Premium

AWS Certified Solutions Architect – Associate Questions and Answers (Dumps and Practice Questions)



Question : You have reserved instances to run www.QuickTechie.com website, but you see that all instances launched in one AZ's are not performing
well and you decided to change the AZ of the instances, please select the correct statement in this case.


: You have reserved instances to run www.QuickTechie.com website, but you see that all instances launched in one AZ's are not performing
1. If you change the Availability Zone of an RI, its capacity reservation will still apply to the original Availability Zone
2. If you modify the Network Platform of a RI, its capacity reservation no longer applies to the original Network Platform and starts
applying to usage with the new Network Platform
 3. Access Mostly Uused Products by 50000+ Subscribers
4. None of the 1,2 and 3
5. Both 1 and 2
Ans : 2
Exp : Reserved Instances provide you with a capacity reservation, so you can have confidence that you will be able to launch the instances you have
reserved
when you need them. There are three RI payment options (No Upfront, Partial Upfront, All Upfront) that enable you to balance the amount you pay upfront
with
your effective hourly price.

Yes. You can request to modify active RIs that you own in one of the following ways:

Move RIs between Availability Zones within the same region
Change the Network Platform of your RIs between "EC2-VPC" and "EC2-Classic" (for EC2 Classic-enabled customers)
Change the instance type of your Linux/UNIX RIs to a larger or smaller size in the same family (e.g., convert 8 m1.smalls into 4 m1.mediums, or vice
versa)

You can submit an RI modification request from the AWS Management Console or the ModifyReservedInstances API. We process your requests as soon as
possible,
depending on available capacity. There is no additional cost for modifying your RI.
If you change the Availability Zone of an RI, its capacity reservation and pricing benefits no longer apply to the original Availability Zone and start
applying to usage in the new Availability Zone. If you modify the Network Platform of a RI, its capacity reservation no longer applies to the original
Network Platform and starts applying to usage with the new Network Platform. Pricing benefits continue to apply to both EC2-Classic and EC2-VPC instance
usage matching the rest of the RI parameters.



Question : Your company in process of migrating from in-house to AWS and it is in the middle of that process. Some of the services already migrated on AWS, and users in that
want to have access those services, hence you are using the VPN connection. Which of the following statement is correct?
A. VPG is a AWS side of VPN connection
B. CGW is a customer side VPN connection
C. IGW is a Server side VPN connection
D. Cygwin is a customer side VPN connection

: You have reserved instances to run www.QuickTechie.com website, but you see that all instances launched in one AZ's are not performing
1. A,B
2. B,C
 3. Access Mostly Uused Products by 50000+ Subscribers
4. A,D
5. B,D

Correct Answer : Get Lastest Questions and Answer :
Explanation: When you create VPN connection between AWS and in-house services than following components can be
VPG: AWS side of VPN connection
CGW: is a customer side of VPN connection





Question : You are working with a HealthCare IT company, which helps hospitals to create their infrastructure in AWS. You will be creating VPC for each individual hospital,
after creating 5 VPC it is failed to create a new VPC, why?


: You are working with a HealthCare IT company, which helps hospitals to create their infrastructure in AWS. You will be creating VPC for each individual hospital,
1. On each AWS account you can create at MAX 5 VPC only.

2. On each AWS account, you can create at MAX 5 VPC in a region only.

 3. Access Mostly Uused Products by 50000+ Subscribers

4. For having more than 5 VPC, you have to make upfront payment for new VPC.


Correct Answer : Get Lastest Questions and Answer :
Explanation: By default, each AWS account can have at max 5 VPC per region.




Question : You have deployed a real estate property listing website in AWS on an EC instance. It is working fine and getting popular day by day. Suddenly one day you see
suddenly traffic increases and when you risk team investigated that this IP is coming from some other country which no relation with the property listed on INDIA. It seems
they are trying to access and find which ports are open on EC2 server. Which of the following will help you to prevent this guy to EC2?


: You have deployed a real estate property listing website in AWS on an EC instance. It is working fine and getting popular day by day. Suddenly one day you see
1. You will define strict rule in security group which will deny the traffic.

2. You will be defining rule in NACL, which will deny specific traffic

3. Access Mostly Uused Products by 50000+ Subscribers

4. You will put ELB in front of your EC instance


Correct Answer : Get Lastest Questions and Answer :
Explanation: : You can define NACL, which will be applied on the subnet level and you can define deny rule as well.


Related Questions

Question :
Each EC2 instance has a default network interface that is assigned a primary private IP address on your Amazon VPC network.
What is the name given to the additional network interfaces that can be created and attached to any Amazon EC2 instance in your VPC?
 :
1. Elastic IP
2. Elastic Network Interface (ENI)
3. Access Mostly Uused Products by 50000+ Subscribers
4. AWS Network ACL

Ans : 2
Exp : An elastic network interface (ENI) is a virtual network interface that you can attach to an instance in a VPC. An ENI can include the following
attributes:

a primary private IP address

one or more secondary private IP addresses

one Elastic IP address per private IP address

one public IP address, which can be auto-assigned to the network interface for eth0 when you launch an instance, but only when you create a network interface
for eth0 instead of using an existing network interface

one or more security groups

a MAC address

a source/destination check flag

a description

You can create a network interface, attach it to an instance, detach it from an instance, and attach it to another instance.
The attributes of a network interface follow the network interface as it is attached or detached from an instance and reattached to another instance.
When you move a network interface from one instance to another, network traffic is redirected to the new instance.
Each instance in a VPC has a default network interface. The default network interface has a primary private IP address in the
IP address range of its VPC. You can create and attach additional network interfaces. The maximum number of
network interfaces that you can use varies by instance type.



Question : You are working with the IT setup for hotel industry there are four hotel chains which are working together. They all have their EC instances deployed in the same
region and each had created VPC for themselves. Now, they all want to directly communicate with each other. Hence, you have been suggested to use VPC peering. How would you
implement the solution?


:
1. You will be creating 4 public IP in each VPC and create 4 VPC peering connection , so that they can communicate with each other

2. You will be creating 4 public EIP in each VPC and create 4 VPC peering connection , so that they can communicate with each other

 3. Access Mostly Uused Products by 50000+ Subscribers

4. You will create 6 VPC peering connection , so that they can communicate with each other



Question :
What does the following policy for Amazon EC2 do?

{
"Statement":[{
"Effect":"Allow",
"Action":"ec2:Describe*",
"Resource":"*"
}
]
}

 :
1. All all actions on ec2 instance
2. Allow users to use actions that start with "Describe" over all the EC2 resources.
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Allow a group to be able to Describe with run, stop, start, and terminate instances
Ans : 2
Exp : In an IAM policy statement, you can specify any API action from any service that supports IAM.
For Amazon EC2, use the following prefix with the name of the API action: ec2:. For example: ec2:RunInstances and ec2:CreateImage.
To specify multiple actions in a single statement, separate them with commas as follows:
"Action": ["ec2:action1", "ec2:action2"]You can also specify multiple actions using wildcards.
For example, you can specify all actions whose name begins with the word "Describe" as follows:
"Action": "ec2:Describe*"To specify all Amazon EC2 API actions, use the * wildcard as follows:
"Action": "ec2:*"




Question : You have created a website and deployed on webserver hosted on EC instance. You have also assigned EIP to that webserver. Now, you have domain name also assigned, how
will you resolve domain name outside the AWS


:
1. You don’t have to do anything, its AWS responsibility to have domain name resolved to EIP

2. You will be create security rule as well as NACL to resolve the DNS name to IP

 3. Access Mostly Uused Products by 50000+ Subscribers

4. You need to create a route , in a route table



Question : If you launch an instance into a VPC that has an instance tenancy of ______,
your instance is automatically a Dedicated Instance, regardless of the tenancy of the instance.


 : If you launch an instance into a VPC that has an instance tenancy of ______,
1. Secured
2. Dedicated
3. Access Mostly Uused Products by 50000+ Subscribers
4. None of these
Ans : 2
Exp : at the host hardware level from your instances that aren't Dedicated Instances and from instances that belong to other AWS accounts.
This topic discusses the basics of Dedicated Instances and shows you how to implement them.
Important
The VPC console has been redesigned, and you can switch between the old and new interfaces by clicking the link in the preview
message at the top of each console page. You can use the old interface during the trial period; however, this topic may refer to features of the new
interface only.

VPC has a tenancy attribute of its own whose value determine the tenancy type of the instances launched into it.
Therefore, an instance launched into a VPC whose tenancy attribute is set to Dedicated will be a Dedicated Instance
even if the tenancy value marked at launch was default.



Question : In DynamoDB you can issue a Scan request. By default, the Scan operation processes data sequentially.
DynamoDB returns data to the application in ______ increments , and an application performs additional Scan operations to retrieve the next ___________ of
data.
: If you launch an instance into a VPC that has an instance tenancy of ______,
1. 0,1 MB
2. 10 MB
 3. Access Mostly Uused Products by 50000+ Subscribers
4. 5 MB


Question : Which service allows you to send a physical data device to Amazon in order to transfer data into an Amazon service?

 : Which service allows you to send a physical data device to Amazon in order to transfer data into an Amazon service?
1. Amazon S3
2. Amazon Direct Connect
 3. Access Mostly Uused Products by 50000+ Subscribers
4. None of the above
Ans :3
Exp : AWS Import Export accelerates moving large amounts of data into and out of AWS using portable storage devices for transport. AWS transfers your data
directly onto and off of storage devices using Amazons high-speed internal network and bypassing the Internet. For significant data sets, AWS Import Export
is often faster than Internet transfer and more cost effective than upgrading your connectivity.



Question :
In AWS, It requires _________when you need to specify a resource unambiguously across all of AWS,
such as in IAM policies, Amazon Relational Database Service (Amazon RDS) tags, and API calls.


: Which service allows you to send a physical data device to Amazon in order to transfer data into an Amazon service?
1. An IAM User Id
2. An account ID
 3. Access Mostly Uused Products by 50000+ Subscribers
4. an ARN (Amazon Resource Names)
Ans:4
Exp : Amazon Resource Names (ARNs) uniquely identify AWS resources. We require an ARN when you need to specify a resource
unambiguously across all of AWS, such as in IAM policies, Amazon Relational Database Service (Amazon RDS) tags, and API calls.



Question :
_________ is a task coordination and state management service for cloud applications.

: Which service allows you to send a physical data device to Amazon in order to transfer data into an Amazon service?
1. Amazon SWF
2. Amazon SNS
3. Access Mostly Uused Products by 50000+ Subscribers
4. Amazon SES
Ans : 1
Exp : Amazon Simple Workflow (Amazon SWF) is a task coordination and state management service for cloud applications.
With Amazon SWF, you can stop writing complex glue code and state machinery and invest more in the business logic that makes your applications unique.

Our APIs, ease of use libraries, and control engine give developers the tools to coordinate, audit, and scale applications
across multiple machines in the AWS Cloud and other data centers. Whether automating business processes for finance applications,
building big data systems, or managing cloud infrastructure services, Amazon SWF helps you develop applications with processing
steps that are resilient to failure steps that can be scaled independent of each other and be audited even when they touch many different systems.

Using Amazon SWF, you structure the various processing steps in an application that runs across one or more machines
as a set of tasks. Amazon SWF manages dependencies between the tasks, schedules the tasks for execution, and runs any
logic that needs to be executed in parallel. The service also stores the tasks, reliably dispatches them to application components,
tracks their progress, and keeps their latest state.

As your business requirements change, Amazon SWF makes it easy to change application logic without having to worry about the
underlying state machinery, task dispatch, and flow control, and like other AWS Services, you only pay for what you use.



Question : Which of the below mentioned IP address mechanisms is supported by ELB?
: Which service allows you to send a physical data device to Amazon in order to transfer data into an Amazon service?
1. Both IPV4 and IPV6
2. IPV4 only
 3. Access Mostly Uused Products by 50000+ Subscribers
4. None

Ans : 1
Exp : When you use Elastic Load Balancing to manage traffic to your application, you get the following benefits:

Distribution of requests to Amazon EC2 instances (servers) in multiple Availability Zones so that the risk of overloading one single instance is minimized.
And if an entire Availability Zone goes offline, Elastic Load Balancing routes traffic to instances in other Availability Zones.

Continuous monitoring of the health of Amazon EC2 instances registered with the load balancer so that requests are sent only to the healthy instances. If an
instance becomes unhealthy, Elastic Load Balancing stops sending traffic to that instance and spreads the load across the remaining healthy instances.

Support for end to end traffic encryption on those networks that use secure (HTTPS or SSL) connections.

The ability to take over the encryption and decryption work from the Amazon EC2 instances, and manage it centrally on the load balancer.

Support for the sticky session feature, which is the ability to "stick" user sessions to specific Amazon EC2 instances.

Association of the load balancer with your domain name. Because the load balancer is the only computer that is exposed to the Internet, you dont have to
create and manage public domain names for the instances that the load balancer manages. You can point the instances domain records at the load balancer
instead and scale as needed (either adding or removing capacity) without having to update the records with each scaling activity.

When used in an Amazon Virtual Private Cloud (Amazon VPC), support for creation and management of security groups associated with your load balancer to
provide additional networking and security options.

Supports use of both the Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6).




Question : A ______ is a physical device or software application on your side of the VPN connection.

: Which service allows you to send a physical data device to Amazon in order to transfer data into an Amazon service?
1. Customer gateway
2. Gateway level
3. Access Mostly Uused Products by 50000+ Subscribers
4. Virtual private gateway

Ans : 1
Exp : Components of Your VPN
A VPN connection consists of the following components.

Virtual Private Gateway
A virtual private gateway is the VPN concentrator on the Amazon side of the VPN connection.

Customer Gateway
A customer gateway is a physical device or software application on your side of the VPN connection.






Question : In context of IAM, select the correct statement:


: Which service allows you to send a physical data device to Amazon in order to transfer data into an Amazon service?
1. MFA-protected API access cannot be applied to root accounts accessing their own resources if the resources are in the same group.
2. MFA-protected API access can be applied to root accounts accessing their own resources.
 3. Access Mostly Uused Products by 50000+ Subscribers
4. None of these.
Ans : 3
Exp : Important Points About MFA-Protected API Access
Its important to understand the following aspects of MFA protection for APIs:

MFA protection is available only by using temporary security credentials, which in turn must be obtained using AssumeRole or GetSessionToken.

You cannot use MFA protected API access with root account credentials.

Federated users cannot be assigned an MFA device for use with AWS services, so they cannot access AWS resources controlled by MFA.

Other AWS STS APIs that return temporary credentials do not support MFA authentication. For AssumeRoleWithWebIdentity and AssumeRoleWithSAML, the user is
authenticated using an external provider and AWS cannot determine whether that provider required MFA. For GetFederationToken, MFA authentication is not
necessarily associated with a specific user.

Similarly, long term credentials (IAM user access keys and root account access keys) do not support MFA authentication because these dont expire.

AssumeRole and GetSessionToken can also be called without MFA authentication information. In that case, the caller gets back temporary security credentials,
but the session information for those temporary credentials does not indicate that the user authenticated using MFA.

You establish MFA protection for APIs by adding MFA conditions to policies. If a policy doesnt include the condition for MFAs, the policy does not enforce
MFA authentication. For cross account delegation, if the roles trust policy doesnt include an MFA condition, there is no MFA protection for the API calls
made using the roles temporary security credentials.

When you allow users from another AWS account to access resources in your account, even when you require multi factor authentication, the security of your
resources depends on the configuration of the other (or trusted) account. Any identity within the trusted account that has permission to create virtual MFA
devices can construct an MFA claim to satisfy that part of your roles trust policy. Before you make another accounts access to your AWS resources
conditional upon multi factor authentication, ensure that the trusted accounts owner follows best practices and restricts access to MFA device management
APIs to specific, trusted administrators.

If a policy includes an MFA condition, a request is denied if users have not been MFA authenticated, or if they provide an invalid MFA device identifier or
invalid TOTP.





Question : Which ELB component is responsible for adding or removing the capacity of the Load Balancers?
: Which service allows you to send a physical data device to Amazon in order to transfer data into an Amazon service?
1. Controller Service
2. Load Balancer
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Load Manager


Ans : 1
Exp : Elastic Load Balancing (ELB) consists of two components: the load balancers and the controller service. The load balancers monitor the traffic and
handle requests that come in through the Internet. The controller service monitors the load balancers, adding and removing load balancers as needed and
verifying that the load balancers are functioning properly.




Question : Which traditional disaster recovery method involves running your site in AWS and on your existing on-site
infrastructure in an active-active configuration?

: Which service allows you to send a physical data device to Amazon in order to transfer data into an Amazon service?
1. Multi-Site Solution
2. Active-passive solution
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Warm Standby Solution


Ans : 1
Exp :In this case both the infrastructures, on AWS and on your external data center, are always active and you can use one of them in case of disaster.





Question : Your twitter like application hosted at the EC instances, which receives an HTTP requests through ELB.
And each request has an X-Forwarded-For header, having three IP addresses. Which of the following IP will be a part of this header?

: Which service allows you to send a physical data device to Amazon in order to transfer data into an Amazon service?
1. IP address of ELB
2. IP address of Forward Request
3. Access Mostly Uused Products by 50000+ Subscribers
Ans : 1
Exp : The X-Forwarded-For request header helps you identify the IP address of a client when you use HTTP/HTTPS load balancer. Because load balancers
intercept traffic between clients and servers, your server access logs contain only the IP address of the load balancer. To see the IP address of the
client, use the X-Forwarded-For request header. Elastic Load Balancing stores the IP address of the client in the X-Forwarded-For request header and passes
the header along to your server.

The X-Forwarded-For request header takes the following form:

X-Forwarded-For: clientIPAddressThe following example is an X-Forwarded-For request header for a client with an IP address of 203.0.113.7.

X-Forwarded-For: 203.0.113.7The following example is an X-Forwarded-For request header for a client with an IPv6 address of
2001:DB8::21f:5bff:febf:ce22:8a2e.

X-Forwarded-For: 2001:DB8::21f:5bff:febf:ce22:8a2eIf the request goes through multiple proxies, then the clientIPAddress in the X-Forwarded-For request
header is followed by IP addresses of each successive proxy that passes along the request before the request reaches your load balancer. Thus, the
right-most value is the IP address of the most recent proxy (for your load balancer) and the left-most value is the IP address of the originating client. In
such cases, the X-Forwarded-For request header takes the following form:

X-Forwarded-For: OriginatingClientIPAddress, proxy1-IPAddress, proxy2-IPAddress

When a user requests to ELB over HTTP/HTTPS, the request header log at the instance will only receive the IP of ELB. This is because ELB is the interceptor
between the EC2 instance and the client request. To get the client IP, use the header X-Forwarded-For in header. The client IP address in the
X-Forwarded-For request header is followed by the IP addresses of each successive proxy that passes along the request. The last IP address is the IP address
that connects to the back-end application instance. e.g. if the HTTP request already has a header when it reaches the Load Balancer, the IP address from
which the request came is appended at the end of the header followed by the IP address of the Load Balancer. In such cases, the X-Forwarded-For request
header takes the following form: X-Forwarded-For: clientIPAddress, previousRequestIPAddress, LoadBalancerIPAddress.





Question : After you launch an instance in EC-Classic, you can't change its security groups.
If any change is made to a this security group rule, how these changes effective?

: Which service allows you to send a physical data device to Amazon in order to transfer data into an Amazon service?
1. Security group rules can not be changed.
2. Changes are automatically applied to all instances that are associated with the security group
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Changes will be effective after 24 Hrs.
Ans : 2
Exp : Security Groups for EC2-Classic
If you're using EC2-Classic, you must use security groups created specifically for EC2-Classic. When you launch an instance in EC2-Classic, you must specify
a security group in the same region as the instance. You can't specify a security group that you created for a VPC when you launch an instance in EC2-Classic.

After you launch an instance in EC2-Classic, you can't change its security groups. However, you can add rules to or remove rules from a security group, and
those changes are automatically applied to all instances that are associated with the security group.

Note
In EC2-Classic, you can associate an instance with up to 500 security groups and add up to 100 rules to a security group.

Security Groups for EC2-VPC
If you're using EC2-VPC, you must use security groups created specifically for your VPC. When you launch an instance in a VPC, you must specify a security
group for that VPC. You can't specify a security group that you created for EC2-Classic when you launch an instance in a VPC.

After you launch an instance in a VPC, you can change its security groups. You can also change the rules of a security group, and those changes are
automatically applied to all instances that are associated with the security group.
Note

In EC2-VPC, you can associate a network interface with up to 5 security groups and add up to 50 rules to a security group.

When you specify a security group for a nondefault VPC to the CLI or the API actions, you must use the security group ID and not the security group name to
identify the security group.

Security groups for EC2-VPC have additional capabilities that aren't supported by security groups for EC2-Classic.





Question : How many Number of running instances of a pipeline component can AWS Data Pipeline have?

: Which service allows you to send a physical data device to Amazon in order to transfer data into an Amazon service?
1. 50
2. 10
 3. Access Mostly Uused Products by 50000+ Subscribers
4. 5


Ans : 4
Exp : What is AWS Data Pipeline?
AWS Data Pipeline is a web service that you can use to automate the movement and transformation of data. With AWS Data Pipeline, you can define data-driven
workflows, so that tasks can be dependent on the successful completion of previous tasks.

For example, you can use AWS Data Pipeline to archive your web server's logs to Amazon Simple Storage Service (Amazon S3) each day and then run a weekly
Amazon Elastic MapReduce (Amazon EMR) cluster over those logs to generate traffic reports.

Three main components of AWS Data Pipeline work together to manage your data:

Pipeline definition specifies the business logic of your data management. For more information, see Pipeline Definition File Syntax.

AWS Data Pipeline web service interprets the pipeline definition and assigns tasks to workers to move and transform data.

Task Runner polls the AWS Data Pipeline web service for tasks and then performs those tasks. In the previous example, Task Runner would copy log files to
Amazon S3 and launch Amazon EMR clusters. Task Runner is installed and runs automatically on resources created by your pipeline definitions. You can write a
custom task runner application, or you can use the Task Runner application that is provided by AWS Data Pipeline. For more information, see Task Runners.

AWS Data Pipeline limits the rate at which you can call the web service API. These limits also apply to AWS Data Pipeline agents that call the web service
API on your behalf, such as the console, CLI, and Task Runner.



Question : You have configured ELB with instances, same app hosted on the instance receives a separate Load Balancer IP address
as a part of the HTTP header, Is it true?

: Which service allows you to send a physical data device to Amazon in order to transfer data into an Amazon service?
1. Yes, if client has DHCP configured
2. Yes, if all the instances are configured only for TSL
3. Access Mostly Uused Products by 50000+ Subscribers
4. Yes, if all the instances are in a separate AZ

Ans : 4
Exp : You can set up your Elastic Load Balancing to distribute incoming requests across EC2 instances in a single Availability Zone or multiple
Availability Zones within a region. Your load balancer does not distribute traffic across regions.

For critical applications, we recommend that you distribute incoming traffic across more than one Availability Zone. To distribute traffic across multiple
Availability Zones, launch your Amazon EC2 instances in all the Availability Zones you plan to use and then register the instances with your load balancer.

When you register your EC2 instances, Elastic Load Balancing provisions load balancer nodes in all the Availability Zones that has the registered instances.
The load balancer node continuously monitors the health of all the registered instances and routes traffic to the healthy instances. If a load balancer node
detects unhealthy or de-registered instances, it stops routing traffic to those instances. Instead, it sends requests to the remaining healthy instances.

You can always expand or shrink the availability of your instances after your initial set up. To expand the availability of your application, launch
instances in an additional Availability Zone, register the new instances with your load balancer, and then add the new Availability Zone. After you've added
the new Availability Zone, the load balancer begins to route traffic equally amongst all the enabled Availability Zones. To shrink the availability of your
instances, remove an Availability Zone that was enabled for your load balancer. After you've removed the Availability Zone, the load balancer will stop
routing the traffic to the disabled Availability Zone and continue to route traffic to the registered and healthy instances in the enabled Availability Zones.

You have configured ELB with 4 instances, same app hosted on the instance receives a separate Load Balancer IP address as a part of the HTTP header is true.




Question : In context of CloudFormation, what information you get from the the aws cloudformation list-stacks command?


: Which service allows you to send a physical data device to Amazon in order to transfer data into an Amazon service?
1. A list of any of the stacks you have created.
2. A list of any of the stacks you have created, or have been deleted up to 90 days ago.
 3. Access Mostly Uused Products by 50000+ Subscribers
4. A 90 days history list of all your activity on stacks.
Ans : 2
Exp : The aws cloudformation list-stacks command enables you to get a list of any of the stacks you have created (even those which have been deleted up to
90 days). You can use an option to filter results by stack status, such as CREATE_COMPLETE and DELETE_COMPLETE. The aws cloudformation list-stacks command
returns summary information about any of your running or deleted stacks, including the name, stack identifier, template, and status.

Note

The aws cloudformation list-stacks command returns information on deleted stacks for 90 days after they have been deleted.



Question : When you use the wizard in the console to create a VPC with a gateway,
the wizard automatically ____________ to use the gateway. If you're using the
command line tools or API to set up your VPC, you must __________________ yourself.

: Which service allows you to send a physical data device to Amazon in order to transfer data into an Amazon service?
1. Updates the route tables
2. Updates the IP tables
 3. Access Mostly Uused Products by 50000+ Subscribers
4. None of these.

Ans : 1
Exp : When you use the wizard in the console to create a VPC with a gateway, the wizard automatically updates the route tables to use the gateway. If you're
using the command line tools or API to set up your VPC, you must update the route tables yourself.

You can determine which route table a subnet is associated with by looking at the subnet's details in the Amazon VPC Console.




Question Select the correct statement, which applies to VPC
: Which service allows you to send a physical data device to Amazon in order to transfer data into an Amazon service?
1. EC2 instances don't perform source/destination checks at all.
2. Each EC2 instance performs source/destination checks by default.
3. Access Mostly Uused Products by 50000+ Subscribers
4. 2 and 3 both are correct
Ans : 2
Exp : Each EC2 instance performs source/destination checks by default. This means that the instance must be the source or destination of any traffic it
sends or receives. However, a NAT instance must be able to send and receive traffic when the source or destination is not itself. Therefore, you must
disable source/destination checks on the NAT instance.

You can disable the SrcDestCheck attribute for a NAT instance that's either running or stopped using the console or the command line.




Question You have configured a website like HadoopExam.com and hosted
on Weblogic Server and also you are using ELB with the EC2 instances for load balance.
Hence to ensure that the EC2 instances accept requests only from ELB, you have to configure ?

: Which service allows you to send a physical data device to Amazon in order to transfer data into an Amazon service?
1. Configure the security group of EC2, which allows access to the ELB source security group
2. Configure the EC2 instance so that it only listens on the ELB port
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Open the port for an ELB static IP in the EC2 security group
Ans : 1
Exp : A security group acts as a firewall that controls the traffic allowed into a group of instances. When you launch an Amazon EC2 instance, you can
assign it to one or more security groups. For each security group, you can add rules that govern the allowed inbound traffic to instances in the group. All
other inbound traffic is discarded. You can modify rules for a security group at any time. The new rules are automatically enforced for all existing and
future instances in the group. For information on Amazon EC2 security groups, go to Using Security Groups.

Elastic Load Balancing provides a special Amazon EC2 source security group that you can use to ensure that a back end Amazon EC2 instance receives traffic
only from Elastic Load Balancing. This feature involves two security groups the source security group and a security group that defines the ingress rules
for your back end instance. To lock down traffic between your load balancer and your back-end instances, add or modify a rule to your back-end security
group that limits ingress traffic so that it can come only from the Amazon EC2 source security group provided by the Elastic load Balancing.




Question You have written a CloudFormation template that creates Elastic Load Balancer fronting EC Instances.
Which section of the template should you edit so that the DNS of the load balancer is returned upon creation of the stack?
: Which service allows you to send a physical data device to Amazon in order to transfer data into an Amazon service?
1. Outputs
2. Resources
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Mappings

Ans : 1
Exp : AWS CloudFormation gives developers and systems administrators an easy way to create a collection of related AWS resources and provision them in an
orderly and predictable fashion.

You can use AWS CloudFormation to create and provision AWS infrastructure deployments predictably and repeatedly. Use AWS CloudFormation to build highly
reliable, highly scalable, cost-effective applications without worrying about creating and configuring the underlying AWS infrastructure. AWS consists of
template files you use to create and delete collections of resources as a single unit (an AWS CloudFormation stack). Using AWS CloudFormation you can
leverage other services such as such as Amazon Elastic Compute Cloud (Amazon EC2), Amazon Elastic Block Store (Amazon EBS), Amazon Simple Notification
Service (Amazon SNS), Elastic Load Balancing, and Auto Scaling.



Question What does a "Domain" refer to in Amazon SWF?
: Which service allows you to send a physical data device to Amazon in order to transfer data into an Amazon service?
1. Set of Predefined Fixed IP address
2. A security group in which only tasks inside can communicate with each other
 3. Access Mostly Uused Products by 50000+ Subscribers
4. None of the above


Ans : 3
Exp : Domains provide a way of scoping Amazon SWF resources within your AWS account. All the components of a workflow, such as the workflow type and
activity types, must be specified to be in a domain. It is possible to have more than one workflow in a domain; however, workflows in different domains
cannot interact with each other.

When setting up a new workflow, before you set up any of the other workflow components you need to register a domain if you have not already done so.

When you register a domain, you specify a workflow history retention period. This period is the length of time that Amazon SWF will continue to retain
information about the workflow execution after the workflow execution is complete.




Question : You have configured a listener between ELB and the instances on HTTPS/SSL at the smae time you need to upload any certificate/key on ELB?
: Which service allows you to send a physical data device to Amazon in order to transfer data into an Amazon service?
1. Yes
2. Yes, provided the instances are enabled for only HTTP
3. Access Mostly Uused Products by 50000+ Subscribers
4. Yes, provided SSL is enabled on the front end of ELB

Ans : 1
Exp : Create a HTTPS/SSL Load Balancer, Before you get started, be sure you've met the following preconditions:

Sign up for Amazon Web Services (AWS). If you haven't signed up for AWS yet, complete the steps listed in Sign Up for Amazon Web Services(AWS).

Sign in to the AWS Management Console and open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
Alternatively, you can create a load balancer using the command line interface or the Query API. Install the tools you'll need to perform Elastic Load
Balancing tasks. For information on installing the command line interfaces and the Query API, see Setting Up Elastic Load Balancing Interfaces.

For this example, we use Availability Zone us-east-1a. In Availability Zone us-east-1a, launch the instances you intend to register with your load balancer.
For more information about launching Amazon EC2 instances, see Launching and Using Instances.

Install a webserver, such as Apache or Internet Information Services (IIS), on the EC2 instances you plan to register with the load balancer.

The instances to be registered with your load balancer must respond to the target of the health check with an HTTP status code 200. For information about
Elastic Load Balancing health check, see Health Check.

Elastic Load Balancer maintains a 60-second keepalive timeout setting for idle connections to back-end application servers. Update these settings on your
back-end server to a timeout of at least 60 seconds for the communication to work properly.

To enable HTTPS support for your listeners, you must install SSL certificate on your load balancer. Before you can install the SSL certificate, you must
first create and then upload the SSL certificate using IAM. The load balancer uses the certificate to terminate and then decrypt requests before sending
them to the back-end instances. For information on how to create an SSL certificate, see SSL Certificate for Elastic Load Balancing.

All your SSL server certificates are managed by IAM. By default, IAM allows 10 SSL server certificates per AWS account. If you try to upload a new server
certificate after reaching this limit, you'll get an error. You can request for more certificates using this form - IAM Limit Increase Contact Us Form.
When configuring HTTPS with ELB, the user has to upload the SSL certificate. If the user has enabled the HTTPS/SSL listener between the back end instances
and ELB, the ELB config wizard gives an option to enable authentication and trust the public key. There are two options available in that wizard: one to
proceed without authentication and the other, where the user can enable back end authentication. If the second option is enabled, the user can upload the
contents of the certificate.




Question : Once you've successfully created a Microsoft Windows stack on AWS CloudFormation,
you can log in to your instance with ______ to configure it manually.

: Which service allows you to send a physical data device to Amazon in order to transfer data into an Amazon service?
1. AWS Command Line Interface
2. Remote Desktop
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Windows Command prompt

Ans : 2
Exp : Accessing AWS CloudFormation Windows Instances
Once you've successfully created a Microsoft Windows stack on AWS CloudFormation, you can log in to your instance with Remote Desktop to configure it
manually. There are a number of steps involved:

1.Find the physical id of your Windows instance.

2.Use the physical id to retrieve the login credentials from Amazon EC2.

 3. Access Mostly Uused Products by 50000+ Subscribers

Note

Before starting, you'll need to have an AWS CloudFormation Windows stack running, and you'll also need the private key of the key pair you used when
creating the instance.




Question You may create a custom configured Amazon instance using Linux, containing all your software and applications,
then you want to use same setup, what is the best way to get it ?

: Which service allows you to send a physical data device to Amazon in order to transfer data into an Amazon service?
1. Alaways create a backup copy of the EBS service.
2. Create a backup EC2 Instances only.
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Creating an EBS Image (AMI).
Ans : 4
Exp : The Amazon Linux AMI is a supported and maintained Linux image provided by Amazon Web Services for use on Amazon Elastic Compute Cloud (Amazon EC2).
It is designed to provide a stable, secure, and high performance execution environment for applications running on Amazon EC2. It also includes packages
that enable easy integration with AWS, including launch configuration tools and many popular AWS libraries and tools. Amazon Web Services provides ongoing
security and maintenance updates to all instances running the Amazon Linux AMI. The Amazon Linux AMI is provided at no additional charge to Amazon EC2 users.

Creating an Amazon EBS-Backed Linux AMI
To create an Amazon EBS-backed Linux AMI, start from an instance that you've launched from an existing Amazon EBS-backed Linux AMI. After you've customized
the instance to suit your needs, create and register a new AMI, which you can use to launch new instances with these customizations




Question In regards to VPC, what is the default maximum number of virtual private gateways allowed per region?

: Which service allows you to send a physical data device to Amazon in order to transfer data into an Amazon service?
1. 10
2. 15
3. Access Mostly Uused Products by 50000+ Subscribers
4. 1


Ans : 3
Exp : Amazon VPC Limits
*VPCs per region 5 This limit can be increased upon request.
*Subnets per VPC 200 This limit can be increased upon request.
*Internet gateways per region 5 You can create as many Internet gateways as your VPCs per region limit. Only one Internet gateway can be attached to a VPC
at a time.
*Virtual private gateways per region 5 Only one virtual private gateway can be attached to a VPC at a time.
*Customer gateways per region 50 This limit can be increased upon request.
*VPN connections per region 50 Ten per virtual private gateway.
*Route tables per VPC 200 Including the main route table. You can associate one route table to one or more subnets in a VPC.
*Entries per route table 50 This is the limit for the number of nonpropagated entries per route table. This limit can be increased upon request; however,
network performance may be impacted as the number of non propagated route entries increases.
*Elastic IP addresses per region for each AWS account 5 This is the limit for the number of VPC Elastic IPs you can allocate within a region. This is a
separate limit from the EC2 Elastic IP address limit.
*Security groups per VPC 100 This limit can be increased upon request; however, network performance may be impacted as the number of security groups is
increased, depending on the way the security groups are configured.
*Rules per security group 50 This limit can be increased or decreased upon request, however, the multiple of rules per security group and security groups
per network interface cannot exceed 250. For example, if you want 100 rules per security group, wed need to decrease your number of security groups per
network interface to 2.
*Security groups per network interface 5 This limit can be increased or decreased upon request; however, the multiple of security groups per network
interface and rules per security group cannot exceed 250. For example, if you want 10 security groups per network interface, wed need to decrease your
number of rules per security group to 25.
*Network ACLs per VPC 200 You can associate one network ACL to one or more subnets in a VPC. This limit is not the same as the number of rules per network
ACL.
*Rules per network ACL 20 This is the sum of the number of rules for both ingress and egress rules in a single network ACL. The maximum limit is 40 rules
per network ACL.
*BGP Advertised Routes per VPN Connection 100 This limit can be increased upon request; however, network performance may be impacted as the number of
advertised routes is increased.
*Active VPC peering connections per VPC 50 This limit can be increased via special request to AWS Developer Support. The maximum limit is 125 peering
connections per VPC. The number of entries per route table should be increased accordingly; however, network performance may be impacted as the number of
entries in a route table is increased.
*Outstanding VPC peering connection requests 25 This is the limit for the number of outstanding VPC peering connection requests that you ve requested from
your account. This limit can be increased via special request to AWS Developer Support.
*Epiry time for an unaccepted VPC peering connection request 1 week (168 hours) This limit can be increased via special request to AWS Developer Support.






Question : Elasticity is a fundamental property of the cloud. What best describes elasticity?

: Which service allows you to send a physical data device to Amazon in order to transfer data into an Amazon service?
1. Power to scale computing resources up and down easily with minimal friction
2. Ability to create services without having to administer resources
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Power to scale computing resources up easily but not down
Ans : 1
Exp : Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides resizable compute capacity in the cloud. It is designed to make web-scale
computing easier for developers.

Amazon EC2s simple web service interface allows you to obtain and configure capacity with minimal friction. It provides you with complete control of your
computing resources and lets you run on Amazons proven computing environment. Amazon EC2 reduces the time required to obtain and boot new server instances
to minutes, allowing you to quickly scale capacity, both up and down, as your computing requirements change. Amazon EC2 changes the economics of computing
by allowing you to pay only for capacity that you actually use. Amazon EC2 provides developers the tools to build failure resilient applications and isolate
themselves from common failure scenarios.



Question :

In regards RDS , standby be in the same _________ as my primary

: Which service allows you to send a physical data device to Amazon in order to transfer data into an Amazon service?
1. Availability Zone
2. Region
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Subnet


Question : Through which of the following interfaces is AWS Identity and Access Management available?
A) AWS Management Console
B) Command line interface (CLI)
C) IAM Query API
D) Existing libraries

 : Through which of the following interfaces is AWS Identity and Access Management available?
1. Only through Command line interface (CLI)
2. A, B and C

 3. Access Mostly Uused Products by 50000+ Subscribers
4. All of the above


Ans : 4



Question : Your company is moving their entire TB data warehouse to the cloud.
With your current bandwidth it would take 2 months to transfer the data.
Which service would allow you to quickly get your data into AWS?

: Through which of the following interfaces is AWS Identity and Access Management available?
1. Amazon Direct Connect
2. Amazon S3 Connector
 3. Access Mostly Uused Products by 50000+ Subscribers
4. None of the above
Ans : 3
Exp : AWS Import Export accelerates moving large amounts of data into and out of AWS using portable storage devices for transport. AWS transfers your data
directly onto and off of storage devices using Amazons high-speed internal network and bypassing the Internet. For significant data sets, AWS Import Export
is often faster than Internet transfer and more cost effective than upgrading your connectivity.



Question : Which technique can be used to integrate AWS IAM (Identity and Access Management)
with an on-premise LDAP (Lightweight Directory Access Protocol) directory service?
: Through which of the following interfaces is AWS Identity and Access Management available?
1. Use an IAM policy that references the LDAP account identifiers and the AWS credentials.
2. Use SAML (Security Assertion Markup Language) to enable single sign-on between AWS and LDAP.

 3. Access Mostly Uused Products by 50000+ Subscribers
4. Use IAM roles to automatically rotate the IAM credentials when LDAP credentials are updated.
5. Use the LDAP credentials to restrict a group of users from launching specific EC2 instance types.
Ans : 2



Question : If you are using a non-transactional engine such as MyISAM, which of the following steps need to perform to
successfully set up your Read Replica to ensure that the Read Replica has a consistent copy of your data.

: Through which of the following interfaces is AWS Identity and Access Management available?
1. Stop all DML and DDL operations on non-transactional tables and wait for them to complete
2. Flush and lock those tables.
3. Access Mostly Uused Products by 50000+ Subscribers
4. Check the progress of the Replica creation using the DescribeDBInstances API
5. All of the above


Question : In CloudFront, If you add a CNAME for www.hadoopexam.com to your distribution, you also need to create (or update) a CNAME record
with your DNS service to route queries for ____________.
 : In CloudFront, If you add a CNAME for www.hadoopexam.com to your distribution, you also need to create (or update) a CNAME record
1. www.hadoopexam.com to d111111abcdef8.cloudfront.com
2. d111111abcdef8.cloudfront.com to www.hadoopexam.com
 3. Access Mostly Uused Products by 50000+ Subscribers
4. d111111abcdef8.cloudfront.net to www.hadoopexam.com