Premium

AWS Certified Solutions Architect – Associate Questions and Answers (Dumps and Practice Questions)



Question : You have to implement security on VPC level. So that communication can be secured. Which of the following protocols are supported by the VPC?


: You have to implement security on VPC level. So that communication can be secured. Which of the following protocols are supported by the VPC?
1. VPC support TLS protocol

2. VPC support HTTPS protocol

3. Access Mostly Uused Products by 50000+ Subscribers

4. VPC support IPSec protocol for security


Correct Answer : Get Lastest Questions and Answer :
Explanation: VPC support IPSEC protocol for security.




Question : You have an EC instance, on which web server installed. This instance is hosting a critical financial online loan processing application and have critical data, now
you want, whatever logs generated by installed web application should be moved from EC2 instance to S3 without having any internet connection. Which of the following option will
help to connect EC2 instance in a VPC to S3


: You have an EC instance, on which web server installed. This instance is hosting a critical financial online loan processing application and have critical data, now
1. You have to create a NAT instance, and a CloudWatch Log Agent on that NAT instance which will transfer logs from web server to S3

2. You have to create a public EC2 instance, and a CloudWatch Log Agent on that EC2 instance which will transfer logs from web server to S3

 3. Access Mostly Uused Products by 50000+ Subscribers

4. You have to create a VPC endpoint.


Correct Answer : Get Lastest Questions and Answer :
Explanation: You have to create a VPC endpoint, so that resources in VPC can communicate with any other AWS resources, without having any public internet connection.




Question : You are migrating your existing in-house solution to AWS, hence you created the AWS account. Your networking admin wants that IP address range should not be same as
in-house. What happen when, you create a VPC
A. You can define CIDR block and Range of IP addresses, once VPC created.
B. You can define CIDR block and Range of IP addresses, while creating VPC
C. You need to choose, in which region you want your VPC created. Which you can change later on
D. You need to choose, in which region you want your VPC created. Which you cannot change later on.

: You are migrating your existing in-house solution to AWS, hence you created the AWS account. Your networking admin wants that IP address range should not be same as
1. A,B
2. B,C
 3. Access Mostly Uused Products by 50000+ Subscribers
4. A,D
5. B,D

Correct Answer : Get Lastest Questions and Answer :
Explanation: While defining AWS VPC, you have to have following
- While creating VPC , you must define CIDR block and IP range
- You must select the region, which you cannot change later on.



Related Questions

Question
Your boss has asked you to build a MongoDB replica set in the cloud. Amazon Web Services does not provide a MongoDB service.
How would you go about setting up the MongoDB replica set?
1. You cant on AWS so build it out on another data center.
2. Request AWS to add a MongoDB service.
3. Access Mostly Uused Products by 50000+ Subscribers
4. None of the above.

Ans : 3
Exp : MongoDB runs well on Amazon EC2. To deploy MongoDB on EC2 you can either set up a new instance manually
or deploy a pre-configured AMI from the AWS Marketplace (refer to Deploy from the AWS Marketplace for more information).





Question : Your company has an application that requires access to a NoSQL database.
Your IT department has no desire to manage the NoSQL servers. Which Amazon Service provides a fully managed and highly available NoSQL service?


1. ElasticMap Reduce
2. Amazon RDS
 3. Access Mostly Uused Products by 50000+ Subscribers
4. DynamoDB
Ans : 4
Exp : DynamoDB is a fast, fully managed NoSQL database service that makes it simple and cost-effective to store and retrieve any amount of data, and serve
any level of request traffic. Its guaranteed throughput and single-digit millisecond latency make it a great fit for gaming, ad tech, mobile and many other
applications.



Question : Your applications usage peaks at % during the hours of am and am everyday.
All other hours require only 10% of the peak resources.
What is the best way to scale your application so that youre only paying for max resources during peak hours?


1. Proactive Cycle Scaling
2. Proactive Event-based scaling
 3. Access Mostly Uused Products by 50000+ Subscribers
4. None of the above.

Ans : 1
Exp : The cloud brings a new concept of elasticity in your applications. Elasticity can be implemented in three ways:
1. Proactive Cyclic Scaling: Periodic scaling that occurs at fixed interval (daily, weekly, monthly, quarterly)
2. Proactive Event-based Scaling: Scaling just when you are expecting a big surge of traffic requests due to a
scheduled business event (new product launch, marketing campaigns)
3. Access Mostly Uused Products by 50000+ Subscribers
actions so that it scales up or down based on metrics (utilization of the servers or network i/o, for instance)




Question : In EC, what would happens to the data on an instance store if the instance reboots (either intentionally or unintentionally)?



1. Data will be deleted
2. Data persists
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Data may or may not persist


Question : Your company is posting a big article on the front page of your website tomorrow.
It is expected that the demand could potentially overwhelm your infrastructure.
In the event of a load failure, how can you setup DNS failover to a static website?

 : Your company is posting a big article on the front page of your website tomorrow.
1. With AWS you should never worry about this issue.
2. Use Route 53 and failover option to failover to a static s3 website bucket in the event of an issue.
 3. Access Mostly Uused Products by 50000+ Subscribers
4. None of the above.

Ans : 2
Exp : A DNS failover feature for Amazon Route 53. If you enable this feature and create one or more health checks, Route 53 will periodically run the checks
and switch to a secondary address (possibly a static website hosted on Amazon S3) if several consecutive checks fail. Route 53 also includes a very handy
failover feature. Once enabled, this feature performs health checks at regular intervals, and then switches to a backup site if the primary one appears to
be unresponsive.

Amazon Route 53 lets you configure DNS failover in active active, active passive, and mixed configurations to improve the availability of your application.
When you have more than one resource performing the same function for example, more than one HTTP server or mail server you can configure Amazon Route 53 to
check the health of your resources and respond to DNS queries using only the healthy resources. For example, suppose your website, example.com, is hosted on
10 servers, two each in five data centers around the world. You can configure Amazon Route 53 to check the health of those servers and to respond to DNS
queries for example.com using only the servers that are currently healthy.




Question : You might give an Amazon EC instance resource a logical ID of HadoopExamECInstance; but when AWS CloudFormation creates the instance,
AWS CloudFormation automatically generates and assigns a physical ID (such as i-28f9ba55) to the instance.

: Your company is posting a big article on the front page of your website tomorrow.
1. You can use this physical ID to identify the instance and view its properties (such as the DNS name) by using the Amazon EC2 console
2. You can not use this physical ID to identify the instance and view its properties (such as the DNS name) by using the Amazon EC2 console
 3. Access Mostly Uused Products by 50000+ Subscribers
4. You can not use this logical ID to identify the instance and view its properties (such as the DNS name) by using the Amazon EC2 console


Question : You own an image manipulation application. Your users take a picture, upload it to your app,
and request filters to be added to the image. You need to decouple the application so your users are not waiting
for the image processing to take place. How would you go about doing this?

 : You own an image manipulation application. Your users take a picture, upload it to your app,
1. Use Amazon S3 to store the images and Amazon EC2 to process the request.
2. Use Amazon SNS to process image requests.
 3. Access Mostly Uused Products by 50000+ Subscribers
use S3 to store the image, and auto scaling to determine when to fire more worker instances based on queue size.
4. None of the above.

Ans : 3
Exp : Use spot instances to create an auto-scaled worker that monitors work (messages) in an SQS queue. The application is auto-scaled based on the amount
of work in the queue. When there is work, Auto Scaling scales up; when there is no work, Auto Scaling scales down. Each message contains a command or script
to run, an input file location, and an output location for the results.



Question : Your EC instances are configured to run behind an Amazon VPC. For security reasons,
none of the VPC subnets have an internet gateway attached to them. What do you need to do in order
for the Elastic Load Balancer to serve traffic to the instances?
: You own an image manipulation application. Your users take a picture, upload it to your app,
1. Attach an internet gateway to the subnet
2. Add an elastic IP address to the instance.
 3. Access Mostly Uused Products by 50000+ Subscribers
4. None of the above.

Ans : 3
Exp : When you create your load balancer in VPC, you can make your load balancer internal (private) or Internet-facing (public). When you make your load
balancer internal, a DNS name will be created, and it will contain the private IP address of the load balancer. Internal load balancer is not exposed to the
internet. When you make your load balancer Internet-facing, a DNS name will be created with the public IP address. The DNS records are publicly resolvable
in both cases.

By combining both internal and Internet facing load balancers, you can balance requests between multiple tiers of your application. For example, let us say
you have web servers at your front end that takes requests from the internet and passes it on to your back end application instances. You can create an
internal load balancer in your VPC and then place your back end application instances behind the internal load balancer. You can create an Internet facing
load balancer with the DNS name and public IP address and place it in front of your web server. Your web server will take requests coming from the
Internet-facing load balancer and will make requests to the internal load balancer, using private IP addresses that are resolved from the internal load
balancers DNS name. The internal load balancer will route requests to the back end application instances, which are also using private IP addresses and only
accept requests from the internal load balancer. With this multi tier architecture, all your infrastructure can use private IP addresses and security groups
so that the only part of your architecture that has public IP address is the Internet-facing load balancer.

For an Internet facing load balancer to be connected to the Internet, the load balancer must reside in a subnet that is connected to the Internet using the
Internet gateway. The application instances behind the load balancer do not need to be in the same subnet as the load balancer.



Question : The AMI ID used in an Auto Scaling policy is configured in the _______.
: You own an image manipulation application. Your users take a picture, upload it to your app,
1. launch configuration
2. group policy
 3. Access Mostly Uused Products by 50000+ Subscribers
4. None of the above.

Ans : 1
Exp : Auto Scaling provides you with an option to create a new launch configuration using the attributes from an existing Amazon EC2 instance. when you use
this option, Auto scaling copies the attributes from the specified instance into a template from which you can launch one or more Auto Scaling groups.

To use this section you should be familiar with Amazon EC2 instances, with the EC2 instance attributes, and with the process for launching Amazon EC2
instances. For more information, see Launching an Instance.

There are differences between creating a launch configuration from scratch and creating a launch configuration from an existing EC2 instance. When you
create a launch configuration from scratch, you specify the name of the launch configuration, Amazon Machine Image (AMI) ID of the image you want to use,
and the type of instance you want to launch. You can optionally list additional resources such as storage devices, identity and access management options,
monitoring, and so on. For information on the attributes you can use to create a launch configuration, see CreateLaunchConfiguration.

When you create a launch configuration from an existing instance, you specify the instance ID and the name of the launch configuration. Auto Scaling derives
all the other attributes applicable to the launch configuration from the specified instance, with the exception of the BlockDeviceMapping. By default, Auto
Scaling creates the new launch configuration using the block device mapping that comes with the AMI that was used to create the instance and ignores any
additional block device mappings that was later added to the instance. For more information on block device mapping, see Block Device Mapping in the Amazon
Elastic Compute Cloud User Guide.

You can override any instance attribute, including the block device mapping on the instance's AMI, by specifying your own as a part of the same request.



Question : You are tasked with setting up a Linux bastion host for access to Amazon EC instances
running in your VPC. Only clients connecting from the corporate external public IP address
72.34.51.100 should have SSH access to the host. Which option will meet the customer
requirement?
: You own an image manipulation application. Your users take a picture, upload it to your app,
1. Security Group Inbound Rule: Protocol - TCP. Port Range - 22, Source 72.34.51.100/32
2. Security Group Inbound Rule: Protocol - UDP, Port Range - 22, Source 72.34.51.100/32
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Network ACL Inbound Rule: Protocol - TCP, Port Range-22, Source 72.34.51.100/0

Ans : 1
Exp :



Question : Which of the following statement is/are correct when you run your DB Instance as a Multi-AZ deployment ?

: You own an image manipulation application. Your users take a picture, upload it to your app,
1. It protect the data on my source DB Instance against failure scenarios
2. The replication used by Multi AZ deployments is asynchronous
 3. Access Mostly Uused Products by 50000+ Subscribers
4. 1 and 3 are correct
5. 2 and 3 are correct



Question : My Read Replica appears "stuck" after a Multi-AZ failover and is unable to obtain or apply
updates from the source DB Instance. What do I do?
 : My Read Replica appears
1. You will need to delete the Read Replica and create a new one to replace it.
2. You will need to disassociate the DB Engine and re associate it.
 3. Access Mostly Uused Products by 50000+ Subscribers
4. You will need to delete the DB Instance and create a new one to replace it.



Ans : 1
Exp :



Question : You have launched an Amazon Elastic Compute Cloud (EC) instance into a public subnet
with a primary private IP address assigned, an internet gateway is attached to the VPC,
and the public route table is configured to send all Internet-based traffic to the Internet
gateway. The instance security group is set to allow all outbound traffic but cannot access
the internet. Why is the Internet unreachable from this instance?
: My Read Replica appears
1. The instance does not have a public IP address.
2. The internet gateway security group must allow all outbound traffic.
 3. Access Mostly Uused Products by 50000+ Subscribers
4. The instance "Source/Destination check" property must be enabled.

Ans : 1
Exp :



Question : What events would cause Amazon RDS to initiate a failover to the standby replica ?
: My Read Replica appears
1. Loss of availability in primary Availability Zone
2. Loss of network connectivity to primary and Storage failure on primary
 3. Access Mostly Uused Products by 50000+ Subscribers
4. 1 and 2 are correct
5. All 1,2 and 3 are correct



Question : What is the difference between an availability zone and an edge location?
 : What is the difference between an availability zone and an edge location?
1. An availability zone is a grouping of AWS resources in a specific region; an edge location is a specific resource within the AWS region.
2. An availability zone is an Amazon Resource within an AWS region where an edge location will deliver cached content to the closest location to reduce latency.
 3. Access Mostly Uused Products by 50000+ Subscribers
4. None of the above

Ans : 2
Exp : mazon EC2 is hosted in multiple locations world-wide. These locations are composed of regions and Availability Zones. Each region is a separate
geographic area. Each region has multiple, isolated locations known as Availability Zones. Amazon EC2 provides you the ability to place resources, such as
instances, and data in multiple locations. Resources aren't replicated across regions unless you do so specifically.

Amazon operates state-of-the-art, highly-available data centers. Although rare, failures can occur that affect the availability of instances that are in the
same location. If you host all your instances in a single location that is affected by such a failure, none of your instances would be available.

Note
Some AWS resources might not be available in all regions and Availability Zones. Ensure that you can create the resources you need in the desired regions or
Availability Zone before deploying your applications.





Question : Which services allow you to deliver static or video content over AWS edge locations?
: What is the difference between an availability zone and an edge location?
1. S3
2. route53
 3. Access Mostly Uused Products by 50000+ Subscribers
4. CloudFront CDN



Question How many elastic IP addresses can a en EC-classic instance have assigned to it?


 How many elastic IP addresses can a en EC-classic instance have assigned to it?
1. 5
2. 3
3. Access Mostly Uused Products by 50000+ Subscribers
4. 1
5. 4


Correct Ans : 4
Exp : EC2 Private IP Address: The internal RFC 1918 address of an instance that is only routable within the EC2 Cloud. Network traffic originating outside
the EC2 network cannot route to this IP, and must use the Public IP or Elastic IP Address mapped to the instance.
EC2 Public IP Address: Internet routable IP address assigned by the system for all instances. Traffic routed to the Public IP is translated via 1:1 Network
Address Translation (NAT) and forwarded to the Private IP address of an instance. The mapping of a Public IP to Private IP of an instance is the default
launch configuration for all instance types. Public IP Addresses are no longer usable upon instance termination.
EC2 Elastic IP Address: Internet routable IP address allocated to an AWS EC2 account. Similar to EC2 Public Address, 1:1 NAT is used to map Elastic IP
Addresses with their associated Private IP addresses. Unlike a standard EC2 Public IP Address, Elastic IP Addresses are allocated to accounts and can be
remapped to other instances when desired.





Question

Your company requires that all the data on your EBS backed EC2 volumes be encrypted. How would you go about doing this?

How many elastic IP addresses can a en EC-classic instance have assigned to it?
1. Enable EBS encryption on the specific volume.
2. It must be done on the OS layer with an encrypted file system.
 3. Access Mostly Uused Products by 50000+ Subscribers
4. None of the above

Ans : 1
Exp : Amazon AWS does not offer encryption on Amazon EBS volumes or snapshots.
If encryption is important to you, we recommend that you run an encrypted file system on top of your Amazon EBS volume.
Posted On: May 21, 2014

We are excited to announce the availability of Amazon EBS encryption for new EBS storage volumes, enabling you to meet security and encryption compliance
requirements. This frequently requested feature provides you with seamless support for data encryption on block-level storage, at no additional cost.

Until today, you needed third-party security tools to encrypt data for EBS volumes. With Amazon EBS encryption, you can now create an encrypted EBS volume
and attach it to a supported instance type. Data on the volume, disk I/O, and snapshots created from the volume are then all encrypted. The encryption
occurs on the servers that host the EC2 instances, providing encryption of data as it moves between EC2 instances and EBS storage. EBS encryption is based
on the industry standard AES-256 cryptographic algorithm.

To get started, simply enable encryption when you create a new EBS volume using the AWS Management Console, API, or CLI. Amazon EBS encryption is available
for all the latest EC2 instances in all commercially available AWS regions.





Question Your company wants to backup the onsite file server to AWS but does not want to serve the files from S
to your office network when files need accessed. Which service and setup would you use to accomplish this task?

How many elastic IP addresses can a en EC-classic instance have assigned to it?
1. Use Amazon Import or export.
2. Create a cronjob to sync data to Amazon S3 nightly.
 3. Access Mostly Uused Products by 50000+ Subscribers
4. None of the above
Ans : 3
Exp : The AWS Storage Gateway is a service connecting an on premises software appliance with cloud based storage to provide seamless and secure integration
between an organizations on premises IT environment and AWSs storage infrastructure. The service allows you to securely store data in the AWS cloud for
scalable and cost effective storage. The AWS Storage Gateway supports industry standard storage protocols that work with your existing applications. It
provides low latency performance by maintaining frequently accessed data on premises while securely storing all of your data encrypted in Amazon Simple
Storage Service (Amazon S3) or Amazon Glacier.





Question :
How many elastic IP addresses can a en EC-classic instance have assigned to it?

1.
2.
3. Access Mostly Uused Products by 50000+ Subscribers
4.
Ans : 2
Exp : To create a launch configuration using an instance ID
1.Enter the as-create-launch-config command with the following parameters:

Launch configuration name = my-test-lc-from-instance
Instance ID = i-a8e09d9c

Create a launch configuration using Instance Id.
as-create-launch-config my-test-lc-from-instance --instance-id i-a8e09d9c

When the launch configuration is created, Auto Scaling returns a success message.

OK-Created launch config

2.Enter the as-describe-launch-configs command with the following parameter:
Launch configuration name = my-test-lc-from-instance

Describe the launch configuration.
as-describe-launch-configs my-test-lc-from-instance --show-long

The following description describes the launch configuration.

LAUNCH-CONFIG,my-test-lc-from-instance,ami-b8a63b88,t1.micro,(nil),aki-6065f250,
(nil),{/dev/sda1=snap-3decf207:6:true:standard},sg-d6b3dae6,2013-11-22T05:01:59.
291Z,false,arn:aws:autoscaling:us-east-1a:605053316265:launchConfiguration:39c956
71-708e-4cd2-8642-7fa491e3f114:launchConfigurationName/my-test-lc-from-instance,
(nil),(nil),false,(nil)

You can see that the descriptions of the new launch configuration matches the description of the instance used to
create this launch configuration, with the exception of the block device mapping. The block device mapping of the
new launch configuration consists of just the root device: /dev/sda1=snap-3decf207.
The block device mapping /dev/sdf is not associated with this new launch configuration.




Question : Scalability is a fundamental property of a good AWS system. What best describes scalability on AWS?
How many elastic IP addresses can a en EC-classic instance have assigned to it?
1. Scalability is the concept of planning ahead for what maximum resources will be required and building your infrastructure based on that capacity plan.
2. The law of diminishing returns will apply to resources as they are increased with workload.
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Scalability is not a fundamental property of the cloud.

Ans : 3
Exp : Auto Scaling allows you to scale your Amazon EC2 capacity up or down automatically according to conditions you define
. With Auto Scaling, you can ensure that the number of Amazon EC2 instances youre using increases seamlessly during demand spikes to maintain performance,
and decreases automatically during demand lulls to minimize costs. Auto Scaling is particularly well suited for applications that experience hourly, daily,
or weekly variability in usage. Auto Scaling is enabled by Amazon CloudWatch and available at no additional charge beyond Amazon CloudWatch fees.


Question : You are currently hosting multiple applications in a VPC and have logged numerous port scans
coming in from a specific IP address block. Your security team has requested that all access from
the offending IP address block be denied tor the next 24 hours.
Which of the following is the best method to quickly and temporarily deny access from the
specified IP address block?
How many elastic IP addresses can a en EC-classic instance have assigned to it?
1. Create an AD policy to modify Windows Firewall settings on all hosts in the VPC to deny access from the IP address block
2. Modify the Network ACLs associated with all public subnets in the VPC to deny access from the IP address block
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Modify the Windows Firewall settings on all Amazon Machine Images (AMIs) that your organization uses in that VPC to deny access from the
IP address block