Premium

AWS Certified Solutions Architect - Professional Questions and Answers (Dumps and Practice Questions)



Question : QuickTechie.com is setting up a highly scalable application using the Elastic Beanstalk and is using ELB and RDS with VPC.
QuickTechie.com has public and private subnets within the cloud. Which of the below mentioned configurations will not work in this scenario?
: QuickTechie.com is setting up a highly scalable application using the Elastic Beanstalk and is using ELB and RDS with VPC.
1. The configuration must have two private subnets in separate AZs.
2. The configuration must have public and private subnets in the same AZ.
 3. Access Mostly Uused Products by 50000+ Subscribers
4. It is recommended to setup RDS in a private subnet and ELB in a public subnet.



Correct Answer : Get Lastest Questions and Answer :
Exp: When you use Amazon VPC with Elastic Beanstalk, you can launch Elastic Beanstalk resources, such as Amazon EC2 instances, in a public or private subnet. The subnets that you
require depend on your Elastic Beanstalk application environment type and whether the resources you launch are public or private. The following scenarios discuss sample VPC
configurations that you might use for a particular environment. Single-instance environments : For single-instance environments, Elastic Beanstalk assigns an Elastic IP address
(a static, public IP address) to the instance so that it can communicate directly with the Internet. No additional network interface, such as a network address translator (NAT), is
required for a single-instance environment.
If you have a single-instance environment without any associated private resources, such as a back-end Amazon RDS DB instance, create a VPC with one public subnet and include the
instance in that subnet. For more information, see Example: Launching a Single-Instance Environment without Any Associated Private Resources in a VPC.
If you have resources that you don't want public, create a VPC with one public subnet and one private subnet. Add all your public resources like the single Amazon EC2 instance in
the public subnet, and add private resources like a back-end Amazon RDS DB instance in the private subnet. If you do launch an Amazon RDS DB instance in a VPC, you must create at
least two different private subnets that are in different Availability Zones (an Amazon RDS requirement).
Load-balancing, autoscaling environments : For load-balancing, autoscaling environments, you can either create a public and private subnet for your VPC or use a single public
subnet. In the case of a load-balancing, autoscaling environment with both a public and private subnet, Amazon EC2 instances in the private subnet require Internet connectivity.

Consider the following scenarios. The Amazon Virtual Private Cloud (Amazon VPC) allows the user to define a virtual networking environment in a private, isolated section of the
Amazon Web Services (AWS) cloud. The user has complete control over the virtual networking environment. If the organization is planning to implement a scalable secure application
using RDS, VPC and ELB the organization should follow below mentioned configurations:
" Setup RDS in a private subnet
" Setup ELB in a public subnet
" Since RDS needs a subnet group, the organization should have two private subnets in the same zone
" The ELB needs private and public subnet to be part of same AZs
It is not required that instances should have a public IP assigned to them. The instances can be a part of a private subnet and the organization can setup a corresponding routing
mechanism.
If you want your Amazon EC2 instances to have a private IP address, create a public and private subnet for your VPC in each Availability Zone (an Elastic Beanstalk requirement).
Then add your public resources, like the load balancer and NAT, to the public subnet. That way, Elastic Beanstalk assigns them unique Elastic IP addresses (a static, public IP
address). Launch your Amazon EC2 instances in the private subnet so that Elastic Beanstalk assigns them nonrouteable private IP addresses. Without a public IP address, an
Amazon EC2 instance can't directly communicate with the Internet. Although Amazon EC2 instances in a private subnet can't send outbound traffic by default, neither can they
receive unsolicited inbound connections from the Internet.

To enable communication between the private subnet and the public subnet and the Internet beyond the public subnet, create routing rules that do the following:
Route all inbound traffic to an Amazon EC2 instance through a load balancer.
Route all outbound traffic from an Amazon EC2 instance through a NAT.






Question : QuickTechie.com has launched a large EC instance with an EBS store backed AMI and an additional ephermal drive and wants to ensure that even during
the outage all the critical data will not be lost. Which of the below mentioned steps will not help the QuickTechie achieve their goal?

: QuickTechie.com has launched a large EC instance with an EBS store backed AMI and an additional ephermal drive and wants to ensure that even during
1. Keep moving all the log files generated on the ephermal drive to the EBS volume for the audit trails.
2. Setup the EBS volume with the DeleteOnTermination flag set to False to ensure that EBS survives instance termination.
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Take a snapshot of the EBS volume at regular intervals for backup purpose.



Correct Answer : Get Lastest Questions and Answer :
Exp:AWS provides an on demand, scalable infrastructure. AWS EC2 allows the user to launch On-Demand instances and the organization should create an AMI of the running instance. If
the organization has launched an instance with the EBS root device and an additional ephermal drive, it is advised that the organization should keep taking a backup of all critical
ephermal data to EBS. The organization should also keep moving important data to S3 for higher durability. In this way even if the application fails the data can be restored. For the
EBS backup, the organization should always take a snapshot at regular intervals.
Since the organization is launching an instance with an EBS based root device, by default the DeleteOnTermination flag is set to True. In the present scenario if the instance gets
terminated the EBS will also be deleted. It is recommended to have the flag as False so that when the instance is terminated it will not delete the volume.







Question : QuickTechie.com has hosted an application on the EC instances. There will be multiple users connecting to the instance for setup and configuration of
application. QuickTechie is planning to implement certain security best practices. Which of the below mentioned pointers will not help the QT to achieve better security arrangement?

: QuickTechie.com has hosted an application on the EC instances. There will be multiple users connecting to the instance for setup and configuration of
1. Allow only IAM users to connect with the EC2 instances with their own secret access key.
2. Apply the latest patch of OS and always keep it updated.
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Create a procedure to revoke the access rights of the individual user when they are not required to connect to EC2 instance anymore for the purpose of application configuration.



Correct Answer : Get Lastest Questions and Answer :
Exp: Once you've launched an EC2 instance, you can connect to it just like any other remote server. To keep communications to your EC2 instances as secure as possible, you should use
secure and encrypted protocols such as Secure Shell (SSH) to access your instance instead of Telnet, because Telnet transmits information in cleartext over the network.

Additional security can be provided by using secure authentication methods. We recommend using public-key authentication instead of passwords to remotely log in to your instances
with SSH. Passwords are vulnerable to a variety of simple attacks, including dictionary and brute-force attacks.

If you used the Amazon Linux AMI to launch your instance, the password login feature is already disabled by default and you must use a public/private key pair to SSH into the
instance. You can use the AWS Management Console to create the key pair or you can use a third-party tool like ssh-keygen (a tool provided with the standard OpenSSH installation) and
import the public key to EC2.

If you're using a third-party AMI or one you've created, the AMI may not have the password authentication option disabled by default. You should take a moment to verify and disable
that option. Since AWS is a public cloud any application hosted on EC2 is prone to hacker attacks. It becomes extremely important for a user to setup a proper security mechanism on
the EC2 instances. A few of the security measures are listed below:
" Always keep the OS updated with the latest patch
" Always create separate users with in OS if they need to connect with the EC2 instances, create their keys and disable their password
" Create a procedure using which the admin can revoke the access of the user when the business work on the EC2 instance is completed
" Lock down unnecessary ports
" Audit any proprietary applications that the user may be running on the EC2 instance
" Provide temporary escalated privileges, such as sudo for users who need to perform occasional privileged tasks
The IAM is useful when users are required to work with AWS resources and actions, such as launching an instance. It is not useful to connect (RDP / SSH) with an instance.





Related Questions

Question : When you are trying to delete default security group, what would happen in AWS VPC
 : When you are trying to delete default security group, what would happen in AWS VPC
1. Successfully deleted
2. It will be delted, but immediately another default one would be created without any rule.
3. you'll get the following error: Client.CannotDelete: the specified group: "sg-51530134" name: "default" cannot be deleted by a user.
4. Successfully deleted, with warning.


Question : AWS VPC automatically comes with a modifiable default network ACL, select the correct statement for this default ACL.
 : AWS VPC automatically comes with a modifiable default network ACL, select the correct statement for this default ACL.
1. it allows all inbound and outbound traffic.
2. it allows all inbound traffic only.
3. it allows all outbound traffic only.
4. it would not allow all inbound and outbound traffic.


Question : Consider the following policy definition.

{
"Version": "2012-10-17",
"Statement":[{
"Effect":"Allow",
"Action":["ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeInternetGateways",
"ec2:DescribeCustomerGateways",
"ec2:DescribeVpnGateways",
"ec2:DescribeVpnConnections",
"ec2:DescribeRouteTables",
"ec2:DescribeAddresses",
"ec2:DescribeSecurityGroups",
"ec2:DescribeNetworkAcls",
"ec2:DescribeDhcpOptions",
"ec2:DescribeTags",
"ec2:DescribeInstances"],
"Resource":"*"
}
]
}

Select the correct statement which applies.
 : Consider the following policy definition.
1. policy grants users permission to list your VPCs and their components. They can create, update, or delete them.
2. policy grants users permission to list your VPCs and their components. They can't create, update, or delete them.
3. policy grants users permission to list your VPCs and their components. They can create, update, but cant delete them.
4. grants users permission to launch instances, stop instances, start instances, terminate instances, and describe the available resources for Amazon EC2 and Amazon VPC.




Question : Consider the following policy definition.

{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": "ec2:RunInstances",
"Resource": [
"arn:aws:ec2:region::image/ami-*",
"arn:aws:ec2:region:account:instance/*",
"arn:aws:ec2:region:account:subnet/subnet-1a2b3c4d",
"arn:aws:ec2:region:account:network-interface/*",
"arn:aws:ec2:region:account:volume/*",
"arn:aws:ec2:region:account:key-pair/*",
"arn:aws:ec2:region:account:security-group/sg-123abc123"
]
}
]
}

Select the correct statement which applies.
 : Consider the following policy definition.
1. grants users permission to launch instances into a specific subnet, and to use a specific security group in the request
2. policy grants users permission to list your VPCs and their components. They can't create, update, or delete them.
3. policy grants users permission to list your VPCs and their components. They can create, update, but cant delete them.
4. grants users permission to launch instances, stop instances, start instances, terminate instances, and describe the available resources for Amazon EC2 and Amazon VPC.


Question : Question : Consider the following policy definition.

{
"Version": "2012-10-17",
"Statement":[{
"Effect":"Allow",
"Action": "ec2:AcceptVpcPeeringConnection",
"Resource": "arn:aws:ec2:region:account:vpc-peering-connection/*",
"Condition": {
"ArnEquals": {
"ec2:RequesterVpc": "arn:aws:ec2:region:444455556666:vpc/*"
}
}
},
{
"Effect": "Allow",
"Action": "ec2:AcceptVpcPeeringConnection",
"Resource": "arn:aws:ec2:region:account:vpc/*",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/Purpose": "Peering"
}
}
}
]
}
Select the correct statement which applies.
 : : Consider the following policy definition.
1. allows users to accept VPC peering connection requests from AWS account 444455556666 only
2. policy also grants users permissions to accept VPC peering requests only when your VPC has the tag Purpose=Peering.
3. policy grants users permission to list your VPCs and their components. They can create, update, but cant delete them.
4. 1 and 2
5. 2 and 3


Question : Select incorrect statement regarding elastic ip address in AWS VPC.
 : Select incorrect statement regarding elastic ip address in AWS VPC.
1. An Elastic IP address is a static, public IP address designed for dynamic cloud computing.
2. You can associate an Elastic IP address with any instance or network interface for your VPC.
3. With an Elastic IP address, you can mask the failure of an instance by rapidly remapping the address to another instance in your VPC.
4. advantage of associating the Elastic IP address with the network interface instead of directly with the instance is that you can move all the attributes of the network
interface from one instance to another in a single step.
5. None of above