Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. A user has configured ELB. Which of the below mentioned protocols the user can configure for ELB health checks while setting up ELB?
A. All of the options
B. TCP
C. HTTPS
D. SSL
Answer: A
Explanation:
An ELB performs a health check on its instances to ensure that it diverts traffic only to healthy instances. The ELB can perform a health check on HTTP, HTTPS, TCP and SSL protocols.
Reference: http://docs.aws.amazon.com/EIasticLoadBaIancing/latest/Deve|operGuide/Welcome.html
Q2. A user is planning to use EBS for his DB requirement. The user already has an EC2 instance running in the VPC private subnet. How can the user attach the EBS volume to a running instance?
A. The user must create EBS within the same VPC and then attach it to a running instance.
B. The user can create EBS in the same zone as the subnet of instance and attach that EBS to instance.
C. It is not possible to attach an EBS to an instance running in VPC until the instance is stopped.
D. The user can specify the same subnet while creating EBS and then attach it to a running instance.
Answer: B
Explanation:
A Virtual Private Cloud (VPC) is a virtual network dedicated to the user’s AWS account. The user can create subnets as per the requirement within a VPC. The VPC is always specific to a region. The user can create a VPC which can span multiple Availability Zones by adding one or more subnets in each Availability Zone.
The instance launched will always be in the same availability zone of the respective subnet. When creating an EBS the user cannot specify the subnet or VPC. However, the user must create the EBS in the same zone as the instance so that it can attach the EBS volume to the running instance.
Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.htm|#VPCSubnet
Q3. A user is trying to configure access with S3. Which of the following options is not possible to provide access to the S3 bucket / object?
A. Define the policy for the IAM user
B. Define the ACL for the object
C. Define the policy for the object
D. Define the policy for the bucket
Answer: C
Explanation:
Amazon S3 offers access policy options broadly categorized as resource-based policies and user policies.
Access policies, such as ACL and resource policy can be attached to the bucket. With the object the user can only have ACL and not an object policy. The user can also attach access policies to the IAM users in the account. These are called user policies.
Reference: http://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html
Q4. ExamKiIIer (with AWS account ID 111122223333) has created 50 IAM users for its orgAMzation’s employees. What will be the AWS console URL for these associates?
A. https:// 111122223333.signin.aws.amazon.com/conso|e/
B. https:// signin.aws.amazon.com/consoIe/
C. https://signin.aws.amazon.com/111122223333/conso|e/
D. https://signin.aws.amazon.com/console/111122223333/
Answer: A
Explanation:
When an orgAMzation is using AWS IAM for creating various users and manage their access rights, the IAM user cannot use the login URL http://aws.amazon.com/console to access AWS management console. The console login URL for the IAM user will have AWS account ID of that orgAMzation to identify the IAM user belongs to particular account. The AWS console login URL for the IAM user will be https://
<AWS_Account_|D>.signin.aws.amazon.com/consoIe/. In this case it will be https:// 111122223333.signin.aws.amazon.com/consoIe/
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAIias.html
Q5. Can a user get a notification of each instance start / terminate configured with Auto Scaling?
A. Yes, always
B. No
C. Yes, if configured with the Auto Scaling group
D. Yes, if configured with the Launch Config
Answer: C
Explanation:
The user can get notifications using SNS if he has configured the notifications while creating the Auto Scaling group.
Reference: http://docs.aws.amazon.com/AutoScaIing/latest/DeveIoperGuide/GettingStartedTutoriaI.html
Q6. Which of the following device names is recommended for an EBS volume that can be attached to an Amazon EC2 Instance running Windows?
A. xvd[a-e]
B. /mnt/sd[b-e]
C. xvd[f-p]
D. /dev/sda1
Answer: C
Explanation:
The xvd[f-p] is the recommended device name for EBS volumes that can be attached to the Amazon EC2 Instances running on Windows.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/device_naming.html
Q7. A user has launched an EC2 instance and installed a website with the Apache webserver. The webserver is running but the user is not able to access the website from the internet. What can be the possible reason for this failure?
A. The security group of the instance is not configured properly.
B. The instance is not configured with the proper key-pairs.
C. The Apache website cannot be accessed from the internet.
D. Instance is not configured with an elastic IP.
Answer: A
Explanation:
In Amazon Web Services, when a user has configured an instance with Apache, the user needs to ensure that the ports in the security group are opened as configured in Apache config. E.g. If Apache is running on port 80, the user should open port 80 in the security group.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html
Q8. ExamKiIIer (with AWS account ID H1122223333) has created 50 IAM users for its orgAMzation’s employees. ExamKiI|er wants to make the AWS console login URL for all IAM users like: https://examki||er.signin.aws.amazon.com/consoIe/. How can this be configured?
A. The user needs to use Route 53 to map the examkiller domain and IAM URL
B. Create an IAM AWS account alias with the name examkiller
C. It is not possible to have a personalized IAM login URL
D. Create an IAM hosted zone Identity for the domain examkiller
Answer: B
Explanation:
If a user wants the URL of the AWS IAM sign-in page to have a company name instead of the AWS account ID, he can create an alias for his AWS account ID.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAIias.html
Q9. A user wants to configure AutoScaIing which scales up when the CPU utilization is above 70% and scales down when the CPU utilization is below 30%. How can the user configure AutoScaIing for the above mentioned condition?
A. Use AutoScaIing with a schedule
B. Configure ELB to notify AutoScaIing on load increase or decrease
C. Use dynamic AutoScaIing with a policy
D. Use AutoScaIing by manually modifying the desired capacity during a condition
Answer: C
Explanation:
The user can configure the AutoScaIing group to automatically scale up and then scale down based on the specified conditions. To configure this, the user must setup policies which will get triggered by the C|oudWatch alarms.
Reference:
http://docs.aws.amazon.com/AutoScaling/latest/DeveIoperGuide/as-scaIe-based-on-demand.html
Q10. In Amazon SNS, to send push notifications to mobile devices using Amazon SNS and ADM, you need to obtain the following, except:
A. Client secret
B. Client ID
C. Device token
D. Registration ID
Answer: C
Explanation:
To send push notifications to mobile devices using Amazon SNS and ADM, you need to obtain the following: Registration ID and Client secret.
Reference: http://docs.aws.amazon.com/sns/latest/dg/SNSMobiIePushPrereq.htmI
Q11. An orgAMzation is setting up their website on AWS. The orgAMzation is working on various security measures to be performed on the AWS EC2 instances. Which of the below mentioned security mechAMsms will not help the orgAMzation to avoid future data leaks and identify security weaknesses?
A. Perform SQL injection for application testing.
B. Run penetration testing on AWS with prior approval from Amazon.
C. Perform a hardening test on the AWS instance.
D. Perform a Code Check for any memory leaks.
Answer: D
Explanation:
AWS security follows the shared security model where the user is as much responsible as Amazon. Since Amazon is a public cloud it is bound to be targeted by hackers. If an orgAMzation is planning to host their application on AWS EC2, they should perform the below mentioned security checks as a measure to find any security weakness/data leaks:
Perform penetration testing as performed by attackers to find any vulnerability. The orgAMzation must take an approval from AWS before performing penetration testing
Perform hardening testing to find if there are any unnecessary ports open Perform SQL injection to find any DB security issues
The code memory checks are generally useful when the orgAMzation wants to improve the application performance.
Reference: http://aws.amazon.com/security/penetration-testing/
Q12. A user is running a MySQL RDS instance. The user will not use the DB for the next 3 months. How can the user save costs?
A. Pause the RDS actMties from CLI until it is required in the future
B. Stop the RDS instance
C. Create a snapshot of RDS to launch in the future and terminate the instance now
D. Change the instance size to micro
Answer: C
Explanation:
The RDS instances unlike the AWS EBS backed instances cannot be stopped or paused. The user needs to take the final snapshot, terminate the instance and launch a new instance in the future from that snapshot
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.BackingUpAndRestoringAmazonR DSInstances.htmI
Q13. A user plans to use RDS as a managed DB platform. Which of the below mentioned features is not supported by RDS?
A. Automated backup
B. Automated scaling to manage a higher load
C. Automated failure detection and recovery
D. Automated software patching
Answer: B
Explanation:
AWS RDS provides a managed DB platform, which offers features, such as automated backup, patch management, automated failure detection and recovery. The scaling is not automated and the user needs to plan it with a few clicks.
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html
Q14. An orgAMzation has 20 employees. The orgAMzation wants to give all the users access to the orgAMzation AWS account. Which of the below mentioned options is the right solution?
A. Share the root credentials with all the users
B. Create an IAM user for each employee and provide access to them
C. It is not advisable to give AWS access to so many users
D. Use the IAM role to allow access based on STS
Answer: B
Explanation:
AWS Identity and Access Management is a web service that enables the AWS customers to manage users and user permissions in AWS. The IAM is targeted at orgAMzations with multiple users or systems that use AWS products such as Amazon EC2, Amazon RDS, and the AWS Management Console. With IAM, the orgAMzaiton can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users can access.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_Introduction.htm|
Q15. A user is launching an AWS RDS with MySQL. Which of the below mentioned options allows the user to configure the INNODB engine parameters?
A. Options group
B. Engine parameters
C. Parameter groups
D. DB parameters
Answer: C
Explanation:
With regard to RDS, the user can manage the configuration of a DB engine by using a DB parameter group. A DB parameter group contains engine configuration values that can be applied to one or more DB instances of the same instance type.
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html