AWS Certified Solutions Architect – Associate Questions and Answers (Dumps and Practice Questions)
Question : Administrator of your company has uploaded a big file assuming it very infrequently accessed data, and while accessing the data you find it
is
taking several
hours to checkout the data. So which one of the following storage has been used by the Administrator
1. Standard S3 storage
2. RRS , Reduced Redundancy Storage
3. Access Mostly Uused Products by 50000+ Subscribers
4. None of the above
Correct Answer : Get Lastest Questions and Answer :
Amazon Glacier is an extremely low-cost storage service that provides secure and durable storage for data archiving and backup. In order to keep costs
low,
Amazon Glacier is optimized for data that is infrequently accessed and for which retrieval times of several hours are suitable. With Amazon Glacier,
customers can reliably store large or small amounts of data for as little as $0.01 per gigabyte per month, a significant savings compared to on-premises
solutions.
Companies typically over-pay for data archiving. First, they are forced to make an expensive upfront payment for their archiving solution (which does not
include the ongoing cost for operational expenses such as power, facilities, staffing, and maintenance). Second, since companies have to guess what their
capacity requirements will be, they understandably over-provision to make sure they have enough capacity for data redundancy and unexpected growth. This
set
of circumstances results in under-utilized capacity and wasted money. With Amazon Glacier, you pay only for what you use. Amazon Glacier changes the
game for
data archiving and backup as you pay nothing upfront, pay a very low price for storage, and can scale your usage up or down as needed, while AWS handles
all
of the operational heavy lifting required to do data retention well. It only takes a few clicks in the AWS Management Console to set up Amazon Glacier
and
then you can upload any amount of data you choose.
Question : You have created a VPC in a region which has three AZ, now you will be creating public subnet on each AZ and create one instance in each
AZ. Each instance is hosting a different, different website. However, these are the websites which want to communicate with the internet. So you will be …
1. Creating three IGW and attach each one to different subnet, so that they are accessible from internet.
2. Creating three IGW and attach them to VPC and each EC2 server will use independent IGW for accessing internet.
3. Access Mostly Uused Products by 50000+ Subscribers
4. Creating only one IGW and attach it to VPC. You have to create a route in route table attached to subnet, which can send traffic via
IGW.
Correct Answer : Get Lastest Questions and Answer :
Explanation: You will be having one IGW for each VPC and you will be attaching it to VPC. And you will be configuring each subnet with a
route table, route using IGW. So that they can send traffic to internet.
Question : You are working with a social media company, which stores photos, videos and audio files of the users in S and all the related metadata is
stored in the DynamoDB . Your website represents slide show or individual media item, underneath of each slide you want to show related metadata as
well, which is stored in DynamoDB . Which of the following is fastest and correct way to extract metadata from DynamoDB?
1. You will be scanning entire table, in which metadata stored and get the related metadata from that.
2. You will fire search operation on DynamoDB table, and get the related result.
3. Access Mostly Uused Products by 50000+ Subscribers
4. You will be using find operation, so that related metadata can be retrieved from the table
Correct Answer : Get Lastest Questions and Answer :
Explanation: As you know, in the question it is asked to fetch metadata information related to individual media. Hence, you need to use
Query operation for faster retrieval of metadata from DynamoDB table.
Related Questions
Question :EC Instances deployed in VPC within a private subnet can be accessed from the Internet via _____ that must be
launched within a public subnet of your VPC.
1. Firewall
2. Bastion host
3. Access Mostly Uused Products by 50000+ Subscribers
4. None of the above
Question : What is the most secure option to connect to instances without Internet connectivity in private subnet VPC?
1. Using a bastion host server to connect to the instances.
2. Enable internet connectivity and configure security group to connect to the instances
3. Access Mostly Uused Products by 50000+ Subscribers
4. Enable internet connectivity and configure NACL and security group to connect to the instances.
Question : Which AWS service could be used for exporting data in Amazon DynamoDB to Amazon S and importing
data in Amazon S3 to Amazon DynamoDB and Querying live Amazon DynamoDB data using SQL-like statements:
1. Amazon Redshift
2. Amazon OpsWorks
3. Access Mostly Uused Products by 50000+ Subscribers
4. Amazon Elastic MapReduce
Ans : 4
Exp : use Amazon Elastic MapReduce (Amazon EMR) with a customized version of Hive that includes connectivity to Amazon DynamoDB to perform operations on
data stored in DynamoDB, such as:
Exporting data stored in DynamoDB to Amazon S3.
Importing data in Amazon S3 to DynamoDB.
Querying live DynamoDB data using SQL-like statements (HiveQL).
Joining data stored in DynamoDB and exporting it or querying against the joined data.
Loading DynamoDB data into the Hadoop Distributed File System (HDFS) and using it as input into an Amazon EMR job flow.
Question :Which AWS service can be used to define a Virtual Network that closely resembles a traditional data center?
1. Amazon ServiceBus
2. Amazon EMR
3. Access Mostly Uused Products by 50000+ Subscribers
4. Amazon VPC
Ans: 4
Exp : Amazon VPC lets you provision a logically isolated section of the Amazon Web Services (AWS) Cloud where you can launch AWS resources in a
virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address
range, creation of subnets, and configuration of route tables and network gateways. You can also create a Hardware Virtual Private Network (VPN)
connection between your corporate datacenter and your VPC and leverage the AWS cloud as an extension of your corporate datacenter.
You can easily customize the network configuration for your Amazon VPC. For example, you can create a public-facing subnet for your web servers that have
access to the Internet, and place your backend systems such as databases or application servers in a private-facing subnet with no Internet access. You can
leverage multiple layers of security, including security groups and network access control lists, to help control access to Amazon EC2 instances in each
subnet.
Question :Apache Hive is a software layer that you can use to query map reduce job flows using a simplified,
SQL-like query language called HiveQL. It runs on top of the __________ architecture
1. HDFS
2. Hadoop
3. Access Mostly Uused Products by 50000+ Subscribers
4. Parallel Query
Ans : 2
Exp : Apache Hive is a software layer that you can use to query map reduce job flows using a simplified, SQL-like query language called HiveQL. It runs
on top of the Hadoop architecture. For more information about Hive and HiveQL
There are several ways to launch an Amazon EMR job flow: you can use the AWS Management Console Amazon EMR tab, the Amazon EMR command-line interface (CLI),
or you can program your job flow using the AWS SDK or the API. You can also choose whether to run a Hive job flow interactively or from a script. In this
document, we will show you how to launch an interactive Hive job flow from the console and the CLI.
Using Hive interactively is a great way to test query performance and tune your application. Once you have established a set of Hive commands that will run
on a regular basis, consider creating a Hive script that Amazon EMR can run for you.
Question : Which of the following is NOT a status for standard and provisioned IOPS volumes?
1. insufficient-data
2. warning
3. Access Mostly Uused Products by 50000+ Subscribers
4. impaired
Ans :3
Exp : Overall Volume Status
Ok , warning , impaired and insufficient-data
Question : Which of the following strategies can NOT be used to control access to your Amazon EC instances?
1. IAM Policies
2. DB Security Groups
3. Access Mostly Uused Products by 50000+ Subscribers
4. EC2 Security Groups
Ans : 1
Exp : IAM policies allow you to specify what actions your IAM users are allowed to perform against your EC2 Instances. However, when it comes to access
control, Security Groups are what you need in order to define and control the way you want your instances to be accessed, and whether or not certain
kind of communications are allowed or not.
Question : Each Amazon EBS Snapshot has a ______ attribute that you can set to one or more AWS Account IDs in order to share the AMI with those AWS Accounts.
1. LaunchPermission
2. AccessPermission
3. Access Mostly Uused Products by 50000+ Subscribers
4. VolumePermission
Ans : 4
Exp : Each Amazon EBS Snapshot has a VolumePermission attribute that you can set to one or more AWS Account IDs in order to share the AMI with those AWS
Accounts. To allow several AWS Accounts to use a particular EBS snapshot, you can use the snapshots's VolumePermission attribute to include a list of
the accounts that can use it.
Question :
If you delete a user in IAM, any residual remote references to that user (e.g., an Amazon SQS policy) display its associated unique ID
in the user's ______ instead of the users friendly name.
1. ID
2. ARN
3. Access Mostly Uused Products by 50000+ Subscribers
4. UID
Ans : 2
Exp : You might delete an IAM user from your account if someone quits your company. If the user is only temporarily unavailable, you can disable the
user's credentials instead of deleting the user entirely from the AWS account. That way, you can prevent the user from accessing the AWS account's
resources during the absence but you can re-enable the user later.
After you delete a user, any residual references to that user in other services (for example, in an Amazon SQS policy) display the unique ID in the user's
ARN instead of the user's friendly name. If you've stored the unique ID in your own system, you can then use the displayed unique ID to identify the deleted
user being referred to.
Question :
In Amazon AWS, it is recommend that you use the local instance store for temporary data and, for data requiring a higher level of durability, we recommend
using
1. Backing up the data to Amazon S3
2. Amazon EBS volumes or backing up the data to Amazon S3
3. Access Mostly Uused Products by 50000+ Subscribers
4. Amazon EC2 instances
Ans : 2
Exp : The data stored on a local instance store will persist only as long as that instance is alive. However, data that is stored on an Amazon EBS
volume will persist independently of the life of the instance. Therefore, we recommend that you use the local instance store for temporary data and, for
data requiring a higher level of durability, we recommend using Amazon EBS volumes or backing up the data to Amazon S3. If you are using an Amazon EBS
volume as a root partition, you will need to set the Delete On Terminate flag to "N" if you want your Amazon EBS volume to persist outside the life of
the instance.
Question :
Which kind of IP address should be given to an EC2 instance in order to make it publicly and consistently accessible?
1. Dynamic IP Address
2. Class A IP Address
3. Access Mostly Uused Products by 50000+ Subscribers
4. Class D IP Address
Ans : 3
Exp : Elastic IP Addresses in EC2-Classic
By default, we assign each instance in EC2-Classic two IP addresses at launch: a private IP address and a public IP address that is mapped to the private IP
address through network address translation (NAT). The public IP address is allocated from the EC2-Classic public IP address pool, and is associated with
your instance, not with your AWS account. You cannot reuse a public IP address after it's been disassociated from your instance.
If you use dynamic DNS to map an existing DNS name to a new instance's public IP address, it might take up to 24 hours for the IP address to propagate
through the Internet. As a result, new instances might not receive traffic while terminated instances continue to receive requests. To solve this problem,
use an EIP.
When you associate an EIP with an instance, the instance's current public IP address is released to the EC2-Classic public IP address pool. If you
disassociate an EIP from the instance, the instance is automatically assigned a new public IP address within a few minutes. In addition, stopping the
instance also disassociates the EIP from it.
Elastic IP Addresses in a VPC
We assign each instance in a default VPC two IP addresses at launch: a private IP address and a public IP address that is mapped to the private IP address
through network address translation (NAT). The public IP address is allocated from the EC2-VPC public IP address pool, and is associated with your instance,
not with your AWS account. You cannot reuse a public IP address after it's been disassociated from your instance.
We assign each instance in a nondefault VPC only a private IP address, unless you specifically request a public IP address during launch. To ensure that an
instance in a nondefault VPC that has not been assigned a public IP address can communicate with the Internet, you must allocate an Elastic IP address for
use with a VPC, and then associate that EIP with the elastic network interface (ENI) attached to the instance.
When you associate an EIP with an instance in a default VPC, or an instance in which you assigned a public IP to the eth0 network interface during launch,
its current public IP address is released to the EC2-VPC public IP address pool. If you disassociate an EIP from the instance, the instance is automatically
assigned a new public IP address within a few minutes. However, if you have attached a second network interface to the instance, the instance is not
automatically assigned a new public IP address; you'll have to associate an EIP with it manually. The EIP remains associated with the instance when you stop
it.
Question :
the following query strings cause CloudFront to cache
http://d111111abcdef8.cloudfront.net/images/image.jpg?parameter1=a
http://d111111abcdef8.cloudfront.net/images/image.jpg?parameter1=b
http://d111111abcdef8.cloudfront.net/images/image.jpg?parameter1=c
1. one object
2. four objects
3. Access Mostly Uused Products by 50000+ Subscribers
4. nothing
Ans :3
Exp : For web distributions, you can specify whether you want CloudFront to include query strings when it forwards requests to your origin. For example,
you can specify whether you want CloudFront to forward the ?parameter1=a part of the following URL:
http://d111111abcdef8.cloudfront.net/images/image.jpg?parameter1=a
If you configure CloudFront to forward query strings to your origin, CloudFront will include the query string portion of the URL when caching the object.
Above query strings in question cause CloudFront to cache three objects. This is true even if your origin always returns the same image.jpg regardless of
the query string
Question :
A new instance is launched in public VPC subnet. There is an internet gateway and a route entry as 0.0.0.0/0 but instance
can not reach internet. Other instances in this subnet have no issue. How can this problem be solved?
1. Instance should have either public IP or elastic IP.
2. A new security group should be created and allow outbound for any. Then instance should be attached to this security group.
3. Access Mostly Uused Products by 50000+ Subscribers
4. instance should be terminated and relaunched again.
Ans : 1
Exp : By default, instances launched into a nondefault VPC are not assigned a public IP address. To be able to connect to your instance, you can assign
a public IP address now, or allocate an Elastic IP address and assign it to your instance after it's launched.
Question :
If you believe that the tunnel credentials for your VPN connection to your VPC, have been compromised, you can change the .
1. IKE pre-shared key
2. Ipsec pre-shared key
3. Access Mostly Uused Products by 50000+ Subscribers
4. Tunnel pre-shared key
Question :
How can you change the Security Group membership of an ENI?
1. Using the Management Console, API actions or CLI commands of the service that owns the network interface By using the
service specific console or API\CLI commands
2. Using the Network Interface page
3. Access Mostly Uused Products by 50000+ Subscribers
Ans :1
Exp : The Security Group membership of a Network Interface can be modified using the Management Console, API actions and CLI commands of the Amazon Web
Service that owns the interface, e.g. Elastic Load Balancing, EC2, etc.
Question :
You can set the _____ of an Elastic Network Interface (ENIs) attached to an instance so that it will automatically
deleted when you delete the instance they re attached to.
1. kill behaviour
2. active behaviour
3. Access Mostly Uused Products by 50000+ Subscribers
4. de-provision behaviour
Ans 3
Exp :You can set the termination behavior for a network interface attached to an instance so that it is automatically deleted when you delete the instance
its attached to.
Note
By default, network interfaces that are automatically created and attached to instances using the AWS Management Console are set to terminate when the
instance terminates. However, network interfaces created using the command line interface arent set to terminate when the instance terminates.
You can change the terminating behavior for a network interface using the AWS Management Console or the command line.
Question :
Which of the following statement is NOT correct regarding the process of detaching an ENI from an instance?
1. Detaching and deleting an ENI from an instance are the same.
2. Deleting an ENI releases all attributes associated with the network interface and releases any elastic IP addresses for use by another
instance.
3. Access Mostly Uused Products by 50000+ Subscribers
4. You must first detach an ENI from an instance before you can delete it.
Ans : 1
Exp : Detaching an ENI from an instance is NOT the same as deleting an ENI. When the network interface is simply detached from an instance it preserves all
of its attributes and IPs, thus is ready to be attached again to an other instance. Conversely, deleting the ENI releases all the associated attributes and
IPs associated with it.
Question :
Within management network, to ensure failover capabilities in your solution, consider using a _____ for incoming traffic on a network interface
1. Secondary Public IP
2. Add-on Primary IP
3. Access Mostly Uused Products by 50000+ Subscribers
4. Secondary Private IP
Ans :4
Exp : You can create a management network using network interfaces. In this scenario, the secondary network interface on the instance handles public-facing
traffic and the primary network interface handles back-end management traffic and is connected to a separate subnet in your VPC that has more restrictive
access controls. The public facing interface, which may or may not be behind a load balancer, has an associated security group that allows access to the
server from the Internet (for example, allow TCP port 80 and 443 from 0.0.0.0/0, or from the load balancer) while the private facing interface has an
associated security group allowing SSH access only from an allowed range of IP addresses either within the VPC or from the Internet, a private subnet within
the VPC or a virtual private gateway.
To ensure failover capabilities, consider using a secondary private IP for incoming traffic on a network interface. In the event of an instance failure, you
can move the interface and/or secondary private IP address to a standby instance.
Question :
You should use ___________ as the protocol for any VPC security group created to control access to a DB instance
1. SSL
2. UDP
3. Access Mostly Uused Products by 50000+ Subscribers
4. SSH
Ans : 3
Exp : Each VPC security group rule enables a specific source to access a DB instance in a VPC that is associated with that VPC security group. The source
can be a range of addresses (e.g., 203.0.113.0/24), or another VPC security group. By specifying a VPC security group as the source, you allow incoming
traffic from all instances (typically application servers) that use the source VPC security group. VPC security groups can have rules that govern both
inbound and outbound traffic, though the outbound traffic rules do not apply to DB instances. Note that you must use the Amazon EC2 API or the Security
Group option on the VPC Console to create VPC security groups.
DB instances deployed within a VPC can be configured to be accessible from the Internet or from EC2 instances outside the VPC. If a VPC security group
specifies a port access such as TCP port 22, you would not be able to access the DB instance because the firewall for the DB instance provides access only
via the IP addresses specified by the DB security groups the instance is a member of and the port defined when the DB instance was created.
You should use TCP as the protocol for any VPC security group created to control access to a DB instance. The port number for the VPC security group should
be the same port number as that used to create the DB instance.
Question :
With regard to Amazon VPC, in a management network scenario which interface on the instance handles public-facing traffic?
1. Secondary network interface
2. Subnet interface
3. Access Mostly Uused Products by 50000+ Subscribers
4. Addon network interface
Ans 1
Exp : You can create a management network using network interfaces. In this scenario, the secondary network interface on the instance handles public-facing
traffic and the primary network interface handles back-end management traffic and is connected to a separate subnet in your VPC that has more restrictive
access controls. The public facing interface, which may or may not be behind a load balancer, has an associated security group that allows access to the
server from the Internet (for example, allow TCP port 80 and 443 from 0.0.0.0/0, or from the load balancer) while the private facing interface has an
associated security group allowing SSH access only from an allowed range of IP addresses either within the VPC or from the Internet, a private subnet within
the VPC or a virtual private gateway.
To ensure failover capabilities, consider using a secondary private IP for incoming traffic on a network interface. In the event of an instance failure, you
can move the interface and/or secondary private IP address to a standby instance.
Question :
In regard to CloudFormation, In the Conditions section you can reference _________.
1. The logical ID of a resource and other conditions and values from the Parameters and Mappings sections of a template.
2. The logical ID of a resource in a condition.
3. Access Mostly Uused Products by 50000+ Subscribers
4. Neither the Logical ID nor other conditions and values from the Parameters and Mappings sections of a template
Ans :3
Exp : All conditions are defined in the Conditions section of a template. You use intrinsic functions to define a condition
The CreateProdInstance condition evaluates to true if the EnvType parameter is equal to prod.
The EnvType parameter is an input parameter that you specify when you create or update a stack.
Note
In the Conditions section, you can only reference other conditions and values from the Parameters and Mappings sections of a template. For example, you
cannot reference the logical ID of a resource in a condition, but you can reference a value from an input parameter.
To use the condition, you reference it in the Resources section of a template, associating it with a specific resource. After you do, the resource will be
created whenever the condition evaluates to true
Question :
When configuring your customer gateway to connect to your VPC, the ______ Association is established first between the
virtual private gateway and customer gateway using the Pre-Shared Key as the authenticator.
1. IKE Security
2. BGP
3. Access Mostly Uused Products by 50000+ Subscribers
4. Tunnel
Ans : 1
Exp : The IKE Security Association is established first between the virtual private gateway and customer gateway using the Pre-Shared Key as the
authenticator. Upon establishment, IKE negotiates an ephemeral key to secure future IKE messages. Proper establishment of an IKE Security Association
requires complete agreement among the parameters, including encryption and authentication parameters.
Question :
You have configured the an action with CloudWatch for CPU utilization less than 5% as "Take the action check box, and then
choose the Stop radio button in Amazon EC2 console while creating the alarm" . Although CPU utilization is less than 5%, the action
is not performed. What can the possible reason be?
1. You dont have EC2 access
2. CloudWatch alarm cannot stop the instance
3. Access Mostly Uused Products by 50000+ Subscribers
4. Based on CPU Utilization you can not create alarm
Ans : 1
Exp : One of the possible reasons is that CloudWatch may have been configured by an IAM user and the user does not have the proper EC2 rights,
such as stop or terminate the instance. In this case it will monitor the instance, but cannot perform the stop or terminate action.
Question : You run a web application where web servers on EC Instances are In an Auto Scaling group
Monitoring over the last 6 months shows that 6 web servers are necessary to handle the minimum
load During the day up to 12 servers are needed Five to six days per year, the number of web
servers required might go up to 15.
What would you recommend to minimize costs while being able to provide hill availability?
1. 6 Reserved instances (heavy utilization). 6 Reserved instances {medium utilization), rest
covered by On-Demand instances
2. 6 Reserved instances (heavy utilization). 6 On-Demand instances, rest covered by Spot
Instances
3. Access Mostly Uused Products by 50000+ Subscribers
instances
4. 6 Reserved instances (heavy utilization) 6 Reserved instances (medium utilization) rest covered by Spot instances
Question : You have been asked to propose a multi-region deployment of a web-facing application where a
controlled portion of your traffic is being processed by an alternate region.
Which configuration would achieve that goal?
1. Route53 record sets with weighted routing policy
2. Route53 record sets with latency based routing policy
3. Access Mostly Uused Products by 50000+ Subscribers
4. Elastic Load Balancing with health checks enabled
Question :
What is the maximum size for messages stored in SQS?
1. 1024KB
2. 256KB
3. Access Mostly Uused Products by 50000+ Subscribers
4. 128KB
Ans : 3
Exp : To configure the maximum message size, set the MaximumMessageSize attribute using the SetQueueAttributes method. This attribute specifies the limit on
how many bytes an SQS message can contain. It can be set anywhere from 1024 bytes (1kB), up to 65536 bytes (64kB).
Question :
What is CROSS-ACCOUNT ACCESS refer to?
1. CROSS-ACCOUNT ACCESS refers to when two S3 buckets share common data
2. CROSS-ACCOUNT ACCESS refers a process that allows shared access to SQS Queues
3. Access Mostly Uused Products by 50000+ Subscribers
Management (IAM) users
4. CROSS-ACCOUNT ACCESS refers to when accounts in different REGIONS can access each other