Answers to Mock Test 1:
|
Question |
Answer(s) |
Explanation |
|
Question 1 |
A |
Instance-store data is deleted if an instance is stopped. |
|
Question 2 |
D |
The public IP can be found in the instance metadata. |
|
Question 3 |
A |
The Health check grace period is probably too long. |
|
Question 4 |
C |
You need to create an AMI. The AMI can be deployed into any AZ. |
|
Question 5 |
C,E |
Private subnets have no access to the internet. A subnet can only map to one Availability Zone. |
|
Question 6 |
A |
Not enough power in the application tier. Add another instance. |
|
Question 7 |
D |
A script is needed for creating and rotating RDS snapshots. |
|
Question 8 |
B |
You aren't using all the bandwidth. Upload the files in parallel to S3. |
|
Question 9 |
A |
Alias resource record sets are virtual records that work like CNAME records. But they differ from CNAME records in that they aren't visible to resolvers. Resolvers only see the A record and the resulting IP address of the target record. As such, unlike CNAME records, alias resource record sets are available to configure a zone apex. |
|
Question 10 |
C |
Autoscaling the bastion host will automatically recover it if it fails. |
|
Question 11 |
A |
An OpsWorks stack can be used to deploy existing Chef recopies. |
|
Question 12 |
A,D |
S3 allows you to store virtually unlimited amounts of data as files that are directly accessible via URL. |
|
Question 13 |
A |
A role is the best solution to allow an instance to write to CloudWatch. |
|
Question 14 |
B |
RDS provides a backup as a service solution built in. |
|
Question 15 |
B |
Placement groups enable EC2 instances to interact with each other via high-bandwidth, low-latency connections. |
|
Question 16 |
C |
Tagging and projecting the tag name as a dimension can achieve this. |
|
Question 17 |
B |
Your service limits for the number of instances might need to be increased. |
|
Question 18 |
A |
There is no single point of failure. |
|
Question 19 |
D |
CloudFormation is the right solution that can help you deploy exact copies of different versions of your infrastructure, stage changes into different environments, revert back to previous versions, and identify what versions are running at any particular time. |
|
Question 20 |
D |
Scale the EC2 Auto Scaling group according to the number of messages each EC2 instance can process at a time. |
|
Question 21 |
C |
Read replicas are the perfect solution for analytics jobs. |
|
Question 22 |
B |
The Auto Scaling group is launching in one AZ only. Make sure the ELB has cross-zone LB enabled after you fix the AS group. |
|
Question 23 |
A,B,E |
Outstanding IO, average IO, and write latency will help us determine the performance issue. |
|
Question 24 |
D |
Create multiple notifications so you can take action when each threshold of usage is breached and also project the usage for the whole month. |
|
Question 25 |
C |
RDS Multi-AZ switches the CNAME over to standby when a primary failure is detected automatically. |
|
Question 26 |
D |
S3 data is automatically replicated between multiple data centers and delivers more than 99.99% availability in a region. |
|
Question 27 |
A,B,C |
WordPress stores a lot of data that can be cached both in CloudFront and ElastiCache. Also, using a read replica can relieve the load. |
|
Question 28 |
D |
Evictions and GetMisses are caused due to lack of power. Increase the size of the instance. |
|
Question 29 |
A, D |
Only NACLs and Security Groups can limit communication between instances in the same VPC. |
|
Question 30 |
B |
Placement groups provide the lowest latency between EC2 instances. |
|
Question 31 |
D |
Create a new dedicated tenancy instance. |
|
Question 32 |
B |
Check the routing table is correctly configured with a route to the outside via the IGW. |
|
Question 33 |
B |
An ENI can be used for cases where hardcoded IPs are used. |
|
Question 34 |
D |
NACLs can be easily used to block a whole range of IPs from being allowed into the subnet and are very efficient for this purpose. |
|
Question 35 |
B |
AWS makes sure to not allow spoofing and packet sniffing. |
|
Question 36 |
B |
RDS has a built-in backup solution that allows you to create daily backups. |
|
Question 37 |
C |
With SGs, you only need to define inbound rules as they are state-full. |
|
Question 38 |
B |
You can't use spot instances as the payments can take up to four minutes. Spot instances might get terminated with a two-minute warning, which could mean you would lose transactions. |
|
Question 39 |
C |
There is no service in AWS for Ansible. Simply launch EC2 instances and manage them like you do on-premise servers. |
|
Question 40 |
A,C |
EMR and Elastic Beanstalk allow us to log into the instances. |
|
Question 41 |
D |
# can't be used in IAM usernames. |
|
Question 42 |
B |
The simplest solution is to use an instance-status-check CloudWatch alarm. |
|
Question 43 |
A |
Snapshots of the EBS volume should complete a backup in time. |
|
Question 44 |
B |
Your servers are overloaded if you see 500 errors. increase the number of instances. |
|
Question 45 |
B,C |
Internet gateway for public subnets and NAT gateways for private subnets. |
|
Question 46 |
B |
An ENI is MAC can be used for the license to persist instance failure. |
|
Question 47 |
A |
ELB sticky sessions from the same user are sent to the same instance so the load on the server can be gravely unbalanced. |
|
Question 48 |
B |
An in-progress snapshot isn't affected by ongoing reads and writes to the volume. |
|
Question 49 |
D |
Consolidated billing and cross-account roles are the correct way of doing it. |
|
Question 50 |
B, D |
Memory utilization and thread usage can't be determined by CloudWatch. |
|
Question 51 |
B |
When assigning permissions, always use the least privilege approach. |
|
Question 52 |
A |
MFA will dramatically increase the security of your console access. |
|
Question 53 |
E |
Any metric can be delivered as a custom metric. |
|
Question 54 |
C |
The number of instances in a placement group can only be defined at startup time. |
|
Question 55 |
A,C |
ElastiCache running Memcached or DynamoDB are possible data stores for sessions. |
|
Question 56 |
A |
Stopping and starting an instance is likely to fix the “impaired” system status. |
|
Question 57 |
C |
Use an LDAP replica of your on-premises LDAP to authenticate your AWS resources. |
|
Question 58 |
A |
Weighted routing can be used to send 10% of the traffic to the standby site. |
|
Question 59 |
D |
SNS can receive and deliver HTTP, SMS, and emails while a custom SNS subscriber to the same topic can then further deliver on the other protocols. |
|
Question 60 |
B |
To meet 99.9999% availability, cross-region bucket-replication needs to be used. |
Answers to Mock Test 2:
|
Question |
Answer(s) |
Explanation |
|
Question 1 |
C |
Elastic Beanstalk is the simplest approach with the least management overhead. |
|
Question 2 |
B |
Use an NAT gateway to connect private instances to the internet. |
|
Question 3 |
B |
Only instance-store volumes provide in excess of 100,000 IOPS. |
|
Question 4 |
A |
CloudWatch can't see into the EC2 instance to determine how much usage is on disk. |
|
Question 5 |
C |
Apply a bucket policy that makes all objects in the bucket public. |
|
Question 6 |
C |
Among other logs, the error log is available in the RDS console. |
|
Question 7 |
D |
CloudWatch needs to notify Auto Scaling. The Auto Scaling policy is executed upon notification. |
|
Question 8 |
A |
Port 80 to the private security group isn't needed. |
|
Question 9 |
C |
Pre-warm the EBS volume to gain the most performance out of the box. |
|
Question 10 |
B |
S3 RRS durability is 99.95%. |
|
Question 11 |
C |
You can stream logs with the CloudWatch agent to CloudWatch Logs. |
|
Question 12 |
C |
Direct Connect can be delivered with a higher bandwidth than VPN. |
|
Question 13 |
C |
SSE is Encryption of data at rest with an S3-managed encryption key. |
|
Question 14 |
B |
Beanstalk supports rotating the logs to S3 and gives developers access to S3. |
|
Question 15 |
B |
Detailed monitoring collects metrics every minute at a cost. |
|
Question 16 |
D |
The local target allows all the subnets to communicate with each other by default. |
|
Question 17 |
C |
Corrupted messages that can't be processed are probably piling up in the queue. You would implement a DLQ for these messages. |
|
Question 18 |
B,D |
RDS and Redshift have the ability to back up the services out of the box. |
|
Question 19 |
C |
For 99.9% availability, running 1 instance is enough, but if an AZ goes down, we need to be able to restore this instance to another AZ, so 2 subnets and ELB are needed. |
|
Question 20 |
B |
You should suspend the Auto Scaling and figure out what's going on. |
|
Question 21 |
A |
Due to the number of users, you'll need to use Identity Federation. |
|
Question 22 |
A,B,D |
Read replicas, cache, or sharding can distribute the load on a database. |
|
Question 23 |
D |
To copy an instance, you'll need to copy the AMI to the other region. |
|
Question 24 |
C |
A route for 172.16.0.0/16 needs to be directed at the VPN gateway. |
|
Question 25 |
B,D |
Increasing the amount of CPU power by resizing the instance or adding more instances will help. |
|
Question 26 |
A,B |
Increasing the amount of CPU power by resizing the instance or adding more instances will help. |
|
Question 27 |
A,B |
C and D don't make sense. |
|
Question 28 |
C |
Geolocation can determine where the clients are coming from and direct them to the correct site. |
|
Question 29 |
D |
The deny statement has NotipAddress = 100.100.100.20/32 so everyone else will be denied. Explicit denies override explicit allows. |
|
Question 30 |
D |
sitefiles.s3-website.us-east-2.amazonaws.com. |
|
Question 31 |
D |
You'll need to use Snowball as there's no way to transfer 150 TB across a 10 Gbit line in less than 24 hours. |
|
Question 32 |
B |
Tag your resources and create a dashboard based on the tag metrics. |
|
Question 33 |
A |
The public IP of the ELB is irrelevant in the security group. |
|
Question 34 |
B |
There's no such thing as a Client Order Preference. |
|
Question 35 |
C |
When configured with the Server Order Preference, the ELB gets to select the first cipher in its list that matches any one of the ciphers in the client's list. |
|
Question 36 |
B |
Bulk requests can fetch 10 messages at a time. |
|
Question 37 |
D |
DynamoDB is the best solution. |
|
Question 38 |
B |
ELB access logs will display connection information from your ELB. |
|
Question 39 |
C |
The onsite DNS can resolve both internal and external addresses. Also, since you can only use one DHCP option, set C is the correct answer. |
|
Question 40 |
C |
The default SQS message-retention period is four days. |
|
Question 41 |
B |
Each game has to have its own topic so that users can subscribe to each game. |
|
Question 42 |
A |
Specify the IP range in the bucket policy. |
|
Question 43 |
D |
MySQl RDS is only highly-available with Multi-AZ. You need to keep the read replica for the BI purposes. |
|
Question 44 |
D |
Route 53 enables automatic failover – all others are manual. |
|
Question 45 |
A,D |
Separate each department into its own account and use consolidated billing. |
|
Question 46 |
D |
We are scaling on a timed basis so resource usage is irrelevant. |
|
Question 47 |
E |
AWS is only responsible for physical disk security. |
|
Question 48 |
C |
Direct Connect makes the link private and the VPN encrypts it. |
|
Question 49 |
B |
S3 is the cheapest, most scalable solution. |
|
Question 50 |
B |
You can't deploy multi-region due to synchronous DB copies. Three AZs with four instances each will allow for a failure of one AZ and still keep eight instances to provide the baseline. |
|
Question 51 |
C |
Global DynamoDB table is the correct solution. |
|
Question 52 |
A,B |
The statement has two allow statements: one that allows listing and reading of all objects in all buckets, and another that allow writing to the "samplebucket" bucket. |
|
Question 53 |
B |
Static website with route 53 health check is the only solution that will provide a meaningful response to the restorer. |
|
Question 54 |
B |
The SDK automatically retries all the requests that receive this error. |
|
Question 55 |
C |
General, Error, and Slow Query logs are available in RDS. |
|
Question 56 |
A |
The CLI on the EC2 instance can be used to upload custom metrics. |
|
Question 57 |
B,D |
Both versioning and MFA delete can protect you from accidental object deletion. |
|
Question 58 |
A,D |
The maximum size is 256 KB. SQS works in the producer/consumer pull model. There's no such thing as the Lambda SQS worker CLI. |
|
Question 59 |
B |
CloudFormation would make it simplest to deploy these services. |
|
Question 60 |
C,D |
ELB logs record response, request, and backend processing times. |