2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Whizlabs O er | Flat 15% OFF SITEWIDE | Use Coupon - WHIZOFFER15

 j My Courses j AWS Certi ed SysOps Administrator Associate j Diagnostic Test j Report

Search Courses D
Diagnostic Test Completed on 10-June-2019

Attempt Marks Obtained Your score

02 56 / 60 93.33%

Time Taken Result

00 H 17 M 39 S Congratulations! Passed

Share your Result with your friends

hm
Domains wise Quiz Performance Report

No 1
Domain Other
Total Question 60
Correct 56
Incorrect 4
Unattempted 0
Marked for review 0

Total Total
All Domain All Domain
Total Question 60
Correct 56
Incorrect 4
Unattempted 0
Marked for review 0

https://www.whizlabs.com/learn/course/quiz-result/134073 1/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Review the Answers

Sorting by All

Question 1 Correct

Domain : Other

There are currently multiple applications hosted in a VPC. During monitoring it has been noticed that
multiple port scans are coming in from a specific IP Address block. The internal security team has
requested that all offending IP Addresses be denied for the next 24 hours. Which of the following is
the best method to quickly and temporarily deny access from the specified IP Address's.

Create an AD policy to modify the Windows Firewall settings on all hosts in the VPC to deny access
] A. from the IP Address block.

z] B.
Modify the Network ACLs associated with all public subnets in the VPC to deny access from the
IP Address block. A
] C. Add a rule to all of the VPC Security Groups to deny access from the IP Address block.

Modify the Windows Firewall settings on all AMI's that your organization uses in that VPC to deny
] D. access from the IP address block.

Explanation:

Answer – B

A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall
for controlling traffic in and out of one or more subnets.

Option A and D are wrong because this is a tedious task and it only works for Windows systems. You
need something that will work for Linux systems as well.

Option C is only adequate for EC2 instances, but you need rules that will apply to the whole subnet.
Otherwise the task of having this done for all servers becomes a tedious task.

To change the Network ACL’s follow the below steps

Step 1) Go to your VPC dashboard. You would probably already have a network ACL once the VPC is
defined. Click on the Network ACL, go to Inbound Rules and click on Edit

Step 2) In the next screen, create a rule that will deny access to the offending IP Address. In the below
snapshot, we are assuming that the IP Address are in the range of 7.7.7.7/32. Then ensure that the

https://www.whizlabs.com/learn/course/quiz-result/134073 2/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

action is the Deny action. By putting a rule number of 95, this ensure that this rule is executed before
the other rules in the NACL list.

For more information on Network ACL’s, please visit the URL:

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html

Ask our Experts

Rate this Question? vu

Question 2 Correct

Domain : Other

You have two Elastic Compute Cloud (EC2) instances inside a Virtual Private Cloud (VPC) in the same
Availability Zone (AZ) but in different subnets. One instance is running a database and the other
instance an application that will interface with the database. You want to confirm that they can talk to
each other for your application to work properly. Which two things do we need to confirm in the VPC
settings so that these EC2 instances can communicate inside the VPC? Choose 2 answers.

z A. A network ACL that allows communication between the two subnets.

A
B. Both instances are the same instance class and using the same Key-pair.

C. That the default route is set to a NAT instance or internet Gateway (IGW) for them to communicate.

z D.
Security groups are set to allow the application host to talk to the database on the right
port/protocol. A
Explanation:

Answer - A and D

When you design a web server and database server, the security groups must be defined so that the
web server can talk to the database server. An example image from the AWS documentation is given
below

Also when communicating between subnets you need to have the NACL’s defined

https://www.whizlabs.com/learn/course/quiz-result/134073 3/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Option B is wrong since the EC2 instances need not be of the same class or same key pair to
communicate to each other.

Option C is wrong since there the NAT and Internet gateway is used for the subnet to communicate to
the internet.

For more information on VPC and Subnets, please visit the below URL:

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html

Ask our Experts

Rate this Question? vu

Question 3 Correct

Domain : Other

You are managing a legacy application Inside VPC with hard coded IP addresses in its configuration.
Which two mechanisms will allow the application to failover to new instances without the need for
reconfiguration? Choose 2 answers

A. Create an ELB to reroute tra c to a failover instance

z B. Create a secondary ENI that can be moved to a failover instance

A
C. Use Route53 health checks to fail tra c over to a failover instance

z D.
Assign a secondary private IP address to the primary ENI that can be moved to a failover
instance A
Explanation:

Answer - B and D

Here you can choose either the option of creating a Secondary Network interface which can moved to
the failover instance or have a secondary IP Address which can be moved to the failover instance. For

https://www.whizlabs.com/learn/course/quiz-result/134073 4/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

both cases, you can do this at the time of defining the EC2 instance as shown below.

For more information on Network Interfaces, please visit the below URL:

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html

Ask our Experts

Rate this Question? vu

Question 4 Correct

Domain : Other

You are designing a system that has a Bastion host. This component needs to be highly available
without human intervention. Which of the following approaches would you select?

] A. Run the bastion on two instances one in each AZ

Run the bastion on an active Instance in one AZ and have an AMI ready to boot up in the event of
] B. failure

z] C.
Con gure the bastion instance in an Auto Scaling group Specify the Auto Scaling group to
include multiple AZs but have a min-size of 1 and max-size of 1 A
] D. Con gure an ELB in front of the bastion instance

Explanation:

Answer – C

You can have a bastion host running in multiple AZ, but the recommendation is to have one running in
each AZ. Hence you need to make sure that the Autoscaling group is set to a max-size of one.

A bastion host is a special purpose computer on a network specifically designed and configured to
withstand attacks. The computer generally hosts a single application, for example a proxy server, and
all other services are removed or limited to reduce the threat to the computer.

In AWS, A bastion host is kept on a public subnet. Users log on to the bastion host via SSH or RDP and
then use that session to manage other hosts in the private subnets.

This is a security practice adopted by many organization to secure the assets in their private subnets.
https://www.whizlabs.com/learn/course/quiz-result/134073 5/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

For more information on AutoScaling, please visit the below URL:

https://aws.amazon.com/autoscaling/

Ask our Experts

Rate this Question? vu

Question 5 Correct

Domain : Other

It is possible to have a rollback window for objects in S3. If yes, then which of the below methods can
help achieve this

] A. Data Encryption in S3.

z] B. Using the lifecycle policy with Versioning.

A
] C. Using S3 static site.

] D. This is not possible.

Explanation:

Answer – B

As per the AWS documentation, you can use the Lifecycle versioning policy in S3 to achieve the
rollback window.

You can define the Lifecycle policy in S3 as shown below.

https://www.whizlabs.com/learn/course/quiz-result/134073 6/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

For more information on S3, please visit the below URL:

https://aws.amazon.com/s3/faqs/

Ask our Experts

Rate this Question? vu

Question 6 Correct

Domain : Other

Which feature in S3 allows one to analyze the storage access patterns whilst using the storage in S3?
Choose one answer from the options given below.

z] A. S3 Analytics
A
] B. S3 lifecycle policy

] C. S3 IA

] D. This is not possible

Explanation:

Answer - A

https://www.whizlabs.com/learn/course/quiz-result/134073 7/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

As per the AWS documentation, you can use the S3 storage analytics to see storage patterns.

Option B is wrong because this is used for managing storage transfer to the glacier.

Option C is wrong because this is used for Infrequent Access storage.

Option D is wrong because this is possible in S3.

For more information on S3, please visit the below URL:

https://aws.amazon.com/s3/faqs/

https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html

Ask our Experts

Rate this Question? vu

Question 7 Correct

Domain : Other

You have been asked to automate many routine systems administrator backup and recovery activities.
Your current plan is to leverage AWS-managed solutions as much as possible and automate the rest
with the AWS CLI and scripts. Which task would be best accomplished with a script?

z] A. Creating daily EBS snapshots with a monthly rotation of snapshots

A
] B. Creating daily RDS snapshots with a monthly rotation of snapshots

https://www.whizlabs.com/learn/course/quiz-result/134073 8/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

] C. Automatically detect and stop unused or underutilized EC2 instances

] D. Automatically add Auto Scaled EC2 instances to an Amazon Elastic Load Balancer

Explanation:

Answer – A

EBS snapshots are the ones that can be managed via the CLI.

You can easily create a snapshot from a volume while the instance is running and the volume is in use.
You can do this from the EC2 dashboard.

Option B is wrong because this is managed by AWS via RDS.

Option C and D is wrong because this is managed by Autoscaling.

An example of doing it via the CLI is given below

AWS ec2 create-snapshot --volume-id vol-1234567890abcdef0 --description

"This is my root volume snapshot."

For more information on the CLI , please visit the URL:

http://docs.aws.amazon.com/cli/latest/reference/ec2/create-snapshot.html

For more information on EBS Snapshots, please visit the below URL:

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.html

https://www.whizlabs.com/learn/course/quiz-result/134073 9/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Ask our Experts

Rate this Question? vu

Question 8 Correct

Domain : Other

Amazon S3 is storage for the Internet. It’s a simple storage service that offers software developers a
highly-scalable, reliable, and low-latency data storage infrastructure at very low costs. From the
below options which are true with regards to AWS S3. Choose 2 answers from the options given below.

z A. Objects are directly accessible via a URL

A
B. S3 should be used to host a relational database

C. S3 allows you to store objects of virtually unlimited size

z D. S3 allows you to store virtually unlimited amounts of data

A
E. S3 o ers Provisioned IOPS

Explanation:

Answer - A and D

Option A is correct since in S3, all objects are directly accessible via a URL. An example is shown
below

Option D is correct because as per the AWS documentation, S3 can store virtually unlimited amounts
of data. Option C is incorrect since there is a limit on the object size.

https://www.whizlabs.com/learn/course/quiz-result/134073 10/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Option B is incorrect because S3 cannot be used to host a relational database.

Option E is incorrect because EBS provides IOPS and not S3.

For more information on S3, please visit the below URL:

https://aws.amazon.com/s3/faqs/

Ask our Experts

Rate this Question? vu

Question 9 Correct

Domain : Other

You receive a frantic call from a new DBA who accidentally dropped a table containing all your
customers. Which Amazon RDS feature will allow you to reliably restore your database to within 5
minutes of when the mistake was made?

] A. Multi-AZ RDS

] B. RDS snapshots

] C. RDS read replicas

z] D. RDS automated backup

A
Explanation:

Answer - D

The Question is referring to an AWS RDS feature which will allow us to restore our db to a specified
time which is just 5 minutes prior to the deletion of the table.

As per AWS documentation,

https://www.whizlabs.com/learn/course/quiz-result/134073 11/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

The Amazon RDS automated backup feature automatically creates a storage volume snapshot of your
DB instance, backing up the entire DB instance and not just individual databases. This backup occurs
during a daily user-configurable 30 minute period known as the backup window. Automated backups
are kept for a configurable number of days (called the backup retention period). You can restore your
DB instance to any specific time during this retention period, creating a new DB instance.

To determine the latest restorable time for a DB instance, use the AWS CLI describe-db-
instances command and look at the value returned in the LatestRestorableTimefield for the DB
instance. The latest restorable time for a DB instance is typically within 5 minutes of the current time.

For more information regarding this please use the link given below:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIT.html

Automated backups automatically back up your DB instance during a specific, user-definable backup
window. Amazon RDS keeps these backups for a limited period that you can specify. You can later
recover your database to any point in time during this backup retention period. And all of these
backups get stored to S3 by default.

The backup retention period is present as a setting when you setup the RDS in AWS.

 Option A and C are wrong because If the table is deleted the Multi-AZ and Read Replica will also
have the same dropped tables because the synchronization would have already happened.

Option B is wrong because snapshots is a manual process.

For more information on Automated backups, please visit URL:

http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.h

Ask our Experts

Rate this Question? vu

Question 10 Correct

https://www.whizlabs.com/learn/course/quiz-result/134073 12/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Domain : Other

A media company produces new video files on-premises every day with a total size of around 100GB
after compression All files have a size of 1 -2 GB and need to be uploaded to Amazon S3 every night in
a fixed time window between 3am and 5am Current upload takes almost 3 hours, although less than
half of the available bandwidth is used. What step(s) would ensure that the file uploads are able to
complete in the allotted time window?

] A. Increase your network bandwidth to provide faster throughput to S3

z] B. Upload the les in parallel to S3

A
] C. Pack all les into a single archive, upload it to S3, and then extract the les in AWS

] D. Use AWS Import/Export to transfer the video les

Explanation:

Answer – B

When uploading large videos it’s always better to make use of AWS multi part file upload.

So if you are using the Multi Upload option for S3, then you can resume on failure. Below are the
advantage of Multi Part upload

Improved throughput—you can upload parts in parallel to improve throughput.

Quick recovery from any network issues—smaller part size minimizes the impact of restarting a
failed upload due to a network error.

Pause and resume object uploads—you can upload object parts over time. Once you initiate a
multipart upload there is no expiry; you must explicitly complete or abort the multipart upload.

Begin an upload before you know the nal object size—you can upload an object as you are
creating it.

 For more information on Multi-part file upload for S3, please visit the URL:

http://docs.aws.amazon.com/AmazonS3/latest/dev/qfacts.html

Ask our Experts

Rate this Question? vu

https://www.whizlabs.com/learn/course/quiz-result/134073 13/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Question 11 Correct

Domain : Other

You are running a web-application on AWS consisting of the following components an Elastic Load
Balancer (ELB) an Auto-Scaling Group of EC2 instances running Linux/PHP/Apache, and Relational
DataBase Service (RDS) MySQL. Which security measures fall into AWS’s responsibility?

Protect the EC2 instances against unsolicited access by enforcing the principle of
] A.
least-privilege access

z] B. Protect against IP spoofing or packet sniffing

A
] C. Assure all communication between EC2 instances and ELB is encrypted

] D. Install the latest operating system patches on EC2 instances

Explanation:

Answer – B

As per the shared responsibility shown below, the users are required to control the EC2 security via
security groups and network access control layers.

Also it is the user’s responsibility model, AWS takes care of the physical components and the
infrastructure to provide Virtualization.

https://www.whizlabs.com/learn/course/quiz-result/134073 14/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

For more information on AWS shared responsibility model, please visit the link:

https://aws.amazon.com/blogs/security/tag/shared-responsibility-model/

Ask our Experts

Rate this Question? vu

Question 12 Correct

Domain : Other

When do you get billed for EC2 instances? Please choose one answer from the options given below.

z] A. Running state
A
] B. Terminated state

] C. Stopped state

] D. All of the above

https://www.whizlabs.com/learn/course/quiz-result/134073 15/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Explanation:

Answer – A

Remember that you get charged for EC2 instances only when the instances are in a running state. This
is also specified as per the documentation in AWS as shown in the snapshot below. All other options
are invalid as per the documentation given below.

For more information on EC2 instances, please visit the URL:

https://aws.amazon.com/ec2/faqs/

Ask our Experts

Rate this Question? vu

Question 13 Correct

Domain : Other

Your team is excited about the use of AWS because now they have access to "programmable
Infrastructure”. You have been asked to manage your AWS infrastructure In a manner similar to the
way you might manage application code You want to be able to deploy exact copies of different
versions of your infrastructure, stage changes into different environments, revert back to previous
versions, and identify what versions are running at any particular time (development test QA .
production). Which approach addresses this requirement?

] A. Use cost allocation reports and AWS Opsworks to deploy and manage your infrastructure.

Use AWS CloudWatch metrics and alerts along with resource tagging to deploy and manage your
] B. infrastructure.

] C. Use AWS Beanstalk and a version control system like GIT to deploy and manage your infrastructure.

z] D.
Use AWS CloudFormation and a version control system like GIT to deploy and manage your
infrastructure. A
Explanation:
https://www.whizlabs.com/learn/course/quiz-result/134073 16/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Answer – D

AWS CloudFormation gives developers and systems administrators an easy way to create and
manage a collection of related AWS resources, provisioning and updating them in an orderly and
predictable fashion.

You can use AWS Cloud Formation’s sample templates or create your own templates to describe the
AWS resources, and any associated dependencies or runtime parameters, required to run your
application. You don’t need to figure out the order for provisioning AWS services or the subtleties of
making those dependencies work. CloudFormation takes care of this for you. After the AWS resources
are deployed, you can modify and update them in a controlled and predictable way, in effect applying
version control to your AWS infrastructure the same way you do with your software. You can also
visualize your templates as diagrams and edit them using a drag-and-drop interface with the AWS
CloudFormation Designer.

Option A is incorrect because Cost Allocation Reports is not helpful for the purpose of the question.

Option B is incorrect because Cloudwatch is used for monitoring.

Option C is incorrect because It abstracts away the underlying EC2 instances, Elastic Load Balancers,
auto scaling groups, etc which is another word we don't have control over the infrastructure..

For more information on Cloudformation, please visit the link:

https://aws.amazon.com/cloudformation/

Ask our Experts

Rate this Question? vu

Question 14 Correct

Domain : Other

If you want to launch Amazon Elastic Compute Cloud (EC2) Instances and assign each Instance a
Predetermined private IP address you should:

] A. Assign a group or sequential Elastic IP address to the instances

] B. Launch the instances in a Placement Group

z] C. Launch the instances in the Amazon virtual Private Cloud (VPC).

A
https://www.whizlabs.com/learn/course/quiz-result/134073 17/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

] D. Use standard EC2 instances since each instance gets a private Domain Name Service (DNS) already

] E. Launch the Instance from a private Amazon Machine image.

Explanation:

Answer – C

Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the
Amazon Web Services (AWS) cloud where you can launch AWS resources in a virtual network that you
define. You have complete control over your virtual networking environment, including selection of
your own IP address range, creation of subnets, and configuration of route tables and network
gateways.  You can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and
applications.

Option A is wrong because assigning Elastic IP’s will not ensure that instances get a private IP
Address.

Option B is wrong because placement groups does not guarantee that instances get a private IP
Address.

Option D is wrong because DNS is a different settings and would not guarantee that instances get a
private IP Address.

Option E is wrong because AMI’s don’t guarantee that instances get a private IP Address.

For more information on VPC, please visit the link:

https://aws.amazon.com/vpc/

Ask our Experts

Rate this Question? vu

Question 15 Correct

Domain : Other

What would happen to an RDS (Relational Database Service) multi-Availability Zone deployment of
the primary DB instance fails?

] A. The IP of the primary DB instance is switched to the standby DB instance

https://www.whizlabs.com/learn/course/quiz-result/134073 18/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

] B. The RDS (Relational Database Service) DB instance reboots

] C. A new DB instance is created in the standby availability zone

z] D. The canonical name record (CNAME) is changed from primary to standby

A
Explanation:

Answer – D

Amazon RDS Multi-AZ deployments provide enhanced availability and durability for Database (DB)
Instances, making them a natural fit for production database workloads. When you provision a Multi-
AZ DB Instance, Amazon RDS automatically creates a primary DB Instance and synchronously
replicates the data to a standby instance in a different Availability Zone (AZ). Each AZ runs on its own
physically distinct, independent infrastructure, and is engineered to be highly reliable. In case of an
infrastructure failure (for example, instance hardware failure, storage failure, or network disruption),
Amazon RDS performs an automatic failover to the standby, so that you can resume database
operations as soon as the failover is complete. 

And as per the AWS documentation, the cname is changed to the standby DB when the primary one
fails.

For more information on Multi-AZ RDS, please visit the link:

https://aws.amazon.com/rds/details/multi-az/

Ask our Experts

Rate this Question? vu

Question 16 Correct

Domain : Other

An organization has created 5 IAM users. The organization wants to give them the same login ID but
different passwords. How can the organization achieve this?

https://www.whizlabs.com/learn/course/quiz-result/134073 19/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)
The organization should create a separate login ID but give the IAM users the same alias so that each
] A. one can login with their alias

The organization should create each user in a separate region so that they have their own URL to
] B. login

z] C. It is not possible to have the same login ID for multiple IAM users of the same account
A
The organization should create various groups and add each user with the same login ID to di erent
] D. groups. The user can login with their own group ID

Explanation:

Answer – C

AWS Identity and Access Management (IAM) enables you to securely control access to AWS services
and resources for your users. Using IAM, you can create and manage AWS users and groups, and use
permissions to allow and deny their access to AWS resources. 

IAM is a feature of your AWS account offered at no additional charge. You will be charged only for use
of other AWS services by your users.

It is not possible in any way to have the same ID and multiple passwords for different IAM users.

For more information on IAM, please visit the link:

http://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html

Ask our Experts

Rate this Question? vu

Question 17 Correct

Domain : Other

A user is planning to evaluate AWS for their internal use. The user does not want to incur any charge
on his account during the evaluation. Which of the below mentioned AWS services would incur a
charge if used?
 

] A. AWS S3 with 1 GB of storage

https://www.whizlabs.com/learn/course/quiz-result/134073 20/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

] B. AWS micro instance running 24 hours daily

] C. AWS ELB running 24 hours a day

z] D. AWS Provisioned IOPS volume of 10 GB size

A
Explanation:

Answer – D

As per the AWS documentation, Option A is wrong because 5GB is provided as part of S3.

As per the AWS documentation, Option B is wrong because you have 750 hours of EC2 Compute.

As per the AWS documentation, Option C is wrong because you have 750 hours of ELB.

For more information on the AWS Free tier, please visit the link:

https://www.whizlabs.com/learn/course/quiz-result/134073 21/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

https://aws.amazon.com/free/

Ask our Experts

Rate this Question? vu

Question 18 Correct

Domain : Other

A user has developed an application which is required to send the data to a NoSQL database. The
user wants to decouple the data sending such that the application keeps processing and sending data
but does not wait for an acknowledgement of DB. Which of the below mentioned applications helps in
this scenario?

] A. AWS Simple Noti cation Service

] B. AWS Simple Work ow

z] C. AWS Simple Queue Service

A
] D. AWS Simple Query Service

Explanation:

Answer – C

SQS is the basic decoupling service provided by AWS.

Amazon Simple Queue Service (SQS) is a fast, reliable, scalable, fully managed message queuing
service. Amazon SQS makes it simple and cost-effective to decouple the components of a cloud
application. You can use Amazon SQS to transmit any volume of data, without losing messages or
requiring other services to be always available. Amazon SQS includes standard queues with high
throughput and at-least-once processing, and FIFO queues that provide FIFO (first-in, first-out)
delivery and exactly-once processing.  

For more information on the SQS, please visit the link:

https://aws.amazon.com/sqs/

https://www.whizlabs.com/learn/course/quiz-result/134073 22/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Ask our Experts

Rate this Question? vu

Question 19 Correct

Domain : Other

An organization has created 50 IAM users. The organization has introduced a new policy which will
change the access of an IAM user. How can the organization implement this effectively so that there is
no need to apply the policy at the individual user level?

z] A. Use the IAM groups and add users as per their role to di erent groups and apply policy to group
A
] B. The user can create a policy and apply it to multiple users in a single go with the AWS CLI

] C. Add each user to the IAM role as per their organization role to achieve e ective policy setup

] D. Use the IAM role and implement access at the role level

Explanation:

Answer – A

For applying access across multiple users, you need to have IAM groups. This is the best practice from
AWS for user management.

Groups let you specify permissions for multiple users, which can make it easier to manage the
permissions for those users. For example, you could have a group called Administrators and give that
group the types of permissions that administrators typically need. Any user in that group automatically
has the permissions that are assigned to the group.

For more information on IAM, please visit the link:

http://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html

Ask our Experts

Rate this Question? vu

https://www.whizlabs.com/learn/course/quiz-result/134073 23/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Question 20 Correct

Domain : Other

A user is planning to use AWS Cloud formation for his automatic deployment requirements. Which of
the below mentioned components are required as a part of the template?

] A. Parameters

] B. Outputs

] C. Template version

z] D. Resources
A
Explanation:

Answer – D

The resources section is required by the CloudFormation template. The other components are
optional. An example cloudformation template is shown below. This template creates an EC2 instance
based on the Image ID - ami-d6f32ab5

     "Resources" : {

         "MyEC2Instance" : {

             "Type" : "AWS::EC2::Instance",

             "Properties" : {"ImageId" : "ami-d6f32ab5"}

          }

     }

For more information on Cloud Formation, please visit the link:

https://aws.amazon.com/cloudformation/

https://www.whizlabs.com/learn/course/quiz-result/134073 24/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Ask our Experts

Rate this Question? vu

Question 21 Correct

Domain : Other

A user has created a web application with Auto Scaling. The user is regularly monitoring the
application and he observed that the traffic is highest on Thursday and Friday between 8 AM to 6 PM.
What is the best solution to handle scaling in this case?

Add a new instance manually by 8 AM Thursday and terminate the same by 6 PM

] A.
Friday

Schedule Autoscaling to scale up by 8 AM and scale down after 6 PM on both

z] B. Thursday and Friday
 
A
] C. Schedule a policy which may scale up every day at 8 AM and scales down by 6 PM

] D. Configure a batch process to add a instance by 8 AM and remove it by Friday 6 PM

Explanation:

Answer – B

To configure your Auto Scaling group to scale based on a schedule, you create a scheduled action,
which tells Auto Scaling to perform a scaling action at specified times. To create a scheduled scaling
action, you specify the start time when you want the scaling action to take effect, and the new
minimum, maximum, and desired sizes for the scaling action. At the specified time, Auto Scaling
updates the group with the values for minimum, maximum, and desired size specified by the scaling
action.

For more information on AutoScaling, please visit the link:

https://aws.amazon.com/autoscaling/

Ask our Experts

Rate this Question? vu

https://www.whizlabs.com/learn/course/quiz-result/134073 25/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Question 22 Incorrect

Domain : Other

A user has setup a CloudWatch alarm on an EC2 action when the CPU utilization is above 75%. The
alarm sends a notification to SNS on the alarm state. How can an alarm action be simulated by the
user in the easiest way?

] A. Run activities on the CPU such that its utilization reaches above 75%

z] B. From the AWS console change the state to ‘Alarm’

B
] C. The user can set the alarm state to ‘Alarm’ using CLI
A
] D. Run the SNS action manually

Explanation:

Answer – C

The easiest way to set the ALARM in Cloudwatch is to trigger the alarm itself and that can be done via
the CLI. To change the state of the alarm via the CLI with the set-alarm-state function. Below is an
example of the CLI command which sets the state of the alarm.

AWS cloudwatch set-alarm-state --alarm-name "Testalarm" --state-value ALARM --state-reason

"Demo purposes"

For more information on AWS Cloudwatch, please visit the link:

https://aws.amazon.com/cloudwatch/

http://docs.aws.amazon.com/cli/latest/reference/cloudwatch/set-alarm-state.html

Ask our Experts

Rate this Question? vu

Question 23 Correct

Domain : Other

https://www.whizlabs.com/learn/course/quiz-result/134073 26/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

When preparing for a compliance assessment of your system built inside of AWS. What are the 3 best
practises for you to prepare for an audit?
Choose 3 answers from the options given below.

z A. Gather evidence of your IT Operational controls.

A
z B. Request and obtain third party audited AWS compliance reports and certi cations.
A
Request and obtain a compliance and security tour of an AWS data center for a pre-assessment
C. security review.

z D.
Request and obtain approval from AWS to perform relevant network scans and in-depth
penetration testing of the user system's instances and endpoints. A
Schedule meetings with AWS third-party auditors to provide evidence of AWS compliance that maps
E. to your control  objectives.

Explanation:

Answer – A,B and D

The first major requirement is for an organization to evaluate all the controls they have put in place for
their AWS environment. So like who has access to what elements in AWS, how is data secured at rest
etc.

One can also request AWS to perform network tests and penetration tests to ensure their environment
is secure.

And finally there are third party’s available for carrying out relevant audits.

Option C is incorrect because AWS does not allow data center tour.
Option E is incorrect because customers can request the reports and certi cations produced by our
third-party auditors or also can request more information about AWS Compliance.

For more information on compliance and security, please visit the below URL’s

https://aws.amazon.com/compliance/soc-faqs/

http://d0.awsstatic.com/whitepapers/compliance/AWS_Auditing_Security_Checklist.pdf

https://www.whizlabs.com/learn/course/quiz-result/134073 27/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Ask our Experts

Rate this Question? vu

Question 24 Correct

Domain : Other

A user has setup a billing alarm using CloudWatch for $200. The usage of AWS exceeded $200 after
some days. The user wants to increase the limit from $200 to $400? What should the user do?

] A. Create a new alarm of $400 and link it with the rst alarm

] B. It is not possible to modify the alarm once it has crossed the usage limit

z] C. Update the alarm to set the limit at $400 instead of $200

A
] D. Create a new alarm for the additional $200 amount

Explanation:

Answer – C

Let’s assume that an alarm has been created as shown below for any amounts exceeding 200 USD.

To increase the limit, all you have to do is to click on the Modify option and you can change the value
of the alarm in the next screen.

https://www.whizlabs.com/learn/course/quiz-result/134073 28/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

For more information on AWS Cloudwatch, please visit the link:

https://aws.amazon.com/cloudwatch/

Ask our Experts

Rate this Question? vu

Question 25 Correct

Domain : Other

A user is trying to save some cost on the AWS services. Which of the below mentioned options will
not help him save cost?

] A. Delete the unutilized EBS volumes once the instance is terminated

z] B. Delete the AutoScaling launch con guration after the instances are terminated
A
] C. Release the elastic IP if not required once the instance is terminated

] D. Delete the AWS ELB after the instances are terminated

Explanation:

Answer – B
Option A is wrong because EBS volumes does have a costing aspect and hence deleting the volumes
https://www.whizlabs.com/learn/course/quiz-result/134073 29/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

will save on cost.

Option C is wrong because Elastic IP will consume cost if not removed.

Option D is wrong because ELB also incur costs.

Only Autoscaling groups are free of cost. It’s only the underlying resources which you are charged for.

For more information on AWS Pricing, please visit the link:

https://aws.amazon.com/pricing/services/

Ask our Experts

Rate this Question? vu

Question 26 Correct

Domain : Other

A user is trying to aggregate all the CloudWatch metric data of the last 1 week. Which of the below
mentioned statistics is not available for the user as a part of data aggregation?

z] A. Aggregate
A
] B. Sum

] C. Data Samples

] D. Average

Explanation:

Answer – A

If you go to Cloudwatch and go to any metric and see the statistic column you will see the below
dimensions for statistics. And the only one which is not there from the above list is Aggregate.

https://www.whizlabs.com/learn/course/quiz-result/134073 30/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

For more information on AWS Cloudwatch, please visit the link:

https://aws.amazon.com/cloudwatch/

Ask our Experts

Rate this Question? vu

Question 27 Correct

Domain : Other

An organization is planning to use AWS for their production roll out. The organization wants to
implement automation for deployment such that it will automatically create a LAMP stack, download
the latest PHP installable from S3 and setup the ELB. Which of the below mentioned AWS services
meets the requirement for making an orderly deployment of the software?

z] A. AWS Elastic Beanstalk

A
] B. AWS Cloudfront

] C. AWS Cloudformation

] D. AWS DevOps

Explanation:
https://www.whizlabs.com/learn/course/quiz-result/134073 31/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Answer – A

The Elastic Beanstalk is an easy-to-use service for deploying and scaling web applications and
services.

We can simply upload code and Elastic Beanstalk automatically handles the deployment, from
capacity provisioning, load balancing, auto-scaling to application health monitoring. Meanwhile we
can retain full control over the AWS resources used in the application and can access the
underlying resources at any time.

Hence, A is the CORRECT answer.

Although Cloud formation can also perform the same requirement of the scenario it would be
easier to deploy the software using ElasticBeanstalk environment rather than Cloud formation
templates. 

For more information on launching a LAMP stack with Elastic Beanstalk:

https://aws.amazon.com/getting-started/projects/launch-lamp-web-app/

Note: 

I do understand concern about Cloudformation which can also be answer.

We can modify the question as follows.

"An organization is planning to use AWS for their production roll out.  The organization wants to
implement automation for deployment such that it will automatically create a LAMP tack, download
the latest PHP installable from S3 and set up the ELB. The initial ease of deployment is also
important. Which of the below mentioned AWS services meets the requirement for making an orderly
deployment of the software?"
?
However in the real exam, the question was asked like that. So its better if we keep it the same even
though it makes hard for students to answer the question.

Ask our Experts

Rate this Question? vu

Question 28 Incorrect

Domain : Other

A user has created a subnet with VPC and launched an EC2 instance in that subnet with only default
settings. Which of the below mentioned options is ready to use on the EC2 instance as soon as it is

https://www.whizlabs.com/learn/course/quiz-result/134073 32/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

launched?

] A. Elastic IP

] B. Private IP
A
z] C. Public IP
B
] D. Internet gateway

Explanation:

Answer – B

When you create a subnet with the default settings, only the Private IP gets populated for EC2
instances. For Public IP, this is not possible because the Auto-assign Public IP will be ‘no’ by default.
Also the Elastic IP and Internet gateway have to manually configured.

For more information on VPC, please visit the link:

https://aws.amazon.com/vpc/

Ask our Experts

Rate this Question? vu

Question 29 Correct

Domain : Other

An organization is setting up programmatic billing access for their AWS account. Which of the below
mentioned services is not required or enabled when the organization wants to use programmatic
access?

] A. Programmatic access

https://www.whizlabs.com/learn/course/quiz-result/134073 33/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

] B. AWS bucket to hold the billing report

z] C. AWS billing alerts

A
] D. Monthly Billing report

Explanation:

Answer – C

Since the question is looking for service which is "not" required or enabled when the organization
wants to use programmatic access , the correct answer is Option C. AWS Billing Alerts. 

AWS gives an option to provide programmatic access to billing. Programmatic Billing Access takes
the existing Amazon S3 APIs. So, the user will be able to build applications that reference the billing
data from a CSV le which is stored in an Amazon S3 bucket. 

In order to enable programmatic access, the user has to rst enable the monthly billing report. Then
he needs to provide an AWS bucket name in which the billing CSV will be uploaded. He must also
enable the Programmatic access option.

For more information on AWS billing, please visit the link:

https://aws.amazon.com/documentation/account-billing/

Ask our Experts

Rate this Question? vu

Question 30 Correct

Domain : Other

A user is planning to use AWS Cloudformation.

Which functionality does not help him to correctly understand Cloudformation?

z] A. Cloudformation follows the DevOps model for the creation of Dev & Test
A
AWS Cloudfromation does not charge the user for its service but only charges for the AWS resources
] B. created with it

Cloudformation works with a wide variety of AWS services, such as EC2, EBS, VPC, IAM, S3, RDS, ELB,
] C. etc

https://www.whizlabs.com/learn/course/quiz-result/134073 34/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

CloudFormation provides a set of application bootstrapping scripts which enables the user to install
] D. Software

Explanation:

Answer – A

So please refer to the below snapshots from the AWS documentation on what is true on
Cloudformation

Here it mentions that Cloudformation does not have any explicit charge so Option B is correct.

 Here it mentions that Cloudformation works with many AWS resources so Option C is correct.

Here it mentions that Cloudformation does have bootstrapping capabilities so Option D is correct.

 For more information on Cloudformation please visit the link:

https://aws.amazon.com/cloudformation/

Note: 

Please note "not" is the question - "A user is planning to use AWS Cloudformation. Which of the below
mentioned functionalities does not help him to correctly understand Cloudformation?"

So Option B. AWS Cloudfromation does not charge the user for its service but only charges for the
AWS resources created with it -- Its True and It helps in understanding CloudFormation
https://www.whizlabs.com/learn/course/quiz-result/134073 35/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Where as Option A. Cloudformation follows the DevOps model for the creation of Dev & Test - is false
and does not help in understanding CloudFormation.

So Option A is correct.

Ask our Experts

Rate this Question? vu

Question 31 Correct

Domain : Other

A user is trying to understand AWS SNS. To which of the below mentioned end points is SNS unable to
send a notification?

] A. Email JSON

] B. HTTP

] C. AWS SQS

z] D. AWS SES
A
Explanation:

Answer – D

Let’s see a sample Topic created in the SNS dashboard as shown below

https://www.whizlabs.com/learn/course/quiz-result/134073 36/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

When you create a subscription, you can see the different Protocols available

From the snapshot it is evident that option D is invalid.

For more information on SNS please visit the link:

https://aws.amazon.com/sns/

Ask our Experts

Rate this Question? vu

Question 32 Correct

Domain : Other

You are building an online store on AWS that uses SQS to process your customer orders. Your
backend system needs those messages in the same sequence the customer orders have been put in.
How can you achieve that?

] A. It is not possible to do this with SQS

z] B. You can use sequencing information on each message

A
] C. You can do this with SQS but you also need to use SWF

] D. Messages will not arrive in the same order by default

https://www.whizlabs.com/learn/course/quiz-result/134073 37/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Explanation:

Answer – B

If you look at the AWS documentation, it is very clear that SQS messages does not guarantee the
order of messages. So in order to do this, you need to add the sequencing information in each
message itself.

Option D is wrong as per the below article.

For more information on SQS please visit the link:

https://aws.amazon.com/sqs/faqs

Note:

SQS FIFO queues preserve the order of messages while SQS does not guarantee the order or
sequencing of messages. This is what has been elaborated on the explanation part of the solution too.

However, the question is not mentioning about SQS FIFO queues. So in order to preserve the
sequence on SQS queues, we need to add additional sequencing information along with the
messages.

Ask our Experts

Rate this Question? vu

Question 33 Correct

Domain : Other

https://www.whizlabs.com/learn/course/quiz-result/134073 38/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

An organisation wants to move their databases to Cloud. They are planning to use AWS Database
Migration Service and is looking for a secure encrypted database storage option. Which of the
following option will be suitable for their requirement?

] A. AWS MFA with EBS

] B. AWS EBS encryption

z] C. Multi-tier encryption with Redshift

A
] D. AWS S3 server side storage

Explanation:

Answer – C

In Amazon Redshift, you can enable database encryption for your clusters to help protect data at rest.
When you enable encryption for a cluster, the data blocks and system metadata are encrypted for the
cluster and its snapshots.
https://aws.amazon.com/dms/faqs/

Ask our Experts

Rate this Question? vu

Question 34 Correct

Domain : Other

You have been asked to leverage Amazon VPC ,EC2 and SQS to implement an application that
submits and receives millions of messages per second to a message queue. You want to ensure your
application has sufficient bandwidth between your EC2 instances and SQS. Which option will provide
the most scalable solution for communicating between the application and SQS?

] A. Ensure the application instances are properly con gured with an Elastic Load Balancer

Ensure the application instances are launched in private subnets with the EBS-optimized option
] B. enabled

Ensure the application instances are launched in public subnets with the associate-public-IP-
] C. address=true option enabled

z] D.
Launch application instances in private subnets with an Auto Scaling group and Auto Scaling
triggers con gured to watch the SQS queue size A
https://www.whizlabs.com/learn/course/quiz-result/134073 39/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Explanation:

Answer – D

When you have an SQS configured with EC2 instances, the documented option is to scale up EC2
instances in an AutoScaling group based on length of the message queue.

Option A is wrong because the load balancer will not scale up EC2 instances. This will be done by the
AutoScaling group.

Option B and C is wrong because subnets do not dictate the scalability of the solution.

For more information on SQS, please visit the below URL:

https://aws.amazon.com/sqs/faqs/

Ask our Experts

Rate this Question? vu

Question 35 Correct

Domain : Other

A user wants to disable connection draining on an existing ELB. Which of the below mentioned
statements helps the user disable connection draining on the ELB?

https://www.whizlabs.com/learn/course/quiz-result/134073 40/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

] A. The user can only disable connection draining from CLI

] B. It is not possible to disable the connection draining feature once enabled

z] C. The user can disable the connection draining feature from EC2 -> ELB console or from CLI
A
] D. The user needs to stop all instances before disabling connection draining

Explanation:

Answer – C

When you have an ELB , you can go to the Console, go to the Instances tab and edit the Connection
draining time for instances.

You can also modify from the CLI via the below command. The below command will set the timeout
to 100 seconds for the loadbalancer named my-loadbalancer.

AWS elb modify-load-balancer-attributes --load-balancer-name my-loadbalancer --load-balancer-

attributes "{\"ConnectionDraining\":{\"Enabled\":true,\"Timeout\":100}}"

For more information on Amazon ELB Connection draining please visit the link:

http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/con g-conn-drain.html

Ask our Experts

Rate this Question? vu

https://www.whizlabs.com/learn/course/quiz-result/134073 41/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Question 36 Correct

Domain : Other

A user has created an S3 bucket which is not publicly accessible. The bucket is having thirty objects
which are also private. If the user wants to make the objects public, how can he configure this with
minimal efforts?

] A. The user should select all objects from the console and apply a single policy to mark them public

] B. The user can write a program which programmatically makes all objects public using S3 SDK

z] C. Set the AWS bucket policy which marks all objects as public
A
] D. Make the bucket ACL as public so it will also mark all objects as public

Explanation:

Answer – C

You can set AWS bucket policy to make everything public. You can do via the following steps

Step 1) Go to your S3 bucket and click on the Permissions section

Step 2) Go to AWS Policy Generator

https://www.whizlabs.com/learn/course/quiz-result/134073 42/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Step 3) Add the S3 bucket policy to allow any Principal to access your bucket and choose the Actions
accordingly.

For more information on S3 Security please visit the link:

https://www.whizlabs.com/learn/course/quiz-result/134073 43/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

http://docs.aws.amazon.com/AmazonS3/latest/dev/DataDurability.html

Ask our Experts

Rate this Question? vu

Question 37 Incorrect

Domain : Other

A system admin is maintaining an application on AWS. The application is installed on EC2 and user has
configured ELB and Auto Scaling. Considering future load increase, the user is planning to launch new
servers proactively so that they get registered with ELB. How can the user add these instances with
Auto Scaling?

] A. Increase the desired capacity of the Auto Scaling group

A
z] B. Increase the maximum limit of the Auto Scaling group
B
] C. Launch an instance manually and register it with ELB on the y

] D. Decrease the minimum limit of the Auto Scaling group

Explanation:

Answer – A

To increases instances proactively you need to increase the desired limit.

Option B is wrong, because it indicates the maximum number of instances that we can launch in that
group, however it will not get launched until the trigger occurs.

Option C is wrong because this is not proactive measure by adding instances to an ELB.

Option D is wrong because the minimum limit will just to what minimum scale the instances can
terminate to, and does not look to launch new instances.

 For more information on AutoScaling, please visit the link:

https://aws.amazon.com/autoscaling/

https://www.whizlabs.com/learn/course/quiz-result/134073 44/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Ask our Experts

Rate this Question? vu

Question 38 Correct

Domain : Other

An organization, which has the AWS account ID as 999988887777, has created 50 IAM users. All the
users are added to the same group demo. If the organization has enabled that each IAM user can
login with the AWS console, which AWS login URL will the IAM users use?

z] A. https:// 999988887777.signin.aws.amazon.com/console/
A
] B. https:// signin.aws.amazon.com/demo/

] C. https:// demo.signin.aws.amazon.com/999988887777/console/

] D. https:// 999988887777.aws.amazon.com/demo/

Explanation:

Answer – A

When you go to the IAM dashboard, you can see the sign-in link which can be used. The sign in line is
always prefixed by the account number.  And the last keyword is console. By that aspect only option A
is right.

https://www.whizlabs.com/learn/course/quiz-result/134073 45/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

For more information on IAM, please visit the link:

https://aws.amazon.com/iam/faqs/

Ask our Experts

Rate this Question? vu

Question 39 Correct

Domain : Other

A user has setup connection draining with ELB to allow in-flight requests to continue while the
instance is being deregistered through Auto Scaling. If the user has not specified the draining time,
how long will ELB allow inflight requests traffic to continue?

] A. 600 seconds

] B. 3600 seconds

z] C. 300 seconds
A
] D. 0 seconds

https://www.whizlabs.com/learn/course/quiz-result/134073 46/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Explanation:

Answer – C

When you have an ELB, you can go to the Console, go to the Instances tab and edit the Connection
draining time for instances. BY default the Connection draining time limit is set to 300.

For more information on ELB, please visit the link:

https://aws.amazon.com/elasticloadbalancing/

Ask our Experts

Rate this Question? vu

Question 40 Correct

Domain : Other

A root AWS account owner is trying to understand various options to set the permission to AWS S3.
Which of the below mentioned options is not the right option to grant permission for S3?

] A. User Access Policy

z] B. S3 Object Access Policy

A
] C. S3 Bucket Access Policy

] D. S3 ACL

https://www.whizlabs.com/learn/course/quiz-result/134073 47/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Explanation:

Answer – B

In S3 when you go to the permissions section you can add the Grantee which is at the ACL level and
then you can also add bucket permissions.

   

And then you can also create IAM policies at the user level to manage access to S3.

Hence Option A,C and D are valid. And hence Option B is the right answer to the question.

For more information on S3 Security, please visit the link:

https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html

Ask our Experts

Rate this Question? vu

Question 41 Correct

Domain : Other

A system admin has created a shopping cart application and hosted it on EC2. The EC2 instances are
running behind ELB. The admin wants to ensure that the end user request will always go to the EC2
instance where the user session has been created. How can the admin configure this?

] A. Enable ELB cross zone load balancing

] B. Enable ELB cookie setup

https://www.whizlabs.com/learn/course/quiz-result/134073 48/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

z] C. Enable ELB sticky session

A
] D. Enable ELB connection draining

Explanation:

Answer – C

To ensure that each end user request goes to the same EC2 instance as the session created, you need
to enable stickiness at the ELB level

To enable stickiness go to the ELB and in the port configuration section you can enable the stickiness.

For more information on ELB, please visit the link:

https://aws.amazon.com/elasticloadbalancing/

Ask our Experts

Rate this Question? vu

https://www.whizlabs.com/learn/course/quiz-result/134073 49/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Question 42 Correct

Domain : Other

An organization is using AWS since a few months. The finance team wants to visualize the pattern of
AWS spending. Which of the below AWS tool will help for this requirement?

] A. AWS Cost Manager

z] B. AWS Cost Explorer

A
] C. AWS CloudWatch

] D. AWS Consolidated Billing

Explanation:

Answer – B

To get more details on your spending you can go to the Cost Explorer. Go to the Billing section and
click on Cost Explorer.

And when you launch the Cost Explorer you can see more details on the usage of AWS services.

https://www.whizlabs.com/learn/course/quiz-result/134073 50/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

For more information on AWS billing, please visit the link:

https://aws.amazon.com/documentation/account-billing/

Ask our Experts

Rate this Question? vu

Question 43 Correct

Domain : Other

A user has launched an ELB which has 5 instances registered with it. The user deletes the ELB by
mistake. What will happen to the instances?

] A. ELB will ask the user whether to delete the instances or not

] B. Instances will be terminated

] C. ELB cannot be deleted if it has running instances registered with it

z] D. Instances will keep running

https://www.whizlabs.com/learn/course/quiz-result/134073
A 51/55
2/14/2020
A
Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Explanation:

Answer – D

From the AWS documentation on ELB deletion it clearly mentions that EC2 instances will continue to
run even if the ELB is deleted.

 For more information on ELB deletion, please visit the link:

http://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-delete.html

Ask our Experts

Rate this Question? vu

Question 44 Correct

Domain : Other

A user is planning to setup notifications on the RDS DB for a snapshot. Which of the below mentioned
event categories is not supported by RDS for this snapshot source type?

z] A. Backup
A
] B. Creation

] C. Deletion

] D. Restoration

Explanation:

Answer – A

https://www.whizlabs.com/learn/course/quiz-result/134073 52/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

When you go to the Event Subscriptions section for an RDS and choose the source as snapshot, you
can see the below options. Backup is not available as an option and hence A is the right option.

For more information on RDS snapshots, please visit the link:

http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateSnapshot.html

Ask our Experts

Rate this Question? vu

Question 45 Correct

Domain : Other

You have an Auto Scaling group associated with an Elastic Load Balancer (ELB). You have noticed that
instances launched via the Auto Scaling group are being marked unhealthy due to an ELB health
check, but these unhealthy instances are not being terminated. What do you need to do to ensure trial
instances marked unhealthy by the ELB will be terminated and replaced?

] A. Change the thresholds set on the Auto Scaling group health check

https://www.whizlabs.com/learn/course/quiz-result/134073 53/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

z] B. Add an Elastic Load Balancing health check to your Auto Scaling group
A
] C. Increase the value for the Health check interval set on the Elastic Load Balancer

] D. Change the health check set on the Elastic Load Balancer to use TCP rather than HTTP checks

Explanation:

Answer – B

To discover the availability of your EC2 instances, a load balancer periodically sends pings, attempts
connections, or sends requests to test the EC2 instances. These tests are called health checks. The
status of the instances that are healthy at the time of the health check is InService. The status of any
instances that are unhealthy at the time of the health check is OutOfService

The load balancer checks the health of the registered instances using either the default health check
configuration provided by Elastic Load Balancing or a health check configuration that you configure.

When configuring the Autoscaling group, you can choose either the option of EC2 or ELB health
checks. Since Ec2 instances are being marked as unhealthy by ELB but not being terminated by
Autoscaling it means that the check from the Autoscaling side is wrongly configured.

 For more information on ELB, please visit the below URL:

ht

https://www.whizlabs.com/learn/course/quiz-result/134073 54/55
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

https://www.whizlabs.com/learn/course/quiz-result/134073 55/55