AWS SAP-C00 Certified Solution Architect Professional Exam Set 3

An organization is setting up a multi-site solution where the application runs on premise as well as on AWS to achieve the minimum recovery time objective (RTO). Which of the below mentioned configurations will not meet the requirements of the multi-site- solution scenario?


Options are :

  • Setup a weighted DNS service like route 53 to route traffic across sites.
  • Keep an application running on premise as well as in AWS with full capacity.
  • Configure data replication based on RTO
  • Setup a single DB instance which will be accessed by the both sites. (Correct)

Answer : Setup a single DB instance which will be accessed by the both sites.

In Amazon RDS for Postgre SQL, you can provision up to 3 TB storage and 30,000 IOPS per database instance. For a work load with 50% writes and 50 % reads running on a cr1.8xlarge instance, you can realize over 25,000 IOPS for Postgre SQL. How ever, by provisioning more than this limit, you may be able to achieve:


Options are :

  • Higher latency only
  • Lower latency and higher throughput (Correct)
  • Higher throughput only
  • Higher latency and lower throughput

Answer : Lower latency and higher throughput

You have been given the task to define multiple AWS Data Pipeline schedules for different activities in the same pipeline. Which of the following would successful y accomplish this task?


Options are :

  • Defining multiple pipeline definitions in your schedule objects file and associating the desired schedule to the correct activity via its schedule field
  • Defining multiple schedule objects in the schedule field
  • Defining multiple schedule objects in your pipeline definitions file and associating the desired schedule to the correct actMty via its schedule field (Correct)
  • Creating multiple pipeline definition files

Answer : Defining multiple schedule objects in your pipeline definitions file and associating the desired schedule to the correct actMty via its schedule field

AWS SOA-C00 Certified Sys Ops Administrator Associate Exam Set 2

AWS Direct Connect itself has NO specify resources for you to control access to. Therefore, there are no AWS Direct Connect Amazon Resource Names (ARNS) for you to use in an Identity and Access Management (IAM) policy. With that in mind, how is it possible to write a policy to control access to AWS Direct Connect actions?


Options are :

  • You can choose the name of the AWS Direct Connection as the resource
  • You can use an asterisk (*) as the resource (Correct)
  • You can have the resource name field blank
  • You can create a name for the resource

Answer : You can use an asterisk (*) as the resource

A user is thinking to use EBS PIOPS volume. Which of the below mentioned options is a rights use case for the PIOPS EBS volume?


Options are :

  • Analytics
  • System boot volume
  • Nllongo DB (Correct)
  • Log processing

Answer : Nllongo DB

An EC2 instance that performs source/destination checks by default is launched in a private VPC subnet. All security, NACL, and routing definitions are configured as expected. A custom NAT instance is launched.Which of the following must be done for the custom NAT instance to work?


Options are :

  • The NAT instance should be configured with an elastic IP address
  • The source/ destination checks should be disabled on the NAT instance (Correct)
  • The NAT instance should be launched in public subnet
  • The NAT instance should be configured with a public IP address

Answer : The source/ destination checks should be disabled on the NAT instance

Certification : Get AWS Certified Solutions Architect in 1 Day (2018 Update) Set 9

One of the AWS account owners faced a major challenge in june as his account was hacked and the hacker deleted all the data from his AWS account. This resulted in a major below to the business.Which of the below mentioned steps would not have helped in preventing this action?


Options are :

  • Take a backup of the critical data to offsite/on premise
  • Do not share the AWS access and secret access keys with others as well do not store it inside programs, instead use IAM roles.
  • Create an AMI and snapshot of the data at regular intervals as well as keep a copy to separate regions. (Correct)
  • Setup an MFA for each user as well as for root account user

Answer : Create an AMI and snapshot of the data at regular intervals as well as keep a copy to separate regions.

The user has provisioned the PIPOS volume with an EBS optimized instance. Generally speaking, in which I/O chunk should the bandwidth experienced by the user be measured by AWS?


Options are :

  • 32 KB
  • 256 KB (Correct)
  • 128 KB
  • 64 KB

Answer : 256 KB

Cognito Sync is an AWS service that you can use to synchronize user profile data across mobile devices without requiring your own backend. When the device is online, you can synchronize data. If you set up push sync, what does it allow you to do?


Options are :

  • Synchronize user profile data with less latency
  • Notify other devices immediately that an update is available (Correct)
  • Synchronize online data faster
  • Notify other devices that a user profile is available across multiple devices

Answer : Notify other devices immediately that an update is available

Certification : Get AWS Certified Solutions Architect in 1 Day (2018 Update) Set 5

Which of the following is true while using an IAM role to grant permissions to applications running on Amazon EC2 instances?


Options are :

  • Only one role can be assigned to an EC2 instance at a time (Correct)
  • Multiple roles are assigned to an EC2 instance at a time
  • All applications on the instance share multiple roles and permissions
  • All applications on the instance share the same role, but different permissions

Answer : Only one role can be assigned to an EC2 instance at a time

Exam Killer has three separate departments and each department has their own AWS accounts. The HR department has created a file sharing site where all the roll employees‘ s data is uploaded. The Admin department uploads data about the employee presence in the office to their DB hosted in the VPC. The Finanace department needs to access data from the HR department to know the on roll employees to calculate the salary based on the number of days that an employee is present in the office. How can Exam Killer setup scenario?


Options are :

  • It is not possible to configure VPC peering since each department has a separate AWS account.
  • Setup VPC peering for the VPCs of Admin and HR
  • Setup VPC peering for the VPCs of Finance HR as well as between the VPCs of Finance and Admin. (Correct)
  • Setup VPC peering for the VPCs of Admin and Finance.

Answer : Setup VPC peering for the VPCs of Finance HR as well as between the VPCs of Finance and Admin.

A bucket owner has allowed another account‘s IAM users to upload or access objects in his bucket. The IAM user of Account A is trying to access an object created by the IAM user of account B. What will happen in this scenario?


Options are :

  • AWS S3 will verify proper rights given by the owner of Account A, the bucket owner as well as by the IAM user B to the object (Correct)
  • It is not possible that the IAM user of one account accesses objects of the IAM user
  • The bucket policy may not be created as S3 will give error due to conflict of Access Rights
  • It is not possible to give permission to multiple IAM users

Answer : AWS S3 will verify proper rights given by the owner of Account A, the bucket owner as well as by the IAM user B to the object

Certification : Get AWS Certified Solutions Architect in 1 Day (2018 Update) Set 9

A user is trying to create a PIOPS EBS volume with 3 GB size and 90 IOPS. Will AWS create the volume?


Options are :

  • Yes, since PIOPS is higher than 100
  • Yes, since the ratio between EBS and IOPS is less than 30
  • No, since the PIOPS and EBS size ratio is less than 30
  • No, the EBS size is less than 4 GB (Correct)

Answer : No, the EBS size is less than 4 GB

Which of the following is true of an instance profile when an IAM role is created using the console?


Options are :

  • The instance profile should be created manually by a user
  • The console gives the instance profile the same name as the role it corresponds to (Correct)
  • The instance profile uses a different name
  • The console creates the role and instance profiles as separate actions

Answer : The console gives the instance profile the same name as the role it corresponds to

Which of the following cache engines does Amazon Elastic Cache support?


Options are :

  • Amazon Elastic Cache supports Memcached only.
  • Amazon Elastic Cache supports Redis and WinCache.
  • Amazon Elastic Cache supports Mem cached and Redis. (Correct)
  • Amazon Elastic Cache supports Memcached and Hazelcast.

Answer : Amazon Elastic Cache supports Mem cached and Redis.

Certification : Get AWS Certified Solutions Architect in 1 Day (2018 Update) Set 19

Select the correct statement about Amazon Elastic Cache.


Options are :

  • It makes it easy to set up, manage, and scale a distributed in –memory cache environment in the cloud (Correct)
  • It does not integrate with other Amazon Web Services
  • It can not run in the Amazon Virtual Private Cloud (Amazon VPC) environment.
  • It allows you to quickly deploy your cache environment only if you install software

Answer : It makes it easy to set up, manage, and scale a distributed in –memory cache environment in the cloud

An organization is making software for the CIA in USA. CIA agreed to host the application on the AWS Gov Cloud region . Which of the below mentioned difference is not correct when the organization is hosting on the AWS Gov Cloud in comparison with the AWS standard region?


Options are :

  • The billing for the AWS Gov Cloud will be in a different account than the standard AWS account (Correct)
  • Gov Cloud region authentication is isolated from Amazon.com
  • It is Physically isolated and has logical network isolation from all the other regions
  • Physical and logical administrative access only to U.S persons

Answer : The billing for the AWS Gov Cloud will be in a different account than the standard AWS account

In Amazon SNS, to send push notifications t mobile devices using Amazon SNS and ADM, you need to obtain the following , except:


Options are :

  • Client secret
  • Registration ID
  • Client ID
  • Device token (Correct)

Answer : Device token

AWS DVA-C00 Certified Developer Associate Practice Exam Set 2

An organization is setting up a highly scalable application using Elastic Beanstalk. They are using Elastic Load Balancing (ELB) as well as a virtual private cloud (VPC) with public and private subnets. They have the following requirements: . All the EC2 instances should have a private IP . All the EC2 instances should receive data via the ELB‘S. Which of these will not be needed in this setup?


Options are :

  • Configure ELB and NAT as a part of the public subnet only
  • Launch the EC2 instance with only the public subnet (Correct)
  • Create routing rules which will route all outbound traffic from the EC2 instances through NAT.
  • Create routing rules which will route all inbound traffic from ELB to the EC2 instances

Answer : Launch the EC2 instance with only the public subnet

With Amazon Elastic Map Reduce (Amazon EMR ) you can analyze and process vast amounts of data. This cluster is managed using an open-source framework called Hadoop. You have set up an application to run Hadoop jobs. The application reads data from Dynamo DB and generates a temporary file of 100 TBs. The whole process runs for 30 minutes and the output of the job is stored to S3. Which of the below mentioned options is the most cost effective solution in this case?


Options are :

  • Use an on demand instance to run Hadoop jobs and configure them with ephermal storage for output file storage.
  • Use Spot instances to run Hadoop jobs and configure them with ephermal storage for output file storage. (Correct)
  • Use Spot instances to run Hadoop jobs and configure them with EBS volumes for persistent data storage.
  • Use an on demand instance to run Hadoop jobs and configure them with EBS volumes for persistent storage.

Answer : Use Spot instances to run Hadoop jobs and configure them with ephermal storage for output file storage.

In the context of policies and permissions AWS IAM ,the condition element is ?


Options are :

  • Crucial while writing the IAM policies
  • Always set to null
  • An optional element (Correct)
  • A mandatory element

Answer : An optional element

Certification : Get AWS Certified Solutions Architect in 1 Day (2018 Update) Set 4

True or False: ?In the context of Amazon Elastic cache, from the application‘s point of view, connecting to the cluster configuration endpoint is no different than connecting directly to an individual cache node?


Options are :

  • False , you can connect to a cache node, but not to a cluster configuration endpoint.
  • True, from the application‘s point of view, connecting to the cluster configuration endpoint is no different than connecting directly to an individual cache node. (Correct)
  • True, from the application‘s point of view, connecting to the cluster configuration endpoint is no different than connecting directly to an individual cache node since, each has a unique node identifier.
  • False, you can connect to a cluster configuration endpoint, but not to a cache node.

Answer : True, from the application‘s point of view, connecting to the cluster configuration endpoint is no different than connecting directly to an individual cache node.

An organization has created multiple components of a single application for compartmentalization. Currently all the components are hosted on a single EC2 instance. Due to security reasons the organization wants to implement two separate SSLs for the separate modules although it is already using VPC. How can the organization achieve this with a single instance?


Options are :

  • You have to launch two instances each in a separate subnet and allow VPC peering for a single IP
  • Create a VPC instance which will have both the ACL and the security group attached to it and have separate rules for each IP address
  • Create a VPC instance which will have multiple subnets attached to it and each will have a separate IP address
  • Create a VPC instance which will have multiple network interfaces with multiple elastic IP addresses (Correct)

Answer : Create a VPC instance which will have multiple network interfaces with multiple elastic IP addresses

An organization has hosted an application on the EC2 instances. There will be multiple users connecting to the instance for setup and configuration of application. The organization is planning to implement certain security best practices Which of the below mentioned pointers will not help the organization achieve better security arrangement?


Options are :

  • Allow only IAM users to connect with the EC2 instances with their own secret access key. (Correct)
  • None
  • Apply the latest patch of OS and always keep it updated. Disable the password based login for all the users. All the use their own keys to connect with the instance securely.
  • Create a procedure to revoke the access rights of the individual user when they are not required to connect to EC2 instance any more for the purpose of application configuration.

Answer : Allow only IAM users to connect with the EC2 instances with their own secret access key.

Certification : Get AWS Certified Solutions Architect in 1 Day (2018 Update) Set 6

What types of identities do Amazon Cognito identity pools support?


Options are :

  • They support unauthenticated identities
  • They support neither authenticated nor unauthenticated identities.
  • They support only authenticated identities.
  • They support both authenticated unauthenticated identities. (Correct)

Answer : They support both authenticated unauthenticated identities.

An organization is planning to create a secure scalable application with AWS VPC and ELB. The organization has two instances already running and each instance has an ENI attached to it in addition to a primary network interface . The primary network interface and additional ENI both have an elastic IP attached to it. If those instances are registered with ELB and the organization wants ELB to send data to a particular EIP of the instance, how can they achieve this?


Options are :

  • The organization should ensure that the IP which required to receive the ELB traffic is attached to an additional ENI.
  • The organization should ensure that the IP which is required to receive the ELB traffic is attached to primary network interface. (Correct)
  • It is not possible to attach an instance with two ENI with ELB as it give an IP conflict error.
  • It is not possible to send data to particular IP as ELB will send to any one EIP.

Answer : The organization should ensure that the IP which is required to receive the ELB traffic is attached to primary network interface.

In Amazon Cognito, your mobile app authenticates with the Identity Provider (IDP) using the provider‘s SDK. Once the end user is authenticated with the IDP, the Oauth or Open ID Connect token returned from the IDP is passed by your app to Amazon Cognito, which returns a new for the user and set of temporary , limited- privilege credentials.


Options are :

  • Cognito Key Pair
  • Cognito API
  • Cognito SDK
  • Cognito ID (Correct)

Answer : Cognito ID

Certification : Get AWS Certified Solutions Architect in 1 Day (2018 Update) Set 12

How does in-memory caching improve the performance of applications in Elastic Cache?


Options are :

  • It improves application performance by deleting the requests that do not contain frequently accessed data
  • It improves application performance by using a part of instance RAM for caching important data
  • It improves application performance by storing critical pieces of data in memory for low-latency access (Correct)
  • It improves application performance by implementing good database indexing strategies

Answer : It improves application performance by storing critical pieces of data in memory for low-latency access

An organization is purchasing licensed software .The software licensed can be registered only to a specific MAC address .The Organization is going to host the software in the AWS.


Options are :

  • The organization should use VPC since VPC allows to configure the MAC address for each EC2 instance
  • It is not possible to have a fixed MAC address with AWS
  • The organization should use VPC with the private subnet and configure the MAC address with that subnet
  • The organization should use VPC with an elastic network interface which will have a fixed MAC address (Correct)

Answer : The organization should use VPC with an elastic network interface which will have a fixed MAC address

In IAM, which of the following is true of temporary security credentials?


Options are :

  • None of these are correct.
  • Once you issue temporary security credentials, they can not revoked. (Correct)
  • Once you issue temporary security credentials, they can be revoked only when the virtual MFA device is used.
  • Once you issue temporary security credentials, they can be revoked.

Answer : Once you issue temporary security credentials, they can not revoked.

AWS Develops Engineer Professional Practice Final File Exam Set 6

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions