Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

AWS Certified Solutions Architect - ProfessionalFree trial

By amazon

Verified

25Q per page

Question 126

Which statement is NOT true about a stack which has been created in a Virtual Private Cloud (VPC) in AWS OpsWorks?

A: Subnets whose instances cannot communicate with the Internet are referred to as public subnets.
B: Subnets whose instances can communicate only with other instances in the VPC and cannot communicate directly with the Internet are referred to as private subnets.
C: All instances in the stack should have access to any package repositories that your operating system depends on, such as the Amazon Linux or Ubuntu Linux repositories.
D: Your app and custom cookbook repositories should be accessible for all instances in the stack.

—

Question 127

An organization has hosted an application on the EC2 instances. There will be multiple users connecting to the instance for setup and configuration of application.
The organization is planning to implement certain security best practices.
Which of the below mentioned pointers will not help the organization achieve better security arrangement?

A: Allow only IAM users to connect with the EC2 instances with their own secret access key.
B: Create a procedure to revoke the access rights of the individual user when they are not required to connect to EC2 instance anymore for the purpose of application configuration.
C: Apply the latest patch of OS and always keep it updated.
D: Disable the password based login for all the users. All the users should use their own keys to connect with the instance securely.

—

Question 128

By default, temporary security credentials for an IAM user are valid for a maximum of 12 hours, but you can request a duration as long as _________ hours.

A: 24
B: 36
C: 10
D: 48

—

Question 129

What RAID method is used on the Cloud Block Storage back-end to implement a very high level of reliability and performance?

A: RAID 1 (Mirror)
B: RAID 5 (Blocks striped, distributed parity)
C: RAID 10 (Blocks mirrored and striped)
D: RAID 2 (Bit level striping)

—

Question 130

One of the AWS account owners faced a major challenge in June as his account was hacked and the hacker deleted all the data from his AWS account. This resulted in a major blow to the business.
Which of the below mentioned steps would not have helped in preventing this action?

A: Setup an MFA for each user as well as for the root account user.
B: Take a backup of the critical data to offsite / on premise.
C: Create an AMI and a snapshot of the data at regular intervals as well as keep a copy to separate regions.
D: Do not share the AWS access and secret access keys with others as well do not store it inside programs, instead use IAM roles.

—

Question 131

With Amazon Elastic MapReduce (Amazon EMR) you can analyze and process vast amounts of data. The cluster is managed using an open-source framework called Hadoop. You have set up an application to run Hadoop jobs. The application reads data from DynamoDB and generates a temporary file of 100 TBs.
The whole process runs for 30 minutes and the output of the job is stored to S3.
Which of the below mentioned options is the most cost effective solution in this case?

A: Use Spot Instances to run Hadoop jobs and configure them with EBS volumes for persistent data storage.
B: Use Spot Instances to run Hadoop jobs and configure them with ethereal storage for output file storage.
C: Use an on demand instance to run Hadoop jobs and configure them with EBS volumes for persistent storage.
D: Use an on demand instance to run Hadoop jobs and configure them with ephemeral storage for output file storage.

—

Question 132

A customer is deploying an SSL enabled web application to AWS and would like to implement a separation of roles between the EC2 service administrators that are entitled to login to instances as well as making API calls and the security officers who will maintain and have exclusive access to the application's X.509 certificate that contains the private key.

A: Upload the certificate on an S3 bucket owned by the security officers and accessible only by EC2 Role of the web servers.
B: Configure the web servers to retrieve the certificate upon boot from an CloudHSM is managed by the security officers.
C: Configure system permissions on the web servers to restrict access to the certificate only to the authority security officers
D: Configure IAM policies authorizing access to the certificate store only to the security officers and terminate SSL on an ELB.

—

Question 133

What does elasticity mean to AWS?

A: The ability to scale computing resources up easily, with minimal friction and down with latency.
B: The ability to scale computing resources up and down easily, with minimal friction.
C: The ability to provision cloud computing resources in expectation of future demand.
D: The ability to recover from business continuity events with minimal friction.

—

Question 134

In Amazon SNS, to send push notifications to mobile devices using Amazon SNS and ADM, you need to obtain the following, except:

A: Device token
B: Client ID
C: Registration ID
D: Client secret

—

Question 135

True or False: "In the context of Amazon ElastiCache, from the application's point of view, connecting to the cluster configuration endpoint is no different than connecting directly to an individual cache node."

A: True, from the application's point of view, connecting to the cluster configuration endpoint is no different than connecting directly to an individual cache node since, each has a unique node identifier.
B: True, from the application's point of view, connecting to the cluster configuration endpoint is no different than connecting directly to an individual cache node.
C: False, you can connect to a cache node, but not to a cluster configuration endpoint.
D: False, you can connect to a cluster configuration endpoint, but not to a cache node.

—

Question 136

An organization is setting up a highly scalable application using Elastic Beanstalk.
They are using Elastic Load Balancing (ELB) as well as a Virtual Private Cloud (VPC) with public and private subnets. They have the following requirements:

All the EC2 instances should have a private IP
All the EC2 instances should receive data via the ELB's.
Which of these will not be needed in this setup?

A: Launch the EC2 instances with only the public subnet.
B: Create routing rules which will route all inbound traffic from ELB to the EC2 instances.
C: Configure ELB and NAT as a part of the public subnet only.
D: Create routing rules which will route all outbound traffic from the EC2 instances through NAT.

—

Question 137

An EC2 instance that performs source/destination checks by default is launched in a private VPC subnet. All security, NACL, and routing definitions are configured as expected. A custom NAT instance is launched.
Which of the following must be done for the custom NAT instance to work?

A: The source/destination checks should be disabled on the NAT instance.
B: The NAT instance should be launched in public subnet.
C: The NAT instance should be configured with a public IP address.
D: The NAT instance should be configured with an elastic IP address.

—

Question 138

An organization has created multiple components of a single application for compartmentalization. Currently all the components are hosted on a single EC2 instance. Due to security reasons the organization wants to implement two separate SSLs for the separate modules although it is already using VPC.
How can the organization achieve this with a single instance?

A: You have to launch two instances each in a separate subnet and allow VPC peering for a single IP.
B: Create a VPC instance which will have multiple network interfaces with multiple elastic IP addresses.
C: Create a VPC instance which will have both the ACL and the security group attached to it and have separate rules for each IP address.
D: Create a VPC instance which will have multiple subnets attached to it and each will have a separate IP address.

—

Question 139

An organization is making software for the CIA in USA. CIA agreed to host the application on AWS but in a secure environment. The organization is thinking of hosting the application on the AWS GovCloud region. Which of the below mentioned difference is not correct when the organization is hosting on the AWS
GovCloud in comparison with the AWS standard region?

A: The billing for the AWS GovCLoud will be in a different account than the Standard AWS account.
B: GovCloud region authentication is isolated from Amazon.com.
C: Physical and logical administrative access only to U.S. persons.
D: It is physically isolated and has logical network isolation from all the other regions.

—

Question 140

How does in-memory caching improve the performance of applications in ElastiCache?

A: It improves application performance by deleting the requests that do not contain frequently accessed data.
B: It improves application performance by implementing good database indexing strategies.
C: It improves application performance by using a part of instance RAM for caching important data.
D: It improves application performance by storing critical pieces of data in memory for low-latency access.

—

Question 141

A user is thinking to use EBS PIOPS volume.
Which of the below mentioned options is a right use case for the PIOPS EBS volume?

A: Analytics
B: System boot volume
C: Mongo DB
D: Log processing

—

Question 142

How can a user list the IAM Role configured as a part of the launch config?

A: as-describe-launch-configs -iam-profile
B: as-describe-launch-configs -show-long
C: as-describe-launch-configs -iam-role
D: as-describe-launch-configs -role

—

Question 143

An organization is setting up a multi-site solution where the application runs on premise as well as on AWS to achieve the minimum recovery time objective(RTO).
Which of the below mentioned configurations will not meet the requirements of the multi-site solution scenario?

A: Configure data replication based on RTO.
B: Keep an application running on premise as well as in AWS with full capacity.
C: Setup a single DB instance which will be accessed by both sites.
D: Setup a weighted DNS service like Route 53 to route traffic across sites.

—

Question 144

The following are AWS Storage services? (Choose two.)

A: AWS Relational Database Service (AWS RDS)
B: AWS ElastiCache
C: AWS Glacier
D: AWS Import/Export

—

Question 145

Which of the following is true of an instance profile when an IAM role is created using the console?

A: The instance profile uses a different name.
B: The console gives the instance profile the same name as the role it corresponds to.
C: The instance profile should be created manually by a user.
D: The console creates the role and instance profile as separate actions.

—

Question 146

In the context of policies and permissions in AWS IAM, the Condition element is ____________.

A: crucial while writing the IAM policies
B: an optional element
C: always set to null
D: a mandatory element

—

Question 147

Which of the following is true while using an IAM role to grant permissions to applications running on Amazon EC2 instances?

A: All applications on the instance share the same role, but different permissions.
B: All applications on the instance share multiple roles and permissions.
C: Multiple roles are assigned to an EC2 instance at a time.
D: Only one role can be assigned to an EC2 instance at a time.

—

Question 148

When using string conditions within IAM, short versions of the available comparators can be used instead of the more verbose ones. streqi is the short version of the _______ string condition.

A: StringEqualsIgnoreCase
B: StringNotEqualsIgnoreCase
C: StringLikeStringEquals
D: StringNotEquals

—

Question 149

Attempts, one of the three types of items associated with the schedule pipeline in the AWS Data Pipeline, provides robust data management.
Which of the following statements is NOT true about Attempts?

A: Attempts provide robust data management.
B: AWS Data Pipeline retries a failed operation until the count of retries reaches the maximum number of allowed retry attempts.
C: An AWS Data Pipeline Attempt object compiles the pipeline components to create a set of actionable instances.
D: AWS Data Pipeline Attempt objects track the various attempts, results, and failure reasons if applicable.

—

Question 150

Select the correct statement about Amazon ElastiCache.

A: It makes it easy to set up, manage, and scale a distributed in-memory cache environment in the cloud.
B: It allows you to quickly deploy your cache environment only if you install software.
C: It does not integrate with other Amazon Web Services.
D: It cannot run in the Amazon Virtual Private Cloud (Amazon VPC) environment.

—

Page 6 of 41 • Questions 126-150 of 1019

←

4 5 6 7 8

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!