Free preview mode
Enjoy the free questions and consider upgrading to gain full access!
AWS Certified Solutions Architect - Professional
Free trial
Verified
Question 51
An organization is setting a website on the AWS VPC. The organization has blocked a few IPs to avoid a D-DOS attack.
How can the organization configure that a request from the above mentioned IPs does not access the application instances?
- A: Create an IAM policy for VPC which has a condition to disallow traffic from that IP address.
- B: Configure a security group at the subnet level which denies traffic from the selected IP.
- C: Configure the security group with the EC2 instance which denies access from that IP address.
- D: Configure an ACL at the subnet which denies the traffic from that IP address.
Question 52
An organization has 4 people in the IT operations team who are responsible to manage the AWS infrastructure. The organization wants to setup that each user will have access to launch and manage an instance in a zone which the other user cannot modify.
Which of the below mentioned options is the best solution to set this up?
- A: Create four AWS accounts and give each user access to a separate account.
- B: Create an IAM user and allow them permission to launch an instance of a different sizes only.
- C: Create four IAM users and four VPCs and allow each IAM user to have access to separate VPCs.
- D: Create a VPC with four subnets and allow access to each subnet for the individual IAM user.
Question 53
An organization is planning to host an application on the AWS VPC. The organization wants dedicated instances. However, an AWS consultant advised the organization not to use dedicated instances with VPC as the design has a few limitations.
Which of the below mentioned statements is not a limitation of dedicated instances with VPC?
- A: All instances launched with this VPC will always be dedicated instances and the user cannot use a default tenancy model for them.
- B: It does not support the AWS RDS with a dedicated tenancy VPC.
- C: The user cannot use Reserved Instances with a dedicated tenancy model.
- D: The EBS volume will not be on the same tenant hardware as the EC2 instance though the user has configured dedicated tenancy.
Question 54
In which step of using AWS Direct Connect should the user determine the required port speed?
- A: Complete the Cross Connect
- B: Verify Your Virtual Interface
- C: Download Router Configuration
- D: Submit AWS Direct Connect Connection Request
Question 55
Your application is using an ELB in front of an Auto Scaling group of web/application servers deployed across two AZs and a Multi-AZ RDS Instance for data persistence.
The database CPU is often above 80% usage and 90% of I/O operations on the database are reads. To improve performance you recently added a single-node
Memcached ElastiCache Cluster to cache frequent DB query results. In the next weeks the overall workload is expected to grow by 30%.
Do you need to change anything in the architecture to maintain the high availability or the application with the anticipated additional load? Why?
- A: Yes, you should deploy two Memcached ElastiCache Clusters in different AZs because the RDS instance will not be able to handle the load if the cache node fails.
- B: No, if the cache node fails you can always get the same data from the DB without having any availability impact.
- C: No, if the cache node fails the automated ElastiCache node recovery feature will prevent any availability impact.
- D: Yes, you should deploy the Memcached ElastiCache Cluster with two nodes in the same AZ as the RDS DB master instance to handle the load if one cache node fails.
Question 56
In Amazon IAM, what is the maximum length for a role name?
- A: 128 characters
- B: 512 characters
- C: 64 characters
- D: 256 characters
Question 57
A user is planning to host a web server as well as an app server on a single EC2 instance which is a part of the public subnet of a VPC.
How can the user setup to have two separate public IPs and separate security groups for both the application as well as the web server?
- A: Launch VPC with two separate subnets and make the instance a part of both the subnets.
- B: Launch a VPC instance with two network interfaces. Assign a separate security group and elastic IP to them.
- C: Launch a VPC instance with two network interfaces. Assign a separate security group to each and AWS will assign a separate public IP to them.
- D: Launch a VPC with ELB such that it redirects requests to separate VPC instances of the public subnet.
Question 58
You have subscribed to the AWS Business and Enterprise support plan.
Your business has a backlog of problems, and you need about 20 of your IAM users to open technical support cases.
How many users can open technical support cases under the AWS Business and Enterprise support plan?
- A: 5 users
- B: 10 users
- C: Unlimited
- D: 1 user
Question 59
While implementing the policy keys in AWS Direct Connect, if you use and the request comes from an Amazon EC2 instance, the instance's public IP address is evaluated to determine if access is allowed.
- A: aws:SecureTransport
- B: aws:EpochIP
- C: aws:SourceIp
- D: aws:CurrentTime
Question 60
How many g2.2xlarge on-demand instances can a user run in one region without taking any limit increase approval from AWS?
- A: 20
- B: 2
- C: 5
- D: 10
Question 61
A user has created a MySQL RDS instance with PIOPS. Which of the below mentioned statements will help user understand the advantage of PIOPS?
- A: The user can achieve additional dedicated capacity for the EBS I/O with an enhanced RDS option
- B: It uses a standard EBS volume with optimized configuration the stacks
- C: It uses optimized EBS volumes and optimized configuration stacks
- D: It provides a dedicated network bandwidth between EBS and RDS
Question 62
A user authenticating with Amazon Cognito will go through a multi-step process to bootstrap their credentials.
Amazon Cognito has two different flows for authentication with public providers.
Which of the following are the two flows?
- A: Authenticated and non-authenticated
- B: Public and private
- C: Enhanced and basic
- D: Single step and multistep
Question 63
Which of the following is the Amazon Resource Name (ARN) condition operator that can be used within an Identity and Access Management (IAM) policy to check the case-insensitive matching of the ARN?
- A: ArnCheck
- B: ArnMatch
- C: ArnCase
- D: ArnLike
Question 64
An organization is creating a VPC for their application hosting. The organization has created two private subnets in the same AZ and created one subnet in a separate zone.
The organization wants to make a HA system with the internal ELB.
Which of these statements is true with respect to an internal ELB in this scenario?
- A: ELB can support only one subnet in each availability zone.
- B: ELB does not allow subnet selection; instead it will automatically select all the available subnets of the VPC.
- C: If the user is creating an internal ELB, he should use only private subnets.
- D: ELB can support all the subnets irrespective of their zones.
Question 65
In Amazon ElastiCache, the failure of a single cache node can have an impact on the availability of your application and the load on your back-end database while
ElastiCache provisions a replacement for the failed cache node and it get repopulated.
Which of the following is a solution to reduce this potential availability impact?
- A: Spread your memory and compute capacity over fewer number of cache nodes, each with smaller capacity.
- B: Spread your memory and compute capacity over a larger number of cache nodes, each with smaller capacity.
- C: Include fewer number of high capacity nodes.
- D: Include a larger number of cache nodes, each with high capacity.
Question 66
An ERP application is deployed across multiple AZs in a single region. In the event of failure, the Recovery Time Objective (RTO) must be less than 3 hours, and the Recovery Point Objective (RPO) must be 15 minutes. The customer realizes that data corruption occurred roughly 1.5 hours ago.
What DR strategy could be used to achieve this RTO and RPO in the event of this kind of failure?
- A: Take hourly DB backups to S3, with transaction logs stored in S3 every 5 minutes.
- B: Use synchronous database master-slave replication between two availability zones.
- C: Take hourly DB backups to EC2 Instance store volumes with transaction logs stored In S3 every 5 minutes.
- D: Take 15 minute DB backups stored In Glacier with transaction logs stored in S3 every 5 minutes.
Question 67
MapMySite is setting up a web application in the AWS VPC. The organization has decided to use an AWS RDS instead of using its own DB instance for HA and
DR requirements.
The organization also wants to secure RDS access.
How should the web application be setup with RDS?
- A: Create a VPC with one public and one private subnet. Launch an application instance in the public subnet while RDS is launched in the private subnet.
- B: Setup a public and two private subnets in different AZs within a VPC and create a subnet group. Launch RDS with that subnet group.
- C: Create a network interface and attach two subnets to it. Attach that network interface with RDS while launching a DB instance.
- D: Create two separate VPCs and launch a Web app in one VPC and RDS in a separate VPC and connect them with VPC peering.
Question 68
When does an AWS Data Pipeline terminate the AWS Data Pipeline-managed compute resources?
- A: AWS Data Pipeline terminates AWS Data Pipeline-managed compute resources every 2 hours.
- B: When the final activity that uses the resources is running
- C: AWS Data Pipeline terminates AWS Data Pipeline-managed compute resources every 12 hours.
- D: When the final activity that uses the resources has completed successfully or failed
Question 69
What bandwidths do AWS Direct Connect currently support?
- A: 10Mbps and 100Mbps
- B: 10Gbps and 100Gbps
- C: 100Mbps and 1Gbps
- D: 1Gbps and 10 Gbps
Question 70
The Principal element of an IAM policy refers to the specific entity that should be allowed or denied permission, whereas the translates to everyone except the specified entity.
- A: NotPrincipal
- B: Vendor
- C: Principal
- D: Action
Question 71
Doug has created a VPC with CIDR 10.201.0.0/16 in his AWS account. In this VPC he has created a public subnet with CIDR block 10.201.31.0/24.
While launching a new EC2 from the console, he is not able to assign the private IP address 10.201.31.6 to this instance.
Which is the most likely reason for this issue?
- A: Private address IP 10.201.31.6 is currently assigned to another interface
- B: Private IP address 10.201.31.6 is reserved by Amazon for IP networking purposes.
- C: Private IP address 10.201.31.6 is blocked via ACLs in Amazon infrastructure as a part of platform security.
- D: Private IP address 10.201.31.6 is not part of the associated subnet's IP address range.
Question 72
A user is configuring MySQL RDS with PIOPS. What should be the minimum size of DB storage provided by the user?
- A: 1 TB
- B: 50 GB
- C: 5 GB
- D: 100 GB
Question 73
The Statement element, of an AWS IAM policy, contains an array of individual statements. Each individual statement is a(n) _________ block enclosed in braces
.
- A: XML
- B: JavaScript
- C: JSON
- D: AJAX
Question 74
If no explicit deny is found while applying IAM's Policy Evaluation Logic, the enforcement code looks for any ______ instructions that would apply to the request.
- A: "cancel"
- B: "suspend"
- C: "allowג€
- D: "valid"
Question 75
An organization is hosting a scalable web application using AWS. The organization has configured ELB and Auto Scaling to make the application scalable.
Which of the below mentioned statements is not required to be followed for ELB when the application is planning to host a web application on VPC?
- A: The ELB and all the instances should be in the same subnet.
- B: Configure the security group rules and network ACLs to allow traffic to be routed between the subnets in the VPC.
- C: The internet facing ELB should have a route table associated with the internet gateway.
- D: The internet facing ELB should be only in a public subnet.
Free preview mode
Enjoy the free questions and consider upgrading to gain full access!