AWS SAP-C00 Certified Solution Architect Professional Exam Set 5

A user is planning to host a highly available system on the AWS VPC. Which of the below mentioned statements I helpful in this scenario?


Options are :

  • Create two VPCs in two separate zones and setup failover with ELB such that if one VPC fails it will divert traffic to another VPC
  • Create VPC with only one private subnet and launch instances in different AZs using that subnet.
  • Create VPC with only one public subnet and launch instances in different AZs using that subnet.
  • Create VPC subnets in two separate availability zones and launch instances in different subnets. (Correct)

Answer : Create VPC subnets in two separate availability zones and launch instances in different subnets.

A user has set the IAM policy where it denies all requests if a request is not from IP 10.10.10.1/32. The other policy says allow all requests between 5 PM to 7 PM. What will happen when a user I requesting access from IP 55.109.10.12/32 at 6 PM?


Options are :

  • it will deny access (Correct)
  • it is not possible to set a policy based on the time or IP
  • It will allow access
  • IAM will throw an error for policy conflict

Answer : it will deny access

Certification : AWS Certified Solutions Architect Associate Practice Exams Set 7

A user is configuring My SQL RDS with PIOPS. What should be the minimum PIOPS that the user should provision?


Options are :

  • 500
  • 1000 (Correct)
  • 2000
  • 200

Answer : 1000

Exam Killer has created a multi-tenant Learning Management System (LMS). The application is hosted for five different tenants (clients) in the VPCs of the respective AWS accounts of the tenant. Exam killer wants to setup a centralized server which can connect with the LMS of each tenant upgrade if required. Exam Killer also wants to ensure that one tenant VPC should not be able to connect to the other tenant VPC for security reasons. How can Exam Killer setup this scenario?


Options are :

  • Exam Killer should setup VPC peering with all the VPCs peering each other but block the IPs from CIDR of the tenant VPCs to deny them.
  • Exam Killer has to setup one centralized VPC which will peer into all the other VPCs of the tenants. (Correct)
  • Exam Killer should setup0 all the VPCs meshed together with VPC peering for all VPCs.
  • Exam Killer should setup all the VPCs with the same CIDR but have a centralized VPC. This way only the centralized VPC can talk to the other VPCs using VPC peering.

Answer : Exam Killer has to setup one centralized VPC which will peer into all the other VPCs of the tenants.

With in an IAM policy , can you add an If Exists condition at the end of a Null condition?


Options are :

  • Yes, you can add an if exists condition at the end of a Null condition.
  • Yes, you can add an if exists condition at the end of a Null condition but not in all regions.
  • No, you can not add an if exists condition at the end of a Null condition. (Correct)
  • Yes, you can add an if exists condition at the end of a Null condition depending on the condition.

Answer : No, you can not add an if exists condition at the end of a Null condition.

Certification : Get AWS Certified Solutions Architect in 1 Day (2018 Update) Set 1

An organization has developed an application which provides a smarter shopping experience. They need to show a demonstration to various stakeholders who may not be able to access the in premise application so they decide to host a demo version of the application on AWS. Consequently they will need a fixed elastic IP attached automatically to the instance when it is launched. In this scenario which of the below mentioned options will not help assign the elastic IP automatically?


Options are :

  • Provide an elastic IP in the user data and setup a bootstrapping script which will fetch that elastic IP nad assign it to the instance.
  • Launch instance with VPC and assign an elastic IP to the primary network interface.
  • Create a controlling application which launches the instance and assigns the elastic IP based on the parameter provided when that instance is booted.
  • Write a script which will fetch the instance metadata on system boot and assign the public IP using that metadata. (Correct)

Answer : Write a script which will fetch the instance metadata on system boot and assign the public IP using that metadata.

Once the user has set Elastic Cache for an application and it is up and running, which services, does Amazon not provide for the user:


Options are :

  • The ability for client programs to automatically identify all of the nodes in a cache cluster, and to initiate and maintain connections to all of these nodes
  • Automating common administrative tasks such as failure detection and recovery, and software patching
  • Providing default Time To Live (TTL) in the AWS Elasticache Redis Implementation for different type of data (Correct)
  • Providing detailed monitoring metrics associated with your Cache Nodes, enabling you to diagnose and react to issues very quickly

Answer : Providing default Time To Live (TTL) in the AWS Elasticache Redis Implementation for different type of data

An organization is getting up RDS for their applications. The organization wants to secure RDS access with VPC. Which of the following options is not required while designing the RDS with VPC?


Options are :

  • The organization must create a subnet group with public and private subnets. Both the subnets can be in the same or separate AZ. (Correct)
  • The organization should keep minimum of one IP address in each subnet reserved for RDS failover.
  • If the organization is connecting RDS from the internet it must enable the VPC attributes DNS hostnames and DNS resolution.
  • The organization must create a subnet group with VPC using more than one subnet which are a part of separate AZs.

Answer : The organization must create a subnet group with public and private subnets. Both the subnets can be in the same or separate AZ.

Certification : Get AWS Certified Solutions Architect in 1 Day (2018 Update) Set 4

In the context of AWS Cloud Hardware Security Module(HSM), does your application need to reside in the same VPC as the Cloud HSM instance?


Options are :

  • No, but the sewer or instance on which your application and the HSNI client is running must have network (IP) reachability to the HSNI. (Correct)
  • No, but they must reside in the same Availability Zone.
  • No, but it should reside in same Availability Zone as the DB instance.
  • Yes, always

Answer : No, but the sewer or instance on which your application and the HSNI client is running must have network (IP) reachability to the HSNI.

Who is responsible for modifying the routing tables and networking ACLs in a VPC to ensure that a DB instance is reachable from other instances in the VPC?


Options are :

  • The owner of the AWS account (Correct)
  • The DB engine vendor
  • AWS administrator.
  • Amazon

Answer : The owner of the AWS account

Which of following lAM policy elements lets you specify an exception to a list of actions?


Options are :

  • NotException
  • Not Action (Correct)
  • ExceptionAction
  • Exception

Answer : Not Action

Certification : Get AWS Certified Solutions Architect in 1 Day (2018 Update) Set 3

A user is trying to create a PIOPS EBS volume with 4000 IOPS and 100 GB size. AWS does not allow the user to create this volume. What is the possible root cause for this?


Options are :

  • The maximum IOPS supported by EBS is 3000
  • The ratio between IOPS and the EBS volume is higher than 30 (Correct)
  • The ratio between IOPD and the EBS volume is lower than 50
  • PIOPS is supported for EBS higher than 500 GB size

Answer : The ratio between IOPS and the EBS volume is higher than 30

An organization is setting up a web application with the JEE stack. The application uses the JBoss app server and MY SQL DB. The application has a logging module which logs all the acts whenever a business function of the JEE application is called. The logging acts takes some time due to the large size of the log file. If the application wants to setup a scalable infrastructure which of the below mentioned options will help achieve this setup?


Options are :

  • create a separate module for logging and using SQS compartmentalize the module such that all calls to logging are asynchronous. (Correct)
  • Host logging and the app server on separate servers such that they are both in the same zone.
  • Host the log files on EBS with PIOPS which will have higher I/o
  • Host logging and the app server on the same instances so that the network latency will be shorter.

Answer : create a separate module for logging and using SQS compartmentalize the module such that all calls to logging are asynchronous.

Which of the following AWS services can be used to define alarms to trigger on a certain ac my, such as act my success, failure, or delay in AWS data pipeline?


Options are :

  • Amazon SQS
  • Amazon SNA (Correct)
  • Amazon code Deploy
  • Amazon SES.

Answer : Amazon SNA

AWS SAP-C00 Certified Solution Architect Professional Exam Set 2

You create a VPN connection , and your VPN device supports Border Gateway protocol (BGP). Which of the following should be specified to configure the VPN connection?


Options are :

  • Classless routing
  • Classfull routing
  • Dynamic routing (Correct)
  • Static routing

Answer : Dynamic routing

Can a Direct Connect Link be connected directly to the Internet?


Options are :

  • Yes, this can be done if you pay for it.
  • Yes, this can be only for certain regions.
  • No (Correct)
  • Yes

Answer : No

True or False: in Amazon elastic ache, you can use cache security groups to configure the cache clusters that are part of VPC .


Options are :

  • FALSE (Correct)
  • True, this is applicable only to cache clusters that are running in an Amazon VPC.
  • TRUE
  • True, but only when you configure the cache clusters using the cache security groups from the console navigation

Answer : FALSE

Certification : Get AWS Certified Solutions Architect in 1 Day (2018 Update) Set 14

In the context of lAM roles for Amazon EC2, which of the following NOT true about delegating permission to make API requests?


Options are :

  • You can specify the role when you launch your instances.
  • You cannot create an lAM role. (Correct)
  • You can have the application retrieve a set of temporary credentials and use them.
  • You can define which accounts or AWS services can assume the role.

Answer : You cannot create an lAM role.

IAM users do not have permissions to create Temporary Security Credentials for federated users and roles by default. In contrast, IAM user can call without the need of any special permissions.


Options are :

  • Get Federation Name
  • Get Federation Token
  • Get Session Token (Correct)
  • Get Session Name

Answer : Get Session Token

What is an average queue length recommended by AWS to achieve a lower latency for the 200 PIOPS EBS volume?


Options are :

  • 2
  • 4
  • 5
  • 1 (Correct)

Answer : 1

Certification : Get AWS Certified Solutions Architect in 1 Day (2018 Update) Set 10

To get started using AWS direct connect, in which of the following steps do you configuration border gateway protocol(BGP)?


Options are :

  • Create virtual interface (Correct)
  • Configuration redundant connections with AWS direct connect
  • Download router configuration
  • Complete the cross connect

Answer : Create virtual interface

A user is creating a PIOPS volume. What is the maximum ratio the user should configuration between PIOPS and the volume size?


Options are :

  • 5
  • 20
  • 10
  • 30 (Correct)

Answer : 30

What is a possible reason you would need to edit claims issued in a SAML token?


Options are :

  • The name identifier claim cannot be the same as the claim URI.
  • The name identifier claim must be the same as the user name stored in AD.
  • Authentication fails consistently
  • The name identifier claim cannot be the same as the username stored in AD. (Correct)

Answer : The name identifier claim cannot be the same as the username stored in AD.

AWS DVA-C01 Certified Developer Associate Practice Exam Set 5

You are setting up some EBS volumes for a customer who has requested a setup which includes a RAID (redundant array of inexpensive disks). AWS has some recommendations for RAID setups. Which RAID setup is not recommended for Amazon EBS?


Options are :

  • RAIDO only
  • RAID 5 and RAID 6 (Correct)
  • RAID 5 only
  • RAID 1 only

Answer : RAID 5 and RAID 6

Can provisioned IOPS be used on RDS instances launched in a VPC?


Options are :

  • Yes, they can be used only with MYSQL based instances.
  • Yes, they can be used for all RDS instances (Correct)
  • No
  • Yes, they can be used only with oracle based instances

Answer : Yes, they can be used for all RDS instances

In AWS lAM, which of the following predefined policy condition keys checks how long ago (in seconds) the MFA-validated security credentials making the request were issued using multi- factor authentication (MFA)?


Options are :

  • aws: Multi Factor Auth Last
  • aws: Multi Factor Auth Previous
  • aws: Multi Factor Auth Age (Correct)
  • aws: MFA Age

Answer : aws: Multi Factor Auth Age

Practice : AWS Certified Solutions Architect Associate

An organization is having a VPC for the HR department, and another VPC for the Admin department. The HR department requires access to all the instances running in the Admin VPC while the Admin department requires access to all the resources in the HR department. How can the organization setup this scenario?


Options are :

  • Setup ACL with both VPCs which will allow traffic from the CIDR of the other VPC.
  • It is not possible to connect resources of one VPC from another VPC
  • Setup the security group with each VPC which allows traffic from the CIDR of another VPC.
  • Setup VPC peering between the VPCs of Admin and HR (Correct)

Answer : Setup VPC peering between the VPCs of Admin and HR

An organization is planning to host a web application in the AWS VPC. The organization does not want to host a database in a public cloud due to statutory requirements. How can the organization setup in the scenario?


Options are :

  • The organization should use the public subnet for the app server and use RDS with a storage gateway to access as well as sync the data securely from the local data center.
  • The organization should plan the app server on the public subnet and use RDS with the private subnet for a secure data a operation.
  • The organization should plan the app server on the public subnet and database in a private subnet so it will not be in the public cloud.
  • The organization should plan the app server on the public subnet and database in the organization data center and connect them with the VPN gateway. (Correct)

Answer : The organization should plan the app server on the public subnet and database in the organization data center and connect them with the VPN gateway.

Mike is appointed as cloud consultant in exam killer.com. Exam Killer has the following VPCs set up in the US east region: A VPC with CIDR block 10.10.0.0/16, a subnet in that VPC with CIDR block 10.10.10/24 a VPC with CIDR block 10.40.0.0/16, a subnet in that VPC with block 10.40.1.0/24 Exam killer .com is trying to establish network connection between two subnets, a subnet with CIDR block 10.10.1.0/24 and another subnet with CIDR block 10.40.1.0/24. Which one of the following solutions should like recommend to Exam killer.com?


Options are :

  • Create a VPC peeing connection between both VPCs. (Correct)
  • Create 2 internet gateway, and attach one to each VPC.
  • Create 2 virtual private gateways and configuration one with each VPC
  • Create one EC2 instance in each subnet, assign Elastic IPs to both instances, and configuration a set up site to site VPN connection between both EC2 instances.

Answer : Create a VPC peeing connection between both VPCs.

AWS SCS-C01 Certified Security Speciality Practice Exam Set 5

What is the role of the poll for task action when it is called by a task runner in AWS data pipeline?


Options are :

  • It is used to inform AWS data pipeline of the outcome when the task runner completes a task.
  • It is used to receive a task to perform from AWS data pipeline (Correct)
  • It is used to retrieve the pipeline definition.
  • It is used to report the progress of the task runner to AWS data pipeline

Answer : It is used to receive a task to perform from AWS data pipeline

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions