Q1. ExamKiIIer (with AWS account ID H1122223333) has created 50 IAM users for its orgAMzation’s employees. ExamKiIIer wants to make the AWS console login URL for all IAM users as: https:// examkiI|er.signin.aws.amazon.com/conso|e/. How can this be configured?
A. Create a bucket with the name ExamKiI|er and map it with the IAM alias
B. It is not possible to have capital letters as a part of the alias name
C. The user needs to use Route 53 to map the ExamKiIIer domain and IAM URL
D. For the AWS account, create an alias ExamKiIIer for the IAM login
Answer: B
Explanation:
If a user wants the URL of the AWS IAM sign-in page to have the company name instead of the AWS
account ID, he can create an alias for his AWS account ID. The alias must be unique across all Amazon Webservices products and contain only digits, lowercase letters, and hyphens.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAIias.html
Q2. A user is trying to share a video file with all his friends. Which of the below mentioned AWS services will be cheapest and easy to use?
A. AWS S3
B. AWS EC2
C. AWS RRS
D. AWS Glacier
Answer: C
Explanation:
AWS RRS provides the same functionality as AWS S3, but at a cheaper rate. It is ideally suited for non mission critical applications. It provides less durability than S3, but is a cheaper option.
Reference: http://docs.aws.amazon.com/AmazonS3/Iatest/dev/UsingRRS.htmI
Q3. A user wants to access RDS from an EC2 instance using IP addresses. Both RDS and EC2 are in the same region, but different AZs. Which of the below mentioned options help configure that the instance is accessed faster?
A. Configure the Private IP of the Instance in RDS security group
B. Security group of EC2 allowed in the RDS security group
C. Configuring the elastic IP of the instance in RDS security group
D. Configure the Public IP of the instance in RDS security group
Answer: A
Explanation:
If the user is going to specify an IP range in RDS security group, AWS recommends using the private IP address of the Amazon EC2 instance. This provides a more direct network route from the Amazon EC2 instance to the Amazon RDS DB instance, and does not incur network charges for the data sent outside of the Amazon network.
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithSecurityGroups.html
Q4. A user is planning to host MS SQL on an EBS volume. It was recommended to use the AWS RDS. What advantages will the user have if he uses RDS in comparison to an EBS based DB?
A. Better throughput with PIOPS
B. Automated backup
C. NIS SQL is not supported with RDS
D. High availability with multi AZs
Answer: B
Explanation:
Comparing with on-premises or EC2 based NIS SQL, RDS provides an automated backup feature. PIOPS is available with both RDS and EBS. However, HA is not available with NIS SQL.
Reference: https://aws.amazon.com/rds/faqs/
Q5. A user is running a webserver on EC2. The user wants to receive the SMS when the EC2 instance utilization is above the threshold limit. Which AWS services should the user configure in this case?
A. AWS CIoudWatch + AWS SES.
B. AWS CIoudWatch + AWS SNS.
C. AWS CIoudWatch + AWS SQS.
D. AWS EC2 + AWS Cloudwatch.
Answer: B
Explanation:
Amazon SNS makes it simple and cost-effective to push to mobile devices, such as iPhone, iPad, Android, Kindle Fire, and internet connected smart devices, as well as pushing to other distributed services. In this case, the user can configure that Cloudwatch sends an alarm on when the threshold is crossed to SNS which will trigger an SMS.
Reference: http://aws.amazon.com/sns/
Q6. A user is configuring the HTTPS protocol on a front end ELB and the SSL protocol for the back-end listener in ELB. What will ELB do?
A. It will allow you to create the configuration, but the instance will not pass the health check
B. Receives requests on HTTPS and sends it to the back end instance on SSL
C. It will not allow you to create this configuration
D. It will allow you to create the configuration, but ELB will not work as expected
Answer: C
Explanation:
If a user is configuring HTTPS on the front end and TCP on the back end, ELB will not allow saving these listeners and will respond with the message.
"Load Balancer protocol is an application layer protocol, but instance protocol is not. Both the Load Balancer protocol and the instance protocol should be at the same layer. Please fix."
Reference:
http://docs.aws.amazon.com/EIasticLoadBaIancing/latest/DeveIoperGuide/elb-troubleshooting.htmI
Q7. An orgAMzation has hosted an application on the EC2 instances. There will be multiple users connecting to the instance for setup and configuration of application. The orgAMzation is planning to implement certain security best practices. Which of the below mentioned pointers will not help the orgAMzation achieve better security arrangement?
A. Apply the latest patch of OS and always keep it updated.
B. Allow only IAM users to connect with the EC2 instances with their own secret access key.
C. Disable the password based login for all the users. All the users should use their own keys to connect with the instance securely.
D. Create a procedure to revoke the access rights of the indMdual user when they are not required to connect to EC2 instance anymore for the purpose of application configuration.
Answer: B
Explanation:
Since AWS is a public cloud any application hosted on EC2 is prone to hacker attacks. It becomes extremely important for a user to setup a proper security mechAMsm on the EC2 instances. A few of the security measures are listed below:
Always keep the OS updated with the latest patch
Always create separate users with in OS if they need to connect with the EC2 instances, create their keys and disable their password
Create a procedure using which the admin can revoke the access of the user when the business work on the EC2 instance is completed
Lock down unnecessary ports
Audit any proprietary applications that the user may be running on the EC2 instance
Provide temporary escalated prMleges, such as sudo for users who need to perform occasional prMleged tasks
The IAM is useful when users are required to work with AWS resources and actions, such as launching an instance. It is not useful to connect (RDP / SSH) with an instance.
Reference: http://aws.amazon.com/articles/1233/
Q8. A user is using an EBS backed instance. Which of the below mentioned statements is true?
A. The user will be charged for volume and instance only when the instance is running
B. The user will be charged for the volume even if the instance is stopped
C. The user will be charged only for the instance running cost
D. The user will not be charged for the volume if the instance is stopped
Answer: B
Explanation:
If a user has launched an EBS backed instance, the user will be charged for the EBS volume even though the instance is in a stopped state. The instance will be charged for the EC2 hourly cost only when it is running.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-detaching-volume.html
Q9. Which of the below mentioned options is a must to have an element as a part of the IAM policy?
A. Condition
B. ID
C. Statement
D. Version
Answer: C
Explanation:
The statement is the main element of the IAM policy and it is a must for a policy. Elements such as condition, version and ID are not required.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/AccessPoIicyLanguage_EIementDescriptions.html
QUESTION: N0: 98
Which of the below mentioned commands allows the user to share the AMI with his peers using the AWS EC2 CLI?
A. ec2-share-image-public
B. ec2-share-image-account
C. ec2-share-image
D. ec2-modify-image-attribute
Q10. A user has not enabled versioning on an S3 bucket. What will be the version ID of the object inside that bucket?
A. 0
B. There will be no version attached
C. Null
D. Blank
Answer: C
Explanation:
S3 objects stored in the bucket before the user has set the versioning state have a version ID of null. When the user enables versioning, the objects in the bucket do not change and their ID remains null. Reference: http://docs.aws.amazon.com/AmazonS3/latest/dev/AddingObjectstoVersionSuspendedBuckets.htmI