Deck 10: AWS Certified Solutions Architect - Professional (SAP-C01)

A) Failover environment: Create an S3 bucket and configure it for website hosting. Migrate your DNS to Route53 using zone file import, and leverage Route53 DNS failover to failover to the S3 hosted website.
B) Hybrid environment: Create an AMI, which can be used to launch web servers in EC2. Create an Auto Scaling group, which uses the AMI to scale the web tier based on incoming traffic. Leverage Elastic Load Balancing to balance traffic between on-premises web servers and those hosted in AWS.
C) Offload traffic from on-premises environment: Setup a CIoudFront distribution, and configure CloudFront to cache objects from a custom origin. Choose to customize your object cache behavior, and select a TTL that objects should exist in cache.
D) Migrate to AWS: Use VM Import/Export to quickly convert an on-premises web server to an AMI. Create an Auto Scaling group, which uses the imported AMI to scale the web tier based on incoming traffic. Create an RDS read replica and setup replication between the RDS instance and on-premises MySQL server to migrate the database.

A) Create more, smaller flies on Amazon S3.
B) Add additional cc2 8xlarge instances by introducing a task group.
C) Use smaller instances that have higher aggregate I/O performance.
D) Create fewer, larger files on Amazon S3.

A) An AWS Direct Connect link between the VPC and the network housing the internal services.
B) An Internet Gateway to allow a VPN connection.
C) An Elastic IP address on the VPC instance
D) An IP address space that does not conflict with the one on-premises
E) Entries in Amazon Route 53 that allow the Instance to resolve its dependencies' IP addresses
F) A VM Import of the current virtual machine

A) The ability to scale computing resources up easily, with minimal friction and down with latency.
B) The ability to scale computing resources up and down easily, with minimal friction.
C) The ability to provision cloud computing resources in expectation of future demand.
D) The ability to recover from business continuity events with minimal friction.

A) Configure a NAT instance in your VPC. Create a default route via the NAT instance and associate it with all subnets. Configure a DNS A record that points to the NAT instance public IP address.
B) Configure a CloudFront distribution and configure the origin to point to the private IP addresses of your Web servers. Configure a Route53 CNAME record to your CloudFront distribution.
C) Place all your web servers behind ELB. Configure a Route53 CNMIE to point to the ELB DNS name.
D) Assign EIPs to all web servers. Configure a Route53 record set with all EIPs, with health checks and DNS failover.
E) Configure ELB with an EIP. Place all your Web servers behind ELB. Configure a Route53 A record that points to the EIP.

A) Use Amazon Simple Storage Service (S3) with server-side encryption, and run simulations on subsets in ephemeral drives on Amazon EC2.
B) Use Amazon S3 with server-side encryption, and run simulations on subsets in-memory on Amazon EC2.
C) Use HDFS on Amazon EMR, and run simulations on subsets in ephemeral drives on Amazon EC2.
D) Use HDFS on Amazon Elastic MapReduce (EMR), and run simulations on subsets in-memory on Amazon Elastic Compute Cloud (EC2).
E) Store the full data set in encrypted Amazon Elastic Block Store (EBS) volumes, and regularly capture snapshots that can be cloned to EC2 workstations.

A) Utilize S3 to collect the inbound sensor data analyze the data from S3 with a daily scheduled Data Pipeline and save the results to a Redshift Cluster.
B) Utilize Amazon Kinesis to collect the inbound sensor data, analyze the data with Kinesis clients and save the results to a Redshift cluster using EMR.
C) Utilize SQS to collect the inbound sensor data analyze the data from SQS with Amazon Kinesis and save the results to a Microsoft SQL Server RDS instance.
D) Utilize EMR to collect the inbound sensor data, analyze the data from EUR with Amazon Kinesis and save me results to DynamoDB.

A) Upload the certificate on an S3 bucket owned by the security officers and accessible only by EC2 Role of the web servers.
B) Configure the web servers to retrieve the certificate upon boot from an CloudHSM is managed by the security officers.
C) Configure system permissions on the web servers to restrict access to the certificate only to the authority security officers
D) Configure IAM policies authorizing access to the certificate store only to the security officers and terminate SSL on an ELB.

A) Create your RDS instance as part of your Elastic Beanstalk definition and alter its security group to allow access to it from hosts in your application subnets.
B) Create your RDS instance separately and add its IP address to your application's DB connection strings in your code Alter its security group to allow access to it from hosts within your VPC's IP address block.
C) Create your RDS instance separately and pass its DNS name to your app's DB connection string as an environment variable. Create a security group for client machines and add it as a valid source for DB traffic to the security group of the RDS instance itself.
D) Create your RDS instance separately and pass its DNS name to your's DB connection string as an environment variable Alter its security group to allow access to It from hosts in your application subnets.

A) The mobile application will submit its location to a web service endpoint utilizing Elastic Load Balancing and EC2 instances; DynamoDB will be used to store and retrieve relevant offers EC2 instances will communicate with mobile earners/device providers to push alerts back to mobile application.
B) Use AWS DirectConnect or VPN to establish connectivity with mobile carriers EC2 instances will receive the mobile applications location through carrier connection: RDS will be used to store and relevant offers. EC2 instances will communicate with mobile carriers to push alerts back to the mobile application.
C) The mobile application will send device location using SQS. EC2 instances will retrieve the relevant others from DynamoDB. AWS Mobile Push will be used to send offers to the mobile application.
D) The mobile application will send device location using AWS Mobile Push EC2 instances will retrieve the relevant offers from DynamoDB. EC2 instances will communicate with mobile carriers/device providers to push alerts back to the mobile application.

A) Latency resource record sets cannot be used in combination with weighted resource record sets.
B) You did not setup an HTTP health check to one or more of the weighted resource record sets associated with me disabled web servers.
C) The value of the weight associated with the latency alias resource record set in the region with the disabled servers is higher than the weight for the other region.
D) One of the two working web servers in the other region did not pass its HTTP health check.
E) You did not set "Evaluate Target Health" to "Yes" on the latency alias resource record set associated with example com in the region where you disabled the servers.

A) Configure a single routing table with a default route via the Internet gateway. Propagate a default route via BGP on the AWS Direct Connect customer router. Associate the routing table with all VPC subnets.
B) Configure a single routing table with a default route via the Internet gateway. Propagate specific routes for the on-premises networks via BGP on the AWS Direct Connect customer router. Associate the routing table with all VPC subnets.
C) Configure a single routing table with two default routes: on to the Internet via an Internet gateway, the other to the on-premises network via the VPN gateway. Use this routing table across all subnets in the VPC.
D) Configure two routing tables: on that has a default router via the Internet gateway, and other that has a default route via the VPN gateway. Associate both routing tables with each VPC subnet.

A) Send all the log events to Amazon SQS, setup an Auto Scaling group of EC2 servers to consume the logs and apply the heuristics.
B) Send all the log events to Amazon Kinesis, develop a client process to apply heuristics on the logs
C) Configure Amazon CloudTrail to receive custom logs, use EMR to apply heuristics the logs
D) Setup an Auto Scaling group of EC2 syslogd servers, store the logs on S3, use EMR to apply heuristics on the logs

A) SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70 Type II), SOC 2 and SOC 3
B) FISMA, DIACAP, and FedRAMP
C) PCI DSS Level 1, ISO 27001, ITAR and FIPS 140-2
D) HIPAA, Cloud Security Alliance (CSA) and Motion Picture Association of America (MPAA)
E) All of the above

A) A web tier deployed across 2 AZs with 3 EC2 (Elastic Compute Cloud) instances in each AZ inside an Auto Scaling Group behind an ELB (elastic load balancer), and an application tier deployed across 2 AZs with 3 EC2 instances in each AZ inside an Auto Scaling Group behind an ELB and one RDS (Relational Database Service) instance deployed with read replicas in the other AZ.
B) A web tier deployed across 3 AZs with 2 EC2 (Elastic Compute Cloud) instances in each AZ inside an Auto Scaling Group behind an ELB (elastic load balancer) and an application tier deployed across 3 AZs with 2 EC2 instances in each AZ inside an Auto Scaling Group behind an ELB and one RDS (Relational Database Service) Instance deployed with read replicas in the two other AZs.
C) A web tier deployed across 2 AZs with 3 EC2 (Elastic Compute Cloud) instances in each AZ inside an Auto Scaling Group behind an ELB (elastic load balancer) and an application tier deployed across 2 AZs with 3 EC2 instances m each AZ inside an Auto Scaling Group behind an ELS and a Multi-AZ RDS (Relational Database Service) deployment.
D) A web tier deployed across 3 AZs with 2 EC2 (Elastic Compute Cloud) instances in each AZ Inside an Auto Scaling Group behind an ELB (elastic load balancer). And an application tier deployed across 3 AZs with 2 EC2 instances in each AZ inside an Auto Scaling Group behind an ELB and a Multi-AZ RDS (Relational Database services) deployment.

A) Create IAM users in the Master account with full Admin permissions. Create cross-account roles in the Dev and Test accounts that grant the Master account access to the resources in the account by inheriting permissions from the Master account.
B) Create IAM users and a cross-account role in the Master account that grants full Admin permissions to the Dev and Test accounts.
C) Create IAM users in the Master account. Create cross-account roles in the Dev and Test accounts that have full Admin permissions and grant the Master account access.
D) Link the accounts using Consolidated Billing. This will give IAM users in the Master account access to resources in the Dev and Test accounts

A) S3 to store I/O files. SQS to distribute elaboration commands to a group of hosts working in parallel. Auto scaling to dynamically size the group of hosts depending on the length of the SQS queue
B) EBS with Provisioned IOPS (PIOPS) to store I/O files. SNS to distribute elaboration commands to a group of hosts working in parallel Auto Scaling to dynamically size the group of hosts depending on the number of SNS notifications
C) S3 to store I/O files, SNS to distribute evaporation commands to a group of hosts working in parallel. Auto scaling to dynamically size the group of hosts depending on the number of SNS notifications
D) EBS with Provisioned IOPS (PIOPS) to store I/O files SQS to distribute elaboration commands to a group of hosts working in parallel Auto Scaling to dynamically size the group ot hosts depending on the length of the SQS queue.

A) The EBS-Optimized throughput limits the total IOPS that can be utilized; use an EBSOptimized instance that provides larger throughput.
B) Small block sizes cause performance degradation, limiting the I/O throughput; configure the instance device driver and filesystem to use 64KB blocks to increase throughput.
C) The standard EBS Instance root volume limits the total IOPS rate; change the instance root volume to also be a 500GB 4,000 Provisioned IOPS volume.
D) Larger storage volumes support higher Provisioned IOPS rates; increase the provisioned volume storage of each of the 6 EBS volumes to 1TB.
E) RAID 0 only scales linearly to about 4 devices; use RAID 0 with 4 EBS Provisioned IOPS volumes, but increase each Provisioned IOPS EBS volume to 6,000 IOPS.

A) Recommend that they lease space at a DirectConnect partner location and establish a 1G DirectConnect connection to their VPC they would then establish Internet connectivity into their space, filter the traffic in hardware Web Application Firewall (WAF). And then pass the traffic through the DirectConnect connection into their application running in their VPC.
B) Add previously identified hostile source IPs as an explicit INBOUND DENY NACL to the web tier subnet.
C) Add a WAF tier by creating a new ELB and an AutoScaling group of EC2 Instances running a host-based WAF. They would redirect Route 53 to resolve to the new WAF tier ELB. The WAF tier would their pass the traffic to the current web tier The web tier Security Groups would be updated to only allow traffic from the WAF tier Security Group
D) Remove all but TLS 1.2 from the web tier ELB and enable Advanced Protocol Filtering. This will enable the ELB itself to perform WAF functionality.

A) Log clicks in weblogs by URL store to Amazon S3, and then analyze with Elastic MapReduce
B) Push web clicks by session to Amazon Kinesis and analyze behavior using Kinesis workers
C) Write click events directly to Amazon Redshift and then analyze with SQL
D) Publish web clicks by session to an Amazon SQS queue then periodically drain these events to Amazon RDS and analyze with SQL.

A) Route 53 Record Sets
B) IAM Roles
C) Elastic IP Addresses (EIP)
D) EC2 Key Pairs
E) Launch configurations
F) Security Groups

A) Reduce the overall lime for executing jobs through parallel processing by allowing a busy EC2 instance that receives a message to pass it to the next instance in a daisy-chain setup.
B) Implement fault tolerance against EC2 instance failure since messages would remain in SQS and worn can continue with recovery of EC2 instances implement fault tolerance against SQS failure by backing up messages to S3.
C) Implement message passing between EC2 instances within a batch by exchanging messages through SQS.
D) Coordinate number of EC2 instances with number of job requests automatically thus Improving cost effectiveness.
E) Handle high priority jobs before lower priority jobs by assigning a priority metadata field to SQS messages.

A) Add a route to the route table with an iPsec VPN connection as the target.
B) Enable route propagation to the virtual pinnate gateway (VGW).
C) Enable route propagation to the customer gateway (CGW).
D) Modify the route table of all Instances using the 'route' command.
E) Modify the Instances VPC subnet route table by adding a route back to the customer's on-premises environment.

A) Use an Amazon Elastic Map Reduce (EMR) S3DistCp as a synchronization mechanism between the on-premises database and a Hadoop cluster on AWS.
B) Modify the application to write to an Amazon SQS queue and develop a worker process to flush the queue to the on-premises database.
C) Modify the application to use DynamoDB to feed an EMR cluster which uses a map function to write to the on-premises database.
D) Provision an RDS read-replica database on AWS to handle the writes and synchronize the two databases using Data Pipeline.

A) File a change request to implement Alias Resource support in the application. Use Route 53 Alias Resource Record to distribute load on two application servers in different Azs.
B) File a change request to implement Latency Based Routing support in the application. Use Route 53 with Latency Based Routing enabled to distribute load on two application servers in different Azs.
C) File a change request to implement Cross-Zone support in the application. Use an ELB with a TCP Listener and Cross-Zone Load Balancing enabled, two application servers in different AZs.
D) File a change request to implement Proxy Protocol support in the application. Use an ELB with a TCP Listener and Proxy Protocol enabled to distribute load on two application servers in different Azs.

A) Use DynamoDB with a "Calls" table and a Global Secondary Index on a "State" attribute that can equal to "active" or "terminated". In this way the Global Secondary Index can be used for all items in the table.
B) Use RDS Multi-AZ with a "CALLS" table and an indexed "STATE" field that can be equal to "ACTIVE" or 'TERMINATED". In this way the SQL query is optimized by the use of the Index.
C) Use RDS Multi-AZ with two tables, one for "ACTIVE_CALLS" and one for "TERMINATED_CALLS". In this way the "ACTIVE_CALLS" table is always small and effective to access.
D) Use DynamoDB with a "Calls" table and a Global Secondary Index on a "IsActive" attribute that is present for active calls only. In this way the Global Secondary Index is sparse and more effective.

A) Configure a web proxy server in your VPC and enforce URL-based rules for outbound access Remove default routes.
B) Implement security groups and configure outbound rules to only permit traffic to software depots.
C) Move all your instances into private VPC subnets remove default routes from all routing tables and add specific routes to the software depots and distributions only.
D) Implement network access control lists to all specific destinations, with an Implicit deny all rule.

A) Replace RDS with Redshift for the batch analysis and SNS to notify the on-premises system to update the dashboard
B) Replace RDS with Redshift for the oaten analysis and SQS to send a message to the on-premises system to update the dashboard
C) Create an RDS Read Replica for the batch analysis and SNS to notify me on-premises system to update the dashboard
D) Create an RDS Read Replica for the batch analysis and SQS to send a message to the on-premises system to update the dashboard.

A) AWS reserves the first and the last private IP address in each subnet's CIDR block so you do not have enough addresses left to launch all of the new EC2 instances
B) The Internet Gateway (IGW) of your VPC has scaled-up, adding more instances to handle the traffic spike, reducing the number of available private IP addresses for new instance launches
C) The ELB has scaled-up, adding more instances to handle the traffic spike, reducing the number of available private IP addresses for new instance launches
D) AWS reserves one IP address in each subnet's CIDR block for Route53 so you do not have enough addresses left to launch all of the new EC2 instances
E) AWS reserves the first four and the last IP address in each subnet's CIDR block so you do not have enough addresses left to launch all of the new EC2 instances

A) aws:iam::123456789012:instance-profile/Webserver
B) arn:aws:iam::123456789012:instance-profile/Webserver
C) 123456789012:aws:iam::instance-profile/Webserver
D) arn:aws:iam::123456789012::instance-profile/Webserver

A) For each regional deployment, use RDS MySQL with a master in the region and a read replica in the HQ region
B) For each regional deployment, use MySQL on EC2 with a master in the region and send hourly EBS snapshots to the HQ region
C) For each regional deployment, use RDS MySQL with a master in the region and send hourly RDS snapshots to the HQ region
D) For each regional deployment, use MySQL on EC2 with a master in the region and use S3 to copy data files hourly to the HQ region
E) Use Direct Connect to connect all regional MySQL deployments to the HQ region and reduce network latency for the batch process

A) Add an Elastic Load Balancing health check to the Auto Scaling group. Set a short period for the health checks to operate as soon as possible in order to prevent premature registration of the instance to the load balancer.
B) Enable EC2 instance CloudWatch alerts to change the launch configuration's AMI to the previous one. Gradually terminate instances that are using the new AMI.
C) Set the Elastic Load Balancing health check configuration to target a part of the application that fully tests application health and returns an error if the tests fail.
D) Create a new launch configuration that refers to the new AMI, and associate it with the group. Double the size of the group, wait for the new instances to become healthy, and reduce back to the original size. If new instances do not become healthy, associate the previous launch configuration.
E) Increase the Elastic Load Balancing Unhealthy Threshold to a higher value to prevent an unhealthy instance from going into service behind the load balancer.

A) Delete your existing VPN connection to avoid routing loops configure your DirectConnect router with the appropriate settings and verity network traffic is leveraging DirectConnect.
B) Configure your DirectConnect router with a higher BGP priority man your VPN router, verify network traffic is leveraging Directconnect and then delete your existing VPN connection.
C) Update your VPC route tables to point to the DirectConnect connection configure your DirectConnect router with the appropriate settings verify network traffic is leveraging DirectConnect and then delete the VPN connection.
D) Configure your DirectConnect router, update your VPC route tables to point to the DirectConnect connection, configure your VPN connection with a higher BGP priority, and verify network traffic is leveraging the DirectConnect connection.

A) You are running the proxy on an undersized EC2 instance type so network throughput is not sufficient for all instances to download their updates in time.
B) You are running the proxy on a sufficiently-sized EC2 instance in a private subnet and its network throughput is being throttled by a NAT running on an undersized EC2 instance.
C) The route table for the subnets containing the affected EC2 instances is not configured to direct network traffic for the software update locations to the proxy.
D) You have not allocated enough storage to the EC2 instance running the proxy so the network buffer is filling up, causing some requests to fail.
E) You are running the proxy in a public subnet but have not allocated enough EIPs to support the needed network throughput through the Internet Gateway (IGW).

A) Use AWS data Pipeline to schedule a DynamoDB cross region copy once a day, create a "Lastupdated" attribute in your DynamoDB table that would represent the timestamp of the last update and use it as a filter.
B) Use EMR and write a custom script to retrieve data from DynamoDB in the current region using a SCAN operation and push it to DynamoDB in the second region.
C) Use AWS data Pipeline to schedule an export of the DynamoDB table to S3 in the current region once a day then schedule another task immediately after it that will import data from S3 to DynamoDB in the other region.
D) Send also each Ante into an SQS queue in me second region; use an auto-scaling group behind the SQS queue to replay the write in the second region.

A) Develop an identity broker that authenticates against IAM security Token service to assume a IAM role in order to get temporary AWS security credentials The application calls the identity broker to get AWS temporary security credentials with access to the appropriate S3 bucket.
B) The application authenticates against LDAP and retrieves the name of an IAM role associated with the user. The application then calls the IAM Security Token Service to assume that IAM role. The application can use the temporary credentials to access the appropriate S3 bucket.
C) Develop an identity broker that authenticates against LDAP and then calls IAM Security Token Service to get IAM federated user credentials. The application calls the identity broker to get IAM federated user credentials with access to the appropriate S3 bucket.
D) The application authenticates against LDAP the application then calls the AWS identity and Access Management (IAM) Security service to log in to IAM using the LDAP credentials the application can use the IAM temporary credentials to access the appropriate S3 bucket.
E) The application authenticates against IAM Security Token Service using the LDAP credentials the application uses those temporary AWS security credentials to access the appropriate S3 bucket.

A) Use CloudFront and an Elastic Load balancer in front of an auto-scaled set of web servers, the web servers will first call the Login With Amazon service to authenticate the user then process the users vote and store the result into a multi-AZ Relational Database Service instance.
B) Use CloudFront and the static website hosting feature of S3 with the Javascript SDK to call the Login With Amazon service to authenticate the user, use IAM Roles to gain permissions to a DynamoDB table to store the users vote.
C) Use CloudFront and an Elastic Load Balancer in front of an auto-scaled set of web servers, the web servers will first call the Login with Amazon service to authenticate the user, the web servers will process the users vote and store the result into a DynamoDB table using IAM Roles for EC2 instances to gain permissions to the DynamoDB table.
D) Use CloudFront and an Elastic Load Balancer in front of an auto-scaled set of web servers, the web servers will first call the Login With Amazon service to authenticate the user, the web servers win process the users vote and store the result into an SQS queue using IAM Roles for EC2 Instances to gain permissions to the SQS queue. A set of application servers will then retrieve the items from the queue and store the result into a DynamoDB table.

A) A video transcoding pipeline running on EC2 using SQS to distribute tasks and Auto Scaling to adjust the number of nodes depending on the length of the queue. EBS volumes to host videos and EBS snapshots to incrementally backup original files after a few days. CloudFront to serve HLS transcoded videos from EC2.
B) Elastic Transcoder to transcode original high-resolution MP4 videos to HLS. EBS volumes to host videos and EBS snapshots to incrementally backup original files after a few days. CloudFront to serve HLS transcoded videos from EC2.
C) Elastic Transcoder to transcode original high-resolution MP4 videos to HLS. S3 to host videos with Lifecycle Management to archive original files to Glacier after a few days. CloudFront to serve HLS transcoded videos from S3.
D) A video transcoding pipeline running on EC2 using SQS to distribute tasks and Auto Scaling to adjust the number of nodes depending on the length of the queue. S3 to host videos with Lifecycle Management to archive all files to Glacier after a few days. CloudFront to serve HLS transcoded videos from Glacier.

A) Use an EC2 Instance that is launched with an EC2 role providing access to the Score Data DynamoDB table and the GameState S3 bucket that communicates with the mobile app via web services.
B) Use temporary security credentials that assume a role providing access to the Score Data DynamoDB table and the Game State S3 bucket using web identity federation.
C) Use Login with Amazon allowing users to sign in with an Amazon account providing the mobile app with access to the Score Data DynamoDB table and the Game State S3 bucket.
D) Use an IAM user with access credentials assigned a role providing access to the Score Data DynamoDB table and the Game State S3 bucket for distribution with the mobile app.

A) 1,000 write capacity units
B) 100,000 write capacity units
C) Dynamic DB is designed to scale without limits, but if you go beyond 10,000 you have to contact AWS first.
D) 10,000 write capacity units

A) They must contain Unicode characters.
B) They can contain any Basic Latin (ASCII) characters.
C) They must begin and end with a forward slash (/).
D) They cannot contain Basic Latin (ASCII) characters.

A) Enable Cloud Front to deliver access logs to S3 and use them as input of the Elastic Map Reduce job.
B) Turn on Cloud Trail and use trail log tiles on S3 as input of the Elastic Map Reduce job
C) Change your log collection process to use Cloud Watch ELB metrics as input of the Elastic Map Reduce job
D) Use Elastic Beanstalk "Rebuild Environment" option to update log delivery to the Elastic Map Reduce job.
E) Use Elastic Beanstalk "Restart App server(s)" option to update log delivery to the Elastic Map Reduce job.

A) Both A and B
B) None of these
C) VPC Addresses
D) EC2 Addresses

A) Use the AWS account access Keys the application retrieves the credentials from the source code of the application.
B) Create an IAM user for the application with permissions that allow list access to the S3 bucket launch the instance as the IAM user and retrieve the IAM user's credentials from the EC2 instance user data.
C) Create an IAM role for EC2 that allows list access to objects in the S3 bucket. Launch the instance with the role, and retrieve the role's credentials from the EC2 Instance metadata
D) Create an IAM user for the application with permissions that allow list access to the S3 bucket. The application retrieves the IAM user credentials from a temporary directory with permissions that allow read access only to the application user.

A) Each subnet spans at least 2 Availability Zones to provide a high-availability environment.
B) Each subnet maps to a single Availability Zone.
C) CIDR block mask of /25 is the smallest range supported.
D) By default, all subnets can route between each other, whether they are private or public.
E) Instances in a private subnet can communicate with the Internet only if they have an Elastic IP.

A) Use a DynamoDB table with an attribute defining the priority level. Transformation instances will scan the table for tasks, sorting the results by priority level.
B) Use Route 53 latency based-routing to send high priority tasks to the closest transformation instances.
C) Use two SQS queues, one for high priority messages, the other for default priority. Transformation instances first poll the high priority queue; if there is no message, they poll the default priority queue.
D) Use a single SQS queue. Each message contains the priority level. Transformation instances poll high-priority messages first.

A) Web servers: store read-only data in S3, and copy from S3 to root volume at boot time. App servers: share state using a combination of DynamoDB and IP unicast. Database: use RDS with multi-AZ deployment and one or more read replicas. Backup: web servers, app servers, and database backed up weekly to Glacier using snapshots.
B) Web servers: store read-only data in an EC2 NFS server, mount to each web server at boot time. App servers: share state using a combination of DynamoDB and IP multicast. Database: use RDS with multi- AZ deployment and one or more Read Replicas. Backup: web and app servers backed up weekly via AMIs, database backed up via DB snapshots.
C) Web servers: store read-only data in S3, and copy from S3 to root volume at boot time. App servers: share state using a combination of DynamoDB and IP unicast. Database: use RDS with multi-AZ deployment and one or more Read Replicas. Backup: web and app servers backed up weekly via AMIs, database backed up via DB snapshots.
D) Web servers: store read-only data in S3, and copy from S3 to root volume at boot time App servers: share state using a combination of DynamoDB and IP unicast. Database: use RDS with multi-AZ deployment. Backup: web and app servers backed up weekly via AMIs, database backed up via DB snapshots.

A) A 1-time charge of 10$ for all the datasets.
B) 1$ per dataset per month
C) 10$ per month for all the datasets
D) There is no charge for using the public data sets

A) Create one AWS OpsWorks stack, create one AWS Ops Works layer, create one custom recipe
B) Create one AWS OpsWorks stack create two AWS Ops Works layers, create one custom recipe
C) Create two AWS OpsWorks stacks create two AWS Ops Works layers, create one custom recipe
D) Create two AWS OpsWorks stacks create two AWS Ops Works layers, create two custom recipe

A) The AWS CodeDeploy agent installed on the Amazon EC2 instances must be able to access only the public AWS CodeDeploy endpoint.
B) The AWS CodeDeploy agent installed on the Amazon EC2 instances must be able to access only the public Amazon S3 service endpoint.
C) The AWS CodeDeploy agent installed on the Amazon EC2 instances must be able to access the public AWS CodeDeploy and Amazon S3 service endpoints.
D) It is not currently possible to use AWS CodeDeploy to deploy an application to Amazon EC2 instances running within an Amazon Virtual Private Cloud (VPC.)

A) Setup an RDS MySQL instance in 2 availability zones to store the user preference data. Deploy a public facing application on a server in front of the database to manage security and access credentials
B) Setup a DynamoDB table with an item for each user having the necessary attributes to hold the user preferences. The mobile application will query the user preferences directly from the DynamoDB table. Utilize STS. Web Identity Federation, and DynamoDB Fine Grained Access Control to authenticate and authorize access.
C) Setup an RDS MySQL instance with multiple read replicas in 2 availability zones to store the user preference data .The mobile application will query the user preferences from the read replicas. Leverage the MySQL user management and access privilege system to manage security and access credentials.
D) Store the user preference data in S3 Setup a DynamoDB table with an item for each user and an item attribute pointing to the user' S3 object. The mobile application will retrieve the S3 URL from DynamoDB and then access the S3 object directly utilize STS, Web identity Federation, and S3 ACLs to authenticate and authorize access.

A) Detach the volume and attach it to another EC2 instance in the other AZ.
B) Simply create a new volume in the other AZ and specify the original volume as the source.
C) Create a snapshot of the volume, and create a new volume from the snapshot in the other AZ.
D) Detach the volume, then use the ec2-migrate-volume command to move it to another AZ.

A) Setup a hybrid architecture to handle session state and SSL certificates on-prem and separate EC2 Instance groups running web applications for different platform types running in a VPC.
B) Set up one ELB for all platforms to distribute load among multiple instance under it Each EC2 instance implements ail functionality for a particular platform.
C) Set up two ELBs The first ELB handles SSL certificates for all platforms and the second ELB handles session stickiness for all platforms for each ELB run separate EC2 instance groups to handle the web application for each platform.
D) Assign multiple ELBS to an EC2 instance or group of EC2 instances running the common components of the web application, one ELB for each platform type Session stickiness and SSL termination are done at the ELBs.

A) get
B) post
C) pull
D) push

A) A HTTP 200 result code and MD5 checksum, taken together, indicate that the operation was successful.
B) Amazon S3 is engineered for 99.999999999% durability. Therefore there is no need to confirm that data was inserted.
C) A success code is inserted into the S3 object metadata.
D) Each S3 account has a special bucket named _s3_logs. Success codes are written to this bucket with a timestamp and checksum.

A) Disabling the Source/Destination Check attribute on the NAT instance
B) Attaching an Elastic IP address to the instance in the private subnet
C) Attaching a second Elastic Network Interface (ENI) to the NAT instance, and placing it in the private subnet
D) Attaching a second Elastic Network Interface (ENI) to the instance in the private subnet, and placing it in the public subnet

A) The object owner has provided access to the IAM user
B) Permission provided by the parent of the IAM user on the bucket
C) Permission provided by the bucket owner to the IAM user
D) Permission provided by the parent of the IAM user

A) A collection of AWS accounts
B) It's the group of EC2 machines that gain the permissions specified in the GROUP.
C) There's no GROUP in IAM, but only USERS and RESOURCES.
D) A collection of users.

A) Amazon RDS
B) AWS Integrity Management
C) AWS Identity and Access Management
D) Amazon EMR

A) Once you issue temporary security credentials, they cannot be revoked.
B) None of these are correct.
C) Once you issue temporary security credentials, they can be revoked only when the virtual MFA device is used.
D) Once you issue temporary security credentials, they can be revoked.

A) 5 users
B) 10 users
C) Unlimited
D) 1 user

A) Yes, Amazon does this but only for MySQL RDS.
B) Yes
C) No
D) Yes, Amazon does this but only for Oracle RDS.

A) XML
B) JavaScript
C) JSON
D) AJAX

A) Create five VPCs with the public subnet for the app server and setup the VPN gateway for each VPN to connect them individually.
B) Use the AWS VPN CloudHub to communicate with multiple VPN connections.
C) Use the AWS CloudGateway to communicate with multiple VPN connections.
D) It is not possible to connect different data centers from a single VPC.

A) 20
B) 2
C) 5
D) 10

A) EBS bandwidth of dedicated instance exceeding the PIOPS
B) EBS volume size
C) EC2 bandwidth
D) Instance type is not EBS optimized

A) They support both authenticated and unauthenticated identities.
B) They support only unauthenticated identities.
C) They support neither authenticated nor unauthenticated identities.
D) They support only authenticated identities.

A) aws:AssumeAdmin
B) lambda:InvokeAsync
C) sts:InvokeAsync
D) sts:AssumeRole

A) 20
B) 2
C) 5
D) 10

A) 10Mbps and 100Mbps
B) 10Gbps and 100Gbps
C) 100Mbps and 1Gbps
D) 1Gbps and 10 Gbps

A) Setup to run 10 instances during the pre-vacation period and only scale up during the office time by launching 10 more instances using the AutoScaling schedule.
B) Keep only 10 instances running and manually launch 10 instances every day during office hours.
C) During the pre-vacation period setup 20 instances to run continuously.
D) During the pre-vacation period setup a scenario where the organization has 15 instances running and 5 instances to scale up and down using Auto Scaling based on the network I/O policy.

A) AWS Data Pipeline terminates AWS Data Pipeline-managed compute resources every 2 hours.
B) When the final activity that uses the resources is running
C) AWS Data Pipeline terminates AWS Data Pipeline-managed compute resources every 12 hours.
D) When the final activity that uses the resources has completed successfully or failed

A) All instances launched with this VPC will always be dedicated instances and the user cannot use a default tenancy model for them.
B) It does not support the AWS RDS with a dedicated tenancy VPC.
C) The user cannot use Reserved Instances with a dedicated tenancy model.
D) The EBS volume will not be on the same tenant hardware as the EC2 instance though the user has configured dedicated tenancy.

A) Launch VPC with two separate subnets and make the instance a part of both the subnets.
B) Launch a VPC instance with two network interfaces. Assign a separate security group and elastic IP to them.
C) Launch a VPC instance with two network interfaces. Assign a separate security group to each and AWS will assign a separate public IP to them.
D) Launch a VPC with ELB such that it redirects requests to separate VPC instances of the public subnet.

A) 5
B) 10
C) 100
D) 15

A) "Effect": "Allow", "Action": ["Describe"], "Resource": "Billing"
B) "Effect": "Allow", "Action": ["aws-portal: ViewBilling"], "Resource": "*"
C) "Effect": "Allow", "Action": ["aws-portal: ViewUsage"], "Resource": "*"
D) "Effect": "Allow", "Action": ["AccountUsage], "Resource": "*"

A) 1 TB
B) 50 GB
C) 5 GB
D) 100 GB

A) The user can achieve additional dedicated capacity for the EBS I/O with an enhanced RDS option
B) It uses a standard EBS volume with optimized configuration the stacks
C) It uses optimized EBS volumes and optimized configuration stacks
D) It provides a dedicated network bandwidth between EBS and RDS

A) Private address IP 10.201.31.6 is currently assigned to another interface
B) Private IP address 10.201.31.6 is reserved by Amazon for IP networking purposes.
C) Private IP address 10.201.31.6 is blocked via ACLs in Amazon infrastructure as a part of platform security.
D) Private IP address 10.201.31.6 is not part of the associated subnet's IP address range.