Amazon SWF is designed to help users do what?

A. Design graphical user interface interactions

B. Manage user identification and authorization

C. Store Web content

D. Coordinate synchronous and asynchronous tasks which are distributed and fault tolerant.

If I modify a DB Instance or the DB parameter group associated with the instance, should I reboot
the instance for the changes to take effect?

A. No

B. Yes

When you view the block device mapping for your instance, you can see only the EBS volumes, not
the instance store volumes.

A. Depends on the instance type

B. FALSE

C. Depends on whether you use API call

D. TRUE

By default, EBS volumes that are created and attached to an instance at launch are deleted when that
instance is terminated. You can modify this behavior by changing the value of the flag _____ to false
when you launch the instance.

A. DeleteOnTermination

B. RemoveOnDeletion

C. RemoveOnTermination

D. TerminateOnDeletion

What are the initial settings of an user created security group?

A. Allow all inbound traffic and Allow no outbound traffic

B. Allow no inbound traffic and Allow no outbound traffic

C. Allow no inbound traffic and Allow all outbound traffic

D. Allow all inbound traffic and Allow all outbound traffic

What does Amazon Elastic Beanstalk provide?

A. A scalable storage appliance on top of Amazon Web Services.

B. An application container on top of Amazon Web Services.

C. A service by this name doesn't exist.

D. A scalable cluster of EC2 instances.

What will be the status of the snapshot until the snapshot is complete.

A. running

B. working

C. progressing

D. pending

Can an EBS volume be attached to more than one EC2 instance at the same time?

A. No

B. Yes.

C. Only EC2-optimized EBS volumes.

D. Only in read mode.

Automated backups are enabled by default for a new DB Instance.

A. TRUE

B. FALSE

What does the AWS Storage Gateway provide?

A. Integration of on-premises IT environments with Cloud Storage.

B. A direct encrypted connection to Amazon S3.

C. A backup solution that provides an on-premises Cloud storage.

D. It provides an encrypted SSL endpoint for backups in the Cloud.

How many relational database engines does RDS currently support?

A. Six: Amazon Aurora, Oracle, Microsoft SQL Server, PostgreSQL, MySQL and MariaDB

B. Just two: MySQL and Oracle.

C. Five: MySQL, PostgreSQL, MongoDB, Cassandra and SQLite.

D. Just one: MySQL.

Fill in the blanks: The base URI for all requests for instance metadata is _____

A. http://254.169.169.254/latest/

B. http://169.169.254.254/latest/

C. http://127.0.0.1/latest/

D. http://169.254.169.254/latest/

While creating the snapshots using the the command line tools, which command should I be using?

A. ec2-deploy-snapshot

B. ec2-fresh-snapshot

C. ec2-create-snapshot

D. ec2-new-snapshot

What are the two permission types used by AWS?

A. Resource-based and Product-based

B. Product-based and Service-based

C. Service-based

D. User-based and Resource-based

In Amazon CloudWatch, which metric should I be checking to ensure that your DB Instance has
enough free storage space?

A. FreeStorage

B. FreeStorageSpace

C. FreeStorageVolume

D. FreeDBStorageSpace

Amazon RDS DB snapshots and automated backups are stored in

A. Amazon S3

B. Amazon ECS Volume

C. Amazon RDS

D. Amazon EMR

What is the maximum key length of a tag?

A. 512 Unicode characters

B. 64 Unicode characters

C. 256 Unicode characters

D. 128 Unicode characters

You must increase storage size in increments of at least _____ %

A. 40

B. 20

C. 50

D. 10
Changes to the backup window take effect ______.

A. from the next billing cycle

B. after 30 minutes

C. immediately

D. after 24 hours

Using Amazon CloudWatch's Free Tier, what is the frequency of metric updates which you receive?

A. 5 minutes

B. 500 milliseconds.

C. 30 seconds

D. 1 minute

Which is the default region in AWS?

A. eu-west-1

B. us-east-1

C. us-east-2

D. ap-southeast-1

What are the Amazon EC2 API tools?

A. They don't exist. The Amazon EC2 AMI tools, instead, are used to manage permissions.

B. Command-line tools to the Amazon EC2 web service.

C. They are a set of graphical tools to manage EC2 instances.

D. They don't exist. The Amazon API tools are a client interface to Amazon Web Services.

What are the two types of licensing options available for using Amazon RDS for Oracle?

A. BYOL and Enterprise License

B. BYOL and License Included

C. Enterprise License and License Included

D. Role based License and License Included

What does a "Domain" refer to in Amazon SWF?

A. A security group in which only tasks inside can communicate with each other

B. A special type of worker

C. A collection of related Workflows

D. The DNS record for the Amazon SWF service

Is creating a Read Replica of another Read Replica supported?

A. Only in certain regions

B. Only with MSSQL based RDS

C. Only for Oracle RDS types

D. No

Can Amazon S3 uploads resume on failure or do they need to restart?

A. Restart from beginning

B. You can resume them, if you flag the "resume on failure" option before uploading.

C. Resume on failure

D. Depends on the file size

Fill in the blanks : _____ let you categorize your EC2 resources in different ways, for example, by
purpose, owner, or environment.

A. wildcards

B. pointers

C. tags

D. special filters

How can I change the security group membership for interfaces owned by other AWS, such as Elastic
Load Balancing?
A. By using the service specific console or API\CLI commands

B. None of these

C. Using Amazon EC2 API/CLI

D. Using all these methods

What is the maximum write throughput I can provision per table for a single DynamoDB table?

A. 5,000 us east, 1,000 all other regions

B. 100,000 us east, 10, 000 all other regions

C. Designed to scale without limits, but if you go beyond 40,000 us east/10,000 all other regions you have
to contact AWS first.

D. There is no limit

What is the durability of S3 RRS?

A. 99.99%

B. 99.95%

C. 99.995%

D. 99.999999999%

What is the maximum groups an IAM user be a member of?

A. 20

B. 5

C. 10

D. 15

True or False: When you perform a restore operation to a point in time or from a DB Snapshot, a
new DB Instance is created with a new endpoint.

A. FALSE

B. TRUE

A/An _____ acts as a firewall that controls the traffic allowed to reach one or more instances.
A. security group

B. ACL

C. IAM

D. Private IP Addresses

Will my standby RDS instance be in the same Availability Zone as my primary?

A. Only for Oracle RDS types

B. Yes

C. Only if configured at launch

D. No

While launching an RDS DB instance, on which page I can select the Availability Zone?

A. Review

B. DB Instance Details

C. Management Options

D. Additional Configuration

What does the ec2-create-group command do with respect to the Amazon EC2 security groups?

A. Groups the user created security groups in to a new group for easy access.

B. Creates a new security group for use with your account.

C. Creates a new group inside the security group.

D. Creates a new rule inside the security group.

In the Launch Db Instance Wizard, where can I select the backup and maintenance options?

A. DB Instance Details

B. Review

C. Management Options

D. Engine Selection
You are charged for the IOPS and storage whether or not you use them in a given month?

A. FALSE

B. TRUE

IAM provides several policy templates you can use to automatically assign permissions to the groups
you create. The _____ policy template gives the Admins group permission to access all account
resources, except your AWS account information.

A. Read Only Access

B. Power User Access

C. AWS CloudFormation Read Only Access

D. Administrator Access

While performing volume status checks using volume status checks, if the status is insufficient-data,
if the status is 'insufficient-data', what does it mean?

A. checks may still be in progress on the volume

B. check has passed

C. check has failed

D. there is no such status

By default, when an EBS volume is attached to a Windows instance, it may show up as any drive
letter on the instance. You can change the settings of the _____ Service to set the drive letters of the
EBS volumes per your specifications.

A. EBSConfig Service

B. AMIConfig Service

C. Ec2Config Service

D. Ec2-AMIConfig Service

SQL Server stores logins and passwords in the master database.

A. True

B. False
Does Amazon RDS allow direct host access via Telnet, Secure Shell (SSH), or Windows Remote
Desktop Connection?

A. Yes

B. No

C. Depends on if it is in VPC or not

To view information about an Amazon EBS volume, open the Amazon EC2 console, go to EC2, click
_____ in the Navigation pane.

A. EBS

B. Describe

C. Details

D. Volumes

Using Amazon IAM, I can give permissions based on organizational groups?

A. True

B. False

While creating an EC2 snapshot using the API, which Action should I be using?

A. MakeSnapShot

B. FreshSnapshot

C. DeploySnapshot

D. CreateSnapshot

While signing in REST/ Query requests, for additional security, you should transmit your requests
using Secure Sockets Layer (SSL) by using _____.

A. HTTP

B. Internet Protocol Security(IPsec)

C. TLS (Transport Layer Security)

D. HTTPS
What happens to the I/O operations while you take a database snapshot in a single AZ database?

A. I/O operations to the database are suspended for a few minutes while the backup is in progress.

B. I/O operations to the database are sent to a Replica (if available) for a few minutes while the backup is
in progress.

C. I/O operations will be functioning normally

D. I/O operations to the database are suspended for an hour while the backup is in progress

Read Replicas require a transactional storage engine and are only supported for the _____ storage
engine.

A. OracleISAM

B. MSSQLDB

C. InnoDB

D. MyISAM

When running my DB Instance as a Multi-AZ deployment, can I use the standby for read or write
operations?

A. Yes

B. Only with MSSQL based RDS

C. Only for Oracle RDS instances

D. No

When should I choose Provisioned IOPS over Standard RDS storage?

A. If you have batch-oriented workloads

B. If you use production online transaction processing (OLTP) workloads.

C. If you have workloads that are not sensitive to consistent performance

D. If you infrequently read or write to the drive.

In the 'Detailed' monitoring data available for your Amazon EBS volumes, Provisioned IOPS
volumes automatically send _____ minute metrics to Amazon CloudWatch.

A. 3

B. 1

C. 5

D. 2

What is the minimum charge for the data transferred between Amazon RDS and Amazon EC2
Instances in the same Availability Zone?

A. USD 0.10 per GB

B. No charge. It is free.

C. USD 0.02 per GB

D. USD 0.01 per GB

Reserved Instances are available for Multi-AZ Deployments.

A. True

B. False

Which service enables AWS customers to manage users and permissions in AWS?

A. AWS Access Control Service (ACS)

B. AWS Identity and Access Management (IAM)

C. AWS Identity Manager (AIM)

D. AWS Security Groups

Which Amazon Storage behaves like raw, unformatted, external block devices that you can attach to
your instances?

A. None of these.

B. Amazon Instance Storage

C. Amazon EBS
D. All of these

Which Amazon service can I use to define a virtual network that closely resembles a traditional data
center?

A. Amazon VPC

B. Amazon ServiceBus

C. Amazon EMR

D. Amazon RDS

What is the command line instruction for running the remote desktop client in Windows?

A. desk.cpl

B. mstsc

Amazon RDS automated backups and DB Snapshots are currently supported for only the ______
storage engine.

A. MyISAM

B. InnoDB

MySQL installations default to port _____.

A. 3306

B. 443

C. 80

D. 1158

If you have chosen Multi-AZ deployment, in the event of an outage of your primary DB Instance,
Amazon RDS automatically switches to the standby replica. The automatic failover mechanism
simply changes the ______ record of the main DB Instance to point to the standby DB Instance.

A. DNAME

B. CNAME

C. TXT
D. MX

If I modify a DB Instance or the DB parameter group associated with the instance, I should reboot
the instance for the changes to take effect?

A. True

B. False

If I want to run a database in an Amazon instance, which is the most recommended Amazon storage
option?

A. Amazon Instance Storage

B. Amazon EBS

C. You can't run a database inside an Amazon instance.

D. Amazon S3

In regards to IAM you can edit user properties later, but you cannot use the console to change the
_____.

A. user name

B. password

C. default group

If you add a tag that has the same key as an existing tag on a DB Instance, the new value overwrites
the old value.

A. FALSE

B. TRUE

Making your snapshot public shares all snapshot data with everyone. Can the snapshots with AWS
Marketplace product codes be made public?

A. No

B. Yes

Fill in the blanks: "To ensure failover capabilities, consider using a _____ for incoming traffic on a
network interface".
A. primary public IP

B. secondary private IP

C. secondary public IP

D. add on secondary IP

If I have multiple Read Replicas for my master DB Instance and I promote one of them, what happens
to the rest of the Read Replicas?

A. The remaining Read Replicas will still replicate from the older master DB Instance

B. The remaining Read Replicas will be deleted

C. The remaining Read Replicas will be combined to one read replica

What does Amazon CloudFormation provide?

A. The ability to setup Autoscaling for Amazon EC2 instances.

B. None of these.

C. A template resource creation for Amazon Web Services.

D. A template to map network resources for Amazon Web Services.

Can I encrypt connections between my application and my DB Instance using SSL?

A. No

B. Yes

C. Only in VPC

D. Only in certain regions

What are the four levels of AWS Premium Support?

A. Basic, Developer, Business, Enterprise

B. Basic, Startup, Business, Enterprise

C. Free, Bronze, Silver, Gold

D. All support is free

What can I access by visiting the URL: http://status.aws.amazon.com/ ?

A. Amazon Cloud Watch

B. Status of the Amazon RDS DB

C. AWS Service Health Dashboard

D. AWS Cloud Monitor

Please select the Amazon EC2 resource which cannot be tagged.

A. Images (AMIs, kernels, RAM disks)

B. Amazon EBS volumes

C. Elastic IP addresses

D. VPCs

Because of the extensibility limitations of striped storage attached to Windows Server, Amazon RDS
does not currently support increasing storage on a _____ DB Instance.

A. SQL Server

B. MySQL

C. Oracle

Through which of the following interfaces is AWS Identity and Access Management available?

A. AWS Management Console

B. Command line interface (CLI)

C. IAM Query API

D. All of the above

Select the incorrect statement.

A. In Amazon EC2, private IP address is only returned to Amazon EC2 when the instance is stopped or
terminated

B. In Amazon VPC, an instance retains its private IP address when the instance is stopped.
C. In Amazon VPC, an instance does NOT retain its private IP address when the instance is stopped.

D. In Amazon EC2, the private IP address is associated exclusively with the instance for its lifetime

How are the EBS snapshots saved on Amazon S3?

A. Exponentially

B. Incrementally

C. EBS snapshots are not stored in the Amazon S3

D. Decrementally

What is the type of monitoring data (for Amazon EBS volumes) which is available automatically in
5-minute periods at no charge called?

A. Basic

B. Primary

C. Detailed

D. Local

The new DB Instance that is created when you promote a Read Replica retains the backup window
period.

A. TRUE

B. FALSE

What happens when you create a topic on Amazon SNS?

A. The topic is created, and it has the name you specified for it.

B. An ARN (Amazon Resource Name) is created.

C. You can create a topic on Amazon SQS, not on Amazon SNS.

D. This question doesn't make sense.

Can I delete a snapshot of the root device of an EBS volume used by a registered AMI?

A. Only via API

B. Only via Console

C. Yes

D. No

New database versions will automatically be applied to AWS RDS instances as they become available.

A. True

B. False

What is the maximum response time for a Business level Premium Support case?

A. 120 seconds

B. 1 hour

C. 10 minutes

D. 12 hours

The _____ service is targeted at organizations with multiple users or systems that use AWS products
such as Amazon EC2, Amazon SimpleDB, and the AWS Management Console.

A. Amazon RDS

B. AWS Integrity Management

C. AWS Identity and Access Management

D. Amazon EMR

Without IAM, you cannot control the tasks a particular user or system can do and what AWS
resources they might use.

A. FALSE

B. TRUE

When you use the AWS Management Console to delete an IAM user, IAM also deletes any signing
certificates and any access keys belonging to the user.

A. FALSE

B. TRUE
When automatic failover occurs, Amazon RDS will emit a DB Instance event to inform you that
automatic failover occurred. You can use the _____ to return information about events related to
your DB Instance.

A. FetchFailure

B. DescribeFailure

C. DescribeEvents

D. FetchEvents

What is the default maximum number of MFA devices in use per AWS account (at the root account
level)?

A. 1

B. 5

C. 15

D. 10

Is there a limit to how many groups a user can be in?

A. Yes for all users except root

B. Yes unless special permission granted

C. Yes for all users

D. No

Do the Amazon EBS volumes persist independently from the running life of an Amazon EC2
instance?

A. Only if instructed to when created

B. Yes

C. No

Can we attach an EBS volume to more than one EC2 instance at the same time?

A. Yes
B. No

C. Only EC2-optimized EBS volumes.

D. Only in read mode.

Select the correct set of options. The initial settings for the default security group are:

A. Allow no inbound traffic, Allow all outbound traffic and Allow instances associated with this security
group to talk to each other

B. Allow all inbound traffic, Allow no outbound traffic and Allow instances associated with this security
group to talk to each other

C. Allow no inbound traffic, Allow all outbound traffic and Does NOT allow instances associated with this
security group to talk to each other

D. Allow all inbound traffic, Allow all outbound traffic and Does NOT allow instances associated with this
security group to talk to each other

What does Amazon Route53 provide?

A. A global Content Delivery Network.

B. None of these.

C. A scalable Domain Name System.

D. An SSH endpoint for Amazon EC2.

What does Amazon ElastiCache provide?

A. A service by this name doesn't exist. Perhaps you mean Amazon CloudCache.

B. A virtual server with a huge amount of memory.

C. A managed In-memory cache service.

D. An Amazon EC2 instance with the Memcached software already pre-installed.

What is the default per account limit of Elastic IPs?

A. 1

B. 3
C. 5

D. 0

What is a Security Group?

A. None of these.

B. A list of users that can access Amazon EC2 instances.

C. An Access Control List (ACL) for AWS resources.

D. It acts as a virtual firewall that controls the traffic for one or more instances.

Please select the Amazon EC2 resource which can be tagged.

A. Key pairs

B. Elastic IP addresses

C. Placement groups

D. EBS snapshots

D. EBS snapshots

What is Amazon Glacier?

A. It's a security tool that allows to "freeze" an EC2 instance and perform computer forensics on it.

B. A security tool that allows to "freeze" an EBS volume and perform computer forensics on it.

C. A low-cost storage service that provides secure and durable storage for data archiving and backup.

D. You mean Amazon "Iceberg": it's a low-cost storage service.

If an Amazon EBS volume is the root device of an instance, can I detach it without stopping the
instance?

A. Yes but only if Windows instance

B. No

C. Yes

D. Yes but only if a Linux instance

If you are using Amazon RDS Provisioned IOPS storage with MySQL and Oracle database engines,
you can scale the throughput of your database Instance by specifying the IOPS rate from _____ .

A. 1,000 to 1,00,000

B. 100 to 1,000

C. 10,000 to 1,00,000

D. 1,000 to 10,000

Every user you create in the IAM system starts with ______.

A. full permissions

B. no permissions

C. partial permissions

After an EC2-VPC instance is launched, can I change the VPC security groups it belongs to?

A. Only if the tag "VPC_Change_Group" is true

B. Yes

C. No

D. Only if the tag "VPC Change Group" is true

A______ is an individual, system, or application that interacts with AWS programmatically.

A. User

B. AWS Account

C. Group

D. Role

A. User

Select the correct statement:

A. You don't need not specify the resource identifier while stopping a resource

B. You can terminate, stop, or delete a resource based solely on its tags

C. You can't terminate, stop, or delete a resource based solely on its tags

D. You don't need to specify the resource identifier while terminating a resource

C. You can't terminate, stop, or delete a resource based solely on its tags

Can I initiate a "forced failover" for my MySQL Multi-AZ DB Instance deployment?

A. Only in certain regions

B. Only in VPC

C. Yes

D. No

C. Yes

A group can contain many users. Can a user belong to multiple groups?

A. Yes

B. No

C. Only if they are using two factor authentication

D. Only in VPC

A. Yes

Is the encryption of connections between my application and my DB Instance using SSL for the
MySQL server engines available?

A. Yes

B. Only in VPC

C. Only in certain regions

D. No

A. Yes
Which AWS instance address has the following characteristics? :"If you stop an instance, its Elastic
IP address is unmapped, and you must remap it when you restart the instance."

A. None of these

B. EC2-VPC Addresses

C. EC2-Classic Addresses

C. EC2-Classic Addresses

Please select the most correct answer regarding the persistence of the Amazon Instance Store:

A. The data on an instance store volume persists only during the life of the associated Amazon EC2 instance

B. The data on an instance store volume is lost when the security group rule of the associated instance is
changed.

C. The data on an instance store volume persists even after associated Amazon EC2 instance is deleted

A. The data on an instance store volume persists only during the life of the associated Amazon EC2
instance

Multi-AZ deployment is supported for Microsoft SQL Server DB Instances.

A. True

B. False

A. True

Security groups act like a firewall at the instance level, whereas _____ are an additional layer of
security that act at the subnet level.

A. DB Security Groups

B. VPC Security Groups

C. Network ACLs

C. Network ACLs

Does AWS allow for the use of Multi Factor Authentication tokens?

A. Yes, with both hardware or virtual MFA devices

B. Yes, but only virtual MFA devices.

C. Yes, but only physical (hardware) MFA devices.

D. No

A. Yes, with both hardware or virtual MFA devices

What does Amazon SWF stand for?

A. Simple Wireless Forms

B. Simple Web Form

C. Simple Work Flow

D. Simple Web Flow

C. Simple Work Flow

What does Amazon Elastic Beanstalk provide?

A. An application container on top of Amazon Web Services.

B. A scalable storage appliance on top of Amazon Web Services.

C. A scalable cluster of EC2 instances.

D. A service by this name doesn't exist.

A. An application container on top of Amazon Web Services.

Is the SQL Server Audit feature supported in the Amazon RDS SQL Server engine?

A. No

B. Yes

A. No

Are you able to integrate a multi-factor token service with the AWS Platform?

A. Yes, using the AWS multi-factor token devices to authenticate users on the AWS platform.

B. No, you cannot integrate multi-factor token devices with the AWS platform.
C. Yes, you can integrate private multi-factor token devices to authenticate users to the AWS platform.

A. Yes, using the AWS multi-factor token devices to authenticate users on the AWS platform.

My Read Replica appears "stuck" after a Multi-AZ failover and is unable to obtain or apply updates
from the source DB Instance. What do I do?

A. You will need to delete the Read Replica and create a new one to replace it.

B. You will need to disassociate the DB Engine and re associate it.

C. The instance should be deployed to Single AZ and then moved to Multi- AZ once again

D. You will need to delete the DB Instance and create a new one to replace it.

A. You will need to delete the Read Replica and create a new one to replace it.

Which DNS name can only be resolved within Amazon EC2?

A. Internal DNS name

B. External DNS name

C. Global DNS name

D. Private DNS name

A. Internal DNS name

If your DB instance runs out of storage space or file system resources, its status will change to _____ and
your DB Instance will no longer be available.

A. storage-overflow

B. storage-full

C. storage-exceed

D. storage-overage

B. storage-full

Will my standby RDS instance be in the same Availability Zone as my primary?

A. Only for Oracle RDS types

B. Only if configured at launch

C. Yes

D. No

D. No

Does Amazon RDS for SQL Server currently support importing data into the msdb database?

A. No

B. Yes

A. No

Does Route 53 support MX Records?

A. Yes

B. It supports CNAME records, but not MX records.

C. No

D. Only Primary MX records. Secondary MX records are not supported.

A. Yes

How can I change the security group membership for interfaces owned by other AWS services, such
as Elastic Load Balancing?

A. using all these methods

B. By using the service specific console or API\CLI commands

C. None of these

B. By using the service specific console or API\CLI commands

When you perform a restore operation to a point in time or from a DB Snapshot, a new DB Instance
is created with a new endpoint.

A. FALSE

B. TRUE

B. TRUE
Which Amazon storage do you think is the best for my database-style applications that frequently
encounter many random reads and writes across the dataset.

A. None of these

B. Amazon Instance Storage

C. Any of these

D. Amazon EBS

D. Amazon EBS

In a management network scenario, which interface on the instance handles public-facing traffic?

A. Primary network interface

B. Subnet interface

C. Secondary network interface

C. Secondary network interface

Select the correct set of steps for exposing the snapshot only to specific AWS accounts:

A. Select public for all the accounts and check mark those accounts with whom you want to expose the
snapshots and click save.

B. SelectPrivate, enter the IDs of those AWS accounts, and clickSave.

C. SelectPublic, enter the IDs of those AWS accounts, and clickSave.

D. SelectPublic, mark the IDs of those AWS accounts as private, and clickSave.

B. SelectPrivate, enter the IDs of those AWS accounts, and clickSave.

Is decreasing the storage size of a DB Instance permitted?

A. Depends on the RDMS used

B. Yes

C. No

C. No

When should I choose Provisioned IOPS over Standard RDS storage?

A. If you use production online transaction processing (OLTP) workloads.

B. If you have batch-oriented workloads

C. If you have workloads that are not sensitive to consistent performance

A. If you use production online transaction processing (OLTP) workloads.

In the 'Detailed' monitoring data available for your Amazon EBS volumes, Provisioned IOPS
volumes automatically send _____ minute metrics to Amazon CloudWatch.

A. 5

B. 2

C. 1

D. 3

C. 1

It is advised that you watch the Amazon CloudWatch _____ metric carefully and recreate the Read
Replica should it fall behind due to replication errors.

A. WriteLag

B. ReadReplica

C. ReplicaLag

D. SingleReplica

C. ReplicaLag

Can the string value of 'Key' be prefixed with ":aws:"?

A. No

B. Only for EC2 not S3

C. Yes

D. Only for S3 not EC2

A. No
By default, what happens to ENIs that are automatically created and attached to EC2 instances when
the attached instance terminates?

A. Remain as is

B. Terminate

C. Hibernate

D. Pause

B. Terminate

You can use _____ and _____ to help secure the instances in your VPC.

A. security groups and multi-factor authentication

B. security groups and 2-Factor authentication

C. security groups and biometric authentication

D. security groups and network ACLs

D. security groups and network ACLs

_____ is a durable, block-level storage volume that you can attach to a single, running Amazon EC2
instance.

A. Amazon S3

B. Amazon EBS

C. Amazon EFS

D. All of these

B. Amazon EBS

Do the Amazon EBS volumes persist independently from the running life of an Amazon EC2
instance?

A. No

B. Only if instructed to when created

C. Yes
C. Yes

If I want my instance to run on a single-tenant hardware, which value do I have to set the instance's
tenancy attribute to?

A. dedicated

B. isolated

C. one

D. reserved

A. dedicated

What does Amazon RDS stand for?

A. Regional Data Server.

B. Relational Database Service.

C. Nothing.

D. Regional Database Service.

B. Relational Database Service.

What does ec2-create-group do with respect to the Amazon EC2 security groups?

A. Creates a new rule inside the security group.

B. Creates a new security group for use with your account.

C. Creates a new group inside the security group.

D. Groups the user created security groups in to a new group for easy access.

B. Creates a new security group for use with your account.

What is the maximum response time for a Business level Premium Support case?

A. 30 minutes

B. You always get instant responses (within a few seconds).

C. 10 minutes
D. 1 hour

D. 1 hour

What does Amazon ELB stand for?

A. Elastic Linux Box

B. Encrypted Linux Box

C. Encrypted Load Balancing

D. Elastic Load Balancer

D. Elastic Load Balancer

What is the default VPC security group limit?

A. 500

B. 50

C. 5

D. There is no limit

A. 500

Location of Instances are _____

A. Regional

B. based on Availability Zone

C. Global

B. based on Availability Zone

Is there any way to own a direct connection to Amazon Web Services?

A. You can create an encrypted tunnel to VPC, but you don't own the connection.

B. Yes, it's called Amazon Dedicated Connection.

C. No, AWS only allows access from the public Internet.

D. Yes, it's called Direct Connect

D. Yes, it's called Direct Connect

You must assign each server to at least _____ security group?

A. 4

B. 3

C. 1

D. 2

C. 1

Does DynamoDB support in-place atomic updates?

A. It is not defined

B. No

C. Yes

D. It does support in-place non-atomic updates

C. Yes

Is there a method or command in the IAM system to allow or deny access to a specific instance?

A. Only for VPC based instances

B. Yes

C. No

C. No

What is an isolated database environment running in the cloud (Amazon RDS) called?

A. DB Instance

B. DB Unit

C. DB Server

D. DB Volume

A. DB Instance
What does Amazon SES stand for?

A. Simple Elastic Server.

B. Simple Email Service.

C. Software Email Solution.

D. Software Enabled Server.

B. Simple Email Service.

Amazon S3 doesn't automatically give a user who creates a _____ permission to perform other actions
on that bucket or object. Therefore, in your IAM policies, you must explicitly give users permission
to use the Amazon S3 resources they create.

A. file

B. bucket or object

C. bucket or file

D. object or file

B. bucket or object

Can I attach more than one policy to a particular entity?

A. Yes always

B. Only if within GovCloud

C. No

D. Only if within VPC

A. Yes always

A _____ is a storage device that moves data in sequences of bytes or bits (blocks). Hint: These devices
support random access and generally use buffered I/O.

A. block map

B. storage block

C. mapping device
D. block device

D. block device

Can I detach the primary (eth0) network interface when the instance is running or stopped?

A. Yes

B. No

C. Depends on the state of the interface at the time

B. No

What's an ECU?

A. Extended Cluster User.

B. None of these.

C. Elastic Computer Usage.

D. Elastic Compute Unit

D. Elastic Compute Unit

What is the charge for the data transfer incurred in replicating data between your primary and
standby?

A. No charge. It is free.

B. Double the standard data transfer charge

C. Same as the standard data transfer charge

D. Half of the standard data transfer charge

A. No charge. It is free.

Does AWS Direct Connect allow you access to all Availabilities Zones within a Region?

A. Depends on the type of connection

B. No

C. Yes
D. Only when there's just one availability zone in a region. If there are more than one, only one availability
zone can be accessed directly.

C. Yes

What does the "Server Side Encryption" option on Amazon S3 provide?

A. It provides an encrypted virtual disk in the Cloud.

B. It doesn't exist for Amazon S3, but only for Amazon EC2.

C. It encrypts the files that you send to Amazon S3, on the server side.

D. It allows to upload files using an SSL endpoint, for a secure transfer.

C. It encrypts the files that you send to Amazon S3, on the server side.

What does Amazon EBS stand for?

A. Elastic Block Storage.

B. Elastic Business Server.

C. Elastic Blade Server.

D. Elastic Block Store.

A. Elastic Block Storage.

Within the IAM service a GROUP is regarded as a:

A. A collection of AWS accounts

B. It's the group of EC2 machines that gain the permissions specified in the GROUP.

C. There's no GROUP in IAM, but only USERS and RESOURCES.

D. A collection of users.

D. A collection of users.

A _____ is the concept of allowing (or disallowing) an entity such as a user, group, or role some type
of access to one or more resources.

A. user

B. AWS Account
C. resource

D. permission

D. permission

After an Amazon EC2-VPC instance is launched, can I change the VPC security groups it belongs
to?

A. No

B. Yes

C. Only if you are the root user

D. Only if the tag "VPC_Change_Group" is true

B. Yes

Do the system resources on the Micro instance meet the recommended configuration for Oracle?

A. Yes completely

B. Yes but only for certain situations

C. Not in any circumstance

C. Not in any circumstance

Will I be charged if the DB instance is idle?

A. No

B. Yes

C. Only is running in GovCloud

D. Only if running in VPC

B. Yes

Can I move a Reserved Instance from one Region to another?

A. No

B. Yes
C. Only if they are moving into GovCloud

D. Only if they are moving to US East from another region

A. No

To help you manage your Amazon EC2 instances, images, and other Amazon EC2 resources, you can
assign your own metadata to each resource in the form of_____.

A. special filters

B. functions

C. tags

D. wildcards

C. tags

Are you able to integrate a multi-factor token service with the AWS Platform?

A. No, you cannot integrate multi-factor token devices with the AWS platform.

B. Yes, you can integrate private multi-factor token devices to authenticate users to the AWS platform.

C. Yes, using the AWS multi-factor token devices to authenticate users on the AWS platform.

C. Yes, using the AWS multi-factor token devices to authenticate users on the AWS platform.

When you add a rule to a DB security group, you do not need to specify port number or protocol.

A. Depends on the RDMS used

B. TRUE

C. FALSE

B. TRUE

Can I initiate a "forced failover" for my Oracle Multi-AZ DB Instance deployment?

A. Yes

B. Only in certain regions

C. Only in VPC
D. No

A. Yes

Amazon EC2 provides a repository of public data sets that can be seamlessly integrated into AWS
cloud- based applications. What is the monthly charge for using the public data sets?

A. A 1 time charge of 10$ for all the datasets.

B. 1$ per dataset per month

C. 10$ per month for all the datasets

D. There is no charge for using the public data sets

D. There is no charge for using the public data sets

In the Amazon RDS Oracle DB engine, the Database Diagnostic Pack and the Database Tuning Pack
are only available with _____.

A. Oracle Standard Edition

B. Oracle Express Edition

C. Oracle Enterprise Edition

D. None of these

C. Oracle Enterprise Edition

Without _____, you must either create multiple AWS accounts, each with its own billing and
subscriptions, or your employees must share the security credentials of a single AWS account.

A. Amazon RDS

B. Amazon Glacier

C. Amazon EMR

D. Amazon IAM

D. Amazon IAM

Amazon RDS supports SOAP only through _____.

A. HTTP or HTTPS
B. TCP/IP

C. HTTP

D. HTTPS

D. HTTPS

The Amazon EC2 web service can be accessed using the _____ web services messaging protocol. This
interface is described by a Web Services Description Language (WSDL) document.

A. SOAP

B. DCOM

C. CORBA

D. XML-RPC

A. SOAP

Is creating a Read Replica of another Read Replica supported?

A. Only in VPC

B. Yes

C. Only in certain regions

D. No

D. No

What is the charge for the data transfer incurred in replicating data between your primary and
standby?

A. Same as the standard data transfer charge

B. Double the standard data transfer charge

C. No charge. It is free

D. Half of the standard data transfer charge

C. No charge. It is free
HTTP Query-based requests are HTTP requests that use the HTTP verb GET or POST and a Query
parameter named _____.

A. Action

B. Value

C. Reset

D. Retrieve

A. Action

What happens to the I/O operations while you take a database snapshot?

A. I/O operations to the database are suspended for an hour while the backup is in progress.

B. I/O operations to the database are sent to a Replica (if available) for a few minutes while the backup is
in progress.

C. I/O operations will be functioning normally

D. I/O operations to the database are suspended for a few minutes while the backup is in progress.

D. I/O operations to the database are suspended for a few minutes while the backup is in progress.

Amazon RDS creates an SSL certificate and installs the certificate on the DB Instance when Amazon
RDS provisions the instance. These certificates are signed by a certificate authority. The _____ is
stored at https://rds.amazonaws.com/doc/rds-ssl-ca-cert.pem.

A. private key

B. foreign key

C. public key

D. protected key

A. private key

_____ embodies the "share-nothing" architecture and essentially involves breaking a large database
into several smaller databases.

A. Sharding

B. Failure recovery
C. Federation

D. DDL operations

A. Sharding

What is the name of licensing model in which I can use your existing Oracle Database licenses to run
Oracle deployments on Amazon RDS?

A. Bring Your Own License

B. Role Bases License

C. Enterprise License

D. License Included

A. Bring Your Own License

When you resize the Amazon RDS DB instance, Amazon RDS will perform the upgrade during the
next maintenance window. If you would rather perform the change now, specify the _____ option.

A. ApplyNow

B. ApplySoon

C. ApplyThis

D. ApplyImmediately

D. ApplyImmediately

Does Amazon Route 53 support NS Records?

A. Yes, it supports Name Service records.

B. No

C. It supports only MX records.

D. Yes, it supports Name Server records.

D. Yes, it supports Name Server records.

The SQL Server _____ feature is an efficient means of copying data from a source database to your
DB Instance. It writes the data that you specify to a data file, such as an ASCII file.
A. bulk copy

B. group copy

C. dual copy

D. mass copy

A. bulk copy

In Amazon CloudWatch, which metric should I be checking to ensure that your DB Instance has
enough free storage space?

A. FreeStorage

B. FreeStorageVolume

C. FreeStorageSpace

D. FreeStorageAllocation

C. FreeStorageSpace

When using consolidated billing there are two account types. What are they?

A. Paying account and Linked account

B. Parent account and Child account

C. Main account and Sub account.

D. Main account and Secondary account.

A. Paying account and Linked account

A _____ is a document that provides a formal statement of one or more permissions.

A. policy

B. permission

C. Role

D. resource

A. policy
In the Amazon RDS which uses the SQL Server engine, what is the maximum size for a Microsoft
SQL Server DB Instance with SQL Server Express edition?

A. 10 GB per DB

B. 100 GB per DB

C. 2 TB per DB

D. 1TB per DB

A. 10 GB per DB

Regarding the attaching of ENI to an instance, what does 'warm attach' refer to?

A. Attaching an ENI to an instance when it is stopped.

B. This question doesn't make sense.

C. Attaching an ENI to an instance when it is running

D. Attaching an ENI to an instance during the launch process

A. Attaching an ENI to an instance when it is stopped.

If I scale the storage capacity provisioned to my DB Instance by mid of a billing month, how will I be
charged?

A. you will be charged for the highest storage capacity you have used

B. on a proration basis

C. you will be charged for the lowest storage capacity you have used

B. on a proration basis

You can modify the backup retention period for AWS RDS. Valid values are 0 (for no backup
retention) to a maximum of _____ days.

A. 45

B. 35

C. 15

D. 5
B. 35

A Provisioned IOPS SSD volume must be at least _____ GB in size.

A. 1

B. 6

C. 20

D. 4

D. 4

Will I be alerted when automatic failover occurs?

A. Only if SNS configured

B. No

C. Yes

D. Only if Cloudwatch configured

C. Yes

You are a solutions architect working for a company that specializes in ingesting large data feeds
(using Kinesis) and then analyzing these feeds using Elastic Map Reduce (EMR). The results are then
stored on a custom MySQL database which is hosted on an EC2 instance which has 3 volumes, the
root/boot volume, and then 2 additional volumes which are striped in to a RAID 1. Your company
recently had an outage and lost some key data and have since decided that they will need to run
nightly back ups. Your application is only used during office hours, so you can afford to have some
down time in the middle of the night if required. You decide to take a snapshot of all three volumes
every 24 hours. In what manner should you do this?

A. Take a snapshot of each volume independently, while the EC2 instance is running.

B. Stop the EC2 instance and take a snapshot of each EC2 instance independently. Once the snapshots are
complete, start the EC2 instance and ensure that all relevant volumes are remounted.

C. Add two additional volumes to the existing RAID 0 volume and mirror these volumes creating a RAID
10. Take a snap of only the two new volumes.
D. Create a read replica of the existing EC2 instance and then take your snapshots from the read replica and
not the live EC2 instance.

B. Stop the EC2 instance and take a snapshot of each EC2 instance independently. Once the snapshots
are complete, start the EC2 instance and ensure that all relevant volumes are remounted.

What are the valid methodologies for encrypting data on S3?

A. Server Side Encryption (SSE)-S3, SSE-C, SSE-KMS or a client library such as Amazon S3 Encryption
Client.

B. Server Side Encryption (SSE)-S3, SSE-A, SSE-KMS or a client library such as Amazon S3 Encryption
Client.

C. Server Side Encryption (SSE)-S3, SSE-C, SSE-SSL or a client library such as Amazon S3 Encryption
Client.

D. Server Side Encryption (SSE)-S3, SSE-C, SSE-SSL or a server library such as Amazon S3 Encryption
Client.

A. Server Side Encryption (SSE)-S3, SSE-C, SSE-KMS or a client library such as Amazon S3
Encryption Client.

In Identity and Access Management, when you first create a new user, certain security credentials
are automatically generated. Which of the below are valid security credentials?

A. Access Key ID, Authorized Key

B. Private Key, Secret Access Key

C. Private Key, Authorized Key

D. Access Key ID, Secret Access Key

D. Access Key ID, Secret Access Key

Amazon Web Services offer 3 different levels of support, which of the below are valid support levels.

A. Corporate, Business, Developer

B. Enterprise, Business, Developer

C. Enterprise, Business, Free Tier

D. Enterprise, Company, Free Tier

B. Enterprise, Business, Developer

You are a solutions architect working for a large digital media company. Your company is migrating
their production estate to AWS and you are in the process of setting up access to the AWS console
using Identity Access Management (IAM). You have created 5 users for your system administrators.
What further steps do you need to take to enable your system administrators to get access to the AWS
console?

A. Generate an Access Key ID & Secret Access Key, and give these to your system administrators.

B. Enable multi-factor authentication on their accounts and define a password policy.

C. Generate a password for each user created and give these passwords to your system administrators.

D. Give the system administrators the secret access key and access key id, and tell them to use these
credentials to log in to the AWS console.

C. Generate a password for each user created and give these passwords to your system
administrators.

Amazon S3 buckets in all Regions provide which of the following?

A. Read-after-write consistency for PUTS of new objects AND Strongly consistent for POST & DELETES

B. Read-after-write consistency for POST of new objects AND Eventually consistent for overwrite PUTS
& DELETES

C. Read-after-write consistency for PUTS of new objects AND Eventually consistent for overwrite PUTS
& DELETES

D. Read-after-write consistency for POST of new objects AND Strongly consistent for POST & DELETES

C. Read-after-write consistency for PUTS of new objects AND Eventually consistent for overwrite PUTS
& DELETES

What function of an AWS VPC is stateless?

A. Security Groups

B. Elastic Load Balancers

C. Network Access Control Lists

D. EC2

C. Network Access Control Lists

Which of the following services allows you root access (i.e. you can login using SSH)?

A. Elastic Load Balancer

B. Elastic Map Reduce

C. Elasticache

D. RDS

B. Elastic Map Reduce

When trying to grant an amazon account access to S3 using access control lists what method of
identification should you use to identify that account with?

A. The email address of the account or the canonical user ID

B. The AWS account number

C. The ARN

D. An email address with a 2FA token Submit

A. The email address of the account or the canonical user ID

You are a solutions architect working for a large oil and gas company. Your company runs their
production environment on AWS and has a custom VPC. The VPC contains 3 subnets, 1 of which is
public and the other 2 are private. Inside the public subnet is a fleet of EC2 instances which are the
result of an autoscaling group. All EC2 instances are in the same security group. Your company has
created a new custom application which connects to mobile devices using a custom port. This
application has been rolled out to production and you need to open this port globally to the internet.
What steps should you take to do this, and how quickly will the change occur?

A. Open the port on the existing network Access Control List. Your EC2 instances will be able to
communicate on this port after a reboot.

B. Open the port on the existing network Access Control List. Your EC2 instances will be able to
communicate over this port immediately.
C. Open the port on the existing security group. Your EC2 instances will be able to communicate over this
port immediately.

D. Open the port on the existing security group. Your EC2 instances will be able to communicate over this
port as soon as the relevant Time To Live (TTL) expires.

C. Open the port on the existing security group. Your EC2 instances will be able to communicate
over this port immediately.

Which of the following is not supported by AWS Import/Export?

A. Import to Amazon S3

B. Export from Amazon S3

C. Import to Amazon EBS

D. Import to Amazon Glacier

E. Export to Amazon Glacier

E. Export to Amazon Glacier

Which of the following is not a service of the security category of the AWS trusted advisor service?

A. Security Groups - Specific Ports Unrestricted

B. MFA on Root Account

C. IAM Use

D. Vulnerability scans on existing VPCs.

D. Vulnerability scans on existing VPCs.

You work for a market analysis firm who are designing a new environment. They will ingest large
amounts of market data via Kinesis and then analyze this data using Elastic Map Reduce. The data
is then imported in to a high performance NoSQL Cassandra database which will run on EC2 and
then be accessed by traders from around the world. The database volume itself will sit on 2 EBS
volumes that will be grouped into a RAID 0 volume. They are expecting very high demand during
peak times, with an IOPS performance level of approximately 15,000. Which EBS volume should you
recommend?

A. Magnetic
B. General Purpose SSD

C. Provisioned IOPS (PIOPS)

D. Turbo IOPS (TIOPS)

C. Provisioned IOPS (PIOPS)

What are the different types of virtualization available on EC2?

A. Pseudo-Virtual (PV) & Hardware Virtual Module (HSM)

B. Para-Virtual (PV) & Hardware Virtual Machine (HVM)

C. Pseudo-Virtual (PV) & Hardware Virtual Machine (HVM)

D. Para-Virtual (PV) & Hardware Virtual Module (HSM)

Submit

B. Para-Virtual (PV) & Hardware Virtual Machine (HVM)

Which of the following is not a valid configuration type for AWS Storage gateway.

A. Gateway-accessed volumes

B. Gateway-cached volumes

C. Gateway-stored volumes

D. Gateway-Virtual Tape Library

A. Gateway-accessed volumes

You have started a new role as a solutions architect for an architectural firm that designs large sky
scrapers in the Middle East. Your company hosts large volumes of data and has about 250Tb of data
on internal servers. They have decided to store this data on S3 due to the redundancy offered by it.
The company currently has a telecoms line of 2Mbps connecting their head office to the internet.
What method should they use to import this data on to S3 in the fastest manner possible.

A. Upload it directly to S3

B. Purchase and AWS Direct connect and transfer the data over that once it is installed.

C. AWS Data pipeline

D. AWS Import/Export

D. AWS Import/Export

You are designing a site for a new start up which generates cartoon images for people automatically.
Customers will log on to the site, upload an image which is stored in S3. The application then passes
a job to AWS SQS and a fleet of EC2 instances poll the queue to receive new processing jobs. These
EC2 instances will then turn the picture in to a cartoon and will then need to store the processed job
somewhere. Users will typically download the image once (immediately), and then never download
the image again. What is the most commercially feasible method to store the processed images?

A. Rather than use S3, store the images inside a BLOB on RDS with Multi-AZ configured for redundancy.

B. Store the images on S3 RRS, and create a lifecycle policy to delete the image after 24 hours.

C. Store the images on glacier instead of S3.

D. Use elastic block storage volumes to store the images.

B. Store the images on S3 RRS, and create a lifecycle policy to delete the image after 24 hours.

Which of the following is NOT a valid SNS subscribers?

A. Lambda

B. SWF

C. SQS

D. Email

E. HTTPS

F. SMS

B. SWF

You are appointed as your company's Chief Security Officer and you want to be able to track all
changes made to your AWS environment, by all users and at all times, in all regions. What AWS
service should you use to achieve this?
A. CloudAudit

B. CloudWatch

C. CloudTrail

D. CloudDetective

C. CloudTrail

You have a high performance compute application and you need to minimize network latency
between EC2 instances as much as possible. What can you do to achieve this?

A. Use Elastic Load Balancing to load balance traffic between availability zones

B. Create a CloudFront distribution and to cache objects from an S3 bucket at Edge Locations.

C. Create a placement group within an Availability Zone and place the EC2 instances within that placement
group.

D. Deploy your EC2 instances within the same region, but in different subnets and different availability
zones so as to maximize redundancy.

C. Create a placement group within an Availability Zone and place the EC2 instances within that
placement group.

Amazon S3 buckets in the US Standard region do not provide eventual consistency.

A. True

B. False

B. False

Placement Groups can be created across 2 or more Availability Zones.

A. True

B. False

B. False

You can add multiple volumes to an EC2 instance and then create your own RAID 5/RAID 10/RAID
0 configurations using those volumes.
A. True

B. False

A. True

You are creating your own relational database on an EC2 instance and you need to maximize IOPS
performance. What can you do to achieve this goal?

A. Add a single additional volume to the EC2 instance with provisioned IOPS.

B. Create the database on an S3 bucket.

C. Add multiple additional volumes with provisioned IOPS and then create a RAID 0 stripe across those
volumes.

D. Attach the single volume to multiple EC2 instances so as to maximize performance.

C. Add multiple additional volumes with provisioned IOPS and then create a RAID 0 stripe across
those volumes.

Which of the services below do you get root access to?

A. Elasticache & Elastic MapReduce

B. RDS & DynamoDB

C. EC2 & Elastic MapReduce

D. Elasticache & DynamoDB

C. EC2 & Elastic MapReduce

Using SAML (Security Assertion Markup Language 2.0) you can give your federated users single
sign-on (SSO) access to the AWS Management Console.

A. True

B. False

A. True

You can have 1 subnet stretched across multiple availability zones.

A. True
B. False

B. False

When you create new subnets within a custom VPC, by default they can communicate with each
other, across availability zones.

A. True

B. False

A. True

It is possible to transfer a reserved instance from one Availability Zone to another.

A. True

B. False

A. True

You have an EC2 instance which needs to find out both its private IP address and its public IP
address. To do this you need to;

A. Run IPCONFIG (Windows) or IFCONFIG (Linux)

B. Retrieve the instance Metadata from http://169.254.169.254/latest/meta-data/

C. Retrieve the instance Userdata from http://169.254.169.254/latest/meta-data/

D. Use the following command; AWS EC2 displayIP

B. Retrieve the instance Metadata from http://169.254.169.254/latest/meta-data/

To retrieve instance metadata you will need to use the following IP Address;

A. http://127.0.0.1

B. http://192.168.0.254

C. http://10.0.0.1

D. http://169.254.169.254

D. http://169.254.169.254
Amazon S3 buckets in all other regions (other than US Standard) provide read-after-write
consistency for PUTS of new objects.

A. True

B. False

A. True

Amazon S3 buckets in all other regions (other than US Standard) do not provide eventual consistency
for overwrite PUTS and DELETES.

A. True

B. False

B. False

Amazon S3 provides;

A. Unlimited File Size for Objects

B. Unlimited Storage

C. A great place to run a No SQL database from

D. The ability to act as a web server for dynamic content (i.e. can query a database)

B. Unlimited Storage

In order to enable encryption at rest using EC2 and Elastic Block Store you need to

A. Configure encryption when creating the EBS volume

B. Configure encryption using the appropriate Operating Systems file system

C. Configure encryption using X.509 certificates

D. Mount the EBS volume in to S3 and then encrypt the bucket using a bucket policy.

A. Configure encryption when creating the EBS volume

You can select a specific Availability Zone in which to place your DynamoDB Table

A. True

B. False
B. False

When creating an RDS instance you can select which availability zone in which to deploy your
instance.

A. True

B. False

A. True

Amazon's Redshift uses which block size for its columnar storage?

A. 2KB

B. 8KB

C. 16KB

D. 32KB

E. 1024KB / 1MB

E. 1024KB / 1MB

You run a website which hosts videos and you have two types of members, premium fee paying
members and free members. All videos uploaded by both your premium members and free members
are processed by a fleet of EC2 instances which will poll SQS as videos are uploaded. However you
need to ensure that your premium fee paying members videos have a higher priority than your free
members. How do you design SQS?

A. SQS allows you to set priorities on individual items within the queue, so simply set the fee paying
members at a higher priority than your free members.

B. Create two SQS queues, one for premium members and one for free members. Program your EC2 fleet
to poll the premium queue first and if empty, to then poll your free members SQS queue.

C. SQS would not be suitable for this scenario. It would be much better to use SNS to encode the videos.

Submit

B. Create two SQS queues, one for premium members and one for free members. Program your EC2
fleet to poll the premium queue first and if empty, to then poll your free members SQS queue.
You have uploaded a file to S3. What HTTP code would indicate that the upload was successful?

A. HTTP 404

B. HTTP 501

C. HTTP 200

D. HTTP 307

C. HTTP 200

You are hosting a MySQL database on the root volume of an EC2 instance. The database is using a
large amount of IOPs and you need to increase the IOPs available to it. What should you do?

A. Migrate the database to an S3 bucket.

B. Migrate the database to Glacier.

C. Add 4 additional EBS SSD volumes and create a RAID 10 using these volumes.

D. Use Cloud Front to cache the database.

You have been asked to create VPC for your company. The VPC must support both Internet-facing
web applications (ie they need to be publicly accessible) and internal private applications (i.e. they
are not publicly accessible and can be accessed only over VPN). The internal private applications
must be inside a private subnet. Both the internet-facing and private applications must be able to
leverage at least three Availability Zones for high availability. At a minimum, how many subnets
must you create within your VPC to achieve this?

A. 5

B. 3

C. 4

D. 6

D. 6

You work for a cosmetic company which has their production website on AWS. The site itself is in a
two-tier configuration with web servers in the front end and database servers at the back end. The
site uses using Elastic Load Balancing and Auto Scaling. The databases maintain consistency by
replicating changes to each other as and when they occur. This requires the databases to have
extremely low latency. Your website needs to be highly redundant and must be designed so that if
one availability zone goes offline and Auto Scaling cannot launch new instances in the remaining
Availability Zones the site will not go offline. How can the current architecture be enhanced to ensure
this?

A. Deploy your site in three different AZ's within the same region. Configure the Auto Scaling minimum
to handle 50 percent of the peak load per zone.

B. Deploy your website in 2 different regions. Configure Route53 with a failover routing policy and set up
health checks on the primary site.

C. Deploy your site in three different AZ's within the same region. Configure the Auto Scaling minimum
to handle 33 percent of the peak load per zone.

D. Deploy your website in 2 different regions. Configure Route53 with Weighted Routing. Assign a weight
of 25% to region 1 and a weight of 75% to region 2.

A. Deploy your site in three different AZ's within the same region. Configure the Auto Scaling
minimum to handle 50 percent of the peak load per zone.

You working in the media industry and you have created a web application where users will be able
to upload photos they create to your website. This web application must be able to call the S3 API in
order to be able to function. Where should you store your API credentials whilst maintaining the
maximum level of security.

A. Save the API credentials to your php files.

B. Don't save your API credentials. Instead create a role in IAM and assign this role to an EC2 instance
when you first create it.

C. Save your API credentials in a public Github repository.

D. Pass API credentials to the instance using instance userdata.

B. Don't save your API credentials. Instead create a role in IAM and assign this role to an EC2
instance when you first create it.

You are a systems administrator and you need to monitor the health of your production environment.
You decide to do this using Cloud Watch, however you notice that you cannot see the health of every
important metric in the default dash board. Which of the following metrics do you need to design a
custom cloud watch metric for, when monitoring the health of your EC2 instances?

A. CPU Usage

B. Memory usage

C. Disk read operations

D. Network in

E. Estimated charges

B. Memory usage

You are a student currently learning about the different AWS services. Your employer asks you to
tell him a bit about Amazon's glacier service. Which of the following best describes the use cases for
Glacier?

A. Infrequently accessed data & data archives

B. Hosting active databases

C. Replicating Files across multiple availability zones and regions

D. Frequently Accessed Data

A. Infrequently accessed data & data archives

You work for a toy company that has a busy online store. As you are approaching christmas you find
that your store is getting more and more traffic. You ensure that the web tier of your store is behind
an Auto Scaling group, however you notice that the web tier is frequently scaling, sometimes multiple
times in an hour, only to scale back after peak usage. You need to prevent this so that Auto Scaling
does not scale as rapidly, just to scale back again. What option would help you to achieve this?

A. Configure Auto Scaling to terminate your oldest instances first, then adjust your CloudWatch alarm.

B. Configure Auto Scaling to terminate your newest instances first, then adjust your CloudWatch alarm.

C. Change your Auto Scaling so that it only scales at scheduled times.

D. Modify the Auto Scaling group cool-down timers & modify the Amazon CloudWatch alarm period that
triggers your Auto Scaling scale down policy.
D. Modify the Auto Scaling group cool-down timers & modify the Amazon CloudWatch alarm period
that triggers your Auto Scaling scale down policy.

You work in the genomics industry and you process large amounts of genomic data using a nightly
Elastic Map Reduce (EMR) job. This job processes a single 3 Tb file which is stored on S3. The EMR
job runs on 3 on-demand core nodes and four on-demand task nodes. The EMR job is now taking
longer than anticipated and you have been asked to advise how to reduced the completion time?

A. Use four Spot Instances for the task nodes rather than four On-Demand instances.

B. You should reduce the input split size in the MapReduce job configuration and then adjust the number
of simultaneous mapper tasks so that more tasks can be processed at once.

C. Store the file on Elastic File Service instead of S3 and then mount EFS as an independent volume for
your core nodes.

D. Configure an independent VPC in which to run the EMR jobs and then mount EFS as an independent
volume for your core nodes.

E. Enable termination protection for the job flow.

B. You should reduce the input split size in the MapReduce job configuration and then adjust the
number of simultaneous mapper tasks so that more tasks can be processed at once.

By definition a public subnet within a VPC is one that;

A. In it's routing table it has at least one route that uses an Internet Gateway (IGW).

B. Has at least one route in it's routing table that routes via a Network Address Translation (NAT) instance.

C. Where the the Network Access Control List (NACL) permitting outbound traffic to 0.0.0.0/0.

D. Has had the public subnet check box ticked when setting up this subnet in the VPC console.

A. In it's routing table it has at least one route that uses an Internet Gateway (IGW).

You have been asked to identify a service on AWS that is a durable key value store. Which of the
services below meets this definition?

A. Mobile Hub

B. Kinesis
C. Simple Storage Service (S3)

D. Elastic File Service (EFS)

C. Simple Storage Service (S3)

You are a security architect working for a large antivirus company. The production environment has
recently been moved to AWS and is in a public subnet. You are able to view the production
environment over HTTP however when your customers try to update their virus definition files over
a custom port, that port is blocked. You log in to the console and you allow traffic in over the custom
port. How long will this take to take effect?

A. Straight away but to the new instances only.

B. Immediately.

C. After a few minutes this should take effect.

D. Straight away to the new instances, but old instances must be stopped and restarted before the new rules
apply.

B. Immediately.

You are a solutions architect working for a biotech company who is pioneering research in
immunotherapy. They have developed a new cancer treatment that may be able to cure up to 94%
of cancers. They store their research data on S3, however recently an intern accidentally deleted some
critical files. You've been asked to prevent this from happening in the future. What options below
can prevent this?

A. Make sure the interns can only access data on S3 using signed URLs.

B. Enable S3 versioning on the bucket & enable Enable Multifactor Authentication (MFA) on the bucket.

C. Use S3 Infrequently Accessed storage to store the data on.

D. Create an IAM bucket policy that disables deletes. Submit

B. Enable S3 versioning on the bucket & enable Enable Multifactor Authentication (MFA) on the
bucket.
You run an automobile reselling company that has a popular online store on AWS. The application
sits behind an Auto Scaling group and requires new instances of the Auto Scaling group to identify
their public and private IP addresses. How can you achieve this?

A. By using Ipconfig for windows or Ifconfig for Linux.

B. By using a cloud watch metric.

C. Using a Curl or Get Command to get the latest meta-data from http://169.254.169.254/latest/meta-data/

D. Using a Curl or Get Command to get the latest user-data from http://169.254.169.254/latest/user-data/

C. Using a Curl or Get Command to get the latest meta-data from http://169.254.169.254/latest/meta-
data/

You are a solutions architect who has been asked to do some consulting for a US company that
produces re-useable rocket parts. They have a new web application that needs to be built and this
application must be stateless. Which three services could you use to achieve this?

A. AWS Storage Gateway, Elasticache & ELB

B. ELB, Elasticache & RDS

C. Cloudwatch, RDS & DynamoDb

D. RDS, DynamoDB & Elasticache.

D. RDS, DynamoDB & Elasticache.

Your company has decided to set up a new AWS account for test and dev purposes. They already use
AWS for production, but would like a new account dedicated for test and dev so as to not accidentally
break the production environment. You launch an exact replica of your production environment
using a CloudFormation template that your company uses in production. However CloudFormation
fails. You use the exact same CloudFormation template in production, so the failure is something to
do with your new AWS account. The CloudFormation template is trying to launch 60 new EC2
instances in a single AZ. After some research you discover that the problem is;

A. For all new AWS accounts there is a soft limit of 20 EC2 instances per region. You should submit the
limit increase form and retry the template after your limit has been increased.

B. For all new AWS accounts there is a soft limit of 20 EC2 instances per availability zone. You should
submit the limit increase form and retry the template after your limit has been increased.
C. You cannot launch more than 20 instances in your default VPC, instead reconfigure the CloudFormation
template to provision the instances in a custom VPC.

D. Your CloudFormation template is configured to use the parent account and not the new account. Change
the account number in the CloudFormation template and relaunch the template.

A. For all new AWS accounts there is a soft limit of 20 EC2 instances per region. You should submit
the limit increase form and retry the template after your limit has been increased.

You work for a famous bakery who are deploying a hybrid cloud approach. Their legacy IBM AS400
servers will remain on premise within their own datacenter however they will need to be able to
communicate to the AWS environment over a site to site VPN connection. What do you need to do to
establish the VPN connection?

A. Connect to the environment using AWS Direct Connect.

B. Assign a public IP address to your Amazon VPC Gateway.

C. Create a dedicated NAT and deploy this to the public subnet.

D. Update your route table to add a route for the NAT to 0.0.0.0/0.

B. Assign a public IP address to your Amazon VPC Gateway.

You work for a major news network in Europe. They have just released a new app which allows users
to report on events as and when they happen using their mobile phone. Users are able to upload
pictures from the app and then other users will be able to view these pics. Your organization expects
this app to grow very quickly, essentially doubling it's user base every month. The app uses S3 to
store the media and you are expecting sudden and large increases in traffic to S3 when a major news
event takes place (as people will be uploading content in huge numbers). You need to keep your
storage costs to a minimum however and it does not matter if some objects are lost. Which storage
media should you use to keep costs as low as possible?

A. S3 - Infrequently Accessed Storage.

B. S3 - Reduced Redundancy Storage (RRS).

C. Glacier.

D. S3 - Provisioned IOPS.

B. S3 - Reduced Redundancy Storage (RRS).

You have developed a new web application in us-west-2 that requires six Amazon Elastic Compute
Cloud (EC2) instances running at all times. You have three availability zones available in that region
(us-west-2a, us-west-2b, and us-west-2c). You need 100 percent fault tolerance if any single
Availability Zone in us-west-2 becomes unavailable. How would you do this, each answer has 2
answers, select the answer with BOTH correct answers.

A. Answer 1 - Us-west-2a with two EC2 instances, us-west-2b with two EC2 instances, and us-west-2c
with two EC2 instances. Answer 2 - Us-west-2a with six EC2 instances, us-west-2b with six EC2 instances,
and us-west-2c with no EC2 instances

B. Answer 1 - Us-west-2a with six EC2 instances, us-west-2b with six EC2 instances, and us-west-2c with
no EC2 instances. Answer 2 - Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances,
and us-west-2c with three EC2 instances.

C. Answer 1 - Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c
with no EC2 instances. Answer 2 - Us-west-2a with three EC2 instances, us-west-2b with three EC2
instances, and us-west-2c with three EC2 instances.

D. Answer 1 - Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c
with three EC2 instances. Answer 2 - Us-west-2a with four EC2 instances, us-west-2b with two EC2
instances, and us-west-2c with two EC2 instances.

B. Answer 1 - Us-west-2a with six EC2 instances, us-west-2b with six EC2 instances, and us-west-2c
with no EC2 instances. Answer 2 - Us-west-2a with three EC2 instances, us-west-2b with three EC2
instances, and us-west-2c with three EC2 instances.

You need to add a route to your routing table in order to allow connections to the internet from your
subnet. What route should you add?

A. Destination: 192.168.1.258/0 --> Target: your Internet gateway

B. Destination: 0.0.0.0/33 --> Target: your virtual private gateway

C. Destination: 0.0.0.0/0 --> Target: 0.0.0.0/24

D. Destination: 10.0.0.0/32 --> Target: your virtual private gateway

E. Destination: 0.0.0.0/0 --> Target: your Internet gateway

E. Destination: 0.0.0.0/0 --> Target: your Internet gateway

You work for a construction company that has their production environment in AWS. The
production environment consists of 3 identical web servers that are launched from a standard
Amazon linux AMI using Auto Scaling. The web servers are launched in to the same public subnet
and belong to the same security group. They also sit behind the same ELB. You decide to do some
test and dev and you launch a 4th EC2 instance in to the same subnet and same security group.
Annoyingly your 4th instance does not appear to have internet connectivity. What could be the cause
of this?

A. You need to update your routing table so as to provide a route out for this instance.

B. Assign an elastic IP address to the fourth instance.

C. You have not configured a NAT in the public subnet.

D. You have not configured a routable IP address in the host OS of the fourth instance.

B. Assign an elastic IP address to the fourth instance.

With which AWS orchestration service can you implement Chef recipes?

A. CloudFormation

B. Elastic Beanstalk

C. Opsworks

D. Lambda

C. Opsworks