AWS Certified Solutions Architect – Associate Questions and Answers (Dumps and Practice Questions)

Question : When will you incur costs with an Elastic IP address (EIP)?

1. When an EIP is allocated.
2. When it is allocated and associated with a running instance.
3. Access Mostly Uused Products by 50000+ Subscribers
4. Costs are incurred regardless of whether the EIP is associated with a running instance.

Ans : 4 Exp : You can have one Elastic IP (EIP) address associated with a running instance at no charge. If you associate additional EIPs with that instance,
you will be charged for each additional EIP associated with that instance per hour on a pro rata basis. Additional EIPs are only available in Amazon VPC.

To ensure efficient use of Elastic IP addresses, we impose a small hourly charge when these IP addresses are not associated with a running instance or when
they are associated with a stopped instance or unattached network interface.
$0.00 for one Elastic IP address associated with a running instance
$0.005 per additional Elastic IP address associated with a running instance per hour on a pro rata basis
$0.005 per Elastic IP address not associated with a running instance per hour on a pro rata basis
$0.00 per Elastic IP address remap for the first 100 remaps per month
$0.10 per Elastic IP address remap for additional remaps over 100 per month

Q: Why am I charged when my Elastic IP address is not associated with a running instance?
In order to help ensure our customers are efficiently using the Elastic IP addresses, we impose a small hourly charge for each address when it is not
associated to a running instance.

Question : When you put objects in Amazon S, what is the indication that an object was successfully stored?

1. A HTTP 200 result code and MD5 checksum, taken together, indicate that the operation was successful.
2. Amazon S3 is engineered for 99.999999999% durability. Therefore there is no need to confirm that data was inserted.
3. Access Mostly Uused Products by 50000+ Subscribers
4. Each S3 account has a special bucket named _s3_logs. Success codes are written to this bucket with a timestamp and checksum.

Correct Answer : Get Lastest Questions and Answer :
HTTP 200

Question : What is one key difference between an Amazon EBS-backed and an instance-store backed instance?

1. Amazon EBS-backed instances can be stopped and restarted.
2. Instance-store backed instances can be stopped and restarted.
3. Access Mostly Uused Products by 50000+ Subscribers
4. Virtual Private Cloud requires EBS backed instances.
Ans : 1
Exp : "Instance Store" Instances
An "instance store" instance is an EC2 instance whose root device resides on the virtual machine's hard drive. When the instance is created, the base AMI is
copied to the virtual machine's hard drive and launched. The instance can run for as long as you want, but it cannot be stopped. Since the instance's root
device is the actual hard drive, it is "stuck" on the hardware, and the only thing you can do is terminate the instance. If you do this, the instance is
deleted, never to be recovered. You also run the risk that if the virtual machine's hardware fails, then you will also lose anything on the hard drive.
If you launch an "instance store" instance, be prepared to leave it running until you're completely done with it. Note that you will be charged from the
moment the instance is started, until the time it is terminated.
"EBS-Backed" Instances
An "EBS-backed" instance is an EC2 instance which uses an EBS volume as it's root device. EBS volumes are redundant, "virtual" drives, which are not tied to
any particular hardware, however they are restricted to a particular EC2 availability zone. This means that an EBS volume can move from one piece of hardware
to another within the same availability zone. You can think of EBS volumes as a kind of Network Attached Storage.
If the virtual machine's hardware fails, the EBS volume can simply be moved to another virtual machine and re-launched. In theory, you won't lose any data.
Another benefit, is that EBS volumes can easily be backed up and duplicated. So you can take easy backup snapshots of your volumes, create new volumes and
launch new EC2 instances based on those duplicate volumes.
Probably the biggest advantage "EBS-backed" instances have over "instance store" instances is that they can be stopped. When you do this, the virtual machine
is shutdown and the EBS volume is stored for later retrieval. The hardware is then available for someone else to use. In addition, during this time, you are
not charged the EC2 instance running charge. But you are charged for the EBS storage. When you want the instance to run again, you just start it up again. A
new virtual machine is reserved, your EBS volume is attached, and your instance is booted.
But what about the virtual machine's hard drives?
Yes, it is possible to use those hard drives, even when your EC2 instance is "EBS-backed". By default, they are not available. If you use the command line
programs to launch your instance, you can use the "-b" option on the ec2-run-instances command to attach the "instance store" drives to your EC2 instance.
Having these drives available can be beneficial if you want to store temporary data. Read and write access should be faster than reading from and writing to
an EBS volume because you're not sending data over the network. In addition, you won't be charged for data transfer or data storage. But this only works if
the data can be lost at any time.
" EBS backed instances can be stopped when you're not using them and resumed when you need them again (like pausing a Virtual PC), at least with my usage
patterns saving much more money than I spend on a few dozen GB of EBS storage.

Question : Per the AWS Acceptable Use Policy, penetration testing of EC instances:

1. May be performed by AWS, and will be performed by AWS upon customer request.
2. May be performed by AWS, and is periodically performed by AWS.
3. Access Mostly Uused Products by 50000+ Subscribers
4. May be performed by the customer on their own instances with prior authorization from AWS.
5. May be performed by the customer on their own instances, only if performed from EC2 instances

Correct Answer : Get Lastest Questions and Answer :

Requesting Authorization
Amazon customers should complete the AWS Vulnerability/Penetration Testing Request Form (must be authenticated to AWS to view page), supplying the source and
destination IP addresses and the Amazon machine Instance IDs which will be involved in the scan.

Note also that Amazon advises that it "can take 2-3 business days to evaluate your request."

Question : Which procedure for backing up a relational database on EC that is using a set of RAlDed
EBS volumes for storage minimizes the time during which the database cannot be written
to and results in a consistent backup?

1. 1. Detach EBS volumes, 2. Start EBS snapshot of volumes, 3. Re-attach EBS volumes
2. 1. Stop the EC2 Instance. 2. Snapshot the EBS volumes

3. Access Mostly Uused Products by 50000+ Subscribers
4. 1. Suspend disk I/O, 2. Start EBS snapshot of volumes, 3. Resume disk I/O

5. 1. Suspend disk I/O, 2. Start EBS snapshot of volumes, 3. Wait for snapshots to complete, 4. Resume disk I/O

Ans : 1
Exp : Q: Do volumes need to be un-mounted in order to take a snapshot? Does the snapshot need to complete before the volume can be used again?
No, snapshots can be done in real time while the volume is attached and in use. However, snapshots only capture data that has been written to your Amazon EBS
volume, which might exclude any data that has been locally cached by your application or OS. In order to ensure consistent snapshots on volumes attached to
an instance, we recommend cleanly detaching the volume, issuing the snapshot command, and then reattaching the volume. For Amazon EBS volumes that serve as
root devices, we recommend shutting down the machine to take a clean snapshot.

Question : How can you secure data at rest on an EBS volume?

1. Attach the volume to an instance using EC2's SSL interface.
2. Write the data randomly instead of sequentially.
3. Access Mostly Uused Products by 50000+ Subscribers
4. Create an IAM policy that restricts read and write access to the volume.
5. Use an encrypted file system on top of the EBS volume.

Correct Answer : Get Lastest Questions and Answer :
Explanation:

Explanation: Amazon Elastic Block Store (Amazon EBS) provides block-level storage volumes for use with Amazon EC2 instances. Amazon EBS volumes are
network-attached, and persist independently from the life of an instance. Because Amazon EBS volumes are presented to an instance as a block device, you can
leverage most standard encryption tools for file system-level or block-level encryption. Some common block-level open source encryption solutions for Linux
are LoopAES, dm-crypt (with or without) LUKS, and TrueCrypt. Each of these operates below the file system layer using kernel space device drivers to perform
encryption and decryption of data. These tools are useful when you want all data written to a volume to be encrypted regardless of what directory the data is
stored in. Another option would be to use file system-level encryption, which works by stacking an encrypted file system on top of an existing file system.
This method is typically used to encrypt a specific directory. eCryptfs and EncFs are two Linux-based open source examples of file system-level encryption
tools. These solutions all require you to provide keys, either manually or from your KMI. An important caveat with both block-level and file system-level
encryption tools is that they can only be used to encrypt data volumes that are not Amazon EBS boot volumes. This is because these tools don't allow you to
automatically make a trusted key available to the boot volume at startup. Encrypting Amazon EBS volumes attached to Windows instances can be done using
BitLocker or Encrypted File System (EFS) as well as open source applications like TrueCrypt. In either case, you still need to provide keys to these
encryption methods and you can only encrypt data volumes. There are AWS partner solutions that can help automate the process of encrypting Amazon EBS volumes
as well as supplying and protecting the necessary keys. Both Trend Micro SecureCloud and SafeNet ProtectV are two such partner products that encrypt Amazon
EBS volumes and include a KMI. Both products are able to encrypt boot volumes in addition to data volumes. These solutions also support use-cases where
Amazon EBS volumes attach to auto-scaled Amazon EC2 instances. Figure 3 shows how the SafeNet and Trend Micro solutions can be used to encrypt data stored on
Amazon EBS using keys managed on-premises, via SaaS, or in software running on EC2.

AWS Certified Solutions Architect – Associate Questions and Answers (Dumps and Practice Questions)

Related Questions