Premium

AWS Certified Solutions Architect – Associate Questions and Answers (Dumps and Practice Questions)



Question : If the network interface has an Elastic IP address associated with it and regarding Disassociating an Elastic IP Address from a Network
Interface
1. You can disassociate the address
2. You can either associate it with another network interface once disassociated
3. Access Mostly Uused Products by 50000+ Subscribers

Which of the above is correct
: If the network interface has an Elastic IP address associated with it and regarding Disassociating an Elastic IP Address from a Network
1. 1,2,3
2. 1,2
 3. Access Mostly Uused Products by 50000+ Subscribers
4. 2,3



Correct Answer : Get Lastest Questions and Answer :

Explanation: If the network interface has an Elastic IP address associated with it, you can disassociate the address, and then either associate it with another
network interface or release it back to the address pool. Note that this is the only way to associate an Elastic IP address with an instance in a different
subnet or VPC using a network interface, as network interfaces are specific to a particular subnet.

You can disassociate an Elastic IP address using the AWS Management Console or the command line.




Question : To enable traffic encryption between the clients that initiate HTTPS sessions with your load balancer , Can a user configure TLS with AWS ELB?

: To enable traffic encryption between the clients that initiate HTTPS sessions with your load balancer , Can a user configure TLS with AWS ELB?
1. Yes, You have to install SSL certificate on ELB
2. Yes, You have to enable HTTPS listener
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Yes, only at the EC2 instance level

Correct Answer : Get Lastest Questions and Answer :

Explanation: AWS ELB supports the HTTPS termination at the ELB level as well as the instance level. The user can upload SSL certificate on ELB to configure the
SSL/TLS with ELB.

HTTPS Support is a feature that allows you to use the SSL/TLS protocol for encrypted connections (also known as SSL offload). This feature enables traffic
encryption between the clients that initiate HTTPS sessions with your load balancer and also for connections between the load balancer and your back-end
instances.

To enable HTTPS support for your load balancer, you'll have to install an SSL server certificate on your load balancer. The load balancer uses the
certificate to terminate and then decrypt requests before sending them to the back-end instances.





Question : The __________ header helps you identify the IP address of a client when you use a load balancer configured for TCP/SSL connections.
Because load balancers intercept traffic between clients and your back-end instances, the access logs from your back-end instance
contain the IP address of the load balancer instead of the originating client.


: The __________ header helps you identify the IP address of a client when you use a load balancer configured for TCP/SSL connections.
1. Proxy Protocol
2. HTTPS Protocol
 3. Access Mostly Uused Products by 50000+ Subscribers
4. SSL/TLS protocol

Correct Answer : Get Lastest Questions and Answer :

Explanation: The Proxy Protocol header helps you identify the IP address of a client when you use a load balancer configured for TCP/SSL connections. Because load
balancers intercept traffic between clients and your back-end instances, the access logs from your back-end instance contain the IP address of the load
balancer instead of the originating client. When Proxy Protocol is enabled, the load balancer adds a human-readable format header that contains the
connection information, such as the source IP address, destination IP address, and port numbers of the client. The header is then sent to the back-end
instance as a part of the request. You can parse the first line of the request to retrieve your client's IP address and the port number





Related Questions

Question : You are designing a web application that stores static assets in an Amazon Simple Storage
Service (S3) bucket. You expect this bucket to immediately receive over 150 PUT requests
per second. What should you do to ensure optimal performance?
 : You are designing a web application that stores static assets in an Amazon Simple Storage
1. Use multi-part upload.
2. Add a random prefix to the key names.
3. Access Mostly Uused Products by 50000+ Subscribers
4. Use a predictable naming scheme, such as sequential numbers or date time sequences, in the key names

Ans : 2
Exp : The sequence pattern in the key names introduces a performance problem. To understand the issue, let,s look at how Amazon S3 stores key names.

Amazon S3 maintains an index of object key names in each AWS region. Object keys are stored lexicographically across multiple partitions in the index. That
is, Amazon S3 stores key names in alphabetical order. The key name dictates which partition the key is stored in. Using a sequential prefix, such as
timestamp or an alphabetical sequence, increases the likelihood that Amazon S3 will target a specific partition for a large number of your keys,
overwhelming the I/O capacity of the partition. If you introduce some randomness in your key name prefixes, the key names, and therefore the I/O load, will
be distributed across more than one partition.

If you anticipate that your workload will consistently exceed 100 requests per second, you should avoid sequential key names. If you must use sequential
numbers or date and time patterns in key names, add a random prefix to the key name. The randomness of the prefix more evenly distributes key names across
multiple index partitions. Examples of introducing randomness are provided later in this topic.

Note
The guidelines provided for the key name prefixes in the following section also apply to the bucket name. When Amazon S3 stores a key name in the index, it
stores the bucket names as part of the key name (for example, examplebucket/object.jpg).
Example 1: Add a Hex Hash Prefix to Key Name

One way to introduce randomness to key names is to add a hash string as prefix to the key name. For example, you can compute an MD5 hash of the character
sequence that you plan to assign as the key name. From the hash, pick a specific number of characters, and add them as the prefix to the key name. The
following example shows key names with a four-character hash.

If you anticipate that your workload will consistently exceed 100 requests per second, you should avoid sequential key names. If you must use sequential
numbers or date and time patterns in key names, add a random prefix to the key name. The randomness of the prefix more evenly distributes key names across
multiple index partitions. Examples of introducing randomness are provided later in this topic.



Question : You have a load balancer configured for VPC, and all back-end Amazon EC instances are
in service. However, your web browser times out when connecting to the load balancer's
DNS name. Which options are probable causes of this behavior? Choose 2 answers
A. The load balancer was not configured to use a public subnet with an Internet gateway configured
B. The Amazon EC2 instances do not have a dynamically allocated private IP address
C. The security groups or network ACLs are not property configured for web traffic.
D. The load balancer is not configured in a private subnet with a NAT instance.
E. The VPC does not have a VGW configured.
: You are designing a web application that stores static assets in an Amazon Simple Storage
1. A,B
2. B,C
 3. Access Mostly Uused Products by 50000+ Subscribers
4. D,E

Ans: 1




Question : A company needs to deploy services to an AWS region which they have not previously
used. The company currently has an AWS identity and Access Management (IAM) role for
the Amazon EC2 instances, which permits the instance to have access to Amazon
DynamoDB. The company wants their EC2 instances in the new region to have the same
privileges. How should the company achieve this?
: You are designing a web application that stores static assets in an Amazon Simple Storage
1. Create a new IAM role and associated policies within the new region
2. Assign the existing IAM role to the Amazon EC2 instances in the new region
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Create an Amazon Machine Image (AMI) of the instance and copy it to the desired region using the AMI Copy feature
Ans : 2



Question : How can an EBS volume that is currently attached to an EC instance be migrated from one Availability Zone to another?

: You are designing a web application that stores static assets in an Amazon Simple Storage
1. Detach the volume and attach it to another EC2 instance in the other AZ.
2. Simply create a new volume in the other AZ and specify the original volume as the source.
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Detach the volume, then use the ec2-migrate-voiume command to move it to another AZ


Question : You are using an m.small EC Instance with one GB EBS volume to host a relational database.
You determined that write throughput to the database needs to be increased. Which of the following approaches can help achieve this? Choose 2 answers
A. Use an array of EBS volumes.
B. Enable Multi-AZ mode.
C. Place the instance in an Auto Scaling Groups
D. Add an EBS volume and place into RAID 5.
E. Increase the size of the EC2 Instance.
F. Put the database behind an Elastic Load Balancer.

 : You are using an m.small EC Instance with one GB EBS volume to host a relational database.
1. A,E
2. B,C
 3. Access Mostly Uused Products by 50000+ Subscribers
4. D,E


Question : You have an EC security group with several EC instances running inside it. You change the security group rules to allow inbound traffic on
port 443 and you then
launch several new instances in the same security group. The new rules apply:

 : You have an EC security group with several EC instances running inside it. You change the security group rules to allow inbound traffic on
1. Straight Away but to the new instances only.
2. Straight away to all instances within the security group.
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Straight Away to the new instances, but old instances must be stopped and restarted before the new rules apply.




Question : You are deploying an application to collect votes for a very popular television show. Millions of users will submit votes using mobile
devices. The votes must be
collected into a durable, scalable, and highly available data store for real-time public tabulation. Which service should you use?
 : You are deploying an application to collect votes for a very popular television show. Millions of users will submit votes using mobile
1. Amazon DynamoDB
2. Amazon Redshift
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Amazon Simple Queue Service



Question : Which services allow the customer to retain full administrative privileges of the underlying EC instances?

Choose 2 answers
A. Amazon Elastic Map Reduce
B. Elastic Load Balancing
C. AWS Elastic Beanstalk
D. Amazon Elasticache
E. Amazon Relational Database service


 : Which services allow the customer to retain full administrative privileges of the underlying EC instances?
1. A,B
2. A,D
 3. Access Mostly Uused Products by 50000+ Subscribers
4. C,D
5. A,C


Question : Which technique can be used to integrate AWS IAM (Identity and Access Management) with an on-premise LDAP (Lightweight Directory Access
Protocol) directory service?

 : Which technique can be used to integrate AWS IAM (Identity and Access Management) with an on-premise LDAP (Lightweight Directory Access
1. Use an IAM policy that references the LDAP account identifiers and the AWS credentials.
2. Use SAML (Security Assertion Markup Language) to enable single sign-on between AWS and LDAP.
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Use IAM roles to automatically rotate the IAM credentials when LDAP credentials are updated.
5. Use the LDAP credentials to restrict a group of users from launching specific EC2 instance types.