Premium

AWS Certified Solutions Architect – Associate Questions and Answers (Dumps and Practice Questions)



Question : You are working with a healthcare IT organization, which maintain the health record of many USA health patients. You have two applications one of which create health records and stored it in Amazon S
bucket. This health records cannot be exposed to public and needs to be protected. Another application which is a Web application hosted on EC2 instance needs to read those sensitive documents and whenever user login
on the website can access and view those health records, even their family doctors can also view those documents. However, it is suggested by audit security team that you can access this documents over the public
network, what is the best solution for this problem?


: You are working with a healthcare IT organization, which maintain the health record of many USA health patients. You have two applications one of which create health records and stored it in Amazon S
1. You will create your custom VPC and attach internet gateway to this and from that gateway, you will access S3 buckets.

2. You will be using VPC peering

3. You will be installing storage gateway to access the data in S3 over the private network.

4. You will be creating a VPN connection, so that data can be accessed over the VPN tunnel

5. You will be using VPC endpoint to access the data from AWS S3

Correct Answer : 5
Explanation: VPC endpoint is the correct solution for given requirement. You can access Amazon S3 bucket using Amazon VPC endpoint, without even using the public internet connection (Hence, sensitive
information cannot be exposed over internet). When you create VPC endpoints, they provide secure connection between S3 and your VPC and do not need any gateways and NAT instances.

Hence, whatever instances running in Private subnet of a VPC can now have controlled access to S3 buckets, objects, and API functions that should be in the same region as the VPC.

You have to use AWS S3 bucket policy to indicate which VPCs and which Endpoints have access to your S3 buckets.





Question : You have a monthly job/batch, which analyzes millions of files accumulated in entire month and contains various patient health detail and want to recommend the patient what he needs to do, hence you have
written good amount of MapReduce code which can run on these files. These jobs needs to be executed once in every 30 days using AWS EC2 instances, which requires approx. 1000 vCPU for approx. 3 hrs. to complete the
entire job. Which of the following approach you will use?



: You have a monthly job/batch, which analyzes millions of files accumulated in entire month and contains various patient health detail and want to recommend the patient what he needs to do, hence you have
1. You will request 9 EC2 on-demand instances with m5.24xlarge, which can deliver approx. 9X5X24 vCPU = 1080

2. You will request 9 EC2 spot instances with m5.24xlarge, which can deliver approx. 9X5X24 vCPU = 1080 at lower cost

3. You will request 1 EC2 spot instances with m5.24xlarge, which can deliver approx. 9X5X24 vCPU = 216 and run the job for 15 hours

4. You will be using EC2 Fleet to launch EC2 spot instances with m5.24xlarge and capacity would be 1000 vCPU


Correct Answer : 4
Explanation: Using EC2 fleet you can launch and manage entire fleet of Spot instances with one request. You can assume Fleet as a collection of EC2 instances it could be spot, on-demand, reserved etc.
which all work together as part of a distributed application. A fleet could be a batch processing job, Hadoop workflow, HPC grid computing etc.) . You can launch fleets of Spot instances with the sizes ranging from
one instance up to thousands), with the custom written code that is responsible for discovering capacity, monitoring market prices across instance types and availability zones, and managing bids, all with the goal of
running their workloads with the lowest possible costs.

However, with the EC2 fleet you don't need custom code, instead a single API function : RequestSpotFleet does all the work on your behalf, you just need to provide like what is the target capacity you need like in
this question we need 1000 vCPU, what is your bid price per hour, and what instance types you are looking for. Single call with the specification, will do your entire job.




Question : You have been working with a HealthCare IT company who manages the patients on behalf of various hospitals. This data is very sensitive some research team can run analytics on the data if permitted.
However, this data is very sensitive and needs to be stored in RDBMS. How would you make sure that data stored in RDS is secure and cannot be attacked through network attack, hence research team can access this data
from EC2 instances


: You have been working with a HealthCare IT company who manages the patients on behalf of various hospitals. This data is very sensitive some research team can run analytics on the data if permitted.
1. You will be having two VPC one for research team and another for RDS instance and make a connection between these two VPC using VPC peering.

2. You will be creating database user for research team so that only permitted users can access data from RDS instance

3. You will be defining security groups such that only data can be accessed from allowed networks.

4. You will be having VPN connection between EC2 instance and RDS instance.

Correct Answer : 3
Explanation: If you read question carefully, you will get to know that they want security on network level. And you can eliminate all the options which are not network level like option 2, user permissions
are grants who can access and who cannot access the data. However, if permitted user trying to access the data over a public network which can be attacked.

VPC peering is a connection between two VPC and still data transfer between two VPC can be attacked.

VPN is again a network solution and does not control the security for traffic.

Security Group: Using security group you can define which IP (CIDR block) can access to RDS service, if your research team try to access data which are not permitted IP address then they cannot be able to access the
data . So using security group you can control which IP and ports are permitted to access the data.



Related Questions

Question : You are deploying a Stateful web application www.HadoopExam.com . Which uses Amazon RDS as a backend database. What is the below feature
provided by AWS RDS so that your web application all time available?


 : You are deploying a Stateful web application www.HadoopExam.com . Which uses Amazon RDS as a backend database. What is the below feature
1. It takes automated backup of database and copy in another region. Hence, in case of website failure you can recover it.

2. RDS has Multi Region deployment. Hence, one region is completely down. It can be used with another region.

3. RDS has Multi-Az deployment. Hence, one Availability zone is down than can be used with another AZ

4. Data Security is responsibility of the AWS.


Question : What does Amazon RDS manage on my behalf?

A. Amazon RDS manages the work involved in setting up a relational database: from provisioning the infrastructure capacity you request
B. Installing the database software
C. Amazon RDS automates common administrative tasks such as performing backups and patching the software that powers your database.
D. managing the database settings that are specific to your application
E. Build the relational schema that best fits your use case and are responsible for any performance tuning to optimize your database for your application's workflow

 : What does Amazon RDS manage on my behalf?
1. A,B,C
2. B,C,D
3. C,D,E
4. A,D,E
5. A,C,E


Question : In which scenario, you will be considering Amazon Redshift solution?
 : In which scenario, you will be considering Amazon Redshift solution?
1. You are daily receiving structured feed 20GB each day. And want to store in structured format for analysis, with already existing
200TB of data being accumulated.

2. It is the best solution for creating NoSQL database like HBase

3. It is the best solution for creating application level caching

4. It is good for daily retail banking transaction store.

5. It is best for storing raw files received as a feed.


Question : There is a Windows XP client, which has ephemeral port range -, and a request initiated to a web server in
your VPC from this Windows XP client over the Internet, which of the following statements are correct for serving request to that client ?

 : There is a Windows XP client, which has ephemeral port range -, and a request initiated to a web server in
1. Your network ACL must have an outbound rule to enable traffic destined for ports 1025-5000
2. Your network ACL must have an inbound rule to enable traffic destined for ports 1025-5000
3. Your network ACL must have an inbound and outbound rule to enable traffic destined for ports 1025-5000
4. All of the above


Question : Which of the following statement is true about AWS DynamoDB Global Secondary Indexes
A. They can be added on to existing tables
B. They have their own provisioned throughput
C. They can have different partition and sort keys from the parent table
D. Must be created when we create the table.
 : Which of the following statement is true about AWS DynamoDB Global Secondary Indexes
1. A,B,C
2. B,C,D
3. A,C,D
4. A,B,D


Question : If you are using DB instance that uses Provisioned IOPS storage , will you be charged for I/Os as well?
 : If you are using DB instance that uses Provisioned IOPS storage , will you be charged for I/Os as well?
1. Only above 1 Million/Week.
2. Only above 1 Billion/month.
3. No, there is no charge for I/Os
4. Yes, you will be charged for each I/Os