AWS SOA-C00 Certified Sys Ops Administrator Associate Exam Set 1

Which services allow the customer to retain full administrative privileges of the underlying EC2 instances?


Options are :

  • 1 Amazon Elastic cache
  • Amazon Elastic Map Reduce
  • Amazon Relational Database service
  • AWS Elastic Beanstalk
  • Elastic Load Balancing (Correct)

Answer : Elastic Load Balancing

Certification : Get AWS Certified Solutions Architect in 1 Day (2018 Update) Set 11

Your company Is moving towards tracking web page users with a small tracking Image loaded on each page Currently you are serving this image out of US-East, but are starting to get concerned about the time It takes to load the image for users on the west coast. What are the two best ways to speed up serving this image?


Options are :

  • Serve the image out through Cloud Front
  • Use EBS PIOPs to serve the image faster out of your EC2 instances
  • Use Route 53?s Latency Based Routing and serve the image out of US-West-2 as well as US- East-I (Correct)
  • Serve the image out of S3 so that it isn?t being served oft of your web application tier

Answer : Use Route 53?s Latency Based Routing and serve the image out of US-West-2 as well as US- East-I

You have a web application leveraging an Elastic Load Balancer (ELB) In front of the web servers deployed using an Auto Scaling Group Your database is running on Relational Database Service (ROS) The application serves out technical articles and responses to them in general there are more views of an article than there are responses to the article. On occasion, an article on the site becomes extremely popular resulting in significant traffic Increases that causes the site to go down. What could you do to help alleviate the pressure on the infrastructure while maintaining availability during these events? ((Choose 3 answers))


Options are :

  • Use SOS to queue up the requests for the technical posts and deliver them out of the queue.
  • Add RDS read-replicas for the read traffic going to your relational database
  • Use Route53 health checks to fail over to an S3 bucket for an error page (Correct)
  • Leverage Cloud Front for the delivery of the articles. (Correct)
  • Leverage Elastic Cache for caching the most frequently used data. (Correct)

Answer : Use Route53 health checks to fail over to an S3 bucket for an error page Leverage Cloud Front for the delivery of the articles. Leverage Elastic Cache for caching the most frequently used data.

When an EC2 EBS-backed (EBS root) instance is stopped, what happens to the data on any ephemeral store volumes?


Options are :

  • Data will be deleted and win no longer be accessible
  • Data is unavailable until the instance is restarted (Correct)
  • Data Is automatically saved in an EBS volume
  • Data Is automatically saved as an E8S snapshot

Answer : Data is unavailable until the instance is restarted

AWS SOA-C00 Certified Sys Ops Administrator Associate Exam Set 3

An organization has created 5 IAM users. The organization wants to give them the same login ID but different passwords. How can the organization achieve this?


Options are :

  • The organization should create various groups and add each user with the same login ID to different groups. The user can login with their own group ID
  • It is not possible to have the same login ID for multiple IAM users of the same account (Correct)
  • The organization should create a separate login ID but give the IAM users the same alias so that each one can login with their alias
  • The organization should create each user in a separate region so that they have their own URL to login

Answer : It is not possible to have the same login ID for multiple IAM users of the same account

Your team Is excited about the use of AWS because now they have access to programmable Infrastructure? You have been asked to manage your AWS infrastructure In a manner similar to the way you might manage application code You want to be able to deploy exact copies of different versions of your infrastructure, stage changes into different environments, revert back to previous versions, and identify what versions are running at any particular time (development test QA. production). Which approach addresses this requirement?


Options are :

  • Use cost allocation reports and AWS Ops works to deploy and manage your infrastructure.
  • Use AWS Cloud Watch metrics and alerts along with resource tagging to deploy and manage your infrastructure. (Correct)
  • Use AWS Beanstalk and a version control system like GIT to deploy and manage your infrastructure.
  • Use AWS Cloud Formation and a version control system like GIT to deploy and manage your infrastructure.

Answer : Use AWS Cloud Watch metrics and alerts along with resource tagging to deploy and manage your infrastructure.

When creation of an EBS snapshot Is initiated but not completed the EBS volume?


Options are :

  • Can be used while me snapshot Is in progress (Correct)
  • Cannot Dc detached or attached to an EC2 instance until me snapshot completes
  • Cannot be used until the snapshot completes
  • Can be used in read-only mode while me snapshot is in progress

Answer : Can be used while me snapshot Is in progress

Certification : Get AWS Certified Solutions Architect in 1 Day (2018 Update) Set 15

What would happen to an RDS (Relational Database Service) multi-Availability Zone deployment of the primary OB instance fails?


Options are :

  • A new DB instance is created in the standby availability zone
  • The IP of the primary DB instance is switched to the standby OB instance
  • The canonical name record (CNAME) is changed from primary to standby
  • The RDS (Relational Database Service) DB instance reboots (Correct)

Answer : The RDS (Relational Database Service) DB instance reboots

If you want to launch Amazon Elastic Compute Cloud (EC2) Instances and assign each Instance a predetermined private IP address you should?


Options are :

  • Launch the Instance from a private Amazon Machine image (Mu)
  • Launch the instances in the Amazon virtual Private Cloud (VPC). (Correct)
  • Launch the instances in a Placement Group
  • Use standard EC2 instances since each instance gets a private Domain Name Service (DNS) already
  • Assign a group or sequential Elastic IP address to the instances

Answer : Launch the instances in the Amazon virtual Private Cloud (VPC).

When assessing an organization s use of AWS API access credentials which of the following three credentials should be evaluated? ((Choose 3 answers))


Options are :

  • Access keys (Correct)
  • Key pairs (Correct)
  • Signing certificates (Correct)
  • Console passwords
  • Security Group memberships

Answer : Access keys Key pairs Signing certificates

Certification : Get AWS Certified Solutions Architect in 1 Day (2018 Update) Set 11

You have decided to change the Instance type for instances running In your application tier that are using Auto Scaling. In which area below would you change the instance type definition?


Options are :

  • Auto Scaling group (Correct)
  • Auto Scaling launch configuration
  • Auto Scaling tags
  • Auto Scaling policy

Answer : Auto Scaling group

You have been asked to propose a multi-region deployment of a web-facing application where a controlled portion of your traffic is being processed by an alternate region. Which configuration would achieve that goal?


Options are :

  • Elastic Load Balancing with health checks enabled (Correct)
  • Route53 record sets with weighted routing policy
  • Route53 record sets with latency based routing policy
  • Auto Scaling with scheduled scaling actions set

Answer : Elastic Load Balancing with health checks enabled

You have been asked to automate many routine systems administrator backup and recovery activities Your current plan is to leverage AWS-managed solutions as much as possible and automate the rest with the AWS CU and scripts. Which task would be best accomplished with a script?


Options are :

  • Automatically add Auto Scaled EC2 instances to an Amazon Elastic Load Balancer
  • Automatically detect and stop unused or underutilized EC2 instances (Correct)
  • Creating daily ROS snapshots with a monthly rotation of snapshots
  • Creating daily EBS snapshots with a monthly rotation of snapshots

Answer : Automatically detect and stop unused or underutilized EC2 instances

Certification : Get AWS Certified Solutions Architect in 1 Day (2018 Update) Set 19

How can the domain?s zone apex for example “my zone apex domain com? be pointed towards an Elastic Load Balancer?


Options are :

  • By using an Amazon Route 53 CNAME record (Correct)
  • By using an A record
  • By using an AAAA record
  • By using an Amazon Route 53 Alias record

Answer : By using an Amazon Route 53 CNAME record

What is a placement group?


Options are :

  • A collection of Elastic Load Balancers in the same Region or Availability Zone (Correct)
  • Feature that enables EC2 instances to interact with each other via nigh bandwidth, low latency connections
  • A collection of Auto Scaling groups in the same Region
  • A collection of authorized Cloud Front edge locations for a distribution

Answer : A collection of Elastic Load Balancers in the same Region or Availability Zone

A user is planning to evaluate AWS for their internal use. The user does not want to incur any charge on his account during the evaluation. Which of the below mentioned AWS services would incur a charge if used?


Options are :

  • AWS S3 with 1 GB of storage
  • AWS ELB running 24 hours a day
  • AWS PIOPS volume of 10 GB size (Correct)
  • AWS micro instance running 24 hours daily

Answer : AWS PIOPS volume of 10 GB size

AWS SAP-C00 Certified Solution Architect Professional Exam Set 2

Your entire AWS infrastructure lives inside of one Amazon VPC You have an Infrastructure monitoring application running on an Amazon instance in availability Zone (AZ) A of the region, and another application instance running in AZ B. The monitoring application needs to make use of ICMP ping to confirm network reach ability of the instance hosting the application. Can you configure the security groups for these instances to only allow the ICMP ping to pass from the monitoring instance to the application instance and nothing else&? If so hoe. No Two instances in two different ?


Options are :

  • Z can?t talk directly to each other via ICMP ping as that protocol is not allowed across subnet (rebroadcast) boundaries
  • Yes, Both the monitoring instance?s security group and the application instances security group need to allow both inbound and outbound ICMP ping packets since ICMP is not a connection- oriented protocol (Correct)
  • Yes Both the monitoring instance and the application instance have to be a part of the same security group, and that security group needs to allow inbound ICMP
  • Yes, The security group for the monitoring instance needs to allow outbound ICMP and the application instance?s security group needs to allow Inbound ICMP

Answer : Yes, Both the monitoring instance?s security group and the application instances security group need to allow both inbound and outbound ICMP ping packets since ICMP is not a connection- oriented protocol

An organization has created 50 IAM users. The organization has introduced a new policy which will change the access of an IAM user. How can the organization implement this effectively so that there is no need to apply the policy at the individual user level?


Options are :

  • Add each user to the IAM role as per their organization role to achieve effective policy setup
  • Use the IAM groups and add users as per their role to different groups and apply policy to group (Correct)
  • The user can create a policy and apply it to multiple users in a single go with the AWS CLI
  • Use the IAM role and implement access at the role level

Answer : Use the IAM groups and add users as per their role to different groups and apply policy to group

You need to design a VPC for a web-application consisting of an Elastic Load Balancer (ELB). a fleet of web/application servers, and an RDS database The entire Infrastructure must be distributed over 2 availability zones. Which VPC configuration works while assuring the database is not available from the Internet?


Options are :

  • Two public subnets for ELB two public subnets for the web-servers, and two public subnets for RDS
  • One public subnet for ELB two private subnets for the web-servers, two private subnets for RDS
  • One public subnet for ELB one public subnet for the web-servers, and one private subnet for the database (Correct)
  • Two public subnets for ELB two private subnets for the web-servers and two subnets for RDS

Answer : One public subnet for ELB one public subnet for the web-servers, and one private subnet for the database

Certification : AWS Certified Solutions Architect Associate Practice Exams Set 5

You have set up Individual AWS accounts for each project. You have been asked to make sure your AWS Infrastructure costs do not exceed the budget set per project for each month. Which of the following approaches can help ensure that you do not exceed the budget each month?


Options are :

  • Set up Cloud Watch billing alerts for all AWS resources used by each project, with a notification occurring when the amount for each resource tagged to a particular project matches the budget allocated to the project. (Correct)
  • Set up auto scaling with Cloud Watch alarms using SNS to notify you when you are running too many Instances in a given account
  • Set up Cloud Watch billing alerts for all AWS resources used by each account, with email notifications when it hits 50%. 80% and 90% of its budgeted monthly spend
  • Consolidate your accounts so you have a single bill for all accounts and projects

Answer : Set up Cloud Watch billing alerts for all AWS resources used by each project, with a notification occurring when the amount for each resource tagged to a particular project matches the budget allocated to the project.

You are using Elastic Cache Memo cached to store session state and cache database queries in your infrastructure You notice in Cloud Watch that Evictions and Get Misses are Doth very high. What two actions could you take to rectify this?


Options are :

  • Increase the number of nodes in your cluster
  • Shrink the number of nodes in your cluster
  • Increase the size of the nodes in the duster
  • Tweak the max-item-size parameter (Correct)

Answer : Tweak the max-item-size parameter

You are running a web-application on AWS consisting of the following components an Elastic Load Balancer (ELB) an Auto-Scaling Group of EC2 instances running Linux/PHP/Apache, and Relational Data Base Service (RDS) My SQL. Which security measures fall into AWSs responsibility?


Options are :

  • nstall latest security patches on ELB. RDS and EC2 instances
  • Protect the EC2 instances against unsolicited access by enforcing the principle of least privilege access
  • Protect against IP spoofing or packet sniffing (Correct)
  • Assure all communication between EC2 instances and ELB is encrypted

Answer : Protect against IP spoofing or packet sniffing

AWS Solutions Architect Associate 2019 with Practice Test Set 1

You have a web-style application with a stateless but CPU and memory-intensive web tier running on a cc2 8xlarge EC2 instance inside of a VPC The instance when under load is having problems returning requests within the SLA as defined by your business The application maintains its state in a Dynamo DB table, but the data tier is properly provisioned and responses are consistently fast. How can you best resolve the issue of the application responses not meeting your SLA?


Options are :

  • Move the database from Dynamo DB to RDS My SQL in scale-out read-replica configuration
  • Add another cc2 8xlarge application instance, and put both behind an Elastic Load Balancer
  • Move the cc2 8xlarge to the same Availability Zone as the Dynamo DB table (Correct)
  • Cache the database responses in Elastic Cache for more rapid access

Answer : Move the cc2 8xlarge to the same Availability Zone as the Dynamo DB table

An organizations security policy requires multiple copies of all critical data to be replicated across at least a primary and backup data center. The organization has decided to store some critical data on Amazon S3. Which option should you implement to ensure this requirement is met?


Options are :

  • Use the S3 copy API to replicate data between two S3 buckets in different regions
  • Use the S3 copy API to replicate data between two S3 buckets in different facilities within an AWS Region (Correct)
  • You do not need to implement anything since S3 data is automatically replicated between multiple facilities within an AWS Region
  • You do not need to implement anything since S3 data is automatically replicated between regions

Answer : Use the S3 copy API to replicate data between two S3 buckets in different facilities within an AWS Region

An application that you are managing has EC2 instances & Dynamo OB tables deployed to several AWS Regions In order to monitor the performance of the application globally, you would like to see two graphs 1) Avg CPU Utilization across all EC2 instances and 2) Number of Throttled Requests for all Dynamo DB tables. How can you accomplish this?


Options are :

  • Tag your resources with the application name, and select the tag name as the dimension in the Cloud watch Management console to view the respective graphs
  • Add a Cloud Watch agent to each instance and attach one to each Dynamo DB table. When configuring the agent set the appropriate application name & view the graphs in Cloud Watch.
  • Add SNMP traps to each instance and Dynamo DB table Leverage a central monitoring server to capture data from each instance and table Put the aggregate data into Cloud Watch for graphing. (Correct)
  • Use the Cloud Watch CLI tools to pull the respective metrics from each regional endpoint Aggregate the data offline & store it for graphing in Cloud Watch.

Answer : Add SNMP traps to each instance and Dynamo DB table Leverage a central monitoring server to capture data from each instance and table Put the aggregate data into Cloud Watch for graphing.

AWS SAP-C00 Certified Solution Architect Professional Exam Set 4

You have a Linux EC2 web server instance running inside a VPC The instance is In a public subnet and has an EIP associated with it so you can connect to It over the Internet via HTTP or SSH The instance was also fully accessible when you last logged in via SSH. and was also serving web requests on port 80. Now you are not able to SSH into the host nor does it respond to web requests on port 80 that were working fine last time you checked You have double-checked that all networking configuration parameters (security groups route tables. IGW?EIP. NACLs etc) are properly configured (and you haven?t made any changes to those anyway since you were last able to reach the Instance). You look at the EC2 console and notice that system status check shows “impaired.? Which should be your next step in troubleshooting and attempting to get the instance back to a healthy state so that you can log in again?


Options are :

  • Add another Elastic Network Interface to the instance and try to connect via that new path since the net working stack of the OS may be locked up causing the “impaired” system status
  • Reboot your instance so that the operating system will have a chance to boot in a clean healthy state that most likely will fix the „impaired” system status (Correct)
  • Stop and start the instance so that it will be able to be redeployed on a healthy host system that most likely will fix the “impaired? system status
  • Add another dynamic private IP address to me instance and try to connect via mat new path, since the networking stack of the OS may be locked up causing the “impaired” system status.

Answer : Reboot your instance so that the operating system will have a chance to boot in a clean healthy state that most likely will fix the „impaired” system status

A user has recently started using EC2. The user launched one EC2 instance in the default subnet in EC2-VPC Which of the below mentioned options is not attached or available with the EC2 instance when it is launched?


Options are :

  • Elastic IP (Correct)
  • Public IP address
  • Internet gateway
  • Private IP address

Answer : Elastic IP

You have started a new job and are reviewing your company*s infrastructure on AWS You notice one web application where they have an Elastic Load Balancer (&B) in front of web instances in an Auto Scaling Group When you check the metrics for the ELB in Cloud Watch you see four healthy instances In Availability Zone (AZ) A and zero in AZ B There are zero unhealthy instances. What do you need to fix to balance the instances across AZs?


Options are :

  • Make sure your AMI is available in both AZ5
  • Set the ELB to only be attached to another AZ
  • Make sure the maximum size of the Auto Scaling Group is greater than 4
  • Make sure Auto Scaling is configured to launch in both AZs (Correct)

Answer : Make sure Auto Scaling is configured to launch in both AZs

AWS SCS-C01 Certified Security Speciality Practice Exam Set 5

You run a web application where web servers on EC2 Instances are In an Auto Scaling group Monitoring over the last 6 months shows that 6 web servers are necessary to handle the minimum load During the day up to 12 servers are needed Five to six days per year, the number of web servers required might go up to 1 5. What would you recommend to minimize costs while being able to provide availability?


Options are :

  • 6 Reserved instances (heavy utilization). 6 Reserved instances {medium utilization), rest covered by On-Demand instances
  • 6 Reserved instances (heavy utilization) 6 Spot instances, rest covered by On-Demand instances (Correct)
  • 6 Reserved instances (heavy utilization). 6 On-Demand instances, rest covered by Spot Instance
  • 6 Reserved instances (heavy utilization) 6 Reserved instances(medium utilization) rest covered by Spot instances

Answer : 6 Reserved instances (heavy utilization) 6 Spot instances, rest covered by On-Demand instances

You are creating an Auto Scaling group whose Instances need to insert a custom metric into Cloud Watch. Which method would be the best way to authenticate your Cloud Watch PUT request?


Options are :

  • Modify the appropriate Cloud Watch metric policies to allow the Put Metric Data permission to instances from the Auto Scaling group
  • Create an IAM user with the Put Metric Data permission and put the credentials in a private repository and have applications on the server put the credentials as needed
  • Create an IAM role with the Put Metric Data permission and modify the Auto Scaling launch configuration to launch instances in that role
  • Create an IAM user with the Put Metric Data permission and modify the Auto Scaling launch configuration to inject the users credentials into the instance User Data (Correct)

Answer : Create an IAM user with the Put Metric Data permission and modify the Auto Scaling launch configuration to inject the users credentials into the instance User Data

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions
  • a
    aa
    Reply