AWS Certified Solutions Architect - Professional Questions and Answers (Dumps and Practice Questions)
Question : You have created a Subnet where all your app servers instances will be launched and the database remain in the local data center. Also you have
created VPN for having communication between your dataceneter and VPC subnets. Now you wish to provide security on instance level under a subnet. Which one
from the below feature will help you to implement the same.
1. Restricting the port 80 and 8080 for outbound traffic.
2. security groups will help
3. Network ACL will help
4. 1 and 3 both needs to be implemented
Correct Answer : 2
Explanation: AWS provides two features that you can use to increase security in your VPC: security groups and network ACLs. Both features enable you to control the
inbound and outbound traffic for your instances, but security groups work at the instance level, while network ACLs work at the subnet level. Security groups alone can meet the needs
of many VPC users. However, some VPC users decide to use both security groups and network ACLs to take advantage of the additional layer of security that network ACLs provide. By
design, each subnet must be associated with a network ACL. Every subnet that you create is automatically associated with the VPC's default network ACL. You can change the
association, and you can change the contents of the default network ACL.
Question : You are running QuickTechie.com website using servers, ( servers in different data centeres , where is active and is passive).
Now you want to configure DNS such that whenever request for website comes and if any of the active server is available out of 5 active it should not return
the IP address of Passive servers. Which of the following configuration will help implmenting it..
1. Amazon Route 53 , Active-active failover
2. Amazon Route 53 , Active-passive failover
3. Amazon Route 53 , Passive-passive failover
4. Amazon Route 53 ,Active-active-passive
5. Any of the above
Correct Answer : 2
Explanation: Amazon Route 53 lets you configure DNS failover in active-active, active-passive, and mixed configurations to improve the availability of your application.
When you have more than one resource performing the same function-for example, more than one HTTP server or mail server-you can configure Amazon Route 53 to check the health of your
resources and respond to DNS queries using only the healthy resources. For example, suppose your website, example.com, is hosted on 10 servers, two each in five data centers around
the world. You can configure Amazon Route 53 to check the health of those servers and to respond to DNS queries for example.com using only the servers that are currently healthy.
You can set up a variety of failover configurations using Amazon Route 53 alias, weighted, latency, geolocation routing, and failover resource record sets:
Active-active failover: Use this failover configuration when you want all of your resources to be available the majority of the time. When a resource becomes unavailable, Amazon
Route 53 can detect that it's unhealthy and stop including it when responding to queries.
Active-passive failover: Use this failover configuration when you want a primary group of resources to be available the majority of the time and you want a secondary group of
resources to be on standby in case all of the primary resources become unavailable. When responding to queries, Amazon Route 53 includes only the healthy primary resources. If
all of the primary resources are unhealthy, Amazon Route 53 begins to include only the healthy secondary resources in response to DNS queries.
Active-active-passive and other mixed configurations: You can combine alias and non-alias resource record sets to produce a variety of Amazon Route 53 behaviors.
Question : QuickTechie.com is setting up Oracle RDS for their applications and wants to secure Oracle RDS access with VPC.
Which of the following options is not required while designing the Oracle RDS with VPC?
1. If the QuickTechie.com Inc is connecting RDS from the internet it must enable the VPC attributes DNS hostnames and DNS resolution.
2. The QuickTechie.com Inc must create a subnet group with public and private subnets. Both the subnets can be in the same or separate AZ.
3. The QuickTechie.com Inc must create a subnet group with VPC using more than one subnets which are a part of separate AZs.
4. The QuickTechie.com Inc should keep minimum one IP address in each subnet reserved for RDS failover.
Correct Answer : 2
Explanation: A virtual private cloud is a virtual network that is logically isolated from other virtual networks in the AWS cloud. Amazon Virtual Private Cloud (VPC)
lets you launch AWS resources, such as an Amazon RDS or Amazon EC2 instance, into a VPC. The VPC can either be a default VPC that comes with your account or it could be one that you
create. All VPCs are associated with your AWS account.
Amazon RDS supported two EC2 platforms: EC2-VPC and EC2-Classic. The EC2-VPC platform has a default VPC where all new DB instances are created unless you specify otherwise. The
EC2-Classic platform does not have a default VPC, but as with either platform, you can create your own VPC and specify that a DB instance be located in that VPC. If you are a new
customer to Amazon RDS or if you are using a region you have not previously used, you are most likely working with the EC2-VPC platform.
When an option group is assigned to a DB instance, it is linked to the supported platform the DB instance is on, either VPC or EC2-Classic (non-VPC). Furthermore, if a DB instance is
in a VPC, the option group associated with the instance is linked to that VPC. This means that you cannot use the option group assigned to a DB instance if you attempt to restore the
instance into a different VPC or onto a different platform.A Virtual Private Cloud (VPC) is a virtual network dedicated to the user's AWS account. It enables the user to launch AWS
resources, such as RDS into a virtual network that the user has defined. Subnets are segments of a VPC's IP address range that the user can designate to a group of VPC resources
based on security and operational needs. A DB subnet group is a collection of subnets (generally private) that the user can create in a VPC and assign to the RDS DB instances. A DB
subnet group allows the user to specify a particular VPC when creating the DB instances.
Each DB subnet group should have subnets in at least two Availability Zones in a given region. If the RDS instance is required to be accessible from the internet the organization
must enable the VPC attributes, DNS hostnames and DNS resolution. For each RDS DB instance that the user runs in a VPC, he should reserve at least one address in each subnet in the
DB subnet group for use by Amazon RDS for recovery actions. If you restore a DB instance into a different VPC or onto a different platform, you must either assign the default option
group to the instance, assign an option group that is linked to that VPC or platform, or create a new option group and assign it to the DB instance. Note that with persistent or
permanent options, such as Oracle TDE, you must create a new option group that includes the persistent or permanent option when restoring a DB instance into a different VPC.
Amazon Virtual Private Cloud (VPC) is an AWS service and this section only covers VPC topics that directly affect access to a DB instance. You should read the Amazon VPC
documentation to familiarize yourself with all the features of a VPC. For more information about Amazon VPC, see the table below that provides several links to the Amazon VPC
documentation.
Related Questions
Question : QuickTechie.com website is deployed on Weblogic App Server. And they are also using AWS VPC with high availability. Select the correct statement
which will help to deploy application with HA
1. Create two VPCs in two separate zones and setup failover with ELB such that if one VPC fails it will divert traffic to another VPC.
2. Create VPC with only one private subnet and launch instances in different AZs using that subnet.
3. Create VPC subnets in two separate availability zones and launch instances in different subnets.
4. Create VPC with only one public subnet and launch instances in different AZs using that subnet.
Question : You have created a public subnet and one private subnet to host your website and databases. Select the most correct statement which applies
1. Regardless of the type of subnet, the internal IP address range of the subnet is always private
2. In public subnet, the internal IP address range of the subnet is always private
3. Regardless of the type of subnet, the internal IP address range of the subnet is always public
4. In public subnet, the internal IP address range of the subnet is always private
Question : You have hosted QuickTechie.com website in AWS VPC, and also configured the security with below
1. Security groups
2. Network access control lists (ACLs)
a. Act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level
b. Act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level
c. a second layer of defense
Please map the above
1. 1-a,2-b, 2-c
2. 1-b, 2-a, 1-c
2. 1-a, 1-b, 2-c,
Question : : Select the in-correct statement for Network ACL
1. Operates at the subnet level (second layer of defense)
2. Supports allow rules and deny rules
3. Is stateless: Return traffic must be explicitly allowed by rules
4. Automatically applies to all instances in the subnets it's associated
5. None of above
Question : When you launch an instance in a VPC, you can assign the instance to up to___________ security groups.
1. 1
2. 2
3. 3
4. 4
5. 5
Question : You have created a VPC for your website and launched one EC instance in it. However, you forgot to assign security group to this instance, please
select the correct statement which applies.
1. Allow inbound traffic from instances assigned to the same security group
2. Allow all outbound traffic
3. Allow inbound traffic from instances assigned from any security group
4. 1 and 2
5. 2 and 3