NEW QUESTION 1
You have two Elastic Compute Cloud (EC2) instances inside a Virtual Private Cloud (VPC) in the same Availability Zone (AZ) but in different subnets. One instance is running a database and the other instance an application that will interface with the database. You want to confirm that they can talk to each other for your application to work properly.
Which two things do we need to confirm in the VPC settings so that these EC2 instances can communicate inside the VPC?
Choose 2 answers

• A. A network ACL that allows communication between the two subnets.
• B. Both instances are the same instance class and using the same Key-pair.
• C. That the default route is set to a NAT instance or internet Gateway (IGW) for them to communicate.
• D. Security groups are set to allow the application host to talk to the database on the right port/protocol.

Answer: AD

NEW QUESTION 2
You are designing a system that has a Bastion host. This component needs to be highly available without human intervention.
Which of the following approaches would you select?

• A. Run the bastion on two instances one in each AZ
• B. Run the bastion on an active Instance in one AZ and have an AMI ready to boot up in the event of failure
• C. Configure the bastion instance in an Auto Scaling grou
• D. Specify the Auto Scaling group to include multiple AZs but have a min-size of 1 and max-size of 1
• E. Configure an ELB in front of the bastion instance

Answer: C

NEW QUESTION 3
Which two AWS services provide out-of-the-box user configurable automatic backup-as-a-service and backup rotation options? Choose 2 answers

• A. Amazon S3
• B. Amazon RDS
• C. Amazon EBS
• D. Amazon Redshift

Answer: BD

Explanation:
By default: at no additional charge, Amazon RDS enables automated backups of your DB Instance with a 1-day retention period. By default: Amazon Redshift enables automated backups of your data warehouse cluster with a 1- day retention period.

NEW QUESTION 4
Which of the following statements about this S3 bucket policy is true?

• A. Denies the server with the IP address 192 168 100 0 full access to the "mybucket" bucket
• B. Denies the server with the IP address 192 168 100 188 full access to the "mybucket" bucket
• C. Grants all the servers within the 192 168 100 0/24 subnet full access to the "mybucket" bucket
• D. Grants all the servers within the 192 168 100 188/32 subnet full access to the "mybucket" bucket

Answer: B

NEW QUESTION 5
A user has created a VPC with the public and private subnets using the VPC wizard. The VPC has CIDR 20.0.0.0/16. The public subnet uses CIDR 20.0.1.0/24. The user is planning to host a web server in the public subnet (port 80. and a DB server in the private subnet (port 3306.. The user is configuring a security group for the public subnet (WebSecGrp. and the private subnet (DBSecGrp.. Which of the below mentioned entries is required in the private subnet database security group (DBSecGrp.?

• A. Allow Inbound on port 3306 for Source Web Server Security Group (WebSecGrp.
• B. Allow Inbound on port 3306 from source 20.0.0.0/16
• C. Allow Outbound on port 3306 for Destination Web Server Security Group (WebSecGrp.
• D. Allow Outbound on port 80 for Destination NAT Instance IP

Answer: A

Explanation:
A user can create a subnet with VPC and launch instances inside that subnet. If the user has created a public private subnet to host the web server and DB server respectively, the user should configure that the instances in the private subnet can receive inbound traffic from the public subnet on the DB port. Thus, configure port 3306 in Inbound with the source as the Web Server Security Group (WebSecGrp.. The user should configure ports 80 and 443 for Destination 0.0.0.0/0 as the route table directs traffic to the NAT instance from the private subnet.

NEW QUESTION 6
You run a web application where web servers on EC2 Instances are In an Auto Scaling group Monitoring over the last 6 months shows that 6 web servers are necessary to handle the minimum load During the day up to 12 servers are needed Five to six days per year, the number of web servers required might go up to 15.
What would you recommend to minimize costs while being able to provide hill availability?

• A. 6 Reserved instances (heavy utilization). 6 Reserved instances {medium utilization), rest covered by On-Demand instancesB.6 Reserved instances (heavy utilization). 6 On-Demand instances, rest covered by Spot Instances
• B. 6 Reserved instances (heavy utilization) 6 Spot instances, rest covered by On-Demand instances
• C. 6 Reserved instances (heavy utilization) 6 Reserved instances (medium utilization) rest covered by Spot instances

Answer: A

Explanation:
The only plausible answer is A because all other answers include Spot Instances that can be removed without warning and that would not be highly available.

NEW QUESTION 7
A user is receiving a notification from the RDS DB whenever there is a change in the DB security group. The user does not want to receive these notifications for only a month. Thus, he does not want to delete the notification. How can the user configure this?

• A. Change the Disable button for notification to ??Yes?? in the RDS console
• B. Set the send mail flag to false in the DB event notification console
• C. The only option is to delete the notification from the console
• D. Change the Enable button for notification to ??No?? in the RDS console

Answer: D

Explanation:
Amazon RDS uses the Amazon Simple Notification Service to provide a notification when an Amazon RDS event occurs. Event notifications are sent to the addresses that the user has provided while creating the subscription. The user can easily turn off the notification without deleting a subscription by setting the Enabled radio button to No in the Amazon RDS console or by setting the Enabled parameter to false using the CLI or Amazon RDS API.

NEW QUESTION 8
A SysOps Administrator has attempted to copy an Marketplace AMI an associated billing Product code that was shared another account. When the copy process is attempted, it fails.
What action can be taken to successfully copy the AMI to the target destination?

• A. Use an EC2 instance in the account by using the shared AMI and then created an AMI from the instance
• B. Launch an EC2 instance in the account by using the shared AMI and then create an AMI from the instance
• C. Use the AWS CLI with the --nobillingProduct flag to execute the copy and ignore the billingProductcode.
• D. Create a VPC peering connection between the source and target account to facilitate the AMI copy process.

Answer: D

NEW QUESTION 9
A SysOps Administrator has an AWS Lambda function that performs maintenance on versions AWS resources. This function must be run nightly.
Which is the MOST cost-effective solution?

• A. Launch a single l2.nano Amazon EC2 instance and create a Linux corn job to invoke the Lambda function at the same every right.
• B. Set up an Amazon CloudWatch metric alarm to invoke the Lambda function at the same time every night.
• C. Schedule a CloudWatch event to invoke the Lambda function at the same time every night.
• D. Implement a Chef recipe in Opsworks stack to invoke the Lambda function at the same time every night

Answer: C

Explanation:
Using AWS Lambda with Amazon CloudWatch Events
You can create a Lambda function and direct AWS Lambda to execute it on a regular schedule. You can specify a fixed rate (for example, execute a Lambda function every hour or 15 minutes), or you can specify a Cron expression. For more information on expressions schedules, see Schedule Expressions Using Rate or Cron.
This functionality is available when you create a Lambda function using the AWS Lambda console or the AWS CLI. To configure it using the AWS CLI, see Run an AWS Lambda Function on a Schedule Using the AWS CLI. The console provides CloudWatch Events as an event source. At the time of creating a Lambda function, you choose this event source and specify a time interval.
If you have made any manual changes to the permissions on your function, you may need to reapply
the scheduled event access to your function. You can do that by using the following CLI command.
$ aws lambda add-permission --function-name function_name\
--action 'lambda:InvokeFunction' --principal events.amazonaws.com \
--statement-id 'statement_id' \
--source-arn arn:aws:events:region:account-id:rule/rule_name
Each AWS account can have up to 100 unique event sources of the CloudWatch Events- Schedule source type. Each of these can be the event source for up to five Lambda functions. That is, you can have up to 500 Lambda functions that can be executing on a schedule in your AWS account.
The console also provides a blueprint (lambda-canary) that uses the CloudWatch Events - Schedule source type. Using this blueprint, you can create a sample Lambda function and test this feature. The example code that the blueprint provides checks for the presence of a specific webpage and specific text string on the webpage. If either the webpage or the text string is not found, the Lambda function throws an error.

NEW QUESTION 10
A user has developed an application which is required to send the data to a NoSQL database. The user wants to decouple the data sending such that the application keeps processing and sending data but does not wait for an acknowledgement of DB. Which of the below mentioned applications helps in this scenario?

• A. AWS Simple Notification Service
• B. AWS Simple Workflow
• C. AWS Simple Queue Service
• D. AWS Simple Query Service

Answer: C

Explanation:
Amazon Simple Queue Service (SQS. is a fast, reliable, scalable, and fully managed message queuing service. SQS provides a simple and cost-effective way to decouple the components of an application. In this case, the user can use AWS SQS to send messages which are received from an application and sent to DB. The application can continue processing data without waiting for any acknowledgement from DB. The user can use SQS to transmit any volume of data without losing messages or requiring other services to always be available.

NEW QUESTION 11
A company uses AWS Organization with a multi-account structure. A Syslog Administrator was notified that an IAM user with the System Administrator policy applied was not able to launch any Amazon EC2 instance using a public?
Why is this occurring?

• A. The account is an AWS Organization master account, and by default it cannot provision EC2 instances.
• B. The account is an AWS Organization member account, and a service control policy is denying provisioning of EC2 instances.
• C. The account AWS Organization master account, and it does not have an access key activated for the IAM account.
• D. The account is an AWS Organization master account, and it does not have an access key activated for the IAM account.

Answer: B

Explanation:
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html

NEW QUESTION 12
A user has enabled termination protection on an EC2 instance. The user has also set Instance initiated shutdown behaviour to terminate. When the user shuts down the instance from the OS, what will happen?

• A. The OS will shutdown but the instance will not be terminated due to protection
• B. It will terminate the instance
• C. It will not allow the user to shutdown the instance from the OS
• D. It is not possible to set the termination protection when an Instance initiated shutdown is set to Terminate

Answer: B

Explanation:
It is always possible that someone can terminate an EC2 instance using the Amazon EC2 console, command line interface or API by mistake. If the admin wants to prevent the instance from being accidentally terminated, he can enable termination protection for that instance. The user can also setup shutdown behaviour for an EBS backed instance to guide the instance on what should be done when he initiates shutdown from the OS using Instance initiated shutdown behaviour. If the instance initiated behaviour is set to terminate and the user shuts off the OS even though termination protection is enabled, it will still terminate the instance.

NEW QUESTION 13
A customer is leveraging Amazon Simple Storage Service in eu-west-1 to store static content for a web-based property. The customer is storing objects using the Standard Storage class. Where are the customer??s objects replicated?

• A. A single facility in eu-west-1 and a single facility in eu-central-1
• B. A single facility in eu-west-1 and a single facility in us-east-1
• C. Multiple facilities in eu-west-1
• D. A single facility in eu-west-1

Answer: C

NEW QUESTION 14
A user has created a public subnet with VPC and launched an EC2 instance within it. The user is trying to delete the subnet. What will happen in this scenario?

• A. It will delete the subnet and make the EC2 instance as a part of the default subnet
• B. It will not allow the user to delete the subnet until the instances are terminated
• C. It will delete the subnet as well as terminate the instances
• D. The subnet can never be deleted independently, but the user has to delete the VPC first

Answer: B

Explanation:
A Virtual Private Cloud (VPC. is a virtual network dedicated to the user??s AWS account. A user can create a subnet with VPC and launch instances inside that subnet. When an instance is launched it will have a network interface attached with it. The user cannot delete the subnet until he terminates the instance and deletes the network interface.

NEW QUESTION 15
A user is launching an instance. He is on the ??Tag the instance?? screen. Which of the below mentioned information will not help the user understand the functionality of an AWS tag?

• A. Each tag will have a key and value
• B. The user can apply tags to the S3 bucket
• C. The maximum value of the tag key length is 64 Unicode characters
• D. AWS tags are used to find the cost distribution of various resources

Answer: C

Explanation:
AWS provides cost allocation tags to categorize and track the AWS costs. When the user applies tags to his AWS resources, AWS generates a cost allocation report as a comma-separated value (CSV file. with the usage and costs aggregated by those tags. Each tag will have a key-value and can be applied to services, such as EC2, S3, RDS, EMR, etc. The maximum size of a tag key is 128 Unicode characters.

NEW QUESTION 16
A user has created a VPC with CIDR 20.0.0.0/16 using the wizard. The user has created public and VPN only subnets along with hardware VPN access to connect to the user??s data centre. The user has not yet launched any instance as well as modified or deleted any setup. He wants to delete this VPC from the console. Will the console allow the user to delete the VPC?

• A. Yes, the console will delete all the setups and also delete the virtual private gateway
• B. No, the console will ask the user to manually detach the virtual private gateway first and then allow deleting the VPC
• C. Yes, the console will delete all the setups and detach the virtual private gateway
• D. No, since the NAT instance is running

Answer: C

Explanation:
The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data centre, he can setup a public and VPN only subnet which uses hardware VPN access to connect with his data centre. When the user has configured this setup with Wizard, it will create a virtual private gateway to route all traffic of the VPN subnet. If the virtual private gateway is attached with VPC and the user deletes the VPC from the console it will first detach the gateway automatically and only then delete the VPC.

NEW QUESTION 17
A user has configured an Auto Scaling group with ELB. The user has enabled detailed CloudWatch monitoring on Auto Scaling. Which of the below mentioned statements will help the user understand the functionality better?

• A. It is not possible to setup detailed monitoring for Auto Scaling
• B. In this case, Auto Scaling will send data every minute and will charge the user extra
• C. Detailed monitoring will send data every minute without additional charges
• D. Auto Scaling sends data every minute only and does not charge the user

Answer: B

Explanation:
http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/supported_services.html CloudWatch monitors the following services. As soon as you begin using a service, it automatically sends metrics to CloudWatch for you.
CloudWatch offers either basic or detailed monitoring for supported AWS products. Basic monitoring means that a service sends data points to CloudWatch every five minutes. Detailed monitoring means that a service sends data points to CloudWatch every minute.
Note
If you are using a service that supports both basic and detailed data collection (for example, Amazon EC2 and Auto Scaling), and you want to access detailed statistics, you must enable detailed metric collection for that service.
Auto Scaling
Auto Scaling sends data to CloudWatch every 5 minutes by default. For an additional charge, you can enable detailed monitoring for Auto Scaling, which sends data to CloudWatch every minute. You can create alarms using Auto Scaling Dimensions and Metrics. For more information, see Monitor Your
Auto Scaling Instances in the Auto Scaling User Guide.

NEW QUESTION 18
A user has created a VPC with two subnets: one public and one private. The user is planning to run the patch update for the instances in the private subnet. How can the instances in the private subnet connect to theinternet?

• A. Use the internet gateway with a private IP
• B. Allow outbound traffic in the security group for port 80 to allow internet updates
• C. The private subnet can never connect to the internet
• D. Use NAT with an elastic IP

Answer: D

Explanation:
A Virtual Private Cloud (VPC. is a virtual network dedicated to the user??s AWS account. A user can create a subnet with VPC and launch instances inside that subnet. If the user has created two subnets (one private and one public., he would need a Network Address Translation (NAT. instance with the elastic IP address. This enables the instances in the private subnet to send requests to the internet (for example, to perform software updates..

NEW QUESTION 19
A user is sending the data to CloudWatch using the CloudWatch API. The user is sending data 90 minutes in the future. What will CloudWatch do in this case?

• A. CloudWatch will accept the data
• B. It is not possible to send data of the future
• C. It is not possible to send the data manually to CloudWatch
• D. The user cannot send data for more than 60 minutes in the future

Answer: A

Explanation:
With Amazon CloudWatch, each metric data point must be marked with a time stamp. The user can send the data using CLI but the time has to be in the UTC format. If the user does not provide the time, CloudWatch will take the data received time in the UTC timezone. The time stamp sent by the user can be up to two weeks in the past and up to two hours into the future.

NEW QUESTION 20
A user is trying to setup a recurring Auto Scaling process. The user has setup one process to scale up every day at 8 am and scale down at 7 PM. The user is trying to setup another recurring process which scales up on the 1st of every month at 8 AM and scales down the same day at 7 PM. What will Auto Scaling do in this scenario?

• A. Auto Scaling will execute both processes but will add just one instance on the 1st
• B. Auto Scaling will add two instances on the 1st of the month
• C. Auto Scaling will schedule both the processes but execute only one process randomly
• D. Auto Scaling will throw an error since there is a conflict in the schedule of two separate Auto Scaling Processes

Answer: D

Explanation:
Auto Scaling based on a schedule allows the user to scale the application in response to predictable load changes. The user can also configure the recurring schedule action which will follow the Linux cron format. As per Auto Scaling, a scheduled action must have a unique time value. If the user attempts to schedule an activity at a time when another existing activity is already scheduled, the call will be rejected with an error message noting the conflict.

NEW QUESTION 21
A user is trying to understand AWS SNS. To which of the below mentioned end points is SNS unable to send a notification?

• A. Email JSON
• B. HTTP
• C. AWS SQS
• D. AWS SES

Answer: D

Explanation:
Amazon Simple Notification Service (Amazon SNS. is a fast, flexible, and fully managed push messaging service. Amazon SNS can deliver notifications by SMS text message or email to the Amazon Simple Queue Service (SQS. queues or to any HTTP endpoint. The user can select one the following transports as part of the subscription requests: ??HTTP??, ??HTTPS??,??Email??, ??Email-JSON??, ??SQS??, ??and SMS??.

NEW QUESTION 22
A user has launched an EBS backed EC2 instance. The user has rebooted the instance. Which of the below mentioned statements is not true with respect to the reboot action?

• A. The private and public address remains the same
• B. The Elastic IP remains associated with the instance
• C. The volume is preserved
• D. The instance runs on a new host computer

Answer: D

Explanation:
A user can reboot an EC2 instance using the AWS console, the Amazon EC2 CLI or the Amazon EC2 API. Rebooting an instance is equivalent to rebooting an operating system. However, it is recommended that the user use the Amazon EC2 to reboot the instance instead of running the operating system reboot command from the instance. The instance remains on the same host computer and maintains its public DNS name, private IP address, and any data on its instance store volumes. It typically takes a few minutes for the reboot to complete, but the time it takes to reboot depends on the instance configuration.

NEW QUESTION 23
An organization has created one IAM user and applied the below mentioned policy to the user. What entitlements do the IAM users avail with this policy?
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "ec2:Describe*", "Resource": "*"
},
{
"Effect": "Allow"
"Action": [ "cloudwatch:ListMetrics", "cloudwatch:GetMetricStatistics", "cloudwatch:Describe*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "autoscaling:Describe*", "Resource": "*"
}
]
}

• A. The policy will allow the user to perform all read only activities on the EC2 services
• B. The policy will allow the user to list all the EC2 resources except EBS
• C. The policy will allow the user to perform all read and write activities on the EC2 services
• D. The policy will allow the user to perform all read only activities on the EC2 services except load Balancing

Answer: D

Explanation:
AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. If an organization wants to setup read only access to EC2 for a particular user, they should mention the action in the IAM policy which entitles the user for Describe rights for EC2, CloudWatch, Auto Scaling and ELB. In the policy shown below, the user will have read only access for EC2 and EBS, CloudWatch and Auto Scaling. Since ELB is not mentioned as a
part of the list, the user will not have access to ELB.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "ec2:Describe*", "Resource": "*"
},
{
"Effect": "Allow", "Action": [ "cloudwatch:ListMetrics",
"cloudwatch:GetMetricStatistics", "cloudwatch:Describe*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "autoscaling:Describe*", "Resource": "*"
}
]
}

NEW QUESTION 24
......