How many times will a message be delivered when using a standard SQS queue?

1. Once and only once
2. At least once
3. Once for each request of the relevant message in the queue
4. The answer is application dependent.

Which of the following services allow you to access the underlying operating system? (Choose two.)

1. RDS
2. EC2
3. EMR
4. DynamoDB

You are using an SQS queue in your web application. You are able to confirm that messages in the queue are being picked up by application instances for processing, but then nothing happens for over 12 hours. Then, after that period of time, the message appears in the queue again and processing restarts. What could be occurring?

1. The SQS queue has a visibility timeout that is set too high. The timeout should be reduced so that application instances can process the message more quickly.
2. SQS messages expire every 12 hours and must be reentered into the queue. The time that the message is invisible triggers the queue to ask for and receive the message from the original sender.
3. Processing is failing, or not completing, in the application instance. The message disappears because the SQS queue keeps it “invisible” for 12 hours while it is being processed. The message is then returned to the queue for processing if not handled prior to that timeout.
4. Your SQS queue needs to be restarted; it is likely not correctly queuing messages. The polling interval is also set too high, causing the long lack of visibility of the message.

Which of the following is a valid method of performing actions on an EBS snapshot?

1. Use the AWS console with a username and password.
2. Use the AWS CLI with an application key.
3. Use the AWS REST APIs with an application key.
4. All of the above
5. None of the above

Which of the following is most like a mailing list?

1. SQS
2. SNS
3. SWF
4. S3

In which of the following managed services are messages not pushed?

1. SQS
2. SNS
3. SWF
4. Redshift

In which of the following managed services can messages be pulled by an application?

1. SWF
2. SQS
3. SNS
4. S3

Which of the following managed services guarantees single assignment of a message?

1. S3
2. SQS
3. SNS
4. SWF

Which of the following managed services calls the messages it receives tasks?

1. S3
2. SWF
3. SNS
4. SQS

Which of the following managed services calls the messages it receives notifications?

1. S3
2. SWF
3. SNS
4. SQS

Which of the following managed services calls the messages it receives “messages”?

1. S3
2. SWF
3. SNS
4. None of these

Which of the following managed services coordinates activities between different applications?

1. S3
2. SNS
3. SWF
4. SQS

What does SWF stand for?

1. Simple Workflow Foundation
2. Simple Workflow Service
3. Sequential Workflow Service
4. Synchronous Workflow Foundation

What services are suitable for running compute-intensive custom scripts? (Choose two.)

1. EC2
2. S3
3. Redshift
4. ECS

Which AWS service is ideal for hosting a website while requiring the least amount of AWS staff and knowledge?

1. S3 website hosting
2. Amazon Lightsail
3. EC2
4. ECS

You have a registered AMI using an EBS volume as a root device, created from a volume snapshot. However, you have detected malicious code running in the EBS volume and want to remove the AMI and delete the EBS volume and its snapshot. What steps are required? (Choose two.)

1. Immediately delete the EBS volume snapshot.
2. Immediately deregister the AMI.
3. After the EBS volume has been deleted, deregister the AMI.
4. After the AMI has been deregistered, remove the AMI, and delete the EBS volume and its snapshot.

Which of the following AWS CLI commands is used to operate upon EBS volumes?

1. aws ec2 [command]
2. aws ebs [command]
3. aws instance [command]
4. You cannot operate upon EBS volumes directly from the AWS CLI.

You have a website running at applestoapples.net. However, many of your users have mistakenly entered in applestoapples.com as the URL in their browser. To correct this, you’ve recently purchased the additional domain applestoapples.com and now want to point all requests to this domain to applestoapples.net. Which DNS record set would you use?

1. MX
2. AAAA
3. CNAME
4. A

Your website has mostly static content, but you are adding a new section driven by an EC2 instance fleet behind an Elastic Load Balancer. You want to create a subdomain and direct all traffic to that subdomain toward the ELB. Which DNS record set would you use?

1. CNAME
2. AAAA
3. SOA
4. MX

Your domain is hosted and managed by Route 53. You want to create a new subdomain and point it to a fleet of EC2 instances behind an application load balancer. What is the best approach to this?

1. Create an A record and configure it as an alias to the ALB.
2. Create a CNAME record pointed at the URL of the ALB.
3. Create an A record pointed at the IP address of the ALB.
4. Set the ALB to send a redirect header to clients with the IP addresses of the currently active EC2 instances.

Does Route 53 supports zone apex records?

1. Yes, for all domains
2. Yes, but only for domains hosted on AWS
3. Yes, but only for services hosted on AWS
4. No

Which of the following statements are false? (Choose two.)

1. Route 53 does not allow aliases for naked domain names.
2. Route 53 supports zone apex records.
3. Route 53 allows aliases for domains hosted on AWS.
4. Route 53 only supports zone apex records for AWS-hosted services.

Which of the following statements are true? (Choose two.)

1. Route 53 supports Auto Scaling groups.
2. Route 53 automatically configures DNS health checks for registered domains.
3. Route 53 automatically sets up Auto Scaling groups for services to which it points.
4. Route 53 is automatically highly available.

How many domain names can you manage using Route 53?

1. 50
2. 100, but you can raise that limit by contacting AWS support.
3. Unlimited
4. 50, but you can raise that limit by contacting AWS support.

Which of the following is the best approach to accessing an RDS instance to troubleshoot operating system problems?

1. SSH
2. RDP
3. SFTP
4. None of these

Which of the following are true about VPC peering? (Choose two.)

1. A VPC peering connection is a networking connection between two VPCs within a single region.
2. A VPC peering connection is a VPN-based connection.
3. A VPC peering connection can help facilitate data transfer and file sharing.
4. Peered VPCs can exist in different regions.

You have two VPCs paired across two different regions. What is another name for this type of connection?

1. Inter-VPC peering connection
2. Inter-region VPC peering connection
3. Inter-VPC region connection
4. Multi-region peering connection

Which of the following statements about peered VPCs is false?

1. Both VPCs do not need to be within the same region.
2. Both VPCs do not need to be in the same AWS account.
3. Both VPCs will automatically have routing set up when the connection is created.
4. Traffic can flow in both directions between peered VPCs by default.

Which of the following statements about peered VPCs is true?

1. Both VPCs need to be within the same region.
2. Both VPCs need to be in the same AWS account.
3. Each VPC must use a unique security group.
4. The two VPCs cannot have overlapping CIDR blocks.

What kind of relationship is a VPC peering connection?

1. One-to-one between subnets
2. One-to-one between VPCs
3. One-to-many between subnets
4. One-to-many between VPCs

VPC A is peered to both VPC B and VPC C. How can you allow traffic to flow from VPC B to VPC C?

1. You can’t; transitive peering relationships are not allowed in AWS.
2. You must enable route forwarding in VPC A.
3. You must peer VPC B to VPC C.
4. You must enable route forwarding on VPC B.

VPC C has an overlapping CIDR block with VPC D. Given that, which of the following statements are true? (Choose two.)

1. VPC C and VPC D can be peered as is.
2. VPC C and VPC D cannot be peered as is.
3. To peer VPC C and VPC D, you must remove the overlap in their CIDR block.
4. To peer VPC C and VPC D, you must switch one to use IPv6 addresses.

How many peering connections are allowed between two VPCs?

1. One
2. Two
3. One for each subnet in each VPC
4. One for each NACL associated with each VPC

How many peering connections can a single VPC be a part of?

1. One
2. Unlimited, within AWS overall account limits
3. One for each subnet in each VPC
4. One for each NACL associated with each VPC

How does AWS facilitate transitive peering VPC relationships?

1. Transitive VPC relationships are only allowed if a bastion host is used.
2. Transitive VPC relationships are only allowed if a hub-and-spoke network model is used.
3. It does not; transitive VPC peering is not allowed in AWS.
4. It uses IPv4 for connection from a source VPC to a hub VPC and IPv6 from the hub to the origin VPC.

How does AWS support IPv6 communication in a VPC peering relationship? (Choose two.)

1. AWS does not support IPv6 communication in VPC peering.
2. You must associate IPv6 addresses with both VPCs and then set up routing to use these addresses.
3. You must associate IPv6 addresses with both VPCs and then set up a security group to use these addresses.
4. You must make sure the two VPCs are in the same region.

Which of the following are advantages of launching instances into a VPC as opposed to EC2-Classic? (Choose two.)

1. You can assign multiple IP addresses to your instances.
2. Your instances automatically run on multi-tenant hardware.
3. You can attach multiple network interfaces to your instances.
4. Your network is flat instead of layered.

Which of the following are differences between the default VPC and a custom VPC? (Choose two.)

1. Default VPCs have an internet gateway but custom VPCs do not.
2. Custom VPCs have public subnets but default VPCs do not.
3. Custom VPCs have an internet gateway but default VPCs do not.
4. Default VPCs have public subnets but custom VPCs do not.

How does the default VPC make instances in its public subnets available to Internet traffic? (Choose two.)

1. Through a default routing table that provides routing to the Internet
2. Through a virtual private gateway
3. Through a default security group that provides access out to the Internet
4. Through an internet gateway

Which of the following is assigned to instances launched into non-default subnets?

1. A private IPv6 address
2. A public IPv4 address
3. A private IPv4 address
4. A public IPv6 address

You want to provide Internet access for an instance in a non-default subnet. What do you need to do? (Choose two.)

1. Assign a private IP address to the instance.
2. Assign a public IP address to the instance.
3. Attach an internet gateway to the VPC in which the subnet resides.
4. Attach a NAT instance to the subnet.

What technology can you use to provide single sign-on to the AWS management console?

1. JSON
2. CloudFormation
3. YAML
4. SAML

You have created a new user in IAM. What default permissions does that user have?

1. Read access to all AWS services
2. Read and write access to all AWS services
3. No access to any AWS services
4. Read access only to the IAM service

What does IAM stand for?

1. Interoperative Access Management
2. Identity and Access Management
3. Independent Access Management
4. Identity and Authorization Management

You have created a new IAM user and created their sign-in URL. You give the user their URL. What else will they need to log in to the AWS management console? (Choose two.)

1. Their username
2. Their access key ID
3. Their password
4. Their secret access key

Which of the following IAM groups will allow users within it to interact with all AWS services?

1. Administrator
2. Power User
3. The default IAM permissions provide this level of access.
4. Support User

You have created a new IAM user and given the credentials to the user. However, she still is unable to log in to the AWS management console. What might the problem be?

1. You have not enabled Multi-Factor Authentication.
2. You have not enabled the User Login policy.
3. You have not provided the user her access key ID.
4. You have not provided the user her customized sign-in link.

You have been tasked with building an application that provides backend servicing for a mobile game with millions of users. Which of the following services might you use to receive and process the messages that the mobile clients send?

1. EC2, Mobile SDK
2. Amazon Kinesis, Mobile SDK
3. Amazon Kinesis, RDS
4. EC2, Lambda

Which of the following is required to set up a new AWS account for a company new to AWS?

1. Company name
2. Company email
3. Company account-holder username
4. Company URL

Which of the following AWS-defined IAM policies offer read and write access to the S3 and EC2 services? (Choose two.)

1. Administrator
2. Network Administrator
3. Support User
4. Power User

What does AWS call a document that defines a set of one or more permissions?

1. Program unit
2. Organizational unit
3. Policy
4. Group

What does the AWS service abbreviated as ECS stand for?

1. Elastic Compute Service
2. Elastic Container Service
3. Elastic Computer Service
4. Encapsulated Container Service

Which of the following are advantages of using containers for applications in AWS compared to using EC2 instances? (Choose two.)

1. You can scale applications automatically.
2. You can run larger applications in a container.
3. You can reduce the startup time of applications.
4. You can avoid having to explicitly manage and provision servers.

Which of the following sets of services are used in a typical AWS container stack?

1. ECR, ECS, EC2
2. ECS, EMR, EC2
3. Fargate, ECS, S3
4. ECR, ECS, S3

Which of the following services is typically associated with ECS?

1. EMR
2. S3
3. ECR
4. ECC

Which of the following are good reasons to consider using containers in AWS for your applications? (Choose two.)

1. You want to reduce overall cost.
2. You want to more effectively use your existing compute instances.
3. You have limited resources for managing your existing EC2 instances.
4. You need to scale up and down your applications.

Which of the following are differences between container-based applications and Lambda-based ones? (Choose two.)

1. Containers scale based on load and usage; Lambda scales based on events.
2. Containers live on underlying compute instances; Lambda code does not.
3. Containers are not as highly scalable as Lambda.
4. Containers can run entire application stacks; Lambda can only run isolated chunks of code.