Premium

AWS Certified Solutions Architect - Professional Questions and Answers (Dumps and Practice Questions)



Question : if a disaster occurs at : PM (noon) and the RTO is
eight hours, the DR process should restore the business process to the acceptable service level by_________

: if a disaster occurs at : PM (noon) and the RTO is
1. 8:00 PM
2. 9:00 PM
 3. Access Mostly Uused Products by 50000+ Subscribers
4. 00:00 AM



Correct Answer : Get Lastest Questions and Answer :
Exp: The time it takes after a disruption to restore a business process to its service level, as
defined by the operational level agreement (OLA). For example, if a disaster occurs at 12:00 PM (noon) and the RTO is
eight hours, the DR process should restore the business process to the acceptable service level by 8:00 PM








Question : QuickTechie.com is having a VPC for the Billing Team, and another VPC for the Training department.
The Billing team requires access to all the instances running in the Training Team VPC while the Training Team requires
access to all the resources in the Billing Team. How can the organization setup this scenario?


: QuickTechie.com is having a VPC for the Billing Team, and another VPC for the Training department.
1. Setup ACL with both VPCs which will allow traffic from the CIDR of the other VPC.
2. Setup VPC peering between the VPCs of Training Team and Billing Team.
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Setup the security group with each VPC which allows traffic from the CIDR of another VPC
5. None of above


Correct Answer : Get Lastest Questions and Answer :

Exp: A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IP addresses. Instances in either VPC can
communicate with each other as if they are within the same network. You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account within a
single region.

AWS uses the existing infrastructure of a VPC to create a VPC peering connection; it is neither a gateway nor a VPN connection, and does not rely on a separate piece of physical
hardware. There is no single point of failure for communication or a bandwidth bottleneck.

A VPC peering connection can help you to facilitate the transfer of data; for example, if you have more than one AWS account, you can peer the VPCs across those accounts to create a
file sharing network. You can also use a VPC peering connection to allow other VPCs to access resources you have in one of your VPCs.
To establish a VPC peering connection, the owner of the requester VPC (or local VPC) sends a request to the owner of the peer VPC to create the VPC peering connection. The peer VPC
can be owned by you, or another AWS account, and cannot have a CIDR block that overlaps with the requester VPC's CIDR block. The owner of the peer VPC has to accept the VPC peering
connection request to activate the VPC peering connection. To enable the flow of traffic between the peer VPCs using private IP addresses, add a route to one or more of your VPC's
route tables that points to the IP address range of the peer VPC. The owner of the peer VPC adds a route to one of their VPC's route tables that points to the IP address range of
your VPC. You may also need to update the security group rules that are associated with your instance to ensure that traffic to and from the peer VPC is not restricted. For more
information about security groups, see Security Groups for Your VPC.

A VPC peering connection is a one to one relationship between two VPCs. You can create multiple VPC peering connections for each VPC that you own, but transitive peering
relationships are not supported: you will not have any peering relationship with VPCs that your VPC is not directly peered with.

The following diagram is an example of one VPC peered to two different VPCs. There are two VPC peering connections: VPC A is peered with both VPC B and VPC C. VPC B and VPC C are not
peered, and you cannot use VPC A as a transit point for peering between VPC B and VPC C. If you want to enable routing of traffic between VPC B and VPC C, you must create a unique
VPC peering connection between them.




Question : QuickTechie.com has hosted a web application which allows traffic on port from all the IPs and attached the same security group to multiple
instances running in the same VPC but different subnets. QuickTechie.com is planning to use one of these instances for testing an web application running on port
8080. How can QuickTechie setup this case so security of all the instances are not affected ?
: QuickTechie.com has hosted a web application which allows traffic on port from all the IPs and attached the same security group to multiple
1. QuickTechie.com should launch an instance in a separate subnet so that they will have a different security group.
2. QuickTechie.com should attach an ENI with every instance. The organization should create a new security group and update the security group of that instance's ENI.
 3. Access Mostly Uused Products by 50000+ Subscribers
selected IP.
4. QuickTechie.com should first stop the instance and then change the security group of the selected instance.


Correct Answer : Get Lastest Questions and Answer : Exp: An elastic network interface (ENI) is a virtual network interface that you can attach to an instance in a VPC. An ENI can include the following attributes:

a primary private IP address
one or more secondary private IP addresses
one Elastic IP address per private IP address
one public IP address, which can be auto-assigned to the network interface for eth0 when you launch an instance, but only when you create a network interface for eth0 instead of
using an existing network interface
one or more security groups
a MAC address
a source/destination check flag
a description

You can create a network interface, attach it to an instance, detach it from an instance, and attach it to another instance. The attributes of a network interface follow the network
interface as it is attached or detached from an instance and reattached to another instance. When you move a network interface from one instance to another, network traffic is
redirected to the new instance. Each instance in a VPC has a default network interface. The default network interface has a primary private IP address in the IP address range of its
VPC. You can create and attach additional network interfaces. The maximum number of network interfaces that you can use varies by instance type. For more information, see Private IP
Addresses Per ENI Per Instance Type.

Attaching multiple network interfaces to an instance is useful when you want to:

Create a management network.
Use network and security appliances in your VPC.
Create dual-homed instances with workloads/roles on distinct subnets.
Create a low-budget, high-availability solution.



Related Questions

Question : You require the ability to analyze a customer's clickstream data on a website so they can do behavioral analysis. Your customer needs to know what sequence of pages and
ads their customer clicked on. This data will be used in real time to modify the page layouts as customers click through the site to increase stickiness and advertising
click-through. Which option meets the requirements for captioning and analyzing this data?
 : You require the ability to analyze a customer's clickstream data on a website so they can do behavioral analysis. Your customer needs to know what sequence of pages and
1. Log clicks in weblogs by URL store to Amazon S3, and then analyze with Elastic MapReduce
2. Push web clicks by session to Amazon Kinesis and analyze behavior using Kinesis workers
3. Access Mostly Uused Products by 50000+ Subscribers
4. Publish web clicks by session to an Amazon SQS queue men periodically drain these events to Amazon RDS and analyze with sol



Question : You have deployed a three-tier web application in a VPC with a CIDR block of / You initially deploy two web servers, two application servers, two database
servers and one NAT instance for a total of seven EC2 instances. The web Application and database servers are deployed across two availability zones (AZs). You also deploy an ELB in
front of the two web servers, and use Route53 for DNS Web (traffic gradually increases in the first few days following the deployment, so you attempt to double the number of
instances in each tier of the application to handle the new load, unfortunately some of these new instances fail to launch.
Which of the following could be the root caused? (Choose 2 answers)

A. The Internet Gateway (IGW) of your VPC has scaled-up adding more instances to handle the traffic spike, reducing the number of available private IP addresses for new instance
launches.
B. AWS reserves one IP address in each subnet's CIDR block for Route53 so you do not have enough addresses left to launch all of the new EC2 instances.
C. AWS reserves the first and the last private IP address in each subnet's CIDR block so you do not have enough addresses left to launch all of the new EC2 instances.
D. The ELB has scaled-up. Adding more instances to handle the traffic reducing the number of available private IP addresses for new instance launches.
E. AWS reserves the first four and the last IP address in each subnet's CIDR block so you do not have enough addresses left to launch all of the new EC2 instances.


 : You have deployed a three-tier web application in a VPC with a CIDR block of / You initially deploy two web servers, two application servers, two database
1. A,B
2. B,C
 3. Access Mostly Uused Products by 50000+ Subscribers
4. D,E




Question : You are designing a social media site and are considering how to mitigate distributed denial-of-service (DDoS) attacks. Which of the below are viable mitigation
techniques? (Choose 3 answers)

A. Add multiple elastic network interfaces (ENIs) to each EC2 instance to increase the network bandwidth.
B. Use dedicated instances to ensure that each instance has the maximum performance possible.
C. Use an Amazon CloudFront distribution for both static and dynamic content.
D. Use an Elastic Load Balancer with auto scaling groups at the web, App and Amazon Relational Database Service (RDS) tiers
E. Add alert Amazon CloudWatch to look for high Network in and CPU utilization.
F. Create processes and capabilities to quickly add and remove rules to the instance OS firewall.

 : You are designing a social media site and are considering how to mitigate distributed denial-of-service (DDoS) attacks. Which of the below are viable mitigation
1. A,B,D
2. B,D,F
 3. Access Mostly Uused Products by 50000+ Subscribers
4. D,E,F




Question : You are designing a data leak prevention solution for your VPC environment. You want your VPC Instances to be able to access software depots and distributions on the
Internet for product updates. The depots and distributions are accessible via third party CDNs by their URLs. You want to explicitly deny any other outbound connections from your VPC
instances to hosts on the internet. Which of the following options would you consider?

 : You are designing a data leak prevention solution for your VPC environment. You want your VPC Instances to be able to access software depots and distributions on the
1. Configure a web proxy server in your VPC and enforce URL-based rules for outbound access Remove default routes.
2. Implement security groups and configure outbound rules to only permit traffic to software depots.
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Implement network access control lists to all specific destinations, with an Implicit deny as a rule.



Question : You are designing Internet connectivity for your VPC. The Web servers must be available on the Internet. The application must have a highly available architecture.
Which alternatives should you consider? (Choose 2 answers)

A. Configure a NAT instance in your VPC. Create a default route via the NAT instance and associate it with all subnets. Configure a DNS record that points to the NAT instance public
IP address.
B. Configure a CloudFront distribution and configure the origin to point to the private IP addresses of your Web servers Configure a Route53 CNAME record to your CloudFront
distribution.
C. Place all your web servers behind ELB. Configure a Route53 CNAME to point to the ELB DNS name.
D. Assign EIPs to all web servers. Configure a Route53 record set with all EIPs. With health checks and DNS failover.
E. Configure ELB with an EIP. Place all your Web servers behind ELB. Configure a Route53 record that points to the EIP.
 : You are designing Internet connectivity for your VPC. The Web servers must be available on the Internet. The application must have a highly available architecture.
1. A,B
2. B,C
 3. Access Mostly Uused Products by 50000+ Subscribers
4. D,E
5. A,E


Question : An ERP application is deployed across multiple AZs in a single region. In the event of failure, the Recovery Time Objective (RTO) must be less than hours, and the
Recovery Point Objective (RPO) must be 15 minutes the customer realizes that data corruption occurred roughly 1.5 hours ago.
What DR strategy could be used to achieve this RTO and RPO in the event of this kind of failure?


 : An ERP application is deployed across multiple AZs in a single region. In the event of failure, the Recovery Time Objective (RTO) must be less than hours, and the
1. Take hourly DB backups to S3, with transaction logs stored in S3 every 5 minutes.
2. Use synchronous database master-slave replication between two availability zones.
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Take 15 minute DB backups stored In Glacier with transaction logs stored in S3 every 5 minutes.