Premium

AWS Certified Solutions Architect - Professional Questions and Answers (Dumps and Practice Questions)



Question : An ENI is a virtual network interface that can include the whihc of the following attributes
A. a primary private IP address
B. one or more secondary private IP addresses
C. one Elastic IP address per private IP address
D. one public IP address, which can be auto-assigned to the network interface for eth0 when you launch an instance, but only when you create a network interface for eth0 instead
of using an existing network interface
E. one or more security groups
F. a MAC address
G. a source/destination check flag

: An ENI is a virtual network interface that can include the whihc of the following attributes
1. A,B,C,D

2. C,D,E,F,G

3. A,B,C,D,E

4. A,B,C,D,E,F,G

Correct Answer : 4
Explanation: Each instance in your VPC has a default network interface that is assigned a private IP address from the IP address range of your VPC. You can create and
attach an additional network interface, known as an elastic network interface (ENI), to any instance in your VPC. The number of ENIs you can attach varies by instance type. For more
information, see Private IP Addresses Per ENI Per Instance Type in the Amazon EC2 User Guide for Linux Instances.

An ENI is a virtual network interface that can include the following attributes:

a primary private IP address
one or more secondary private IP addresses
one Elastic IP address per private IP address
one public IP address, which can be auto-assigned to the network interface for eth0 when you launch an instance, but only when you create a network interface for eth0 instead of
using an existing network interface
one or more security groups
a MAC address
a source/destination check flag
a description

You can create an ENI, attach it to an instance, detach it from an instance, and attach it to another instance. An ENI's attributes follow the ENI as it is attached or detached from
an instance and reattached to another instance. When you move an ENI from one instance to another, network traffic is redirected to the new instance.

Attaching multiple ENIs to an instance is useful when you want to:

Create a management network.
Use network and security appliances in your VPC.
Create dual-homed instances with workloads/roles on distinct subnets.
Create a low-budget, high-availability solution






Question : QuickTechie INc is planning to setup their blogging website on the AWS VPC and it shoud have automated HA and DR along with security.
Which of the below mentioned configurations satisfies the QuickTechie's requirement?
: QuickTechie INc is planning to setup their blogging website on the AWS VPC and it shoud have automated HA and DR along with security.
1. Create two separate VPCs and run RDS. RDS will have the multi AZ feature enabled which spans across these two VPCs using VPC peering. Setup the App server with one of
the public subnets of any VPC.

2. Create two separate VPCs in different zones. Setup two EC2 instances by installing a DB in the two different VPCs and enable the failover mechanism. Setup the App
server with one of the public subnets of any VPC.
3. Create a VPC with one private and one public subnet in separate AZs. Setup the EC2 instance with a DB in the private subnet and the web application in a public subnet.
4. Create a VPC with two private subnets and a public subnet. In separate AZs and setup RDS with the multi AZ feature by creating a subnet group. Launch a web application
in the public subnet.


Correct Answer : 4 A virtual private cloud is a virtual network that is logically isolated from other virtual networks in the AWS cloud. Amazon Virtual Private Cloud (VPC) lets you
launch AWS resources, such as an Amazon RDS or Amazon EC2 instance, into a VPC. The VPC can either be a default VPC that comes with your account or it could be one that you create.
All VPCs are associated with your AWS account. Amazon RDS supported two EC2 platforms: EC2-VPC and EC2-Classic. The EC2-VPC platform has a default VPC where all new DB instances are
created unless you specify otherwise. The EC2-Classic platform does not have a default VPC, but as with either platform, you can create your own VPC and specify that a DB instance be
located in that VPC. If you are a new customer to Amazon RDS or if you are using a region you have not previously used, you are most likely working with the EC2-VPC platform. When an
option group is assigned to a DB instance, it is linked to the supported platform the DB instance is on, either VPC or EC2-Classic (non-VPC). Furthermore, if a DB instance is in a
VPC, the option group associated with the instance is linked to that VPC. This means that you cannot use the option group assigned to a DB instance if you attempt to restore the
instance into a different VPC or onto a different platform.

If you restore a DB instance into a different VPC or onto a different platform, you must either assign the default option group to the instance, assign an option group that is linked
to that VPC or platform, or create a new option group and assign it to the DB instance. Note that with persistent or permanent options, such as Oracle TDE, you must create a new
option group that includes the persistent or permanent option when restoring a DB instance into a different VPC. A Virtual Private Cloud (VPC) is a virtual network dedicated to the
user's AWS account. It enables the user to launch AWS resources, such as RDS into a virtual network that the user has defined. Subnets are segments of a VPC's IP address range that
the user can designate to a group of VPC resources based on security and operational needs. To setup the HA and DR system it is recommended to use RDS with AWS as it offers a point
in time snapshot and multi AZ feature. The user should setup RDS with the VPC subnet group. A DB subnet group is a collection of subnets (generally private) that the user can create
in a VPC and which the user assigns to the RDS DB instances. A DB subnet group allows the user to specify a particular VPC when creating the DB instances. Each DB subnet group should
have subnets in at least two Availability Zones in a given region.

Here are some tips on working with a DB instance in a VPC:

Your VPC must have at least one subnet in at least two of the Availability Zones in the region where you want to deploy your DB instance. A subnet is a segment of a VPC's IP
address range that you can specify and that lets you group instances based on your security and operational needs.
If you want your DB instance in the VPC to be publicly accessible, you must enable the VPC attributes DNS hostnames and DNS resolution.
Your VPC must have a DB subnet group that you create (for more information, see the next section). You create a DB subnet group by specifying the subnets you created. Amazon RDS
uses that DB subnet group and your preferred Availability Zone to select a subnet and an IP address within that subnet to assign to your DB instance.
Your VPC must have a VPC security group that allows access to the DB instance.
The CIDR blocks in each of your subnets must be large enough to accommodate spare IP addresses for Amazon RDS to use during maintenance activities, including failover and compute
scaling.
A VPC can have an instance tenancy attribute of either default or dedicated. All default VPCs have the instance tenancy attribute set to default, and a default VPC can support
any DB instance class.
If you choose to have your DB instance in a dedicated VPC where the instance tenancy attribute is set to dedicated, the DB instance class of your DB instance must be one of the
approved Amazon EC2 dedicated instance types. For example, the m3.medium EC2 dedicated instance corresponds to the db.m3.medium DB instance class. For example, For more
information about the instance types that can be in a dedicated instance, see Amazon EC2 Dedicated Instances. For information about instance tenancy in a VPC, see Using EC2
Dedicated Instances in the Amazon Virtual Private Cloud User Guide.




Question : AcmeShell Inc is purchasing licensed software and license can be registered only to a specific MAC Address. Acmeshell Inc is going to host the
software in the AWS environment. How can the organization fulfil the license requirement as the MAC address changes every time an instance is started/stopped/terminated?
: AcmeShell Inc is purchasing licensed software and license can be registered only to a specific MAC Address. Acmeshell Inc is going to host the
1. It is not possible to have a fixed MAC address with AWS.
2. The organization should use VPC with the private subnet and configure the MAC address with that subnet.
3. The organization should use VPC with an elastic network interface which will have a fixed MAC Address.
4. The organization should use VPC since VPC allows to configure the MAC address for each EC2 instance.

Correct Answer : 3

Explanation: Elastic Network Interfaces (ENI)

An elastic network interface (ENI) is a virtual network interface that you can attach to an instance in a VPC. An ENI can include the following attributes:

a primary private IP address
one or more secondary private IP addresses
one Elastic IP address per private IP address
one public IP address, which can be auto-assigned to the network interface for eth0 when you launch an instance, but only when you create a network interface for eth0 instead of
using an existing network interface
one or more security groups
a MAC address
a source/destination check flag
a description

You can create a network interface, attach it to an instance, detach it from an instance, and attach it to another instance. The attributes of a network interface follow the network
interface as it is attached or detached from an instance and reattached to another instance. When you move a network interface from one instance to another, network traffic is
redirected to the new instance.

Each instance in a VPC has a default network interface. The default network interface has a primary private IP address in the IP address range of its VPC. You can create and attach
additional network interfaces. The maximum number of network interfaces that you can use varies by instance type. For more information, see Private IP Addresses Per ENI Per Instance
Type.

Attaching multiple network interfaces to an instance is useful when you want to:

Create a management network.
Use network and security appliances in your VPC.
Create dual-homed instances with workloads/roles on distinct subnets.
Create a low-budget, high-availability solution.


Related Questions

Question : QuickTechie.com is setting up a multi-site solution where the application runs on premise as well as on AWS to achieve the minimum RTP. Which of the
below mentioned configurations will not meet the requirements of the multi-site solution scenario?
 : QuickTechie.com is setting up a multi-site solution where the application runs on premise as well as on AWS to achieve the minimum RTP. Which of the
1. Configure data replication based on RTO.
2. Setup a single DB instance which will be accessed by both sites.
3. Access Mostly Uused Products by 50000+ Subscribers
4. Setup a weighted DNS service like Route 53 to route traffic across sites.




Question : If a disaster occurs at : PM (noon) and the RPO is one hour, the system should recover all data that was in the system

: If a disaster occurs at : PM (noon) and the RPO is one hour, the system should recover all data that was in the system
1. before 11:00 AM
2. before 12:00 PM
 3. Access Mostly Uused Products by 50000+ Subscribers
4. None of above



Question : In the scenerio AWS Production to an AWS DR Solution Using Multiple AWS Regions
When you replicate data to a remote location, you should consider

A. Distance between the sites
B. Available bandwidth
C. Data rate required by your application
D. Replication technology
 : In the scenerio AWS Production to an AWS DR Solution Using Multiple AWS Regions
1. A,B,C
2. B,C,D
 3. Access Mostly Uused Products by 50000+ Subscribers
4. A,B,C,D



Question : if a disaster occurs at : PM (noon) and the RTO is
eight hours, the DR process should restore the business process to the acceptable service level by_________

 : if a disaster occurs at : PM (noon) and the RTO is
1. 8:00 PM
2. 9:00 PM
 3. Access Mostly Uused Products by 50000+ Subscribers
4. 00:00 AM




Question : QuickTechie.com is having a VPC for the Billing Team, and another VPC for the Training department.
The Billing team requires access to all the instances running in the Training Team VPC while the Training Team requires
access to all the resources in the Billing Team. How can the organization setup this scenario?


 : QuickTechie.com is having a VPC for the Billing Team, and another VPC for the Training department.
1. Setup ACL with both VPCs which will allow traffic from the CIDR of the other VPC.
2. Setup VPC peering between the VPCs of Training Team and Billing Team.
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Setup the security group with each VPC which allows traffic from the CIDR of another VPC
5. None of above



Question : QuickTechie.com has hosted a web application which allows traffic on port from all the IPs and attached the same security group to multiple
instances running in the same VPC but different subnets. QuickTechie.com is planning to use one of these instances for testing an web application running on port
8080. How can QuickTechie setup this case so security of all the instances are not affected ?
 : QuickTechie.com has hosted a web application which allows traffic on port from all the IPs and attached the same security group to multiple
1. QuickTechie.com should launch an instance in a separate subnet so that they will have a different security group.
2. QuickTechie.com should attach an ENI with every instance. The organization should create a new security group and update the security group of that instance's ENI.
 3. Access Mostly Uused Products by 50000+ Subscribers
selected IP.
4. QuickTechie.com should first stop the instance and then change the security group of the selected instance.