AWS Certified Solutions Architect - Professional Questions and Answers (Dumps and Practice Questions)
Question : Seledt the correct statement regarding key pair.
A. If you don't specify the name of an existing key pair when you launch an instance, you won't be able to connect to the instance.
B. Amazon EC2 doesn't keep a copy of your private key
C. If you lose the private key for an instance store-backed instance, you can't access the instance
D. If you lose the private key for an EBS-backed instance, you can't access the instance
1. A,B,C
2. B,C,D
3. A,C,D
4. A,B,C,D
Correct Answer : 1
Explanation: Amazon EC2 Key Pairs
Amazon EC2 uses public-key cryptography to encrypt and decrypt login information. Public-key cryptography uses a public key to encrypt a piece of data, such as a password, then the
recipient uses the private key to decrypt the data. The public and private keys are known as a key pair.
To log in to your instance, you must create a key pair, specify the name of the key pair when you launch the instance, and provide the private key when you connect to the instance.
Linux instances have no password, and you use a key pair to log in using SSH.
Creating a Key Pair
You can use Amazon EC2 to create your key pair. For more information, see Creating Your Key Pair Using Amazon EC2.
Alternatively, you could use a third-party tool and then import the public key to Amazon EC2. For more information, see Importing Your Own Key Pair to Amazon EC2.
Each key pair requires a name. Be sure to choose a name that is easy to remember. Amazon EC2 associates the public key with the name that you specify as the key name.
Amazon EC2 stores the public key only, and you store the private key. Anyone who possesses your private key can decrypt your login information, so it's important that you store your
private keys in a secure place.
The keys that Amazon EC2 uses are 1024-bit SSH-2 RSA keys. You can have up to five thousand key pairs per region.
Launching and Connecting to Your Instance
When you launch an instance, you should specify the name of the key pair you plan to use to connect to the instance. If you don't specify the name of an existing key pair when you
launch an instance, you won't be able to connect to the instance. When you connect to the instance, you must specify the private key that corresponds to the key pair you specified
when you launched the instance. Amazon EC2 doesn't keep a copy of your private key; therefore, if you lose your private key, there is no way to recover it. If you lose the private
key for an instance store-backed instance, you can't access the instance; you should terminate the instance and launch another instance using a new key pair. If you lose the private
key for an EBS-backed instance, you can regain access to your instance.
Question : On the Key Pairs page in the Amazon EC console, the Fingerprint column displays the fingerprints generated from your key pairs.
If you created the key pair with a third-party tool and uploaded the public key to AWS
the fingerprint is calculated using __________
1. an MD5 hash function
2. an SHA-1 hash function
3. third party took key-pair are not supported bt AWS
4. Both 1 and 2 are used.
Correct Answer : 1
Explanation: On the Key Pairs page in the Amazon EC2 console, the Fingerprint column displays the fingerprints generated from your key pairs. AWS calculates the fingerprint differently
depending on whether the key pair was generated by AWS or a third-party tool. If you created the key pair using AWS, the fingerprint is calculated using an SHA-1 hash function. If
you created the key pair with a third-party tool and uploaded the public key to AWS, or if you generated a new public key from an existing AWS-created private key and uploaded it to
AWS, the fingerprint is calculated using an MD5 hash function.
You can use the fingerprint that's displayed on the Key Pairs page to verify that the private key you have on your local machine matches the public key that's stored in AWS.
Question : You have launched and instance with the existing key pair. Now you have deleted this key pair from AWS. What would happen.
1. You have to terminate and delete this instance. As you will never be able to connect again.
2. As you still have private key with you, you can connect with the instance.
3. Once instance is launched with the key pair, it can never be deleted from AWS
4. None
Correct Answer : 2
Explanation: When you delete a key pair, you are only deleting Amazon EC2's copy of the public key. Deleting a key pair doesn't affect the private key on your computer or the public key on
any instances already launched using that key pair. You can't launch a new instance using a deleted key pair, but you can continue to connect to any instances that you launched using
a deleted key pair, as long as you still have the private key (.pem) file.
Related Questions
Question : An application is running Hadoop jobs. The application reads data from DynamoDB and generates a temporary file of TBs.
The whole process runs for 60 minutes and the output of the job is stored to S3. Which of the below mentioned options is
the most cost effective solution in this case?
1. Use an on demand instance to run Hadoop jobs and configure them with EBS volumes for persistent storage.
2. Use Spot Instances to run Hadoop jobs and configure them with ephermal storage for output file storage.
3. Access Mostly Uused Products by 50000+ Subscribers
4. Use an on demand instance to run Hadoop jobs and configure them with ephemeral storage for output file storage.
Question : QuickTechie.com has setup a web application in the AWS VPC. The organization is running a database on the EC instance
and the application server connects to the DB server only on the internal IP. The organization is looking for HA and DR for the database.
Which of the below mentioned options fulfils the organization's need for a DB backup?
1. Setup the database on the instance with an elastic network interface which will have a fixed private IP address and also keep a hot standby running in a separate zone
with a different subnet.
2. Setup the database in the private subnet and keep a hot standby running in the public subnet for immediate failover.
3. Access Mostly Uused Products by 50000+ Subscribers
with a different subnet.
4. Use the AWS storage gateway with VPC to switchover from the primary to secondary DB in separate zones.
Question : QuickTechie.com has people in the IT operations team who are responsible to manage the AWS infrastructure.
QuickTechie wants to setup that only the information security team manager from this team can change the rules of
the security group in the VPC. Which of the below mentioned IAM policies will help in this scenario?
1. { "Version": "2012-10-17", "Statement":[{ "Effect":"Allow", "Action": [ "ec2:AuthorizeSecurityGroupIngress", "ec2:AuthorizeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress", "ec2:RevokeSecurityGroupEgress"], "Resource": "arn:aws:ec2:region:account:security-group/*", } }, { "Effect": "Allow", "Action":
"ec2:DescribeSecurityGroups", "Resource": "*" } ] }
2. { "Version": "2012-10-17", "Statement":[{ "Effect":"Deny", "Action": [ "ec2:AuthorizeSecurityGroupIngress", "ec2:AuthorizeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress", "ec2:RevokeSecurityGroupEgress"], "Resource": "arn:aws:ec2:region:account:security-group/*", } } ] }
3. Access Mostly Uused Products by 50000+ Subscribers
"ec2:RevokeSecurityGroupIngress", "ec2:RevokeSecurityGroupEgress"], } } ] }
4. { "Version": "2012-10-17", "Statement":[{ "Effect":"Allow", "Action": [ "vpc:AuthorizeSecurityGroupIngress", "vpc:AuthorizeSecurityGroupEgress"], "Resource":
"arn:aws:ec2:region:account:security-group/*", } } ] }
Question : QuickTechie.com has hosted a tomcat based web application on AWS EC and opened port for the selected IPs and port for everyone else.
The organization has noticed that over the weekend their AWS usage increased by a few hundred dollars because there was data transfer in the range
of 50-60 TB that happened during the week end. The organization did not run any special program which could cause this transfer.
What could be the potential source for a breach in the security?
1. QuickTechie.com might have enabled UDP ports for data transfer.
2. QuickTechie.com might have enabled TCP ports for data transfer.
3. Access Mostly Uused Products by 50000+ Subscribers
4. QuickTechie.com might not have changed the default admin password of the tomcat manager.
Question : QuickTechie.com provides scalable and secure SAAS to its clients. They are planning to host a web server and App server on AWS VPC as separate
tiers. The organization wants to implement the scalability by configuring Auto Scaling and load balancer with their app servers (middle tier) too.
Which of the below mentioned options suits their requirements?
1. The user should make ELB with EC2-CLASSIC and enable SSH with it for security.
2. Since ELB is internet facing, it is recommended to setup HAProxy as the Load balancer within the VPC.
3. Access Mostly Uused Products by 50000+ Subscribers
4. Create an Internal Load balancer with VPC and register all the App servers with it.
Question : QuickTechie.com is trying to setup AWS VPC with Auto Scaling. Which of the below mentioned steps is
not required to be configured by the organization to setup AWS VPC?
1. Configure the Auto Scaling group with the VPC ID in which instances will be launched.
2. Configure the Auto Scaling Launch configuration with the VPC security group.
3. Access Mostly Uused Products by 50000+ Subscribers
4. Configure the Auto Scaling Launch configuration which does not allow assigning a public IP to instances.