Premium

AWS Certified Solutions Architect – Associate Questions and Answers (Dumps and Practice Questions)



Question : The website www.Acmesheel.com is deployed on one of EC instance in AWS VPC. However, this is also provides JAX-WS (Java web service) to
send and receive internet traffic. Which of the following needs to be configured so that Internet traffic can be possible in both the direction in secured manner.

A. Your EC2 instance must have at least one IP address attached.
B. Your EC2 instance must have at least either Public IP address or Elastic IP address.
C. We need to make sure that our WebServer secure hence, it should be having only Private IP address.
D. We need to configure, proper ACLs and Security group to allow Internet Traffic for EC2 instance.
E. We must have one IGW (Internet Gateway) for the AWS VPC and create a subnet route table which send all Internet traffic to that IGW
: The website www.Acmesheel.com is deployed on one of EC instance in AWS VPC. However, this is also provides JAX-WS (Java web service) to
1. A,B,C
2. B,C,D
3. C,D,E
4. B,D,E
5. A,C,E

Correct Answer : 4
Explanation: A public IP address is an IPv4 address that's reachable from the Internet. You can use public addresses for communication
between your instances and the Internet.

An Elastic IP address is a static IPv4 address designed for dynamic cloud computing. An Elastic IP address is associated with your AWS account. With an
Elastic IP address, you can mask the failure of an instance or software by rapidly remapping the address to another instance in your account.

An Elastic IP address is a public IPv4 address, which is reachable from the Internet. If your instance does not have a public IPv4 address, you can
associate an Elastic IP address with your instance to enable communication with the Internet; for example, to connect to your instance from your local computer.

IGW
Internet Gateways. An Internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between
instances in your VPC and the Internet. It therefore imposes no availability risks or bandwidth constraints on your network traffic.

Routing tables: Network traffic of any instance inside a subnet is dictated by a routing table. An example routing table is:

CIDR --- target
10.123.0.0/16 --- local
0.0.0.0/0 - igw (internet gateway)

This table means that any traffic destined for 10.123.X.Y ip (where X and Y can be anything from 2 to 254) will be sent directly. The rest of the traffic
will be directed to igw.

Now, it's important to understand that a subnet is always attached to one and only one routing table. So, if we spawn an instance inside a subnet that
has the above-mentioned routing table attached to it, the instance still won't be accessible from outside VPC because it does not have a public ip. One can
attach an elastic ip (which is a reusable public ip) to this instance and then access it. The instance in turn can access the internet. Remember, for an
instance to be directly available from the internet it has to have an elastic ip and it must be within a subnet that has a routing table where non-local
traffic is routed via an internet gateway. So, an elastic ip and an igw in the routing table are two criterion for an instance to be available directly
from the internet. Subnets with such routing tables attached to them are also known as public subnets (non-local traffic routed to internet gateway), as any
instance with an elastic ip can be publicly available from this subnet.






Question : You have to choose EBS for the below requirement

"Your Application during boot up needed moderate I/O with 60 IOPS on volumes, on average"

Which of the following are types of the Elastic Block Storage will you choose?

: You have to choose EBS for the below requirement
1. Standard EBS Volumes
2. Provisioned IOPS Volumes
3. Amazon S3
4. Amazon SimpleDB



Correct Answer : 1


Explanation: Amazon EBS provides two volume types: Standard Volumes and Provisioned IOPS Volumes. They differ in performance characteristics and price,
allowing you to tailor your storage performance and cost to the needs of your applications.

Standard volumes offer storage for applications with moderate or bursty I/O requirements. These volumes deliver approximately 100 IOPS on average with a
best effort ability to burst up to hundreds of IOPS. Standard volumes are also well suited for use as boot volumes, where the burst capability provides fast
instance start-up times.

Provisioned IOPS volumes are designed to deliver predictable, high performance for I/O intensive, random read and write workloads such as databases. With
Provisioned IOPS, you specify an IOPS rate when creating a volume, and then Amazon EBS provisions that rate for the lifetime of the volume. Amazon EBS
currently supports up to 4000 IOPS per Provisioned IOPS volume. You can stripe multiple volumes together to deliver thousands of IOPS per Amazon EC2
instance to your application






Question : What would be the best way to set permissions on an S bucket if you would like to deliver the content over the internet but only to your employees?
: What would be the best way to set permissions on an S bucket if you would like to deliver the content over the internet but only to your employees?
1. Use S3 signed URL's through the API
2. Create an S3 account for every employee
3. Download the content on your internal intranet
4. None of the above



Correct Answer : 1


Explanation: A pre-signed URL gives you access to the object identified in the URL, provided that the creator of the pre-signed URL has permissions to access
that object. That is, if you receive a pre-signed URL to upload an object, you can upload the object only if the creator of the pre-signed URL has the
necessary permissions to upload that object.

All objects and buckets by default are private. The pre-signed URLs are useful if you want your user/customer to be able upload a specific object to your
bucket, but you don't require them to have AWS security credentials or permissions. When you create a pre-signed URL, you must provide your security
credentials, specify a bucket name an object key, an HTTP method (PUT of uploading objects) and an expiration date and time. The pre-signed URLs are
valid only for the specified duration.

You can generate a pre-signed URL programmatically using the AWS SDK for Java or the AWS SDK for .NET. If you are using Visual Studio, you can also use
the AWS Explorer to generate a pre-signed object URL without writing any code. Anyone who receives a valid pre-signed URL can then programmatically upload an
object.

Note : Anyone with valid security credentials can create a pre-signed URL. However, in order to successfully upload an object, the pre-signed URL must be
created by someone who has permission to perform the operation that the pre-signed URL is based upon.



Related Questions

Question : What is the minimum and maximum size of a single S object?
: What is the minimum and maximum size of a single S object?
1. 1MB and 5GB
2. 1B and 1TB
3. Access Mostly Uused Products by 50000+ Subscribers
4. 1Byte and 5TB




Question : You are an AWS architech, and in your organization there are multiple processes which runs asynchronously,
however they have some depnedencies on each other and It requires that you coordinate the execution of multiple distributed components
and deal with the increased latencies and unreliability inherent in remote communication. So which of the following solutions perfectly fit
to handle this scenerio

 : You are an AWS architech, and in your organization there are multiple processes which runs asynchronously,
1. You will implement this with the help of message queues and databases, along with the logic to synchronize them.
2. You will use Amazon Simple Workflow (SWF)
 3. Access Mostly Uused Products by 50000+ Subscribers
4. You will solve this problem using Amazon Simple Notification Service (Amazon SNS)



Question : How do you define the Activity Task, in the context of Amazon Simple Workflow

 : How do you define the Activity Task, in the context of Amazon Simple Workflow
1. It is a definition of the Activity
2. One invocation of an activity
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Collection of activity



Question : Which region does not support read after write for objects on S?

: Which region does not support read after write for objects on S?
1. US West Oregon
2. US West
 3. Access Mostly Uused Products by 50000+ Subscribers
4. US Standard


Question : How does AWS maintain security of the storage devices, as when they reach end of life?


 : How does AWS maintain security of the storage devices, as when they reach end of life?
1. It keeps all the storage devices in secrete places, where nobody can reach.

2. AWS cleans all the customer date from the device and recycle those devices.

 3. Access Mostly Uused Products by 50000+ Subscribers

4. AWS uses the techniques detailed in DoD 5220.22-M ("National Industrial Security Program Operating Manual ") or NIST 800-88
("Guidelines
for Media Sanitization") to destroy data as part of the decommissioning process.


Question : You have a website called QuickTechie.com which has their own datacenter in Geneva, And hosting webserver is deployed in AWS VPC.
Now you wish to make a VPN connection between DataCenter and AWS VPC so that your technical team can connect with VPC from datacenter. So what you have to do ?
 : You have a website called QuickTechie.com which has their own datacenter in Geneva, And hosting webserver is deployed in AWS VPC.
1. By using dedicated NAT instance in the public/private subnet.
2. You dont have to do other than installing VPN software on both side VPC subnet and Data Center
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Change the security group of the all installed instances in VPC.