Question : A sys admin is using server side encryption with AWS S. Which of the below mentioned statements helps the user understand the S encryption functionality? 1. The server side encryption with the user supplied key works when versioning is enabled 2. The user can use the AWS console, SDK and APIs to encrypt or decrypt the content for server side encryption with the user supplied key 3. Access Mostly Uused Products by 50000+ Subscribers 4. The user can upload his own encryption key to the S3 console
Correct Answer : Get Lastest Questions and Answer : Exp: AWS S3 supports client side or server side encryption to encrypt all data at rest. The server side encryption can either have the S3 supplied AES-256 encryption key or the user can send the key along with each API call to supply his own encryption key. The encryption with the user supplied key (SSE-C. does not work with the AWS console. The S3 does not store the keys and the user has to send a key with each request. The SSE-C works when the user has enabled versioning.
Question : A root account owner is trying to understand the S bucket ACL. Which of the below mentioned options cannot be used to grant ACL on the object using the authorized predefined group?
Correct Answer : Get Lastest Questions and Answer : Exp: An S3 bucket ACL grantee can be an AWS account or one of the predefined Amazon S3 groups. Amazon S3 has a set of predefined groups. When granting account access to a group, the user can specify one of the URLs of that group instead of a canonical user ID. AWS S3 has the following predefined groups: Authenticated Users group: It represents all AWS accounts. All Users group: Access permission to this group allows anyone to access the resource. Log Delivery group: WRITE permission on a bucket enables this group to write server access logs to the bucket.
Question : A user has created a VPC with CIDR .../ using the wizard. The user has created a public subnet CIDR .../. and VPN only subnets CIDR 20.0.1.0/24. along with the VPN gateway vgw-12345. to connect to the user's data centre. The user's data centre has CIDR 172.28.0.0/12. The user has also setup a NAT instance i-123456. to allow traffic to the internet from the VPN subnet. Which of the below mentioned options is not a valid entry for the main route table in this scenario? 1. Destination: 20.0.1.0/24 and Target: i-12345 2. Destination: 0.0.0.0/0 and Target: i-12345 3. Access Mostly Uused Products by 50000+ Subscribers 4. Destination: 20.0.0.0/16 and Target: local
Exp: The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data centre, he can setup a public and VPN only subnet which uses hardware VPN access to connect with his data centre. When the user has configured this setup with Wizard, it will create a virtual private gateway to route all traffic of the VPN subnet. If the user has setup a NAT instance to route all the internet requests then all requests to the internet should be routed to it. All requests to the organization's DC will be routed to the VPN gateway. Here are the valid entries for the main route table in this scenario: Destination: 0.0.0.0/0 & Target: i-12345 (To route all internet traffic to the NAT Instance. Destination: 172.28.0.0/12 & Target: vgw-12345 (To route all the organization's data centre traffic to the VPN gateway. Destination: 20.0.0.0/16 & Target: (To allow local routing in VPC.
1. One account by default is limited to 100 templates 2. The user can use 60 parameters and 60 outputs in a single template 3. Access Mostly Uused Products by 50000+ Subscribers 4. One account by default is limited to 20 stacks
1. AWS SQS sends notification after 15 days for inactivity on queue 2. AWS SQS can delete queue after 30 days without notification 3. Access Mostly Uused Products by 50000+ Subscribers 4. AWS SQS notifies the user after 2 weeks and deletes the queue after 3 weeks.
Ans : 4 Exp : After an instance has been marked unhealthy by Auto Scaling, as a result of an Amazon EC2 or ELB health check, it is almost immediately scheduled for replacement as it will never automatically recover its health. If the user knows that the instance is healthy then he can manually call the SetInstanceHealth action (or the as-setinstance- health command from CLI. to set the instance's health status back to healthy. Auto Scaling will throw an error if the instance is already terminating or else it will mark it healthy.
Question : A system admin wants to add more zones to the existing ELB. The system admin wants to perform this activity from CLI. Which of the below mentioned command helps the system admin to add new zones to the existing ELB?
1. elb-enable-zones-for-lb 2. elb-add-zones-for-lb 3. Access Mostly Uused Products by 50000+ Subscribers 4. elb-configure-zones-for-lb Ans : 1 Exp : The user has created an Elastic Load Balancer with the availability zone and wants to add more zones to the existing ELB. The user can do so in two ways: From the console or CLI, add new zones to ELB;
Question : An organization is planning to create a user with IAM. They are trying to understand the limitations of IAM so that they can plan accordingly. Which of the below mentioned statements is not true with respect to the limitations of IAM?
1. One IAM user can be a part of a maximum of 5 groups 2. The organization can create 100 groups per AWS account 3. Access Mostly Uused Products by 50000+ Subscribers 4. One AWS account can have 250 roles Ans : 1 Exp : AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. The default maximums for each of the IAM entities is given below: Groups per AWS account: 100 Users per AWS account: 5000 Roles per AWS account: 250 Number of groups per user: 10 (that is, one user can be part of these many groups.
Question : A user is planning to scale up an application by AM and scale down by PM daily using Auto Scaling. What should the user do in this case? 1. Setup the scaling policy to scale up and down based on the CloudWatch alarms 2. The user should increase the desired capacity at 8 AM and decrease it by 7 PM manually 3. Access Mostly Uused Products by 50000+ Subscribers 4. Setup scheduled actions to scale up or down at a specific time Ans : 1 Exp : Auto Scaling based on a schedule allows the user to scale the application in response to predictable load changes. To configure the Auto Scaling group to scale based on a schedule, the user needs to create scheduled actions. A scheduled action tells Auto Scaling to perform a scaling action at a certain time in the future.
Question : A user has created a VPC with two subnets: one public and one private. The user is planning to run the patch update for the instances in the private subnet. How can the instances in the private subnet connect to theinternet? 1. Use the internet gateway with a private IP 2. Allow outbound traffic in the security group for port 80 to allow internet updates 3. Access Mostly Uused Products by 50000+ Subscribers 4. Use NAT with an elastic IP
Ans : 4 Exp : A Virtual Private Cloud (VPC. is a virtual network dedicated to the user's AWS account. A user can create a subnet with VPC and launch instances inside that subnet. If the user has created two subnets (one private and one public., he would need a Network Address Translation (NAT. instance with the elastic IP address. This enables the instances in the private subnet to send requests to the internet (for example, to perform software updates..
Question : A user has configured an EC instance in the US-East-a zone. The user has enabled detailed monitoring of the instance. The user is trying to get the data from CloudWatch using a CLI. Which of the below mentioned CloudWatch endpoint URLs should the user use? 1. monitoring.us-east-1.amazonaws.com 2. monitoring.us-east-1-a.amazonaws.com 3. Access Mostly Uused Products by 50000+ Subscribers 4. cloudwatch.us-east-1a.amazonaws.com
Ans 1 Exp : The CloudWatch resources are always region specific and they will have the end point as region specific. If the user is trying to access the metric in the US-East-1 region, the endpoint URL will be: monitoring.us-east- 1.amazonaws.com
Question : A user has configured ELB with Auto Scaling. The user suspended the Auto Scaling AddToLoadBalancer (which adds instances to the load balancer. process for a while. What will happen to the instances launched during the suspension period?
1. The instances will not be registered with ELB and the user has to manually register when the process is resumed 2. The instances will be registered with ELB only once the process has resumed 3. Access Mostly Uused Products by 50000+ Subscribers 4. It is not possible to suspend only the AddToLoadBalancer process
Ans : 1 Exp : Auto Scaling performs various processes, such as Launch, Terminate, add to Load Balancer etc. The user can also suspend the individual process. The AddToLoadBalancer process type adds instances to the load balancer when the instances are launched. If this process is suspended, Auto Scaling will launch the instances but will not add them to the load balancer. When the user resumes this process, Auto Scaling will resume adding new instances launched after resumption to the load balancer. However, it will not add running instances that were launched while the process was suspended; those instances must be added manually.
Question : A sys admin has enabled a log on ELB. Which of the below mentioned activities are not captured by the log? 1. Response processing time 2. Front end processing time 3. Access Mostly Uused Products by 50000+ Subscribers 4. Request processing time Ans :2 Exp : Elastic Load Balancing access logs capture detailed information for all the requests made to the load balancer. Each request will have details, such as client IP, request path, ELB IP, time, and latencies. The time will have information, such as Request Processing time, Backend Processing time and Response Processing time.
Question : A user has moved an object to Glacier using the life cycle rules. The user requests to restore the archive after months. When the restore request is completed the user accesses that archive. Which of the below mentioned statements is not true in this condition?
1. The archive will be available as an object for the duration specified by the user during the restoration request 2. The restored object's storage class will be RRS 3. Access Mostly Uused Products by 50000+ Subscribers 4. The user needs to pay storage for both RRS (restored. and Glacier (Archive. Rates