AWS Certified Solutions Architect – Associate Questions and Answers (Dumps and Practice Questions)
Question : On the website www.QuickTechie.com, there seems to be some problem, because static pages of the website is being migrated
and visitor faces a problem with 404 page not found. Now you want to monitor how many times your Apache servers return a HTTP 404 response, which is the response code for page not
found. You might want to monitor this to understand how often your site visitors do not find the resource they are looking for. Assume that your log records are structured to
include the following information for each log event (site visit):
. Requestor IP Address
. RFC 1413 Identity
. Username
. Timestamp
. Request method with requested resource and protocol
. HTTP response code to request
. Bytes transferred in request
An example of this might look like the following:
127.0.0.1 - James Bond [10/Oct/2014:13:55:36 -0700] "GET /quicktechie.gif HTTP/1.0" 404 2326
How would you create the matric for this.
A. Using CloudWatch Logs
B. This matric is by default available with AWS services
C. In CloudWatch console On the Define Logs Metric Filter screen, in the Filter Pattern field, enter [IP, UserInfo, User,Timestamp, RequestInfo, StatusCode=404, Bytes]
D. By Creating create a metric filter using the AWS CLI
E. You have to write your custom solutions in Java and submit the same to CloudWatch to create matrics
1. A,B,D
2. B,C,E
3. Access Mostly Uused Products by 50000+ Subscribers
4. C,D,E
5. A,C
Correct Answer : Get Lastest Questions and Answer : To create a metric filter using the CloudWatch console
1. Open the CloudWatch console at https://console.aws.amazon.com/cloudwatch/.
2. If necessary, change the region. From the navigation bar, select the region that meets your needs.
3. Access Mostly Uused Products by 50000+ Subscribers
4. On the Define Logs Metric Filter screen, in the Filter Pattern field, enter [IP, UserInfo, User, Timestamp, RequestInfo, StatusCode=404, Bytes].
5. To test your filter pattern, in the Select Log Data to Test list, select the log group you want to test the metric filter against, and then click Test Pattern.
6. Under Results, CloudWatch Logs displays a message showing how many occurrences of the filter pattern were found in the log file. Note : To see detailed results, click Show test results.
7. Click Assign Metric, and then on the Create Metric Filter and Assign a Metric screen, in the Filter Name field, enter HTTP404Errors.
8. Under Metric Details, in the Metric Namespace field, enter YourNameSpace.
9. In the Metric Name field, enter ApacheNotFoundErrorCount, and then click Create Filter. To create a metric filter using the AWS CLI
At a command prompt, type:
% aws logs put-metric-filter \
--log-group-name MyApp/access.log \
--filter-name HTTP404Errors \
--filter-pattern '[ip, id, user, timestamp, request, status_code=404,
size]' \
--metric-transformations \
metricName=PageNotFoundCount,metricNamespace=YourNamespace,metricValue=1
Question : Which of the following you can do ?
1. give a user access to CloudWatch data for only a specific set of instances
2. give a user access to CloudWatch data for only a specific LoadBalancer
3. Access Mostly Uused Products by 50000+ Subscribers
4. All 1,2 and 3
5. None of 1,2 and 3
Ans : 5 Exp : Amazon CloudWatch integrates with AWS Identity and Access Management (IAM) so that you can specify which CloudWatch actions a user in your AWS Account can perform. For example, you could create an
IAM policy that gives only certain users in your organization permission to use GetMetricStatistics. They could then use the action to retrieve data about your cloud resources.
You can't use IAM to control access to CloudWatch data for specific resources. For example, you can't give a user access to CloudWatch data for only a specific set of instances or a specific LoadBalancer.
Permissions granted using IAM cover all the cloud resources you use with CloudWatch. In addition, you can't use IAM roles with the Amazon CloudWatch command line tools.
Important
Using Amazon CloudWatch with IAM doesn't change how you use CloudWatch. There are no changes to CloudWatch actions, and no new CloudWatch actions related to users and access
control. CloudWatch doesn't have any specific resources for you to control access to. Therefore, there are no CloudWatch ARNs for you to use in an IAM policy.You use * as the resource when writing a policy to
control access to CloudWatch actions. However, if you are using either the Amazon CloudWatch CLI or API, or if you are using the AWS SDKs with the API, to create an Amazon CloudWatch alarm using an Amazon EC2 instance metric, you can
add an action using the action's dedicated Amazon Resource Name (ARN).You can add the action to any alarm state, and you can specify the region for each action. The region must match the region to which you send the put-metric-alarm request.
Question : You have a website called www.QuickTechie.com and configured with the Auto Scalling to handle peak load. Which of the following CloudWatch
matric will be helpful to get matric about Auto Scalling instances.
1. Detailed monitoring
2. Basic Monitoring
3. Access Mostly Uused Products by 50000+ Subscribers
4. You have to select Dynamic Auto scalling
Ans : 1 Exp : Instance metrics are the metrics that an individual Amazon EC2 instance sends to CloudWatch. Instance metrics are the same
metrics available for any Amazon EC2 instance, whether or not it is in an Auto Scaling group. CloudWatch offers basic or detailed monitoring. Basic
monitoring sends aggregated data about each instance to CloudWatch every five minutes. Detailed monitoring offers more frequent aggregated data by
sending
data from each instance every minute.
Note : Selecting detailed monitoring is a prerequisite for the collection of Auto Scaling group metrics.
To enable detailed instance monitoring for a new Auto Scaling group, you don't need to take any extra
steps. One of your first steps when creating an Auto Scaling group is to create a launch configuration.
Each launch configuration contains a flag named InstanceMonitoring.Enabled. The default value
of this flag is true, so you don't need to set this flag if you want detailed monitoring.
If you have an Auto Scaling group for which you have explicitly selected basic monitoring, the switch to
detailed monitoring involves several steps, especially if you have CloudWatch alarms configured to scale
the group automatically.
Question : QuickTechie.com website is deployed right now in two Availability Zones in a same US-WEST region, and uses the Elastic Load Balancing and
Auto Scaling. There is a MySQL database as a backend database and configured with synchronous replication (very low latency connectivity)
at the database layer. It is possible that one of the Availability Zone go down, and new instances can not be launched in the remaining
Availability Zones. Now QuickTechie.com architect wants to enhance this architecture so all the time www.QuickTechie.com remain up.
1. Deploy www.QuickTechie.com in three Availability Zones, with Auto Scaling minimum set to handle 50 percent peak load per zone.
2. Deploy www.QuickTechie.com in two regions , with Auto Scaling minimums set for 50 percent peak load per Region.
3. Access Mostly Uused Products by 50000+ Subscribers
4. None of the above
Correct Answer : Get Lastest Questions and Answer :
Explanation: In the same region if you define three nodes in different AZ (with 50% peak load), as soon as any of the node reaches 50%
load, new instance will be started in another AZ. When you use Auto Scaling to scale on demand, you must define how you want to scale in
response to changing conditions. For example, you have a web
application that currently runs on two instances. You want to launch two additional instances when the load on the running instances reaches 70 percent,
and
then you want to terminate the additional instances when the load goes down to 40 percent. You can configure your Auto Scaling group to scale up and then
scale down automatically based on specifying these conditions.
An Auto Scaling group uses a combination of policies and alarms to determine when the specified conditions for launching and terminating instances are
met.
An alarm is an object that watches over a single metric (for example, the average CPU utilization of your EC2 instances in an Auto Scaling group) over a
time period that you specify. When the value of the metric breaches the thresholds that you define, over a number of time periods that you specify, the
alarm performs one or more actions. An action can be sending messages to Auto Scaling. A policy is a set of instructions for Auto Scaling that tells the
service how to respond to alarm messages.
Along with creating a launch configuration and Auto Scaling group, you need to create the alarms and the scaling policies and associate them with your
Auto
Scaling group. When the alarm sends the message, Auto Scaling executes the associated policy on your Auto Scaling group to scale the group in (terminate
instances) or scale the group out (launch instances).
Auto Scaling integrates with CloudWatch for identifying metrics and defining alarms.
Question : Your website needs to be configured with Auto Scalling so that during peak load it can launch new instances to serve more visitors.
Select the correct statement regarding auto scalling.
1. You can set up your load balancer to distribute incoming requests across EC2 instances in a single Availability Zone or multiple
Availability Zones within same region only.
2. You can set up your load balancer to distribute incoming requests across EC2 instances in a single Availability Zone or multiple
Availability Zones within same or deifferent region.
3. Access Mostly Uused Products by 50000+ Subscribers
Balancing routes traffic to your registered and healthy instances in those other Availability Zones.
4. 2 and 3 are correct
5. None of the above
Ans : 1 Exp : When one Availability Zone becomes unhealthy or unavailable, Auto Scaling launches new instances in an unaffected Availability Zone. When
the
unhealthy Availability Zone returns to a healthy state, Auto Scaling automatically redistributes the application instances evenly across all of the
Availability Zones for your Auto Scaling group. Auto Scaling does this by attempting to launch new instances in the Availability Zone with the fewest
instances. If the attempt fails, however, Auto Scaling attempts to launch in other Availability Zones until it succeeds.
An Auto Scaling group can contain EC2 instances that come from one or more Availability Zones within the same region. However, an Auto Scaling group
cannot
span multiple regions.
You can set up your load balancer to distribute incoming requests across EC2 instances in a single Availability Zone or multiple Availability Zones
within a
region. The load balancer does not distribute traffic across regions. For critical applications, we recommend that you distribute incoming traffic across
multiple Availability Zones by registering your Auto Scaling group in multiple Availability Zones and then enabling your load balancer in each of those
Availability Zones. Incoming traffic is load balanced equally across all the Availability Zones enabled for your load balancer.
If your load balancer detects unhealthy EC2 instances in an enabled Availability Zone, it stops routing traffic to those instances. Instead, it spreads
the
load across the remaining healthy instances. If all instances in an Availability Zone are unhealthy, but you have instances in other Availability Zones,
Elastic Load Balancing routes traffic to your registered and healthy instances in those other Availability Zones. It resumes load balancing to the
original
instances when they have been restored to a healthy state and are registered with your load balancer.
You can expand the availability of your scaled and load-balanced application by adding a new Availability Zone to your Auto Scaling group and then
enabling
that Availability Zone for your load balancer. After you've enabled the new Availability Zone, the load balancer begins to route traffic equally among
all
the enabled Availability Zones.
Question : QuickTechie.com helps brands convert their e-mail lists into social profiles. The company uses numerous solutions from Amazon Web Services
(AWS), including Amazon Elastic MapReduce with and EC2 instances, Howerver, they are concerned about their costs as well as enabling them to quickly scale their capacity for
agency and corporate clients to millions of contact lookups per day and decrease their data processing costs. So which of the below instances are good in above scenerio.
1. On-Demand Instances
2. Reserved Instances
3. Access Mostly Uused Products by 50000+ Subscribers
4. Any of the above is fine
Ans : 3 Exp : Using Spot Instances can generate savings that you can keep, invest elswhere, or pass on to your customers. Because Spot prices are
typically
far below (recently 86% lower, on average) On Demand prices, you can lower the cost of your interruption-tolerant tasks and, potentially, accelerate
those
applications when there are many Spot Instances available.
There are four general categories of time-flexible and interruption-tolerant tasks that work well with Spot Instances:
Optional tasks. These tasks are nice-to-have but not strictly required. When Spot prices are low, you can run your optional tasks, and when they rise too
high you can stop them.
Delayable tasks. These tasks have deadlines that allow you to be flexible about when you run your computations (e.g., weekly batch jobs or media
transcoding).
Acceleratable tasks. These tasks can be sped up by adding additional computing power. You can run Spot Instances to accelerate your computing when the
Spot
price is low while maintaining a baseline layer of On-Demand or Reserved Instances (e.g., using Spot task nodes and On-Demand master and core nodes in an
Elastic MapReduce job).
Large scale tasks. These tasks may require computing scale that you can't access any other way. With Spot, you can cost-effectively run thousands or more
instances in AWS regions around the world.
Spot Instances are spare Amazon EC2 instances for which you can name your own price. The Spot Price is set by Amazon EC2, which fluctuates in real-time
according to Spot Instances supply and demand. When your bid exceed the Spot Price, your Spot instance is launched and your instance will run until the
Spot
Price exceed your bid (a Spot interruption) or you choose to terminate them.
To use Spot Instances, you place a Spot Instance request that specifies the instance type, the Availability Zone desired, the number of Spot Instances
desired, and the maximum price you are willing to pay per instance hour (your bid).
To determine how that maximum price compares to past Spot Prices, the Spot Price history for the past 90 days is available via the Amazon EC2 API and the
AWS Management Console.
Question : www.QuickTechie.com website is hosted on multiple EC instances which are configured with Auto Scalling and ELB. These instances are in
different availability zone with security group not to support more different traffic you change the security group rules to allow inbound traffic, and also added new instances in
the same security group. When this new rule will be effective.
1. On new instances it will be applicable immediately, and with old instances it works with eventual consitency
2. On new instances it will be applicable immediately, and with old instances you have to re-start.
3. Access Mostly Uused Products by 50000+ Subscribers
4. None of the above.
Ans : 3 Exp : A security group acts as a virtual firewall that controls the traffic for one or more instances. When you launch an instance, you
associate
one or more security groups with the instance. You add rules to each security group that allow traffic to or from its associated instances. You can
modify
the rules for a security group at any time; the new rules are automatically applied to all instances that are associated with the security group. When we
decide whether to allow traffic to reach an instance, we evaluate all the rules from all the security groups that are associated with the instance.
Security Groups for EC2-Classic
If you're using EC2-Classic, you must use security groups created specifically for EC2-Classic. When you launch an instance in EC2-Classic, you must
specify
a security group in the same region as the instance. You can't specify a security group that you created for a VPC when you launch an instance in
EC2-Classic.
After you launch an instance in EC2-Classic, you can't change its security groups. However, you can add rules to or remove rules from a security group,
and
those changes are automatically applied to all instances that are associated with the security group.
Note
In EC2-Classic, you can associate an instance with up to 500 security groups and add up to 100 rules to a security group.
Security Groups for EC2-VPC
If you're using EC2-VPC, you must use security groups created specifically for your VPC. When you launch an instance in a VPC, you must specify a
security
group for that VPC. You can't specify a security group that you created for EC2-Classic when you launch an instance in a VPC.
After you launch an instance in a VPC, you can change its security groups. You can also change the rules of a security group, and those changes are
automatically applied to all instances that are associated with the security group.
Note
In EC2-VPC, you can associate a network interface with up to 5 security groups and add up to 50 rules to a security group.
When you specify a security group for a nondefault VPC to the CLI or the API actions, you must use the security group ID and not the security group name
to
identify the security group.
Question : The Amazon VPC is not connected to any of your infrastructure on premises or elsewhere. You might or might not have additional
infrastructure residing on premises, or elsewhere. If you need to accept connections from Internet users, select the correct otion which help in this case.
1. by allocating elastic IP addresses (EIPs) to only those Amazon VPC instances that need connection from internet users.
2. by allocating static IP addresses to only those Amazon VPC instances that need connection from internet users.
3. Access Mostly Uused Products by 50000+ Subscribers
4. None of the above
Ans : 1 Exp : The Amazon VPC is not connected to any of your infrastructure on premises or elsewhere. You might or might not have additional
infrastructure
residing on premises, or elsewhere. If you need to accept connections from Internet users, you can provide inbound access by allocating elastic IP
addresses (EIPs) to only those Amazon VPC instances that need them. You can further limit inbound connections by using security groups or NACLs for only
specific ports and source IP address ranges. If you can balance the load of traffic inbound from the Internet, you don't need EIPs. You can place
instances
behind Elastic Load Balancing. For outbound (to the Internet) access, for example to fetch software updates or to access data on AWS public services,
such
as Amazon S3, you can use a NAT instance to provide masquerading for outgoing connections. No EIPs are required.
Question : Which of the following help you to build network segments
1. Using Amazon VPC
2. Using security groups
3. Access Mostly Uused Products by 50000+ Subscribers
4. All of the above
Ans : 4
Exp : On AWS, you can build network segments using the following access control methods:
- Using Amazon VPC to define an isolated network for each workload or organizational entity.
- Using security groups to manage access to instances that have similar functions and security requirements;
security groups are stateful firewalls that enable firewall rules in both directions for every allowed and
established TCP session or UDP communications channel.
- Using Network Access Control Lists (NACLs) that allow stateless management of IP traffic. NACLs are agnostic of
TCP and UDP sessions, but they allow granular control over IP protocols (for example GRE, IPSec ESP, ICMP), as
well as control on a per-source/destination IP address and port for TCP and UDP. NACLs work in conjunction
with security groups, and can allow or deny traffic even before it reaches the security group.
Question : Which of the below works like stateful firewalls
1. security groups
2. Network ACLs
3. Access Mostly Uused Products by 50000+ Subscribers
4. All of the above
Ans : 1 Exp : Always use security groups: They provide stateful firewalls for Amazon EC2 instances at the hypervisor level. You
can apply multiple security groups to a single instance, and to a single ENI.
- Augment security groups with Network ACLs: They are stateless but they provide fast and efficient controls.
Network ACLs are not instance-specific so they can provide another layer of control in addition to security
groups. You can apply separation of duties to ACLs management and security group management.
- Use IPSec or AWS Direct Connect for trusted connections to other sites. Use Virtual Gateway (VGW) where
Amazon VPC-based resources require remote network connectivity.
- Protect data in transit to ensure the confidentiality and integrity of data, as well as the identities of the
communicating parties.
- For large-scale deployments, design network security in layers. Instead of creating a single layer of network
security protection, apply network security at external, DMZ, and internal layers.
Question : You are having a security group called "webtier" that has rules to open port and . You could then run webservers that are all
part of the "webtier"
security group. If you later decide that you just want to support HTTPS traffic from the web server, you can simply close port 80 in the "webtier"
security group. Select the correct statement..
1. All 10 instances will immediately respect this change and start blocking traffic from surfacing on port 80.
2. All 10 instances will start implementing this rule and will be blocked for input and output traffic until all implemented this security.
3. Access Mostly Uused Products by 50000+ Subscribers
4. None of the above.
Ans : 1 Exp : Security groups are one of the most critical tools we have to isolate our infrastructure on Amazon EC2. All EC2 instances
are required to belong to one or more security groups. Security groups enable the AWS administrator to set policy for
controlling open ports, and to set policy for providing isolation between application tiers. In Amazon VPC, every instance
runs over a stateful firewall that runs on the host with all ports closed by default. The security group is responsible for
opening up ingress and egress ports on that firewall. For example, you could have a security group called "webtier" that
has rules to open port 80 and 443. You could then run 10 webservers that are all part of the "webtier" security group. If
you later decide that you just want to support HTTPS traffic from the web server, you can simply close port 80 in the
"webtier" security group. All 10 instances will immediately respect this change and start blocking traffic from surfacing
on port 80.
Security groups provide much more than firewall policy, though. You can use them to lock one tier of your application to
another for much better control over the isolation of the system. For example, suppose you create a security group to
run your SQL Servers in. In that security group, you can specify that you will allow traffic on port 1433, but only from
members of the security group containing your SharePoint servers. This provides an additional layer of protection in
addition to using VPC subnets and network routes to provide network isolation. It allows for more granular control,
which allows you to further reduce the attack surface. Later in this paper, we highlight some specific usage scenarios for
security groups when we discuss how to use them to protect your application.
Question : Select which does not apply to Security Group
1. Operates at the instance level (first layer of defense)
2. Supports allow rules and deny rules
3. Access Mostly Uused Products by 50000+ Subscribers
4. Applies to an instance only if someone specifies the security group when launching the instance, or associates the security group with
the
instance later on
Correct Answer : Get Lastest Questions and Answer :
Security Group : Operates at the instance level (first layer of defense)
Supports allow rules only
Is stateful: Return traffic is automatically allowed, regardless of any rules
We evaluate all rules before deciding whether to allow traffic
Applies to an instance only if someone specifies the security group when launching the instance, or associates the security group with the instance
later on
Network ACL
Operates at the subnet level (second layer of defense)
Supports allow rules and deny rules
Is stateless: Return traffic must be explicitly allowed by rules
We process rules in number order when deciding whether to allow traffic
Automatically applies to all instances in the subnets it's associated with (backup layer of defense, so you don't have to rely on someone specifying the
security group)
A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. When
you launch an instance in a VPC, you can assign the instance to up to five security groups. Security
groups act at the instance level, not the subnet level. Therefore, each instance in a subnet in your VPC
could be assigned to a different set of security groups. If you don't specify a particular group at launch
time, the instance is automatically assigned to the default security group for the VPC.
For each security group, you add rules that control the inbound traffic to instances, and a separate set
of rules that control the outbound traffic.This section describes the basics things you need to know about
security groups for your VPC and their rules.
You might set up network ACLs with rules similar to your security groups in order to add an additional
layer of security to your VPC.
Related Questions
Question : A customer is hosting their company website on a cluster of web servers that are behind a
public-facing load balancer. The customer also uses Amazon Route 53 to manage their
public DNS. How should the customer configure the DNS zone apex record to point to the
load balancer?
1. Create an A record pointing to the IP address of the load balancer
2. Create a CNAME record pointing to the load balancer DNS name.
3. Access Mostly Uused Products by 50000+ Subscribers
4. Create an A record aliased to the load balancer DNS name
Ans : 3
Exp : Associating Your Custom Domain Name with Your Load Balancer Name
First, if you haven't already done so, register your domain name. The Internet Corporation for Assigned Names and Numbers (ICANN) manages domain names on
the Internet. You register a domain name using a domain name registrar, an ICANN-accredited organization that manages the registry of domain names. The
website for your registrar will provide detailed instructions and pricing information for registering your domain name. For more information, see the
following resources:
To use Amazon Route 53 to register a domain name, see Registering Domain Names Using Amazon Route 53 in the Amazon Route 53 Developer Guide.
For a list of accredited registrars, see the Accredited Registrar Directory.
If you have a domain name but are using another DNS service, such as your domain registrar, consider the option to use Amazon Route 53 as your DNS
service.
When you use Amazon Route 53 as your DNS service, you can create an alias resource record set, which has the following advantages over other DNS services
for routing DNS queries to your load balancer:
Amazon Route 53 doesn't charge for DNS queries for alias resource record sets.
You can use alias record sets to route DNS queries to your load balancer for the zone apex of your domain (for example, example.com). If you're
using a
different DNS service, you need to create a CNAME resource record set to route queries to your load balancer, but DNS doesn't allow you to create a
CNAME resource record set for the zone apex. (Note that some DNS services provide a workaround.)
Question : What is the minimum time Interval for the data that Amazon CloudWatch receives and aggregates?
1. One second
2. Five seconds
3. Access Mostly Uused Products by 50000+ Subscribers
4. Three minutes
5. Five minutes
Ans : 1 Exp : What is the minimum time interval granularity for the data that Amazon CloudWatch receives and aggregates?
Many metrics are received and aggregated at 1-minute intervals. Some are at 3-minute or 5-minute intervals.
Question : Which of the following statements are true about Amazon Route resource records?
Choose 2 answers
A. An Alias record can map one DNS name to another Amazon Route 53 DNS name.
B. A CNAME record can be created for your zone apex.
C. An Amazon Route 53 CNAME record can point to any DNS record hosted anywhere.
D. TTL can be set for an Alias record in Amazon Route 53.
E. An Amazon Route 53 Alias record can point to any DNS record hosted anywhere.
1. A,B
2. A,C
3. Access Mostly Uused Products by 50000+ Subscribers
4. B,D
Ans : 2 Exp :
Question : Which storage engines are supported for use with Read Replicas?
1. S3
2. EBS
3. Access Mostly Uused Products by 50000+ Subscribers
4. MyISAM
Question : You need to pass a custom script to new Amazon Linux instances created in your Auto
Scaling group. Which feature allows you to accomplish this?
1. User data
2. EC2Config service
3. Access Mostly Uused Products by 50000+ Subscribers
4. AWS Config
Question : When a user is uploading the SSL certificate for ELB, which of the below mentioned criteria IAM validates hence certificate comply?
1. Certificates must follow the X.509 PEM format.
2. Public and private certificate files can have more than one certificate
3. Access Mostly Uused Products by 50000+ Subscribers
4. 2 and 3 both are correct
5. 1 and 3 are correct
Question : After the server certificate is uploaded, you can verify that the information is stored in IAM. Each certificate object has a unique _________
1. Amazon Resource Name (ARN)
2. ID
3. Access Mostly Uused Products by 50000+ Subscribers
4. Amazon Resource Name (ARN) and Password
5. Amazon Resource Name (ARN) and encrypted Password
Question : Which of the following services natively encrypts data at rest within an AWS region?
Choose 2 answers
A. AWS Storage Gateway
B. Amazon DynamoDB
C. Amazon CloudFront
D. Amazon Glacier
E. Amazon Simple Queue Service
1. A,B
2. A,D
3. Access Mostly Uused Products by 50000+ Subscribers
4. B,D
Ans : 2
Exp : The AWS Storage Gateway is a service connecting an on-premises software appliance with cloud-based storage to provide seamless and secure
integration
between an organization"s on-premises IT environment and AWS"s storage infrastructure. The service enables you to securely store data to the AWS cloud
for
scalable and cost-effective storage. The AWS Storage Gateway supports industry-standard storage protocols that work with your existing applications. It
provides low-latency performance by maintaining frequently accessed data on-premises while encrypting and storing all of your data in Amazon Simple
Storage
Service (Amazon S3) or Amazon Glacier.
Q. Does the AWS Storage Gateway encrypt my data?
The AWS Storage Gateway encrypts all data in-transit to and from AWS via SSL. All volume and snapshot data stored in AWS using Gateway-Stored
Volumes/Gateway-Cached Volumes and all virtual tape data stored in AWS using Gateway-VTL is encrypted-at-rest using Advanced Encryption Standard (AES)
256,
a secure symmetric-key encryption standard using 256-bit encryption keys.
: Is my data encrypted?
Yes, all data in the service will be encrypted on the server side. Amazon Glacier handles key management and key protection for you. Amazon Glacier uses
one
of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256). 256-bit is the largest key size defined for AES. Customers
wishing
to manage their own keys can encrypt data prior to uploading it.
It is suggested please do not memorize the answers. Understand each questions and
concepts in detail before appearing in real exam.
If you have any updates or questions with respect to real exam please share with hadoopexam@gmail.com
So other learner can get benefit out of this.
Whishing you all the best
www.HadoopExam.com and www.QuickTechie.com
Please do not forget to create your profile on our technical professionals website www.QuickTechie.com
1. You will get new Articles on modern technologies like Cloud, BigData, Virtualization, Data Science, Hadoop , NoSQL etc.
2. You wil get new Jobs alerts
3. You will get updates on global software companies reviews
4. Free Tutorials
. Interview Questions
Question : A customer implemented AWS Storage Gateway with a gateway-cached volume at their
main office. An event takes the link between the main and branch office offline. Which
methods will enable the branch office to access their data? Choose 3 answers
A. Use a HTTPS GET to the Amazon S3 bucket where the files are located.
B. Restore by implementing a lifecycle policy on the Amazon S3 bucket.
C. Make an Amazon Glacier Restore API call to load the files into another Amazon S3 bucket within four to six hours.
D. Launch a new AWS Storage Gateway instance AMI in Amazon EC2, and restore from a gateway snapshot.
E. Create an Amazon EBS volume from a gateway snapshot, and mount it to an Amazon EC2 instance.
F. Launch an AWS Storage Gateway virtual iSCSI device at the branch office, and restore from a gateway snapshot.
1. A,D,F
2. A,B,D
3. Access Mostly Uused Products by 50000+ Subscribers
4. C,D,E
5. B,C,E
Ans : 1
Exp :
Question : Select the which correcly applies to changing the DB Subnet Group of your DB Instance
1. An existing DB Subnet Group can be updated to add more subnets, for existing Availability Zones
2. An existing DB Subnet Group can not be updated to add more subnets, for new Availability Zones
3. Access Mostly Uused Products by 50000+ Subscribers
running in a particular AZ that gets removed from the subnet group
4. Updating an existing DB Subnet Group does not change the current subnet of the deployed DB instance
5. Explicitly changing the DB Subnet Group of a deployed DB instance is not currently allowed
1. 1,2,3,4
2. 1,2,3
3. Access Mostly Uused Products by 50000+ Subscribers
4. 1,4,5
5. All 1,2,3,4,5
Question : If want to use an SSL protocol but do not want to terminate the connection on your load balancer,
you can use a ______________ protocol for connection from the client to your load balancer
1. HTTP
2. TSL
3. Access Mostly Uused Products by 50000+ Subscribers
4. TCP
5. SSL