AWS Certified Solutions Architect – Associate Questions and Answers (Dumps and Practice Questions)
Question : Which region does not support read after write for objects on S?
1. US West Oregon
2. US West
3. Access Mostly Uused Products by 50000+ Subscribers
4. US Standard
Correct Answer : Get Lastest Questions and Answer :
Explanation: You can choose the geographical Region where Amazon S3 will store the buckets you create. You might choose a Region to optimize latency, minimize
costs, or address regulatory requirements. Amazon S3 currently supports the following Regions:
US Standard Uses Amazon S3 servers in the United States : Provides eventual consistency for all requests. This region automatically routes requests to
facilities in Northern Virginia or the Pacific Northwest using network maps.
US West (Oregon) Region Uses Amazon S3 servers in Oregon : Provides read-after-write consistency for PUTS of new objects in your Amazon S3 bucket and
eventual consistency for overwrite PUTS and DELETES.
US West (Northern California) Region Uses Amazon S3 servers in Northern California : Provides read-after-write consistency for PUTS of new objects in
your
Amazon S3 bucket and eventual consistency for overwrite PUTS and DELETES.
EU (Ireland) Region Uses Amazon S3 servers in Ireland : Provides read-after-write consistency for PUTS of new objects in your Amazon S3 bucket and
eventual consistency for overwrite PUTS and DELETES.
Asia Pacific (Singapore) Region Uses Amazon S3 servers in Singapore : Provides read-after-write consistency for PUTS of new objects in your Amazon S3
bucket and eventual consistency for overwrite PUTS and DELETES.
Asia Pacific (Sydney) Region Uses Amazon S3 servers in Sydney : Provides read-after-write consistency for PUTS of new objects in your Amazon S3 bucket
and eventual consistency for overwrite PUTS and DELETES.
Asia Pacific (Tokyo) Region Uses Amazon S3 servers in Tokyo : Provides read-after-write consistency for PUTS of new objects in your Amazon S3 bucket and
eventual consistency for overwrite PUTS and DELETES.
South America (Sao Paulo) Region Uses Amazon S3 servers in Sao Paulo : Provides read-after-write consistency for PUTS of new objects in your Amazon S3
bucket and eventual consistency for overwrite PUTS and DELETES.
Objects stored in a Region never leave the Region unless you explicitly transfer them to another Region. For example, objects stored in the EU (Ireland)
Region never leave it.
Question : How does AWS maintain security of the storage devices, as when they reach end of life?
1. It keeps all the storage devices in secrete places, where nobody can reach.
2. AWS cleans all the customer date from the device and recycle those devices.
3. Access Mostly Uused Products by 50000+ Subscribers
4. AWS uses the techniques detailed in DoD 5220.22-M ("National Industrial Security Program Operating Manual ") or NIST 800-88
("Guidelines
for Media Sanitization") to destroy data as part of the decommissioning process.
Correct Answer : Get Lastest Questions and Answer :
Explanation: When a storage device has reached the end of its useful life, AWS procedures include a decommissioning process that is designed
to prevent customer data from being exposed to unauthorized individuals. AWS uses the techniques detailed in DoD 5220.22-M ("National Industrial Security Program Operating
Manual ") or NIST 800-88 ("Guidelines for Media Sanitization") to destroy data as part of the decommissioning process. All decommissioned magnetic storage
devices are degaussed and physically destroyed in accordance with industry standard practices.
Question : You have a website called QuickTechie.com which has their own datacenter in Geneva, And hosting webserver is deployed in AWS VPC.
Now you wish to make a VPN connection between DataCenter and AWS VPC so that your technical team can connect with VPC from datacenter. So what you have to do ?
1. By using dedicated NAT instance in the public/private subnet.
2. You dont have to do other than installing VPN software on both side VPC subnet and Data Center
3. Access Mostly Uused Products by 50000+ Subscribers
4. Change the security group of the all installed instances in VPC.
Correct Answer : Get Lastest Questions and Answer : Your company has decided to use an optional Amazon VPC VPN connection that links your data center (or network) to your Amazon VPC
virtual private cloud (VPC). A customer gateway is the anchor on your side of that connection. It can be a physical or software appliance. The anchor on the AWS
side of the VPN connection is called a virtual private gateway.
The address of the external interface for your customer gateway must be a static address. We recommend that you don't put your customer gateway behind a
device performing network address translation (NAT).
From time to time, AWS performs routine maintenance on the virtual private gateway. This maintenance may disable one of the two tunnels of your VPN
connection for a brief period of time. Your VPN connection automatically fails over to the second tunnel while this maintenance is performed. To ensure
uninterrupted service, it's important that you configure both tunnels.
When you create a VPN connection, the VPN tunnel comes up when traffic is generated from your side of the VPN connection. The virtual private gateway is
not the initiator; your customer gateway must initiate the tunnels.
When you create multiple VPN connections, the virtual private gateway sends network traffic to the appropriate VPN connection using statically assigned
routes or BGP route advertisements, depending upon how the VPN connection was configured. Statically assigned routes are preferred over BGP advertised
routes in cases where identical routes exist in the virtual private gateway.
When you have customer gateways at multiple geographic locations, each customer gateway should advertise a unique set of IP ranges specific to the
location.
When you establish redundant customer gateways at a single location, both gateways should advertise the same IP ranges.
The virtual private gateway receives routing information from all customer gateways and calculates the set of preferred paths using the BGP best path
selection algorithm. The rules of that algorithm, as it applies to VPC, are:
1. The most specific IP prefix is preferred (for example, 10.0.0.0/24 is preferable to 10.0.0.0/16)
2. When the prefixes are the same, statically configured VPN connections, if they exist, are preferred. For matching prefixes where each VPN connection
uses BGP, the AS_PATH is compared and the prefix with the shortest AS_PATH is preferred. Alternatively, you can prepend AS_PATH, so that the path is less
preferred.
3. Access Mostly Uused Products by 50000+ Subscribers
Exterior Gateway Protocol (EGP) origins, which are preferred to unknown origins.
4. When the origins are the same, the router IDs of the advertising routes are compared. The lowest router ID is preferred.
5. When the router IDs are the same, the BGP peer IP addresses are compared. The lowest peer IP address is preferred.
Related Questions
Question : Which of the following permissions can be implemented using IAM?
A. Installing Anti-virus on windows based EC2 instance
B. Launching new Amazon EC2 Instance
C. Query the data from Amazon MySQL RDS instance
D. Sending Cloud watch alarm to SNS queue and from there on mobile application.
1. A,B
2. B,C
3. Access Mostly Uused Products by 50000+ Subscribers
4. A,D
5. B,D
Question : You are working with a Big Finance company, who is using AWS IT infrastructure. However, there are many issues related to security and your
chief technical architect asked you implement following things. Which of the following you can have as part of IAM security policy
A. Implementing password policies
B. Enable Multi Factor Authentication
C. Enabling NACL to restrict access on private subnet
D. Creating proper security rules insecurity group
1. A,B
2. B,C
3. Access Mostly Uused Products by 50000+ Subscribers
4. A,D
5. B,D
Question : You are working under AWS chief technical architect and he suggested that you should always use IAM roles and not the Principal Credential
directly, what are the all benefits you see in this case?
A. When you use IAM Role, you are not worried about credential theft or miss use.
B. When you use IAM Role, you don’t have to regularly rotate the access keys.
C. All the AWS Access resource policies are not required to be created.
D. You can very easily integrate with Kerberos for authentication
1. A,B
2. B,C
3. Access Mostly Uused Products by 50000+ Subscribers
4. A,D
5. B,D
Question : As an AWS architect you have saved training courses videos to Amazon S buckte and some PDF files. Now you wanted to know that who has
accessed
your S3 content. How will you do that ?
1. We should have used CloudFront logs
2. We should have used Cloud Monitoring detail statistics
3. Access Mostly Uused Products by 50000+ Subscribers
4. We should enabled Server Access Logging on S3 bucket
Question : You are using IAM, for Access control. You also want to have access key rotation enabled. So how many active access keys are possible in
IAM ?
1. 1
2. 2
3. Access Mostly Uused Products by 50000+ Subscribers
4. 100
5. Unlimited
Question :
Who is responsible for modifying the routing tables and networking ACLs in a VPC to ensure that a DB instance is reachable from other instances in the
VPC?
1. The DB Instance Creator.
2. Anybody who is the owner of the AWS account.
3. Access Mostly Uused Products by 50000+ Subscribers
4. AWS administrator of your company.