Q1. In relation to Amazon SQS, how many queues and messages can you have per queue for each user?
A. Unlimited
B. 10
C. 256
D. 500
Answer: A
Explanation:
Amazon SQS supports an unlimited number of queues and unlimited number of messages per queue for each user. Please be aware that Amazon SQS automatically deletes messages that have been in the queue for more than 4 days.
Reference: https://aws.amazon.com/items/1343?externaIID=1343
Q2. An orgAMzation has enabled a strict password policy for its IAM users. The orgAMzation is taking help from the IAM console to set the password policy. Which of the below mentioned rules cannot be specified by the user as a part of the policy?
A. Allow at least one lower case letter
B. Allow at least one number
C. Allow at least one non-alphanumeric character
D. Do not allow the user to use the password from the last three passwords
Answer: D
Explanation:
AWS IAM allows an orgAMzation to create multiple users and provide them access to various AWS services. By default when the user is created, he does not have password enabled and can not login to AWS console. If the orgAMzation wants to allow the users to login to AWS console, they can enable password for each user. It is required that IAM users follow certain guidelines to set their IAM login password. For this IAM provides root account owner to setup passwrod policy. The password policy also lets the specify whether all IAM users can change their own passwords. As part of policy, orgAMzation can specify that passwords for IAM users must be of a certain minimum length, must include certain characters, and a few more criteria such as below.
One upper/ lower or both letters One alpha numeric
One number
Reference: http://docs.aws.amazon.com/|AM/Iatest/UserGuide/Using_ManagingPasswordPoIicies.htm|
Q3. A user is planning to host a mobile game on EC2 which sends notifications to active users on either high score or the addition of new features. The user should get this notification when he is online on his mobile device. Which of the below mentioned AWS services can help achieve this functionality?
A. AWS Simple Notification Service.
B. AWS Simple Queue Service.
C. AWS Mobile Communication Service.
D. AWS Simple Email Service.
Answer: A
Explanation:
Amazon Simple Notification Service (Amazon SNS) is a fast, filexible, and fully managed push messaging service. Amazon SNS makes it simple and cost-effective to push to mobile devices, such as iPhone, iPad, Android, Kindle Fire, and internet connected smart devices, as well as pushing to other distributed services.
Reference: http://aws.amazon.com/sns
Q4. ExamKiIIer (with AWS account ID H1122223333) has created 50 IAM users for its orgAMzation’s employees. ExamKiIIer wants to make the AWS console login URL for all IAM users as: https:// examkiI|er.signin.aws.amazon.com/conso|e/. How can this be configured?
A. Create a bucket with the name ExamKiI|er and map it with the IAM alias
B. It is not possible to have capital letters as a part of the alias name
C. The user needs to use Route 53 to map the ExamKiIIer domain and IAM URL
D. For the AWS account, create an alias ExamKiIIer for the IAM login
Answer: B
Explanation:
If a user wants the URL of the AWS IAM sign-in page to have the company name instead of the AWS
account ID, he can create an alias for his AWS account ID. The alias must be unique across all Amazon Webservices products and contain only digits, lowercase letters, and hyphens.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAIias.html
Q5. A user has enabled the automated backup, but not specified the backup window. What will RDS do in this case?
A. Will throw an error on instance launch
B. RDS will take 3 AM — 3:30 AM as the default window
C. RDS assigns a random time period based on the region
D. Will not allow to launch a DB instance
Answer: C
Explanation:
If the user does not specify a preferred backup window while enabling an automated backup, Amazon RDS assigns a default 30-minute backup window which is selected at random from an 8-hour block of
time per region. Reference:
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.BackingUpAndRestoringAmazonR DSInstances.htmI
Q6. An online gaming site asked you if you can deploy a database that is a fast, highly scalable NoSQL database service in AWS for a new site that he wants to build. Which database should you recommend?
A. Amazon Redshift
B. Amazon SimpIeDB
C. Amazon DynamoDB
D. Amazon RDS
Answer: C
Explanation:
Amazon DynamoDB is ideal for database applications that require very low latency and predictable performance at any scale but don’t need complex querying capabilities like joins or transactions. Amazon DynamoDB is a fully-managed NoSQL database service that offers high performance, predictable throughput and low cost. It is easy to set up, operate, and scale.
With Amazon DynamoDB, you can start small, specify the throughput and storage you need, and easily scale your capacity requirements on the fly. Amazon DynamoDB automatically partitions data over a
number of servers to meet your request capacity. In addition, DynamoDB automatically replicates your data synchronously across multiple Availability Zones within an AWS Region to ensure high-availability and data durability.
Reference: https://aws.amazon.com/running_databases/#dynamodb_anchor
Q7. Which one of the following data types does Amazon DynamoDB not support?
A. Arrays
B. String
C. Binary
D. Number Set
Answer: A
Explanation:
Amazon DynamoDB supports the following data types: Scalar data types (like Number, String, and Binary)
Multi-valued types (like String Set, Number Set, and Binary Set). Reference:
http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/DataModeI.htmI#DataModeI.Data Types
Q8. A user is enabling logging on a particular bucket. Which of the below mentioned options may be best suitable to allow access to the log bucket?
A. Create an IAM policy and allow log access
B. It is not possible to enable logging on the S3 bucket
C. Create an IAM Role which has access to the log bucket
D. Provide ACL for the logging group
Answer: D
Explanation:
The only recommended use case for the S3 bucket ACL is to grant the write permission to the Amazon S3 Log Delivery group to write access log objects to the user’s bucket.
Reference: http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-alternatives-guidelines.html
Q9. A root account owner is trying to setup an additional level of security for all his IAM users. Which of the below mentioned options is a recommended solution for the account owner?
A. Enable access key and secret access key for all the IAM users
B. Enable MFA for all IAM users
C. Enable the password for all the IAM users
D. Enable MFA for the root account
Answer: B
Explanation:
Multi-Factor Authentication adds an extra level of security for all the users. The user can enable MFA for all IAM users which ensures that each user has to provide an extra six digit code for authentication. Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingMFA.htmI
Q10. A user had defined an IAM policy similar to the one given below on a bucket:
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "A||ow",
"PrincipaI": {
"AWS": "arn:aws:iam::12112112:user/test"
}!
"Action": [ "s3:GetBucketLocation", "s3:ListBucket", "s3:GetObject"
]!
"Resource": [ "arn:aws:s3:::examkiI|er"
}
}
What will this do?
A. It will result in an error saying invalid policy statement
B. It will create an IAM policy for the user test
C. Allows the user test of the AWS account ID 12112112 to perform GetBucketLocation, ListBucket and GetObject on the bucket examkiller
D. It will allow all the IAM users of the account ID 12112112 to perform GetBucketLocation, ListBucket and GetObject on bucket examkiller
Answer: C
Explanation:
The IAM policy allows to test a user in the account 12112112 to perform: s3:GetBucketLocation
s3:ListBucket s3:GetObject
Amazon S3 permissions on the examkiller bucket.
Reference: http://docs.aws.amazon.com/AmazonS3/Iatest/dev/access-policy-language-overview.html