AWS Certified Solutions Architect Associate - Mrt

Reviewed by Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By Iihtmarathahalli
I
Iihtmarathahalli
Community Contributor
Quizzes Created: 1 | Total Attempts: 264
| Attempts: 264
SettingsSettings
Please wait...
  • 1/60 Questions

    Which of the following can be accomplished through bootstrapping?

    • Install the most current security updates
    • Install the current version of the application
    • Configure Operating System (OS) services.
    • All of the above.
Please wait...
About This Quiz

This AWS Certified Solutions Architect Associate quiz assesses knowledge on Availability Zones, S3 replication, bootstrapping, Auto Scaling, and Amazon SWF. It prepares learners for certification, enhancing skills in cloud architecture and operational best practices.

AWS Certified Solutions Architect Associate - Mrt - Quiz

Quiz Preview

  • 2. 

    Each AWS region is composed of two or more locations that offer organizations the ability to operate production systems that are more highly available, fault tolerant, and scalable than would be possible using a single data center. What are these locations called? 

    • Availability Zones

    • Replication areas

    • Geographic districts

    • Compute centers

    Correct Answer
    A. Availability Zones
    Explanation
    Each AWS region is composed of multiple locations called Availability Zones. Availability Zones are isolated data centers within a region that are designed to be independent from each other in terms of power, cooling, and network connectivity. They are connected through low-latency links and provide fault tolerance and high availability for running production systems. By distributing resources across multiple Availability Zones, organizations can ensure that their systems remain operational even if there is a failure in one of the zones.

    Rate this question:

  • 3. 

    Which of the following describes a physical location around the world where AWS clusters data centers?

    • Endpoint

    • Collection

    • Fleet

    • Region

    Correct Answer
    A. Region
    Explanation
    A region in AWS refers to a physical location around the world where AWS clusters data centers. It is a geographical area that consists of multiple availability zones, each containing one or more data centers. Regions are completely independent and isolated from each other, allowing users to deploy resources in different regions to achieve high availability and fault tolerance.

    Rate this question:

  • 4. 

    Your team is building an order processing system that will span multiple Availability Zones. During testing, the team wanted to test how the application will react to a database failover. How can you enable this type of test?

    • Force a Multi-AZ failover from one Availability Zone to another by rebooting the primary instance using the Amazon RDS console

    • Terminate the DB instance, and create a new one. Update the connection string.

    • Create a support case asking for a failover.

    • It is not possible to test a failover.

    Correct Answer
    A. Force a Multi-AZ failover from one Availability Zone to another by rebooting the primary instance using the Amazon RDS console
    Explanation
    To enable a test for how the application will react to a database failover in a multi-Availability Zone setup, the team can force a Multi-AZ failover by rebooting the primary instance using the Amazon RDS console. This action will trigger the failover process, causing the primary instance to switch to a standby instance in another Availability Zone. By performing this test, the team can evaluate the application's resilience and ensure that it can handle a database failover smoothly.

    Rate this question:

  • 5. 

    Your company has 17TB of financial trading records that need to be stored for seven years by law. Experience has shown that any record more than a year old is unlikely to be accessed. Which of the following storage plans meets these needs in the most cost-efficient manner?

    • Store the data on Amazon Elastic Block Store (Amazon EBS) volume attached to t2. large instances.

    • Store the data on Amazon Simple Storage Service (Amazon S3) with lifecycle policies that change the storage class to Amazon Glacier after one year, and delete the object after seven years.

    • Store the data in Amazon DynamoDB, and delete data older than seven years.

    • Store the data in an Amazon Glacier Vault Lock.

    Correct Answer
    A. Store the data on Amazon Simple Storage Service (Amazon S3) with lifecycle policies that change the storage class to Amazon Glacier after one year, and delete the object after seven years.
    Explanation
    Storing the data on Amazon Simple Storage Service (Amazon S3) with lifecycle policies that change the storage class to Amazon Glacier after one year, and delete the object after seven years, is the most cost-efficient storage plan. This plan takes into account the fact that records older than a year are unlikely to be accessed, allowing for a lower-cost storage option like Amazon Glacier. Additionally, deleting the object after seven years ensures compliance with the legal requirement of storing the financial trading records for that duration.

    Rate this question:

  • 6. 

    Your security team is very concerned about the vulnerability of the IAM administrator user accounts (the accounts used to configure all IAM features and accounts). What steps can be taken to lock down these accounts? (Choose 3 answers)

    • Add multi-factor authentication (MFA) to the accounts

    • Limit logins to a particular U.S. state

    • Implement a password policy on the AWS account

    • Apply a source IP address condition to the policy that only grants permissions when the user is on the corporate network

    • Add a CAPTCHA test to the accounts

    Correct Answer(s)
    A. Add multi-factor authentication (MFA) to the accounts
    A. Implement a password policy on the AWS account
    A. Apply a source IP address condition to the policy that only grants permissions when the user is on the corporate network
    Explanation
    To lock down the IAM administrator user accounts, three steps can be taken. Firstly, adding multi-factor authentication (MFA) adds an extra layer of security by requiring additional verification beyond just a password. Secondly, implementing a password policy on the AWS account ensures that strong passwords are used, reducing the risk of unauthorized access. Lastly, applying a source IP address condition to the policy that only grants permissions when the user is on the corporate network further restricts access to the accounts, making them more secure.

    Rate this question:

  • 7. 

    Which of the following objects are good candidates to store in a cache? (Choose 3 answers)

    • Session state

    • Shopping cart

    • Product catalog

    • Bank account balance

    Correct Answer(s)
    A. Session state
    A. Shopping cart
    A. Product catalog
    Explanation
    Session state, shopping cart, and product catalog are good candidates to store in a cache because they are frequently accessed and their data does not change frequently. Caching these objects can help improve performance by reducing the need to retrieve the data from the original source every time it is requested. Additionally, caching can help reduce the load on the system and improve scalability. On the other hand, bank account balance is not a good candidate for caching as it is sensitive information that needs to be up-to-date and accurate at all times.

    Rate this question:

  • 8. 

    Which of the following are IAM security features? (Choose 2 answers)

    • Password policies

    • Amazon DynamoDB global secondary indexes

    • MFA

    • Consolidated Billing

    Correct Answer(s)
    A. Password policies
    A. MFA
    Explanation
    IAM (Identity and Access Management) is a service provided by Amazon Web Services (AWS) that allows users to manage access to their AWS resources. Password policies and MFA (Multi-Factor Authentication) are both IAM security features. Password policies help enforce strong password requirements and enhance the security of user accounts. MFA adds an extra layer of security by requiring users to provide additional authentication factors, such as a temporary code generated by a mobile app, in addition to their password. Consolidated Billing and Amazon DynamoDB global secondary indexes are not IAM security features, but rather different services or features provided by AWS.

    Rate this question:

  • 9. 

    You are a solutions architect working for a large travel company that is migrating its existing server estate to AWS. You have recommended that they use a custom Amazon VPC, and they have agreed to proceed. They will need a public subnet for their web servers and a private subnet in which to place their databases. They also require that the web servers and database servers be highly available and that there be a minimum of two web servers and two database servers each. How many subnets should you have to maintain high availability?

    • 2

    • 3

    • 4

    • 1

    Correct Answer
    A. 4
    Explanation
    To maintain high availability for the web servers and database servers, you should have a total of four subnets. This is because high availability typically involves distributing resources across multiple availability zones (AZs) to ensure redundancy and fault tolerance. In this case, you will need two subnets for the web servers, one in each AZ, and two subnets for the database servers, also one in each AZ. By having four subnets, you can distribute the workload and resources across multiple AZs, ensuring that if one AZ goes down, the services can still operate from the other AZ.

    Rate this question:

  • 10. 

    Why is the launch configuration referenced by the Auto Scaling group instead of being part of the Auto Scaling group?

    • It allows you to change the Amazon Elastic Compute Cloud (Amazon EC2) instance type and Amazon Machine Image (AMI) without disrupting the Auto Scaling group.

    • It facilitates rolling out a patch to an existing set of instances managed by an Auto Scaling group.

    • It allows you to change security groups associated with the instances launched without having to make changes to the Auto Scaling group.

    • All of the above

    • None of the above

    Correct Answer
    A. All of the above
    Explanation
    The launch configuration is referenced by the Auto Scaling group instead of being part of it because it allows for flexibility in managing the instances. By separating the launch configuration, it becomes easier to change the instance type, AMI, or security groups associated with the instances without disrupting the Auto Scaling group. This flexibility is beneficial when rolling out patches or making changes to the instances without affecting the overall functioning of the Auto Scaling group. Therefore, all of the given options are correct explanations for why the launch configuration is referenced by the Auto Scaling group.

    Rate this question:

  • 11. 

    Your company experiences fluctuations in traffic patterns to their e-commerce website based on flash sales. What service can help your company dynamically match the required compute capacity to the spike in traffic during flash sales?

    • Auto Scaling

    • Amazon Glacier

    • Amazon Simple Notification Service (Amazon SNS)

    • Amazon Virtual Private Cloud (Amazon VPC)

    Correct Answer
    A. Auto Scaling
    Explanation
    Auto Scaling is a service provided by Amazon Web Services (AWS) that allows companies to automatically adjust their compute capacity based on demand. In the case of flash sales, where there is a sudden spike in traffic to the e-commerce website, Auto Scaling can dynamically increase the compute capacity to handle the increased load. This helps ensure that the website remains responsive and can handle the high traffic without any performance degradation or downtime. Auto Scaling can also automatically decrease the compute capacity once the traffic subsides, helping to optimize costs by only using the required resources.

    Rate this question:

  • 12. 

    You have an application that will run on an Amazon Elastic Compute Cloud (Amazon EC2) instance. The application will make requests to Amazon Simple Storage Service (Amazon S3) and Amazon DynamoDB. Using best practices, what type of AWS Identity and Access Management (IAM) identity should you create for your application to access the identified services?

    • IAM role

    • IAM user

    • IAM group

    • IAM directory

    Correct Answer
    A. IAM role
    Explanation
    The best type of AWS Identity and Access Management (IAM) identity to create for the application to access Amazon S3 and Amazon DynamoDB is an IAM role. IAM roles provide temporary credentials that can be assumed by trusted entities, such as EC2 instances, without the need for long-term access keys. This allows for secure and controlled access to the identified services without the need for managing individual user credentials.

    Rate this question:

  • 13. 

    You are building a photo management application that maintains metadata on millions of images in an Amazon DynamoDB table. When a photo is retrieved, you want to display the metadata next to the image. Which Amazon DynamoDB operation will you use to retrieve the metadata attributes from the table?

    • Scan operation

    • Search operation

    • Query operation

    • Find operation

    Correct Answer
    A. Query operation
    Explanation
    The Query operation in Amazon DynamoDB is used to retrieve items from a table based on the primary key or secondary index. In this scenario, since the photo metadata is stored in the DynamoDB table, the Query operation would be the appropriate choice to retrieve the metadata attributes efficiently. The Query operation allows for more precise retrieval of data by specifying the key conditions and can handle large amounts of data efficiently.

    Rate this question:

  • 14. 

    Your web application front end consists of multiple EC2 instances behind an Elastic Load Balancer. You configured ELB to perform health checks on these EC2 instances. If an instance fails to pass health checks, which statement will be true?

    • The ELB stops sending traffic to the instance that failed its health check.

    • The instance gets terminated automatically by the ELB.

    • The instance gets quarantined by the ELB for root cause analysis.

    • The instance is replaced automatically by the ELB.

    Correct Answer
    A. The ELB stops sending traffic to the instance that failed its health check.
    Explanation
    When an EC2 instance fails to pass the health checks configured on the Elastic Load Balancer (ELB), the ELB will stop sending traffic to that instance. This means that the instance will no longer receive any requests from the ELB until it passes the health checks again. The other options mentioned in the question are not true. The instance does not get terminated automatically, quarantined for root cause analysis, or replaced automatically by the ELB.

    Rate this question:

  • 15. 

    Which Amazon Elastic Compute Cloud (Amazon EC2) pricing model allows you to pay a set hourly price for compute, giving you full control over when the instance launches and terminates?

    • Spot instances

    • Reserved instance

    • On Demand instances

    • Dedicated instances

    Correct Answer
    A. On Demand instances
    Explanation
    On Demand instances in Amazon EC2 allow users to pay a set hourly price for compute. This pricing model provides full control over when the instance launches and terminates, making it suitable for applications with short-term, irregular workloads or unpredictable usage patterns. Users can launch instances as needed without any upfront commitment or long-term contract. This flexibility makes On Demand instances a convenient choice for users who require immediate access to compute resources without any long-term commitment or pre-planning.

    Rate this question:

  • 16. 

    Which AWS database service is best suited for traditional Online Transaction Processing (OLTP)?

    • Amazon Redshift

    • Amazon Relational Database Service (Amazon RDS)

    • Amazon Glacier

    • Elastic Database

    Correct Answer
    A. Amazon Relational Database Service (Amazon RDS)
    Explanation
    Amazon Relational Database Service (Amazon RDS) is the best suited AWS database service for traditional Online Transaction Processing (OLTP). OLTP involves a high volume of small, frequent transactions, and requires a database that can handle concurrent reads and writes efficiently. Amazon RDS provides managed relational databases, such as MySQL, PostgreSQL, Oracle, and SQL Server, which are designed to handle OLTP workloads effectively. It offers features like automated backups, automatic software patching, and scalability options, making it a reliable choice for traditional OLTP applications.

    Rate this question:

  • 17. 

    Which of the following Amazon Virtual Private Cloud (Amazon VPC) element acts as a stateless firewall?

    • Security group

    • Network Access Control List (ACL)

    • Network Address Translation (NAT)

    • An Amazon VPC endpoint

    Correct Answer
    A. Network Access Control List (ACL)
    Explanation
    A Network Access Control List (ACL) in Amazon VPC acts as a stateless firewall. It is a set of rules that control inbound and outbound traffic at the subnet level. ACLs are associated with subnets and evaluate traffic based on rules defined for each subnet. They can allow or deny traffic based on protocols, ports, and IP addresses. Unlike security groups, which are stateful, ACLs do not keep track of the state of connections. Instead, they evaluate each packet individually. Therefore, ACLs are considered stateless firewalls in Amazon VPC.

    Rate this question:

  • 18. 

    Which AWS Service records Application Program Interface (API) calls made on your account and delivers log files to you Amazon Simple Storage Service (Amazon S3) bucket?

    • AWS CloudTrail

    • Amazon CloudWatch

    • Amazon Kinesis

    • AWS Data Pipeline

    Correct Answer
    A. AWS CloudTrail
    Explanation
    AWS CloudTrail is the correct answer because it is a service that records API calls made on your account. It captures detailed information about each API call, including the identity of the caller, the time of the call, the source IP address, the request parameters, and the response elements returned by the AWS service. CloudTrail delivers log files to your Amazon S3 bucket, allowing you to store, monitor, and analyze the data for various purposes such as security analysis, compliance auditing, and troubleshooting.

    Rate this question:

  • 19. 

    You are building the database tier for an enterprise application that gets occasional activity throughout the day. Which storage type should you select as your default option?

    • Magnetic storage

    • General Purpose Solid State Drive (SSD)

    • Provisioned IOPS (SSD)

    • Storage Area Network (SAN)-attached

    Correct Answer
    A. General Purpose Solid State Drive (SSD)
    Explanation
    For an enterprise application that experiences occasional activity throughout the day, it is important to have a storage type that can handle both high and low workloads efficiently. General Purpose Solid State Drives (SSDs) are a suitable option as they offer a balance between performance and cost-effectiveness. SSDs are faster than magnetic storage and provide better I/O performance, making them ideal for handling occasional bursts of activity. Additionally, they are more reliable and durable compared to traditional magnetic storage. Provisioned IOPS (SSD) and Storage Area Network (SAN)-attached options may be more suitable for applications with consistently high workloads.

    Rate this question:

  • 20. 

    Which DNS record must all zones have by default? 

    • SPF

    • TXT

    • MX

    • SOA

    Correct Answer
    A. SOA
    Explanation
    All zones must have a Start of Authority (SOA) record by default. The SOA record is essential as it contains important information about the zone, such as the primary name server responsible for the zone, the email address of the responsible person, and various timing parameters for the zone. This record is crucial for the proper functioning of the DNS system and is therefore required in all zones.

    Rate this question:

  • 21. 

    You host a web application across multiple AWS regions in the world, and you need to configure your DNS so that your end users will get the fastest network performance possible. Which routing policy should you apply?

    • Geolocation routing

    • Latency-based routing

    • Simple routing

    • Weighted routing

    Correct Answer
    A. Latency-based routing
    Explanation
    Latency-based routing should be applied in this scenario because it allows you to route traffic to the region with the lowest latency or fastest network performance. This ensures that your end users will have the best possible experience when accessing your web application. By measuring the latency between the end user and each AWS region, the DNS can direct the traffic to the region with the lowest latency, reducing network delays and improving overall performance.

    Rate this question:

  • 22. 

    Amazon Glacier is designed for: (Choose 2 answers)

    • Active database storage

    • Infrequently accessed data

    • Data archives

    • Frequently accessed data

    • Cached session data

    Correct Answer(s)
    A. Infrequently accessed data
    A. Data archives
    Explanation
    Amazon Glacier is designed for storing infrequently accessed data and data archives. It is not suitable for active database storage or frequently accessed data. Glacier is a low-cost storage service that is optimized for long-term retention of data that is rarely accessed but needs to be preserved for compliance or other purposes. It provides secure, durable, and scalable storage for archiving and backup purposes. Therefore, it is the ideal choice for storing infrequently accessed data and data archives. Cached session data and frequently accessed data would require a different storage solution that provides faster access times.

    Rate this question:

  • 23. 

    Elastic Load Balancing allows you to distribute traffic across which of the following?

    • Only within a single Availability Zone

    • Multiple Availability Zones within a region

    • Multiple Availability Zones within and between regions

    • Multiple Availability Zones within and between regions and on-premises virtualized instances running OpenStack

    Correct Answer
    A. Multiple Availability Zones within a region
    Explanation
    Elastic Load Balancing allows you to distribute traffic across multiple Availability Zones within a region. This means that the load balancer can evenly distribute incoming traffic to multiple instances across different Availability Zones, ensuring high availability and fault tolerance. By spreading the load across multiple zones, it helps to prevent any single point of failure and provides better performance and scalability for applications.

    Rate this question:

  • 24. 

    How many access keys may an AWS Identity and Access Management(IAM) user have active at one time

    • 0

    • 1

    • 2

    • 3

    Correct Answer
    A. 2
    Explanation
    An AWS Identity and Access Management (IAM) user can have a maximum of two active access keys at one time. Access keys are used to authenticate API requests made to AWS services. Having multiple active access keys allows for seamless rotation and management of keys, ensuring continuous access to AWS resources while maintaining security. By limiting the number of active access keys to two, AWS promotes best practices for security and access management.

    Rate this question:

  • 25. 

    What is the format of an IAM policy?

    • XML

    • Key/ value pairs

    • JSON

    • Tab-delimited text

    Correct Answer
    A. JSON
    Explanation
    IAM policies in AWS (Amazon Web Services) are written in JSON (JavaScript Object Notation) format. JSON is a lightweight data interchange format that is easy for humans to read and write, and also easy for machines to parse and generate. It uses key/value pairs to represent data, making it a suitable format for defining permissions and access controls in IAM policies. JSON allows for flexible and structured representation of policies, making it the correct format for IAM policies in AWS.

    Rate this question:

  • 26. 

    Which of the following cache engines are supported by Amazon ElastiCache? (Choose 2 answers)

    • MySQL

    • Memcached

    • Redis

    • Couchbase

    Correct Answer(s)
    A. Memcached
    A. Redis
    Explanation
    Amazon ElastiCache supports two cache engines: Memcached and Redis. Memcached is a high-performance, distributed memory caching system that is commonly used to speed up dynamic database-driven websites. Redis is an in-memory data structure store that can be used as a cache, database, or message broker. Both Memcached and Redis are popular choices for caching in cloud environments, and Amazon ElastiCache provides support for both of these engines.

    Rate this question:

  • 27. 

    The AWS control environment is in place for the secure delivery of AWS cloud service offerings. Which of the following does the collective control environment NOT explicitly include?

    • People

    • Energy

    • Technology

    • Processes

    Correct Answer
    A. Energy
    Explanation
    The collective control environment of AWS does not explicitly include energy. The control environment refers to the framework and processes in place to ensure the secure delivery of AWS cloud services. It encompasses various aspects such as people, technology, and processes. However, energy is not directly related to the control environment as it pertains to the physical infrastructure and resources required to power the AWS services, but it is not a part of the control environment itself.

    Rate this question:

  • 28. 

    What aspect of an Amazon VPC is stateful?

    • Network ACLs

    • Security groups

    • Amazon DynamoDB

    • Amazon S3

    Correct Answer
    A. Security groups
    Explanation
    Security groups in an Amazon VPC are stateful. This means that any inbound traffic that is allowed is automatically allowed for the outbound traffic as well. In other words, if a request is made from an instance to allow traffic from a specific IP address, the response from that IP address is automatically allowed back to the instance. This simplifies the management of network security as there is no need to create separate rules for inbound and outbound traffic.

    Rate this question:

  • 29. 

    Which process in an Amazon Simple Workflow Service (Amazon SWF) workflow implements a task?

    • Decider

    • Activity worker

    • Workflow starter

    • Business rule

    Correct Answer
    A. Activity worker
    Explanation
    In an Amazon Simple Workflow Service (Amazon SWF) workflow, the process that implements a task is called the activity worker. The activity worker is responsible for executing the specific activities or tasks defined in the workflow. It receives the task from the workflow and performs the necessary actions or computations required for that task. The activity worker plays a crucial role in the overall execution of the workflow by executing the individual tasks and returning the results back to the workflow.

    Rate this question:

  • 30. 

    Which of the following techniques can you use to help you meet Recovery Point Objective (RPO) and Recovery Time Objective (RTO) requirements? (Choose 3 answers)

    • DB snapshots

    • DB option groups

    • Read replica

    • Multi-AZ deployment

    Correct Answer(s)
    A. DB snapshots
    A. Read replica
    A. Multi-AZ deployment
    Explanation
    DB snapshots, read replicas, and multi-AZ deployment are all techniques that can help meet Recovery Point Objective (RPO) and Recovery Time Objective (RTO) requirements.

    DB snapshots allow you to create a point-in-time copy of your database, which can be used for data recovery in case of a failure.

    Read replicas are copies of your database that can be used for read operations, providing high availability and reducing the load on your primary database. In case of a failure, read replicas can be promoted to become the primary database, minimizing downtime.

    Multi-AZ deployment involves replicating your database to a standby instance in a different Availability Zone. In case of a failure, Amazon RDS automatically fails over to the standby instance, reducing downtime and meeting RTO requirements.

    Rate this question:

  • 31. 

    In the basic monitoring package for EC2, Amazon CloudWatch provides the following metrics:

    • Web server visible metrics such as number failed transaction requests

    • Operating system visible metrics such as memory utilization

    • Database visible metrics such as number of connections

    • Hypervisor visible metrics such as CPU utilization

    Correct Answer
    A. Hypervisor visible metrics such as CPU utilization
    Explanation
    Amazon CloudWatch provides various metrics for monitoring EC2 instances. These metrics include web server visible metrics such as the number of failed transaction requests, operating system visible metrics such as memory utilization, database visible metrics such as the number of connections, and hypervisor visible metrics such as CPU utilization. These metrics help in monitoring the performance and health of EC2 instances and can be used to set alarms and automate actions based on specific thresholds or conditions.

    Rate this question:

  • 32. 

    Amazon CloudWatch supports which types of monitoring plans? (Choose 2 answers)

    • Basic monitoring, which is free

    • Basic monitoring, which has an additional cost

    • Ad hoc monitoring, which is free

    • Ad hoc monitoring, which has an additional cost

    • Detailed monitoring, which is free

    • Detailed monitoring, which has an additional cost

    Correct Answer(s)
    A. Basic monitoring, which is free
    A. Detailed monitoring, which has an additional cost
    Explanation
    Amazon CloudWatch supports two types of monitoring plans: Basic monitoring, which is free, and Detailed monitoring, which has an additional cost.

    Rate this question:

  • 33. 

    You are responsible for your company’s AWS resources, and you notice a significant amount of traffic from an IP address in a foreign country in which your company does not have customers. Further investigation of the traffic indicates the source of the traffic is scanning for open ports on your EC2-VPC instances. Which one of the following resources can deny the traffic from reaching the instances?

    • Security group

    • Network ACL

    • NAT instance

    • An Amazon VPC endpoint

    Correct Answer
    A. Network ACL
    Explanation
    A Network ACL (Access Control List) can deny the traffic from reaching the instances. Network ACLs act as a firewall for controlling inbound and outbound traffic at the subnet level. By configuring the Network ACL rules, you can explicitly allow or deny traffic based on IP addresses, protocols, and ports. In this scenario, you can create a rule in the Network ACL to block traffic from the specific IP address in the foreign country, effectively denying the scanning traffic from reaching your EC2-VPC instances.

    Rate this question:

  • 34. 

    Your AWS account administrator left your company today. The administrator had access to the root user and a personal IAM administrator account. With these accounts, he generated other IAM accounts and keys. Which of the following should you do today to protect your AWS infrastructure? (Choose 4 answers)

    • Change the password and add MFA to the root user.

    • Put an IP restriction on the root user.

    • Rotate keys and change passwords for IAM accounts.

    • Delete all IAM accounts.

    • Delete the administrator’s personal IAM account.

    • Relaunch all Amazon EC2 instances with new roles.

    Correct Answer(s)
    A. Change the password and add MFA to the root user.
    A. Put an IP restriction on the root user.
    A. Rotate keys and change passwords for IAM accounts.
    A. Delete the administrator’s personal IAM account.
    Explanation
    To protect the AWS infrastructure, the following actions should be taken:
    1. Change the password and add MFA to the root user: This ensures that the root user's password is updated and adds an extra layer of security with Multi-Factor Authentication.
    2. Put an IP restriction on the root user: By restricting access to the root user based on specific IP addresses, unauthorized access attempts can be prevented.
    3. Rotate keys and change passwords for IAM accounts: This ensures that any keys or passwords generated by the previous administrator are no longer valid, reducing the risk of unauthorized access.
    4. Delete the administrator's personal IAM account: Removing the administrator's personal IAM account ensures that they no longer have access to the AWS infrastructure and any associated resources.

    Rate this question:

  • 35. 

    What should you do in order to grant a different AWS account permission to your Amazon Simple Queue Service (Amazon SQS) queue?

    • Share credentials to your AWS account and have the other account’s applications use your account’s credentials to access the Amazon SQS queue

    • Create a user for that account in AWS Identity and Access Management (IAM) and establish an IAM policy that grants access to the queue

    • Create an Amazon SQS policy that grants the other account access.

    • Amazon Virtual Private Cloud (Amazon VPC) peering must be used to achieve this

    Correct Answer
    A. Create an Amazon SQS policy that grants the other account access.
    Explanation
    To grant a different AWS account permission to your Amazon SQS queue, you should create an Amazon SQS policy that grants the other account access. This can be done by specifying the AWS account ID of the other account in the policy and defining the necessary permissions for accessing the queue. By creating an SQS policy, you can securely grant access to the queue without sharing your AWS account credentials or creating a user in IAM for the other account. VPC peering is not required for this specific scenario.

    Rate this question:

  • 36. 

    Which of the following is not a supported Amazon Simple Notification Service (Amazon SNS) protocol?

    • HTTPS

    • AWS Lambda

    • Email-JSON

    • Amazon DynamoDB

    Correct Answer
    A. Amazon DynamoDB
    Explanation
    Amazon DynamoDB is a managed NoSQL database service provided by Amazon Web Services (AWS) and is not a supported protocol for Amazon Simple Notification Service (Amazon SNS). Amazon SNS supports protocols like HTTPS, AWS Lambda, and Email-JSON for sending messages to various endpoints. However, DynamoDB is not a protocol but rather a database service, so it is not a valid option for this question.

    Rate this question:

  • 37. 

    Your web application needs four instances to support steady traffic nearly all of the time. On the last day of each month, the traffic triples. What is a cost-effective way to handle this traffic pattern?

    • Run 12 Reserved Instances all of the time.

    • Run four On-Demand Instances constantly, then add eight more On-Demand Instances on the last day of each month.

    • Run four Reserved Instances constantly, then add eight On-Demand Instances on the last day of each month.

    • Run four On-Demand Instances constantly, then add eight Reserved Instances on the last day of each month.

    Correct Answer
    A. Run four Reserved Instances constantly, then add eight On-Demand Instances on the last day of each month.
    Explanation
    Running four Reserved Instances constantly provides a cost-effective solution for steady traffic throughout the year. By reserving these instances, you can take advantage of lower hourly rates. Additionally, adding eight On-Demand Instances on the last day of each month allows you to accommodate the increased traffic without incurring the higher costs associated with running all 12 instances as Reserved Instances. This approach balances cost-effectiveness with the flexibility to handle the spikes in traffic on the last day of each month.

    Rate this question:

  • 38. 

    Which of the following statements best describes an Availability Zone?

    • Each Availability Zone consists of a single discrete data center with redundant power and networking/connectivity

    • Each Availability Zone consists of a multiple discrete data center with redundant power and networking/connectivity

    • Each Availability Zone consists of a multiple discrete regions, each with single data center with redundant power and networking/connectivity

    • Each Availability Zone consists of a multiple discrete data center with shared power and redundant networking/connectivity

    Correct Answer
    A. Each Availability Zone consists of a multiple discrete data center with redundant power and networking/connectivity
    Explanation
    Each Availability Zone consists of multiple discrete data centers with redundant power and networking/connectivity. This means that each Availability Zone is made up of multiple physically separate and isolated data centers that are designed to operate independently. These data centers have redundant power sources and networking/connectivity to ensure high availability and fault tolerance.

    Rate this question:

  • 39. 

    Which features can be used to restrict access to Amazon Simple Storage Service (Amazon S3) data? (Choose 3 answers)

    • Enable static website hosting on the bucket.

    • Create a pre-signed URL for an object.

    • Use an Amazon S3 Access Control List (ACL) on a bucket or object.

    • Use a lifecycle policy.

    • Use an Amazon S3 bucket policy

    Correct Answer(s)
    A. Create a pre-signed URL for an object.
    A. Use an Amazon S3 Access Control List (ACL) on a bucket or object.
    A. Use an Amazon S3 bucket policy
    Explanation
    To restrict access to Amazon S3 data, you can use the following features:

    1. Create a pre-signed URL for an object: This allows temporary access to the object through a generated URL, which can have an expiration time.

    2. Use an Amazon S3 Access Control List (ACL) on a bucket or object: ACLs provide fine-grained control over who can access the bucket or object by specifying permissions for individual AWS accounts or groups.

    3. Use an Amazon S3 bucket policy: Bucket policies define access permissions for the bucket and its contents, allowing you to specify which AWS accounts or IAM users have access and what actions they can perform.

    These features provide different methods for controlling access to Amazon S3 data, ensuring that only authorized users can access the data.

    Rate this question:

  • 40. 

    Amazon Simple Storage Service (Amazon S3) is an eventually consistent storage system. For what kinds of operations is it possible to get stale data as a result of eventual consistency? (Choose 2 answers)

    • GET after PUT of a new object

    • GET or LIST after a DELETE

    • GET after overwrite PUT (PUT to an existing key)

    • DELETE after PUT of new object

    Correct Answer(s)
    A. GET or LIST after a DELETE
    A. GET after overwrite PUT (PUT to an existing key)
    Explanation
    GET or LIST after a DELETE: When a DELETE operation is performed on an object in Amazon S3, it may take some time for the deletion to be fully propagated across all the storage nodes. Therefore, if a GET or LIST operation is performed immediately after the delete, it is possible to get stale data.

    GET after overwrite PUT (PUT to an existing key): If a PUT operation is performed to overwrite an existing object in Amazon S3, it may take some time for the new version of the object to be fully propagated. If a GET operation is performed immediately after the overwrite PUT, it is possible to get stale data from the previous version of the object.

    Rate this question:

  • 41. 

    Which of the following must be configured on an Elastic Load Balancing load balancer to accept incoming traffic?

    • A port

    • A network interface

    • A listener

    • An instance

    Correct Answer
    A. A listener
    Explanation
    To accept incoming traffic, a listener must be configured on an Elastic Load Balancing load balancer. A listener is responsible for checking for connection requests from clients and forwarding them to the appropriate target group. It defines the protocol and port number that the load balancer uses to listen for incoming traffic. Without a listener, the load balancer would not be able to receive and distribute incoming traffic effectively. Therefore, configuring a listener is essential for accepting incoming traffic on an Elastic Load Balancing load balancer.

    Rate this question:

  • 42. 

    You are a solutions architect who is working for a mobile application company that wants to use Amazon Simple Workflow Service (Amazon SWF) for their new takeout ordering application. They will have multiple workflows that will need to interact. What should you advise them to do in structuring the design of their Amazon SWF environment?

    • Use multiple domains, each containing a single workflow, and design the workflows to interact across the different domains

    • Use a single domain containing multiple workflows. In this manner, the workflows will be able to interact

    • Use a single domain with a single workflow and collapse all activities to within this single workflow

    • Workflows cannot interact with each other; they would be better off using Amazon Simple Queue Service (Amazon SQS) and Amazon Simple Notification Service (Amazon SNS) for their application.

    Correct Answer
    A. Use a single domain containing multiple workflows. In this manner, the workflows will be able to interact
    Explanation
    In order to structure the design of their Amazon SWF environment, it is advised to use a single domain containing multiple workflows. This allows the workflows to interact with each other. Using multiple domains, each containing a single workflow, would not allow for this interaction. Similarly, collapsing all activities to within a single workflow would limit the ability for workflows to interact. Using Amazon SQS and Amazon SNS would not be suitable as they do not provide the same level of workflow management and coordination as Amazon SWF.

    Rate this question:

  • 43. 

    In what ways does Amazon Simple Storage Service (Amazon S3) object storage differ from block and file storage? (Choose 2 answers)

    • Amazon S3 stores data in fixed size blocks.

    • Objects are identified by a numbered address.

    • Objects can be any size.

    • Objects contain both data and metadata.

    • Objects are stored in buckets.

    Correct Answer(s)
    A. Objects contain both data and metadata.
    A. Objects are stored in buckets.
    Explanation
    Amazon Simple Storage Service (Amazon S3) object storage differs from block and file storage in two ways. Firstly, objects in Amazon S3 contain both data and metadata, allowing for additional information to be stored alongside the actual data. This metadata can include details such as the object's creation date, author, or any other relevant information. Secondly, objects in Amazon S3 are stored in buckets. Buckets act as containers for objects and provide a way to organize and manage the stored data. This hierarchical structure allows for easy management and retrieval of objects within the storage system.

    Rate this question:

  • 44. 

    To protect S3 data from both accidental deletion and accidental overwriting, you should: 

    • Enable S3 versioning on the bucket

    • Access S3 data using only signed URLs

    • Disable S3 delete using an IAM bucket policy

    • Enable S3 Reduced Redundancy Storage

    • Enable Multi-Factor Authentication (MFA) protected access

    Correct Answer
    A. Enable S3 versioning on the bucket
    Explanation
    Enabling S3 versioning on the bucket allows for the preservation of previous versions of objects in the bucket. This means that even if a file is accidentally deleted or overwritten, the previous versions can still be accessed and restored. By enabling versioning, you can protect your S3 data from both accidental deletion and accidental overwriting, providing an added layer of data protection and ensuring data integrity.

    Rate this question:

  • 45. 

    Which of the following can be used to address an Amazon Elastic Compute Cloud (Amazon EC2) instance over the web? (Choose 2 answers)

    • Windows machine name

    • Public DNS name

    • Amazon EC2 instance ID

    • Elastic IP address

    • Private DNS name

    Correct Answer(s)
    A. Public DNS name
    A. Elastic IP address
    Explanation
    The Public DNS name and Elastic IP address can be used to address an Amazon EC2 instance over the web. The Public DNS name is a globally unique identifier that can be used to access the instance from the internet. The Elastic IP address is a static, public IP address that can be associated with the instance, providing a fixed address that can be used to access the instance over the internet.

    Rate this question:

  • 46. 

    Which of the following workloads are a good fit for running on Amazon Redshift? (Choose 2 answers)

    • Transactional database supporting a busy e-commerce order processing website

    • Reporting database supporting back-office analytics

    • Data warehouse used to aggregate multiple disparate data sources

    • Manage session state and user profile data for thousands of concurrent users

    Correct Answer(s)
    A. Reporting database supporting back-office analytics
    A. Data warehouse used to aggregate multiple disparate data sources
    Explanation
    Amazon Redshift is a cloud-based data warehousing solution that is optimized for online analytical processing (OLAP) workloads. It is designed to handle large volumes of data and perform complex queries quickly. Therefore, a reporting database supporting back-office analytics and a data warehouse used to aggregate multiple disparate data sources are both good fits for running on Amazon Redshift. These workloads require a high-performance and scalable solution, which Amazon Redshift provides. However, a transactional database supporting a busy e-commerce order processing website and managing session state and user profile data for thousands of concurrent users are not mentioned as good fits for Amazon Redshift, as these workloads typically require a transactional database system with high concurrency and low latency.

    Rate this question:

  • 47. 

    What are some of the key characteristics of Amazon Simple Storage Service (Amazon S3)? (Choose 3 answers)

    • All objects have a URL.

    • Amazon S3 can store unlimited amounts of data.

    • Objects are world-readable by default.

    • Amazon S3 uses a REST (Representational State Transfer) Application Program Interface (API).

    • You must pre-allocate the storage in a bucket.

    Correct Answer(s)
    A. All objects have a URL.
    A. Amazon S3 can store unlimited amounts of data.
    A. Amazon S3 uses a REST (Representational State Transfer) Application Program Interface (API).
    Explanation
    Some of the key characteristics of Amazon Simple Storage Service (Amazon S3) are that all objects have a URL, meaning they can be accessed and shared easily. Amazon S3 can also store unlimited amounts of data, providing scalable storage solutions. Additionally, Amazon S3 uses a REST (Representational State Transfer) API, allowing developers to interact with the service programmatically.

    Rate this question:

  • 48. 

    Which of the following are features of Amazon Elastic Block Store (Amazon EBS)? (Choose 2 answers)

    • Data stored on Amazon EBS is automatically replicated within an Availability Zone.

    • Amazon EBS data is automatically backed up to tape.

    • Amazon EBS volumes can be encrypted transparently to workloads on the attached instance.

    • Data on an Amazon EBS volume is lost when the attached instance is stopped

    Correct Answer(s)
    A. Data stored on Amazon EBS is automatically replicated within an Availability Zone.
    A. Amazon EBS volumes can be encrypted transparently to workloads on the attached instance.
    Explanation
    Data stored on Amazon EBS is automatically replicated within an Availability Zone, which ensures high durability and availability of data. Amazon EBS volumes can also be encrypted transparently to workloads on the attached instance, providing an additional layer of security for sensitive data.

    Rate this question:

  • 49. 

    1. Your order-processing application processes orders extracted from a queue with two Reserved Instances processing 10 orders/ minute. If an order fails during processing, then it is returned to the queue without penalty. Due to a weekend sale, the queues have several hundred orders backed up. While the backup is not catastrophic, you would like to drain it so that customers get their confirmation emails faster. What is a cost-effective way to drain the queue for orders? 

    • Create more queues.

    • Deploy additional Spot Instances to assist in processing the orders

    • Deploy additional Reserved Instances to assist in processing the orders.

    • Deploy additional On-Demand Instances to assist in processing the orders.

    Correct Answer
    A. Deploy additional Spot Instances to assist in processing the orders
    Explanation
    Deploying additional Spot Instances to assist in processing the orders would be a cost-effective way to drain the queue for orders. Spot Instances are spare computing capacity available at a lower price compared to On-Demand or Reserved Instances. By deploying additional Spot Instances, you can increase the processing power and speed up order processing without incurring high costs. This solution is suitable for handling the temporary increase in orders during the weekend sale without the need for long-term commitments or high expenses.

    Rate this question:

Quiz Review Timeline (Updated): Mar 21, 2023 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 21, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Jul 07, 2017
    Quiz Created by
    Iihtmarathahalli

Recent Quizzes

AWS Certified Cloud Practitioner AWS Certified Cloud Practitioner
AWS Certified Solutions Architect - Associate (part 2) AWS Certified Solutions Architect - Associate (part 2)
AWS Certified Solutions Architect - Associate (part 1 test) AWS Certified Solutions Architect - Associate (part 1 test)
Intelligent Amazon Web Services (AWS) Test Intelligent Amazon Web Services (AWS) Test
AWS SAA - Exam B AWS SAA - Exam B
AWS Certified Solutions Architect - Associate (part 1 test) AWS Certified Solutions Architect - Associate (part 1 test)
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.