AWS Certified Solutions Architect - Professional Questions and Answers (Dumps and Practice Questions)
Question : QuickTechie.com Inc is planning to setup a management network on the AWS VPC which is trying to secure the webserver on a single VPC instance such
that it allows the internet traffic as well as the back-end management traffic. QuickTechie admin wants to make sure that the back end management network interface
can receive the SSH traffic only from a selected IP range, while the internet facing webserver will have an IP address which can receive traffic from all the internet IPs.
How can the QuickTechie.com achieve this by running web server on a single instance?
1. The organization should create two network interfaces with the same subnet and security group to assign separate IPs to each network interface.
2. The organization should create two network interfaces with separate subnets so one instance can have two subnets and the respective security groups for controlled
access.
3. The organization should launch an instance with two separate subnets using the same network interface which allows to have a separate CIDR as well as security groups.
4. It is not possible to have two IP addresses for a single instance.
Correct Answer : Get Lastest Questions and Answer :
Explanation: You can create a management network using network interfaces. In this scenario, the secondary network interface on the instance handles public-facing traffic and the primary
network interface handles back-end management traffic and is connected to a separate subnet in your VPC that has more restrictive access controls. The public facing interface, which
may or may not be behind a load balancer, has an associated security group that allows access to the server from the Internet (for example, allow TCP port 80 and 443 from 0.0.0.0/0,
or from the load balancer) while the private facing interface has an associated security group allowing SSH access only from an allowed range of IP addresses either within the VPC or
from the Internet, a private subnet within the VPC or a virtual private gateway.
To ensure failover capabilities, consider using a secondary private IP for incoming traffic on a network interface. In the event of an instance failure, you can move the interface
and/or secondary private IP address to a standby instance.
Question : HadoopExam.com has setup an application on AWS and wants to achieve scalability and HA for the application. Application should scale up and down
when there is a higher / reduced load on the application. Which of the below mentioned configurations is not required to be performed in this scenario?
1. Setup ELB with instances to distribute the load on the web server.
2. Setup schedule to shut off the instance when the instance is not in use.
3. Setup bootstrapping to start the web and DB servers on instance boot.
4. Create an AMI of a running instance and configure that AMI with AutoScaling.
Correct Answer : Get Lastest Questions and Answer :
Explanation: AWS EC2 allows the user to launch On-Demand instances. AutoScaling offers automation which can scale up or down resources as per the configured policy. To setup AutoScaling,
the organization must first create an AMI. The organization should setup bootstrapping with AMI so that whenever the instance starts it will automatically start the app server and DB
server. The organization should also setup ELB with instances to distribute the incoming load. AutoScaling should be configured to scale up and down based on the application load and
not on a particular schedule. Elastic Load Balancing automatically distributes incoming application traffic across multiple Amazon EC2 instances in the cloud. It enables you to
achieve greater levels of fault tolerance in your applications, seamlessly providing the required amount of load balancing capacity needed to distribute application traffic.
Available : Achieve higher levels of fault tolerance for your applications by using Elastic Load Balancing to automatically route traffic across multiple instances and multiple
Availability Zones. Elastic Load Balancing ensures that only healthy Amazon EC2 instances receive traffic by detecting unhealthy instances and rerouting traffic across the remaining
healthy instances. If all of your EC2 instances in one Availability Zone are unhealthy, and you have set up EC2 instances in multiple Availability Zones, Elastic Load Balancing will
route traffic to your healthy EC2 instances in those other zones.
Elastic : Elastic Load Balancing automatically scales its request handling capacity to meet the demands of application traffic. Additionally, Elastic Load Balancing offers
integration with Auto Scaling to ensure that you have back-end capacity to meet varying levels of traffic levels without requiring manual intervention.
Secure : Elastic Load Balancing works with Amazon Virtual Private Cloud (VPC) to provide robust networking and security features. You can create an internal (non-internet facing)
load balancer to route traffic using private IP addresses within your virtual network. You can implement a multi-tiered architecture using internal and internet-facing load balancers
to route traffic between application tiers. With this multi-tier architecture, your application infrastructure can use private IP addresses and security groups, allowing you to
expose only the internet-facing tier with public IP addresses.
Elastic Load Balancing provides integrated certificate management and SSL decryption, allowing you to centrally manage the SSL settings of the load balancer and offload CPU intensive
work from your instances.
Question : You can use Amazon Route health checking and DNS failover features to
1. enhance the availability of the applications running behind Elastic Load Balancers
2. run applications in multiple AWS regions and designate alternate load balancers for failover across regions
3. Both 1 and 2
4. None of above
Correct Answer : Get Lastest Questions and Answer :
Explanation: You can use Amazon Route 53 health checking and DNS failover features to enhance the availability of the applications running behind Elastic Load Balancers. Route 53 will fail
away from a load balancer if there are no healthy EC2 instances registered with the load balancer or if the load balancer itself is unhealthy.
Using Route 53 DNS failover, you can run applications in multiple AWS regions and designate alternate load balancers for failover across regions. In the event that your application
is unresponsive, Route 53 will remove the unavailable load balancer endpoint from service and direct traffic to an alternate load balancer in another region.
Related Questions
Question : QuickTechie.com setting up their website on AWS and working on various security measures to be performed on the AWS EC instances.
Which of the below mentioned security mechanisms will not help the QuickTechie to avoid future data leaks and identify security weaknesses?
1. Perform a Code Check for any memory leaks.
2. Run penetration testing on AWS with prior approval from Amazon.
3. Access Mostly Uused Products by 50000+ Subscribers
4. Perform SQL injection for application testing.
Question : QuickTechie.com is planning to host a Wordpress blog as well a joomla CMS on a single instance launched with VPC.
and also wants to have separate domains for each application and assign them using Route 53. It may have about ten instances each with two applications
as mentioned above. While launching the instance, QuickTechie Administrator configured two separate network interfaces (primary + ENI)
and wanted to have two elastic IPs for that instance.
It was suggested to use a public IP from AWS instead of an elastic IP as the number of elastic IPs is restricted. What action will you recommended ?
1. I agree with the suggestion but will prefer that the organization should use separate subnets with each ENI for different public IPs.
2. I agree with the suggestion and it is recommended to use a public IP from AWS since the organization is going to use DNS with Route 53.
3. Access Mostly Uused Products by 50000+ Subscribers
4. I do not agree as it is required to have only an elastic IP since an instance has more than one ENI and AWS does not assign a public IP to an instance with multiple ENIs.
Question : QuickTechie.com is making software for a company in USA. Company agreed to host the application on AWS but in a secure environment.
QuickTechie is thinking of hosting the application on the AWS GovCloud region. Which of the below mentioned difference
is not correct when the organization is hosting on the AWS GovCloud in comparison with the AWS standard region?
1. GovCloud region authentication is isolated from Amazon.com.
2. Physical and logical administrative access only to U.S. persons.
3. Access Mostly Uused Products by 50000+ Subscribers
4. It is physically isolated and has logical network isolation from all the other regions.
Question : Acmeshell.com has people in the IT operations team who are responsible to manage the AWS infrastructure. And wants to setup that each user will
have access to launch and manage an instance in a zone which the other user cannot modify.
Which of the below mentioned options is the best solution to set this up?
1. Create four AWS accounts and give each user access to a separate account.
2. Create four IAM users and four VPCs and allow each IAM user to have access to separate VPCs.
3. Access Mostly Uused Products by 50000+ Subscribers
4. Create an IAM user and allow them permission to launch an instance of a different sizes only.
Question : QuickTechie.com has created a multi-tenant Learning Management System (LMS). The application is hosted for five different tenants (clients) in the
VPCs of the respective AWS accounts of the tenant. QuickTechie.com wants to setup a centralized server which can connect with the LMS of each tenant upgrade if
required. QuickTechie.com also wants to ensure that one tenant VPC should not be able to connect to the other tenant VPC for security reasons.
How can QuickTechie.com setup this scenario?
1. QuickTechie should setup all the VPCs meshed together with VPC peering for all VPCs.
2. QuickTechie should setup VPC peering with all the VPCs peering each other but block the IPs from CIDR of the tenant VPCs to deny them.
3. Access Mostly Uused Products by 50000+ Subscribers
4. QuickTechie should setup all the VPCs with the same CIDR but have a centralized VPC. This way only the centralized VPC can talk to the other VPCs using VPC peering.
Question : QuickTechie is planning to use NoSQL DB for its scalable data needs. The organization wants to host an application securely in AWS VPC.
What action can be recommended to the organization?
1. QuickTechie should only use a DynamoDB because by default it is always a part of the default subnet provided by AWS.
2. QuickTechie should setup their own NoSQL cluster on the AWS instance and configure route tables and subnets.
3. Access Mostly Uused Products by 50000+ Subscribers
4. QuickTechie should use a DynamoDB while creating a table within a private subnet.