AWS Certified Solutions Architect – Associate Questions and Answers (Dumps and Practice Questions)

Question : My Read Replica appears "stuck" after a Multi-AZ failover and is unable to obtain or apply
updates from the source DB Instance. What do I do?

1. You will need to delete the Read Replica and create a new one to replace it.
2. You will need to disassociate the DB Engine and re associate it.
3. Access Mostly Uused Products by 50000+ Subscribers
4. You will need to delete the DB Instance and create a new one to replace it.

Ans : 1
Exp :

Question : You have launched an Amazon Elastic Compute Cloud (EC) instance into a public subnet
with a primary private IP address assigned, an internet gateway is attached to the VPC,
and the public route table is configured to send all Internet-based traffic to the Internet
gateway. The instance security group is set to allow all outbound traffic but cannot access
the internet. Why is the Internet unreachable from this instance?

1. The instance does not have a public IP address.
2. The internet gateway security group must allow all outbound traffic.
3. Access Mostly Uused Products by 50000+ Subscribers
4. The instance "Source/Destination check" property must be enabled.

Ans : 1
Exp :

Question : What events would cause Amazon RDS to initiate a failover to the standby replica ?

1. Loss of availability in primary Availability Zone
2. Loss of network connectivity to primary and Storage failure on primary
3. Access Mostly Uused Products by 50000+ Subscribers
4. 1 and 2 are correct
5. All 1,2 and 3 are correct

Correct Answer : Get Lastest Questions and Answer :

Amazon RDS detects and automatically recovers from the most common failure scenarios for Multi-AZ deployments so that you can resume database operations
as quickly as possible without administrative intervention. Amazon RDS automatically performs a failover in the event of any of the following:

Loss of availability in primary Availability Zone
Loss of network connectivity to primary
Compute unit failure on primary
Storage failure on primary

Note: When operations such as DB Instance scaling or system upgrades like OS patching are initiated for Multi-AZ deployments,
for enhanced availability, they are applied first on the standby prior to an automatic failover. As a result,
your availability impact is limited only to the time required for automatic failover to complete.
Note that Amazon RDS Multi-AZ deployments do not failover automatically in response to database operations such as long running queries,
deadlocks or database corruption errors

Question : What is the difference between an availability zone and an edge location?

1. An availability zone is a grouping of AWS resources in a specific region; an edge location is a specific resource within the AWS region.
2. An availability zone is an Amazon Resource within an AWS region where an edge location will deliver cached content to the closest location to reduce latency.
3. Access Mostly Uused Products by 50000+ Subscribers
4. None of the above

Ans : 2
Exp : mazon EC2 is hosted in multiple locations world-wide. These locations are composed of regions and Availability Zones. Each region is a separate
geographic area. Each region has multiple, isolated locations known as Availability Zones. Amazon EC2 provides you the ability to place resources, such as
instances, and data in multiple locations. Resources aren't replicated across regions unless you do so specifically.

Amazon operates state-of-the-art, highly-available data centers. Although rare, failures can occur that affect the availability of instances that are in the
same location. If you host all your instances in a single location that is affected by such a failure, none of your instances would be available.

Note
Some AWS resources might not be available in all regions and Availability Zones. Ensure that you can create the resources you need in the desired regions or
Availability Zone before deploying your applications.

Question : Which services allow you to deliver static or video content over AWS edge locations?

1. S3
2. route53
3. Access Mostly Uused Products by 50000+ Subscribers
4. CloudFront CDN

Correct Answer : Get Lastest Questions and Answer :

Explanation: Amazon CloudFront is a content delivery web service. It integrates with other Amazon Web Services to give developers and businesses an easy way to
distribute content to end users with low latency, high data transfer speeds, and no commitments. When an end user requests content that you're serving with
CloudFront, the user is routed to the edge location that provides the lowest latency, so content is delivered with the best possible performance. If the
content is already in that edge location, CloudFront delivers it immediately. If the content is not currently in that edge location, CloudFront retrieves it
from an Amazon S3 bucket or an HTTP server (for example, a web server) that you have identified as the source for the definitive version of your content.

Question How many elastic IP addresses can a en EC-classic instance have assigned to it?

1. 5
2. 3
3. Access Mostly Uused Products by 50000+ Subscribers
4. 1
5. 4

Correct Ans : 4
Exp : EC2 Private IP Address: The internal RFC 1918 address of an instance that is only routable within the EC2 Cloud. Network traffic originating outside
the EC2 network cannot route to this IP, and must use the Public IP or Elastic IP Address mapped to the instance.
EC2 Public IP Address: Internet routable IP address assigned by the system for all instances. Traffic routed to the Public IP is translated via 1:1 Network
Address Translation (NAT) and forwarded to the Private IP address of an instance. The mapping of a Public IP to Private IP of an instance is the default
launch configuration for all instance types. Public IP Addresses are no longer usable upon instance termination.
EC2 Elastic IP Address: Internet routable IP address allocated to an AWS EC2 account. Similar to EC2 Public Address, 1:1 NAT is used to map Elastic IP
Addresses with their associated Private IP addresses. Unlike a standard EC2 Public IP Address, Elastic IP Addresses are allocated to accounts and can be
remapped to other instances when desired.

Question

Your company requires that all the data on your EBS backed EC2 volumes be encrypted. How would you go about doing this?

1. Enable EBS encryption on the specific volume.
2. It must be done on the OS layer with an encrypted file system.
3. Access Mostly Uused Products by 50000+ Subscribers
4. None of the above

Ans : 1
Exp : Amazon AWS does not offer encryption on Amazon EBS volumes or snapshots.
If encryption is important to you, we recommend that you run an encrypted file system on top of your Amazon EBS volume.
Posted On: May 21, 2014

We are excited to announce the availability of Amazon EBS encryption for new EBS storage volumes, enabling you to meet security and encryption compliance
requirements. This frequently requested feature provides you with seamless support for data encryption on block-level storage, at no additional cost.

Until today, you needed third-party security tools to encrypt data for EBS volumes. With Amazon EBS encryption, you can now create an encrypted EBS volume
and attach it to a supported instance type. Data on the volume, disk I/O, and snapshots created from the volume are then all encrypted. The encryption
occurs on the servers that host the EC2 instances, providing encryption of data as it moves between EC2 instances and EBS storage. EBS encryption is based
on the industry standard AES-256 cryptographic algorithm.

To get started, simply enable encryption when you create a new EBS volume using the AWS Management Console, API, or CLI. Amazon EBS encryption is available
for all the latest EC2 instances in all commercially available AWS regions.

Question Your company wants to backup the onsite file server to AWS but does not want to serve the files from S
to your office network when files need accessed. Which service and setup would you use to accomplish this task?

1. Use Amazon Import or export.
2. Create a cronjob to sync data to Amazon S3 nightly.
3. Access Mostly Uused Products by 50000+ Subscribers
4. None of the above
Ans : 3
Exp : The AWS Storage Gateway is a service connecting an on premises software appliance with cloud based storage to provide seamless and secure integration
between an organizations on premises IT environment and AWSs storage infrastructure. The service allows you to securely store data in the AWS cloud for
scalable and cost effective storage. The AWS Storage Gateway supports industry standard storage protocols that work with your existing applications. It
provides low latency performance by maintaining frequently accessed data on premises while securely storing all of your data encrypted in Amazon Simple
Storage Service (Amazon S3) or Amazon Glacier.

Question :

1.
2.
3. Access Mostly Uused Products by 50000+ Subscribers
4.
Ans : 2
Exp : To create a launch configuration using an instance ID
1.Enter the as-create-launch-config command with the following parameters:

Launch configuration name = my-test-lc-from-instance
Instance ID = i-a8e09d9c

Create a launch configuration using Instance Id.
as-create-launch-config my-test-lc-from-instance --instance-id i-a8e09d9c

When the launch configuration is created, Auto Scaling returns a success message.

OK-Created launch config

2.Enter the as-describe-launch-configs command with the following parameter:
Launch configuration name = my-test-lc-from-instance

Describe the launch configuration.
as-describe-launch-configs my-test-lc-from-instance --show-long

The following description describes the launch configuration.

LAUNCH-CONFIG,my-test-lc-from-instance,ami-b8a63b88,t1.micro,(nil),aki-6065f250,
(nil),{/dev/sda1=snap-3decf207:6:true:standard},sg-d6b3dae6,2013-11-22T05:01:59.
291Z,false,arn:aws:autoscaling:us-east-1a:605053316265:launchConfiguration:39c956
71-708e-4cd2-8642-7fa491e3f114:launchConfigurationName/my-test-lc-from-instance,
(nil),(nil),false,(nil)

You can see that the descriptions of the new launch configuration matches the description of the instance used to
create this launch configuration, with the exception of the block device mapping. The block device mapping of the
new launch configuration consists of just the root device: /dev/sda1=snap-3decf207.
The block device mapping /dev/sdf is not associated with this new launch configuration.

Question : Scalability is a fundamental property of a good AWS system. What best describes scalability on AWS?

1. Scalability is the concept of planning ahead for what maximum resources will be required and building your infrastructure based on that capacity plan.
2. The law of diminishing returns will apply to resources as they are increased with workload.
3. Access Mostly Uused Products by 50000+ Subscribers
4. Scalability is not a fundamental property of the cloud.

Ans : 3
Exp : Auto Scaling allows you to scale your Amazon EC2 capacity up or down automatically according to conditions you define
. With Auto Scaling, you can ensure that the number of Amazon EC2 instances youre using increases seamlessly during demand spikes to maintain performance,
and decreases automatically during demand lulls to minimize costs. Auto Scaling is particularly well suited for applications that experience hourly, daily,
or weekly variability in usage. Auto Scaling is enabled by Amazon CloudWatch and available at no additional charge beyond Amazon CloudWatch fees.

Question : You are currently hosting multiple applications in a VPC and have logged numerous port scans
coming in from a specific IP address block. Your security team has requested that all access from
the offending IP address block be denied tor the next 24 hours.
Which of the following is the best method to quickly and temporarily deny access from the
specified IP address block?

1. Create an AD policy to modify Windows Firewall settings on all hosts in the VPC to deny access from the IP address block
2. Modify the Network ACLs associated with all public subnets in the VPC to deny access from the IP address block
3. Access Mostly Uused Products by 50000+ Subscribers
4. Modify the Windows Firewall settings on all Amazon Machine Images (AMIs) that your organization uses in that VPC to deny access from the
IP address block

Correct Answer : Get Lastest Questions and Answer :

Explanation: As questions is clearly asking blcok the IP addresses, and needs to be denied.

One of the difference between Security Group and ACL is

Security Groups : Supports allow rules only
While ACL : Supports allow rules and deny rules

Ans another difference is that
Security group : Operates at the instance level (first layer of defense)
Network ACL : Operates at the subnet level (second layer of defense)

AWS Certified Solutions Architect – Associate Questions and Answers (Dumps and Practice Questions)

Related Questions