Certification : Get AWS Certified Solutions Architect in 1 Day (2018 Update) Set 4

Which of the following are used to get data records from Amazon Kinesis? Choose an answer from the options below


Options are :

  • Consumer (Correct)
  • Stream
  • Producer
  • None

Answer : Consumer

A company hosts a popular web application that connects to an Amazon RDS MySQL DB instance running in a private VPC subnet that was created with default ACL settings. The web servers must be accessible only to customers on an SSL connection. The database should only accessible to web servers in a public subnet. Which solution meets these requirements without impacting other running applications? Select 2 answers from the options given below


Options are :

  • Create a network ACL on the web server's subnets, allow HTTPS port 443 inbound and specify the source as 0.0.0.0/0
  • Create a web server security group that allows HTTPS port 443 inbound traffic from anywhere (0.0.0.0/0) and apply it to the web servers. (Correct)
  • Create a DB server security group that allows MySQL port 3306 inbound and specify the source as the web server security group (Correct)
  • Create a network ACL on the DB subnet, allow MySQL port 3306 inbound for web servers and deny all outbound traffic.
  • Create a DB Server security groups that allows the HTTPS port 443 inbound and specify the source as a web server security group

Answer : Create a web server security group that allows HTTPS port 443 inbound traffic from anywhere (0.0.0.0/0) and apply it to the web servers. Create a DB server security group that allows MySQL port 3306 inbound and specify the source as the web server security group

A company currently hosts their architecture in the US region. They now need to duplicate that architecture to the Europe region and extend the application hosted on this architecture to the new region. In order to ensures that users across the globe get the same seamless experience from either setup, what needs to be done?


Options are :

  • Create a classic Elastic Load Balancer is setup to route traffic to both locations
  • Create a weighted Route53 policy to route the policy based on the weightage for each location
  • Create an Application Elastic Load Balancer is setup to route traffic to both locations
  • Create a geolocation Route53 policy to route the policy based on the location. (Correct)

Answer : Create a geolocation Route53 policy to route the policy based on the location.

What is an AWS service which can help protect web applications from common security threats from the outside world? Choose one answer from the options below


Options are :

  • NAT
  • WAF (Correct)
  • SQS
  • SES

Answer : WAF

You work for a company that stores records for a minimum of 10 years. Most of these records will never be accessed but must be made available upon request (within a few hours). What is the most cost-effective storage option? Choose the correct answer from the options below


Options are :

  • Simple Storage Service
  • EBS Volumes
  • Glacier (Correct)
  • AWS Import/Export

Answer : Glacier

You are designing a social media site and are considering how to mitigate distributed denial-of-service (DDoS) attacks. Which of the below are viable mitigation techniques? Choose 3 answers from the options below


Options are :

  • Add multiple elastic network interfaces (ENIs) to each EC2 instance to increase the network bandwidth.
  • Use dedicated instances to ensure that each instance has the maximum performance possible.
  • Use an Amazon CloudFront distribution for both static and dynamic content. (Correct)
  • Use an Elastic Load Balancer with auto scaling groups at the web, App. Restricting direct internet traffic to Amazon Relational Database Service (RDS) tiers. (Correct)
  • Add alert Amazon CloudWatch to look for high Network in and CPU utilization. (Correct)
  • Create processes and capabilities to quickly add and remove rules to the instance OS firewall.

Answer : Use an Amazon CloudFront distribution for both static and dynamic content. Use an Elastic Load Balancer with auto scaling groups at the web, App. Restricting direct internet traffic to Amazon Relational Database Service (RDS) tiers. Add alert Amazon CloudWatch to look for high Network in and CPU utilization.

Which of the following approaches provides the lowest cost for Amazon Elastic Block Store snapshots while giving you the ability to fully restore data?


Options are :

  • Maintain two snapshots: the original snapshot and the latest incremental snapshot.
  • Maintain a volume snapshot; subsequent snapshots will overwrite one another
  • Maintain a single snapshot the latest snapshot is both Incremental and complete. (Correct)
  • Maintain the most current snapshot, archive the original and incremental to Amazon Glacier.

Answer : Maintain a single snapshot the latest snapshot is both Incremental and complete.

There is a requirement by a company that does online credit card processing to have a secure application environment on AWS. They are trying to decide on whether to use KMS or CloudHSM. Which of the following statements is right when it comes to CloudHSM and KMS. Choose the correct answer from the options given below


Options are :

  • It probably doesn't matter as they both do the same thing
  • AWS CloudHSM does not support the processing, storage, and transmission of credit card data by a merchant or service provider, as it has not been validated as being compliant with Payment Card Industry (PCI) Data Security Standard (DSS); hence, you will need to use KMS
  • KMS is probably adequate unless additional protection is necessary for some applications and data that are subject to strict contractual or regulatory requirements for managing cryptographic keys, then HSM should be used (Correct)
  • AWS CloudHSM should be always be used for any payment transactions

Answer : KMS is probably adequate unless additional protection is necessary for some applications and data that are subject to strict contractual or regulatory requirements for managing cryptographic keys, then HSM should be used

There is a requirement to host a database server. This server should not be able to connect to the internet except in the case of downloading the required database patches. Which of the following solutions would be the best to satisfy all the above requirements? Choose the correct answer from the options below


Options are :

  • Set up the database in a private subnet with a security group which only allows outbound traffic.
  • Set up the database in a public subnet with a security group which only allows inbound traffic.
  • Set up the database in a local data center and use a private gateway to connect the application to the database.
  • Set up the database in a private subnet which connects to the Internet via a NAT instance. (Correct)

Answer : Set up the database in a private subnet which connects to the Internet via a NAT instance.

A company is using a Redshift cluster to store their data warehouse. There is a requirement from the Internal IT Security team to ensure that data gets encrypted for the Redshift database. How can this be achieved?


Options are :

  • Encrypt the EBS volumes of the underlying EC2 Instances
  • Use AWS KMS Customer Default master key (Correct)
  • Use SSL/TLS for encrypting the data
  • Use S3 Encryption

Answer : Use AWS KMS Customer Default master key

A company hosts a popular web application that connects to an Amazon RDS MySQL DB instance running in a private VPC subnet that was created with default ACL settings. The web servers must be accessible only to customers on an SSL connection. The database should only accessible to web servers in a public subnet. As an architect which of the following would you not recommend for such an architecture?


Options are :

  • Ensure to create a separate web server and database server security group
  • Ensure the web server security group allows HTTPS port 443 inbound traffic from anywhere (0.0.0.0/0) and apply it to the web servers.
  • Ensure the web server security group allows MySQL port 3306 inbound traffic from anywhere (0.0.0.0/0) and apply it to the web servers. (Correct)
  • Ensure the DB server security group allows MySQL port 3306 inbound and specify the source as the web server security group

Answer : Ensure the web server security group allows MySQL port 3306 inbound traffic from anywhere (0.0.0.0/0) and apply it to the web servers.

A company currently stores a set of documents in the AWS Simple Storage service. They are worried on the potential loss if documents were ever deleted. Which of the following can be used to ensure protection from loss for the underlying documents stored in S3.


Options are :

  • Enable versioning for the underlying S3 bucket (Correct)
  • Copy the bucket data to an EBS volume as a backup
  • Create a snapshot of the S3 bucket
  • Enable an IAM policy which does not allow deletion of any document from the S3 bucket

Answer : Enable versioning for the underlying S3 bucket

A company wants to have a NoSQL database hosted on the AWS Cloud. They donít have the necessary staff to manage the underlying infrastructure. Which of the following would be ideal for this requirement


Options are :

  • AWS Aurora
  • AWS RDS
  • AWS DynamoDB (Correct)
  • AWS Redshift

Answer : AWS DynamoDB

In order for an EC2 instance to be accessed from the internet, which of the following are required. Choose 3 answers from the options given below


Options are :

  • An Internet gateway attached to the VPC (Correct)
  • A private IP address attached to the instance
  • A public IP address attached to the instance (Correct)
  • A route entry to the Internet gateway in the Route table (Correct)

Answer : An Internet gateway attached to the VPC A public IP address attached to the instance A route entry to the Internet gateway in the Route table

Which of the following services does not natively encrypts data at rest within an AWS region? (Choose two.)


Options are :

  • AWS Storage Gateway
  • Amazon DynamoDB
  • Amazon CloudFront (Correct)
  • Amazon Simple Queue Service (Correct)
  • Amazon Glacier

Answer : Amazon CloudFront Amazon Simple Queue Service

What are some of the common causes why you cannot connect to a DB instance on AWS? Select 3 options.


Options are :

  • There is a read replica being created, hence you cannot connect
  • The DB is still being created (Correct)
  • The local firewall is stopping the communication traffic (Correct)
  • The security groups for the DB are not properly configured. (Correct)

Answer : The DB is still being created The local firewall is stopping the communication traffic The security groups for the DB are not properly configured.

Your company currently has an on-premise infrastructure. They are currently running low on storage and want to have the ability to extend their storage on to the cloud. Which of the following AWS services can help achieve this purpose.


Options are :

  • Amazon EC2
  • Amazon Storage gateways (Correct)
  • Amazon Storage devices
  • Amazon SQS

Answer : Amazon Storage gateways

You run an ad-supported photo sharing website using S3 to serve photos to visitors of your site. At some point you find out that other sites have been linking to the photos on your site, causing loss to your business. What is an effective method to mitigate this?


Options are :

  • Remove public read access and use signed URLs with expiry dates. (Correct)
  • Use Cloud Front distributions for static content.
  • Block the IPs of the offending websites in Security Groups.
  • Store photos on an EBS volume of the web server.

Answer : Remove public read access and use signed URLs with expiry dates.

What is the AWS service provided which provides a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability.


Options are :

  • AWS RDS
  • DynamoDB (Correct)
  • Oracle RDS
  • Elastic Map Reduce

Answer : DynamoDB

A company has EC2 instances running in AWS. The EC2 instances are running via an Autoscaling solution. There is a lot of application requests or work items being lost because of the load on the servers. The Autoscaling solution is launching new instances to take the load but there are still some application requests which are being lost. Which of the following is likely to provide the most cost-effective solution to avoid losing recently submitted requests? Choose the correct answer from the options given below


Options are :

  • Use an SQS queue to decouple the application components (Correct)
  • Keep one extra EC2 instance always powered on in case a spike occurs
  • Use larger instances for your application
  • Pre-warm your Elastic Load Balancer

Answer : Use an SQS queue to decouple the application components

When creation of an EBS snapshot is initiated, but not completed, the EBS volume:


Options are :

  • Can be used while the snapshot is in progress. (Correct)
  • Cannot be detached or attached to an EC2 instance until the snapshot completes
  • Can be used in read-only mode while the snapshot is in progress.
  • Cannot be used until the snapshot completes.

Answer : Can be used while the snapshot is in progress.

You are working for an Enterprise and have been asked to get a support plan in place from AWS. 1) 24x7 access to support. 2) Access to the full set of Trusted Advisor checks. Which of the following would meet these requirements ensuring that cost is kept at a minimum


Options are :

  • Basic
  • Developer
  • Business (Correct)
  • Enterprise

Answer : Business

You have a set of IIS Servers running on EC2 instances for a high traffic web site. You want to collect and process the log files generated from the IIS Servers. Which of the below services is ideal to run in this scenario


Options are :

  • Amazon S3 for storing the log files and Amazon EMR for processing the log files (Correct)
  • Amazon S3 for storing the log files and EC2 Instances for processing the log files
  • Amazon EC2 for storing and processing the log files
  • Amazon DynamoDB to store the logs and EC2 for running custom log analysis scripts

Answer : Amazon S3 for storing the log files and Amazon EMR for processing the log files

For which of the following databases does Amazon RDS provides high availability and failover support using Amazon's failover technology for DB instances using Multi-AZ deployments. Select 3 options.


Options are :

  • SQL Server
  • MySQL (Correct)
  • Oracle (Correct)
  • MariaDB (Correct)

Answer : MySQL Oracle MariaDB

Which of the following is not a feature provided by Route53?


Options are :

  • Registration of Domain Names
  • Routing of internet traffic to domain resources
  • Offloading content to cache locations (Correct)
  • Health check of resources

Answer : Offloading content to cache locations

AWS thrives on the concept of high availability. Which of the below follows the concept of high availability. Choose the correct answer from the options below


Options are :

  • Implementing security procedures
  • Implementing multiple AWS services
  • The ability of system to easily increase in size.
  • A durable system that can operate for long periods of time without failure. (Correct)

Answer : A durable system that can operate for long periods of time without failure.

You have enabled Cloudtrail logs for your companyís AWS account. In addition the IT Security department has mentioned that the logs need to be encrypted. How can this be achieved


Options are :

  • Enable SSL certificates for the Cloudtrail logs
  • There is no need to do anything since the logs will already be encrypted (Correct)
  • Enable Server side encryption for the trail
  • Enable Server side encryption for the destination S3 bucket

Answer : There is no need to do anything since the logs will already be encrypted

You are a systems administrator and you need to monitor the health of your production environment. You decide to do this using Cloud Watch, however you notice that you cannot see the health of every important metric in the default dash board. Which of the following metrics do you need to design a custom cloud watch metric for, when monitoring the health of your EC2 instances?


Options are :

  • CPU Usage
  • Memory usage (Correct)
  • Disk read operations
  • Network in

Answer : Memory usage

A company has a workflow that sends video files from their on-premise system to AWS for transcoding. They use EC2 worker instances that pull transcoding jobs from SQS. Why is SQS an appropriate service for this scenario?


Options are :

  • SQS guarantees the order of the messages.
  • SQS synchronously provides transcoding output.
  • SQS checks the health of the worker instances.
  • SQS helps to facilitate horizontal scaling of encoding tasks. (Correct)

Answer : SQS helps to facilitate horizontal scaling of encoding tasks.

Which of the following will occur when an EC2 instance in a VPC with an associated Elastic IP is stopped and started? Select 2 options.


Options are :

  • The underlying host for the instance can be changed (Correct)
  • The ENI (Elastic Network Interface) is detached
  • All data on instance-store devices will be lost (Correct)
  • The Elastic IP will be dissociated from the instance

Answer : The underlying host for the instance can be changed All data on instance-store devices will be lost