volum
Answer: C
NEW QUESTION 184
Company D is running their corporate website on Amazon S3 accessed from http//www.companyd.com. Their marketing team has published new web fonts to a separate S3 bucket accessed by the S3 endpoint https://s3-us-westl.amazonaws.com/cdfonts. While testing the new web fonts, Company D recognized the web fonts are being blocked by the browser. What should Company D do to prevent the web fonts from being blocked by the browser?
A. Enable versioning on the cdfonts bucket for each web font
B. Create a policy on the cdfonts bucket to enable access to everyone
C. Add the Content-NI D5 header to the request for webfonts in the cdfonts bucket from the website
D. Configure the cdfonts bucket to allow cross-origin requests by creating a CORS configuration
Answer: D
NEW QUESTION 188
A meteorological system monitors 600 temperature gauges, obtaining temperature samples every minute and saving each sample to a DynamoDB table. Each sample involves writing 1K of data and the writes are evenly distributed over time.
How much write throughput is required for the target table?
A. 1 write capacity unit
B. 10 write capacity units
C. 60 write capacity units
D. 600 write capacity units
E. 3600 write capacity units
Answer: B
NEW QUESTION 192
A startup s photo-sharing site is deployed in a VPC. An ELB distributes web traffic across two subnets. ELB session stickiness is configured to use the AWS generated session cookie, with a session TTL of 5 minutes. The webserver Auto Scaling Group is configured as: min-size=4, max-size=4. The startups preparing for a public launch, by running load-testing software installed on a single EC2 instance running in us-west-2a. After 60 minutes of load testing, the webserver logs show:
Which recommendations can help ensure load-testing HTTP requests are evenly distributed across the
four webservers? Choose 2 answers
A. Launch and run the load-tester EC2 instance from us-east-1 instead.
B. Re-configure the load-testing software to re-resolve DNS for each web request.
C. Use a 3rd-party load-testing service which offers globally-distributed test clients.
D. Configure ELB and Auto Scaling to distribute across us-west-2a and us-west-2c.
E. Configure ELB session stickiness to use the app-specific session cooki
Answer: BE
NEW QUESTION 196
If a message is retrieved from a queue in Amazon SQS, how long is the message inaccessible to other users by default?
A. 0 seconds
B. 1 hour
C. 1 day
D. forever
E. 30 seconds
Answer: E
NEW QUESTION 201
Which DynamoDB limits can be raised by contacting AWS support? Choose 2 answers
A. The number of hash keys per account
B. The maximum storage used per account
C. The number of tables per account
D. The number of local secondary indexes per account
E. The number of provisioned throughput units per account
Answer: CE
NEW QUESTION 202
You are providing AWS consulting services for a company developing a new mobile application that will be leveraging Amazon SNS Mobile Push for push notifications. In order to send direct notification messages to indMdual devices each device registration identifier or token needs to be registered with SNS; however the developers are not sure of the best way to do this.
You advise them to:
A. Bulk upload the device tokens contained in a CSV file via the AWS Management Console.
B. Let the push notification service (e.
C. Amazon Device Messaging) handle the registration.
D. Implement a token vending service to handle the registration.
E. Call the CreatePIatformEndPoint API function to register multiple device token
Answer: B
NEW QUESTION 203
Company C is currently hosting their corporate site in an Amazon S3 bucket with Static Website Hosting enabled. Currently, when visitors go to http://www.companyc.com the index.htmI page is returned. Company C now would like a new page weIcome.htmI to be returned when a visitor enters http://www.companyc.com in the browser.
Which of the following steps will allow Company C to meet this requirement? Choose 2 answers
A. Upload an html page named we|come.htm| to their S3 bucket
B. Create a welcome subfolder in their S3 bucket
C. Set the Index Document property to weIcome.htmI
D. Move the index.htmI page to a welcome subfolder
E. Set the Error Document property to weIcome.htmI
Answer: AC
NEW QUESTION 206
Which of the following are valid arguments for an SNS Publish request? Choose 3 answers
A. TopicAm
B. Subject
C. Destination
D. Format
E. Message F.Language
Answer: ABE
NEW QUESTION 211
Which EC2 API call would you use to retrieve a list of Amazon Machine Images (AMIs)?
A. Descnbelnstances
B. DescribeAMIs
C. Describelmages
D. GetAMIs
E. You cannot retrieve a list of AMIs as there are over 10,000 AMIs
Answer: E
NEW QUESTION 213
You are inserting 1000 new items every second in a DynamoDB table. Once an hour these items are analyzed and then are no longer needed. You need to minimize provisioned throughput, storage, and API calls.
Given these requirements, what is the most efficient way to manage these Items after the analysis?
A. Retain the items in a single table
B. Delete items indMdually over a 24 hour period
C. Delete the table and create a new table per hour
D. Create a new table per hour
Answer: C
NEW QUESTION 216
Which features can be used to restrict access to data in S3? Choose 2 answers
A. Use S3 Virtual Hosting
B. Set an S3 Bucket policy.
C. Enable IAM Identity Federation.
D. Set an S3 ACL on the bucket or the object.
E. Create a C|oudFront distribution for the bucket
Answer: CD
NEW QUESTION 218
Company B provides an online image recognition service and utilizes SOS to decouple system components for scalability The SQS consumers poll the imaging queue as often as possible to keep
end-to-end throughput as high as possible. However, Company B is realizing that polling in tight loops is burning CPU cycles and increasing costs with empty responses.
How can Company B reduce the number of empty responses?
A. Set the imaging queue visibility Timeout attribute to 20 seconds
B. Set the Imaging queue ReceiveMessageWaitTimeSeconds attribute to 20 seconds
C. Set the imaging queue MessageRetentionPeriod attribute to 20 seconds
D. Set the DeIaySeconds parameter of a message to 20 seconds
Answer: B
NEW QUESTION 221
How can software determine the public and private IP addresses of the Amazon EC2 instance that it is running on?
A. Query the appropriate Amazon CIoudWatch metric.
B. Use ipconfig or ifconfig command.
C. Query the local instance userdata.
D. Query the local instance metadat
Answer: D
NEW QUESTION 223
Your application is trying to upload a 6 GB file to Simple Storage Service and receive a “Your proposed upload exceeds the maximum allowed object size.” error message.
What is a possible solution for this?
A. None, Simple Storage Service objects are limited to 5 GB
B. Use the multi-part upload API for this object
C. Use the large object upload API for this object
D. Contact support to increase your object size limit
E. Upload to a different region
Answer: B
NEW QUESTION 224
What type of block cipher does Amazon S3 offer for server side encryption?
A. Triple DES
B. Advanced Encryption Standard
C. Blowfish
D. RC5
Answer: B
NEW QUESTION 226
A corporate web application is deployed within an Amazon VPC, and is connected to the corporate data center via IPSec VPN. The application must authenticate against the on-premise LDAP server. Once authenticated, logged-in users can only access an S3 keyspace specific to the user. Which two approaches can satisfy the objectives? Choose 2 answers
A. The application authenticates against LDA
B. The application then calls the IAM Security Service to login to IAM using the LDAP credential
C. The application can use the IAM temporary credentials to access the appropriate S3 bucket.
D. The application authenticates against LDAP, and retrieves the name of an IAM role associated with the use
E. The application then calls the IAM Security Token Service to assume that IAM Rol
F. The application can use the temporary credentials to access the appropriate S3 bucket.
G. The application authenticates against IAM Security Token Service using the LDAP credential
H. The application uses those temporary AWS security credentials to access the appropriate S3 bucket.
I. Develop an identity broker which authenticates against LDAP, and then calls IAM Security Token Service to get IAM federated user credential J. The application calls the identity broker to get IAM federated user credentials with access to the appropriate S3 bucket.
K. Develop an identity broker which authenticates against IAM Security Token Service to assume an IAM Role to get temporary AWS security credential L. The application calls the identity broker to get AWS temporary security credentials with access to the appropriate S3 bucket.
Answer: BD
NEW QUESTION 230
Games-R-Us is launching a new game app for mobile devices. Users will log into the game using their existing Facebook account and the game will record player data and scoring information directly to a DynamoDB table.
What is the most secure approach for signing requests to the DynamoDB API?
A. Create an IAM user with access credentials that are distributed with the mobile app to sign the requests
B. Distribute the AWS root account access credentials with the mobile app to sign the requests
C. Request temporary security credentials using web identity federation to sign the requests
D. Establish cross account access between the mobile app and the DynamoDB table to sign the requests
Answer: C
NEW QUESTION 234
What happens, by default, when one of the resources in a CIoudFormation stack cannot be created?
A. Previously-created resources are kept but the stack creation terminates.
B. Previously-created resources are deleted and the stack creation terminates.
C. The stack creation continues, and the final results indicate which steps failed.
D. CIoudFormation templates are parsed in advance so stack creation is guaranteed to succeed
Answer: B
amazon.2passeasy.aws-certified-developer-associate.actual.test.2021-oct-05.by.toby.278q.vce
Source: https://www.dumpscollection.net/dumps/AWS-Certified-Developer-Associate/