AWS Certified Solutions Architect - Professional Questions and Answers (Dumps and Practice Questions)
Question : In this scenario, the secondary network interface
on the instance handles __________ and the primary network interface
handles _________ traffic and is connected
to a separate subnet in your VPC that
has more restrictive access controls.
1. public-facing traffic, back-end management
2. back-end management, public-facing traffic
3. public-facing traffic, public-facing traffic
4. back-end management, back-end management
Correct Answer : 1
Explanation: You can create a management network using network interfaces. In this scenario, the secondary network interface on the instance handles public-facing traffic
and the primary network interface handles back-end management traffic and is connected to a separate subnet in your VPC that has more restrictive access controls. The public facing
interface, which may or may not be behind a load balancer, has an associated security group that allows access to the server from the Internet (for example, allow TCP port 80 and 443
from 0.0.0.0/0, or from the load balancer) while the private facing interface has an associated security group allowing SSH access only from an allowed range of IP addresses either
within the VPC or from the Internet, a private subnet within the VPC or a virtual private gateway.
To ensure failover capabilities, consider using a secondary private IP for incoming traffic on a network interface. In the event of an instance failure, you can move the interface
and/or secondary private IP address to a standby instance.
Use Network and Security Appliances in Your VPC
Some network and security appliances, such as load balancers, network address translation (NAT) servers, and proxy servers prefer to be configured with multiple network interfaces.
You can create and attach secondary network interfaces to instances in a VPC that are running these types of applications and configure the additional interfaces with their own
public and private IP addresses, security groups, and source/destination checking.
Creating Dual-homed Instances with Workloads/Roles on Distinct Subnets
You can place a network interface on each of your web servers that connects to a mid-tier network where an application server resides. The application server can also be dual-homed
to a back-end network (subnet) where the database server resides. Instead of routing network packets through the dual-homed instances, each dual-homed instance receives and processes
requests on the front end, initiates a connection to the back end, and then sends requests to the servers on the back-end network
Question : Because of low budget constraint, you can not create full flash HA for the data base instances. However, you still need HA for your database instance,
and you are find with the little connectivity issue while failure. Which is the suitable solution for this problm.
1. If one of your instances serving a particular function fails, its elastic ip address can be attached to a replacement
or hot standby instance pre-configured for the same role in order to rapidly recover the service
2. If one of your instances serving a particular function fails, its private ip address can be attached to a replacement
or hot standby instance pre-configured for the same role in order to rapidly recover the service
3. If one of your instances serving a particular function fails, its network interface can be attached to a replacement
or hot standby instance pre-configured for the same role in order to rapidly recover the service
4. 1 and 2
5. 2 and 3
Correct Answer : 3
Exp: Creating Dual-homed Instances with Workloads/Roles on Distinct Subnets
You can place a network interface on each of your web servers that connects to a mid-tier network where an application server resides. The application server can also be dual-homed
to a back-end network (subnet) where the database server resides. Instead of routing network packets through the dual-homed instances, each dual-homed instance receives and processes
requests on the front end, initiates a connection to the back end, and then sends requests to the servers on the back-end network.
Create a Low Budget High Availability Solution
If one of your instances serving a particular function fails, its network interface can be attached to a replacement or hot standby instance pre-configured for the same role in order
to rapidly recover the service. For example, you can use an ENI as your primary or secondary network interface to a critical service such as a database instance or a NAT instance. If
the instance fails, you (or more likely, the code running on your behalf) can attach the ENI to a hot standby instance. Because the interface maintains its private IP addresses,
Elastic IP addresses, and MAC address, network traffic will begin flowing to the standby instance as soon as you attach the ENI to the replacement instance. Users will experience a
brief loss of connectivity between the time the instance fails and the time that the ENI is attached to the standby instance, but no changes to the VPC route table or your DNS server
are required.
Question : Please map the following for Configuring Network Interfaces
a. hot attach
b. warm attach
c. cold attach
1. when instance running
2. when instance stopped
3. when the instance is being launched
1. a-1, b-2, c-3
2. a-2, b-1, c-3
3. a-2, b-3, c-1
4. a-3, b-2, c-3
Correct Answer : 1
Explanation: You can attach a network interface to an instance when it's running (hot attach), when it's stopped (warm attach), or when the instance is being launched (cold attach).
Launching an instance with multiple network interfaces automatically configures interfaces, private IP addresses, and route tables on the operating system of the instance. A warm or
hot attach of an additional network interface may require you to manually bring up the second interface, configure the private IP address, and modify the route table accordingly.
(Instances running Amazon Linux or Microsoft Windows Server automatically recognize the warm or hot attach and configure themselves.)
Related Questions
Question : QuickTechie.com is setting up a multi-site solution where the application runs on premise as well as on AWS
to achieve the minimum RTP. They have database as Oracle in backend.
Select the configurations which is not the requirements of the multi-site solution scenario?
1. Configure data replication based on RTO.
2. Setup a single DB instance which will be accessed by both sites.
3. Access Mostly Uused Products by 50000+ Subscribers
4. Setup a weighted DNS service like Route 53 to route traffic across sites.
Question : QuickTechie.com is hosting a scalable web application using AWS. And configured internet facing ELB
and Auto Scaling to make the application scalable. Which of the below mentioned statements is required to be followed when the
application is planning to host a website on VPC?
1. The ELB can be in a public or a private subnet but should have the ENI which is attached to an elastic IP.
2. The ELB must not be in any subnet; instead it should face the internet directly.
3. Access Mostly Uused Products by 50000+ Subscribers
4. The ELB must be in a public subnet of the VPC to face the internet traffic.
Question : www.HadoopExam.com is planning to create a secure, scalable and HA system on the AWS VPC.
Which of the below mentioned configurations will not help HadoopExam to achieve their goals if they are planning to use the AWS VPC?
1. Setup CloudWatch which will monitor the AWS instances and trigger an alert to the Auto Scaling group when there is some odd behaviour.
2. Setup Auto Scaling with multiple public subnets in separate zones from the same VPC.
3. Access Mostly Uused Products by 50000+ Subscribers
4. Setup the internet facing ELB with VPC which is facing external traffic and has all instances registered with it.
Question : Which of the following tenancy attribute of a VPC help all instances launched in the VPC run as single-tenancy instances
1. default
2. dedicated
3. Access Mostly Uused Products by 50000+ Subscribers
4. None
Question : One of the AWS account owners faced a major challenge in June as his account was hacked and the hacker deleted
all the data from his AWS account. This resulted in a major blow to the business. Which of the below mentioned
steps may not help in preventing this action?
1. Take a backup of the critical data to offsite / on premise.
2. Create an AMI and a snapshot of the data at regular intervals as well as keep a copy to separate regions.
3. Access Mostly Uused Products by 50000+ Subscribers
4. Do not share the AWS access and secret access keys with others as well do not store it inside programs, instead use IAM roles.
Question : QuickTechie.com is hosting a scalable "Polling of the new News" web application using AWS. The organization has configured ELB
and Auto Scaling to make the application scalable. Which of the below mentioned statements is not required to be
followed for ELB when the application is planning to host a web application on VPC?
1. Configure the security group rules and network ACLs to allow traffic to be routed between the subnets in the VPC.
2. The internet facing ELB should have a route table associated with the internet gateway.
3. Access Mostly Uused Products by 50000+ Subscribers
4. The ELB and all the instances should be in the same subnet.