Premium

AWS Certified Solutions Architect - Professional Questions and Answers (Dumps and Practice Questions)



Question : A customer has a website which shows all the deals available across the market. The site experiences a load of large EC instances generally.
However, a week before Thanksgiving vacation they encounter a load of almost 20 large instances. The load during that period varies over the day based on
the office timings. Which of the below mentioned solutions is cost effective as well as help the website achieve better performance?
 : A customer has a website which shows all the deals available across the market. The site experiences a load of  large EC instances generally.
1. Keep only 10 instances running and manually launch 10 instances every day during office hours.
2. Setup to run 10 instances during the pre-vacation period and only scale up during the office time by launching 10 more instances using the AutoScaling schedule.
3. Access Mostly Uused Products by 50000+ Subscribers
4. During the pre-vacation period setup a scenario where the organization has 15 instances running and 5 instances to scale up and down using Auto Scaling based on the
network I/O policy.




Correct Answer : Get Lastest Questions and Answer :
Explanation: AWS provides an on demand, scalable infrastructure. AWS EC2 allows the user to launch On-Demand instances and the organization should create an AMI of the
running instance. When the organization is experiencing varying loads and the time of the load is not known but it is higher than the routine traffic it is recommended that the
organization launches a few instances before hand and then setups AutoScaling with policies which scale up and down as per the EC2 metrics, such as Network I/O or CPU utilization.
If the organization keeps all 10 additional instances as a part of the AutoScaling policy sometimes during a sudden higher load it may take time to launch instances and may not give
an optimal performance. This is the reason it is recommended that the organization keeps an additional 5 instances running and the next 5 instances scheduled as per the AutoScaling
policy for cost effectiveness.






Question : QuickTechie.com has created multiple components of a single application for compartmentalization. Currently all the components are hosted on a single EC instance.
Due to security reasons QuickTechie wants to implement two separate SSLs for the separate modules although it is already using VPC.
How can the organization achieve this with a single instance?
  : QuickTechie.com has created multiple components of a single application for compartmentalization. Currently all the components are hosted on a single EC instance.
1. Create a VPC instance which will have multiple network interfaces with multiple elastic IP addresses.
2. You have to launch two instances each in a separate subnet and allow VPC peering for a single IP.
3. Access Mostly Uused Products by 50000+ Subscribers
4. Create a VPC instance which will have multiple subnets attached to it and each will have a separate IP address.

Correct Answer : Get Lastest Questions and Answer :
Explanation: In EC2-VPC, you can specify multiple private IP addresses for your instances. The number of network interfaces and private IP addresses that you can specify
for an instance depends on the instance type. For more information, see Private IP Addresses Per ENI Per Instance Type.
It can be useful to assign multiple private IP addresses to an instance in your VPC to do the following:
Host multiple websites on a single server by using multiple SSL certificates on a single server and associating each certificate with a specific IP address.
Operate network appliances, such as firewalls or load balancers, that have multiple private IP addresses for each network interface.
Redirect internal traffic to a standby instance in case your instance fails, by reassigning the secondary private IP address to the standby instance.
How Multiple IP Addresses Work

The following list explains how multiple IP addresses work with network interfaces:

You can assign a secondary private IP address to any network interface. The network interface can be attached to or detached from the instance.
You must choose a secondary private IP address that's in the CIDR block range of the subnet for the network interface.
Security groups apply to network interfaces, not to IP addresses. Therefore, IP addresses are subject to the security group of the network interface in which they're specified.
Secondary private IP addresses can be assigned and unassigned to elastic network interfaces attached to running or stopped instances.
Secondary private IP addresses that are assigned to a network interface can be reassigned to another one if you explicitly allow it.
When assigning multiple secondary private IP addresses to a network interface using the command line tools or API, the entire operation fails if one of the secondary private IP
addresses can't be assigned.
Primary private IP addresses, secondary private IP addresses, and any associated Elastic IP addresses remain with the network interface when it is detached from an instance or
attached to another instance.
Although you can't move the primary network interface from an instance, you can reassign the secondary private IP address of the primary network interface to another network
interface.
You can move any additional network interface from one instance to another.
The following list explains how multiple IP addresses work with Elastic IP addresses:
Each private IP address can be associated with a single Elastic IP address, and vice versa.
When a secondary private IP address is reassigned to another interface, the secondary private IP address retains its association with an Elastic IP address.
When a secondary private IP address is unassigned from an interface, an associated Elastic IP address is automatically disassociated from the secondary private IP address.






Question : Acmeshell.com is planning to create a secure scalable application with AWS VPC and ELB and has two instances already running and each instance has an
ENI attached to it in addition to a primary network interface. The primary network interface and additional ENI both have an elastic IP attached to it.
If those instances are registered with ELB and Acmeshell wants ELB to send data to a particular EIP of the instance, how can they achieve this?
  : Acmeshell.com is planning to create a secure scalable application with AWS VPC and ELB and has two instances already running and each instance has an
1. Acmeshell should ensure that the IP which is required to receive the ELB traffic is attached to an additional ENI.
2. It is not possible to attach an instance with two ENIs with ELB as it will give an IP conflict error.
3. Access Mostly Uused Products by 50000+ Subscribers
4. Acmeshell should ensure that the IP which is required to receive the ELB traffic is attached to a primary network interface.


Correct Answer : Get Lastest Questions and Answer :
Explanation: Elastic Load Balancing automatically distributes incoming web traffic across multiple EC2 instances. With Elastic Load Balancing, you can add and remove EC2
instances as your needs change without disrupting the overall flow of information. If an EC2 instance fails, Elastic Load Balancing automatically reroutes the traffic to the
remaining running EC2 instances. If a failed EC2 instance is restored, Elastic Load Balancing restores the traffic to that instance. Elastic Load Balancing offers clients a single
point of contact, and it can also serve as the first line of defense against attacks on your network. You can offload the work of encryption and decryption to Elastic Load Balancing
so that your servers can focus on their main work. Amazon Virtual Private Cloud (Amazon VPC) allows the user to define a virtual networking environment in a private, isolated section
of the Amazon Web Services (AWS) cloud. The user has complete control over the virtual networking environment. Within this virtual private cloud, the user can launch AWS resources,
such as an ELB, and EC2 instances. There are two ELBs available with VPC: internet facing and internal (private) ELB. For the internet facing ELB it is required that the ELB should
be in a public subnet.
When the user registers a multi-homed instance (an instance that has an Elastic Network Interface (ENI) attached) with a load balancer, the load balancer will route the traffic to
the IP address of the primary network interface (eth0).
Benefits of Elastic Load Balancing

When you use Elastic Load Balancing to manage traffic to your application, you get the following benefits:

Requests are distributed to EC2 instances in multiple Availability Zones, minimizing the risk of overloading one single instance. If an entire Availability Zone goes offline, the
load balancer routes traffic to instances in other Availability Zones.
The health of your EC2 instances registered with the load balancer so that requests are sent only to the healthy instances. If an instance becomes unhealthy, Elastic Load
Balancing stops sending traffic to that instance and spreads the load across the remaining healthy instances.
Support for end-to-end traffic encryption on those networks that use secure (HTTPS/SSL) connections.
The ability to take over the encryption and decryption work from the EC2 instances, and manage it centrally on the load balancer.
Support for sticky sessions, which is the ability to "stick" user sessions to specific EC2 instances.
Association of the load balancer with your domain name. Because the load balancer is the only computer that is exposed to the Internet, you don't have to create and manage public
domain names for the instances that the load balancer manages. You can point the instance's domain records at the load balancer instead and scale as needed (either adding or
removing capacity) without having to update the records with each scaling activity.
Support for security groups associated with your load balancer to provide additional networking and security options.







Related Questions


Question : Sometime it ispossible that your customer gateway becomes unavailable, and to protect against a loss of connectivity between QuickTechie.com Inc Geneva
datacenter and AWS VPC, You will set up a second VPN connection to your VPC by using a second customer gateway. By using redundant VPN connections and customer
gateways, you can perform maintenance on one of your customer gateways while traffic continues to flow over the second customer gateway's VPN connection. To
establish redundant VPN connections and customer gateways on your network, you need to set up a second VPN connection. The customer gateway IP address

  : Sometime it ispossible that your customer gateway becomes unavailable, and to protect against a loss of connectivity between QuickTechie.com Inc Geneva
1. for second VPN connection must be publicly accessible
2. can be the same public IP address that you are using for the first VPN connection.
3. for second VPN connection must be privately accessible
4. 1 and 2
5. 2 and 3


Question : You have created a VPN for your organization and found that tunnel credentials for your VPN connection have been compromised. What you must do ?
  : You have created a VPN for your organization and found that tunnel credentials for your VPN connection have been compromised. What you must do ?
1. change the IKE preshared key
2. delete the VPN connection
3. delete the VPC and create new one
4. 1 and 2
5. All 1,2 and 3 are correct


Question : The device on the AWS side of the VPN connection is the ________________ .


  : The device on the AWS side of the VPN connection is the ________________ .
1. virtual private gateway
2. private gateway
3. customer gateway
4. customer gateway's external interface



Question : QuickTechie.com has multiple branch offices and existing Internet connections. You also have multiple VPN connections with AWS, but wish to
establish secure communication between sites. Select the correct statement.
 :  QuickTechie.com has multiple branch offices and existing Internet connections. You also have multiple VPN connections with AWS, but wish to
1. you can provide secure communication between sites using the AWS VPN CloudHub
2. To use the AWS VPN CloudHub, you must create a virtual private gateway with multiple customer gateways
3. To use the AWS VPN CloudHub, you must create a virtual private gateway with single customer gateways
4. 1 and 2
5. 1 and 3



Question : There is a big Investment bank who wish to use cloud infrastructire. However, they are having huge portfolio of customers and thier data needs to
be confidential. They are having 100 number of App Servers and In house Oracle database setup. How they can leverage the AWS cloud infra.

 :   There is a big Investment bank who wish to use cloud infrastructire. However, they are having huge portfolio of customers and thier data needs to
1. The organization should plan the all 100 app server on the public subnet and oracle rds in a private subnet so it will not be in the public cloud.
2. The organization should plan the app server on the public subnet and keep the Oracle database in the organization's data center and connect them with the VPN gateway.
3. The organization should plan the app server on the public subnet and use RDS with the private subnet for a secure data operation.
4. The organization should use the public subnet for the app server and use RDS with a storage gateway to access as well as sync the data securely from the local data center.





Question : Select the correct statement regrading VPC and Subnet
  : Select the correct statement regrading VPC and Subnet
1. You can create a VPC that spans multiple Availability Zones
2. subnet must reside entirely within one Availability Zone and cannot span zones
3. If a subnet have a route to the Internet gateway, the subnet is known as a private subnet
4. 1,2
5. 1,2,3