AWS SAP-C00 Certified Solution Architect Professional Exam Set 4

A user has configured EBS volume with PIOPS. The user is not experiencing the optimal throughput. Which of the following could not be factor affecting I/O performance of that EBS volume?


Options are :

  • EBS volume size (Correct)
  • Instance type is not EBS optimized
  • EC2 bandwidth
  • EBS bandwidth of dedicated instance exceeding the PIOPS

Answer : EBS volume size

What is the maximum length for a certificate ID in AWS IAM?


Options are :

  • 64 characters
  • 512 characters
  • 1024 characters
  • 128 characters (Correct)

Answer : 128 characters

If a single condition with in an IAM policy includes multiple values for one key, it will be evaluated using a logical.


Options are :

  • NOR
  • AND
  • OR (Correct)
  • NAND

Answer : OR

Attempts, one of the three types of items associated with the schedule pipeline in the AWS Data Pipeline in the AWS Data Pipeline, provides robust data management Which of the following statements is NOT true about Attempts?


Options are :

  • AWS Data Pipeline retries a failed operation until the count of retries reaches the maximum number of allowed retry attempts.
  • Attempts provide robust data management
  • AWS Data Pipeline Attempt objects track the various attempts, results, and failure reasons if applicable
  • An AWS Data Pipeline Attempt object compiles the pipeline components to create a set of actionable instances (Correct)

Answer : An AWS Data Pipeline Attempt object compiles the pipeline components to create a set of actionable instances

By default, temporary security credentials for an IAM user are valid for a maximum of 12 hours, but you can request a duration as long as hours.


Options are :

  • 48
  • 10
  • 36 (Correct)
  • 24

Answer : 36

How can a user list the IAM role configured as a part of the launch config?


Options are :

  • As-describe –launch- configs—show-long (Correct)
  • As-describe –launch- configs—iam-role
  • As-describe –launch- configs—iam-profile
  • As-describe –launch- configs—role

Answer : As-describe –launch- configs—show-long

Which statement is NOT true about a stack which has been created in a Virtual Private Cloud (VPC) in AWS OpsWorks?


Options are :

  • Your app and custom cookbook repositories should be accessible for all instances in the stack.
  • Al instances in the stack should have access to any package repositories that your operating system depends on, such as the Amazon Linux or Ubuntu Linux repositories.
  • Subnets whose instances can communicate only with other instances in the VPC and can not communicate directly with the internet are referred to as private subnets.
  • Subnets whose instances can not communicate with the internet are referred to as public subnets (Correct)

Answer : Subnets whose instances can not communicate with the internet are referred to as public subnets

In Amazon VPC , what is the default maximum number of BGP advertised routes allowed per route table?


Options are :

  • 5
  • 10
  • 15
  • 100 (Correct)

Answer : 100

An organization is planning to setup a management network on the AWS VPC. The organization is trying to secure the web server on a single VPC instance such that it allows the internet traffic as well as the backend managemenet traffic. The organization wants to make so that the back end management network interface can receive the SSH traffic only from a selected IP range, while the internet facing web server will have an IP address which can receive traffic from all the internet IPs. How can the organization achieve this by running web server on a single instance?


Options are :

  • The organization should create two network interfaces with separate subnets so one instance can have two subnets and the respective security groups for controlled access (Correct)
  • It is not possible to have two IP address for a single instance
  • The organization should create two network interfaces with the same subnet and security group assign separate IPs to each network interface.
  • The organization should launch an instance with two separate subnets using the same network interface which allows to have separate CIDR as well as security groups.

Answer : The organization should create two network interfaces with separate subnets so one instance can have two subnets and the respective security groups for controlled access

A user is planning to use EBS for his DB requirement. The user already has an EC2 instance running in the VPC private subnet. How can the user attach the EBS volume to a running instance?


Options are :

  • The user can specify the same subnet while creating EBS and then attach it to a running instance.
  • It is not possible to attach an EBS to an instance running in VPC until the instance is stopped.
  • The user can create EBS in the same zone as the subnet of instance and attach that EBS to instance. (Correct)
  • The user must create EBS with in the same VPC and then attach it to running instance.

Answer : The user can create EBS in the same zone as the subnet of instance and attach that EBS to instance.

With respect to AWS Lambda permissions model, at the time you create a Lambda function, you specify an IAM role that AWS Lambda can assume to execute your Lambda function on your behalf. This role is also referred to as the role.


Options are :

  • Configuration
  • Delegation
  • Execution (Correct)
  • Dependency

Answer : Execution

What happens when Dedicated instances are launched into a VPC?


Options are :

  • None of these are true.
  • If you launch an instance into a VPC that has an instance tenancy of dedicated, your instance is automatically a Dedicated instance, regardless of the tenancy of the instance. (Correct)
  • If you launch an instance into a VPC that has an instance tenancy of dedicated, your instance is created as a dedicated instance, only based on the tenancy of the instance.
  • If you launch an instance into a VPC that has an instance tenancy of dedicated, you must manually create a dedicated instance.

Answer : If you launch an instance into a VPC that has an instance tenancy of dedicated, your instance is automatically a Dedicated instance, regardless of the tenancy of the instance.

Do you need to use the cognates to use the Amazon mobile analytics service?


Options are :

  • No. however, it is recommend by the AWS to use Amazon cognates for security best practices. (Correct)
  • NO. You cannot use it at all, and you need to use AWS IAM accounts.
  • Yes. It is recommended by AWS to use Amazon mobile analytics service
  • Yes. You need to use it only if you have IAM root access.

Answer : No. however, it is recommend by the AWS to use Amazon cognates for security best practices.

You are trying to delete an SSL certificate from the IAM certificate store, and you are getting the message ?certificate: is being used by cloud front.? Which of the following statements is probably the reason why you are getting this error?


Options are :

  • Before you can delete an SSL certificate you need to set up https on your server.
  • You cannot delete SSL certificates. You need to request it from AWS.
  • Before you can delete an SSL certificate you need to either rotate SSL certificate or revert from using a custom SSL certificate or revert from using a custom SSL certificate to using the default cloud front certificate. (Correct)
  • Before you can delete an SSL certificate, you need to set up the appropriate access level in IAM.

Answer : Before you can delete an SSL certificate you need to either rotate SSL certificate or revert from using a custom SSL certificate or revert from using a custom SSL certificate to using the default cloud front certificate.

What is the network performance offered by the c4.8X large instance in Amazon EC2?


Options are :

  • 10 Gigabit (Correct)
  • 20 Gigabit
  • very high but variable
  • 5 Gigabit

Answer : 10 Gigabit

In the context of Amazon Elastic Cache CLI, which of the following commands can you use to view all Elastic Cache instance events for the past 24 hours?


Options are :

  • elasticache-events —duration 1440
  • elasticache-events --duration 24
  • elasticache-describe-events —duration 24
  • elasticache describe-events —source-type cache-cluster —duration 1440 (Correct)

Answer : elasticache describe-events —source-type cache-cluster —duration 1440

A government client needs you to set up secure cryptographic key storage for some of their extremely confidential data. You decide that the AWS cloud HSM is the best service for this. However there seem to be a few pre requisites before this can happen, one of those being a security group that has certain ports open. Which of the following is correct in regards to those security groups?


Options are :

  • A security group that has no ports open to your network.
  • A security group that has port 22(for SSH) or port 3389 (for RDP) open to your network. (Correct)
  • A security group that has only port 22(for SSH) open to your network.
  • A security group that has only port 3389(for RDP) open to your network.

Answer : A security group that has port 22(for SSH) or port 3389 (for RDP) open to your network.

In Amazon Cognito what is a silent push notification?


Options are :

  • It is a push message that is received by your application on a users device that will return the user‘s geolocation.
  • It is a push message that is received by your application on a users device that will return the user‘s authentication credentials.
  • It is a push message that is received by your application on a user‘s device that will not be heard by the usen
  • It is a push message that is received by your application on a users device that will not be seen by the usen (Correct)

Answer : It is a push message that is received by your application on a users device that will not be seen by the usen

When using Numeric Conditions within 1AM, short versions of the available comparators can be used instead of the more verbose versions. Which of the following is the short version of the? NumericConditionNumericLessThan Equalsm??


Options are :

  • numlteq (Correct)
  • numltequals
  • numeql
  • numlteql

Answer : numlteq

How does AWS Data Pipeline execute activities on on-premise resources or AWS resources that you manage?


Options are :

  • By supplying a Task Runner package that can be installed on your on-premise hosts (Correct)
  • By supplying a Task Runnerjson script that can be installed on your on-premise hosts
  • By supplying a Task Runner file that the resources can access for execution
  • None of these

Answer : By supplying a Task Runner package that can be installed on your on-premise hosts

Identify an application that pools AWS Direct Pipeline for tasks and then performs those tasks.


Options are :

  • A task deployer
  • A task executor
  • A task optimizer
  • A task runner (Correct)

Answer : A task runner

A user has created a VPC with CIDR 20.0.0.0/16. The user has created one subnet with CIDR 20.0.0.0/16 in this VPC. The user is trying to create another subnet with the same VPC for CIDR 20.0.0.1/24. What will happen in this scenario?


Options are :

  • The VPC will modify the first subnet CIDR automatically to allow the second subnet IP range
  • It is not possible to create a subnet with the same CIDR as VPC
  • The second subnet will be created
  • It will throw a CIDR overlaps error (Correct)

Answer : It will throw a CIDR overlaps error

AWS has launched T2 instances which come with CPU usage credit. An organization has a requirement which keeps an instance running for 24 hours. However, the organization has high usage only during 11 AM to 12 PM. The organization is planning to use a T2 small instance for this purpose. If the organization already has multiple instances running since Jan 2012, which of the below mentioned options should the organization implement while launching a T2 instance?


Options are :

  • While launching a T2 instance the organization must select EC2-VPC as the platform.
  • The organization must migrate to the EC2-VPC platform first before launching a T2 instance.
  • While launching a T2 instance the organization must create a new AWS account as this account does not have the EC2-VPC olatform.
  • Create a VPC and launch a T2 instance as part of one of the subnets of that VPC. (Correct)

Answer : Create a VPC and launch a T2 instance as part of one of the subnets of that VPC.

An organization is planning to use No SQL DB for its scalable data needs. The organization wants to host an application securely in AWS VPC. What action can be recommended to the organization?


Options are :

  • The organization should use a Dynamo DB while creating a table with in the public subnet.
  • The organization should use a Dynamo DB while creating a table with in a private subnet.
  • The organization should setup their own No SQL cluster on the AWS instance and configure route tables and subnets. (Correct)
  • The organization should only use a Dynamo DB because by default it is always a part of the default subnet provided by AWS.

Answer : The organization should setup their own No SQL cluster on the AWS instance and configure route tables and subnets.

You want to use Amazon red shift and you are planning to deploy dw1.8Xlarge nodes. What is the amount of nodes that you need to deploy with this kind of configuration?


Options are :

  • 3 (Correct)
  • 4
  • 1
  • 2

Answer : 3

Out of the striping options available for the EBS volumes, which one has the following disadvantage: Doubles the amount of I/O required from the instance to EBS compared to RAID 0, because you‘re mirroring all writes to a pair of volumes, limiting how much you can stripe.‘?


Options are :

  • Raid 0
  • Raid 2
  • RAID 1+0 (RAID 10) (Correct)
  • Raid 1

Answer : RAID 1+0 (RAID 10)

True or False: The Amazon Elastic Cache cluster are not available for use in VPC at this time.


Options are :

  • FALSE (Correct)
  • True, but they are available only on request
  • TRUE
  • True , but they are available only in the Gov Cloud

Answer : FALSE

In Amazon Red shift, how many slices does a dw2.8xlarge node have?


Options are :

  • 32 (Correct)
  • 2
  • 8
  • 16

Answer : 32

Regarding Identity and Access Management (IAM), Which type of special account belonging to your application allows your code to access Google services programmatically?


Options are :

  • Code account
  • OAuth
  • Simple Key
  • Service account (Correct)

Answer : Service account

Identify a true statement about using an lAM role to grant permissions to applications running on Amazon EC2 instances.


Options are :

  • When AWS credentials are rotated, developers have to update only the Amazon EC2 instance on which the password policy was applied and which uses their credentials.
  • When AWS credentials are rotated, you don‘t have to manage credentials and you don‘t have to worry about long-term security risks. (Correct)
  • When AWS credentials are rotated, developers have to update only the root Amazon EC2 instance that uses their credentials.
  • When AWS credentials are rotated, you must manage credentials and you should consider precautions for long-term security risks.

Answer : When AWS credentials are rotated, you don‘t have to manage credentials and you don‘t have to worry about long-term security risks.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions