AWS All Questions
AWS All Questions
D. Coordinate synchronous and asynchronous tasks which are distributed and fault tolerant.
If I modify a DB Instance or the DB parameter group associated with the instance, should I reboot
the instance for the changes to take effect?
A. No
B. Yes
When you view the block device mapping for your instance, you can see only the EBS volumes, not
the instance store volumes.
B. FALSE
D. TRUE
By default, EBS volumes that are created and attached to an instance at launch are deleted when that
instance is terminated. You can modify this behavior by changing the value of the flag _____ to false
when you launch the instance.
A. DeleteOnTermination
B. RemoveOnDeletion
C. RemoveOnTermination
D. TerminateOnDeletion
What will be the status of the snapshot until the snapshot is complete.
A. running
B. working
C. progressing
D. pending
Can an EBS volume be attached to more than one EC2 instance at the same time?
A. No
B. Yes.
A. TRUE
B. FALSE
A. Six: Amazon Aurora, Oracle, Microsoft SQL Server, PostgreSQL, MySQL and MariaDB
Fill in the blanks: The base URI for all requests for instance metadata is _____
A. http://254.169.169.254/latest/
B. http://169.169.254.254/latest/
C. http://127.0.0.1/latest/
D. http://169.254.169.254/latest/
While creating the snapshots using the the command line tools, which command should I be using?
A. ec2-deploy-snapshot
B. ec2-fresh-snapshot
C. ec2-create-snapshot
D. ec2-new-snapshot
C. Service-based
A. FreeStorage
B. FreeStorageSpace
C. FreeStorageVolume
D. FreeDBStorageSpace
A. Amazon S3
C. Amazon RDS
D. Amazon EMR
B. 64 Unicode characters
A. 40
B. 20
C. 50
D. 10
Changes to the backup window take effect ______.
B. after 30 minutes
C. immediately
D. after 24 hours
Using Amazon CloudWatch's Free Tier, what is the frequency of metric updates which you receive?
A. 5 minutes
B. 500 milliseconds.
C. 30 seconds
D. 1 minute
A. eu-west-1
B. us-east-1
C. us-east-2
D. ap-southeast-1
A. They don't exist. The Amazon EC2 AMI tools, instead, are used to manage permissions.
D. They don't exist. The Amazon API tools are a client interface to Amazon Web Services.
What are the two types of licensing options available for using Amazon RDS for Oracle?
A. A security group in which only tasks inside can communicate with each other
D. No
B. You can resume them, if you flag the "resume on failure" option before uploading.
C. Resume on failure
Fill in the blanks : _____ let you categorize your EC2 resources in different ways, for example, by
purpose, owner, or environment.
A. wildcards
B. pointers
C. tags
D. special filters
How can I change the security group membership for interfaces owned by other AWS, such as Elastic
Load Balancing?
A. By using the service specific console or API\CLI commands
B. None of these
What is the maximum write throughput I can provision per table for a single DynamoDB table?
C. Designed to scale without limits, but if you go beyond 40,000 us east/10,000 all other regions you have
to contact AWS first.
D. There is no limit
A. 99.99%
B. 99.95%
C. 99.995%
D. 99.999999999%
A. 20
B. 5
C. 10
D. 15
True or False: When you perform a restore operation to a point in time or from a DB Snapshot, a
new DB Instance is created with a new endpoint.
A. FALSE
B. TRUE
A/An _____ acts as a firewall that controls the traffic allowed to reach one or more instances.
A. security group
B. ACL
C. IAM
D. Private IP Addresses
B. Yes
D. No
While launching an RDS DB instance, on which page I can select the Availability Zone?
A. Review
B. DB Instance Details
C. Management Options
D. Additional Configuration
What does the ec2-create-group command do with respect to the Amazon EC2 security groups?
A. Groups the user created security groups in to a new group for easy access.
In the Launch Db Instance Wizard, where can I select the backup and maintenance options?
A. DB Instance Details
B. Review
C. Management Options
D. Engine Selection
You are charged for the IOPS and storage whether or not you use them in a given month?
A. FALSE
B. TRUE
IAM provides several policy templates you can use to automatically assign permissions to the groups
you create. The _____ policy template gives the Admins group permission to access all account
resources, except your AWS account information.
D. Administrator Access
While performing volume status checks using volume status checks, if the status is insufficient-data,
if the status is 'insufficient-data', what does it mean?
By default, when an EBS volume is attached to a Windows instance, it may show up as any drive
letter on the instance. You can change the settings of the _____ Service to set the drive letters of the
EBS volumes per your specifications.
A. EBSConfig Service
B. AMIConfig Service
C. Ec2Config Service
D. Ec2-AMIConfig Service
A. True
B. False
Does Amazon RDS allow direct host access via Telnet, Secure Shell (SSH), or Windows Remote
Desktop Connection?
A. Yes
B. No
To view information about an Amazon EBS volume, open the Amazon EC2 console, go to EC2, click
_____ in the Navigation pane.
A. EBS
B. Describe
C. Details
D. Volumes
A. True
B. False
While creating an EC2 snapshot using the API, which Action should I be using?
A. MakeSnapShot
B. FreshSnapshot
C. DeploySnapshot
D. CreateSnapshot
While signing in REST/ Query requests, for additional security, you should transmit your requests
using Secure Sockets Layer (SSL) by using _____.
A. HTTP
D. HTTPS
What happens to the I/O operations while you take a database snapshot in a single AZ database?
A. I/O operations to the database are suspended for a few minutes while the backup is in progress.
B. I/O operations to the database are sent to a Replica (if available) for a few minutes while the backup is
in progress.
D. I/O operations to the database are suspended for an hour while the backup is in progress
Read Replicas require a transactional storage engine and are only supported for the _____ storage
engine.
A. OracleISAM
B. MSSQLDB
C. InnoDB
D. MyISAM
When running my DB Instance as a Multi-AZ deployment, can I use the standby for read or write
operations?
A. Yes
D. No
A. 3
B. 1
C. 5
D. 2
What is the minimum charge for the data transferred between Amazon RDS and Amazon EC2
Instances in the same Availability Zone?
B. No charge. It is free.
A. True
B. False
Which service enables AWS customers to manage users and permissions in AWS?
Which Amazon Storage behaves like raw, unformatted, external block devices that you can attach to
your instances?
A. None of these.
C. Amazon EBS
D. All of these
Which Amazon service can I use to define a virtual network that closely resembles a traditional data
center?
A. Amazon VPC
B. Amazon ServiceBus
C. Amazon EMR
D. Amazon RDS
What is the command line instruction for running the remote desktop client in Windows?
A. desk.cpl
B. mstsc
Amazon RDS automated backups and DB Snapshots are currently supported for only the ______
storage engine.
A. MyISAM
B. InnoDB
A. 3306
B. 443
C. 80
D. 1158
If you have chosen Multi-AZ deployment, in the event of an outage of your primary DB Instance,
Amazon RDS automatically switches to the standby replica. The automatic failover mechanism
simply changes the ______ record of the main DB Instance to point to the standby DB Instance.
A. DNAME
B. CNAME
C. TXT
D. MX
If I modify a DB Instance or the DB parameter group associated with the instance, I should reboot
the instance for the changes to take effect?
A. True
B. False
If I want to run a database in an Amazon instance, which is the most recommended Amazon storage
option?
B. Amazon EBS
D. Amazon S3
In regards to IAM you can edit user properties later, but you cannot use the console to change the
_____.
A. user name
B. password
C. default group
If you add a tag that has the same key as an existing tag on a DB Instance, the new value overwrites
the old value.
A. FALSE
B. TRUE
Making your snapshot public shares all snapshot data with everyone. Can the snapshots with AWS
Marketplace product codes be made public?
A. No
B. Yes
Fill in the blanks: "To ensure failover capabilities, consider using a _____ for incoming traffic on a
network interface".
A. primary public IP
B. secondary private IP
C. secondary public IP
D. add on secondary IP
If I have multiple Read Replicas for my master DB Instance and I promote one of them, what happens
to the rest of the Read Replicas?
A. The remaining Read Replicas will still replicate from the older master DB Instance
B. None of these.
A. No
B. Yes
C. Only in VPC
C. Elastic IP addresses
D. VPCs
Because of the extensibility limitations of striped storage attached to Windows Server, Amazon RDS
does not currently support increasing storage on a _____ DB Instance.
A. SQL Server
B. MySQL
C. Oracle
Through which of the following interfaces is AWS Identity and Access Management available?
A. In Amazon EC2, private IP address is only returned to Amazon EC2 when the instance is stopped or
terminated
B. In Amazon VPC, an instance retains its private IP address when the instance is stopped.
C. In Amazon VPC, an instance does NOT retain its private IP address when the instance is stopped.
D. In Amazon EC2, the private IP address is associated exclusively with the instance for its lifetime
A. Exponentially
B. Incrementally
D. Decrementally
What is the type of monitoring data (for Amazon EBS volumes) which is available automatically in
5-minute periods at no charge called?
A. Basic
B. Primary
C. Detailed
D. Local
The new DB Instance that is created when you promote a Read Replica retains the backup window
period.
A. TRUE
B. FALSE
A. The topic is created, and it has the name you specified for it.
Can I delete a snapshot of the root device of an EBS volume used by a registered AMI?
D. No
New database versions will automatically be applied to AWS RDS instances as they become available.
A. True
B. False
What is the maximum response time for a Business level Premium Support case?
A. 120 seconds
B. 1 hour
C. 10 minutes
D. 12 hours
The _____ service is targeted at organizations with multiple users or systems that use AWS products
such as Amazon EC2, Amazon SimpleDB, and the AWS Management Console.
A. Amazon RDS
D. Amazon EMR
Without IAM, you cannot control the tasks a particular user or system can do and what AWS
resources they might use.
A. FALSE
B. TRUE
When you use the AWS Management Console to delete an IAM user, IAM also deletes any signing
certificates and any access keys belonging to the user.
A. FALSE
B. TRUE
When automatic failover occurs, Amazon RDS will emit a DB Instance event to inform you that
automatic failover occurred. You can use the _____ to return information about events related to
your DB Instance.
A. FetchFailure
B. DescribeFailure
C. DescribeEvents
D. FetchEvents
What is the default maximum number of MFA devices in use per AWS account (at the root account
level)?
A. 1
B. 5
C. 15
D. 10
D. No
Do the Amazon EBS volumes persist independently from the running life of an Amazon EC2
instance?
B. Yes
C. No
Can we attach an EBS volume to more than one EC2 instance at the same time?
A. Yes
B. No
Select the correct set of options. The initial settings for the default security group are:
A. Allow no inbound traffic, Allow all outbound traffic and Allow instances associated with this security
group to talk to each other
B. Allow all inbound traffic, Allow no outbound traffic and Allow instances associated with this security
group to talk to each other
C. Allow no inbound traffic, Allow all outbound traffic and Does NOT allow instances associated with this
security group to talk to each other
D. Allow all inbound traffic, Allow all outbound traffic and Does NOT allow instances associated with this
security group to talk to each other
B. None of these.
A. A service by this name doesn't exist. Perhaps you mean Amazon CloudCache.
A. 1
B. 3
C. 5
D. 0
A. None of these.
D. It acts as a virtual firewall that controls the traffic for one or more instances.
A. Key pairs
B. Elastic IP addresses
C. Placement groups
D. EBS snapshots
D. EBS snapshots
A. It's a security tool that allows to "freeze" an EC2 instance and perform computer forensics on it.
B. A security tool that allows to "freeze" an EBS volume and perform computer forensics on it.
C. A low-cost storage service that provides secure and durable storage for data archiving and backup.
If an Amazon EBS volume is the root device of an instance, can I detach it without stopping the
instance?
B. No
C. Yes
A. 1,000 to 1,00,000
B. 100 to 1,000
C. 10,000 to 1,00,000
D. 1,000 to 10,000
Every user you create in the IAM system starts with ______.
A. full permissions
B. no permissions
C. partial permissions
After an EC2-VPC instance is launched, can I change the VPC security groups it belongs to?
B. Yes
C. No
A. User
B. AWS Account
C. Group
D. Role
A. User
B. You can terminate, stop, or delete a resource based solely on its tags
C. You can't terminate, stop, or delete a resource based solely on its tags
D. You don't need to specify the resource identifier while terminating a resource
C. You can't terminate, stop, or delete a resource based solely on its tags
B. Only in VPC
C. Yes
D. No
C. Yes
A group can contain many users. Can a user belong to multiple groups?
A. Yes
B. No
D. Only in VPC
A. Yes
Is the encryption of connections between my application and my DB Instance using SSL for the
MySQL server engines available?
A. Yes
B. Only in VPC
D. No
A. Yes
Which AWS instance address has the following characteristics? :"If you stop an instance, its Elastic
IP address is unmapped, and you must remap it when you restart the instance."
A. None of these
B. EC2-VPC Addresses
C. EC2-Classic Addresses
C. EC2-Classic Addresses
Please select the most correct answer regarding the persistence of the Amazon Instance Store:
A. The data on an instance store volume persists only during the life of the associated Amazon EC2 instance
B. The data on an instance store volume is lost when the security group rule of the associated instance is
changed.
C. The data on an instance store volume persists even after associated Amazon EC2 instance is deleted
A. The data on an instance store volume persists only during the life of the associated Amazon EC2
instance
A. True
B. False
A. True
Security groups act like a firewall at the instance level, whereas _____ are an additional layer of
security that act at the subnet level.
A. DB Security Groups
C. Network ACLs
C. Network ACLs
Does AWS allow for the use of Multi Factor Authentication tokens?
D. No
Is the SQL Server Audit feature supported in the Amazon RDS SQL Server engine?
A. No
B. Yes
A. No
Are you able to integrate a multi-factor token service with the AWS Platform?
A. Yes, using the AWS multi-factor token devices to authenticate users on the AWS platform.
B. No, you cannot integrate multi-factor token devices with the AWS platform.
C. Yes, you can integrate private multi-factor token devices to authenticate users to the AWS platform.
A. Yes, using the AWS multi-factor token devices to authenticate users on the AWS platform.
My Read Replica appears "stuck" after a Multi-AZ failover and is unable to obtain or apply updates
from the source DB Instance. What do I do?
A. You will need to delete the Read Replica and create a new one to replace it.
C. The instance should be deployed to Single AZ and then moved to Multi- AZ once again
D. You will need to delete the DB Instance and create a new one to replace it.
A. You will need to delete the Read Replica and create a new one to replace it.
If your DB instance runs out of storage space or file system resources, its status will change to _____ and
your DB Instance will no longer be available.
A. storage-overflow
B. storage-full
C. storage-exceed
D. storage-overage
B. storage-full
D. No
D. No
Does Amazon RDS for SQL Server currently support importing data into the msdb database?
A. No
B. Yes
A. No
A. Yes
C. No
A. Yes
How can I change the security group membership for interfaces owned by other AWS services, such
as Elastic Load Balancing?
C. None of these
When you perform a restore operation to a point in time or from a DB Snapshot, a new DB Instance
is created with a new endpoint.
A. FALSE
B. TRUE
B. TRUE
Which Amazon storage do you think is the best for my database-style applications that frequently
encounter many random reads and writes across the dataset.
A. None of these
C. Any of these
D. Amazon EBS
D. Amazon EBS
In a management network scenario, which interface on the instance handles public-facing traffic?
B. Subnet interface
Select the correct set of steps for exposing the snapshot only to specific AWS accounts:
A. Select public for all the accounts and check mark those accounts with whom you want to expose the
snapshots and click save.
D. SelectPublic, mark the IDs of those AWS accounts as private, and clickSave.
B. Yes
C. No
C. No
In the 'Detailed' monitoring data available for your Amazon EBS volumes, Provisioned IOPS
volumes automatically send _____ minute metrics to Amazon CloudWatch.
A. 5
B. 2
C. 1
D. 3
C. 1
It is advised that you watch the Amazon CloudWatch _____ metric carefully and recreate the Read
Replica should it fall behind due to replication errors.
A. WriteLag
B. ReadReplica
C. ReplicaLag
D. SingleReplica
C. ReplicaLag
A. No
C. Yes
A. No
By default, what happens to ENIs that are automatically created and attached to EC2 instances when
the attached instance terminates?
A. Remain as is
B. Terminate
C. Hibernate
D. Pause
B. Terminate
You can use _____ and _____ to help secure the instances in your VPC.
_____ is a durable, block-level storage volume that you can attach to a single, running Amazon EC2
instance.
A. Amazon S3
B. Amazon EBS
C. Amazon EFS
D. All of these
B. Amazon EBS
Do the Amazon EBS volumes persist independently from the running life of an Amazon EC2
instance?
A. No
C. Yes
C. Yes
If I want my instance to run on a single-tenant hardware, which value do I have to set the instance's
tenancy attribute to?
A. dedicated
B. isolated
C. one
D. reserved
A. dedicated
C. Nothing.
What does ec2-create-group do with respect to the Amazon EC2 security groups?
D. Groups the user created security groups in to a new group for easy access.
What is the maximum response time for a Business level Premium Support case?
A. 30 minutes
C. 10 minutes
D. 1 hour
D. 1 hour
A. 500
B. 50
C. 5
D. There is no limit
A. 500
A. Regional
C. Global
A. You can create an encrypted tunnel to VPC, but you don't own the connection.
A. 4
B. 3
C. 1
D. 2
C. 1
A. It is not defined
B. No
C. Yes
C. Yes
Is there a method or command in the IAM system to allow or deny access to a specific instance?
B. Yes
C. No
C. No
What is an isolated database environment running in the cloud (Amazon RDS) called?
A. DB Instance
B. DB Unit
C. DB Server
D. DB Volume
A. DB Instance
What does Amazon SES stand for?
Amazon S3 doesn't automatically give a user who creates a _____ permission to perform other actions
on that bucket or object. Therefore, in your IAM policies, you must explicitly give users permission
to use the Amazon S3 resources they create.
A. file
B. bucket or object
C. bucket or file
D. object or file
B. bucket or object
A. Yes always
C. No
A. Yes always
A _____ is a storage device that moves data in sequences of bytes or bits (blocks). Hint: These devices
support random access and generally use buffered I/O.
A. block map
B. storage block
C. mapping device
D. block device
D. block device
Can I detach the primary (eth0) network interface when the instance is running or stopped?
A. Yes
B. No
B. No
What's an ECU?
B. None of these.
What is the charge for the data transfer incurred in replicating data between your primary and
standby?
A. No charge. It is free.
A. No charge. It is free.
Does AWS Direct Connect allow you access to all Availabilities Zones within a Region?
B. No
C. Yes
D. Only when there's just one availability zone in a region. If there are more than one, only one availability
zone can be accessed directly.
C. Yes
B. It doesn't exist for Amazon S3, but only for Amazon EC2.
C. It encrypts the files that you send to Amazon S3, on the server side.
C. It encrypts the files that you send to Amazon S3, on the server side.
B. It's the group of EC2 machines that gain the permissions specified in the GROUP.
D. A collection of users.
D. A collection of users.
A _____ is the concept of allowing (or disallowing) an entity such as a user, group, or role some type
of access to one or more resources.
A. user
B. AWS Account
C. resource
D. permission
D. permission
After an Amazon EC2-VPC instance is launched, can I change the VPC security groups it belongs
to?
A. No
B. Yes
B. Yes
Do the system resources on the Micro instance meet the recommended configuration for Oracle?
A. Yes completely
A. No
B. Yes
B. Yes
A. No
B. Yes
C. Only if they are moving into GovCloud
A. No
To help you manage your Amazon EC2 instances, images, and other Amazon EC2 resources, you can
assign your own metadata to each resource in the form of_____.
A. special filters
B. functions
C. tags
D. wildcards
C. tags
Are you able to integrate a multi-factor token service with the AWS Platform?
A. No, you cannot integrate multi-factor token devices with the AWS platform.
B. Yes, you can integrate private multi-factor token devices to authenticate users to the AWS platform.
C. Yes, using the AWS multi-factor token devices to authenticate users on the AWS platform.
C. Yes, using the AWS multi-factor token devices to authenticate users on the AWS platform.
When you add a rule to a DB security group, you do not need to specify port number or protocol.
B. TRUE
C. FALSE
B. TRUE
A. Yes
C. Only in VPC
D. No
A. Yes
Amazon EC2 provides a repository of public data sets that can be seamlessly integrated into AWS
cloud- based applications. What is the monthly charge for using the public data sets?
In the Amazon RDS Oracle DB engine, the Database Diagnostic Pack and the Database Tuning Pack
are only available with _____.
D. None of these
Without _____, you must either create multiple AWS accounts, each with its own billing and
subscriptions, or your employees must share the security credentials of a single AWS account.
A. Amazon RDS
B. Amazon Glacier
C. Amazon EMR
D. Amazon IAM
D. Amazon IAM
A. HTTP or HTTPS
B. TCP/IP
C. HTTP
D. HTTPS
D. HTTPS
The Amazon EC2 web service can be accessed using the _____ web services messaging protocol. This
interface is described by a Web Services Description Language (WSDL) document.
A. SOAP
B. DCOM
C. CORBA
D. XML-RPC
A. SOAP
A. Only in VPC
B. Yes
D. No
D. No
What is the charge for the data transfer incurred in replicating data between your primary and
standby?
C. No charge. It is free
C. No charge. It is free
HTTP Query-based requests are HTTP requests that use the HTTP verb GET or POST and a Query
parameter named _____.
A. Action
B. Value
C. Reset
D. Retrieve
A. Action
What happens to the I/O operations while you take a database snapshot?
A. I/O operations to the database are suspended for an hour while the backup is in progress.
B. I/O operations to the database are sent to a Replica (if available) for a few minutes while the backup is
in progress.
D. I/O operations to the database are suspended for a few minutes while the backup is in progress.
D. I/O operations to the database are suspended for a few minutes while the backup is in progress.
Amazon RDS creates an SSL certificate and installs the certificate on the DB Instance when Amazon
RDS provisions the instance. These certificates are signed by a certificate authority. The _____ is
stored at https://rds.amazonaws.com/doc/rds-ssl-ca-cert.pem.
A. private key
B. foreign key
C. public key
D. protected key
A. private key
_____ embodies the "share-nothing" architecture and essentially involves breaking a large database
into several smaller databases.
A. Sharding
B. Failure recovery
C. Federation
D. DDL operations
A. Sharding
What is the name of licensing model in which I can use your existing Oracle Database licenses to run
Oracle deployments on Amazon RDS?
C. Enterprise License
D. License Included
When you resize the Amazon RDS DB instance, Amazon RDS will perform the upgrade during the
next maintenance window. If you would rather perform the change now, specify the _____ option.
A. ApplyNow
B. ApplySoon
C. ApplyThis
D. ApplyImmediately
D. ApplyImmediately
B. No
The SQL Server _____ feature is an efficient means of copying data from a source database to your
DB Instance. It writes the data that you specify to a data file, such as an ASCII file.
A. bulk copy
B. group copy
C. dual copy
D. mass copy
A. bulk copy
In Amazon CloudWatch, which metric should I be checking to ensure that your DB Instance has
enough free storage space?
A. FreeStorage
B. FreeStorageVolume
C. FreeStorageSpace
D. FreeStorageAllocation
C. FreeStorageSpace
When using consolidated billing there are two account types. What are they?
A. policy
B. permission
C. Role
D. resource
A. policy
In the Amazon RDS which uses the SQL Server engine, what is the maximum size for a Microsoft
SQL Server DB Instance with SQL Server Express edition?
A. 10 GB per DB
B. 100 GB per DB
C. 2 TB per DB
D. 1TB per DB
A. 10 GB per DB
Regarding the attaching of ENI to an instance, what does 'warm attach' refer to?
If I scale the storage capacity provisioned to my DB Instance by mid of a billing month, how will I be
charged?
A. you will be charged for the highest storage capacity you have used
B. on a proration basis
C. you will be charged for the lowest storage capacity you have used
B. on a proration basis
You can modify the backup retention period for AWS RDS. Valid values are 0 (for no backup
retention) to a maximum of _____ days.
A. 45
B. 35
C. 15
D. 5
B. 35
A. 1
B. 6
C. 20
D. 4
D. 4
B. No
C. Yes
C. Yes
You are a solutions architect working for a company that specializes in ingesting large data feeds
(using Kinesis) and then analyzing these feeds using Elastic Map Reduce (EMR). The results are then
stored on a custom MySQL database which is hosted on an EC2 instance which has 3 volumes, the
root/boot volume, and then 2 additional volumes which are striped in to a RAID 1. Your company
recently had an outage and lost some key data and have since decided that they will need to run
nightly back ups. Your application is only used during office hours, so you can afford to have some
down time in the middle of the night if required. You decide to take a snapshot of all three volumes
every 24 hours. In what manner should you do this?
A. Take a snapshot of each volume independently, while the EC2 instance is running.
B. Stop the EC2 instance and take a snapshot of each EC2 instance independently. Once the snapshots are
complete, start the EC2 instance and ensure that all relevant volumes are remounted.
C. Add two additional volumes to the existing RAID 0 volume and mirror these volumes creating a RAID
10. Take a snap of only the two new volumes.
D. Create a read replica of the existing EC2 instance and then take your snapshots from the read replica and
not the live EC2 instance.
B. Stop the EC2 instance and take a snapshot of each EC2 instance independently. Once the snapshots
are complete, start the EC2 instance and ensure that all relevant volumes are remounted.
A. Server Side Encryption (SSE)-S3, SSE-C, SSE-KMS or a client library such as Amazon S3 Encryption
Client.
B. Server Side Encryption (SSE)-S3, SSE-A, SSE-KMS or a client library such as Amazon S3 Encryption
Client.
C. Server Side Encryption (SSE)-S3, SSE-C, SSE-SSL or a client library such as Amazon S3 Encryption
Client.
D. Server Side Encryption (SSE)-S3, SSE-C, SSE-SSL or a server library such as Amazon S3 Encryption
Client.
A. Server Side Encryption (SSE)-S3, SSE-C, SSE-KMS or a client library such as Amazon S3
Encryption Client.
In Identity and Access Management, when you first create a new user, certain security credentials
are automatically generated. Which of the below are valid security credentials?
Amazon Web Services offer 3 different levels of support, which of the below are valid support levels.
You are a solutions architect working for a large digital media company. Your company is migrating
their production estate to AWS and you are in the process of setting up access to the AWS console
using Identity Access Management (IAM). You have created 5 users for your system administrators.
What further steps do you need to take to enable your system administrators to get access to the AWS
console?
A. Generate an Access Key ID & Secret Access Key, and give these to your system administrators.
C. Generate a password for each user created and give these passwords to your system administrators.
D. Give the system administrators the secret access key and access key id, and tell them to use these
credentials to log in to the AWS console.
C. Generate a password for each user created and give these passwords to your system
administrators.
A. Read-after-write consistency for PUTS of new objects AND Strongly consistent for POST & DELETES
B. Read-after-write consistency for POST of new objects AND Eventually consistent for overwrite PUTS
& DELETES
C. Read-after-write consistency for PUTS of new objects AND Eventually consistent for overwrite PUTS
& DELETES
D. Read-after-write consistency for POST of new objects AND Strongly consistent for POST & DELETES
C. Read-after-write consistency for PUTS of new objects AND Eventually consistent for overwrite PUTS
& DELETES
A. Security Groups
D. EC2
Which of the following services allows you root access (i.e. you can login using SSH)?
C. Elasticache
D. RDS
When trying to grant an amazon account access to S3 using access control lists what method of
identification should you use to identify that account with?
C. The ARN
You are a solutions architect working for a large oil and gas company. Your company runs their
production environment on AWS and has a custom VPC. The VPC contains 3 subnets, 1 of which is
public and the other 2 are private. Inside the public subnet is a fleet of EC2 instances which are the
result of an autoscaling group. All EC2 instances are in the same security group. Your company has
created a new custom application which connects to mobile devices using a custom port. This
application has been rolled out to production and you need to open this port globally to the internet.
What steps should you take to do this, and how quickly will the change occur?
A. Open the port on the existing network Access Control List. Your EC2 instances will be able to
communicate on this port after a reboot.
B. Open the port on the existing network Access Control List. Your EC2 instances will be able to
communicate over this port immediately.
C. Open the port on the existing security group. Your EC2 instances will be able to communicate over this
port immediately.
D. Open the port on the existing security group. Your EC2 instances will be able to communicate over this
port as soon as the relevant Time To Live (TTL) expires.
C. Open the port on the existing security group. Your EC2 instances will be able to communicate
over this port immediately.
A. Import to Amazon S3
Which of the following is not a service of the security category of the AWS trusted advisor service?
C. IAM Use
You work for a market analysis firm who are designing a new environment. They will ingest large
amounts of market data via Kinesis and then analyze this data using Elastic Map Reduce. The data
is then imported in to a high performance NoSQL Cassandra database which will run on EC2 and
then be accessed by traders from around the world. The database volume itself will sit on 2 EBS
volumes that will be grouped into a RAID 0 volume. They are expecting very high demand during
peak times, with an IOPS performance level of approximately 15,000. Which EBS volume should you
recommend?
A. Magnetic
B. General Purpose SSD
Submit
Which of the following is not a valid configuration type for AWS Storage gateway.
A. Gateway-accessed volumes
B. Gateway-cached volumes
C. Gateway-stored volumes
A. Gateway-accessed volumes
You have started a new role as a solutions architect for an architectural firm that designs large sky
scrapers in the Middle East. Your company hosts large volumes of data and has about 250Tb of data
on internal servers. They have decided to store this data on S3 due to the redundancy offered by it.
The company currently has a telecoms line of 2Mbps connecting their head office to the internet.
What method should they use to import this data on to S3 in the fastest manner possible.
A. Upload it directly to S3
B. Purchase and AWS Direct connect and transfer the data over that once it is installed.
D. AWS Import/Export
You are designing a site for a new start up which generates cartoon images for people automatically.
Customers will log on to the site, upload an image which is stored in S3. The application then passes
a job to AWS SQS and a fleet of EC2 instances poll the queue to receive new processing jobs. These
EC2 instances will then turn the picture in to a cartoon and will then need to store the processed job
somewhere. Users will typically download the image once (immediately), and then never download
the image again. What is the most commercially feasible method to store the processed images?
A. Rather than use S3, store the images inside a BLOB on RDS with Multi-AZ configured for redundancy.
B. Store the images on S3 RRS, and create a lifecycle policy to delete the image after 24 hours.
B. Store the images on S3 RRS, and create a lifecycle policy to delete the image after 24 hours.
A. Lambda
B. SWF
C. SQS
D. Email
E. HTTPS
F. SMS
B. SWF
You are appointed as your company's Chief Security Officer and you want to be able to track all
changes made to your AWS environment, by all users and at all times, in all regions. What AWS
service should you use to achieve this?
A. CloudAudit
B. CloudWatch
C. CloudTrail
D. CloudDetective
C. CloudTrail
You have a high performance compute application and you need to minimize network latency
between EC2 instances as much as possible. What can you do to achieve this?
A. Use Elastic Load Balancing to load balance traffic between availability zones
B. Create a CloudFront distribution and to cache objects from an S3 bucket at Edge Locations.
C. Create a placement group within an Availability Zone and place the EC2 instances within that placement
group.
D. Deploy your EC2 instances within the same region, but in different subnets and different availability
zones so as to maximize redundancy.
C. Create a placement group within an Availability Zone and place the EC2 instances within that
placement group.
A. True
B. False
B. False
A. True
B. False
B. False
You can add multiple volumes to an EC2 instance and then create your own RAID 5/RAID 10/RAID
0 configurations using those volumes.
A. True
B. False
A. True
You are creating your own relational database on an EC2 instance and you need to maximize IOPS
performance. What can you do to achieve this goal?
A. Add a single additional volume to the EC2 instance with provisioned IOPS.
C. Add multiple additional volumes with provisioned IOPS and then create a RAID 0 stripe across those
volumes.
C. Add multiple additional volumes with provisioned IOPS and then create a RAID 0 stripe across
those volumes.
Using SAML (Security Assertion Markup Language 2.0) you can give your federated users single
sign-on (SSO) access to the AWS Management Console.
A. True
B. False
A. True
A. True
B. False
B. False
When you create new subnets within a custom VPC, by default they can communicate with each
other, across availability zones.
A. True
B. False
A. True
A. True
B. False
A. True
You have an EC2 instance which needs to find out both its private IP address and its public IP
address. To do this you need to;
To retrieve instance metadata you will need to use the following IP Address;
A. http://127.0.0.1
B. http://192.168.0.254
C. http://10.0.0.1
D. http://169.254.169.254
D. http://169.254.169.254
Amazon S3 buckets in all other regions (other than US Standard) provide read-after-write
consistency for PUTS of new objects.
A. True
B. False
A. True
Amazon S3 buckets in all other regions (other than US Standard) do not provide eventual consistency
for overwrite PUTS and DELETES.
A. True
B. False
B. False
Amazon S3 provides;
B. Unlimited Storage
D. The ability to act as a web server for dynamic content (i.e. can query a database)
B. Unlimited Storage
In order to enable encryption at rest using EC2 and Elastic Block Store you need to
D. Mount the EBS volume in to S3 and then encrypt the bucket using a bucket policy.
You can select a specific Availability Zone in which to place your DynamoDB Table
A. True
B. False
B. False
When creating an RDS instance you can select which availability zone in which to deploy your
instance.
A. True
B. False
A. True
Amazon's Redshift uses which block size for its columnar storage?
A. 2KB
B. 8KB
C. 16KB
D. 32KB
E. 1024KB / 1MB
E. 1024KB / 1MB
You run a website which hosts videos and you have two types of members, premium fee paying
members and free members. All videos uploaded by both your premium members and free members
are processed by a fleet of EC2 instances which will poll SQS as videos are uploaded. However you
need to ensure that your premium fee paying members videos have a higher priority than your free
members. How do you design SQS?
A. SQS allows you to set priorities on individual items within the queue, so simply set the fee paying
members at a higher priority than your free members.
B. Create two SQS queues, one for premium members and one for free members. Program your EC2 fleet
to poll the premium queue first and if empty, to then poll your free members SQS queue.
C. SQS would not be suitable for this scenario. It would be much better to use SNS to encode the videos.
Submit
B. Create two SQS queues, one for premium members and one for free members. Program your EC2
fleet to poll the premium queue first and if empty, to then poll your free members SQS queue.
You have uploaded a file to S3. What HTTP code would indicate that the upload was successful?
A. HTTP 404
B. HTTP 501
C. HTTP 200
D. HTTP 307
C. HTTP 200
You are hosting a MySQL database on the root volume of an EC2 instance. The database is using a
large amount of IOPs and you need to increase the IOPs available to it. What should you do?
C. Add 4 additional EBS SSD volumes and create a RAID 10 using these volumes.
You have been asked to create VPC for your company. The VPC must support both Internet-facing
web applications (ie they need to be publicly accessible) and internal private applications (i.e. they
are not publicly accessible and can be accessed only over VPN). The internal private applications
must be inside a private subnet. Both the internet-facing and private applications must be able to
leverage at least three Availability Zones for high availability. At a minimum, how many subnets
must you create within your VPC to achieve this?
A. 5
B. 3
C. 4
D. 6
D. 6
You work for a cosmetic company which has their production website on AWS. The site itself is in a
two-tier configuration with web servers in the front end and database servers at the back end. The
site uses using Elastic Load Balancing and Auto Scaling. The databases maintain consistency by
replicating changes to each other as and when they occur. This requires the databases to have
extremely low latency. Your website needs to be highly redundant and must be designed so that if
one availability zone goes offline and Auto Scaling cannot launch new instances in the remaining
Availability Zones the site will not go offline. How can the current architecture be enhanced to ensure
this?
A. Deploy your site in three different AZ's within the same region. Configure the Auto Scaling minimum
to handle 50 percent of the peak load per zone.
B. Deploy your website in 2 different regions. Configure Route53 with a failover routing policy and set up
health checks on the primary site.
C. Deploy your site in three different AZ's within the same region. Configure the Auto Scaling minimum
to handle 33 percent of the peak load per zone.
D. Deploy your website in 2 different regions. Configure Route53 with Weighted Routing. Assign a weight
of 25% to region 1 and a weight of 75% to region 2.
A. Deploy your site in three different AZ's within the same region. Configure the Auto Scaling
minimum to handle 50 percent of the peak load per zone.
You working in the media industry and you have created a web application where users will be able
to upload photos they create to your website. This web application must be able to call the S3 API in
order to be able to function. Where should you store your API credentials whilst maintaining the
maximum level of security.
B. Don't save your API credentials. Instead create a role in IAM and assign this role to an EC2 instance
when you first create it.
B. Don't save your API credentials. Instead create a role in IAM and assign this role to an EC2
instance when you first create it.
You are a systems administrator and you need to monitor the health of your production environment.
You decide to do this using Cloud Watch, however you notice that you cannot see the health of every
important metric in the default dash board. Which of the following metrics do you need to design a
custom cloud watch metric for, when monitoring the health of your EC2 instances?
A. CPU Usage
B. Memory usage
D. Network in
E. Estimated charges
B. Memory usage
You are a student currently learning about the different AWS services. Your employer asks you to
tell him a bit about Amazon's glacier service. Which of the following best describes the use cases for
Glacier?
You work for a toy company that has a busy online store. As you are approaching christmas you find
that your store is getting more and more traffic. You ensure that the web tier of your store is behind
an Auto Scaling group, however you notice that the web tier is frequently scaling, sometimes multiple
times in an hour, only to scale back after peak usage. You need to prevent this so that Auto Scaling
does not scale as rapidly, just to scale back again. What option would help you to achieve this?
A. Configure Auto Scaling to terminate your oldest instances first, then adjust your CloudWatch alarm.
B. Configure Auto Scaling to terminate your newest instances first, then adjust your CloudWatch alarm.
D. Modify the Auto Scaling group cool-down timers & modify the Amazon CloudWatch alarm period that
triggers your Auto Scaling scale down policy.
D. Modify the Auto Scaling group cool-down timers & modify the Amazon CloudWatch alarm period
that triggers your Auto Scaling scale down policy.
You work in the genomics industry and you process large amounts of genomic data using a nightly
Elastic Map Reduce (EMR) job. This job processes a single 3 Tb file which is stored on S3. The EMR
job runs on 3 on-demand core nodes and four on-demand task nodes. The EMR job is now taking
longer than anticipated and you have been asked to advise how to reduced the completion time?
A. Use four Spot Instances for the task nodes rather than four On-Demand instances.
B. You should reduce the input split size in the MapReduce job configuration and then adjust the number
of simultaneous mapper tasks so that more tasks can be processed at once.
C. Store the file on Elastic File Service instead of S3 and then mount EFS as an independent volume for
your core nodes.
D. Configure an independent VPC in which to run the EMR jobs and then mount EFS as an independent
volume for your core nodes.
B. You should reduce the input split size in the MapReduce job configuration and then adjust the
number of simultaneous mapper tasks so that more tasks can be processed at once.
A. In it's routing table it has at least one route that uses an Internet Gateway (IGW).
B. Has at least one route in it's routing table that routes via a Network Address Translation (NAT) instance.
C. Where the the Network Access Control List (NACL) permitting outbound traffic to 0.0.0.0/0.
D. Has had the public subnet check box ticked when setting up this subnet in the VPC console.
A. In it's routing table it has at least one route that uses an Internet Gateway (IGW).
You have been asked to identify a service on AWS that is a durable key value store. Which of the
services below meets this definition?
A. Mobile Hub
B. Kinesis
C. Simple Storage Service (S3)
You are a security architect working for a large antivirus company. The production environment has
recently been moved to AWS and is in a public subnet. You are able to view the production
environment over HTTP however when your customers try to update their virus definition files over
a custom port, that port is blocked. You log in to the console and you allow traffic in over the custom
port. How long will this take to take effect?
B. Immediately.
D. Straight away to the new instances, but old instances must be stopped and restarted before the new rules
apply.
B. Immediately.
You are a solutions architect working for a biotech company who is pioneering research in
immunotherapy. They have developed a new cancer treatment that may be able to cure up to 94%
of cancers. They store their research data on S3, however recently an intern accidentally deleted some
critical files. You've been asked to prevent this from happening in the future. What options below
can prevent this?
A. Make sure the interns can only access data on S3 using signed URLs.
B. Enable S3 versioning on the bucket & enable Enable Multifactor Authentication (MFA) on the bucket.
B. Enable S3 versioning on the bucket & enable Enable Multifactor Authentication (MFA) on the
bucket.
You run an automobile reselling company that has a popular online store on AWS. The application
sits behind an Auto Scaling group and requires new instances of the Auto Scaling group to identify
their public and private IP addresses. How can you achieve this?
C. Using a Curl or Get Command to get the latest meta-data from http://169.254.169.254/latest/meta-data/
D. Using a Curl or Get Command to get the latest user-data from http://169.254.169.254/latest/user-data/
C. Using a Curl or Get Command to get the latest meta-data from http://169.254.169.254/latest/meta-
data/
You are a solutions architect who has been asked to do some consulting for a US company that
produces re-useable rocket parts. They have a new web application that needs to be built and this
application must be stateless. Which three services could you use to achieve this?
Your company has decided to set up a new AWS account for test and dev purposes. They already use
AWS for production, but would like a new account dedicated for test and dev so as to not accidentally
break the production environment. You launch an exact replica of your production environment
using a CloudFormation template that your company uses in production. However CloudFormation
fails. You use the exact same CloudFormation template in production, so the failure is something to
do with your new AWS account. The CloudFormation template is trying to launch 60 new EC2
instances in a single AZ. After some research you discover that the problem is;
A. For all new AWS accounts there is a soft limit of 20 EC2 instances per region. You should submit the
limit increase form and retry the template after your limit has been increased.
B. For all new AWS accounts there is a soft limit of 20 EC2 instances per availability zone. You should
submit the limit increase form and retry the template after your limit has been increased.
C. You cannot launch more than 20 instances in your default VPC, instead reconfigure the CloudFormation
template to provision the instances in a custom VPC.
D. Your CloudFormation template is configured to use the parent account and not the new account. Change
the account number in the CloudFormation template and relaunch the template.
A. For all new AWS accounts there is a soft limit of 20 EC2 instances per region. You should submit
the limit increase form and retry the template after your limit has been increased.
You work for a famous bakery who are deploying a hybrid cloud approach. Their legacy IBM AS400
servers will remain on premise within their own datacenter however they will need to be able to
communicate to the AWS environment over a site to site VPN connection. What do you need to do to
establish the VPN connection?
D. Update your route table to add a route for the NAT to 0.0.0.0/0.
You work for a major news network in Europe. They have just released a new app which allows users
to report on events as and when they happen using their mobile phone. Users are able to upload
pictures from the app and then other users will be able to view these pics. Your organization expects
this app to grow very quickly, essentially doubling it's user base every month. The app uses S3 to
store the media and you are expecting sudden and large increases in traffic to S3 when a major news
event takes place (as people will be uploading content in huge numbers). You need to keep your
storage costs to a minimum however and it does not matter if some objects are lost. Which storage
media should you use to keep costs as low as possible?
D. S3 - Provisioned IOPS.
You have developed a new web application in us-west-2 that requires six Amazon Elastic Compute
Cloud (EC2) instances running at all times. You have three availability zones available in that region
(us-west-2a, us-west-2b, and us-west-2c). You need 100 percent fault tolerance if any single
Availability Zone in us-west-2 becomes unavailable. How would you do this, each answer has 2
answers, select the answer with BOTH correct answers.
A. Answer 1 - Us-west-2a with two EC2 instances, us-west-2b with two EC2 instances, and us-west-2c
with two EC2 instances. Answer 2 - Us-west-2a with six EC2 instances, us-west-2b with six EC2 instances,
and us-west-2c with no EC2 instances
B. Answer 1 - Us-west-2a with six EC2 instances, us-west-2b with six EC2 instances, and us-west-2c with
no EC2 instances. Answer 2 - Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances,
and us-west-2c with three EC2 instances.
C. Answer 1 - Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c
with no EC2 instances. Answer 2 - Us-west-2a with three EC2 instances, us-west-2b with three EC2
instances, and us-west-2c with three EC2 instances.
D. Answer 1 - Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c
with three EC2 instances. Answer 2 - Us-west-2a with four EC2 instances, us-west-2b with two EC2
instances, and us-west-2c with two EC2 instances.
B. Answer 1 - Us-west-2a with six EC2 instances, us-west-2b with six EC2 instances, and us-west-2c
with no EC2 instances. Answer 2 - Us-west-2a with three EC2 instances, us-west-2b with three EC2
instances, and us-west-2c with three EC2 instances.
You need to add a route to your routing table in order to allow connections to the internet from your
subnet. What route should you add?
You work for a construction company that has their production environment in AWS. The
production environment consists of 3 identical web servers that are launched from a standard
Amazon linux AMI using Auto Scaling. The web servers are launched in to the same public subnet
and belong to the same security group. They also sit behind the same ELB. You decide to do some
test and dev and you launch a 4th EC2 instance in to the same subnet and same security group.
Annoyingly your 4th instance does not appear to have internet connectivity. What could be the cause
of this?
A. You need to update your routing table so as to provide a route out for this instance.
D. You have not configured a routable IP address in the host OS of the fourth instance.
With which AWS orchestration service can you implement Chef recipes?
A. CloudFormation
B. Elastic Beanstalk
C. Opsworks
D. Lambda
C. Opsworks