aiotestking uk

AWS-Solution-Architect-Associate Exam Questions - Online Test


AWS-Solution-Architect-Associate Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. Your manager has just given you access to multiple VPN connections that someone else has recently set up between all your company's offices. She needs you to make sure that the communication between the VPNs is secure. Which of the following services would be best for providing a low-cost hub-and-spoke model for primary or backup connectMty between these remote offices?

A. Amazon C|oudFront

B. AWS Direct Connect

C. AWS C|oudHSM

D. AWS VPN CIoudHub 

Answer: D

Explanation:

If you have multiple VPN connections, you can provide secure communication between sites using the

AWS VPN CIoudHub. The VPN CIoudHub operates on a simple hub-and-spoke model that you can use with or without a VPC. This design is suitable for customers with multiple branch offices and existing Internet connections who would like to implement a convenient, potentially low-cost hub-and-spoke model for primary or backup connectMty between these remote offices.

Reference:  http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPN_CIoudHub.htmI

Q2. In Route 53, what does a Hosted Zone refer to?

A. A hosted zone is a collection of geographical load balancing rules for Route 53.

B. A hosted zone is a collection of resource record sets hosted by Route 53.

C. A hosted zone is a selection of specific resource record sets hosted by CIoudFront for distribution to Route 53.

D. A hosted zone is the Edge Location that hosts the Route 53 records for a user. 

Answer: B

Explanation:

A Hosted Zone refers to a selection of resource record sets hosted by Route 53.

Reference:  http://docs.aws.amazon.com/Route53/Iatest/DeveIoperGuide/AboutHostedZones.html

Q3. You are designing an intrusion detection prevention (IDS/IPS) solution for a customer web application in a single VPC. You are considering the options for implementing IOS IPS protection for traffic coming from the Internet.

Which of the following options would you consider? (Choose 2 answers)

A. Implement IDS/IPS agents on each Instance running In VPC

B. Configure an instance in each subnet to switch its network interface card to promiscuous mode and analyze network traffic.

C. Implement Elastic Load Balancing with SSL listeners In front of the web applications

D. Implement a reverse proxy layer in front of web servers and configure IDS/ IPS agents on each reverse proxy server.

Answer: B, D

Q4. What is a placement group in Amazon EC2?

A. It is a group of EC2 instances within a single Availability Zone.

B. It the edge location of your web content.

C. It is the AWS region where you run the EC2 instance of your web content.

D. It is a group used to span multiple Availability Zones. 

Answer: A

Explanation:

A placement group is a logical grouping of instances within a single Availability Zone. Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html

Q5. Your firm has uploaded a large amount of aerial image data to 53 In the past, in your on-premises environment, you used a dedicated group of servers to oaten process this data and used Rabbit MOAn open source messaging system to get job information to the servers. Once processed the data would go  to tape and be shipped offsite. Your manager told you to stay with the current design, and leverage AWS archival storage and messaging services to minimize cost. Which is correct?

A. Use SOS for passing job messages use Cloud Watch alarms to terminate EC2 worker instances when they become idle. Once data is processed, change the storage class of the 53 objects to Reduced Redundancy Storage.

B. Setup Auto-Scaled workers triggered by queue depth that use spot instances to process messages in SOS Once data is processed,

C. Change the storage class of the 53 objects to Reduced Redundancy Storage. Setup Auto-Scaled workers triggered by queue depth that use spot instances to process messages in SOS Once data is processed, change the storage class of the 53 objects to Glacier.

D. Use SNS to pass job messages use Cloud Watch alarms to terminate spot worker instances when they become idle. Once data is processed, change the storage class of the 53 object to Glacier.

Answer: D

Q6. Your EBS volumes do not seem to be performing as expected and your team leader has requested you look into improving their performance. Which of the following is not a true statement relating to the performance of your EBS volumes?

A. Frequent snapshots provide a higher level of data durability and they will not degrade the performance of your application while the snapshot is in progress.

B. General Purpose (SSD) and Provisioned IOPS (SSD) volumes have a throughput limit of 128 MB/s per volume.

C. There is a relationship between the maximum performance of your EBS volumes, the amount of I/O you are drMng to them, and the amount of time it takes for each transaction to complete.

D. There is a 5 to 50 percent reduction in IOPS when you first access each block of data on a newly created or restored EBS volume

Answer:

Explanation:

Several factors can affect the performance of Amazon EBS volumes, such as instance configuration, I/O characteristics, workload demand, and storage configuration.

Frequent snapshots provide a higher level of data durability, but they may slightly degrade the

performance of your application while the snapshot is in progress. This trade off becomes critical when you have data that changes rapidly. Whenever possible, plan for snapshots to occur during off-peak times in order to minimize workload impact.

Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSPerformance.htmI

Q7. Your fortune 500 company has under taken a TCO analysis evaluating the use of Amazon 53 versus acquiring more hardware The outcome was that ail employees would be granted access to use Amazon 53 for storage of their personal documents.

Which of the following will you need to consider so you can set up a solution that incorporates single sign-on from your corporate AD or LDAP directory and restricts access for each user to a designated user folder in a bucket? (Choose 3 Answers)

A. Setting up a federation proxy or identity provider

B. Using AWS Security Token Service to generate temporary tokens

C. Tagging each folder in the bucket

D. Configuring IAM role

E. Setting up a matching IAM user for every user in your corporate directory that needs access to a folder in the bucket

Answer: A, B, D

Q8. What is the default maximum number of MFA devices in use per AWS account (at the root account level)?

A. 1

B. 5

C. 15

D. 10

Answer: A

Q9. Amazon RDS automated backups and DB Snapshots are currently supported for only the _ _ storage engine

A. InnoDB

B. MyISAM

Answer: A

Q10. After an Amazon VPC instance is launched, can I change the VPC security groups it belongs to?

A. Only if the tag "VPC_Change_Group" is true

B. Yes. You can.

C. No. You cannot.

D. Only if the tag "VPC Change Group" is true 

Answer: B