Premium

AWS Certified Solutions Architect – Associate Questions and Answers (Dumps and Practice Questions)



Question : You are designing a system that has a Bastion host. This component needs to be highly available without human intervention.
Which of the following approaches would you select?

: You are designing a system that has a Bastion host. This component needs to be highly available without human intervention.
1. Run the bastion on two instances one in each AZ
2. Run the bastion on an active Instance in one AZ and have an AMI ready to boot up in the event of failure

3. Access Mostly Uused Products by 50000+ Subscribers
max-size of 1
4. Configure an ELB in front of the bastion instance



Correct Answer : Get Lastest Questions and Answer :







Question : Select the correct statement which applies to Network ACL

1. Operates at the subnet level (second layer of defense)
2. Supports allow rules and deny rules
3. Is stateless: Return traffic must be explicitly allowed by rules
4. process rules in number order when deciding whether to allow traffic
5. Automatically applies to all instances in the subnets it's associated with (backup layer of defense, so you don't have to rely on someone specifying
the security group)


: Select the correct statement which applies to Network ACL
1. 1,2,3,4
2. 1,2,4,5
 3. Access Mostly Uused Products by 50000+ Subscribers
4. 2,3,4,5
5. All are correct




Correct Answer : Get Lastest Questions and Answer :


Explanation: The following table summarizes the basic differences between security groups and network ACLs.
Security Group
Operates at the instance level (first layer of defense)
Supports allow rules only
Is stateful: Return traffic is automatically allowed, regardless of any rules
We evaluate all rules before deciding whether to allow traffic
Applies to an instance only if someone specifies the security group when launching the instance, or associates the security group with the instance later on


Network ACL
1. Operates at the subnet level (second layer of defense)
2. Supports allow rules and deny rules
3. Is stateless: Return traffic must be explicitly allowed by rules
4. process rules in number order when deciding whether to allow traffic
5. Automatically applies to all instances in the subnets it's associated with (backup layer of defense, so you don't have to rely on someone specifying
the security group)






Question : Is it possible to authorize access from an instance in an EC Security Group, to an instance in a DB Security Group?
: Is it possible to authorize access from an instance in an EC Security Group, to an instance in a DB Security Group?
1. Only if they belong to public subnets
2. Only if they both are in the same subnet
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Yes



Correct Answer : Get Lastest Questions and Answer :


Explanation: If you want to access your DB instance from an Amazon EC2 instance, you must first determine if your EC2 instance and DB instance are in a VPC. If you
are using a default VPC, you can assign the same EC2 or VPC security group that you used for your EC2 instance when you create or modify the DB instance
that the EC2 instance will access.

If your DB instance and EC2 instance are not in a VPC, you must configure the DB instances VPC Security Group controls access to a DB instance that resides
within a VPC.

Security groups Act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level

A DB security group controls network access to a DB instance that is not inside a VPC. By default, network access is turned off to a DB instance. You can
specify rules in a security group that allows access from an IP address range, port, or EC2 security group. Once ingress rules are configured, the same
rules apply to all DB instances that are associated with that security group. You can specify up to 20 rules in a security group.

If you are a new customer to Amazon RDS or if you are an existing customer who is using a new region, your DB instance is most likely in a default VPC. You
cannot use a DB security group for a DB instance inside a VPC you must create a VPC security group. For information on creating a VPC security group, see
Security Groups for Your VPC. To determine if you have a default VPC, see step 2 in the following procedure.



Related Questions

Question : You are working with an Health Care IT company, which had recently created new application for collecting Health Data of the patient using
Web UI. Hence, staff in hospital can view and upload health data. Now, you have to deploy this application on AWS. Hence, you made a public subnet and a
private subnet. You will be deploying web application in public subnet. What all you have to do to make any subnet as public subnet?
A. Set up an IGW (Internet Gateway) to VPC
B. Create a route in a route table which is attached to subnet which route the traffic to IGW
C. You have to select EC2 instances, which are specifically designed for public subnet.
D. You should disable the NACL setting on the subnet, so it can reach to internet.

 : You are working with an Health Care IT company, which had recently created new application for collecting Health Data of the patient using
1. A,B
2. B,C
3. Access Mostly Uused Products by 50000+ Subscribers
4. A,D
5. B,D


Question : You are migrating existing Web and App servers to the AWS from your on-premises network. However, before migrating you need to create a VPC
network in AWS. Hence, you created a VPC network. What else you will be having once, you created VPC


 : You are migrating existing Web and App servers to the AWS from your on-premises network. However, before migrating you need to create a VPC
1. It will create a default route table as well, which you can modify as per your need.

2. It will create 0 subnet, by default. You have to first create subnet in each AZ

 3. Access Mostly Uused Products by 50000+ Subscribers

4. It will create one private subnet in each AZ and also will launch default EC2 instances in each AZ.



Question : . You have a created a VPC in a region which has three AZ, now you will deploy your website which can gave Multi-AZ deployment. You will
have to which of the following, so that each subnet which are created by default in each AZ can communicate with each other
 : . You have a created a VPC in a region which has three AZ, now you will deploy your website which can gave Multi-AZ deployment. You will
1. You will attach new route table to each subnet, so that they can communicate with each other.

2. You have to have one IGW attached to VPC, so that all the instances can be created.

 3. Access Mostly Uused Products by 50000+ Subscribers

4. You don’t have to do anything as by default created subnet in each AZ can communicate with each other.



Question :

When you want to use CloudFront to distribute your content, you create a distribution and specify configuration settings such as:


 :
1. Configure the environment variables.
2. The number of files that you can serve per distribution.
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Your origin and you can specify any combination of up to 100 Amazon S3 buckets and/or HTTP servers as your origins.
Ans : 3
Exp : When you want to use CloudFront to distribute your content, you create a distribution and specify configuration settings such as:

Your origin, which is the Amazon S3 bucket or HTTP server from which CloudFront gets the files that it distributes. You can specify any combination
of
up to 10 Amazon S3 buckets and/or HTTP servers as your origins.

Whether you want the files to be available to everyone or you want to restrict access to selected users.

Whether you want CloudFront to require users to use HTTPS to access your content.

Whether you want CloudFront to forward cookies and/or query strings to your origin.

Whether you want CloudFront to prevent users in selected countries from accessing your content.

Whether you want CloudFront to create access logs.




Question : How many request per second can Amazon CloudFront handle?

:
1. 10,000
2. 100
1. 1000
2. 500
Ans : 3
Exp : Amazon CloudFront Limits
Data transfer rate 1,000 Mbps
Requests per second 1000
Web distributions per AWS account 200
RTMP distributions per AWS account 100
Alternate domain names (CNAMEs) per distribution 100
Origins per distribution 25
Cache behaviors per distribution 25
Whitelisted cookies per cache behavior 10
SSL certificates per AWS account when serving HTTPS requests using dedicated IP addresses (no limit when serving HTTPS requests using SNI) 0


Question : You have been designing a high availability solution in AWS, for your high traffic website. You had deployed your website in a region which
has three AZ (availability zone). You need at least 10 EC2 instances up at any time. How, would you plan your architecture, so that it is highly
available?


:
1. You will be having 10 server in each AZ, hence there will be 30 EC2 instances you will be launching.

2. You will be having 5 server in each AZ, hence in total you will be having 15 ec2 instances.

 3. Access Mostly Uused Products by 50000+ Subscribers

4. You will be having 10 instances in one AZ and 5-5 instances in other two. In total you will have 20 EC2 instances.



Question : You are working with the Arinika Bank, which already have their in house datacenter and entire IT and its banking is handled in that. You
have been recently hired for their new investment to develop mobile wallet. Also, it is decided to use AWS cloud and services provided by AWS cloud. For
storing wallet transactions you have to use services provided by AWS. Select the correct statement which applies correctly for this requirement.

A. For storing all the transactions through mobile wallet. You should consider using Amazon Redshift.
B. For storing all the transactions through mobile wallet. You should consider using Amazon RDS.
C. For storing all the transactions through mobile wallet. You should consider using Amazon Elastic Database.
D. For storing all the transactions through mobile wallet. You should consider using Amazon S3.
E. You should have kept this storage layer in public subnet. So that mobile application can connect it.
F. You should have kept this storage layer in private subnet.

: You are working with the Arinika Bank, which already have their in house datacenter and entire IT and its banking is handled in that. You
1. A,B
2. C,D
 3. Access Mostly Uused Products by 50000+ Subscribers
4. B,F
5. A,C


Question : You are working with the Arinika Bank, which already have their in house datacenter and entire IT and its banking is handled in that. You
have been recently hired for their new investment to develop mobile wallet. Also, it is decided to use AWS cloud and services provided by AWS cloud. You
have been asked to have commenting solutions implemented, where for each wallet transaction, user can send message and comment on it. These comments and
messages should be visible both the parties between transaction happened. Which of the following best suited for storing these messages and comments?
 : You are working with the Arinika Bank, which already have their in house datacenter and entire IT and its banking is handled in that. You
1. You should have used Amazon RDS

2. You should have used Amazon Redshift

 3. Access Mostly Uused Products by 50000+ Subscribers

4. You should have used Amazon S3 or RRS

5. Use custom installed Oracle DB in private subnet with BYOD