Premium

AWS Certified Solutions Architect – Associate Questions and Answers (Dumps and Practice Questions)



Question : What does this command do?

: What does this command do?
1. Launch a single micro instance as a member of app-a security group.
2. Launch two micro instances from the AMI ami-e58cb88c as members of the app-a security group.
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Launch two micro instances from the AMI ami-e58cb88c.

Correct Answer : Get Lastest Questions and Answer :

Explanation:






Question : You ve created a production architecture on AWS. It consists of load balancer, route domain, Amazon S buckets,
auto scaling policy, and Amazon CloudFront for content delivery. Your boss asks you for the ability to duplicate this architecture
by using a JSON based template. What AWS service would you use?

: You ve created a production architecture on AWS. It consists of load balancer, route domain, Amazon S buckets,
1. Amazon DynamoDB
2. Amazon SimpleDB
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Amazon Bootstrap

Correct Answer : Get Lastest Questions and Answer :

Exp: AWS CloudFormation gives developers and systems administrators an easy way to create and manage a collection of related AWS resources, provisioning and updating them in an orderly and predictable fashion.

You can use AWS CloudFormations sample templates or create your own templates to describe the AWS resources, and any associated dependencies or runtime
parameters, required to run your application. You dont need to figure out the order for provisioning AWS services or the subtleties of making those
dependencies work. CloudFormation takes care of this for you. After the AWS resources are deployed, you can modify and update them in a controlled and
predictable way, in effect applying version control to your AWS infrastructure the same way you do with your software.

You can deploy and update a template and its associated collection of resources (called a stack) by using the AWS Management Console, AWS Command Line
Interface, or APIs. CloudFormation is available at no additional charge, and you pay only for the AWS resources needed to run your applications.






Question : You have started a new job and are reviewing your company's infrastructure on AWS You notice
one web application where they have an Elastic Load Balancer (ELB) in front of web instances in an
Auto Scaling Group When you check the metrics for the ELB in CloudWatch you see four healthy
instances In Availability Zone (AZ) A and zero in AZ B There are zero unhealthy instances.
What do you need to fix to balance the instances across AZs?



: You have started a new job and are reviewing your company's infrastructure on AWS You notice
1. Set the ELB to only be attached to another AZ
2. Make sure Auto Scaling is configured to launch in both AZs
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Make sure the maximum size of the Auto Scaling Group is greater than 4


Correct Answer : Get Lastest Questions and Answer :

Explanation:


Related Questions

Question : Your company has offices, and all the employee related information is stored on AWS VPC based EC instances.
All the offices wants to connect the instances in VPC using VPN to fetch employee data stored on EC2 instance. What problem do you see in this scenerio ?
 : Your company has offices, and all the employee related information is stored on AWS VPC based EC instances.
1. You can not create more than 1 VPN connections with single VPC
2. You can not create more than 10 VPN connections with single VPC
3. Access Mostly Uused Products by 50000+ Subscribers
4. Statically assigned routes can not be configured in case of more than 1 VPN with virtual private gateway.
5. None of above


Question : You have in total offices, and all the employee related information is stored under AWS VPC instances. Now all the offices wants to
connect the instances in VPC using VPN. Which of the below help you to implement this ?

 : You have in total offices, and all the employee related information is stored under AWS VPC instances. Now all the offices wants to
1. you can have redundant customer gateways between your data center and your VPC
2. you can have multiple locations connected to the AWS VPN CloudHub
 3. Access Mostly Uused Products by 50000+ Subscribers
4. 1 and 2
5. 1,2 and 3


Question : You are creating a CloudWatch Alarm on your AWS resources to check the health and performance of your QuickTechie.com website. If you
observe there are some alarms which indicate some problems and need some attention. However, there are some resources which can not be monitored with the default cloudwatch alarm,
and you need to create a custom CloudWatch for the same select which Which of the following requires a custom CloudWatch metric to monitor?

 : You are creating a CloudWatch Alarm on your AWS resources to check the health and performance of your QuickTechie.com website. If you
1. when memory utilization reaches or exceeds 90%
2. when cpu utilization reaches or exceeds 90%
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Bandwidth Network in
4. Estimated charges on AWS Services


Question : On the website www.QuickTechie.com, there seems to be some problem, because static pages of the website is being migrated
and visitor faces a problem with 404 page not found. Now you want to monitor how many times your Apache servers return a HTTP 404 response, which is the response code for page not
found. You might want to monitor this to understand how often your site visitors do not find the resource they are looking for. Assume that your log records are structured to
include the following information for each log event (site visit):
. Requestor IP Address
. RFC 1413 Identity
. Username
. Timestamp
. Request method with requested resource and protocol
. HTTP response code to request
. Bytes transferred in request

An example of this might look like the following:
127.0.0.1 - James Bond [10/Oct/2014:13:55:36 -0700] "GET /quicktechie.gif HTTP/1.0" 404 2326

How would you create the matric for this.
A. Using CloudWatch Logs
B. This matric is by default available with AWS services
C. In CloudWatch console On the Define Logs Metric Filter screen, in the Filter Pattern field, enter [IP, UserInfo, User,Timestamp, RequestInfo, StatusCode=404, Bytes]
D. By Creating create a metric filter using the AWS CLI
E. You have to write your custom solutions in Java and submit the same to CloudWatch to create matrics
 : On the website www.QuickTechie.com, there seems to be some problem, because static pages of the website is being migrated
1. A,B,D
2. B,C,E
 3. Access Mostly Uused Products by 50000+ Subscribers
4. C,D,E
5. A,C


Question : Which of the following you can do ?
 : Which of the following you can do ?
1. give a user access to CloudWatch data for only a specific set of instances
2. give a user access to CloudWatch data for only a specific LoadBalancer
 3. Access Mostly Uused Products by 50000+ Subscribers
4. All 1,2 and 3
5. None of 1,2 and 3
Ans : 5 Exp : Amazon CloudWatch integrates with AWS Identity and Access Management (IAM) so that you can specify which CloudWatch actions a user in your AWS Account can perform. For example, you could create an
IAM policy that gives only certain users in your organization permission to use GetMetricStatistics. They could then use the action to retrieve data about your cloud resources.
You can't use IAM to control access to CloudWatch data for specific resources. For example, you can't give a user access to CloudWatch data for only a specific set of instances or a specific LoadBalancer.
Permissions granted using IAM cover all the cloud resources you use with CloudWatch. In addition, you can't use IAM roles with the Amazon CloudWatch command line tools.
Important
Using Amazon CloudWatch with IAM doesn't change how you use CloudWatch. There are no changes to CloudWatch actions, and no new CloudWatch actions related to users and access
control. CloudWatch doesn't have any specific resources for you to control access to. Therefore, there are no CloudWatch ARNs for you to use in an IAM policy.You use * as the resource when writing a policy to
control access to CloudWatch actions. However, if you are using either the Amazon CloudWatch CLI or API, or if you are using the AWS SDKs with the API, to create an Amazon CloudWatch alarm using an Amazon EC2 instance metric, you can
add an action using the action's dedicated Amazon Resource Name (ARN).You can add the action to any alarm state, and you can specify the region for each action. The region must match the region to which you send the put-metric-alarm request.


Question : You have a website called www.QuickTechie.com and configured with the Auto Scalling to handle peak load. Which of the following CloudWatch
matric will be helpful to get matric about Auto Scalling instances.

: Which of the following you can do ?
1. Detailed monitoring
2. Basic Monitoring
 3. Access Mostly Uused Products by 50000+ Subscribers
4. You have to select Dynamic Auto scalling

Ans : 1 Exp : Instance metrics are the metrics that an individual Amazon EC2 instance sends to CloudWatch. Instance metrics are the same
metrics available for any Amazon EC2 instance, whether or not it is in an Auto Scaling group. CloudWatch offers basic or detailed monitoring. Basic
monitoring sends aggregated data about each instance to CloudWatch every five minutes. Detailed monitoring offers more frequent aggregated data by
sending
data from each instance every minute.
Note : Selecting detailed monitoring is a prerequisite for the collection of Auto Scaling group metrics.
To enable detailed instance monitoring for a new Auto Scaling group, you don't need to take any extra
steps. One of your first steps when creating an Auto Scaling group is to create a launch configuration.
Each launch configuration contains a flag named InstanceMonitoring.Enabled. The default value
of this flag is true, so you don't need to set this flag if you want detailed monitoring.
If you have an Auto Scaling group for which you have explicitly selected basic monitoring, the switch to
detailed monitoring involves several steps, especially if you have CloudWatch alarms configured to scale
the group automatically.


Question : QuickTechie.com website is deployed right now in two Availability Zones in a same US-WEST region, and uses the Elastic Load Balancing and
Auto Scaling. There is a MySQL database as a backend database and configured with synchronous replication (very low latency connectivity)
at the database layer. It is possible that one of the Availability Zone go down, and new instances can not be launched in the remaining
Availability Zones. Now QuickTechie.com architect wants to enhance this architecture so all the time www.QuickTechie.com remain up.

: Which of the following you can do ?
1. Deploy www.QuickTechie.com in three Availability Zones, with Auto Scaling minimum set to handle 50 percent peak load per zone.
2. Deploy www.QuickTechie.com in two regions , with Auto Scaling minimums set for 50 percent peak load per Region.
 3. Access Mostly Uused Products by 50000+ Subscribers
4. None of the above



Question : Your website needs to be configured with Auto Scalling so that during peak load it can launch new instances to serve more visitors.
Select the correct statement regarding auto scalling.

 : Your website needs to be configured with Auto Scalling so that during peak load it can launch new instances to serve more visitors.
1. You can set up your load balancer to distribute incoming requests across EC2 instances in a single Availability Zone or multiple
Availability Zones within same region only.
2. You can set up your load balancer to distribute incoming requests across EC2 instances in a single Availability Zone or multiple
Availability Zones within same or deifferent region.
 3. Access Mostly Uused Products by 50000+ Subscribers
Balancing routes traffic to your registered and healthy instances in those other Availability Zones.
4. 2 and 3 are correct
5. None of the above
Ans : 1 Exp : When one Availability Zone becomes unhealthy or unavailable, Auto Scaling launches new instances in an unaffected Availability Zone. When
the
unhealthy Availability Zone returns to a healthy state, Auto Scaling automatically redistributes the application instances evenly across all of the
Availability Zones for your Auto Scaling group. Auto Scaling does this by attempting to launch new instances in the Availability Zone with the fewest
instances. If the attempt fails, however, Auto Scaling attempts to launch in other Availability Zones until it succeeds.

An Auto Scaling group can contain EC2 instances that come from one or more Availability Zones within the same region. However, an Auto Scaling group
cannot
span multiple regions.

You can set up your load balancer to distribute incoming requests across EC2 instances in a single Availability Zone or multiple Availability Zones
within a
region. The load balancer does not distribute traffic across regions. For critical applications, we recommend that you distribute incoming traffic across
multiple Availability Zones by registering your Auto Scaling group in multiple Availability Zones and then enabling your load balancer in each of those
Availability Zones. Incoming traffic is load balanced equally across all the Availability Zones enabled for your load balancer.

If your load balancer detects unhealthy EC2 instances in an enabled Availability Zone, it stops routing traffic to those instances. Instead, it spreads
the
load across the remaining healthy instances. If all instances in an Availability Zone are unhealthy, but you have instances in other Availability Zones,
Elastic Load Balancing routes traffic to your registered and healthy instances in those other Availability Zones. It resumes load balancing to the
original
instances when they have been restored to a healthy state and are registered with your load balancer.

You can expand the availability of your scaled and load-balanced application by adding a new Availability Zone to your Auto Scaling group and then
enabling
that Availability Zone for your load balancer. After you've enabled the new Availability Zone, the load balancer begins to route traffic equally among
all
the enabled Availability Zones.


Question : QuickTechie.com helps brands convert their e-mail lists into social profiles. The company uses numerous solutions from Amazon Web Services
(AWS), including Amazon Elastic MapReduce with and EC2 instances, Howerver, they are concerned about their costs as well as enabling them to quickly scale their capacity for
agency and corporate clients to millions of contact lookups per day and decrease their data processing costs. So which of the below instances are good in above scenerio.


: Your website needs to be configured with Auto Scalling so that during peak load it can launch new instances to serve more visitors.
1. On-Demand Instances
2. Reserved Instances
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Any of the above is fine

Ans : 3 Exp : Using Spot Instances can generate savings that you can keep, invest elswhere, or pass on to your customers. Because Spot prices are
typically
far below (recently 86% lower, on average) On Demand prices, you can lower the cost of your interruption-tolerant tasks and, potentially, accelerate
those
applications when there are many Spot Instances available.

There are four general categories of time-flexible and interruption-tolerant tasks that work well with Spot Instances:
Optional tasks. These tasks are nice-to-have but not strictly required. When Spot prices are low, you can run your optional tasks, and when they rise too
high you can stop them.
Delayable tasks. These tasks have deadlines that allow you to be flexible about when you run your computations (e.g., weekly batch jobs or media
transcoding).
Acceleratable tasks. These tasks can be sped up by adding additional computing power. You can run Spot Instances to accelerate your computing when the
Spot
price is low while maintaining a baseline layer of On-Demand or Reserved Instances (e.g., using Spot task nodes and On-Demand master and core nodes in an
Elastic MapReduce job).
Large scale tasks. These tasks may require computing scale that you can't access any other way. With Spot, you can cost-effectively run thousands or more
instances in AWS regions around the world.

Spot Instances are spare Amazon EC2 instances for which you can name your own price. The Spot Price is set by Amazon EC2, which fluctuates in real-time
according to Spot Instances supply and demand. When your bid exceed the Spot Price, your Spot instance is launched and your instance will run until the
Spot
Price exceed your bid (a Spot interruption) or you choose to terminate them.

To use Spot Instances, you place a Spot Instance request that specifies the instance type, the Availability Zone desired, the number of Spot Instances
desired, and the maximum price you are willing to pay per instance hour (your bid).

To determine how that maximum price compares to past Spot Prices, the Spot Price history for the past 90 days is available via the Amazon EC2 API and the
AWS Management Console.





Question : www.QuickTechie.com website is hosted on multiple EC instances which are configured with Auto Scalling and ELB. These instances are in
different availability zone with security group not to support more different traffic you change the security group rules to allow inbound traffic, and also added new instances in
the same security group. When this new rule will be effective.


: Your website needs to be configured with Auto Scalling so that during peak load it can launch new instances to serve more visitors.
1. On new instances it will be applicable immediately, and with old instances it works with eventual consitency
2. On new instances it will be applicable immediately, and with old instances you have to re-start.
 3. Access Mostly Uused Products by 50000+ Subscribers
4. None of the above.

Ans : 3 Exp : A security group acts as a virtual firewall that controls the traffic for one or more instances. When you launch an instance, you
associate
one or more security groups with the instance. You add rules to each security group that allow traffic to or from its associated instances. You can
modify
the rules for a security group at any time; the new rules are automatically applied to all instances that are associated with the security group. When we
decide whether to allow traffic to reach an instance, we evaluate all the rules from all the security groups that are associated with the instance.
Security Groups for EC2-Classic
If you're using EC2-Classic, you must use security groups created specifically for EC2-Classic. When you launch an instance in EC2-Classic, you must
specify
a security group in the same region as the instance. You can't specify a security group that you created for a VPC when you launch an instance in
EC2-Classic.
After you launch an instance in EC2-Classic, you can't change its security groups. However, you can add rules to or remove rules from a security group,
and
those changes are automatically applied to all instances that are associated with the security group.
Note
In EC2-Classic, you can associate an instance with up to 500 security groups and add up to 100 rules to a security group.
Security Groups for EC2-VPC
If you're using EC2-VPC, you must use security groups created specifically for your VPC. When you launch an instance in a VPC, you must specify a
security
group for that VPC. You can't specify a security group that you created for EC2-Classic when you launch an instance in a VPC.
After you launch an instance in a VPC, you can change its security groups. You can also change the rules of a security group, and those changes are
automatically applied to all instances that are associated with the security group.
Note
In EC2-VPC, you can associate a network interface with up to 5 security groups and add up to 50 rules to a security group.
When you specify a security group for a nondefault VPC to the CLI or the API actions, you must use the security group ID and not the security group name
to
identify the security group.



Question : The Amazon VPC is not connected to any of your infrastructure on premises or elsewhere. You might or might not have additional
infrastructure residing on premises, or elsewhere. If you need to accept connections from Internet users, select the correct otion which help in this case.

: Your website needs to be configured with Auto Scalling so that during peak load it can launch new instances to serve more visitors.
1. by allocating elastic IP addresses (EIPs) to only those Amazon VPC instances that need connection from internet users.
2. by allocating static IP addresses to only those Amazon VPC instances that need connection from internet users.
 3. Access Mostly Uused Products by 50000+ Subscribers
4. None of the above

Ans : 1 Exp : The Amazon VPC is not connected to any of your infrastructure on premises or elsewhere. You might or might not have additional
infrastructure
residing on premises, or elsewhere. If you need to accept connections from Internet users, you can provide inbound access by allocating elastic IP
addresses (EIPs) to only those Amazon VPC instances that need them. You can further limit inbound connections by using security groups or NACLs for only
specific ports and source IP address ranges. If you can balance the load of traffic inbound from the Internet, you don't need EIPs. You can place
instances
behind Elastic Load Balancing. For outbound (to the Internet) access, for example to fetch software updates or to access data on AWS public services,
such
as Amazon S3, you can use a NAT instance to provide masquerading for outgoing connections. No EIPs are required.



Question : Which of the following help you to build network segments
: Your website needs to be configured with Auto Scalling so that during peak load it can launch new instances to serve more visitors.
1. Using Amazon VPC
2. Using security groups
 3. Access Mostly Uused Products by 50000+ Subscribers
4. All of the above

Ans : 4
Exp : On AWS, you can build network segments using the following access control methods:
- Using Amazon VPC to define an isolated network for each workload or organizational entity.
- Using security groups to manage access to instances that have similar functions and security requirements;
security groups are stateful firewalls that enable firewall rules in both directions for every allowed and
established TCP session or UDP communications channel.
- Using Network Access Control Lists (NACLs) that allow stateless management of IP traffic. NACLs are agnostic of
TCP and UDP sessions, but they allow granular control over IP protocols (for example GRE, IPSec ESP, ICMP), as
well as control on a per-source/destination IP address and port for TCP and UDP. NACLs work in conjunction
with security groups, and can allow or deny traffic even before it reaches the security group.



Question : Which of the below works like stateful firewalls
: Your website needs to be configured with Auto Scalling so that during peak load it can launch new instances to serve more visitors.
1. security groups
2. Network ACLs
 3. Access Mostly Uused Products by 50000+ Subscribers
4. All of the above

Ans : 1 Exp : Always use security groups: They provide stateful firewalls for Amazon EC2 instances at the hypervisor level. You
can apply multiple security groups to a single instance, and to a single ENI.
- Augment security groups with Network ACLs: They are stateless but they provide fast and efficient controls.
Network ACLs are not instance-specific so they can provide another layer of control in addition to security
groups. You can apply separation of duties to ACLs management and security group management.
- Use IPSec or AWS Direct Connect for trusted connections to other sites. Use Virtual Gateway (VGW) where
Amazon VPC-based resources require remote network connectivity.
- Protect data in transit to ensure the confidentiality and integrity of data, as well as the identities of the
communicating parties.
- For large-scale deployments, design network security in layers. Instead of creating a single layer of network
security protection, apply network security at external, DMZ, and internal layers.


Question : You are having a security group called "webtier" that has rules to open port and . You could then run webservers that are all
part of the "webtier"
security group. If you later decide that you just want to support HTTPS traffic from the web server, you can simply close port 80 in the "webtier"
security group. Select the correct statement..


: Your website needs to be configured with Auto Scalling so that during peak load it can launch new instances to serve more visitors.
1. All 10 instances will immediately respect this change and start blocking traffic from surfacing on port 80.
2. All 10 instances will start implementing this rule and will be blocked for input and output traffic until all implemented this security.
 3. Access Mostly Uused Products by 50000+ Subscribers
4. None of the above.

Ans : 1 Exp : Security groups are one of the most critical tools we have to isolate our infrastructure on Amazon EC2. All EC2 instances
are required to belong to one or more security groups. Security groups enable the AWS administrator to set policy for
controlling open ports, and to set policy for providing isolation between application tiers. In Amazon VPC, every instance
runs over a stateful firewall that runs on the host with all ports closed by default. The security group is responsible for
opening up ingress and egress ports on that firewall. For example, you could have a security group called "webtier" that
has rules to open port 80 and 443. You could then run 10 webservers that are all part of the "webtier" security group. If
you later decide that you just want to support HTTPS traffic from the web server, you can simply close port 80 in the
"webtier" security group. All 10 instances will immediately respect this change and start blocking traffic from surfacing
on port 80.
Security groups provide much more than firewall policy, though. You can use them to lock one tier of your application to
another for much better control over the isolation of the system. For example, suppose you create a security group to
run your SQL Servers in. In that security group, you can specify that you will allow traffic on port 1433, but only from
members of the security group containing your SharePoint servers. This provides an additional layer of protection in
addition to using VPC subnets and network routes to provide network isolation. It allows for more granular control,
which allows you to further reduce the attack surface. Later in this paper, we highlight some specific usage scenarios for
security groups when we discuss how to use them to protect your application.



Question : Select which does not apply to Security Group
: Your website needs to be configured with Auto Scalling so that during peak load it can launch new instances to serve more visitors.
1. Operates at the instance level (first layer of defense)

2. Supports allow rules and deny rules

 3. Access Mostly Uused Products by 50000+ Subscribers
4. Applies to an instance only if someone specifies the security group when launching the instance, or associates the security group with
the
instance later on