Premium

AWS Certified Solutions Architect – Associate Questions and Answers (Dumps and Practice Questions)



Question : In which of the following scenario you can use ELB?
A. When you want to have your website to be served by EC2 instances across the regions. So that ELB can send your EC2 request to the any region which
gives you better resiliency.
B. You can use ELB for the website and hosted in single region.
C. You have application servers in application layer and webservers are in web layer. Now, you need to balance the load from webserver to app server.
Then also you can use it.
D. If you want to have secure communication between end user and server using HTTPS, then also you can use ELB.

: In which of the following scenario you can use ELB?
1. A,B,C
2. B,C,D
 3. Access Mostly Uused Products by 50000+ Subscribers
4. B,C,D

Correct Answer : Get Lastest Questions and Answer :
Explanation: You cannot use ELB in front of EC2 instances which are across the regions. However, you can use it for any internet application
service from single region with the fleet of EC2 instances, you can also configure the HTTPS to have secure communication. Similarly communication and
load balancing on internal layer also possible using ELB.




Question : You have a website hosted on the AWS with EC severs behind the ELB . You have been informed that there will a commercial advertisement
coming up on the TV, which will certainly increase the traffic by 30%-70%, however it cannot be predicted. What all are the possibilities by which you
can configure the auto scaling group?

: You have a website hosted on the AWS with EC severs behind the ELB . You have been informed that there will a commercial advertisement
1. You can have configured auto scaling to handle 70% of extra traffic for a scheduled time based on commercial advertisement timings.

2. You can also configured auto scaling group so that manually you can auto scale.

 3. Access Mostly Uused Products by 50000+ Subscribers

4. 1 and 2

5. 1,2, AND 3

Correct Answer : Get Lastest Questions and Answer :
Explanation: You can configure auto scaling group with the following supported plans.
- Manually scaling
- Schedule the auto scaling
- Based on dynamically scale
- Whatever is the current scaling maintain it.






Question : When a network condition prevents the delivery of packets across the Internet,
the gateways of your VPN delete their Security Associations and attempt to create new ones.
What enables the VPN devices to detect such blocking event?


: When a network condition prevents the delivery of packets across the Internet,
1. Diffie-Hellman key exchange
2. Public key infrastructure
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Dead Peer Detection
Ans : 4
Exp : Equirements for Your Customer Gateway

If you have a device that isn't in the preceding list of tested devices, this section describes the requirements the device must meet for you to use it
with
Amazon VPC. The following lists the requirement the customer gateway must adhere to, the related RFC (for reference), and comments about the
requirement.

To provide context for the following requirements, think of each VPN connection as consisting of two separate tunnels. Each tunnel contains an IKE
Security
Association, an IPsec Security Association, and a BGP Peering. Note that you are limited to 2 Security Associations (SAs), one inbound and one outbound.
Some devices use policy-based VPN and will create as many SAs as ACL entries. Therefore, you may need to consolidate your rules and then filter so you
don't
permit unwanted traffic.

The VPN tunnel comes up when traffic is generated from your side of the VPN connection. The AWS endpoint is not the initiator; your customer gateway must
initiate the tunnels.

Utilize IPsec Dead Peer Detection
The use of Dead Peer Detection enables the VPN devices to rapidly identify when a network condition prevents delivery of packets across the Internet.
When
this occurs, the gateways delete the Security Associations and attempt to create new associations. During this process, the alternate IPsec tunnel is
utilized if possible.





Question : Which is the wrong statement regarding "Security Group" in VPC

1. Operates at the instance level (first layer of defense)
2. Supports allow rules only
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Is stateless: Return traffic must be explicitly allowed by rules
5. It evaluate all rules before deciding whether to allow traffic


: When a network condition prevents the delivery of packets across the Internet,
1. 1,2
2. 2,3
 3. Access Mostly Uused Products by 50000+ Subscribers
4. 4
5. 5

Ans : 4
Exp :The following table summarizes the basic differences between security groups and network ACLs.

Security Group
Operates at the instance level (first layer of defense)
Supports allow rules only
Is stateful: Return traffic is automatically allowed, regardless of any rules
We evaluate all rules before deciding whether to allow traffic
Applies to an instance only if someone specifies the security group when launching the instance, or associates the security group with the instance
later on

Network ACL
Operates at the subnet level (second layer of defense)
Supports allow rules and deny rules
Is stateless: Return traffic must be explicitly allowed by rules
We process rules in number order when deciding whether to allow traffic
Automatically applies to all instances in the subnets it's associated with
(backup layer of defense, so you don't have to rely on someone specifying the security group)




Question : You are working with AWS resources e.g. S , RDS and Amazon Glacier. Now, you will be interacting these resources in a controlled manner
and these all access controlled are defined in AWS IAM policy. Which all you can define in the IAM policy?
A. User name and Password, which has access to AWS resources e.g. S3, Glacier
B. Region specific to the user
C. Actions what all user can do
D. Service names on which user has permissions

: When a network condition prevents the delivery of packets across the Internet,
1. A,B
2. B,C
 3. Access Mostly Uused Products by 50000+ Subscribers
4. A,D
5. B,D

Correct Answer : Get Lastest Questions and Answer :
Explanation: First of all , please note the below facts about IAM policy and understand the concepts.
- IAM policies are not specific to any region. It can be applied to any Principal in Any region, it should be an IAM user
- IAM policy is about authorization (what user can do?) , because user is already authenticated. Hence, there is need to store user credentials in any
IAM policy.






Related Questions

Question :

When stopping an EC2 classic instance, which ONE is true?

 :
1. Ephemeral storage is lost.
2. An attached Elastic IP Address is detached from the instance.
3. Access Mostly Uused Products by 50000+ Subscribers
4. None of the above



Question : You are creating an Auto Scaling group whose Instances need to insert a custom metric into CloudWatch.
Which method would be the best way to authenticate your CloudWatch PUT request?
 : You are creating an Auto Scaling group whose Instances need to insert a custom metric into CloudWatch.
1. Create an IAM role with the PutMetricData permission and modify the Auto Scaling launch configuration to launch instances in that role
2. Create an IAM user with the PutMetricData permission and modify the Auto Scaling launch configuration to inject the userscredentials into
the instance User Data
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Create an IAM user with the PutMetricData permission and put the credentials in a private repository and have applications on the server
pull the credentials as needed


Question :

Which types of applications, when running on an EC2 instance, would you consider using provisioned IOPS for?

 :
1. Web Servers
2. File Servers
 3. Access Mostly Uused Products by 50000+ Subscribers
4. All of the above


Question : In VPC, as per the requirements of your customer gateway is to utilize the ______ hashing function
to authenticate both IKE and IPsec Security Associations.

 : In VPC, as per the requirements of your customer gateway is to utilize the ______ hashing function
1. HMAC
2. SHA-224
 3. Access Mostly Uused Products by 50000+ Subscribers
4. MD5


Question : You have a web application leveraging an Elastic Load Balancer (ELB) In front of the web servers
deployed using an Auto Scaling Group Your database is running on Relational Database Service
(RDS) The application serves out technical articles and responses to them in general there are
more views of an article than there are responses to the article. On occasion, an article on the site
becomes extremely popular resulting in significant traffic Increases that causes the site to go
down.
What could you do to help alleviate the pressure on the infrastructure while maintaining availability
during these events?
Choose 3 answers

A. Leverage CloudFront for the delivery of the articles.
B. Add RDS read-replicas for the read traffic going to your relational database
C. Leverage ElastiCache for caching the most frequently used data.
D. Use SQS to queue up the requests for the technical posts and deliver them out of the queue.
E. Use Route53 health checks to fail over to an S3 bucket for an error page.

 : You have a web application leveraging an Elastic Load Balancer (ELB) In front of the web servers
1. A,B,C
2. B,C,D
 3. Access Mostly Uused Products by 50000+ Subscribers
4. A,B,D
5. B,C,E


Question :

At which frequency of updates will Amazon CloudWatch monitor your EC2 instances for free?

 :
1. 1
2. 5
 3. Access Mostly Uused Products by 50000+ Subscribers
4. 10