Certification : Get AWS Certified Solutions Architect in 1 Day (2018 Update) Set 9

A company is deploying a two-tier, highly available web application to AWS. Which service provides durable storage for static content while utilizing lower Overall CPU resources for the web tier?


Options are :

  • Amazon EBS volume
  • Amazon S3 (Correct)
  • Amazon EC2 instance store
  • Amazon RDS instance

Answer : Amazon S3

If you’re unable to connect via SSH to your EC2 instance, which of the following should you check and possibly correct to restore connectivity?


Options are :

  • Adjust Security Group to permit egress traffic over TCP port 443 from your IP.
  • Configure the IAM role to permit changes to security group settings.
  • Modify the instance security group to allow ingress of ICMP packets from your IP.
  • Adjust the instance’s Security Group to permit ingress traffic over port 22 from your IP. (Correct)
  • Apply the most recently released Operating System security patches.

Answer : Adjust the instance’s Security Group to permit ingress traffic over port 22 from your IP.

A company is migrating an on-premise 5TB MySQL database to AWS. The company expects the database to continue increasing in size. Which Amazon RDS engine meets these requirements?


Options are :

  • MySQL
  • Microsoft SQL Server
  • Oracle
  • Amazon Aurora (Correct)

Answer : Amazon Aurora

A company has a workflow that sends video files from their on-premise system to AWS for transcoding. They use EC2 worker instances that pull transcoding jobs from SQS. Why is SQS an appropriate service for this scenario?


Options are :

  • SQS guarantees the order of the messages.
  • SQS synchronously provides transcoding output.
  • SQS checks the health of the worker instances.
  • SQS helps to facilitate horizontal scaling of encoding tasks. (Correct)

Answer : SQS helps to facilitate horizontal scaling of encoding tasks.

Amazon EC2 provides a repository of public data sets that can be seamlesslyintegrated into AWS cloud-based applications. What is the monthly charge for using the public data sets?


Options are :

  • 1 time charge of 1$ for all the datasets.
  • 1$ per dataset per month
  • 10 $ per month for all datasets
  • There is no charge for using public data sets (Correct)

Answer : There is no charge for using public data sets

You are planning on hosting a web application on AWS. You create an EC2 Instance in a public subnet. This instance needs to connect to an EC2 Instance that will host an Oracle database. Which of the following steps should be followed to ensure a secure setup is in place


Options are :

  • Place the EC2 Instance with the Oracle database in the same public subnet as the Web server for faster communication.
  • Place the EC2 Instance with the Oracle database in a separate private subnet (Correct)
  • Create a database security group and ensure the web security group to allowed incoming access (Correct)
  • Ensure the database security group allows incoming traffic from 0.0.0.0/0

Answer : Place the EC2 Instance with the Oracle database in a separate private subnet Create a database security group and ensure the web security group to allowed incoming access

You have a web application running on six Amazon EC2 instances, consuming about 45% of resources on each instance. You are using autoscaling to make sure that six instances are running at all times. The number of requests this application processes is consistent and does not experience spikes. The application is critical to your business and you want high availability at all times. You want the load to be distributed evenly between all instances. You also want to use the same Amazon Machine Image (AMI) for all instances. Which of the following architectural choices should you make?


Options are :

  • Deploy 6 EC2 instances in one availability zone and use Amazon Elastic Load Balancer.
  • Deploy 3 EC2 instances in one region and 3 in another region and use Amazon Elastic Load Balancer.
  • Deploy 3 EC2 instances in one availability zone and 3 in another availability zone and use Amazon Elastic Load Balancer. (Correct)
  • Deploy 2 EC2 instances in three regions and use Amazon Elastic Load Balancer.

Answer : Deploy 3 EC2 instances in one availability zone and 3 in another availability zone and use Amazon Elastic Load Balancer.

A company is preparing to give AWS Management Console access to developers Company policy mandates identity federation and role-based access control. Roles are currently assigned using groups in the corporate Active Directory. What combination of the following will give developers access to the AWS console? Choose 2 answers


Options are :

  • AWS Directory Service AD Connector (Correct)
  • AWS Directory Service Simple AD
  • AWS Identity and Access Management groups
  • AWS identity and Access Management roles (Correct)
  • AWS identity and Access Management users

Answer : AWS Directory Service AD Connector AWS identity and Access Management roles

A customer needs to capture all client connection information from their ELB every five minutes. The company wants to use this data for analyzing traffic patterns and troubleshooting their applications. Which of the following options meets the customer requirements?


Options are :

  • Enable AWS CloudTrail for the load balancer.
  • Enable access logs on the load balancer. (Correct)
  • Install the Amazon CloudWatch Logs agent on the load balancer.
  • Enable Amazon CloudWatch metrics on the load balancer.

Answer : Enable access logs on the load balancer.

Which of the below aws services allows you to run code without the need to host an EC2 instances


Options are :

  • AWS Lambda (Correct)
  • AWS IoT
  • AWS SQS
  • AWS SES

Answer : AWS Lambda

As an IT administrator you have been requested to ensure you create a highly decouple application in AWS. Which of the following help you accomplish this goal? Choose the correct answer from the options below


Options are :

  • An SQS queue to allow a second EC2 instance to process a failed instance’s job (Correct)
  • An Elastic Load Balancer to send web traffic to healthy EC2 instances
  • IAM user credentials on EC2 instances to grant permissions to modify an SQS queue
  • An Auto Scaling group to recover from EC2 instance failures

Answer : An SQS queue to allow a second EC2 instance to process a failed instance’s job

Which of the following are use cases for Amazon DynamoDB? Choose 3 answers


Options are :

  • Storing BLOB data.
  • Managing web sessions. (Correct)
  • Storing JSON documents. (Correct)
  • Storing metadata for Amazon S3 objects. (Correct)
  • Running relational joins and complex updates.
  • Storing large amounts of infrequently accessed data

Answer : Managing web sessions. Storing JSON documents. Storing metadata for Amazon S3 objects.

How long can messages live in a SQS queue?


Options are :

  • 12 hours
  • 10 days
  • 14 days (Correct)
  • 1 year

Answer : 14 days

How can you secure data at rest on an EBS volume?


Options are :

  • Attach the volume to an instance using EC2’s SSL interface.
  • Write the data randomly instead of sequentially.
  • Encrypt the volume using the S3 server-side encryption service.
  • Create an IAM policy that restricts read and write access to the volume.
  • Use an encrypted file system on top of the EBS volume. (Correct)

Answer : Use an encrypted file system on top of the EBS volume.

An application running on EC2 instances processes sensitive information stored on Amazon S3. The information is accessed over the Internet. The security team is concerned that the Internet connectivity to Amazon S3 is a security risk. Which solution will resolve the security concern?


Options are :

  • Access the data through an Internet Gateway.
  • Access the data through a VPN connection.
  • Access the data through a NAT Gateway.
  • Access the data through a VPC endpoint for Amazon S3 (Correct)

Answer : Access the data through a VPC endpoint for Amazon S3

You are creating a number of EBS Volumes for your EC2 instances. You are concerned on the backups of the EBS Volumes. Which of the below is a way to backup the EBS Volumes


Options are :

  • Configure Amazon Storage Gateway with EBS volumes as the data source and store the backups on premise through the storage gateway
  • Write a cronjob that uses the AWS CLI to take a snapshot of production EBS volumes. (Correct)
  • Use a lifecycle policy to back up EBS volumes stored on Amazon S3 for durability
  • Write a cronjob on the server that compresses the data and then copy it to Glacier

Answer : Write a cronjob that uses the AWS CLI to take a snapshot of production EBS volumes.

There is a requirement to ensure that an EC2 instance can only be accessed from an IP address of 72.34.51.100. The users should be able to SSH into the instance. Which option will meet the customer requirement?


Options are :

  • Security Group Inbound Rule: Protocol – TCP. Port Range – 22, Source 72.34.51.100/32 (Correct)
  • Security Group Inbound Rule: Protocol – UDP, Port Range – 22, Source 72.34.51.100/32
  • Network ACL Inbound Rule: Protocol – UDP, Port Range – 22, Source 72.34.51.100/32
  • Network ACL Inbound Rule: Protocol – TCP, Port Range-22, Source72.34.51.100/0

Answer : Security Group Inbound Rule: Protocol – TCP. Port Range – 22, Source 72.34.51.100/32

A company is planning to use the AWS ECS service to work with containers. There is a need for the least amount of administrative overhead when launching containers. How can this be achieved


Options are :

  • Use the Fargate launch type in AWS ECS (Correct)
  • Use the EC2 launch type in AWS ECS
  • Use the Autoscaling launch type in AWS ECS
  • Use the ELB launch type in AWS ECS

Answer : Use the Fargate launch type in AWS ECS

All Amazon EC2 instances are assigned two IP addresses at launch, out of which one can only be reached from within the Amazon EC2 network?


Options are :

  • Multiple IP address
  • Public IP address
  • Private IP address (Correct)
  • Elastic IP Address

Answer : Private IP address

A company needs to store images that are uploaded by users via a mobile application. There is also a need to ensure that there is a security measure in place to protect against users accidentally deleting images. Which action will protect against unintended user actions?


Options are :

  • Store data in an EBS volume and create snapshots once a week.
  • Store data in an S3 bucket and enable versioning. (Correct)
  • Store data in two S3 buckets in different AWS regions.
  • Store data on EC2 instance storage

Answer : Store data in an S3 bucket and enable versioning.

A company wants to store their documents in AWS. Initially these documents will be used frequently. After a duration of 6 months, these documents need to be archived. How would you architect this requirement?


Options are :

  • Store the files in Amazon EBS and create a lifecycle policy to remove the files after 6 months.
  • Store the files in Amazon S3 and create a lifecycle policy to remove the files after 6 months. (Correct)
  • Store the files in Amazon Glacier and create a lifecycle policy to remove the files after 6 months.
  • Store the files in Amazon EFS and create a lifecycle policy to remove the files after 6 months.

Answer : Store the files in Amazon S3 and create a lifecycle policy to remove the files after 6 months.

What are some of the benefits of using the Cloudformation service? Choose 2 answers from the options given below


Options are :

  • Can automatically increase instance capacity
  • A storage location for your applications code
  • Version control your infrastructure (Correct)
  • A great disaster recovery option (Correct)

Answer : Version control your infrastructure A great disaster recovery option

You have created your own VPC and subnet in AWS. You have launched an instance in that subnet. You have noticed that the instance is not receiving a DNS name. Which of the below options could be a valid reason for this issue.


Options are :

  • The CIDR block for the VPC is invalid
  • The CIDR block for the subnet is invalid
  • The VPC configuration needs to be changed (Correct)
  • The subnet configuration needs to be changed

Answer : The VPC configuration needs to be changed

You working in the media industry and you have created a web applicationwhere users will be able to upload photos they create to your website. This web application must be able to call the S3 API in order to be able to function. Where should you store your API credentials whilst maintaining the maximum level of security?


Options are :

  • Save the API credentials to your php files.
  • Don’t save your API credentials. Instead create a role in IAM and assign this role to an EC2 instance when you first create it. (Correct)
  • Save your API credentials in a public Github repository.
  • Pass API credentials to the instance using instance userdata.

Answer : Don’t save your API credentials. Instead create a role in IAM and assign this role to an EC2 instance when you first create it.

An application needs to access data in another AWS account in the same region. Which of the following can be used to ensure data can be accessed as required


Options are :

  • Establish a NAT instance between both accounts
  • Use a VPN between both accounts
  • Use a NAT gateway between both accounts
  • Use VPC Peering between both accounts (Correct)

Answer : Use VPC Peering between both accounts

An application consists of the following architecture. EC2 Instances in multiple AZ’s behind an ELB. The EC2 Instances are launched via an Autoscaling Group There is a NAT instance which is used to ensure that instances can download updates from the internet. Which of the following is the bottleneck in the architecture?


Options are :

  • The EC2 Instances
  • The ELB
  • The NAT Instance (Correct)
  • The Autoscaling Group

Answer : The NAT Instance

What is one of the major advantages of having a VPN in AWS?


Options are :

  • You don’t have to worry about security, this is managed by AWS.
  • You can connect your cloud resources to on-premise data centers using VPN connections (Correct)
  • You can provision unlimited number of S3 resources.
  • None

Answer : You can connect your cloud resources to on-premise data centers using VPN connections

What are the main benefits of IAM groups? Choose 2 answers from the options below


Options are :

  • Ability to create custom permission policies.
  • Allow for EC2 instances to gain access to S3.
  • Easier user/policy management. (Correct)
  • Assign IAM permission policies to more than one user at a time. (Correct)

Answer : Easier user/policy management. Assign IAM permission policies to more than one user at a time.

You are working with a customer who is using Chef Configuration management in their data center. Which service is designed to let the customer leverage existing Chef recipes in AWS?


Options are :

  • Amazon Simple Workflow Service
  • AWS Elastic Beanstalk
  • AWS CloudFormation
  • AWS OpsWorks (Correct)

Answer : AWS OpsWorks

A customer is hosting their company website on a cluster of web servers that are behind a public-facing load balancer. The customer also uses Amazon Route 53 to manage their public DNS. How should the customer configure the DNS zone apex record to point to the load balancer?


Options are :

  • Create an A record pointing to the IP address of the load balancer
  • Create a CNAME record pointing to the load balancer DNS name.
  • Create an alias for CNAME record to the load balancer DNS name.
  • Create an A record aliased to the load balancer DNS name (Correct)

Answer : Create an A record aliased to the load balancer DNS name