Pass AWS-Solutions-Associate Exam - Real Test Engine PDF with 625 Questions [Q45-Q64]

Pass AWS-Solutions-Associate Exam - Real Test Engine PDF with 625 Questions

Get New AWS-Solutions-Associate Certification Practice Test Questions Exam Dumps

NEW QUESTION 45
You are tasked with setting up a Linux bastion host for access to Amazon EC2 instances running in your VPC. Only clients connecting from the corporate external public IP address 72.34.51.100 should have SSH access to the host. Which option will meet the customer requirement?

• A. Network ACL Inbound Rule: Protocol - TCP, Port Range-22, Source 72.34.51.100/0
• B. Network ACL Inbound Rule: Protocol - UDP, Port Range- 22, Source 72.34.51.100/32
• C. Security Group Inbound Rule: Protocol - TCP. Port Range- 22, Source 72.34.51. 100/32
• D. Security Group Inbound Rule: Protocol - UDP, Port Range- 22, Source 72.34.51.100/32

Answer: C

 

NEW QUESTION 46
Amazon RDS creates an SSL certificate and installs the certificate on the DB Instance when Amazon RDS provisions the instance. These certificates are signed by a certificate authority. The _____ is stored athttps://rds.amazonaws.com/doc/rds-ssl-ca-cert.pem.

• A. foreign key
• B. protected key
• C. private key
• D. public key

Answer: C

 

NEW QUESTION 47
A company has a live chat application running on its on-premises servers that use WebSockets. The company wants to migrate the application to AWS. Application traffic is inconsistent, and the company expects there to be more traffic with sharp spikes in the future.
The company wants a highly scalable solution with no server maintenance nor advanced capacity planning.
Which solution meets these requirements?

• A. Use Amazon API Gateway and AWS Lambda with an Amazon DynamoDB table as the data store.
  Configure the DynamoDB table for on-demand capacity.
• B. Run Amazon EC2 instances behind an Application Load Balancer in an Auto Scaling group with an Amazon DynamoDB table as the data store. Configure the DynamoDB table for on-demand capacity.
• C. Run Amazon EC2 instances behind a Network Load Balancer in an Auto Scaling group with an Amazon DynamoDB table as the data store. Configure the DynamoDB table for provisioned capacity.
• D. Use Amazon API Gateway and AWS Lambda with an Amazon DynamoDB table as the data store.
  Configure the DynamoDB table for provisioned capacity.

Answer: A

 

NEW QUESTION 48
Select the correct statement:

• A. You can terminate, stop, or delete a resource based solely on its tags
• B. You don't need to specify the resource identifier while terminating a resource
• C. You don't need not specify the resource identifier while stopping a resource
• D. You can't terminate, stop, or delete a resource based solely on its tags

Answer: D

 

NEW QUESTION 49
A customer implemented AWS Storage Gateway with a gateway-cached volume at their main office. An event takes the link between the main and branch office offline. Which methods will enable the branch office to access their data? Choose 3 answers

• A. Launch a new AWS Storage Gateway instance AMI in Amazon EC2, and restore from a gateway snapshot.
• B. Make an Amazon Glacier Restore API call to load the files into another Amazon S3 bucket within four to six hours.
• C. Restore by implementing a lifecycle policy on the Amazon S3 bucket.
• D. Create an Amazon EBS volume from a gateway snapshot, and mount it to an Amazon EC2 instance.
• E. Use a HTTPS GET to the Amazon S3 bucket where the files are located.
• F. Launch an AWS Storage Gateway virtual iSCSI device at the branch office, and restore from a gateway snapshot.

Answer: A,E,F

 

NEW QUESTION 50
A user has created a CloudFormation stack. The stack creates AWS services, such as EC2 instances,
ELB, AutoScaling, and RDS. While creating the stack it created EC2, ELB and AutoScaling but failed to create RDS. What will CloudFormation do in this scenario?

• A. It will wait for the user's input about the error and correct the mistake after the input
• B. Rollback all the changes and terminate all the created services
• C. CloudFormation can never throw an error after launching a few services since it verifies all the steps before launching
• D. It will warn the user about the error and ask the user to manually create RDS

Answer: B

Explanation:
AWS CloudFormation is an application management tool which provides application modeling, deployment, configuration, management and related activities. The AWS CloudFormation stack is a collection of AWS resources which are created and managed as a single unit when AWS CloudFormation instantiates a template. If any of the services fails to launch, CloudFormation will rollback all the changes and terminate or delete all the created services.
Reference: http://aws.amazon.com/cloudformation/faqs/

 

NEW QUESTION 51
Which of the following items are required to allow an application deployed on an EC2 instance to write data to a Dynamo DB table? Assume that no security keys are allowed to be stored on the EC2 instance? Choose 2 answers

• A. Launch an EC2 instance with the IAM Role included in the launch configuration
• B. Create an IAM role that allows write access to the DynamoDB table
• C. Launch an EC2 instance with the IAM user included in the launch configuration
• D. Add an IAM Role to a running EC2 instance
• E. Create an IAM User that allows write access to the DynamoDB table
• F. Add an IAM user to a running EC2 instance

Answer: A,B

 

NEW QUESTION 52
Can I move a Reserved Instance from one Region to another?

• A. Only if they are moving to US East from another region
• B. Yes
• C. No
• D. Only if they are moving into GovCloud

Answer: D

 

NEW QUESTION 53
While creating an Amazon RDS DB, your first task is to set up a DB ______ that controls what IP addresses or EC2 instances have access to your DB Instance.

• A. Security Token Pool
• B. Security Pool
• C. Secure Zone
• D. Security Group

Answer: D

 

NEW QUESTION 54
You're trying to delete an SSL certificate from the IAM certificate store, and you're getting the message
"Certificate: <certificate-id> is being used by CloudFront." Which of the following statements is probably the reason why you are getting this error?

• A. You can't delete SSL certificates . You need to request it from AWS.
• B. Before you can delete an SSL certificate, you need to set up the appropriate access level in IAM
• C. Before you can delete an SSL certificate you need to set up https on your server.
• D. Before you can delete an SSL certificate, you need to either rotate SSL certificates or revert from using a custom SSL certificate to using the default CloudFront certificate.

Answer: D

Explanation:
CloudFront is a web service that speeds up distribution of your static and dynamic web content, for example, .html, .css, .php, and image files, to end users.
Every CloudFront web distribution must be associated either with the default CloudFront certificate or with a custom SSL certificate. Before you can delete an SSL certificate, you need to either rotate SSL certificates (replace the current custom SSL certificate with another custom SSL certificate) or revert from using a custom SSL certificate to using the default CloudFront certificate.
Reference:
http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Troubleshooting.html

 

NEW QUESTION 55
A company is concerned that two NAT instances in use will no longer be able to support the traffic needed for the company's application. A solutions architect wants to implement a solution that is highly available fault tolerant, and automatically scalable What should the solutions architect recommend?

• A. Remove the two NAT instances and replace them with two NAT gateways in the same Availability Zone.
• B. Use Auto Scaling groups with Network Load Balancers for the NAT instances in different Availability Zones.
• C. Replace the two NAT instances with Spot Instances in different Availability Zones and deploy a Network Load Balancer.
• D. Remove the two NAT instances and replace them with two NAT gateways in different Availability Zones.

Answer: A

 

NEW QUESTION 56
A user is currently building a website which will require a large number of instances in six months, when a demonstration of the new site will be given upon launch.
Which of the below mentioned options allows the user to procure the resources beforehand so that they need not worry about infrastructure availability during the demonstration?

• A. Procure all the instances as reserved instances beforehand.
• B. Launch all the instances as part of the cluster group to ensure resource availability.
• C. Ask AWS now to procure the dedicated instances in 6 months.
• D. Pre-warm all the instances one month prior to ensure resource availability.

Answer: A

Explanation:
Amazon Web Services has massive hardware resources at its data centers, but they are finite. The best way for users to maximize their access to these resources is by reserving a portion of the computing capacity that they require. This can be done through reserved instances. With reserved instances, the user literally reserves the computing capacity in the Amazon Web Services cloud.
Reference: http://media.amazonwebservices.com/AWS_Building_Fault_Tolerant_Applications.pdf

 

NEW QUESTION 57
A customer has a 10 GB AWS Direct Connect connection to an AWS region where they have a web application hosted on Amazon Elastic Computer Cloud (EC2). The application has dependencies on an on-premises mainframe database that uses a BASE (Basic Available. Sort stale Eventual consistency) rather than an ACID (Atomicity. Consistency isolation. Durability) consistency model. The application is exhibiting undesirable behavior because the database is not able to handle the volume of writes. How can you reduce the load on your on-premises database resources in the most cost-effective way?

• A. Modify the application to write to an Amazon SQS queue and develop a worker process to flush the queue to the on-premises database.
• B. Use an Amazon Elastic Map Reduce (EMR) S3DistCp as a synchronization mechanism between the on-premises database and a Hadoop cluster on AWS.
• C. Provision an RDS read-replica database on AWS to handle the writes and synchronize the two databases using Data Pipeline.
• D. Modify the application to use DynamoDB to feed an EMR cluster which uses a map function to write to the on-premises database.

Answer: B

Explanation:
Reference: https://aws.amazon.com/blogs/aws/category/amazon-elastic-map-reduce/

 

NEW QUESTION 58
Location of Instances are ____________

• A. Global
• B. based on Availability Zone
• C. Regional

Answer: B

 

NEW QUESTION 59
A user has launched a large EBS backed EC2 instance in the US-East-1a region. The user wants to achieve Disaster Recovery (DR) for that instance by creating another small instance in Europe. How can the user achieve DR?

• A. Use the "Launch more like this" option to copy the instance from one region to another
• B. Copy the instance from the US East region to the EU region
• C. Create an AMI of the instance and copy the AMI to the EU region. Then launch the instance from the
  EU AMI
• D. Copy the running instance using the "Instance Copy" command to the EU region

Answer: C

Explanation:
To launch an EC2 instance it is required to have an AMI in that region. If the AMI is not available in that region, then create a new AMI or use the copy command to copy the AMI from one region to the other region.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/CopyingAMIs.html

 

NEW QUESTION 60
A company needs guaranteed Amazon EC2 capacity in three specific Availability Zones in a specific AWS Region for an upcoming event that will last 1 week. What should the company do to guarantee the EC2 capacity?

• A. Create an On-Demand Capacity Reservation that specifies the Region needed.
• B. Purchase Reserved Instances that specify the Region needed.
• C. Create an On-Demand Capacity Reservation that specifies the Region and three Availability Zones needed.
• D. Purchase Reserved Instances that specify the Region and three Availability Zones needed.

Answer: B

 

NEW QUESTION 61
You have deployed a three-tier web application in a VPC with a CIDR block of 10.0.0.0/28. You initially deploy two web servers, two application servers, two database servers and one NAT instance tor a total of seven EC2 instances. The web, application and database servers are deployed across two availability zones (AZs). You also deploy an ELB in front of the two web servers, and use Route53 for DNS Web (raffle gradually increases in the first few days following the deployment, so you attempt to double the number of instances in each tier of the application to handle the new load unfortunately some of these new instances fail to launch.
Which of the following could be the root caused? (Choose two.)

• A. The Internet Gateway (IGW) of your VPC has scaled-up, adding more instances to handle the traffic spike, reducing the number of available private IP addresses for new instance launches
• B. AWS reserves the first four and the last IP address in each subnet's CIDR block so you do not have enough addresses left to launch all of the new EC2 instances
• C. The ELB has scaled-up, adding more instances to handle the traffic spike, reducing the number of available private IP addresses for new instance launches
• D. AWS reserves one IP address in each subnet's CIDR block for Route53 so you do not have enough addresses left to launch all of the new EC2 instances
• E. AWS reserves the first and the last private IP address in each subnet's CIDR block so you do not have enough addresses left to launch all of the new EC2 instances

Answer: B,C

Explanation:
Explanation/Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html

 

NEW QUESTION 62
The following policy can be attached to an IAM group. It lets an IAM user in that group access a "home directory" in AWS S3 that matches their user name using the console.
{
"Version": "2012-10-17",
"Statement": [
{
"Action": ["s3:*"],
"Effect": "Allow",
"Resource": ["arn:aws:s3:::bucket-name"],
"Condition":{"StringLike":{"s3:prefix":["home/${aws:username}/*"]}}
},
{
"Action":["s3:*"],
"Effect":"Allow",
"Resource": ["arn:aws:s3:::bucket-name/home/${aws:username}/*"]
}
]
}

• A. True
• B. False

Answer: B

 

NEW QUESTION 63
A customer is running a multi-tier web application farm in a virtual private cloud (VPC) that is not connected to their corporate network. They are connecting to the VPC over the Internet to manage all of their Amazon EC2 instances running in both the public and private subnets. They have only authorized the bastion-security-group with Microsoft Remote Desktop Protocol (RDP) access to the application instance security groups, but the company wants to further limit administrative access to all of the instances in the VPC. Which of the following Bastion deployment scenarios will meet this requirement?

• A. Deploy a Windows Bastion host with an Elastic IP address in the public subnet and allow SSH access to the bastion from anywhere.
• B. Deploy a Windows Bastion host with an auto-assigned Public IP address in the public subnet, and allow RDP access to the bastion from only the corporate public IP addresses.
• C. Deploy a Windows Bastion host with an Elastic IP address in the private subnet, and restrict RDP access to the bastion from only the corporate public IP addresses.
• D. Deploy a Windows Bastion host on the corporate network that has RDP access to all instances in the VPC.

Answer: B

 

NEW QUESTION 64
......

AWS-Solutions-Associate Exam Dumps - PDF Questions and Testing Engine: https://www.actual4cert.com/AWS-Solutions-Associate-real-questions.html

Real AWS-Solutions-Associate Exam Dumps Questions Valid AWS-Solutions-Associate Dumps PDF: https://drive.google.com/open?id=1jgGH5UC2fjyyJwGx8kRMUoXXipiIl2Ru