AWS SAP-C00 Certified Solution Architect Professional Exam Set 2

A user authenticating with Amazon Cognito will go through a multi-step process to bootstrap their credentials. Amazon Cognito has two different flows for authentication with public providers. Which of the following are the two flows?


Options are :

  • Public and private
  • Enhanced and basic (Correct)
  • Single step and multistep
  • Authentication and non-authenticated

Answer : Enhanced and basic

If no explicity deny is found while applying IAM‘s Policy Evaluation Logic, the enforcement code looks for any instructions that would apply to the request.


Options are :

  • ?suspend?
  • ?valid?
  • ?cancel?
  • ?allow? (Correct)

Answer : ?allow?

An organization has 4 people in the IT operations team who are responsible to manage the AWS infrastructure. The organization wants to setup that each user will have access to launch and manage an instance in a zone which the other user can not modify . Which of the below mentioned options is the best solution to set this up?


Options are :

  • Create four AWS accounts and give each user access to separate account.
  • Create an IAM user and allow them permission to launch an instance of a different sizes only.
  • Create a VPC with four subnets and allow access to each subnet for the individual IAM user (Correct)
  • Create four IAM users and four VPCs and allow each IAM user to have access to separate VPCs.

Answer : Create a VPC with four subnets and allow access to each subnet for the individual IAM user

An organization is planning to host an application on the AWS VPC. The organization wants dedicated instances. However, an AWS consultant advised the organization not to use dedicated instances with VPC as the design has a few limitation of dedicated instances with VPC?


Options are :

  • It does not support the AWS RDS with a dedicated tenancy VPC.
  • Al instances launched with this VPC will always be dedicated instances and the user can not use a default tenancy model for them.
  • The user can not use Reserved Instances with a dedicated tenancy model. (Correct)
  • The EBS volume will not be on the same tenant hardware as the EC2 instance though the user has configured dedicated tenancy.

Answer : The user can not use Reserved Instances with a dedicated tenancy model.

The Principal element of an IAM policy refers to the specify entity that should be allowed or defined permission, where as the translates to every one expect the specified entity.


Options are :

  • Not Principal (Correct)
  • Vendor
  • Action
  • Principal

Answer : Not Principal

You want to define permissions for a role in an IAM policy. Which of the following configuration formats should you use?


Options are :

  • A JSON document written in Language of your choice
  • An XML document written in a Language of your choice
  • A JSON document written in the IAM Policy Language (Correct)
  • An XML document written in the IAM Policy Language

Answer : A JSON document written in the IAM Policy Language

In Amazon IAM, what is the maximum length for a role name?


Options are :

  • 512 characters
  • 128 characters
  • 256 characters
  • 64 characters (Correct)

Answer : 64 characters

A user has created a My SQL RDS instance with PIOPS. Which of the below mentioned statements will help user understand the advantage of PIOPS?


Options are :

  • It provides a dedicated network bandwidth between EBS and RDS
  • The user can achieve additional dedicated capacity for the EBS I/O with an enhanced RDS option
  • It uses a standard EBS volume with optimized configuration the stacks
  • It uses a optimized EBS volume with optimized configuration the stacks (Correct)

Answer : It uses a optimized EBS volume with optimized configuration the stacks

An organization is planning to host a word press blog as well a jomal CMS on a single instance launched with VP The organization wants to have separate domains for each application and assign them using Route 53. The organization may have about ten instances each with two applications mentioned above. While launching the instance, the organization configured two separate network interfaces (primary +ENI) and wanted to have two elastic IPs for that instance. It was suggested to use a public IP from AWS instead of an elastic IPs as the number of elastic IPs is restricted. What action will you recommend to the organization?


Options are :

  • I do not agree as AWS VPC does not attack a public IP to an ENI; so the user has to use only an elastic IP only.
  • I do not agree as it required to have only an elastic IP since an instance has more than one ENI and AWS does not assign a public IP to an instance with multiple ENIs. (Correct)
  • I agree with the suggestion but will prefer that the organization should use separate subnets with each ENI for different public IPs.
  • I agree with the suggestion and it is recommended to use public IP from AWS since the organization is going to use DNS with route 53.

Answer : I do not agree as it required to have only an elastic IP since an instance has more than one ENI and AWS does not assign a public IP to an instance with multiple ENIs.

A user is planning to host a web server as well as an app server on a single EC2 instance which is a part of the public subnet of a VP How can the user setup to have two separate public IP and separate security groups for both the application as well as the web server?


Options are :

  • Launch a VPC with ELB such that it redirects requests to separate VPC instances of the public subnet.
  • Launch a VPC instance with two network interfaces. Assign a separate security group to each and AWS will assign a separate public IP to them. (Correct)
  • Launch VPC with two separate subnets and make the instance a part of the both the subnets.
  • Launch a VPC instance with to two network interfaces. Assign a separate security group and elastic IP to them.

Answer : Launch a VPC instance with two network interfaces. Assign a separate security group to each and AWS will assign a separate public IP to them.

How many cg1.4xlarge on-demand instances can a user run in one region without taking any limit increase approval from AWS?


Options are :

  • 20
  • 10
  • 5
  • 2 (Correct)

Answer : 2

23.V|ap My Site is setting up a web application in the AWS VPC. The organization has dedicated to use an AWS RDS instead of using its own DB instance for HA and DR requirements. The organization also wants to secure RDS access. How should the web application be setup with RDS?


Options are :

  • Create a network interface and attach two subnets to it. Attach that network interface with RDS while launching a DB instance.
  • Create two separate VPCs and launch a web app in one VPC and RDS in a separate VPC and connect them with VPC peering.
  • Create a VPC with one public and one private subnet. Launch an application instance in the public subnet while RDS is launched in the private subnet.
  • Setup a public and two private subnet in different AZs with in a VPC and create a subnet group. Launch RDS with that subnet group. (Correct)

Answer : Setup a public and two private subnet in different AZs with in a VPC and create a subnet group. Launch RDS with that subnet group.

A user is configuring My SQL RDS with PIOPS. What should be the minimum size of DB storage provided by the user?


Options are :

  • 1 TB
  • 50 GB
  • 5 GB
  • 100 GB (Correct)

Answer : 100 GB

A customer has a website which shows all the deals available across the market. The site experiences a load of 5 large EC2 instances generally. However, a week before Thanks Mng vacation they encounter a load of almost 20 large instances. The load during that period varies over the day based on the office timings. Which of the below mentioned solutions is cost effective as well as help the website achieve better performance?


Options are :

  • Setup to run 10 instances during the pre-vacation period and only scale up during the office time by launching 10 more instances using the Auto Scaling schedule.
  • During the pre-vacation period setup 20 instances to run continuously.
  • Keep only 10 instances running and manual y launch 10 instances every day during office hours.
  • During the pre-vacation period setup a scenario where the organization has 15 instances running and 5 instances to scale up and down using Auto Scaling based on the network I/O policy. (Correct)

Answer : During the pre-vacation period setup a scenario where the organization has 15 instances running and 5 instances to scale up and down using Auto Scaling based on the network I/O policy.

An organization is setting a website on the AWS VPC. The organization has blocked a few IPs to avoid a D-DOS attack. How can the organization configure that a request from the above mentined IPs does not access the application instances?


Options are :

  • Create an IAM policy for VPC which a condition to disallow traffic from that IP address.
  • Configure an ACL at the subnet which denies the traffic from that IP address. (Correct)
  • Configure the security group with the EC2 instance which denies access from that IP address.
  • Configure a security group at the subnet level which denies traffic from the selected IP.

Answer : Configure an ACL at the subnet which denies the traffic from that IP address.

Does an AWS Direct Connect location provides access to Amazon Web Service in the region it is associated with as well as access to other US regions?


Options are :

  • Yes, it provides access but only when there‘s just one Availability Zone in the region.
  • No, it provides access only to the US regions other than the region it is associated with.
  • No, it provides access only to the region it is associated with
  • Yes, it provides access. (Correct)

Answer : Yes, it provides access.

You have subscribed to the AWS Business and Enterprise support plan. Your business has a backing of problems, and you need about 20 of your IAM users to open technical support cases. How many users can open technical support cases under the AWS Business and Enterprise support plan?


Options are :

  • 5 users
  • 10 users
  • Unlimited (Correct)
  • 1 user

Answer : Unlimited

How much memory does the cr1.8xlarge instance type provide?


Options are :

  • 244 GB (Correct)
  • 184 GB
  • 124 GB
  • 224 GB

Answer : 244 GB

Which of the following is the Amazon Resource Name (ARN) condition operator that can be used with in an identity and Access Management (IAM) policy to check the case-insensitive matching of the ARN?


Options are :

  • Arn Case
  • Arn Match
  • ArnLike (Correct)
  • Arn Check

Answer : ArnLike

An organization is setting up a backup and restore system in AWS of their in premises system. The organization needs High Availability (HA) and Disaster Recovery (DR) but is okay to have a longer recovery time to save costs. Which of the below mentioned setup options helps achieve the objective of cost saving as well as DR in the most effective way?


Options are :

  • Setup pre-configured sewers and create AMIs..Use EIP and Route 53 TO quickly switch over to AWS from in premise.
  • Setup the backup data on S3 and transfer data to S3 regularly using the storage gateway. (Correct)
  • Replicate on premise DB to EC2 at regular intervals and setup a scenario similar to the pilot light.
  • Setup a small instance with AutoScaling; in case of DR start diverting all the load to AWS from on premise.

Answer : Setup the backup data on S3 and transfer data to S3 regularly using the storage gateway.

In a VPC, can you modify a set DHCP options after you create them?


Options are :

  • Yes, you can modify a set of DHCP options with in 24 hours after creation.
  • Yes, you can modify a set of DHCP options any time after you create them
  • No, you can‘t modify a set DHCP options after you create them. (Correct)
  • Yes, you can modify a set DHCP options with in 48 hours after creation and there are no VPCs associated with them.

Answer : No, you can‘t modify a set DHCP options after you create them.

When using string conditions with in IAM, short versions of the available comparators can be used instead of the more verbose ones. String is the short version of the string condition.


Options are :

  • StringEqualslgnoreCase (Correct)
  • StringLikeStringEquals
  • StringNotEqualslgnoreCase
  • StringNotEquals

Answer : StringEqualslgnoreCase

What feature of the load balancing service attempts to force subsequent connections to a service to be redirected to the same node as long as it is online?


Options are :

  • Node balance
  • Session retention
  • Session persistence (Correct)
  • Session multiplexing

Answer : Session persistence

What is the maximum length for an instance profile name in AWS IAM?


Options are :

  • 64 characters
  • 512 characters
  • 1024 characters
  • 128 characters (Correct)

Answer : 128 characters

An organization has created 5 IAM users. The organization wants to give them the same login ID but different passwords. How can the organization achieve this?


Options are :

  • The organization should create each user in a separate region so that they have their own URL to login
  • The organization should create a separate login ID but give the IAM users the same alias so that each one can login with their alias
  • It is not possible to have the same login ID for multiple IAM users of the same account (Correct)
  • The organization should create various groups and add each user with the same login ID to different groups. The user can login with their own group ID

Answer : It is not possible to have the same login ID for multiple IAM users of the same account

What RAID method is used on the Cloud Block Storage back-end to implement a very high level of reliability and performance?


Options are :

  • RAID 10 (Blocks mirrored and striped) (Correct)
  • RAID 2 (Bit level striping)
  • RAID 5 (Blocks striped, distributed parity)
  • RAID 1

Answer : RAID 10 (Blocks mirrored and striped)

A user is trying to create a vault in AWS Glacier. The user wants to enable notifications. In which of the below mentioned options can the user enable the notifications from the AWS console?


Options are :

  • Vault Inventory Retrieval Job Complete (Correct)
  • Glacier does not support the AWS console
  • Vault Upload Complete
  • Archival Upload Complete

Answer : Vault Inventory Retrieval Job Complete

Which of the following can not be done using AWS Data Pipeline?


Options are :

  • Create complex data processing workloads that are fault tolerant, repeatable, and highly available.
  • Generate reports over data that has been stored. (Correct)
  • Move data between different AWS compute and storage services as well as onpremise data source at specified intervals
  • Regularly access your data where it‘s stored, transform and process it at scale, and efficiently transfer the results to another AWS service.

Answer : Generate reports over data that has been stored.

An organization is undergoing a security audit. The auditor wants to view the AWS VPC configuration as the organization has hosted all the applications in the AWS VPC. The auditor is from a remote place and wants to have access to AWS to view all the VPC records. How can the organization meet the expectations of the auditor with out compromising on the security of their AWS infrastructure?


Options are :

  • The organization should create an IAM user with VPC full access but set a condition that will not allow to modify anything if the request is from any IP other than the organization‘s data center.
  • The organization should not accept the request as sharing the credentials means compromising on security.
  • Create an IAM role which will have read only access to all EC2 services including VPC and assign that role to the auditor (Correct)
  • Create an IAM user who will have read only access to the AWS VPC and share those credentials with the auditor

Answer : Create an IAM role which will have read only access to all EC2 services including VPC and assign that role to the auditor

The CFO of a company wants to allow one of his employees to view only the AWS usage report page. Which of the below mentioned IAM policy statements allows the user to have access to the AWS usage report page?


Options are :

  • ?Effect?:?Allow?, ?Action?:[?Describe?], ?Resource?:?Billing?
  • ?Effect?:?Allow?, ?Action?:[?aws-portal: View Usage?], ?Resource?:?*? (Correct)
  • ?Effect?:?Allow?, ?Action?:[?Account Usage?], ?Resource?:?*?
  • ?Effect?:?Allow?, ?Action?:[?aws- portal: View Billing?], ?Resource?:?*?

Answer : ?Effect?:?Allow?, ?Action?:[?aws-portal: View Usage?], ?Resource?:?*?

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions