Certification : Get AWS Certified Solutions Architect in 1 Day (2018 Update) Set 16

There are multiple issues reported from an EC2 instance hence it is required to analyze the logs files. What can be used in AWS to store and analyze the log files?


Options are :

  • SQS
  • S3
  • Cloudtrail
  • Cloudwatch Logs (Correct)

Answer : Cloudwatch Logs

There is a requirement to host a NoSQL database with a need for low latency. Which class of instances from the below list should they choose from


Options are :

  • T2
  • I2 (Correct)
  • T1
  • G2

Answer : I2

A photo-sharing service stores pictures in Amazon Simple Storage Service (S3) and allows application sign-in using an OpenID Connect-compatible identity provider. Which AWS Security Token Service approach to temporary access should you use for the Amazon S3 operations?


Options are :

  • SAML-based Identity Federation
  • Cross-Account Access
  • AWS Identity and Access Management roles
  • Web Identity Federation (Correct)

Answer : Web Identity Federation

A company needs to deploy services to an AWS region which they have not previously used. The company currently has an AWS identity and Access Management (IAM) role for the Amazon EC2 instances, which permits the instance to have access to Amazon DynamoDB. The company wants their EC2 instances in the new region to have the same privileges. How should the company achieve this?


Options are :

  • Create a new IAM role and associated policies within the new region
  • Assign the existing IAM role to the Amazon EC2 instances in the new region (Correct)
  • Copy the IAM role and associated policies to the new region and attach it to the instances
  • Create an Amazon Machine Image (AMI) of the instance and copy it to the desired region using the AMI Copy feature

Answer : Assign the existing IAM role to the Amazon EC2 instances in the new region

What is the minimum size of an object that can be uploaded to Amazon S3?


Options are :

  • 1Megabyte
  • 0Bytes (Correct)
  • 1Byte
  • 5TB

Answer : 0Bytes

You have been told that you need to set up a bastion host by your manager in the cheapest, most secure way, and that you should be the only person that can access it via SSH. Which of the following setups would satisfy your manager's request? Choose the correct answer from the options below


Options are :

  • A small EC2 instance and a security group which only allows access on port 22 via your IP address (Correct)
  • A large EC2 instance and a security group which only allows access on port 22 via your IP address
  • A large EC2 instance and a security group which only allows access on port 22
  • A small EC2 instance and a security group which only allows access on port 22

Answer : A small EC2 instance and a security group which only allows access on port 22 via your IP address

A company has resources hosted both on their on-premise network and in AWS. They want their IT administrators to access resources in both environments using their on-premise credentials which is stored in Active Directory. Which of the following can be used to fulfil this requirement?


Options are :

  • Use Web Identity Federation
  • Use SAML Federation (Correct)
  • Use IAM users
  • Use AWS VPC

Answer : Use SAML Federation

You have a web application hosted on an EC2 Instance in AWS. The application is now being accessed by users across the globe. The Operations team is getting support requests from users in some parts that is experiencing extreme slowness. What can be done to the architecture to improve the response time for users?


Options are :

  • Add more EC2 Instances to support the load
  • Change the Instance type to a higher instance type
  • Add Route53 health checks to improve the performance
  • Place the EC2 Instance behind Cloudfront (Correct)

Answer : Place the EC2 Instance behind Cloudfront

You want to retrieve the Public IP addresses assigned to a running instance via the Instance metadata. Which of the below urls is valid for retrieving this data.


Options are :

  • http://169.254.169.254/latest/meta-data/public-ipv4 (Correct)
  • http://254.169.254.169/latest/meta-data/public-ipv4
  • http://254.169.254.169/meta-data/latest/public-ipv4
  • http://169.254.169.254/meta-data/latest/public-ipv4

Answer : http://169.254.169.254/latest/meta-data/public-ipv4

Which of the following is mandatory when defining a cloudformation template?


Options are :

  • Resources (Correct)
  • Parameters
  • Outputs
  • Mappings

Answer : Resources

A company hosts data in S3. There is a requirement to control access to the S3 buckets. Which are the 2 ways in which this can be achieved?


Options are :

  • Use Bucket policies (Correct)
  • Use the Secure Token service
  • Use IAM user policies (Correct)
  • Use AWS Access Keys

Answer : Use Bucket policies Use IAM user policies

A company has setup an application in AWS that interacts with DynamoDB. There is a requirement that when an item is modified in a DynamoDB table, an immediate entry is made to an associating application. How can this be accomplished? Choose 2 correct answers.


Options are :

  • Setup Cloudwatch to monitor the DynamoDB table for any changes. Then trigger a Lambda function to send the changes to the application.
  • Setup Cloudwatch logs to monitor the DynamoDB table for any changes. Then trigger AWS SQS to send the changes to the application.
  • Use DynamoDB streams to monitor the changes to the DynamoDB table
  • Use an AWS Lambda function on a scheduled basis to monitor the changes to the DynamoDB table (Correct)

Answer : Use an AWS Lambda function on a scheduled basis to monitor the changes to the DynamoDB table

What database services are provided by aws from the list mentioned below. Choose the 3 correct answers.


Options are :

  • Aurora (Correct)
  • MariaDB (Correct)
  • MySQL (Correct)
  • DB2

Answer : Aurora MariaDB MySQL

In what events would cause Amazon RDS to initiate a failover to the standby replica? Choose 3 answers from the options given below


Options are :

  • Loss of availability in primary Availability Zone (Correct)
  • Loss of network connectivity to primary (Correct)
  • Storage failure on secondary
  • Compute unit failure on primary (Correct)

Answer : Loss of availability in primary Availability Zone Loss of network connectivity to primary Compute unit failure on primary

Your company has a set of EC2 Instances hosted in AWS. They now have a mandate to prepare for a disaster and come up with the necessary disaster recovery procedures. Which of the following would help in the mitigating the effects of a disaster for the EC2 instances


Options are :

  • Place an ELB in front of the EC2 Instances
  • Use Autoscaling to ensure the minimum number of instances are always running
  • Use Cloudfront in front of the EC2 Instances
  • Use AMIís to recreate the EC2 Instances in another region (Correct)

Answer : Use AMIís to recreate the EC2 Instances in another region

You keep on getting an error while trying to attach an Internet Gateway to a VPC. What is the most likely cause of the error?


Options are :

  • You need to have a customer gateway defined first before attaching an internet gateway
  • You need to have a public subnet defined first before attaching an internet gateway
  • You need to have a private subnet defined first before attaching an internet gateway
  • An Internet gateway is already attached to the VPC (Correct)

Answer : An Internet gateway is already attached to the VPC

A company is asking their developers to store the application logs in an S3 bucket. These logs are only required for a temporary period of time. After this, the logs can be deleted. Which of the following steps can be used to effectively manage this.


Options are :

  • Create a cron job to detect the stale logs and delete them accordingly.
  • Use a bucket policy to manage the deletion
  • Use an IAM policy to manage the deletion
  • Use S3 lifecycle policies to manage the deletion (Correct)

Answer : Use S3 lifecycle policies to manage the deletion

You have created your own VPC and subnet in AWS. You have launched an instance in that subnet. You have attached an internet gateway to the VPC and seen that the instance has a public IP. The Route table is 10.0.0.0/16. The instance still cannot be reached from the Internet. Which of the below changes need to be made to the route table to ensure that the issue can be resolved


Options are :

  • Add the following entry to the route table Ė 0.0.0.0/0->Internet Gateway (Correct)
  • Modify the above route table Ė 10.0.0.0/16 ->Internet Gateway
  • Add the following entry to the route table Ė 10.0.0.0/16 ->Internet Gateway
  • Add the following entry to the route table - 0.0.0.0/16->Internet Gateway

Answer : Add the following entry to the route table Ė 0.0.0.0/0->Internet Gateway

You have several AWS reserved instances in your account. They have been running for some time, but now need to be shutdown since they are no longer required. The data is still required for future purposes. Which of the below possible 2 steps can be taken.


Options are :

  • Convert the instance to on-demand instances
  • Sell the instances on the AWS Reserved Instance Marketplace (Correct)
  • Take snapshots of the EBS volumes and terminate the instances (Correct)
  • Convert the instance to spot instances

Answer : Sell the instances on the AWS Reserved Instance Marketplace Take snapshots of the EBS volumes and terminate the instances

There is an urgent requirement to monitor few database metrics for a database hosted on AWS and send notifications. Which AWS services can accomplish this requirements? Choose 2 answers from the options given below.


Options are :

  • Amazon Simple Email Service
  • Amazon CloudWatch (Correct)
  • Amazon Simple Queue Service (SQS)
  • Amazon Route 53
  • Amazon Simple Notification Service (SNS) (Correct)

Answer : Amazon CloudWatch Amazon Simple Notification Service (SNS)

An application currently uses a NAT instance and now wants to use a NAT gateway. Which of the following can be used to accomplish this


Options are :

  • Use NAT Instances along with the NAT Gateway
  • Host the NAT Instance in the private subnet
  • Migrate NAT Instance to NAT Gateway and host the NAT Gateway in the public subnet (Correct)
  • Convert the NAT Instance to a NAT Gateway

Answer : Migrate NAT Instance to NAT Gateway and host the NAT Gateway in the public subnet

Your company has resources set up on the AWS Cloud. Your company is now going through a set of scheduled audits by an external auditing firm. Which of the following services can be utilized to help ensure the right information is present for auditing purposes.


Options are :

  • AWS CloudTrail (Correct)
  • AWS VPC
  • AWS EC2
  • AWS Cloudwatch

Answer : AWS CloudTrail

You try to connect to a newly created Amazon EC2 instance via SSH using PuTTY and get one of the following error messages Error: Server refused our key (or) Error: No supported authentication methods available What steps should you take to identify the source of the behavior? Choose 2 answers


Options are :

  • You should also verify that your private key (.pem) file has been correctly converted to the format recognized by PuTTY (.ppk). (Correct)
  • Verify that your IAM user policy has permission to launch Amazon EC2 instances.
  • Verify that you are connecting with the appropriate user name for your AMI. (Correct)
  • Verify that the Amazon EC2 Instance was launched with the proper IAM role.

Answer : You should also verify that your private key (.pem) file has been correctly converted to the format recognized by PuTTY (.ppk). Verify that you are connecting with the appropriate user name for your AMI.

A company wants to store data that is not frequently accessed. What is the best and cost efficient solution that should be considered?


Options are :

  • Amazon Storage Gateway
  • Amazon Glacier (Correct)
  • Amazon EBS
  • Amazon S3

Answer : Amazon Glacier

Which of the below AWS service can be used to deploy infrastructure using stacks and templates?


Options are :

  • Amazon Simple Workflow Service
  • AWS Elastic Beanstalk
  • AWS CloudFormation (Correct)
  • AWS OpsWorks

Answer : AWS CloudFormation

A customer wants to apply a group of database specific settings to their Relational Database Instances in their AWS acccount. Which of the following options can be used to apply the settings in one go for all of the Relational database instances


Options are :

  • Security Groups
  • NACL Groups
  • Parameter Groups (Correct)
  • IAM Roles.

Answer : Parameter Groups

Which of the following is true when it comes to hosting a database in VPC's using the AWS RDS service.


Options are :

  • The VPC must have at least one subnet
  • The VPC must have at least one subnet in one Availability Zone
  • Your VPC must have at least one subnet in at least two of the Availability Zones (Correct)
  • None

Answer : Your VPC must have at least one subnet in at least two of the Availability Zones

A customer has an instance hosted in the AWS Public Cloud. The VPC and subnet used to host the Instance have been created with the default settings for the Network Access Control Lists. They need to provide an IT Administrator secure access to the underlying instance. How can this be accomplished.


Options are :

  • Ensure the Network Access Control Lists allow Inbound SSH traffic from the IT Administratorís Workstation
  • Ensure the Network Access Control Lists allow Outbound SSH traffic from the IT Administratorís Workstation
  • Ensure that the security group allows Inbound SSH traffic from the IT Administratorís Workstation
  • Ensure that the security group allows Outbound SSH traffic from the IT Administratorís Workstation (Correct)

Answer : Ensure that the security group allows Outbound SSH traffic from the IT Administratorís Workstation

Why does stopping and starting an instance help in fixing a System Status Check error? Choose an answer from the options given below


Options are :

  • Stopping and starting an instance causes the instance to change the AMI.
  • Stopping and starting an instance causes the instance to be provisioned on different AWS hardware. (Correct)
  • Stopping and starting an instance reboots the operating system.
  • None

Answer : Stopping and starting an instance causes the instance to be provisioned on different AWS hardware.

You work for a company that stores records for a minimum of 10 years. Most of these records will never be accessed but must be made available upon request (within a few hours). What is the most cost-effective storage option?


Options are :

  • S3-IA
  • Reduced Redundancy Storage (RRS)
  • Glacier (Correct)
  • AWS Import/Export

Answer : Glacier