Premium

AWS Certified Solutions Architect – Associate Questions and Answers (Dumps and Practice Questions)



Question : In VPC, as per the requirements of your customer gateway is to utilize the ______ hashing function
to authenticate both IKE and IPsec Security Associations.

: In VPC, as per the requirements of your customer gateway is to utilize the ______ hashing function
1. HMAC
2. SHA-224
 3. Access Mostly Uused Products by 50000+ Subscribers
4. MD5

Correct Answer : Get Lastest Questions and Answer :

Your company has decided to use an optional Amazon VPC VPN connection that links your data center (or network) to your Amazon VPC virtual
private cloud (VPC). A customer gateway is the anchor on your side of that connection. It can be a physical or software appliance.
The anchor on the AWS side of the VPN connection is called a virtual private gateway.

SHA-1 This hashing function is used to authenticate both IKE and IPsec Security Associations.

There are four main parts to the configuration of your customer gateway.
1. IKE Security Association (required to exchange keys used to establish the IPsec security association)
2. IPsec Security Association (handles the tunnel's encryption, authentication, and so on.)
3. Access Mostly Uused Products by 50000+ Subscribers
4. Optional BGP peering (exchanges routes between the customer gateway and the virtual private gateway) for devices that use BGP






Question : You have a web application leveraging an Elastic Load Balancer (ELB) In front of the web servers
deployed using an Auto Scaling Group Your database is running on Relational Database Service
(RDS) The application serves out technical articles and responses to them in general there are
more views of an article than there are responses to the article. On occasion, an article on the site
becomes extremely popular resulting in significant traffic Increases that causes the site to go
down.
What could you do to help alleviate the pressure on the infrastructure while maintaining availability
during these events?
Choose 3 answers

A. Leverage CloudFront for the delivery of the articles.
B. Add RDS read-replicas for the read traffic going to your relational database
C. Leverage ElastiCache for caching the most frequently used data.
D. Use SQS to queue up the requests for the technical posts and deliver them out of the queue.
E. Use Route53 health checks to fail over to an S3 bucket for an error page.

: You have a web application leveraging an Elastic Load Balancer (ELB) In front of the web servers
1. A,B,C
2. B,C,D
 3. Access Mostly Uused Products by 50000+ Subscribers
4. A,B,D
5. B,C,E

Correct Answer : Get Lastest Questions and Answer :

Explanation: CloudFront : Amazon CloudFront is a content delivery web service. It integrates with other Amazon Web Services products to give developers and
businesses an easy way to distribute content to end users with low latency, high data transfer speeds, and no minimum usage commitments.
Amazon ElastiCache improves the performance of web applications by allowing you to retrieve information from a fast, managed, in-memory caching system,
instead of relying entirely on slower disk-based databases. The service simplifies and offloads the management, monitoring and operation of in-memory cache
environments, enabling your engineering resources to focus on developing applications. Using Amazon ElastiCache, you can not only improve load and response
times to user actions and queries, but also reduce the cost associated with scaling web applications.
Amazon ElastiCache automates common administrative tasks required to operate a distributed cache environment. Using Amazon ElastiCache, you can add a
caching layer to your application architecture in a matter of minutes via a few clicks of the AWS Management Console. Once a cache cluster is provisioned,
Amazon ElastiCache automatically detects and replaces failed cache nodes, providing a resilient system that mitigates the risk of overloaded databases,
which slow website and application load times. Through integration with Amazon CloudWatch monitoring, Amazon ElastiCache provides enhanced visibility into
key performance metrics associated with your cache nodes. Amazon ElastiCache is protocol-compliant with Memcached and Redis, so code, applications, and
popular tools that you use today with your existing Memcached or Redis environments will work seamlessly with the service. As with all Amazon Web Services,
there are no up-front investments required, and you pay only for the resources you use.
There are a variety of scenarios where deploying one or more Read Replica for a given source DB instance might make sense. Common reasons for deploying a
Read Replica include the following:
.Scaling beyond the compute or I/O capacity of a single DB instance for read-heavy database workloads. This excess read traffic can be directed to one or
more Read Replicas.
.Serving read traffic while the source DB instance is unavailable. If your source DB instance cannot take I/O requests (for example, due to I/O suspension
for backups or scheduled maintenance), you can direct read traffic to your Read Replica(s). For this use case, keep in mind that the data on the Read
Replica might be "stale" because the source DB instance is unavailable.
.Business reporting or data warehousing scenarios where you might want business reporting queries to run against a Read Replica, rather than your primary,
production DB instance







Question :

At which frequency of updates will Amazon CloudWatch monitor your EC2 instances for free?

:
1. 1
2. 5
 3. Access Mostly Uused Products by 50000+ Subscribers
4. 10

Correct Answer : Get Lastest Questions and Answer :

Explanation: You can get started with Amazon CloudWatch for free. Many applications should be able to operate within these free tier limits.

Basic Monitoring metrics (at five-minute frequency) for Amazon EC2 instances are free of charge, as are all metrics for Amazon EBS volumes, Elastic Load
Balancers, and Amazon RDS DB instances.
New and existing customers also receive 10 metrics (applicable to Detailed Monitoring for Amazon EC2 instances or Custom Metrics), 10 alarms, and 1 million
API requests each month at no additional charge.




Related Questions

Question : You are working with an investment bank, which has recently announced to use Hybrid Cloud, public cloud as an AWS and private cloud as in-house datacenter. Company mandated to login AWS console to use
multifactor authentication for each account.
Now one of the team started using DynamoDB NoSQL solution, from the application which is installed on, on premise Linux instances. During development and testing they have been using secret keys and access keys, which
are stored locally on the same Linux
host. One of your security team member had raised concern over storing this keys in text file and using this in this way, and he suggested you need to come up with more secure and safe way for interacting between
Linux instance and DynamoDB. Which of the
following you should consider is the safest way?

A. Amazon can store keys more secure way. So you will be creating an encrypted EBS volume and store that text file on that encrypted EBS volume.
B. You will enable encryption between DynamoDB and application installed on Linux instance, using secure certificates.
C. You will encrypt that text file and store it in the same instance, and whenever you need to make a connection with the DynamoDB, you have to decrypt that key.
D. You will be using Amazon provided KMS (Key management service) service
E. You will be leveraging IAM Role functionality
: You are working with an investment bank, which has recently announced to use Hybrid Cloud, public cloud as an AWS and private cloud as in-house datacenter. Company mandated to login AWS console to use
1. A,B
2. B,C
3. C,D
4. B,E
5. A,D


Exp : This question has some latent aspect of security. Question is focusing on access keys and secrete keys. But in the given option, if you have to select more than one answer than you have to check which all
options are appropriate for secure data
transfer and making connection with the AWS services.

Access Keys: You should always avoid to saves access keys on the same host from which your application runs. It is not at all secure. In the exam they may give you a question with AMI (instead of your datacenter, you
launched EC2 instance and deployed your
application on it, which will connect with the DynamoDB, with the given use case also you should not store these keys on text file)

Can I store it in S3 Bucket? : What is the point of storing Access keys in S3 bucket? No it is not a secure way.

Why keys at all? : Wherever you see a question regarding credentials and you find in the option that IAM Role is given, then think over it. There is the probability this answer will be correct, as in this question.

KMS: Key management service is for storing SSL certificates and not for access keys and secret keys.

Encryption: Yes, whenever data leaves from one network (from AWS) and reach to another network (host on your data center), you must have encryption enabled so that your data are not corrupted by middleman attack.


Question : QuickTechie.com is a very popular websites for the certification exam preparations and they provide online practice material to prepare for a certifications. Only member of the website can attempt to
practice paper, hence you need to create you
profile and once you create the profile you can start your practice. However, to maintain the session, like how many questions you have appeared and how many right and wrong etc. are maintained using sessions. Once
you close the sessions or finish the
question paper history of your exam attempts will be deleted. To maintain this entire history of an attempt of the exam, which of the following services can be used, remember it is scalable website with 4 EC2 nodes in
two availability zones?

A. Amazon S3
B. ElastiCache
C. DynamoDB
D. Amazon Simple workflow service
E. Amazon Redshift
Exp : This question has some latent aspect of security. is focusing on access keys and secrete keys. But in the given option, if you have to select more than one answer than you have to check which all
1. A,B
2. B,C
3. C,D
4. D,E
5. A,E


SWS: Question requirement is nowhere related to workflow service and eliminate this option as well. Hence, remaining options are well suited.


Question : You are working in AcmeShell Inc. their accounting department submit tax on monthly basis for their employee as well for the services provided by the company to their client and they need to store all
these records which are documented and
should be protected by deletion and any kind of data loss. Which of the following is best suitable solutions from AWS?

SWS: requirement is nowhere related to workflow service and eliminate this option as well. Hence, remaining options are well suited.
1. You will create an EBS volume and attach it to one of the EC2 instance and install accounting application on it, which will encrypt the document and store on it. You will also replicate same EBS
volume in another region using sync process.

2. You should create one copy in EBS volume and another copy in the instance store of EC2 instance.

3. You should use AWS Glacier storage service

4. You can use S3 storage service with versioning enabled

5. You should use DynamoDB where you can stored documents as well