Premium

AWS Certified Developer - Associate Questions and Answers (Dumps and Practice Questions)



Question : You have setup www.AcmeShell.com on EC which uses the IAM user access key and secret access key to make secure calls to S.
The user wants to temporarily stop the access to S3 for that IAM user. What should the root owner do?

: You have setup www.AcmeShell.com on EC which uses the IAM user access key and secret access key to make secure calls to S.
1. Stop the instance
2. Change the access key and secret access key for the users
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Delete the IAM user

Correct Answer : Get Lastest Questions and Answer :

Explanation: If the user wants to temporarily stop the access to S3 the best solution is to disable the keys. Deleting the user will result in a loss of all the credentials and the app will not be useful in the future. If the user stops the instance IAM users can still access S3. The change of the key does not help either as they are still active. The best possible solution is to disable the keys. Users need their own access keys to make programmatic calls to AWS using the AWS Command Line Interface (AWS CLI), the AWS SDKs, or direct HTTP calls using the APIs for individual AWS services. To fill this need, you can create, modify, view, or rotate access keys (access key IDs and secret access keys) for IAM users.

When you create an access key, IAM returns the access key ID and secret access key. You should save these in a secure location and give them to the user. To ensure the security of your AWS account, the secret access key is accessible only at the time you create it. If a secret access key is lost, you must delete the access key for the associated user and then create a new key.

By default, when you create an access key, its status is Active, which means the user can use the access key for API calls. Each user can have two active access keys, which is useful when you need to rotate the user's access keys. You can disable a user's access key, which means it can't be used for API calls. You might do this while you're rotating keys or to revoke API access for a user.

You can delete an access key at any time. However, when you delete an access key, it's gone forever and cannot be retrieved. (You can always create new keys.)

You can give your users permission to list, rotate, and manage their own keys.






Question : You have hosted a website with domain name www.acmeshell.com and wants to achieve High Availability with a backend PostgreSQL DB.
Which of the below mentioned functionalities helps achieve HA?
: You have hosted a website with domain name www.acmeshell.com and wants to achieve High Availability with a backend PostgreSQL DB.
1. Read Replica
2. Multi AZ
 3. Access Mostly Uused Products by 50000+ Subscribers
4. PostgreSQL does not support HA

Correct Answer : Get Lastest Questions and Answer :
Explanation: The Multi AZ feature allows the user to achieve High Availability. For Multi AZ, Amazon RDS automatically provisions and maintains a synchronous "standby" replica in a different Availability Zone. Amazon cloud computing resources are housed in highly available data center facilities in different areas of the world (for example, North America, Europe, or Asia). Each data center location is called a region.

Each region contains multiple distinct locations called Availability Zones, or AZs. Each Availability Zone is engineered to be isolated from failures in other Availability Zones, and to provide inexpensive, low-latency network connectivity to other Availability Zones in the same region. By launching instances in separate Availability Zones, you can protect your applications from the failure of a single location. For a list of regions and Availability Zones.

You can run your DB instance in several Availability Zones, an option called a Multi-AZ deployment. When you select this option, Amazon automatically provisions and maintains a synchronous standby replica of your DB instance in a different Availability Zone. The primary DB instance is synchronously replicated across Availability Zones to the standby replica to provide data redundancy, failover support, eliminate I/O freezes, and minimize latency spikes during system backups.






Question :You have attached one RDS security group with RDS instances.
And also changed the ingress rule for the security group. What will be the initial status of the ingress rule?
:You have attached one RDS security group with RDS instances.
1. Approving
2. It is not possible to assign a single group to multiple DB instances
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Implementing

Correct Answer : Get Lastest Questions and Answer :

Explanation: A DB security group controls network access to a DB instance that is not inside a VPC. By default, network access is turned off to a DB instance. You can specify rules in a security group that allows access from an IP address range, port, or EC2 security group. Once ingress rules are configured, the same rules apply to all DB instances that are associated with that security group. You can specify up to 20 rules in a security group.

If you are a new customer to Amazon RDS or if you are an existing customer who is using a new region, your DB instance is most likely in a default VPC. You cannot use a DB security group for a DB instance inside a VPC; you must create a VPC security group. For information on creating a VPC security group, see Security Groups for Your VPC. To determine if you have a default VPC, see step 2 in the following procedure. When the user makes any changes to the RDS security group the rule status will be authorizing for some time until the changes are applied to all instances that the group is connected with. Once the changes are propagated the rule status will change to authorized. By default, network access is turned off to a DB instance. If you want to access a DB instance that is not in a VPC, you must set access rules for a DB security group to allow access from specific EC2 security groups or CIDR IP ranges. You then must associate that DB instance with that DB security group. This process is called ingress. Once ingress is configured for a DB security group, the same ingress rules apply to all DB instances associated with that DB security group.

Caution

Talk with your network administrator if you are intending to access a DB instance behind a firewall to determine the IP addresses you should use.




Related Questions

Question : Being an Acmeshell.com employee you have configured ELB with two instances running in separate AZs of the same region?
Which of the below mentioned statements is true?
 : Being an Acmeshell.com employee you have configured ELB with two instances running in separate AZs of the same region?
1. Multi AZ instances are not possible with a single ELB
2. Multi AZ instances will provide HA with ELB
3. Access Mostly Uused Products by 50000+ Subscribers
4. The user can achieve both HA and scalability with ELB


Question : Which of the below mentioned options is not the right use case for AWS Glacier?
 : Which of the below mentioned options is not the right use case for AWS Glacier?
1. Store application backup which has RTP of 2 hours
2. Move infrequently used data from RRS to Glacier
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Store log Archive of larger than 1 TB


Question : You have enabled serverside encryption with S. And you downloads the encrypted object from S (hadoopexam_logo.png) How can the user decrypt it?
 : You have enabled serverside encryption with S. And you downloads the encrypted object from S (hadoopexam_logo.png) How can the user decrypt it?
1. The user needs to decrypt the object using their own private key
2. S3 manages encryption and decryption automatically
 3. Access Mostly Uused Products by 50000+ Subscribers
4. S3 provides a server side key to decrypt the object



Question : Which of the below mentioned options is not a best practice to securely manage the AWS access credentials?
 : Which of the below mentioned options is not a best practice to securely manage the AWS access credentials?
1. Create strong access key and secret access key and attach to the root account
2. Keep rotating your secure access credentials at regular intervals
 3. Access Mostly Uused Products by 50000+ Subscribers
4. If you have the root account keys, delete them



Question : A root account owner is trying to setup an additional level of security for all his IAM users.
Which of the below mentioned options is a recommended solution for the account owner?
 : A root account owner is trying to setup an additional level of security for all his IAM users.
1. Enable MFA for all IAM users
2. Enable MFA for the root account
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Enable access key and secret access key for all the IAM users



Question : HadoopExam Learning Resources is planing to use RDS as a managed DB platform (Which is used as a backend database for www.HadoopExam.com).
Which of the below mentioned features is not supported by RDS?
 : HadoopExam Learning Resources is planing to use RDS as a managed DB platform (Which is used as a backend database for www.HadoopExam.com).
1. Automated software patching
2. Automated failure detection and recovery
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Automated backup