aiotestking uk

AWS-Solution-Architect-Associate Exam Questions - Online Test


AWS-Solution-Architect-Associate Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. You require the ability to analyze a large amount of data, which is stored on Amazon 53 using Amazon Elastic Map Reduce. You are using the cc2 8x large Instance type, whose CPUs are mostly idle during processing. Which of the below would be the most cost efficient way to reduce the runtime of the job?

A. Create more smaller flies on Amazon 53.

B. Add additional cc2 8x large instances by introducing a task group.

C. Use smaller instances that have higher aggregate 1/0 performance.

D. Create fewer, larger fi les on Amazon 53. 

Answer: C

Q2. While creating an Amazon RDS DB, your first task is to set up a DB that controls which IP address or EC2 instance can access your DB Instance.

A. security token pool

B. security token

C. security pool

D. security group 

Answer: D

Explanation:

While creating an Amazon RDS DB, your first task is to set up a DB Security Group that controls what IP addresses or EC2 instances have access to your DB Instance.

Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithSecurityGroups.html

Q3. While creating a network in the VPC, which of the following is true of a NAT device?

A. You have to administer the NAT Gateway Service provided by AWS.

B. You can choose to use any of the three kinds of NAT devices offered by AWS for special purposes.

C. You can use a NAT device to enable instances in a private subnet to connect to the Internet.

D. You are recommended to use AWS NAT instances over NAT gateways, as the instances provide better availability and bandwidth.

Answer:

Explanation:

You can use a NAT device to enable instances in a private subnet to connect to the Internet (for example, for software updates) or other AWS services, but prevent the Internet from initiating connections with the instances. AWS offers two kinds of NAT devices u a NAT gateway or a NAT instance. We recommend NAT gateways, as they provide better availability and bandwidth over NAT instances. The NAT Gateway service is also a managed service that does not require your administration efforts. A NAT instance is launched from a NAT AM. You can choose to use a NAT instance for special purposes.

Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat.html

Q4. True or False: In Amazon Route 53, you can create a hosted zone for a top-level domain (TLD).

A. FALSE

B. False, Amazon Route 53 automatically creates it for you.

C. True, only if you send an XML document with a CreateHostedZoneRequest element for TLD.

D. TRUE

Answer: A

Explanation:

In Amazon Route 53, you cannot create a hosted zone for a top-level domain (TLD).

Reference:  http://docs.aws.amazon.com/Route53/latest/APIReference/API_CreateHostedZone.htmI

Q5. Amazon S3 allows you to set per-file permissions to grant read and/or write access. However you have decided that you want an entire bucket with 100 files already in it to be accessible to the public. You don't want to go through 100 files indMdually and set permissions. What would be the best way to do this?

A. Move the bucket to a new region

B. Add a bucket policy to the bucket.

C. Move the files to a new bucket.

D. Use Amazon EBS instead of S3 

Answer: B

Explanation:

Amazon S3 supports several mechanisms that give you filexibility to control who can access your data as well as how, when, and where they can access it. Amazon S3 provides four different access control mechanisms: AWS Identity and Access Management (IAM) policies, Access Control Lists (ACLs), bucket policies, and query string authentication. IAM enables organizations to create and manage multiple users under a single AWS account. With IAM policies, you can grant IAM users fine-grained control to your Amazon S3 bucket or objects. You can use ACLs to selectively add (grant) certain permissions on indMdual objects.

Amazon S3 bucket policies can be used to add or deny permissions across some or all of the objects within a single bucket.

With Query string authentication, you have the ability to share Amazon S3 objects through URLs that are

valid for a specified period of time.

Reference: http://aws.amazon.com/s3/detai|s/#security

Q6. In the context of AWS support, why must an EC2 instance be unreachable for 20 minutes rather than allowing customers to open tickets immediately?

A. Because most reachability issues are resolved by automated processes in less than 20 minutes

B. Because all EC2 instances are unreachable for 20 minutes every day when AWS does routine maintenance

C. Because all EC2 instances are unreachable for 20 minutes when first launched

D. Because of all the reasons listed here 

Answer: A

Explanation:

An EC2 instance must be unreachable for 20 minutes before opening a ticket, because most reachability issues are resolved by automated processes in less than 20 minutes and will not require any action on the part of the customer. If the instance is still unreachable after this time frame has passed, then you should open a case with support.

Reference: https://aws.amazon.com/premiumsupport/faqs/

Q7. A customer enquires about whether all his data is secure on AWS and is especially concerned about Elastic Map Reduce (EMR) so you need to inform him of some of the security features in place for AWS. Which of the below statements would be an incorrect response to your customers enquiry?

A. Amazon ENIR customers can choose to send data to Amazon S3 using the HTTPS protocol for secure transmission.

B. Amazon S3 provides authentication mechanisms to ensure that stored data is secured against unauthorized access.

C. Every packet sent in the AWS network uses Internet Protocol Security (IPsec).

D. Customers may encrypt the input data before they upload it to Amazon S3.

Answer: C

Explanation:

Amazon S3 provides authentication mechanisms to ensure that stored data is secured against unauthorized access. Unless the customer who is uploading the data specifies otherwise, only that customer can access the data. Amazon EMR customers can also choose to send data to Amazon S3

using the HTTPS protocol for secure transmission. In addition, Amazon EMR always uses HTTPS to send data between Amazon S3 and Amazon EC2. For added security, customers may encrypt the input data before they upload it to Amazon S3 (using any common data compression tool); they then need to add a decryption step to the beginning of their cluster when Amazon EMR fetches the data from Amazon S3. Reference: https://aws.amazon.com/elasticmapreduce/faqs/

Q8. You are architecting a highly-scalable and reliable web application which will have a huge amount of content .You have decided to use Cloudfront as you know it will speed up distribution of your static and dynamic web content and know that Amazon C|oudFront integrates with Amazon CIoudWatch metrics so that you can monitor your web application. Because you live in Sydney you have chosen the the Asia Pacific (Sydney) region in the AWS console. However you have set up this up but no CIoudFront metrics seem to be appearing in the CIoudWatch console. What is the most likely reason from the possible  choices below for this?

A. Metrics for CIoudWatch are available only when you choose the same region as the application you are

monitoring.

B. You need to pay for CIoudWatch for it to become active.

C. Metrics for CIoudWatch are available only when you choose the US East (N. Virginia)

D. Metrics for CIoudWatch are not available for the Asia Pacific region as yet. 

Answer: C

Explanation:

CIoudFront is a global service, and metrics are available only when you choose the US East (N. Virginia) region in the AWS console. If you choose another region, no CIoudFront metrics will appear in the CIoudWatch console.

Reference:

http://docs.aws.amazon.com/AmazonCIoudFront/latest/Deve|operGuide/monitoring-using-cloudwatch.ht ml

Q9. What does Amazon Elastic Beanstalk provide?

A. A scalable storage appliance on top of Amazon Web Services.

B. An application container on top of Amazon Web Services.

C. A service by this name doesn't exist.

D. A scalable cluster of EC2 instances. 

Answer: B

Q10. By default, EBS volumes that are created and attached t o an instance at launch are deleted when t hat instance is terminated. You can modify this behavior by changing the value of the flag _ to false when you launch the instance

A. Delete On Termination

B. Remove On Deletion

C. Remove On Termination

D. Terminate On Deletion

Answer: A