Question 1

Which of the following statesments is not correct with respect to AWS SQS

Accepted Answer

all message in Amazon SQS queue are encrypted by default

Answer

Anmazon SQS can trigger Lambda functions

Answer

To select the message to delete, use ReceiptHandle of the message, not the MessageID which you receive when you send the message

Answer

Use dead letter queues to isolate messages that can't be processed for later analysis

Question 2

Which of the following is not a feature of AWS Securty Token Service (STS)

Accepted Answer

SES generated Git Credentials for IAM users

Answer

STS enables you to request temporary, limited-privilege credentials

Answer

STS generated Federated Creddentials for IAM users

Answer

STS enables users to assume role

Question 3

Which of the following are components required to effectively setup AutoScaling on your EC2 instances for a web-based application?

Accepted Answer

Launch Configuration, ELB, Autoscaling Group

Answer

Launch Configuration, Lambda

Answer

Launch Configuration, Lambda, Elastic IP

Answer

ELB, Elastic IP

Question 4

Your organization had setup Auto Scaling for an EC2 instance. They intend to launch one additional new instance with same configuration automatically when the workload Increases and shut it down automatically when the workload is back to normal. However. for security reasons. they have applied operating system patches to the main instance and would like this to be reflected when Auto Scaling group launches new EC2 instance What would happen in this scenario?

Accepted Answer

Create an image out of main EC2 instance, create a new Launch Configuration with new image AMI ID, update Auto Scaling group with new Launch Configuration ID

Answer

Auto Scaling group will launch new EC2 instance from the main instance latest snapshot. New instance will have updated patches.

Answer

Create an image out of main EC2 instance and update Auto Scaling group configuration with new image AMI ID.

Answer

Create an image out of main EC2 instance and update Launch Configuration with new image AMI ID.

Question 5

Your organization had created an S3 bucket for static website hosting. They had created and configured all necessary components for static website and ready to use with host name http://example-bucketcoms3- website-us-east-zamazonaws.com However. they would like to get the website served through domain wwwexample-bucket.com which is already registered. Which type of record set you need to create?

Accepted Answer

A - IPV4 Address with Alias=YES

Answer

A - IPV4 Address with Alias-NO

Answer

CNAME - Canonical Name with ALIAS-YES

Answer

CNAME - Canonical Name with ALIAS-NO

Question 6

Which of the following is not an AWS service that AWS Route 53 can route traffic to

Accepted Answer

Amazon CloudWatch

Answer

Amauon CloudFront

Answer

Amazon RDS

Answer

Elastic Load Balancing

Question 7

Your organization AWS Setup has an AWS S3 bucket which stores confidential documents which can be only downloaded by users authenticated and authorized via your application. You do not want to create IAM users for each of these users and as a best practice you have decided to generate AWS STS Federated User temporary credentials each time when a download request is made and then use the credentials to generate presigned URL and redirect user for download However, when user IS trying to access the presigned CIRL, they are getting Access Denied Error What could be the reason?

Accepted Answer

IAM User used to generate Federated User credentials does not have access on S3 bucket

Answer

Your application must be whitelisted in AWS STS service to perform FederatedUser action.

Answer

AWS STS service must be given access in S3 bucket ACL.

Answer

IAM Role used to generate Federated User credentials does not have access on S3 bucket.

Question 8

Your organization has an AWS setup and planning to build Single Sign On for users to authenticate with on premise Microsoft Active Directory Federation Services (ADFS) and let users login to AWS console using AWS ST S Enterprise Identity Federation. Which of the following service you need to call from AWS STS service after you authenticate with your on-premise?

Accepted Answer

AssumeRoleWithSAML

Answer

GetFederationToken

Answer

AssumeRoleWithWebldentity

Answer

GetCaUerldentity

Question 9

Which of the following is not a default metric type for Auto Scaling Group policy

Accepted Answer

Memory Utilization

Answer

Network Out

Answer

Network In

Answer

Average CPU Utilization

Question 10

An application team in your organization set up an autoscaling group configuration (with simple scaling policy) to Launch a new Instance when CPU utilization reaches 85%. However. at times. when EC2 instance comes into in-service. it reports Unhealthy status immediately However, as the replacement of the unhealthy instance by another instance (Launched by Autoscaling group) takes more than 15 minutes. the unhealthy instance has to be removed manually What do you think is the reason behind this?

Accepted Answer

Health Check Grace Period set to 20 minutes

Answer

Termination policy set to Do Not Terminate instances

Answer

Launch Configuration is not configured to report Unhealthy status

Answer

Auto scaling policy alarm incorrectly configured.

Question 11

Your organization had setup a web application on AWS VPC with 4 EC2 instances in a private subnet They had configured an elastic load balancer to distribute traffic between all 4 EC2 instances. They decided to route traffic from Internet to the elastic load balancer via a domain "wwnw_example-web-application.com" which they had already registered. Which type of record set you need to create?

Accepted Answer

A - IPV4 Address with Alias=YES

Answer

CNAME - Canonical Name with ALIAS-NO

Answer

CNAME - Canonical Name with ALIAS-YES

Answer

A - IPV4 Address with Alias-NO

Question 12

You have a web application hosted on AWS VPC with a single EC2 instance with Auto Scaling enabled. You have also assigned elastic IP address to the EC2 instance. When you access the elastic IP address. you are able to successfully connect to your web application. You decided to route requests to your application from a custom domain through Route 53. You have performed the setup on Route 53. However, when you access your custom domain name from internet. you get "Server Not Found" error. Which of the following could be a reason?

Accepted Answer

IP address configured in Route 53 DNS record set might be incorrect.

Answer

The resource on EC2 instance that you're routing tramc to is unavailable.

Answer

Route 53 service is for internal application routing. It does not support routing tramc from internet.

Answer

Route 53 service is for internal application routing. It does not support routing tramc from internet.

Question 13

You have launched an RDS instance in your VPC_ The endpoint that is assigned to your DB instance is a long. partially random. alphanumeric string. for example, myexampledb alb2c3d4wxyz_us west-2rds.amazonaws.com. Your organization wants to use a name that's easier to remember. so you registered a domain name using Route53 service. Which type of record set do you need to create?

Accepted Answer

CNAME - Canonical Name with ALIAS-NO

Answer

A - IPV4 Address with Alias-NO

Answer

CNAME - Canonical Name with ALIAS-YES

Answer

A - IPV4 Address with Alias=YES

Question 14

In AWS Route 53 record set, which of the following is not a routing policy

Accepted Answer

Distributed routing policy

Answer

Failover routing policy

Answer

Geolocation routing policy

Answer

Weighted routing policy

Question 15

You are planning to Launch a web based application in two different regions within US on AWS due to your organization compliance policies You have setup 2 EC2 instances attached to an elastic load balancer in us east-I. You have replicated the same setup in us-west-I. Now you have two load balancers which needs to listen traffic from internet You would want to split the requests equally between both Load balancers from a domain name hosted on your AWS Route 53 How should you configure your Route 53 record sets?

Accepted Answer

You are planning to Launch a web based application in two different regions within US on AWS due to your organization compliance policies You have setup 2 EC2 instances attached to an elastic load balancer in us east-I. You have replicated the same setup in us-west-I. Now you have two load balancers which needs to listen traffic from internet You would want to split the requests equally between both Load balancers from a domain name hosted on your AWS Route 53 How should you configure your Route 53 record sets?

Answer

Create two record sets, one each for us-east-I and us-west-I load balancers. Set weighted routing policy A. with weights as 1 and 2 respectively.

Answer

Create one record set and select both load balancers as Alias Targets. Set weighted routing policy with D. weights as 1 and 1 respectively.

Answer

Create one record set and select both load balancers as Alias Targets. Set weighted routing policy with c. weights as 1 and 2 respectively

Question 16

Which of the following types can be monitored for health checks by AWS Route 53?

Accepted Answer

Endpoints and State of CloudWatch alarm

Answer

EC2 Istnance health checks and Endpoints

Answer

State of CloudWatch alarms and DNS service health checks

Answer

DNS service helath checks and EC2 instance health checks

Question 17

In an auto scaling group setup. with default termination policy. which statement is correct?

Accepted Answer

Select the Availability Zone with the most instances and at least one instance that is not protected from scale in. If there is more than one Availability Zone with this number of instances, select the Availability Zone with the instances that use the oldest launch configuration

Answer

If there are multiple instances that use the oldest launch configuration, determine which unprotected instances are closest to the previous billing hour and terminate it.

Answer

Determine which unprotected instances in the selected Availability Zone use the newest launch configuration. If there is one such instance, terminate it.

Answer

If there is more than one unprotected instance closest to the previous billing hour, select one of these instances at random.

Question 18

You had setup an internal HTTP(S) Elastic Load Balancer to route requests to two EC2 instances inside a private VPC. However. one of the target EC2 instance is showing Unhealthy status Which of the following options is NOT a possible reason for showing an unhealthy status?

Accepted Answer

EC2 instance is in different availability zones than load balancer.

Answer

Port 80/443 is not allowed on EC2 instance's Security Group from load balancer.

Answer

The target did not return a successful response code

Question 19

In an AWS Setup of a company. a web-based application has a fleet of 10 EC2 instances. 7 EC2 instances are present in Availability Zone A whereas 3 EC2 instances in Availability Zone B. The percentage (%) of requests received in Availability Zone B is greater than the percentage (%) of requests in Availability Zone A. What can be done at the architecture level to balance the load across the two availability zones?

Accepted Answer

Use Application Load Balancer or cross zone load balancing

Answer

Enable "split traffic equally" checkbox under load balancer configuration.

Answer

Network Load Balancer to achieve his ability.

Question 20

Which of the following are features for monitoring the application load balancer (ALB)?

Accepted Answer

CloudWatch metrics, Request tracing and Cloud trail logs

Answer

Request tracing and EC2 Flow Logs

Answer

Request tracing and VPC Flow Logs

Answer

EC2 Flow Logs, VPS Flow Logs and CloudWatch Metrics

Question 21

You have created an application load balancer and selected two EC2 instances as targets. However. when you are trying to make a request to Load balancer from internet. the requests are getting failed. What could be the reason?

Accepted Answer

The subnets specified for load balancer does not have internet gateway attached to their route tables.

Answer

Cross-zone load balancing is not enabled.

Answer

Target EC2 instances are in private subnets without any internet gateway attached.

Answer

There is no elastic IP address attached to the load balancer.

Question 22

Which of the following is a correct way to register a target in the Elastic Load Balancer target group?

Accepted Answer

IP addresses

Answer

EC2 instance names

Answer

EC2 imageID

Answer

EC2 Primary Network Interface ID

Question 23

Your organization has an AWS Setup. Your recent monthly bill has shown some increase in SNS billing. Your management wants you to identify the requests made to AWS SNS on who made the request and the source IP address of the user who made the requests. How would you find out?

Accepted Answer

Enable CloudTrail logging for SNS.

Answer

Enable CloudWatch logging for SNS.

Answer

Enable SNS logging to S3 bucket.

Answer

Enable X-ray logging for SNS.

Question 24

Which of the following are available protocols for AWS SNS

Accepted Answer

AWS Lambda, AWS SQS, SMS

Answer

AWS MQ, Lambda, SMS

Answer

AWS SQS, Email-XML

Answer

SMS, Email-XML

Question 25

You are an architect in your company and you have configured an SNS topic to send emails to a group of users regarding the CloudWatch alarms on the resource usages and outages. You were requested by your head of department to exclude him from those alarms except for critical system outages How efficiently can you achieve this?

Accepted Answer

Add filter policy to head of department subscription.

Answer

For head of department subscription, select AWS Lambda function which contains code to identify critical system outages and send email using AWS SES

Answer

Create a new topic and and subscribe only head of department email address. Create new CloudWatch alarm only for critical outages and send messages to new Topic.

Answer

Configure another option on AWS CloudWatch alarm to send a direct email to head of department.

Question 26

Which of the following is not an item of message attribute in AWS SNS

Accepted Answer

MessageID

Answer

Name

Answer

Type

Answer

Value

Related quizzes

Related quizzes