Q1. - (Topic 3)
An AWS root account owner is trying to create a policy to access RDS. Which of the below mentioned
statements is true with respect to the above information?
A. Create a policy which allows the users to access RDS and apply it to the RDS instances
B. The user cannot access the RDS database if he is not assigned the correct IAM policy
C. The root account owner should create a policy for the IAM user and give him access to the RDS services
D. The policy should be created for the user and provide access for RDS
Answer: C
Explanation:
AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. If the account owner wants to create a policy for RDS, the owner has to create an IAM user and define the policy which entitles the IAM user with various RDS services such as Launch Instance, Manage security group, Manage parameter group etc.
Q2. - (Topic 2)
A user has setup a web application on EC2. The user is generating a log of the application performance at every second. There are multiple entries for each second. If the user wants to send that data to CloudWatch every minute, what should he do?
A. The user should send only the data of the 60th second as CloudWatch will map the receive data timezone with the sent data timezone
B. It is not possible to send the custom metric to CloudWatch every minute
C. Give CloudWatch the Min, Max, Sum, and SampleCount of a number of every minute
D. Calculate the average of one minute and send the data to CloudWatch
Answer: C
Explanation:
Amazon CloudWatch aggregates statistics according to the period length that the user has specified while getting data from CloudWatch. The user can publish as many data points as he wants with the same or similartime stamps. CloudWatch aggregates them by the period length when the user calls get statistics about those data points. CloudWatch records the average (sum of all items divided by the number of items. of the values received for every 1-minute period, as well as the number of samples, maximum value, and minimum value for the same time period. CloudWatch will aggregate all the data which have time stamps within a one-minute period.
Q3. - (Topic 1)
Which of the following are characteristics of Amazon VPC subnets?
Choose 2 answers
A. Each subnet maps to a single Availability Zone
B. A CIDR block mask of /25 is the smallest range supported
C. Instances in a private subnet can communicate with the internet only if they have an Elastic IP.
D. By default, all subnets can route between each other, whether they are private or public
E. V Each subnet spans at least 2 Availability zones to provide a high-availability environment
Answer: C,E
Q4. - (Topic 1)
You have decided to change the Instance type for instances running In your application tier that are using Auto Scaling.
In which area below would you change the instance type definition?
A. Auto Scaling launch configuration
B. Auto Scaling group
C. Auto Scaling policy
D. Auto Scaling tags
Answer: A
Explanation: Reference:
http://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/WhatIsAutoScaling.html
Q5. - (Topic 1)
An organization's security policy requires multiple copies of all critical data to be replicated across at least a primary and backup data center. The organization has decided to store some critical data on Amazon S3.
Which option should you implement to ensure this requirement is met?
A. Use the S3 copy API to replicate data between two S3 buckets in different regions
B. You do not need to implement anything since S3 data is automatically replicated between regions C. Use the S3 copy API to replicate data between two S3 buckets in different facilities within an AWS Region
D. You do not need to implement anything since S3 data is automatically replicated between multiple facilities within an AWS Region
Answer: D
Q6. - (Topic 1)
You have been asked to leverage Amazon VPC BC2 and SOS to implement an application that submits and receives millions of messages per second to a message queue. You want to ensure your application has sufficient bandwidth between your EC2 instances and SQS Which option will provide the most scalable solution for communicating between the application and SQS?
A. Ensure the application instances are properly configured with an Elastic Load Balancer
B. Ensure the application instances are launched in private subnets with the EBS-optimized option enabled
C. Ensure the application instances are launched in public subnets with the associate-public-IP-address=true option enabled
D. Launch application instances in private subnets with an Auto Scaling group and Auto Scaling triggers configured to watch the SQS queue size
Answer: B
Explanation: Reference:
http://www.cardinalpath.com/autoscaling-your-website-with-amazon-web-services-part-2/
Q7. - (Topic 1)
You are running a database on an EC2 instance, with the data stored on Elastic Block Store (EBS) for persistence At times throughout the day, you are seeing large variance in the response times of the database queries Looking into the instance with the isolate command you see a lot of wait time on the disk volume that the database's data is stored on.
What two ways can you improve the performance of the database's storage while maintaining the current persistence of the data?
Choose 2 answers
A. Move to an SSD backed instance
B. Move the database to an EBS-Optimized Instance
C. T Use Provisioned IOPs EBS
D. Use the ephemeral storage on an m2 4xiarge Instance Instead
Answer: A,B
Q8. - (Topic 3)
A user has created a VPC with the public and private subnets using the VPC wizard. The VPC has CIDR
20.0.0.0/16. The public subnet uses CIDR 20.0.1.0/24. The user is planning to host a web server in the public subnet (port 80. and a DB server in the private subnet (port 3306.. The user is configuring a security group for the public subnet (WebSecGrp. and the private subnet (DBSecGrp.. Which of the below mentioned entries is required in the web server security group (WebSecGrp.?
A. Configure Destination as DB Security group ID (DbSecGrp. for port 3306 Outbound
B. 80 for Destination 0.0.0.0/0 Outbound
C. Configure port 3306 for source 20.0.0.0/24 InBound
D. Configure port 80 InBound for source 20.0.0.0/16
Answer: A
Explanation:
A user can create a subnet with VPC and launch instances inside that subnet. If the user has created a public private subnet to host the web server and DB server respectively, the user should configure that the instances in the public subnet can receive inbound traffic directly from the internet. Thus, the user should configure port 80 with source 0.0.0.0/0 in InBound. The user should configure that the instance in the public subnet can send traffic to the private subnet instances on the DB port. Thus, the user should configure the DB Amazon AWS-SysOps : Practice Test
security group of the private subnet (DbSecGrp. as the destination for port 3306 in Outbound.
Q9. - (Topic 1)
When an EC2 instance that is backed by an S3-based AMI Is terminated, what happens to the data on me root volume?
A. Data is automatically saved as an E8S volume.
B. Data is automatically saved as an ESS snapshot.
C. Data is automatically deleted.
D. Data is unavailable until the instance is restarted.
Answer: C
Explanation: Reference:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ComponentsAMIs.html
Q10. - (Topic 2)
A root account owner has created an S3 bucket testmycloud. The account owner wants to allow everyone to upload the objects as well as enforce that the person who uploaded the object should manage the permission of those objects. Which is the easiest way to achieve this?
A. The root account owner should create a bucket policy which allows the IAM users to upload the object
B. The root account owner should create the bucket policy which allows the other account owners to set the object policy of that bucket
C. The root account should use ACL with the bucket to allow everyone to upload the object
D. The root account should create the IAM users and provide them the permission to upload content to the bucket
Answer: C
Explanation:
Each AWS S3 bucket and object has an ACL (Access Control List. associated with it. An ACL is a list of grants identifying the grantee and the permission granted. The user can use ACLs to grant basic read/write permissions to other AWS accounts. ACLs use an Amazon S3–specific XML schema. The user cannot grant permissions to other users in his account. ACLs are suitable for specific scenarios. For example, if a bucket owner allows other AWS accounts to upload objects, permissions to these objects can only be managed using the object ACL by the AWS account that owns the object.