AWS Certified Solutions Architect – Associate Questions and Answers (Dumps and Practice Questions)

Question : You have a www.QuickTechie.com website hosted in a AWS region with ec nodes in AZs, Select the correct architecture in this case,
if considered any time one AZ can be down.

1. Each AZ with two instances = total 6 instances
2. Two AZs with three instances and remaining one not needed any other instances. = total 6 instances
3. Access Mostly Uused Products by 50000+ Subscribers
4. Two AZs with 6 instances and third one not needed any other instances = total 12 instances
Ans : 4
Exp : If One of the AZ is down then still 6 instances will be available in other AZs (in 4th option)

Question : You have a www.QuickTechie.com website hosted in a AWS region with ec nodes in AZs,
Select the correct architecture in this case, if considered any time one AZ can be down.

1. Each AZ with two instances = total 6 instances
2. Two AZs with three instances and remaining one not needed any other instances. = total 6 instances
3. Access Mostly Uused Products by 50000+ Subscribers
4. Each AZ with three instances = toatl 9 instances
Ans : 4
Exp : If one of the AZ down then still 6 instances will be available.

Question : When you are using Synchronous replication to repliate the data in Amazon RDS in a second Availability Zone. To ensures that data is not
lost if the primary Availability Zone becomes unavailable. Which of the following will be a major concern in this canse

1. network performance
2. Server Performance
3. Access Mostly Uused Products by 50000+ Subscribers
4. 1 and 3
5. 1, 2 and 3

Ans : 1
Exp : Synchronous replication
: Data is atomically updated in multiple locations. This puts a dependency on network performance and availability. In
AWS, Availability Zones within a region are well connected, but physically separated. For example, when deployed in
Multi-AZ mode, Amazon RDS uses synchronous replication to duplicate data in a second Availability Zone. This ensures
that data is not lost if the primary Availability Zone becomes unavailable.

Asynchronous replication
Data is not atomically updated in multiple locations. It istransferred as network performance and availability allows, and
the application continues to write data that might not be fully replicated yet.
Many database systems support asynchronous data replication. The database replica can be located remotely, and the
replica does not have to be completely synchronized with the primary database server. This is acceptable in many
scenarios, for example, as a backup source or reporting/read-only use cases. In addition to database systems, you can
also extend it to network file systems and data volumes.

Question : You are designing your AWS architecture for Disaster Recovery, however for this it rquired paid license to use the software. As you know in
case of DR all the licenses are not used , only whenever something wrong happens then only software installed in different AZ's will be used. However, you have not
purchased extra licenses yet for the paid software, and you want to save the up-front cost for the software, which of the below will best suit you.

1. Bring Your Own License
2. License included
3. Access Mostly Uused Products by 50000+ Subscribers
4. Any of the above will work
Ans : 2
Exp : Ensuring that you are correctly licensed for your AWS environment is as important as licensing for any other
environment. AWS provides a variety of models to make licensing easier for you to manage. For example, "Bring Your
Own License" is possible for several software components or operating systems. Alternately, there is a range of software
for which the cost of the license is included in the hourly charge. This is known as "License included."
"Bring your Own License" enables you to leverage your existing software investments during a disaster. "License
included" minimizes up-front license costs for a DR site that doesn't get used on a day-to-day basis.
If at any stage you are in doubt about your licenses and how they apply to AWS, contact your license reseller.

Question : In VPC you have one ec instace inside the subnet which can connect to internet to upgrade the software.
You launch a another instance in the same subnet with same security group configuration however, this instance is not able to upgrade the software from
intermet. What you have to do, so that it can upgrade the software by downloading updates.

1. Deploy a NAT instance into the public subnet.
2. Configure a publically routable IP address in /etc/hosts file.
3. Access Mostly Uused Products by 50000+ Subscribers
4. Ensure that instances in your subnet have public IP addresses or Elastic IP addresses
Ans : 4
Exp : An Internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows
communication between instances in your VPC and the Internet. It therefore imposes no availability risks
or bandwidth constraints on your network traffic. An Internet gateway serves two purposes: to provide a
target in your VPC route tables for Internet-routable traffic, and to perform network address translation
(NAT) for instances that have been assigned public IP addresses.

To enable an instance in your public subnet to communicate with the Internet, it must have a public IP
address or an Elastic IP address that's associated with a private IP address on your instance.Your
instance is only aware of the private (internal) IP address space defined within the VPC and subnet. The
Internet gateway logically provides the one-to-one NAT on behalf of your instance, so that when traffic
leaves your VPC subnet and goes to the Internet, the reply address field is set to the public IP address
or Elastic IP address of your instance, and not its private IP address. Conversely, traffic that's destined
for public IP address or Elastic IP address of your instance has its destination address translated into the
instance's private IP address before the traffic is delivered to the VPC.

Question . You have laucnhed new instances in the VPC with default subnet and you ping www.Google.com from this instance, what would happen

1. Yes, it would be able to ping. instances that you launch into a default subnet can automatically communicate with the Internet.
2. Yes, it would be able to ping, instances that you launch into a default subnet can not download anything from the Internet.
3. Access Mostly Uused Products by 50000+ Subscribers
4. None of above
Ans : 1
Exp : Your default VPC comes with an Internet gateway, and instances launched into a default subnet receive
a public IP address by default, unless you specify otherwise during launch, or you modify the subnet's
public IP address attribute. Therefore, instances that you launch into a default subnet can automatically
communicate with the Internet.

To enable an instance in your public subnet to communicate with the Internet, it must have a public IP
address or an Elastic IP address that's associated with a private IP address on your instance.Your
instance is only aware of the private (internal) IP address space defined within the VPC and subnet. The
Internet gateway logically provides the one-to-one NAT on behalf of your instance, so that when traffic
leaves your VPC subnet and goes to the Internet, the reply address field is set to the public IP address
or Elastic IP address of your instance, and not its private IP address. Conversely, traffic that's destined
for public IP address or Elastic IP address of your instance has its destination address translated into the
instance's private IP address before the traffic is delivered to the VPC

Question : Select the correct statements from below

1. Instances that you launch into a private subnet in a virtual private cloud (VPC) can't communicate with the Internet.
2. You can optionally use a network address translation (NAT) instance in a public subnet in
your VPC to enable instances in the private subnet to initiate outbound traffic to the Internet, but prevent
the instances from receiving inbound traffic initiated by someone on the Internet.
3. Access Mostly Uused Products by 50000+ Subscribers
your VPC to enable instances in the private subnet to initiate outbound traffic to the Internet, and also allow
the instances from receiving inbound traffic initiated by someone on the Internet.

4. 1 and 2
5. 1 and 3

Ans : 4
Exp : Instances that you launch into a private subnet in a virtual private cloud (VPC) can't communicate with
the Internet.You can optionally use a network address translation (NAT) instance in a public subnet in
your VPC to enable instances in the private subnet to initiate outbound traffic to the Internet, but prevent
the instances from receiving inbound traffic initiated by someone on the Internet.

The main route table sends the traffic from the
instances in the private subnet to the NAT instance in the public subnet. The NAT instance sends the
traffic to the Internet gateway for the VPC. The traffic is attributed to the Elastic IP address of the NAT
instance. The NAT instance specifies a high port number for the response; if a response comes back,
the NAT instance sends it to an instance in the private subnet based on the port number for the response

Question : when one says VPC-x is .../ , that means any instances inside this VPC will have an ip ..X.Y where X and Y can be anything between

1. 2 to 254
2. 1 to 256
3. Access Mostly Uused Products by 50000+ Subscribers
4. 10 to 123
Ans : 1
Exp : A VPC is denoted by a subnet mask. For example, when one says VPC-x is 10.123.0.0/16 , that means any instances inside this VPC will have an ip
10.123.X.Y where X and Y can be anything between 2 to 254.

Question : You are creating an instance inside the VPC to host a website. Select the correct statement for this

1. You cannot have an instance inside a VPC that does not belong to any subnets
2. You can have an instance inside a VPC that does not belong to any subnets
3. Access Mostly Uused Products by 50000+ Subscribers
4. 2 and 3

5. 1 and 3
Ans : 5
Exp : Subnets: A subnet is a sub-network inside a VPC. An example of a subnet inside a VPC (10.123.X.Y) is 10.123.1.A/24. This means any instance that
belongs to this subnet will have an ip 10.123.1.A where A can be anything between 2 and 254. These are also known as CIDR notations. An instance always
belongs to a subnet. You cannot have an instance inside a VPC that does not belong to any subnets. While spawning instances inside AWS-VPC, one must
specify which subnet the instance should belong to.

Question : You have defined following routing table

CIDR --- target
10.123.0.0/16 --- local
0.0.0.0/0 - igw (internet gateway)

Select the correct statement in this case

1. This table means that any traffic destined for 10.123.X.Y ip (where X and Y can be anything from 2 to 254) will be sent directly.
2. The traffic which is not destined for 10.123.X.Y ip (where X and Y can be anything from 2 to 254) will be directed to igw.
3. Access Mostly Uused Products by 50000+ Subscribers
from outside VPC
4. 1 and 3
5. 1,2,3
Ans : 5
Exp : This table means that any traffic destined for 10.123.X.Y ip (where X and Y can be anything from 2 to 254) will be sent directly. The rest of the
traffic will be directed to igw.

Now, it's important to understand that a subnet is always attached to one and only one routing table. So, if we spawn an instance inside a subnet that
has the above-mentioned routing table attached to it, the instance still won't be accessible from outside VPC because it does not have a public ip.

Question : for an instance to be directly available from the internet it has to have

1. elastic ip
2. igw
3. Access Mostly Uused Products by 50000+ Subscribers
4. 1, 2
5. 1,2, 3
Ans : 5
Exp : it's important to understand that a subnet is always attached to one and only one routing table. So, if we spawn an instance inside a subnet that
has
the above-mentioned routing table attached to it, the instance still won't be accessible from outside VPC because it does not have a public ip. One can
attach an elastic ip (which is a reusable public ip) to this instance and then access it. The instance in turn can access the internet. Remember, for an
instance to be directly available from the internet it has to have an elastic ip and it must be within a subnet that has a routing table where non-local
traffic is routed via an internet gateway. So, an elastic ip and an igw in the routing table are two criterion for an instance to be available directly
from
the internet. Subnets with such routing tables attached to them are also known as public subnets (non-local traffic routed to internet gateway), as any
instance with an elastic ip can be publicly available from this subnet.

Question : Select the correct statement from below.

1. you can specify a NAT (a gateway) instance as a target for non-local traffic inside a routing table
2. Even an instance in the private subnet has attached elastic ip, it won't be publicly available
3. Access Mostly Uused Products by 50000+ Subscribers
4. 1 and 2
5. 1 and 3

Ans : 4
Exp : Now, it's important to understand that a subnet is always attached to one and only one routing table. So, if we spawn an instance inside a subnet
that
has the above-mentioned routing table attached to it, the instance still won't be accessible from outside VPC because it does not have a public ip. One
can
attach an elastic ip (which is a reusable public ip) to this instance and then access it. The instance in turn can access the internet. Remember, for an
instance to be directly available from the internet it has to have an elastic ip and it must be within a subnet that has a routing table where non-local
traffic is routed via an internet gateway. So, an elastic ip and an igw in the routing table are two criterion for an instance to be available directly
from
the internet. Subnets with such routing tables attached to them are also known as public subnets (non-local traffic routed to internet gateway), as any
instance with an elastic ip can be publicly available from this subnet.

On the other hand, you can specify a NAT (a gateway) instance as a target for non-local traffic inside a routing table. You can keep the NAT box in a
public
subnet with an elastic ip attached to it. Now any subnet that has this type of routing table attached becomes a private subnet because they cannot be
exposed publicly. Even if you assign an elastic ip, it won't be publicly available (recall, for instance, to be publicly available means you need both an
elastic ip as well as a routing table that directs non-local traffic to the internet gateway). Here's an example of a private subnet:

CIDR --- target

10.123.0.0/16 --- local

0.0.0.0/0 - i-abcdef (instance ip of the NAT box)

Question : Network ACLs specify what type of traffic is allowed inside the subnet. Now you have following rules

rule number --- port --- protocol --- source -- action

100 ---- ALL --- ALL --- 0.0.0/0 -- allow

What does that mean

1. This means that all traffic is allowed within this network.
2. This means that all inbound traffic is allowed within this network.
3. Access Mostly Uused Products by 50000+ Subscribers
4. None of above
Ans :1
Exp : Network ACLs, or network access control lists: Apart from routing tables, each subnet also assigned a network ACL. Network ACLs specify what type
of
traffic is allowed inside the subnet. By default it might have the following rules:

rule number --- port --- protocol --- source -- action

100 ---- ALL --- ALL --- 0.0.0/0 -- allow

This means that all traffic is allowed within this network. You can think of Network ACLs as subnet-wide security groups. They are effective while
isolating
subnets from each other, reducing the collision of domains, etc.

Entities such as RDS's and ELB's can be provisioned within VPC as well. The same rule applies for them as other ec2 instances. If they belong to public a
subnet, they can be accessed from the internet.

In a typical web application example, you will be spawning the ELB and a NAT box inside the public subnet and your db servers (or RDS instances) and web
servers in the private subnet. Since you have a NAT gateway (and a routing table attached to the private subnet that routes traffic via this NAT
gateway),
instances from private subnets can access the internet. But the reverse is not possible. If you do not want the instances from private subnets to access
the
internet, you can remove the NAT box from the private subnet's routing table. Since all this can be done dynamically via the web browser based console,
command line tools, or AWS webservices api, you can temporarily allow the instances from private subnets to access the internet (like while provisioning)
and then revoke it later (before joining the elb).

I'll be writing another post on how you can set up cross-availability zones - highly available services using AWS VPC from a network standpoint. This
will
serve the foundation of that post.

Question : QuickTechie.com is a Large Enterprises usually run Multiple Amazon VPC in single region and Active Directory and File Sharing
interconnected (Both reside in different VPC) that they may need to access them privately and securely inside AWS and not outside the VPC. What is the best solution for this requirement

1. Amazon VPC Peering
2. Block all the inbound and outbound ports. Only allow application request ports.
3. Access Mostly Uused Products by 50000+ Subscribers
4. Both the VPC subnets should have NAT instance
Ans : 1
Exp : Use Amazon VPC Peering : Amazon Web Services has introduced VPC peering feature which is quite useful one. AWS VPC peering connection is a
networking
connection between two Amazon VPCs that enables you to route traffic between them using private IP addresses. Currently it can be in same AWS region,
Instances in either VPC can communicate with each other as if they are within the same network. Since AWS uses the existing infrastructure of a VPC to
create a VPC peering connection; it is neither a gateway nor a VPN connection, and does not rely on a separate piece of physical hardware (which
essentially
means there is no single point of failure for communication or a bandwidth bottleneck).

We have seen it is useful in following scenarios :
Large Enterprises usually run Multiple Amazon VPC in single region and some of their applications are so interconnected that they may need to access them
privately + securely inside AWS. Example Active Directory, Exchange, Common business services will be usually interconnected.
Large Enterprise have different AWS accounts for different business units/teams/departments , at times systems deployed by some business units in
different
AWS accounts need to be shared or need to consume a shared resource privately. Example: CRM , HRMS ,File Sharing etc can be internal and shared. In such

scenarios VPC peering comes very useful.
Customer can peer their VPC with their core suppliers to have tighter integrated access of their systems.
Companies offering Infra/Application Managed Services on AWS can now safely peer into customer Amazon VPC and provide monitoring and management of AWS
resources.

Question : Which of the following help to create network betwen On-Premise Data Center to Amazon VPC

1. Secure IPSec tunnel to connect a corporate network with Amazon VPC
2. Secure communication between sites using the AWS VPN CloudHub
3. Access Mostly Uused Products by 50000+ Subscribers
4. 1 and 2
5. All 1,2,3

Ans : 5
Exp : Plan your Tunnel between On-Premise DC to Amazon VPC:
Select the right mechanism to connect your on premises DC to Amazon VPC. This will help you to connect the EC2 instance via private IP's in a secure
manner.
Option 1: Secure IPSec tunnel to connect a corporate network with Amazon VPC
Option 2 : Secure communication between sites using the AWS VPN CloudHub
Option 3: Use Direct connect between Amazon VPC and on premise when you have lots of data to be transferred with reduced latency (or) you have spread
your
mission critical workloads across cloud and on premise. Example: Oracle RAC in your DC and Web/App tier in your Amazon VPC. Contact us if you need help
on
setting up direct connect between Amazon VPC and DC

Question : You have hundreds of EC instances inside your Amazon VPC and they are making lots of heavy web service/HTTP calls concurrently. Now to
secure communication among the instaces you set up NAT instances. Select the correct design for this scenerio

1. A single NAT instance with largest EC2 size can handle that bandwidth
2. span your EC2 across multiple subnets and create NAT's for each subnet
3. Access Mostly Uused Products by 50000+ Subscribers
4. None of the above
Ans : 2
Exp : Spread your NAT instance with Multiple Subnets: What if you have hundreds of EC2 instances inside your Amazon VPC and they are making lots of heavy
web service/HTTP calls concurrently. A single NAT instance with even largest EC2 size cannot handle that bandwidth sometimes and may become performance
bottleneck. In Such scenarios, span your EC2 across multiple subnets and create NAT's for each subnet. This way you can spread your out going bandwidth
and
improve the performance in your VPC based deployments.

Plan your NAT Instance Type: Whenever your Application EC2 instances residing inside private subnet of Amazon VPC are making Web Service/HTTP/S3/SQS
calls
they go through NAT instance. If you have designed Auto scaling for your application tier and there are chances ten's of app EC2 instances are going to
make
lots of web calls concurrently, NAT instance will become a performance bottleneck at this juncture. Size your NAT instance capacity depending upon
application needs for avoiding performance bottlenecks. Using the NAT instances provides us with advantages of saving cost of Elastic IP and provides
extra
security by not exposing the instances to outside world for accessing the internet.

Question . You are using Amazon ELB for Web Applications e.g. www.QuickTechie.com , select the statement which helps it to design this architecture perfectly.

1. put all other EC2 instances( Tiers like App,cache,DB,BG etc) in private subnets as much possible
2. Only ELBs should be provisioned in Public Subnet as secure practice in Amazon VPC environment
3. Access Mostly Uused Products by 50000+ Subscribers
4. 1 and 2
5. All 1,2 and 3

Ans : 4
Exp : ELB on Amazon VPC: When using Amazon ELB for Web Applications, put all other EC2 instances( Tiers like App,cache,DB,BG etc) in private subnets as
much possible. Unless there is a specific requirement where instances need outside world access and EIP attached, put all instances in private subnet
only. Only ELBs should be provisioned in Public Subnet as secure practice in Amazon VPC environment.

Question : You are designing a Multi-tier web application, please select the correct design of security

1. Create different security groups for different tiers of your infrastructure architecture inside your VPC.
2. Create sigle security group for different tiers of your infrastructure architecture inside your VPC.
3. Access Mostly Uused Products by 50000+ Subscribers
4. 1 and 2
4. 1 and 3

Ans : 5
Exp : Tier your Security Groups : Create different security groups for different tiers of your infrastructure architecture inside your VPC. If you have
Web, App, DB tiers create different security group for each of them. Creating tier wise security groups will increase the infrastructure security inside
Amazon VPC. EC2 instances in each tier can talk only on application specified ports and not at all ports. If you create Amazon VPC security groups for each and
every tier/service separately it will be easier to open a port to a particular service. Don't use same security group for multiple tiers of instances,
this is a bad practice. Example: Open ports for security group instead of IP ranges : For example : People have tendency to open for port 8080 to 10.10.0.0/24 (web layer) range.
Instead of that, open port 8080 to web-security-group. This will make sure only web security group instances will be able to contact on port 8080. If
someone launches NAT instance with NAT-Security-Group in 10.10.0.0/24, he won't be able to contact on port 8080 as it allows access from only web
security group.
ment and the community in the form of losses suffered through poor viability will be prohibitive.

Question : You are designing a Disaster Recovery Setup plan using VPC for www.QuickTechie.com website. Select correct statement for this design where
it should help to replicate your data using private IPs

1. Create your Production site VPC CIDR : 10.0.0.0/16 and your DR region VPC CIDR: 172.16.0.0/16.
2. Create your Production site VPC CIDR : 10.0.0.0/16 and your DR region VPC CIDR: 10.0.0.0/16.
3. Access Mostly Uused Products by 50000+ Subscribers
4. 1 and 3
5. 2 and 3
Ans : 4
Exp : Disaster Recovery or Geo Distributed Amazon VPC Setup : When you are designing a Disaster Recovery Setup plan using VPC or expanding to another
Amazon VPC region you can follow these simple rules. Create your Production site VPC CIDR : 10.0.0.0/16 and your DR region VPC CIDR: 172.16.0.0/16. Make sure
they do not conflict with on premises subnet CIDR block in event both needs to be integrated to on premise DC as well. After CIDR blocks creation , setup a
VPC tunnel between regions and to your on premise DC. This will help to replicate your data using private IP's.

Question : While designing your network architecture you have created VPC's in a region and inside each VPC you have two subnets. Now you decided to
create 10 IGW, each one for each subnet. And you are aware that you can not create more than 5 subnets per region hence asked AWS for permission to create more 10 IGW. But AWS
declined this request why ?

1. You can not have more than 5 IGW in a rgion this is the hard limit by AWS.
2. the only way to increase this limit is to increase the limit on VPCs per region
3. Access Mostly Uused Products by 50000+ Subscribers
4. None of the above
Ans : 2 Exp : Internet gateways per region : 5
This limit is directly correlated with the limit on VPCs per region. You cannot increase this limit individually; the only way to increase this limit is
to
increase the limit on VPCs per region. Only one Internet gateway can be attached to a VPC at a time.

Virtual private gateways per region : 5
This limit can be increased upon request; however, only one virtual private gateway can be attached to a VPC at a time.

VPCs per region : 5
This limit can be increased upon request. The limit for Internet gateways per region is directly correlated to this one. Increasing this limit will
increase
the limit on Internet gateways per region by the same amount.

Subnets per VPC : 200
This limit can be increased upon request

Question : You have installed Hadoop on the Amazon EC instances, now to monitor the NameNode you need public as well as private IP address, so you can
create the URL accordingly. So how will you determine the public and private IP addresses of the Amazon ec2 instance on which your NameNode is running?

1. As IP addresses keep changing, so you have to use Amazon CloudWatch metric to get the current IP address.
2. You can get it from local instance metadata.
3. Access Mostly Uused Products by 50000+ Subscribers
4. Just fire the command ifconfig aqnd it will give you all the detail.
Ans : 2 Exp : Instance metadata is data about your instance that you can use to configure or manage the running instance. Instance metadata is divided
into categories. You can also access the user data that you supplied when launching your instance. For example, you can specify parameters for configuring
your instance, or attach a simple script. You can also use this data to build more generic AMIs that can be modified by configuration files supplied at launch
time. For example, if you run web servers for various small businesses, they can all use the same AMI and retrieve their content from the Amazon S3
bucket you specify in the user data at launch. To add a new customer at any time, simply create a bucket for the customer, add their content, and launch your
AMI.

If you launch more than one instance at the same time, the user data is available to all instances in that reservation.

Because you can access instance metadata and user data from within your running instance, you do not need to use the Amazon EC2 console or the CLI tools.
This can be helpful when you're writing scripts to run from within your instance. For example, you can access your instance's local IP address from
within the running instance to manage a connection to an external application.vmportant

Although you can only access instance metadata and user data from within the instance itself, the data is not protected by cryptographic methods. Anyone
who can access the instance can view its metadata. Therefore, you should take suitable precautions to protect sensitive data (such as long-lived encryption
keys). You should not store sensitive data, such as passwords, as user data.

However, each instance has certain unique metadata.
Instance 1
Metadata Value
instance-id i-10a64379
ami-launch-index 0
public-hostname ec2-203-0-113-25.compute-1.amazonaws.com
public-ipv4 67.202.51.223
local-hostname ip-10-251-50-12.ec2.internal
local-ipv4 10.251.50.35

Question : You have sensitive information like password and want to store it on ec instance. Which is the correct way.

1. instance metadata
2. instance userdata
3. Access Mostly Uused Products by 50000+ Subscribers
4. 1 and 2
5. None of 1,2 and 3

Ans : 5
Exp : Because you can access instance metadata and user data from within your running instance, you do not
need to use the Amazon EC2 console or the CLI tools. This can be helpful when you're writing scripts to
run from within your instance. For example, you can access your instance's local IP address from within
the running instance to manage a connection to an external application.

Although you can only access instance metadata and user data from within the instance itself,
the data is not protected by cryptographic methods. Anyone who can access the instance can
view its metadata.Therefore, you should take suitable precautions to protect sensitive data (such
as long-lived encryption keys).You should not store sensitive data, such as passwords, as user
data.

When you are adding user data, take note of the following:
. User data is treated as opaque data: what you give is what you get back. It is up to the instance to be
able to interpret it.
. User data is limited to 16 KB. This limit applies to the data in raw form, not base64-encoded form.
. User data must be base64-encoded before being submitted to the API

Question : You have configured www.QuickTechie.com with two reserverd instances and one spot instance and bid for spot instance $. per hour. You
have used spot instances for 40 minutes, after sometime another vendor increaed the bid by $0.15 per hour, what would happen ?

1. Spot instance will be terminated by AWS and it will charge $0.15
2. Spot instance will be terminated by AWS and it will charge $0.10
3. Access Mostly Uused Products by 50000+ Subscribers
4. Spot instance will not be terminated by AWS as it might be running critical services and it will charge $0.10
5. Spot instance will not be terminated by AWS as it might be running critical services and it will charge $0.15

Ans : 3
Exp :Please note the following important points:
" Spot Instances perform exactly like other Amazon EC2 instances while running. Spot Instances are simply spare Amazon EC2 instances and perform the
same
as On-Demand and Reserved Instances.
" You will never pay more than your maximum bid price per hour. By bidding the maximum you're willing to pay per hour, you set the ceiling on your Spot
Instance hourly costs.
" If your Spot Instance is interrupted by Amazon EC2, you will not be charged for the interrupted hour. For example, if your Spot Instance is
interrupted
59 minutes after it starts, we will not charge you for that 59 minutes. However, if you terminate your instance, you will pay for any partial hour of
usage
as you would for On-Demand Instances.
" There is always a possibility that your Spot Instance might be interrupted. A high max bid price may reduce the probability that your Spot Instance
will
be interrupted, but cannot prevent interruption. (For example, regardless of how high you bid, if we can no longer offer spare Amazon EC2 capacity of
your
Spot Instance's type, your Spot Instance will be terminated.)

Question : You have created a mobile app for www.QuickTechie.com which calls the WebService mthod on Amazon Elastic Cloud Compute (EC) and indirectly
this EC2 call AWS APIs. Which is the correct method of securely passing credentials to the application should you use?

1. Create dynamic data to pass the credentials.
2. Use AWS Identity and Access Management roles for EC2 instances.
3. Access Mostly Uused Products by 50000+ Subscribers
4. Store this credentials on Ec2 instances and pass by encrypting it.
Ans : 2
Exp : Applications must sign their API requests with AWS credentials. Therefore, if you are an application developer, you need a strategy for managing
credentials for your applications that run on EC2 instances. For example, you can securely distribute your AWS credentials to the instances, enabling the
applications on those instances to use your credentials to sign requests, while protecting them from other users. However, it's challenging to securely
distribute credentials to each instance, especially those that AWS creates on your behalf, such as Spot Instances or instances in Auto Scaling groups.
You
must also be able to update the credentials on each instance when you rotate your AWS credentials.
We designed IAM roles so that your applications can securely make API requests from your instances, without requiring you to manage the security
credentials
that the applications use. Instead of creating and distributing your AWS credentials, you can delegate permission to make API requests using IAM roles as
follows:
1. Create an IAM role.
2. Define which accounts or AWS services can assume the role.
3. Access Mostly Uused Products by 50000+ Subscribers
4. Specify the role when you launch your instances.
5. Have the application retrieve a set of temporary credentials and use them.
For example, you can use IAM roles to grant permissions to applications running on your instances that needs to use a bucket in Amazon S3.
Note
Amazon EC2 uses an instance profile as a container for an IAM role. When you create an IAM role using the console, the console creates an instance
profile
automatically and gives it the same name as the role it corresponds to. If you use the AWS CLI, API, or an AWS SDK to create a role, you create the role
and
instance profile as separate actions, and you might give them different names. To launch an instance with an IAM role, you specify the name of its
instance
profile. When you launch an instance using the Amazon EC2 console, you can select a role to associate with the instance; however, the list that's
displayed
is actually a list of instance profile names. For more information, seeInstance Profiles in the Using IAM.

You can specify permissions for IAM roles by creating a policy in JSON format. These are similar to the policies that you create for IAM users. If you
make
a change to a role, the change is propagated to all instances, simplifying credential management.

Question : www.QuickTechie.com has implemented slide share solutions and it store millions of documents in Amazon Simple Storage Service (S).
QuickTechie.com expecting sudden and large increases in traffic to and from S3, What information you need in order to determine whether S3 is the right
option?

1. You should enquire the current registered user on website based on that you can predict number of registered user in upcomming years.
2. You must find out the total number of requests per second at peak usage.
3. Access Mostly Uused Products by 50000+ Subscribers
4. you must understand the total amount of storage needs for each S3 bucket.
Ans: 2
Exp : Request Rate and Performance Considerations
Topics
" Workloads with a Mix of Request Types
" GET-Intensive Workloads
Amazon S3 scales to support very high request rates. If your workload in an Amazon S3 bucket routinely exceeds 100 PUT/LIST/DELETE requests per second or
more than 300 GET requests per second, follow the guidelines in this topic to ensure the best performance and scalability. If your request rate grows
steadily, Amazon S3 automatically partitions your buckets as needed to support higher request rates. However, if you expect a rapid increase in the
request
rate for a bucket to more than 300 PUT/LIST/DELETE requests per second or more than 800 GET requests per second, we recommend that you open a support
case
to prepare for the workload and avoid any temporary limits on your request rate. To open a support case, go to Contact Us.
This topic discusses two types of workloads:
" Workloads that include a mix of request types - If your requests are typically a mix of GET, PUT, DELETE, or GET Bucket (list objects), choosing
appropriate key names for your objects will ensure better performance by providing low-latency access to the Amazon S3 index (discussed in the following
section). It will also ensure scalability regardless of the number of requests you send per second.
" Workloads that are GET-intensive - If the bulk of your workload consists of GET requests, we recommend using the Amazon CloudFront content delivery
service.
Note
The guidelines in this section apply if you are routinely processing 100 or more requests per second. If your typical workload involves only occasional
bursts of 100 requests per second and less than 800 requests per second, you don't need to follow the guidelines in this section.

Question : Which is a good option when you need storage with very low latency, but you don't need it to persist when the instance terminates,
or you can take advantage of fault tolerant architectures.

1. Instance types use solid state drives (SSD)
2. t1.micro with Amazon EBS volumes
3. Access Mostly Uused Products by 50000+ Subscribers
4. Any type of instances with ELB storage.

Correct Answer : Get Lastest Questions and Answer :

Amazon EC2 instances are divided into different instance types, which determine the size of the instance store available
on the instance by default. When you launch an instance, you can specify an instance type or use the default instance type, which is an m1.small
instance.

The instance type also determines the type of hardware for your instance store volumes.
Some instance types use solid state drives (SSD) to deliver very high random I/O performance. This is a good option when you need storage with very low
latency,
but you dont need it to persist when the instance terminates, or you can take advantage of fault tolerant architectures.

Question : A US-based company is expanding their web presence into Europe. The company wants to
extend their AWS infrastructure from Northern Virginia (us-east-1) into the Dublin (eu-west-
1) region. Which of the following options would enable an equivalent experience for users
on both continents?

1. Use a public-facing load balancer per region to load-balance web traffic, and enable
HTTP health checks.
2. Use a public-facing load balancer per region to load-balance web traffic, and enable
sticky sessions.
3. Access Mostly Uused Products by 50000+ Subscribers
both regions.
4. Use Amazon Route 53, and apply a weighted routing policy to distribute traffic across
both regions.

Correct Answer : Get Lastest Questions and Answer : hoosing a Routing Policy

When you create a resource record set, you choose a routing policy, which determines how Amazon Route 53 responds to queries:

Simple Routing Policy : Use a simple routing policy when you have a single resource that performs a given function for your domain, for example, one
web
server that serves content for the example.com website. In this case, Amazon Route 53 responds to DNS queries based only on the values in the resource
record set, for example, the IP address in an A record.

Weighted Routing Policy : Use the weighted routing policy when you have multiple resources that perform the same function (for example, web servers
that
serve the same website) and you want Amazon Route 53 to route traffic to those resources in proportions that you specify (for example, 40% to one server
and
60% to the other). For more information about weighted resource record sets, see Weighted Routing.
Latency Routing Policy : Use the latency routing policy when you have resources in multiple Amazon EC2 data centers that perform the same function
and
you want Amazon Route 53 to respond to DNS queries with the resources that provide the best latency. For example, you might have web servers for
example.com
in the Amazon EC2 data centers in Ireland and in Tokyo. When a user browses to example.com, Amazon Route 53 chooses to respond to the DNS query based on
which data center gives your user the lowest latency. For more information about latency resource record sets, see Latency-Based Routing.
Failover Routing Policy (Public Hosted Zones Only) : Use the failover routing policy when you want to configure active-passive failover, in which one
resource takes all traffic when it's available and the other resource takes all traffic when the first resource isn't available. Note that you can't
create
failover resource record sets for private hosted zones. For more information about failover resource record sets, see Configuring Active-Passive
Failover by
Using Amazon Route 53 Failover and Failover Alias Resource Record Sets.

Geolocation Routing Policy : Use the geolocation routing policy when you want Amazon Route 53 to respond to DNS queries based on the location of your
users. For more information about geolocation resource record sets, see Geolocation Routing.

Weighted Routing : Weighted resource record sets let you associate multiple resources with a single DNS name. This can be useful for a variety of
purposes,
including load balancing and testing new versions of software. To create a group of weighted resource record sets, you create two or more resource record
sets that have the same combination of DNS name and type, and you assign each resource record set a unique identifier and a relative weight.
When processing a DNS query, Amazon Route 53 searches for a resource record set or a group of resource record sets that have the specified name and type.
For weighted resource record sets, Amazon Route 53 selects one from the group. The probability of any one resource record set being selected depends on
its
weight as a proportion of the total weight for all resource record sets in the group:
weigh for a given resource record set/Sum of the weights for the resource record sets
For example, suppose you create three resource record sets for www.example.com. The three A records have weights of 1, 1, and 3 (sum = 5). On average,
Amazon Route 53 selects each of the first two resource record sets one-fifth of the time, and returns the third resource record set three-fifths of the
time.

Question : A user creates an Auto Scaling group from the Amazon AWS Console. Will an instance launched with that group have any tags assigned to it?

1. True, always.
2. False
3. Access Mostly Uused Products by 50000+ Subscribers
4. True, only if configured at the launch configuration

Correct Answer : Get Lastest Questions and Answer :

A user creates an Auto Scaling group and that group launches an instance.
By default, the instance will have a tag with the key as aws:autoscaling:groupName and the value as the name of the group

AWS Certified Solutions Architect – Associate Questions and Answers (Dumps and Practice Questions)

Related Questions