NEW QUESTION 1
An organization is planning to create 5 different AWS accounts considering various security requirements. The organization wants to use a single payee account by using the consolidated billing option. Which of the below mentioned statements is true with respect to the above information?

• A. Master (Paye
• B. account will get only the total bill and cannot see the cost incurred by each account
• C. Master (Paye
• D. account can view only the AWS billing details of the linked accounts
• E. It is not recommended to use consolidated billing since the payee account will have access to the linked accounts
• F. Each AWS account needs to create an AWS billing policy to provide permission to the payee account

Answer: B

Explanation:
AWS consolidated billing enables the organization to consolidate payments for multiple Amazon Web Services (AWS. accounts within a single organization by making a single paying account. Consolidated billing enables the organization to see a combined view of the AWS charges incurred by each account as well as obtain a detailed cost report for each of the individual AWS accounts associated with the paying account. The payee account will not have any other access than billing data of linked accounts.

NEW QUESTION 2
A user has created a launch configuration for Auto Scaling where CloudWatch detailed monitoring is disabled. The user wants to now enable detailed monitoring. How can the user achieve this?

• A. Update the Launch config with CLI to set InstanceMonitoringDisabled = false
• B. The user should change the Auto Scaling group from the AWS console to enable detailed monitoring
• C. Update the Launch config with CLI to set InstanceMonitoring.Enabled = true
• D. Create a new Launch Config with detail monitoring enabled and update the Auto Scaling group

Answer: D

Explanation:
CloudWatch is used to monitor AWS as well as the custom services. To enable detailed instance monitoring for a new Auto Scaling group, the user does not need to take any extra steps. When the user creates the AutoScaling launch config as the first step for creating an Auto Scaling group, each launch configuration contains a flag named InstanceMonitoring.Enabled. The default value of this flag is true. When the user has created a launch configuration with InstanceMonitoring.Enabled = false it will involve multiple steps to enable detail monitoring. The steps are:
Create a new Launch config with detailed monitoring enabled Update the Auto Scaling group with a new launch config Enable detail monitoring on each EC2 instance

NEW QUESTION 3
A customer has a web application that uses cookie Based sessions to track logged in users It Is deployed on AWS using ELB and Auto Scaling The customer observes that when load increases. Auto Scaling launches new Instances but the load on the easting Instances does not decrease, causing all existing users to have a sluggish experience.
Which two answer choices independently describe a behavior that could be the cause of the sluggish user experience? Choose 2 answers

• A. ELB's normal behavior sends requests from the same user to the same backend instance
• B. ELB's behavior when sticky sessions are enabled causes ELB to send requests in the same session to the same backend instance
• C. A faulty browser is not honoring the TTL of the ELB DNS name.
• D. The web application uses long polling such as comet or websocket
• E. Thereby keeping a connection open to a web server tor a long time
• F. The web application uses long polling such as comet or websocket
• G. Thereby keeping a connection open to a web server for a long time.

Answer: BD

NEW QUESTION 4
An organization has setup consolidated billing with 3 different AWS accounts. Which of the below mentioned advantages will organization receive in terms of the AWS pricing?

• A. The consolidated billing does not bring any cost advantage for the organization
• B. All AWS accounts will be charged for S3 storage by combining the total storage of each account
• C. The EC2 instances of each account will receive a total of 750*3 micro instance hours free
• D. The free usage tier for all the 3 accounts will be 3 years and not a single year

Answer: B

Explanation:
AWS consolidated billing enables the organization to consolidate payments for multiple Amazon Web Services (AWS. accounts within a single organization by making a single paying account. For billing purposes, AWS treats all the accounts on the consolidated bill as one account. Some services, such as Amazon EC2 and Amazon S3 have volume pricing tiers across certain usage dimensions that give the user lower prices when he uses the service more.

NEW QUESTION 5
A sys admin is planning to subscribe to the RDS event notifications. For which of the below mentioned source categories the subscription cannot be configured?

• A. DB security group
• B. DB snapshot
• C. DB options group
• D. DB parameter group

Answer: C

Explanation:
Amazon RDS uses the Amazon Simple Notification Service (SNS. to provide a notification when an Amazon RDS event occurs. These events can be configured for source categories, such as DB instance, DB security group, DB snapshot and DB parameter group.

NEW QUESTION 6
A user wants to disable connection draining on an existing ELB. Which of the below mentioned statements helps the user disable connection draining on the ELB?

• A. The user can only disable connection draining from CLI
• B. It is not possible to disable the connection draining feature once enabled
• C. The user can disable the connection draining feature from EC2 -> ELB console or from CLI
• D. The user needs to stop all instances before disabling connection draining

Answer: C

Explanation:
The Elastic Load Balancer connection draining feature causes the load balancer to stop sending new requests to the back-end instances when the instances are deregistering or become unhealthy, while ensuring that inflight requests continue to be served. The user can enable or disable connection draining from the AWS EC2 console -> ELB or using CLI.

NEW QUESTION 7
A user has created a photo editing software and hosted it on EC2. The software accepts requests from the user about the photo format and resolution and sends a message to S3 to enhance the picture accordingly. Which of the below mentioned AWS services will help make a scalable software with the AWS infrastructure in this scenario?

• A. AWS Glacier
• B. AWS Elastic Transcoder
• C. AWS Simple Notification Service
• D. AWS Simple Queue Service

Answer: D

Explanation:
Amazon Simple Queue Service (SQS. is a fast, reliable, scalable, and fully managed message queuing service. SQS provides a simple and cost-effective way to decouple the components of an application. The user can configure SQS, which will decouple the call between the EC2 application and S3. Thus, the application does not keep waiting for S3 to provide the data.

NEW QUESTION 8
A user has launched an EC2 instance from an instance store backed AMI. If the user restarts the instance, what will happen to the ephermal storage data?

• A. All the data will be erased but the ephermal storage will stay connected
• B. All data will be erased and the ephermal storage is released
• C. It is not possible to restart an instance launched from an instance store backed AMI
• D. The data is preserved

Answer: D

Explanation:
A user can reboot an EC2 instance using the AWS console, the Amazon EC2 CLI or the Amazon EC2 API. Rebooting an instance is equivalent to rebooting an operating system. However, it is recommended that the user use Amazon EC2 to reboot the instance instead of running the operating system reboot command from the instance. When an instance launched from an instance store backed AMI is rebooted all the ephermal storage data is still preserved.

NEW QUESTION 9
A user has created a VPC with the public subnet. The user has created a security group for that VPC. Which of the below mentioned statements is true when a security group is created?

• A. It can connect to the AWS services, such as S3 and RDS by default
• B. It will have all the inbound traffic by default
• C. It will have all the outbound traffic by default
• D. It will by default allow traffic to the internet gateway

Answer: C

Explanation:
A Virtual Private Cloud (VPC. is a virtual network dedicated to the user??s AWS account. AWS provides two features the user can use to increase security in VPC: security groups and network ACLs. Security groups work at the instance level while ACLs work at the subnet level. When a user creates a security group with AWS VPC, by default it will allow all the outbound traffic but block all inbound traffic.

NEW QUESTION 10
An organization has configured Auto Scaling for hosting their application. The system admin wants to understand the Auto Scaling health check process. If the instance is unhealthy, Auto Scaling launches an instance and terminates the unhealthy instance. What is the order execution?

• A. Auto Scaling launches a new instance first and then terminates the unhealthy instance
• B. Auto Scaling performs the launch and terminate processes in a random order
• C. Auto Scaling launches and terminates the instances simultaneously
• D. Auto Scaling terminates the instance first and then launches a new instance

Answer: D

Explanation:
Auto Scaling keeps checking the health of the instances at regular intervals and marks the instance for replacement when it is unhealthy. The ReplaceUnhealthy process terminates instances which are marked as unhealthy and subsequently creates new instances to replace them. This process first terminates the instance and then launches a new instance.

NEW QUESTION 11
An organization has created 50 IAM users. The organization has introduced a new policy which will change the access of an IAM user. How can the organization implement this effectively so that there is no need to apply the policy at the individual user level?

• A. Use the IAM groups and add users as per their role to different groups and apply policy to group
• B. The user can create a policy and apply it to multiple users in a single go with the AWS CLI
• C. Add each user to the IAM role as per their organization role to achieve effective policy setup
• D. Use the IAM role and implement access at the role level

Answer: A

Explanation:
With AWS IAM, a group is a collection of IAM users. A group allows the user to specify permissions for a collection of users, which can make it easier to manage the permissions for those users. A group helps an organization manage access in a better way; instead of applying at the individual level, the organization can apply at the group level which is applicable to all the users who are a part of that group.

NEW QUESTION 12
A user has created an EBS volume of 10 GB and attached it to a running instance. The user is trying to access EBS for first time. Which of the below mentioned options is the correct statement with respect to a first time EBS access?

• A. The volume will show a size of 8 GB
• B. The volume will show a loss of the IOPS performance the first time
• C. The volume will be blank
• D. If the EBS is mounted it will ask the user to create a file system

Answer: B

Explanation:
A user can create an EBS volume either from a snapshot or as a blank volume. If the volume is from a
snapshot it will not be blank. The volume shows the right size only as long as it is mounted. This shows that the file system is created. When the user is accessing the volume the AWS EBS will wipe out the block storage or instantiate from the snapshot. Thus, the volume will show a loss of IOPS. It is recommended that the user should pre warm the EBS before use to achieve better IO.

NEW QUESTION 13
A user has launched an EBS backed EC2 instance in the US-East-1a region. The user stopped the instance and started it back after 20 days. AWS throws up an ??InsufficientInstanceCapacity?? error. What can be the possible reason for this?

• A. AWS does not have sufficient capacity in that availability zone
• B. AWS zone mapping is changed for that user account
• C. There is some issue with the host capacity on which the instance is launched
• D. The user account has reached the maximum EC2 instance limit

Answer: A

Explanation:
When the user gets an ??InsufficientInstanceCapacity?? error while launching or starting an EC2 instance, it
means that AWS does not currently have enough available capacity to service the user request. If the user is requesting a large number of instances, there might not be enough server capacity to host them. The user can either try again later, by specifying a smaller number of instances or changing the availability zone if launching a fresh instance.

NEW QUESTION 14
An organization (account ID 123412341234. has configured the IAM policy to allow the user to modify his credentials. What will the below mentioned statement allow the user to perform?
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow", "Action": [ "iam:AddUserToGroup",
"iam:RemoveUserFromGroup", "iam:GetGroup"
],
"Resource": "arn:aws:iam:: 123412341234:group/TestingGroup"
}]

• A. The IAM policy will throw an error due to an invalid resource name
• B. The IAM policy will allow the user to subscribe to any IAM group
• C. Allow the IAM user to update the membership of the group called TestingGroup
• D. Allow the IAM user to delete the TestingGroup

Answer: C

Explanation:
AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. If the organization (account ID 123412341234. wants their users to manage their subscription to the groups, they should create a relevant policy for that. The below mentioned policy allows the respective IAM user to update the membership of the group called MarketingGroup.
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow", "Action": [ "iam:AddUserToGroup",
"iam:RemoveUserFromGroup", "iam:GetGroup"
],
"Resource": "arn:aws:iam:: 123412341234:group/ TestingGroup "
}]

NEW QUESTION 15
A user is trying to create a PIOPS EBS volume with 4000 IOPS and 100 GB size. AWS does not allow the user to create this volume. What is the possible root cause for this?

• A. The ratio between IOPS and the EBS volume is higher than 30
• B. The maximum IOPS supported by EBS is 3000
• C. The ratio between IOPS and the EBS volume is lower than 50
• D. PIOPS is supported for EBS higher than 500 GB size

Answer: A

Explanation:
A provisioned IOPS EBS volume can range in size from 10 GB to 1 TB and the user can provision up to 4000 IOPS per volume. The ratio of IOPS provisioned to the volume size requested should be a maximum of 30; for example, a volume with 3000 IOPS must be at least 100 GB.

NEW QUESTION 16
A user has created a VPC with public and private subnets using the VPC wizard. The VPC has CIDR 20.0.0.0/16. The private subnet uses CIDR 20.0.0.0/24 . The NAT instance ID is i-a12345. Which of the below mentioned entries are required in the main route table attached with the private subnet to allow instances to connect with the internet?

• A. Destination: 0.0.0.0/0 and Target: i-a12345
• B. Destination: 20.0.0.0/0 and Target: 80
• C. Destination: 20.0.0.0/0 and Target: i-a12345
• D. Destination: 20.0.0.0/24 and Target: i-a12345

Answer: A

Explanation:
A user can create a subnet with VPC and launch instances inside that subnet. If the user has created a public private subnet, the instances in the public subnet can receive inbound traffic directly from the Internet, whereas the instances in the private subnet cannot. If these subnets are created with Wizard, AWS will create two route tables and attach to the subnets. The main route table will have
the entry ??Destination: 0.0.0.0/0 and Target: ia12345??, which allows all the instances in the private subnet to connect to the internet using NAT.

NEW QUESTION 17
In order to optimize performance for a compute cluster that requires low inter-node latency, which feature in the following list should you use?

• A. AWS Direct Connect
• B. Placement Groups
• C. VPC private subnets
• D. EC2 Dedicated Instances
• E. Multiple Availability Zones

Answer: B

Explanation:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html

NEW QUESTION 18
You are managing a legacy application Inside VPC with hard coded IP addresses in its configuration. Which two mechanisms will allow the application to failover to new instances without the need for reconfiguration? Choose 2 answers

• A. Create an ELB to reroute traffic to a failover instance
• B. Create a secondary ENI that can be moved to a failover instance
• C. Use Route53 health checks to fail traffic over to a failover instance
• D. Assign a secondary private IP address to the primary ENI0 that can be moved to a failover instance

Answer: BD

Explanation:
This is an odd question. First of all, option A cannot be right because ELB does not failover. Cannot be C because Route 53 does work with hard coded IP. Only B & D cannot be rule out so best answer.

NEW QUESTION 19
A user has created a VPC with public and private subnets. The VPC has CIDR 20.0.0.0/16. The private subnet uses CIDR 20.0.1.0/24 and the public subnet uses CIDR 20.0.0.0/24. The user is planning to host a web server in the public subnet (port 80. and a DB server in the private subnet (port 3306.. The user is configuring a security group of the NAT instance. Which of the below mentioned entries is not required for the NAT security group?

• A. For Inbound allow Source: 20.0.1.0/24 on port 80
• B. For Outbound allow Destination: 0.0.0.0/0 on port 80
• C. For Inbound allow Source: 20.0.0.0/24 on port 80
• D. For Outbound allow Destination: 0.0.0.0/0 on port 443

Answer: C

Explanation:
A user can create a subnet with VPC and launch instances inside that subnet. If the user has created a public private subnet to host the web server and DB server respectively, the user should configure that the instances in the private subnet can connect to the internet using the NAT instances. The user should first configure that NAT can receive traffic on ports 80 and 443 from the private subnet. Thus, allow ports 80 and 443 in Inbound for the private subnet 20.0.1.0/24. Now to route this traffic to the internet configure ports 80 and 443 in Outbound with destination 0.0.0.0/0. The NAT should not have an entry for the public subnet CIDR.

NEW QUESTION 20
Which of the following are true regarding encrypted Amazon Elastic Block Store (EBS) volumes? Choose 2 answers

• A. Supported on all Amazon EBS volume types
• B. Snapshots are automatically encrypted
• C. Available to all instance types
• D. Existing volumes can be encrypted
• E. shared volumes can be encrypted

Answer: AB

Explanation:
This feature is supported on all Amazon EBS volume types (General Purpose (SSD), Provisioned IOPS (SSD), and Magnetic). You can access encrypted Amazon EBS volumes the same way you access existing volumes; encryption and decryption are handled transparently and they require no additional action from you, your Amazon EC2 instance, or your application. Snapshots of encrypted Amazon EBS volumes are automatically encrypted, and volumes that are created from encrypted Amazon EBS snapshots are also automatically encrypted.
Reference: http://docs.aws.amazon.com/kms/latest/developerguide/services-ebs.html

NEW QUESTION 21
A SysOps Administrator is asked to create an Amazon VPC IPv4 subnet that will support a minimum of 30 network resources simultaneously.
What is the minimum CIDR netmask that will sustain this requirement?

• A. /25
• B. /26
• C. /27
• D. /28

Answer: C

Explanation:

NEW QUESTION 22
A user has enabled detailed CloudWatch monitoring with the AWS Simple Notification Service. Which of the below mentioned statements helps the user understand detailed monitoring better?

• A. SNS will send data every minute after configuration
• B. There is no need to enable since SNS provides data every minute
• C. AWS CloudWatch does not support monitoring for SNS
• D. SNS cannot provide data every minute

Answer: D

Explanation:
CloudWatch is used to monitor AWS as well as the custom services. It provides either basic or detailed
monitoring for the supported AWS products. In basic monitoring, a service sends data points to CloudWatch every five minutes, while in detailed monitoring a service sends data points to CloudWatch every minute. The AWS SNS service sends data every 5 minutes. Thus, it supports only the basic monitoring. The user cannot enable detailed monitoring with SNS.

NEW QUESTION 23
A user has configured Elastic Load Balancing by enabling a Secure Socket Layer (SSL. negotiation configuration known as a Security Policy. Which of the below mentioned options is not part of this secure policy while negotiating the SSL connection between the user and the client?

• A. SSL Protocols
• B. Client Order Preference
• C. SSL Ciphers
• D. Server Order Preference

Answer: B

Explanation:
Elastic Load Balancing uses a Secure Socket Layer (SSL. negotiation configuration which is known as a Security Policy. It is used to negotiate the SSL connections between a client and the load balancer. A security policy is a combination of SSL Protocols, SSL Ciphers, and the Server Order Preference option.

NEW QUESTION 24
......