Simulado – AWS Certified Solutions Architect Associate
Acesso restrito aos alunos do Curso.
Faça Login para ter acesso ao Simulado.
Login
Sumário do Quiz
0 de 65 questões completadas
Perguntas:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
Information
Simulado para o exame de certificação AWS Certified Solutions Architect Associate
Você já fez este questionário anteriormente. Portanto, não pode fazê-lo novamente.
Quiz is loading...
You must sign in or sign up to start the quiz.
Para iniciar este questionário, você precisa terminar, antes, este questionário:
Resultados
0 de 65 perguntas respondidas corretamente
Seu tempo:
Acabou o tempo
Você conseguiu 0 de 0 pontos possíveis (0)
| Pontuação média |
|
| Sua pontuação |
|
Categorias
- API Gateway 0%
- AutoScaling 0%
- Cloudformation 0%
- Cloudfront 0%
- CloudWatch 0%
- DynamoDB 0%
- EBS 0%
- EC2 0%
- ECS 0%
- ElasticBeanstalk 0%
- ELB 0%
- Glacier 0%
- IAM 0%
- Kinesis 0%
- Lambda 0%
- OpsWorks 0%
- Organizations 0%
- RDS 0%
- Redshift 0%
- Route53 0%
- S3 0%
- SNS 0%
- SQS 0%
- StorageGateway 0%
- SWF 0%
- Trusted Advisor 0%
- VPC 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- Respondido
- Revisão
-
Pergunta 1 de 65
1. Pergunta
Which of the following are delivery formats/transports for receiving SNS notifications? (Choose 3 answers)
Correto
Customers can select one of the following transports as part of their subscription requests: HTTP/HTTPS, Email, Email-JSON, SQS, SMS.
Incorreto
Customers can select one of the following transports as part of their subscription requests: HTTP/HTTPS, Email, Email-JSON, SQS, SMS.
-
Pergunta 2 de 65
2. Pergunta
What are the three methods available to create IAM Policies (Choose 3)
Correto
The three options available to create IAM Policies are copying an AWS Managed Policy, Policy Generator and Creating Your Own Policy
Incorreto
The three options available to create IAM Policies are copying an AWS Managed Policy, Policy Generator and Creating Your Own Policy
-
Pergunta 3 de 65
3. Pergunta
You work as a Solutions Architect for a large Healthcare organization. Your company has been developing a patient collaboration tool that will allow patients to chat interactively with their doctors. The solution will ensure the privacy of your end patients and patients will not be able to interact with each other using this tool. They will only be able to have one-on-one chat-style discussion with their doctor and nurses. The application needs to record all messages added to the system. As part of your overall design strategy, you also need to ensure that doctors and nurses can query the database whereby they can filter messages to them by patient and by date range. This is necessary if they need to review their past discussions. How would you go about it? (Choose 2 answers)
Correto
You can configure the table with a Partition Key and Sort Key. This is known as a composite primary key and is made up of two attributes, namely the primary (partition) key and the sort (range) key. You can uniquely identify an item if you provide both the partition key and sort key. Note that you can have multiple items with the same partition key if they have different sort keys.
Incorreto
You can configure the table with a Partition Key and Sort Key. This is known as a composite primarykey and is made up of two attributes, namely the primary (partition) key and the sort (range) key. You can uniquely identify an item if you provide both the partition key and sort key. Note that you can have multiple items with the same partition key if they have different sort keys.
-
Pergunta 4 de 65
4. Pergunta
You are a Solutions Architect for a large company. Your AWS account has multiple VPCs. Production VPC is hosted in the US-East-1 Region with IP CIDR block of 10.0.0.0/16. The Test/Dev VPC is hosted in AP-South-1 Region with IP CIDR block of 192.168.0.0/16. Your developers want to push application code updates from Test/Dev VPC to Production VPC as quickly as possible.
Which of the following options can help you achieve this?
Correto
A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them privately. Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your own VPCs, with a VPC in another AWS account, or with a VPC in a different AWS Region.
Incorreto
A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them privately. Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your own VPCs, with a VPC in another AWS account, or with a VPC in a different AWS Region.
-
Pergunta 5 de 65
5. Pergunta
What options are available to you for improving your Recovery Time Objective (RTO) and Recovery Point Objective (RPO) when architecting an AWS RDS solution for your client? (Choose 3 answers)
Correto
DB Snapshots can be used to restore point-in-time backups of your database to a new instance. You can use Multi-AZ to enable quick failovers and read replicas can ensure that users continue to access (read) data to help spread load.
Incorreto
DB Snapshots can be used to restore point-in-time backups of your database to a new instance. You can use Multi-AZ to enable quick failovers and read replicas can ensure that users continue to access (read) data to help spread load.
-
Pergunta 6 de 65
6. Pergunta
You wish to develop a mobile app that requests temporary AWS credentials dynamically when uploading images to an AWS S3 Bucket. Your app has been designed to enable users to log in using their Facebook accounts. Which API can you use to obtain the necessary AWS temporary security credentials?
Correto
You can use the AssumeRoleWithWebIdentity API to obtain and provide authentication token you get from those IdPs for AWS temporary security credentials
Incorreto
You can use the AssumeRoleWithWebIdentity API to obtain and provide authentication token you get from those IdPs for AWS temporary security credentials
-
Pergunta 7 de 65
7. Pergunta
You are building an application that stores scanned image data of patients’ information in a DynamoDB table. Each scanned document has metadata associated with it and is displayed with the scanned image. Which DynamoDB operation offers the most efficient way to retrieve a single item from a large table?
Correto
A Query Operation offers the most efficient way to retrieve a single item from a large table.
Incorreto
A Query Operation offers the most efficient way to retrieve a single item from a large table.
-
Pergunta 8 de 65
8. Pergunta
Which of the following are the three Archive Retrieval Options offered by Amazon Glacier? (Choose 3)
Correto
Amazon Glacier offers Standard, Expedited and Bulk retrieval options.
Incorreto
Amazon Glacier offers Standard, Expedited and Bulk retrieval options.
-
Pergunta 9 de 65
9. Pergunta
Due to some recent regulations, you have been instructed to ensure that all root/boot volumes of your EC2 Instances are encrypted. You have 6 EC2 instances in your AWS Account, and you just recalled that at the time of launch, you did not have the option to encrypt these root volumes. How can you encrypt the volumes?
Correto
Boot/Root volumes of public AMIs are not encrypted, and there is no option to encrypt them at the time of launch. You need to create an AMI image of the EC2 Instance, copy the AMI, and during the copy process, enable encryption on the boot volume, and then launch a new EC2 Instance from the AMI.
Incorreto
Boot/Root volumes of public AMIs are not encrypted, and there is no option to encrypt them at the time of launch. You need to create an AMI image of the EC2 Instance, copy the AMI, and during the copy process, enable encryption on the boot volume, and then launch a new EC2 Instance from the AMI.
-
Pergunta 10 de 65
10. Pergunta
You are about to launch a new Redshift Cluster with multiple nodes that will be used to handle large workloads. Which node type would you choose for your deployment?
Correto
When you launch a cluster, you need to specify the node type, which determines the CPU, RAM, and Storage type as well as the storage device for each node. There are two types of nodes:
- Dense Storage (DS) – This is for node types that are storage-optimized. DS2 are used to handle large workloads and normally uses HDD drives. Also, DS2 nodes are available in xlarge and 8xlarge sizes.
- Dense Compute (DC) – This is for node types that are compute-optimized and normally uses SSD drives, which means less storage space. However, they are ideal for performance-intensive workloads. Also, DC1 nodes are available in large and 8xlarge sizes.
Incorreto
When you launch a cluster, you need to specify the node type, which determines the CPU, RAM, and Storage type as well as the storage device for each node. There are two types of nodes:
- Dense Storage (DS) – This is for node types that are storage-optimized. DS2 are used to handle large workloads and normally uses HDD drives. Also, DS2 nodes are available in xlarge and 8xlarge sizes.
- Dense Compute (DC) – This is for node types that are compute-optimized and normally uses SSD drives, which means less storage space. However, they are ideal for performance-intensive workloads. Also, DC1 nodes are available in large and 8xlarge sizes.
-
Pergunta 11 de 65
11. Pergunta
How does Auto Scaling balance capacity?
Correto
Auto Scaling automatically balances EC2 instances across zones when you configure multiple zones in your Auto Scaling group settings.
Incorreto
Auto Scaling automatically balances EC2 instances across zones when you configure multiple zones in your Auto Scaling group settings.
-
Pergunta 12 de 65
12. Pergunta
For which of the following use cases would you recommend configuring your RDS with read-replicas? (Choose 3)
Correto
For the answer option to configure Disaster Recovery solutions, where both read and write operations would be required if the primary database is down, you need to configure Multi-AZ.
Incorreto
For the answer option to configure Disaster Recovery solutions, where both read and write operations would be required if the primary database is down, you need to configure Multi-AZ.
-
Pergunta 13 de 65
13. Pergunta
Your manager has been reviewing a set of 6 EC2 instances that have been launched in an EC2 Placement Group. He is concerned because these instances have been launched in a single Availability Zone, US-East-1B. He wants you to evenly distribute the instances across three Availability Zones to ensure maximum redundancy. What is incorrect about his analysis?
Correto
Placement Groups can only work in a single Availability Zone
Incorreto
Placement Groups can only work in a single Availability Zone
-
Pergunta 14 de 65
14. Pergunta
Which of the following represents Alarm States for CloudWatch? (Choose 3 answers)
Correto
An alarm can be in the following three states:
- OK
- Alarm
- Insufficient_Data
Incorreto
An alarm can be in the following three states:
- OK
- Alarm
- Insufficient_Data
-
Pergunta 15 de 65
15. Pergunta
You plan to launch a few EC2 Linux instances over the weekend. You wish to create a script to automate the deployment of Apache web server and run various updates and patches. You would like to do this at the time of launching the instance itself rather than log in and perform the necessary actions. What feature is available as part of the instance launch configuration that you would use to automate the process?
Correto
The User Data section of an instance launch configuration page can be used to provide the configuration details to perform during launch. A good example is running scripts to update the OS.
Incorreto
The User Data section of an instance launch configuration page can be used to provide the configuration details to perform during launch. A good example is running scripts to update the OS.
-
Pergunta 16 de 65
16. Pergunta
You are logged onto an EC2 instance using a terminal window. You need to access your instance metadata which will give you data about your instance such as the public and private IP Address etc. How can you obtain a list of available categories of metadata while logged into to the instance?
Correto
To view all categories of instance metadata from within a running instance, use the following URI: http://169.254.169.254/latest/meta-data/
Incorreto
To view all categories of instance metadata from within a running instance, use the following URI: http://169.254.169.254/latest/meta-data/
-
Pergunta 17 de 65
17. Pergunta
What is the maximum execution time for Lambda requests?
Correto
The maximum execution time for Lambda requests is set at 300 seconds (5 minutes).
Incorreto
The maximum execution time for Lambda requests is set at 300 seconds (5 minutes).
-
Pergunta 18 de 65
18. Pergunta
You are planning on configuring cross-region replication in a cross-account access scenario where the source and target buckets will be in two separate accounts. What does the target bucket owner need to do to enable you to replicate data from the source to the target bucket?
Correto
The owner of the target bucket needs to grant you permission to replicate data via a bucket policy
Incorreto
The owner of the target bucket needs to grant you permission to replicate data via a bucket policy
-
Pergunta 19 de 65
19. Pergunta
What is an Instance Profile?
Correto
An instance profile is a container for an IAM role that you can use to pass role information to an EC2 instance when the instance starts.
Incorreto
An instance profile is a container for an IAM role that you can use to pass role information to an EC2 instance when the instance starts.
-
Pergunta 20 de 65
20. Pergunta
You work for an International real estate company that owns estates and blocks of apartments across the nation. For compliance, regulatory reasons, you need to maintain a copy of all old rental agreements for the last seven years. You wish to store this data in the AWS cloud but also want to ensure that you incur the least cost. While you seldom access old rental agreements, you want to able to retrieve your rental agreements such that you don’t have to wait for 3 to 5 hours before the documents are available for download.
You have also been told that each rental agreement is only 1 to 2MB in size max. Furthermore, at any one point in time, the maximum amount of data you would need to urgently retrieve is less than 100MB. Which Storage service and retrieval option can you use to make data available whenever required within a very short space of time?
Correto
Expedited retrievals allow you to quickly access your data when occasional urgent requests for a subset of archives are required. Data accessed using Expedited retrievals is typically made available within 1 – 5 minutes.
Incorreto
Expedited retrievals allow you to quickly access your data when occasional urgent requests for a subset of archives are required. Data accessed using Expedited retrievals is typically made available within 1 – 5 minutes.
-
Pergunta 21 de 65
21. Pergunta
You are designing a new application that will be deployed on a touch interface at a local doctor’s clinic. It will be used to register patients’ arrival on the basis of first come first served. Patients will self-register themselves on the device by supplying personal information such as DOB and Patient ID. The application will interface with the backend scheduling software, and you want to ensure that you maintain strict order based on patient arrival into the doctor’s surgery.
Which AWS SQS feature can you use to ensure the above requirement?
Correto
Amazon SQS now comes with a new feature known as a FIFO queue. This is a First-In-First-Out delivery and provides an ‘exactly once processing’. The queue will process messages strictly in the order that it was received, and messages are only delivered once, leaving no chance for duplicates.
Incorreto
Amazon SQS now comes with a new feature known as a FIFO queue. This is a First-In-First-Out delivery and provides an ‘exactly once processing’. The queue will process messages strictly in the order that it was received, and messages are only delivered once, leaving no chance for duplicates.
-
Pergunta 22 de 65
22. Pergunta
When attempting to copy data to a Snowball you just ordered, you get the error
Failed to copy the following file: <Name of object with a keylength over 933 bytes> PARENT_NOT_FOUND
You have checked your file names and noted that all files have really small names, for example, ‘blackberry.jpg’. What could be the reason for the error above?
Correto
When determining key length, you include the file or object name as well as its path or prefixes. Thus, files with short file names within a heavily nested path can have keys longer than 933 bytes. The bucket name is not factored into the path when determining the key length.
Incorreto
When determining key length, you include the file or object name as well as its path or prefixes. Thus, files with short file names within a heavily nested path can have keys longer than 933 bytes. The bucket name is not factored into the path when determining the key length.
-
Pergunta 23 de 65
23. Pergunta
Your organization has multiple web servers across two Availability Zones; US-West-2A and US-West-2B. However, the instances are not distributed evenly across the two Availability Zones. US-West-2A hosts 8 web servers and US-West-2B hosts 4 web servers. What can you do to ensure that your Elastic Load Balancer distributes incoming requests evenly across all 12 instances?
Correto
Cross-Zone load balancing enables the load balancer to distribute traffic evenly across all registered instances in all enabled Availability Zones.
Incorreto
Cross-Zone load balancing enables the load balancer to distribute traffic evenly across all registered instances in all enabled Availability Zones.
-
Pergunta 24 de 65
24. Pergunta
What encryption standard is used to encrypt Gateway-Stored Volumes, Gateway-Cached Volumes, and all virtual tape data stored in AWS using Gateway-VTL, when at rest?
Correto
Gateway-Stored Volumes, Gateway-Cached Volumes, and all virtual tape data stored in AWS using Gateway-VTL, is encrypted at-rest using Advanced Encryption Standard (AES) 256.
Incorreto
Gateway-Stored Volumes, Gateway-Cached Volumes, and all virtual tape data stored in AWS using Gateway-VTL, is encrypted at-rest using Advanced Encryption Standard (AES) 256.
-
Pergunta 25 de 65
25. Pergunta
Your company hosts several VPCs in the Amazon Cloud which represent individual business units. Each business unit would normally manage their own resources in the cloud. Recently, you have set up a VPC for the provision of IT Services to all other business units and have configured VPC peering between your IT VPC and each of the other VPCs, e.g., Manufacturing, Sales, Marketing, and Finance. Your departments’ heads are requesting access to each other business units to work on joint collaborative projects. Your manager tells you that given that you have now set up VPC peering to each of the other business units, by default they will be able to communicate with each other through the IT VPC.
Correto
Transitive routing is not possible (you cannot route packets from VPC B to VPC C that go through VPC A).
Incorreto
Transitive routing is not possible (you cannot route packets from VPC B to VPC C that go through VPC A).
-
Pergunta 26 de 65
26. Pergunta
Which of the following is NOT a feature of DynamoDB?
Correto
DynamoDB is a NoSQL Database. It automatically partitions and re-partitions your data and provisions additional server capacity as your table size grows or as you increase your provisioned throughput. Amazon DynamoDB synchronously replicates data across three facilities in an AWS Region, giving you high availability and data durability.
Incorreto
DynamoDB is a NoSQL Database. It automatically partitions and re-partitions your data and provisions additional server capacity as your table size grows or as you increase your provisioned throughput. Amazon DynamoDB synchronously replicates data across three facilities in an AWS Region, giving you high availability and data durability.
-
Pergunta 27 de 65
27. Pergunta
You work for a firm of architects and store a large volume of corporate documents in the Amazon S3. Generally, documents created in the last three months are actively used on a daily basis. Between 3 to 6 months, those documents get access occasionally for references and need to be easily accessible. Management has informed you that they need to keep documents going back 7 years. However, they also want to reduce overall costs associated with storage and have asked you to suggest a way to achieve this. Note that all documents are critical and cannot be replaced. What lifecycle management strategy can you configure to achieve the above requirements?
Correto
Store documents in S3 Standard for the first 3 months and then move to S3 (IA) for the next 3 months. Move all documents older than 6 months to Glacier.
Incorreto
Store documents in S3 Standard for the first 3 months and then move to S3 (IA) for the next 3 months. Move all documents older than 6 months to Glacier.
-
Pergunta 28 de 65
28. Pergunta
Which five categories does Amazon Trusted Advisor report on to showcase if your workloads have been designed, deployed and are running in accordance with the best practices? (Choose 5 answers)
Correto
The five categories are cost optimization, security, performance, fault tolerance and service limits.
Incorreto
The five categories are cost optimization, security, performance, fault tolerance and service limits.
-
Pergunta 29 de 65
29. Pergunta
Which of the following is the Amazon side of a site-to-site VPN tunnel with a client’s corporate data centre?
Correto
A Virtual Private Gateway (VPG) represents the Amazon’s end of a VPN tunnel
Incorreto
A Virtual Private Gateway (VPG) represents the Amazon’s end of a VPN tunnel
-
Pergunta 30 de 65
30. Pergunta
You have configured API Gateway to respond to HTTP requests which involves querying a backend. You have had some reports of performance and latency issues with regards to the requests to your API. How can you reduce the number of calls made to your endpoint and improve latency of requests?
Correto
You can enable API caching in Amazon API Gateway to cache your endpoint’s responses and reduce the number of calls made to your endpoint as well as improve the latency of requests to your API. API Gateway then responds to the request by looking up the endpoint response from the cache instead of making a request to your endpoint. The default TTL value for API caching is 300 seconds. The maximum TTL value is 3600 seconds. TTL=0 means caching is disabled.
Incorreto
You can enable API caching in Amazon API Gateway to cache your endpoint’s responses and reduce the number of calls made to your endpoint as well as improve the latency of requests to your API. API Gateway then responds to the request by looking up the endpoint response from the cache instead of making a request to your endpoint. The default TTL value for API caching is 300 seconds. The maximum TTL value is 3600 seconds. TTL=0 means caching is disabled.
-
Pergunta 31 de 65
31. Pergunta
You need to use the same Lambda function for multiple stages in your API wherein the function should read data from different DynamoDB tables depending on the stage being called. Which feature of the API gateway will enable you to achieve this functionality?
Correto
Stage variables are name-value pairs that you can define as configuration attributes associated with a deployment stage of an API. They act like environment variables and can be used in your API setup and mapping templates.
Incorreto
Stage variables are name-value pairs that you can define as configuration attributes associated with a deployment stage of an API. They act like environment variables and can be used in your API setup and mapping templates.
-
Pergunta 32 de 65
32. Pergunta
You are planning on using ECS and a custom scheduler in conjunction with a Fargate Launch Type. However, you are not able to run your tasks. What could be the issue?
Correto
Custom Schedulers are only compatible with tasks that use the EC2 launch type. If you are using the Fargate launch type for your tasks, then the StartTask API will not work.
Incorreto
Custom Schedulers are only compatible with tasks that use the EC2 launch type. If you are using the Fargate launch type for your tasks, then the StartTask API will not work.
-
Pergunta 33 de 65
33. Pergunta
Which one of the following tools can you use to monitor traffic in a VPC?
Correto
VPC Flow Logs enable you to monitor traffic in a VPC.
Incorreto
VPC Flow Logs enable you to monitor traffic in a VPC.
-
Pergunta 34 de 65
34. Pergunta
What are the five lifecycle events when configuring AWS OpsWorks Stacks? (Choose 5 answers)
Correto
AWS OpsWorks Stacks lets you automatically run a specified set of recipes by supporting a set of five lifecycle events. These are Setup, Configure, Deploy, Undeploy, and Shutdown.
Incorreto
AWS OpsWorks Stacks lets you automatically run a specified set of recipes by supporting a set of five lifecycle events. These are Setup, Configure, Deploy, Undeploy, and Shutdown.
-
Pergunta 35 de 65
35. Pergunta
You have designed and deployed an RDS solution with Multi-AZ enabled to offer disaster recovery features. Your management would like to test out the DR capabilities over the weekend. How should you simulate a failover?
Correto
You can reboot the primary DB instance and select the option to failover. This will simulate a failover.
Ref: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_RebootInstance.html
Incorreto
You can reboot the primary DB instance and select the option to failover. This will simulate a failover.
Ref: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_RebootInstance.html
-
Pergunta 36 de 65
36. Pergunta
What combination of the following options will protect the S3 objects in your bucket from both accidental deletion and accidental overwriting? (Choose 2 answers)
Correto
By using Versioning and enabling MFA (Multi-Factor Authentication) Delete, you can secure and recover your S3 objects from accidental deletion or overwrite.
When a user accidentally deletes a file in S3 from a bucket enabled for versioning, the file continues to exist in the bucket albeit in a hidden state. You can then undelete the file by deleting a delete marker that was placed on the file.
You can also optionally add another layer of security by configuring a bucket to enable MFA (Multi-Factor Authentication) Delete, which requires additional authentication for delete operations. This will ensure that files are not deleted accidentally, but it will not prevent someone from deleting the file intentionally.
Incorreto
By using Versioning and enabling MFA (Multi-Factor Authentication) Delete, you can secure and recover your S3 objects from accidental deletion or overwrite.
When a user accidentally deletes a file in S3 from a bucket enabled for versioning, the file continues to exist in the bucket albeit in a hidden state. You can then undelete the file by deleting a delete marker that was placed on the file.
You can also optionally add another layer of security by configuring a bucket to enable MFA (Multi-Factor Authentication) Delete, which requires additional authentication for delete operations. This will ensure that files are not deleted accidentally, but it will not prevent someone from deleting the file intentionally.
-
Pergunta 37 de 65
37. Pergunta
Which Amazon service enables you to easily analyse streaming data in real time using standard SQL queries?
Correto
You can use Amazon Kinesis Analytics to run standard SQL queries on streaming data in real time.
Incorreto
You can use Amazon Kinesis Analytics to run standard SQL queries on streaming data in real time.
-
Pergunta 38 de 65
38. Pergunta
Which of the following types of storage can you directly attach to an EC2 Instance as virtual disks? (Choose 2 answers)
Correto
An EBS volume behaves like a raw, unformatted, external block device that you can attach to a single instance. The volume persists independently from the running life of an instance. After an EBS volume is attached to an instance, you can use it like any other physical hard drive. Many instances can access storage from disks that are physically attached to the host computer. This disk storage is referred to as instance store. Instance store provides temporary block-level storage for instances. The data on an instance store volume persists only during the life of the associated instance; if you stop or terminate an instance, any data on instance store volumes is lost.
Incorreto
An EBS volume behaves like a raw, unformatted, external block device that you can attach to a single instance. The volume persists independently from the running life of an instance. After an EBS volume is attached to an instance, you can use it like any other physical hard drive. Many instances can access storage from disks that are physically attached to the host computer. This disk storage is referred to as instance store. Instance store provides temporary block-level storage for instances. The data on an instance store volume persists only during the life of the associated instance; if you stop or terminate an instance, any data on instance store volumes is lost.
-
Pergunta 39 de 65
39. Pergunta
As an App Developer, which API Gateway service component do you need to work with for API execution?
Correto
An app developer will work with the API Gateway service component for API execution, named execute-api, in order to invoke an API that was created or deployed in API Gateway
Incorreto
An app developer will work with the API Gateway service component for API execution, named execute-api, in order to invoke an API that was created or deployed in API Gateway
-
Pergunta 40 de 65
40. Pergunta
You have deployed an Auto Scaling configuration for a client recently and have noticed that several Windows-based instances appear to get launched, terminated and launched again within very short periods of time. Your manager has informed you that every time Auto Scaling launches an instance, you are charged an hour’s usage even though that same instance may terminate in less than an hour. You wish to change your Auto Scaling configuration to ensure that you control costs while still delivering the capabilities of Auto Scaling. How should you configure your Auto Scaling design? (Choose 2 answers)
Correto
It’s best practice to scale out quickly but scale in slowly to cope with the bursts of traffic, and at the same time, avoid terminating instances inadvertently. You can do this by correctly configuring your CloudWatch Alarms and associated triggers. You can also configure your cool down periods to suspend scaling activities for short periods. This will help reduce the number of unnecessary terminations caused by the increase in traffic and load; new instances would be launched anyway. Since Amazon charges for all partial hours as complete hours, the above strategy should help optimize costs.
Incorreto
It’s best practice to scale out quickly but scale in slowly to cope with the bursts of traffic, and at the same time, avoid terminating instances inadvertently. You can do this by correctly configuring your CloudWatch Alarms and associated triggers. You can also configure your cool down periods to suspend scaling activities for short periods. This will help reduce the number of unnecessary terminations caused by the increase in traffic and load; new instances would be launched anyway. Since Amazon charges for all partial hours as complete hours, the above strategy should help optimize costs.
-
Pergunta 41 de 65
41. Pergunta
When setting up a Redshift Cluster with enhanced VPC routing to import data from an S3 Bucket located in a different region, what additional AWS service do you need to configure?
Correto
To connect to an Amazon S3 bucket in another region, you can configure a network address translation (NAT) gateway.
Incorreto
To connect to an Amazon S3 bucket in another region, you can configure a network address translation (NAT) gateway.
-
Pergunta 42 de 65
42. Pergunta
What is Connection Draining?
Correto
Connection Draining helps to ensure that the elastic load balancer stops sending new traffic to instances that are de-registered or unhealthy while keeping existing connections open to complete transactions.
Incorreto
Connection Draining helps to ensure that the elastic load balancer stops sending new traffic to instances that are de-registered or unhealthy while keeping existing connections open to complete transactions.
-
Pergunta 43 de 65
43. Pergunta
You have a standard VPC with a public/private subnet. You wish to create a web server which has a network interface for standard inbound public Internet access on port 443. You also need to manage this server from your corporate datacentre which has a site-to-site VPN tunnel already established in the private subnet of the VPC. How can you connect to the server for management purposes from the corporate datacentre while ensuring that you keep management traffic and inbound internet traffic separate?
Correto
You can use Elastic Network Interfaces (ENI), and attach it to your instances to create multi-home instances that can be used to separate management traffic with other public traffic.
Incorreto
You can use Elastic Network Interfaces (ENI), and attach it to your instances to create multi-home instances that can be used to separate management traffic with other public traffic.
-
Pergunta 44 de 65
44. Pergunta
Which of the following tools can you use to interact with the Lambda service? (Choose 3 answers)
Correto
In addition to the Lambda Console, and the AWS CLI, you can also use the SAM CLI, which is a command-line interface you can use to develop, test, and analyze your serverless applications locally before uploading them to the Lambda runtime.
Incorreto
In addition to the Lambda Console, and the AWS CLI, you can also use the SAM CLI, which is a command-line interface you can use to develop, test, and analyze your serverless applications locally before uploading them to the Lambda runtime.
-
Pergunta 45 de 65
45. Pergunta
You company has a primary production website in the US and a DR Site in Sydney. You need to configure DNS such that if your primary site becomes unavailable, you can fail DNS over to the secondary site. Which DNS routing policy can you configure to achieve this?
Correto
Using Health Checks, you can monitor the site in the US region, and if they become unhealthy, you can create a secondary policy to failover to your Sydney region.
Incorreto
Using Health Checks, you can monitor the site in the US region, and if they become unhealthy, you can create a secondary policy to failover to your Sydney region.
-
Pergunta 46 de 65
46. Pergunta
Your developers have to store sensitive environment variables including database passwords that your Lambda function will reference during invocation. Which AWS service can you use to facilitate the encryption service?
Correto
You can use environment variables to store sensitive information, such as a database password, using AWS Key Management Service and the Lambda console’s encryption helpers.
Ref: https://docs.aws.amazon.com/lambda/latest/dg/tutorial-env_console.html
Incorreto
You can use environment variables to store sensitive information, such as a database password, using AWS Key Management Service and the Lambda console’s encryption helpers.
Ref: https://docs.aws.amazon.com/lambda/latest/dg/tutorial-env_console.html
-
Pergunta 47 de 65
47. Pergunta
You are planning on setting up a new OpsWorks stack in Test/Dev and wish to apply permissions to technical users who will need to work on the environment. Specifically, the team that will be supporting and monitoring the stack require the following permissions:
- View the stack
- Deploy and update apps
- Add layers and instances
However, you do not want them to be able to create or clone stacks. Which OpsWorks Permission level would you assign for the above requirements?
Correto
With ‘Manage’ permissions, you can perform all stack management operations, but you cannot create or clone stacks.
Incorreto
With ‘Manage’ permissions, you can perform all stack management operations, but you cannot create or clone stacks.
-
Pergunta 48 de 65
48. Pergunta
You are planning on setting a test environment for a new upcoming web-application. You have extended your data centre into the cloud where you host a VPC with a private subnet. The subnet will be used to host all web and application servers in the VPC. You want to configure Route 53 so that the web resources in the VPC can be accessible using custom DNS domain names, instead of IPv4 address or the standard AWS provided by DNS hostnames. You also want to make sure that Route 53 enables you to route traffic for the domain within the VPC itself without exposing your resources on the Internet.
What kind of zone do you need to create in Route 53 to help you achieve the above?
Correto
Private Hosted Zones enable you to ensure that traffic is only exposed within the VPC and not on the Internet.
Incorreto
Private Hosted Zones enable you to ensure that traffic is only exposed within the VPC and not on the Internet.
-
Pergunta 49 de 65
49. Pergunta
Both you and your IT Service provider host all Infrastructure and Application workloads in the AWS cloud within your respective AWS Accounts. You need to grant one of the engineers who work at the IT service provider the ability to configure an Application Load Balancer in your AWS Account. Company policy dictates that anyone working on your AWS resource must authenticate using Multi-Factor authentication. How would you go about implementing this requirement?
Correto
With IAM roles, you can establish trust relationships between your AWS Account (trusting account) and the IT Service Provider’s AWS Account (trusted account). The trusting account owns the resource to be accessed, and the trusted account contains the users who need access to the resource. An IAM user from the trusted account can use the AWS Security Token Service (AWS STS) AssumeRole API action. This action provides temporary security credentials that enable access to AWS resources in your account.
Incorreto
With IAM roles, you can establish trust relationships between your AWS Account (trusting account) and the IT Service Provider’s AWS Account (trusted account). The trusting account owns the resource to be accessed, and the trusted account contains the users who need access to the resource. An IAM user from the trusted account can use the AWS Security Token Service (AWS STS) AssumeRole API action. This action provides temporary security credentials that enable access to AWS resources in your account.
-
Pergunta 50 de 65
50. Pergunta
Your company runs a website which streams Adobe Flash media content to its visitors. These are educational how-to-guides for DIY enthusiasts, and you have a global audience accessing your website daily. You wish to utilize Amazon CloudFront to deliver content whereby it caches media at different edge locations to help reduce latency. Which distribution mechanism should you use to do this?
Correto
RTMP can stream media files using Adobe Media Server using the Adobe Real-Time Messaging Protocol (RTMP)
Incorreto
RTMP can stream media files using Adobe Media Server using the Adobe Real-Time Messaging Protocol (RTMP)
-
Pergunta 51 de 65
51. Pergunta
You have several AWS Accounts for different business use cases, such as an account for Developers to build test environments and an account for Finance which runs all Accounting Applications. Which AWS Service can you use to group these accounts together, and then centrally manage them with policies?
Correto
You can use AWS Organizations to create or consolidate multiple AWS Accounts and centrally manage policies across these accounts. You can also use AWS Organizations to consolidate billing across multiple accounts and benefit from volume discounts.
Incorreto
You can use AWS Organizations to create or consolidate multiple AWS Accounts and centrally manage policies across these accounts. You can also use AWS Organizations to consolidate billing across multiple accounts and benefit from volume discounts.
-
Pergunta 52 de 65
52. Pergunta
Your company runs a pharmaceutical chain of stores, and you collect daily point-of-sale information across all branch stores in the country. Every 6 weeks, you gather a total of 300TB of data which is stored in Amazon S3. You need to run analytics against the data to derive statistical information, and this takes about 36 hours to complete. You also need to run this analysis every 6 weeks for reporting purposes. Which of the following will allow you to perform your analysis in the most cost-effective manner?
Correto
With EMR transient clusters, you can run inconsistent big data workloads and then turn the cluster off when not required.
Incorreto
With EMR transient clusters, you can run inconsistent big data workloads and then turn the cluster off when not required.
-
Pergunta 53 de 65
53. Pergunta
You were deploying a recently modified stack that halted with the error of UPDATE_ROLLBACK_FAILED state. What do you need to do to fix the issue and deploy your stack?
Correto
In most cases, you must fix the error that causes the update rollback to fail before you can continue to roll back your stack. In other cases, you can continue to roll back the update without any changes, for example, when a stack operation times out.
Incorreto
In most cases, you must fix the error that causes the update rollback to fail before you can continue to roll back your stack. In other cases, you can continue to roll back the update without any changes, for example, when a stack operation times out.
-
Pergunta 54 de 65
54. Pergunta
Which Amazon service enables you to easily analyse streaming data in real time using standard SQL queries?
Correto
You can use Amazon Kinesis Analytics to run standard SQL queries on streaming data in real time.
Incorreto
You can use Amazon Kinesis Analytics to run standard SQL queries on streaming data in real time.
-
Pergunta 55 de 65
55. Pergunta
You are building out an Auto Scaling plan for your EC2 instances that is based on a trigger, such that, if the CPU utilization goes above 70%, the Auto Scaling group will launch a new instance with a bespoke application installed. You need to ensure that when new EC2 instance launches, the application has read and write access to a specific S3 bucket. How can you use IAM to automatically provide this feature?
Correto
You can add an IAM role as a parameter in an Auto Scaling launch configuration and create the Auto Scaling group with the EC2 launch configuration. All EC2 instances launched in an Auto Scaling group that is associated with the IAM role will have the role to perform the read/write operation.
Incorreto
You can add an IAM role as a parameter in an Auto Scaling launch configuration and create the Auto Scaling group with the EC2 launch configuration. All EC2 instances launched in an Auto Scaling group that is associated with the IAM role will have the role to perform the read/write operation.
-
Pergunta 56 de 65
56. Pergunta
You have designed and deployed an RDS solution with Multi-AZ enabled to offer disaster recovery features. Your management would like to test out the DR capabilities over the weekend. How should you simulate a failover?
Correto
You can reboot the primary DB instance and select the option to failover. This will simulate a failover.
Ref: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_RebootInstance.html
Incorreto
You can reboot the primary DB instance and select the option to failover. This will simulate a failover.
Ref: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_RebootInstance.html
-
Pergunta 57 de 65
57. Pergunta
Amazon SWF uses long polling to reduce the inefficiencies associated with polling for new tasks. This involves holding a TCP connection open for a short duration when tasks are not immediately available in case one becomes available. What is the duration in seconds that Amazon SWF will hold a TCP connection in case a task becomes available?
Correto
Tasks that are available are returned as responses to the deciders and activity workers. Should a task not be immediately available, Amazon SWF will hold the TCP connection for 60 seconds in case a new task becomes available.
Incorreto
Tasks that are available are returned as responses to the deciders and activity workers. Should a task not be immediately available, Amazon SWF will hold the TCP connection for 60 seconds in case a new task becomes available.
-
Pergunta 58 de 65
58. Pergunta
Your company has configured multiple AWS accounts for various departments in your organization. Your finance team has approached you to help identify ways in which the total monthly costs across all these accounts can be more cost-effective. As an initial step and before analysing which workloads could be re-architected to be more cost-effective, what strategy can you deploy to help reduce the monthly bill?
Correto
Consolidated Billing enables you to club all your AWS accounts under a single organization. You can then benefit from volume discounts across various AWS services deployed in these member accounts such as EC2 and S3. Increasing the EC2 Instance type may not reduce your overall bill and may create application compatibility issues. As stated by the question, you are looking for a quick solution and will later examine ways to re-architect the existing infrastructure deployed to be more cost-effective.
Incorreto
Consolidated Billing enables you to club all your AWS accounts under a single organization. You can then benefit from volume discounts across various AWS services deployed in these member accounts such as EC2 and S3. Increasing the EC2 Instance type may not reduce your overall bill and may create application compatibility issues. As stated by the question, you are looking for a quick solution and will later examine ways to re-architect the existing infrastructure deployed to be more cost-effective.
-
Pergunta 59 de 65
59. Pergunta
When uploading objects to an S3 bucket programmatically via APIs, which result code indicates a successful upload?
Correto
S3 only sends a 200 response for an object upload when the entire object has been received, stored durably, and recorded into the index.
Incorreto
S3 only sends a 200 response for an object upload when the entire object has been received, stored durably, and recorded into the index.
-
Pergunta 60 de 65
60. Pergunta
You are planning on deploying a database solution on an EC2 instance that is unsupported by AWS RDS. You need a solution which has a high IO bandwidth requirement, far more than is currently available from the current list of EBS types. How would you configure the storage required for this solution?
Correto
For greater I/O performance than you can achieve with a single volume, RAID 0 can stripe multiple volumes together; for on-instance redundancy, RAID 1 can mirror two volumes together.
Incorreto
For greater I/O performance than you can achieve with a single volume, RAID 0 can stripe multiple volumes together; for on-instance redundancy, RAID 1 can mirror two volumes together.
-
Pergunta 61 de 65
61. Pergunta
Which protocol is used by DNS when response data size exceeds 512 bytes?
Correto
Should responses to DNS result in data size exceeding 512 bytes, the transmission is done over TCP port 53
Incorreto
Should responses to DNS result in data size exceeding 512 bytes, the transmission is done over TCP port 53
-
Pergunta 62 de 65
62. Pergunta
What combination of the following options will protect the S3 objects in your bucket from both accidental deletion and accidental overwriting? (Choose 2 answers)
Correto
By using Versioning and enabling MFA (Multi-Factor Authentication) Delete, you can secure and recover your S3 objects from accidental deletion or overwrite.
When a user accidentally deletes a file in S3 from a bucket enabled for versioning, the file continues to exist in the bucket albeit in a hidden state. You can then undelete the file by deleting a delete marker that was placed on the file.
You can also optionally add another layer of security by configuring a bucket to enable MFA (Multi-Factor Authentication) Delete, which requires additional authentication for delete operations. This will ensure that files are not deleted accidentally, but it will not prevent someone from deleting the file intentionally.
Incorreto
By using Versioning and enabling MFA (Multi-Factor Authentication) Delete, you can secure and recover your S3 objects from accidental deletion or overwrite.
When a user accidentally deletes a file in S3 from a bucket enabled for versioning, the file continues to exist in the bucket albeit in a hidden state. You can then undelete the file by deleting a delete marker that was placed on the file.
You can also optionally add another layer of security by configuring a bucket to enable MFA (Multi-Factor Authentication) Delete, which requires additional authentication for delete operations. This will ensure that files are not deleted accidentally, but it will not prevent someone from deleting the file intentionally.
-
Pergunta 63 de 65
63. Pergunta
When setting your environment configuration for an Elastic Beanstalk deployment, what is the minimum configuration you need to set up to ensure your applications are highly available?
Correto
Edit your environment configuration settings, select 2 or more instances for Auto Scaling minimum, and set Multiple Availability Zones to “Any 2”.
Incorreto
Edit your environment configuration settings, select 2 or more instances for Auto Scaling minimum, and set Multiple Availability Zones to “Any 2”.
-
Pergunta 64 de 65
64. Pergunta
Your company is planning to deliver online medical training videos to paid subscribers across the globe. You also want to use Amazon Edge Locations to cache content and improve latency speeds. Which features of Amazon CloudFront can you use to help you ensure that you can securely serve private content? (Choose 3 answers)
Correto
Amazon CloudFront enables you to serve private content using Signed URLs, Signed Cookies and Origin Access Identities, which are used to ensure that content is only accessible via the CloudFront Distribution. While VPN’s can be used to access content securely, they cannot be utilized with CloudFront as there is no benefit gained in latency improvements via VPN connections.
Incorreto
Amazon CloudFront enables you to serve private content using Signed URLs, Signed Cookies and Origin Access Identities, which are used to ensure that content is only accessible via the CloudFront Distribution. While VPN’s can be used to access content securely, they cannot be utilized with CloudFront as there is no benefit gained in latency improvements via VPN connections.
-
Pergunta 65 de 65
65. Pergunta
With regards to Amazon SWF, open workflows can be closed in four of the following states? Which ones are they? (Choose 4 answers)
Correto
Open workflows can be closed in the following states:
- Completed
- Cancelled
- Failed
- Terminated
Incorreto
Open workflows can be closed in the following states:
- Completed
- Cancelled
- Failed
- Terminated