AWS SOA-C00 Certified Sys Ops Administrator Associate Exam Set 3

A user is using the AWS SQS to decouple the services. Which of the below mentioned operations is not supported by SQS?


Options are :

  • Create Queue
  • Delete Message Batch
  • Send Message Batch
  • Delete Message Queue (Correct)

Answer : Delete Message Queue

AWS Certified Security Specialty

A user has enabled versioning on an S3 bucket. The user is using server side encryption for data at Rest. If the user is supplying his own keys for encryption (SSE-C., which of the below mentioned statements is true?


Options are :

  • The SSE-C does not work when versioning is enabled
  • The user should use the same encryption key for all versions of the same object
  • It is possible to have different encryption keys for different versions of the same object (Correct)
  • AWS S3 does not allow the user to upload his own keys for server side encryption

Answer : It is possible to have different encryption keys for different versions of the same object

A user has created a VPC with a subnet and a security group. The user has launched an instance in that subnet and attached a public IP. The user is still unable to connect to the instance. The internet gateway has also been created. What can be the reason for the error?


Options are :

  • The outbound traffic on the security group is disabled
  • The internet gateway is not configured with the security group
  • The private IP is not present
  • The internet gateway is not configured with the route table (Correct)

Answer : The internet gateway is not configured with the route table

A user has created a mobile application which makes calls to Dynamo DB to fetch certain data. The application is using the Dynamo DB SDK and root account access/secret access key to connect to Dynamo DB from mobile. Which of the below mentioned statements is true with respect to the best practice for security in this scenario?


Options are :

  • Create an IAM Role with Dynamo DB access and attach it with the mobile application
  • The application should use an IAM role with web identity federation which validates calls to Dynamo DB with identity providers, such as Google, Amazon, and face book (Correct)
  • The user should create an IAM role with Dynamo DB and EC2 access. Attach the role with EC2 and route all calls from the mobile through EC2
  • The user should create a separate IAM user for each mobile application and provide Dynamo DB access with it

Answer : The application should use an IAM role with web identity federation which validates calls to Dynamo DB with identity providers, such as Google, Amazon, and face book

Mock Exam : AWS Certified Security Specialty

A user has launched an EC2 instance from an instance store backed AM). If the user restarts the instance, what will happen to the storage data?


Options are :

  • The data is preserved (Correct)
  • It is not possible to restart an instance launched from an instance store backed AMI
  • Al the data will be erased but the ephermal storage will stay connected
  • Al data will be erased and the ephermal storage is released

Answer : The data is preserved

A user has created a VPC with CIDR 20.0.0.0/16. The user has created one subnet with CIDR 20.0.0.0/16 in this VPC. The user is trying to create another subnet with the same VPC for CIDR 20.0.0.1/24. What will happen in this scenario?


Options are :

  • It will throw a CIDR overlaps error (Correct)
  • The VPC will modify the first subnet CIDR automatically to allow the second subnet IP range
  • It is not possible to create a subnet with the same CIDR as VPC
  • The second subnet will be created

Answer : It will throw a CIDR overlaps error

A user is using the AWS EC2. The user wants to make so that when there is an issue in the EC2 server, such as instance status failed, it should start a new instance in the user?s private cloud. Which AWS service helps to achieve this automation?


Options are :

  • AWS Cloud Watch + AWS SNS (Correct)
  • AWS Cloud Watch + AWS Auto Scaling + AWS ELB
  • AWS Cloud Watch + Cloud formation
  • AWS Cloud Watch + AWS VPC

Answer : AWS Cloud Watch + AWS SNS

Certification : Get AWS Certified Solutions Architect in 1 Day (2018 Update) Set 6

A user has setup a custom application which generates a number in decimals. The user wants to track that number and setup the alarm whenever the number is above a certain limit. The application is sending the data to Cloud Watch at regular intervals for this purpose. Which of the below mentioned statements is not true with respect to the above scenario?


Options are :

  • The user has to supply the time zone with each data point (Correct)
  • The user can get the aggregate data of the numbers generated over a minute and send it to Cloud Watch
  • The user can create a file in the JSON format with the metric name and value and supply it to Cloud Watch
  • Cloud Watch will not truncate the number until it has an exponent larger than 126 (i.e. (1 x 10A126).

Answer : The user has to supply the time zone with each data point

A user has enabled detailed Cloud Watch monitoring with the AWS Simple Notification Service. Which of the below mentioned statements helps the user understand detailed monitoring better?


Options are :

  • There is no need to enable since SNS provides data every minute
  • SNS cannot provide data every minute (Correct)
  • SNS will send data every minute after configuration
  • AWS Cloud Watch does not support monitoring for SNS

Answer : SNS cannot provide data every minute

A user has launched an EC2 instance. The instance got terminated as soon as it was launched. Which of the below mentioned options is not a possible reason for this?


Options are :

  • The AMI is missing. It is the required part
  • The user account has reached the maximum volume limit
  • The snapshot is corrupt
  • The user account has reached the maximum EC2 instance limit (Correct)

Answer : The user account has reached the maximum EC2 instance limit

AWS SOA-C00 Certified Sys Ops Administrator Associate Exam Set 7

A user is measuring the CPU utilization of a private data centre machine every minute. The machine provides the aggregate of data every hour, such as Sum of data, “Mm value”, “Max value, and TMN umber of Data points”. The user wants to send these values to Cloud Watch. How can the user achieve this?


Options are :

  • Send the data using the put-metric-data command with the aggregate -data parameter
  • Send the data using the put-metric-data command with the average-values parameter
  • Send the data using the put-metric-data command with the aggregate-values parameter
  • Send the data using the put-metric-data command with the statistic-values parameter (Correct)

Answer : Send the data using the put-metric-data command with the statistic-values parameter

A user has created a VPC with CIDR 20.0.0.0/1 6. The user has created one subnet with CIDR 20.0.0.0/16 by mistake. The user is trying to create another subnet of CIDR 20.0.0.1/24. How can the user create the second subnet?


Options are :

  • There is no need to update the subnet as VPC automatically adjusts the CIDR of the first subnet based on the second subnets CIDR
  • The user can modify the first subnet CIDR from the console
  • The user can modify the first subnet CIDR with AWS CLI (Correct)
  • It is not possible to create a second subnet as one subnet with the same CIDR as the VPC has been created

Answer : The user can modify the first subnet CIDR with AWS CLI

A root account owner has given full access of his S3 bucket to one of the lAM users using the bucket ACL. When the IAM user logs in to the S3 console, which actions can he perform?


Options are :

  • The IAM user can perform all operations on the bucket using only API/SDK
  • He can do all the operations on the bucket
  • He can just view the content of the bucket
  • It is not possible to give access to an IAM user using ACL (Correct)

Answer : It is not possible to give access to an IAM user using ACL

AWS DVA-C00 Certified Developer Associate Practice Exam Set 3

A user has configured ELB with Auto Scaling. The user suspended the Auto Scaling terminate process only for a while. What will happen to the availability zone rebalancing process (AZ Rebalance. during this period?


Options are :

  • Auto Scaling will keep launching instances till the maximum instance size
  • Auto Scaling will allow the instances to grow more than the maximum size (Correct)
  • Auto Scaling will not launch or terminate any instances
  • It is not possible to suspend the terminate process while keeping the launch active

Answer : Auto Scaling will allow the instances to grow more than the maximum size

A root account owner is trying to understand the S3 bucket ACL. Which of the below mentioned options cannot be used to grant ACL on the object using the authorized predefined group?


Options are :

  • Canonical user group (Correct)
  • Al users group
  • Log Delivery Group
  • Authenticated user group

Answer : Canonical user group

A user has configured ELB with Auto Scaling. The user suspended the Auto Scaling Alarm Notification (which notifies Auto Scaling for Cloud Watch alarms. process for a while. What will Auto Scaling do during this period?


Options are :

  • AWS will not receive the alarms from Cloud Watch
  • Auto Scaling will execute the policy but it will not launch the instances until the process is resumed
  • It is not possible to suspend the Alarm Notification process
  • AWS will receive the alarms but will not execute the Auto Scaling policy (Correct)

Answer : AWS will receive the alarms but will not execute the Auto Scaling policy

QA : AWS Certified Solutions Architect Associate

A user has created a VPC with public and private subnets using the VPC wizard. Which of the below mentioned statements is not true in this scenario?


Options are :

  • The VPC will launch one NAT instance with an elastic IP
  • The VPC will create one internet gateway and attach it to VPC
  • The VPC will create two subnets
  • The VPC will create a routing instance and attach it with a public subnet (Correct)

Answer : The VPC will create a routing instance and attach it with a public subnet

A user wants to find the particular error that occurred on a certain date in the AWS My SQL RDS DB. Which of the below mentioned activities may help the user to get the data easily?


Options are :

  • Direct the logs to the DB table and then query that table (Correct)
  • Download the log file to Dynamo DB and search for the record
  • It is not possible to get the log files for My SQL RDS
  • Find all the transaction logs and query on those records

Answer : Direct the logs to the DB table and then query that table

A sys admin is planning to subscribe to the RDS event notifications. For which of the below mentioned source categories the subscription cannot be configured?


Options are :

  • DB snapshot
  • DB options group (Correct)
  • DB parameter group
  • DB security group

Answer : DB options group

AWS Solutions Architect Associate 2019 with Practice Test Set 7

A sys admin is using server side encryption with AWS S3. Which of the below mentioned statements helps the user understand the S3 encryption functionality?


Options are :

  • The user can use the AWS console, SDK and APIs to encrypt or decrypt the content for server side encryption with the user supplied key
  • The user must send an AES-128 encrypted key
  • The server side encryption with the user supplied key works when versioning is enabled (Correct)
  • The user can upload his own encryption key to the S3 console

Answer : The server side encryption with the user supplied key works when versioning is enabled

An AWS account owner has setup multiple IAM users. One IAM user only has Cloud Watch access. He has setup the alarm action which stops the EC2 instances when the CPU utilization is below the threshold limit. What will happen in this case?


Options are :

  • The user can setup the action but it will not be executed if the user does not have EC2 rights
  • Cloud Watch will stop the instance when the action is executed (Correct)
  • It is not possible to stop the instance using the Cloud Watch alarm
  • The user cannot set an alarm on EC2 since he does not have the permission

Answer : Cloud Watch will stop the instance when the action is executed

A user has enabled session stickiness with ELB. The user does not want ELB to manage the cookie; instead he wants the application to manage the cookie. What will happen when the server instance, which is bound to a cookie, crashes?


Options are :

  • The response will have a cookie but stickiness will be deleted
  • ELB will throw an error due to cookie unavailability
  • The session will be sticky and ELB will route requests to another server as ELB keeps replicating the Cookie
  • The session will not be sticky until a new cookie is inserted (Correct)

Answer : The session will not be sticky until a new cookie is inserted

AWS SAP-C00 Certified Solution Architect Professional Exam Set 2

George has shared an EC2 AMI created in the US East region from his AWS account with Stefano. George copies the same AMI to the US West region. Can Stefano access the copied AMI of Georges account from the US West region?


Options are :

  • Yes, since copy AMI copies all the permissions attached with the AMI
  • Yes, since copy AMI copies all private account sharing permissions
  • No, copy AMI does not copy the permission (Correct)
  • It is not possible to share the AMI with a specific account

Answer : No, copy AMI does not copy the permission

A user is trying to send custom metrics to Cloud Watch using the Put Metric Data APIs, Which of the below mentioned points should the user needs to take care while sending the data to Cloud Watch?


Options are :

  • The size of a request is limited to 8KB for HTTP GET requests and 40KB for HTTP POST requests (Correct)
  • The size of a request is limited to 40KB for HTTP GET requests and 8KB for HTTP POST requests
  • The size of a request is limited to 1 6KB for HTTP GET requests and 80KB for HTTP POST requests
  • The size of a request is limited to 128KB for HTTP GET requests and 64KB for HTTP POST requests

Answer : The size of a request is limited to 8KB for HTTP GET requests and 40KB for HTTP POST requests

A user is trying to create a PIOPS EBS volume with 4000 IOPS and 100 GB size. AWS does not allow the user to create this volume. What is the possible root cause for this?


Options are :

  • The ratio between IOPS and the EBS volume is lower than 50
  • The maximum IOPS supported by EBS is 3000
  • PIOPS is supported for EBS higher than 500 GB size
  • The ratio between IOPS and the EBS volume is higher than 30 (Correct)

Answer : The ratio between IOPS and the EBS volume is higher than 30

AWS Devops Engineer Professional Certified Practice Exam Set 6

A user has created a VPC with public and private subnets using the VPC wizard. The VPC has CIDR 20.0.0.0/16. The private subnet uses CIDR 20.0.0.0/24 . The NAT instance ID is i-a12345. Which of the below mentioned entries are required in the main route table attached with the private subnet to allow instances to connect with the internet?


Options are :

  • Destination: 20.0.0.0/0 and Target: 80
  • Destination: 20.0.0.0/24 and Target: i-al 2345
  • Destination: 20.0.0.0/0 and Target: i-a12345
  • Destination: 0.0.0.0/0 and Target: i-a12345 (Correct)

Answer : Destination: 0.0.0.0/0 and Target: i-a12345

A user has created an Auto Scaling group with default configurations from CLI. The user wants to setup the Cloud Watch alarm on the EC2 instances, which are launched by the Auto Scaling group. The user has setup an alarm to monitor the CPU utilization every minute. Which of the below mentioned statements is true?


Options are :

  • It will fetch the data at every minute as detailed monitoring on EC2 will be enabled by the default launch configuration of Auto Scaling (Correct)
  • It will fetch the data at every minute but the four data points 1 corresponding to 4 minutes] will not have n value since the EC2 basic monitoring metrics are collected every five minutes
  • The user has to first enable detailed monitoring on the EC2 instances to support alarm monitoring at every minute
  • The alarm creation will fail since the user has not enabled detailed monitoring on the EC2 instances

Answer : It will fetch the data at every minute as detailed monitoring on EC2 will be enabled by the default launch configuration of Auto Scaling

A user is receiving a notification from the RDS DB whenever there is a change in the DB security group. The user does not want to receive these notifications for only a month. Thus, he does not want to delete the notification. How can the user configure this?


Options are :

  • Set the send mail flag to false in the DR event notification console
  • The only option is to delete the notification from the console
  • Change the Enable button for notification to “No” in the RDS console (Correct)
  • Change the Disable button for notification to „Yes? in the RDS console

Answer : Change the Enable button for notification to “No” in the RDS console

Certification : Get AWS Certified Solutions Architect in 1 Day (2018 Update) Set 8

A user has launched an EC2 instance. However, due to some reason the instance was terminated. If the user wants to find out the reason for termination, where can he find the details?


Options are :

  • The user can get information from the AWS console, by checking the Instance description under the Instance Status Change reason label
  • The user can get information from the AWS console, by checking the Instance description under the Instance Termination reason label (Correct)
  • The user can get information from the AWS console, by checking the Instance description under the State transition reason label
  • It is not possible to find the details after the instance is terminated

Answer : The user can get information from the AWS console, by checking the Instance description under the Instance Termination reason label

A user has created a VPC with the public and private subnets using the VPC wizard. The VPC has CIDR 20.0.0.0/1 6. The public subnet uses CIDR 20.0.1 .0/24. The user is planning to host a web server in the public subnet (port 80. and a DB server in the private subnet (port 3306.. The user is configuring a security group for the public subnet (Web Sec GRP. and the private subnet (DB Sec GRP.. Which of the below mentioned entries is required in the private subnet database security group (DB Sec GRP.?


Options are :

  • Allow Outbound on port 80 for Destination NAT Instance IP
  • Allow Outbound on port 3306 for Destination Web Server Security Group (Web Sec GRP.)
  • Allow Inbound on port 3306 for Source Web Server Security Group (Web Sec GRP) (Correct)
  • Allow Inbound on port 3306 from source 20.0.0.0/16

Answer : Allow Inbound on port 3306 for Source Web Server Security Group (Web Sec GRP)

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions