Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. In regard to DynamoDB, which of the following statements is correct?
A. An Item should have at least two value sets, a primary key and another attribute.
B. An Item can have more than one attributes.
C. A primary key should be single-valued.
D. An attribute can have one or several other attributes.
Answer: B
Explanation:
In Amazon DynamoDB, a database is a collection of tables. A table is a collection of items and each item
is a collection of attributes.
Reference: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/DataModeI.html
Q2. Is it possible to create an S3 bucket accessible only by a certain IAM user, using policies in a C|oudFormation template?
A. No, you can only create the S3 bucket but not the IAM user.
B. S3 is not supported by CIoudFormation.
C. Yes, all these resources can be created using a CIoudFormation template
D. No, in the same template you can only create the S3 bucket and the realtive policy.
Answer: C
Explanation:
With AWS Identity and Access Management (IAM), you can create IAM users to control who has access to which resources in your AWS account. You can use IAM with AWS CIoudFormation to control what AWS CIoudFormation actions users can perform, such as view stack templates, create stacks, or delete stacks.
In addition to AWS CIoudFormation actions, you can manage what AWS services and resources are available to each user.
Q3. When you use the AWS Elastic Beanstalk console to deploy a new application .
A. you’II need to upload each file separately
B. you’II need to create each file and path
C. you’II need to upload a source bundle
D. you’II need to create each file
Answer: C
Explanation:
When you use the AWS Elastic Beanstalk console to deploy a new application or an application version, you’II need to upload a source bundle.
Reference:
http://docs.aws.amazon.com/elasticbeanstaIk/latest/dg/using-features.depIoyment.source.html
Q4. Bob is an IAM user who has access to the EC2 services. Admin is an IAM user who has access to all the AWS services including IAM. Can Bob change his password?
A. No, the IAM user can never change the password
B. Yes, provided Admin has given Bob access to change his password
C. Yes, only from AWS CLI
D. Yes, only from the AWS console
Answer: B
Explanation:
The IAM users by default cannot change their password. The root owner or IAM administrator needs to set the policy in the password policy page, which should allow the user to change their password. Once it is enabled, the IAM user can always change their passwords from the AWS console or CLI.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingUserPwdSeIf.htm|
Q5. A user has configured ELB. Which of the below mentioned protocols the user can configure for ELB health checks while setting up ELB?
A. All of the options
B. TCP
C. HTTPS
D. SSL
Answer: A
Explanation:
An ELB performs a health check on its instances to ensure that it diverts traffic only to healthy instances. The ELB can perform a health check on HTTP, HTTPS, TCP and SSL protocols.
Reference: http://docs.aws.amazon.com/EIasticLoadBaIancing/latest/Deve|operGuide/Welcome.html
Q6. A user has created a queue named "myqueue" with SQS. There are four messages published to queue which are not received by the consumer yet. If the user tries to delete the queue, what will happen?
A. A user can never delete a queue manually. AWS deletes it after 30 days of inactMty on queue
B. It will initiate the delete but wait for four days before deleting until all messages are deleted automatically.
C. It will ask user to delete the messages first
D. It will delete the queue
Answer: D
Explanation:
SQS allows the user to move data between distributed components of applications so they can perform different tasks without losing messages or requiring each component to be always available. The user can delete a queue at any time, whether it is empty or not. It is important to note that queues retain
messages for a set period of time. By default, a queue retains messages for four days. Reference:
http://docs.aws.amazon.com/AWSSimpIeQueueService/latest/SQSDeveIoperGuide/SQSConcepts.html
Q7. A user has launched a MySQL RDS. The user wants to plan for the DR and automate the snapshot. Which of the below mentioned functionality offers this option with RDS?
A. Copy snapshot
B. Automated synchronization
C. Snapshot
D. Automated backup
Answer: D
Explanation:
Amazon RDS provides two different methods for backing up and restoring the Amazon DB instances: automated backups and DB snapshots. Automated backups automatically back up the DB instance during a specific, user-definable backup window, and keep the backups for a limited, user-specified period of time.
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.BackingUpAndRestoringAmazonR DSInstances.htmI
Q8. A user has developed an application which is required to send the data to a NoSQL database. The user wants to decouple the data sending such that the application keeps processing and sending data but
does not wait for an acknowledgement of DB. Which of the below mentioned applications helps in this scenario?
A. AWS Simple Notification Service
B. AWS Simple Workflow
C. AWS Simple Query Service
D. AWS Simple Queue Service
Answer: D
Explanation:
Amazon Simple Queue Service (SQS) is a fast, reliable, scalable, and fully managed message queuing service. SQS provides a simple and cost-effective way to decouple the components of an application. In this case, the user can use AWS SQS to send messages which are received from an application and sent to DB. The application can continue processing data without waiting for any acknowledgement from DB. The user can use SQS to transmit any volume of data without losing messages or requiring other services to always be available.
Reference: http://aws.amazon.com/sqs/
Q9. An orgAMzation is setting up their website on AWS. The orgAMzation is working on various security measures to be performed on the AWS EC2 instances. Which of the below mentioned security mechAMsms will not help the orgAMzation to avoid future data leaks and identify security weaknesses?
A. Perform SQL injection for application testing.
B. Run penetration testing on AWS with prior approval from Amazon.
C. Perform a hardening test on the AWS instance.
D. Perform a Code Check for any memory leaks.
Answer: D
Explanation:
AWS security follows the shared security model where the user is as much responsible as Amazon. Since Amazon is a public cloud it is bound to be targeted by hackers. If an orgAMzation is planning to host their application on AWS EC2, they should perform the below mentioned security checks as a measure to find any security weakness/data leaks:
Perform penetration testing as performed by attackers to find any vulnerability. The orgAMzation must take an approval from AWS before performing penetration testing
Perform hardening testing to find if there are any unnecessary ports open Perform SQL injection to find any DB security issues
The code memory checks are generally useful when the orgAMzation wants to improve the application performance.
Reference: http://aws.amazon.com/security/penetration-testing/
Q10. Regarding Amazon SNS, you can send notification messages to mobile devices through any of the following supported push notification services, EXCEPT:
A. Google Cloud Messaging for Android (GCM)
B. Apple Push Notification Service (APNS)
C. Amazon Device Messaging (ADM)
D. Microsoft Windows Mobile Messaging (MWMM)
Answer: D
Explanation:
In Amazon SNS, you have the ability to send notification messages directly to apps on mobile devices. Notification messages sent to a mobile endpoint can appear in the mobile app as message alerts, badge updates, or even sound alerts. Microsoft Windows MobiIe Messaging (MWMM) doesn’t exist and is not supported by Amazon SNS.
Reference: http://docs.aws.amazon.com/sns/latest/dg/SNSMobiIePush.htmI
Q11. is a task coordination and state management service for cloud applications.
A. Amazon SES
B. Amazon SWF
C. Amazon FPS
D. Amazon SNS
Answer: B
Explanation:
Amazon Simple Workflow (Amazon SWF) is a task coordination and state management service for cloud applications. With Amazon SWF, you can stop writing complex glue-code and state machinery and invest more in the business logic that makes your applications unique.
Reference: http://aws.amazon.com/swf/
Q12. A user is creating multiple IAM users. What advice should be given to him to enhance the security?
A. Grant least prMleges to the indMdual user
B. Grant all higher prMleges to the group
C. Grant less prMleges for user, but higher prMleges for the group
D. Grant more prMleges to the user, but least prMleges to the group
Answer: A
Explanation:
It is a recommended rule that the root user should grant the least prMleges to the IAM user or the group. The higher the prMleges, the more problems it can create.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/IAMBestPractices.htmI
Q13. An orgAMzation has hosted an application on the EC2 instances. There will be multiple users connecting to the instance for setup and configuration of application. The orgAMzation is planning to implement certain security best practices. Which of the below mentioned pointers will not help the orgAMzation achieve better security arrangement?
A. Apply the latest patch of OS and always keep it updated.
B. Allow only IAM users to connect with the EC2 instances with their own secret access key.
C. Disable the password based login for all the users. All the users should use their own keys to connect with the instance securely.
D. Create a procedure to revoke the access rights of the indMdual user when they are not required to connect to EC2 instance anymore for the purpose of application configuration.
Answer: B
Explanation:
Since AWS is a public cloud any application hosted on EC2 is prone to hacker attacks. It becomes extremely important for a user to setup a proper security mechAMsm on the EC2 instances. A few of the security measures are listed below:
Always keep the OS updated with the latest patch
Always create separate users with in OS if they need to connect with the EC2 instances, create their keys and disable their password
Create a procedure using which the admin can revoke the access of the user when the business work on the EC2 instance is completed
Lock down unnecessary ports
Audit any proprietary applications that the user may be running on the EC2 instance
Provide temporary escalated prMleges, such as sudo for users who need to perform occasional prMleged tasks
The IAM is useful when users are required to work with AWS resources and actions, such as launching an instance. It is not useful to connect (RDP / SSH) with an instance.
Reference: http://aws.amazon.com/articles/1233/
Q14. Which header received at the EC2 instance identifies the port used by the client while requesting ELB?
A. X-Forvvarded-Proto
B. X-Requested-Proto
C. X-Forvvarded-Port
D. X-Requested-Port
Answer: C
Explanation:
The X-Forvvarded-Port request header helps the user identify the port used by the client while sending a request to ELB.
Reference: http://docs.aws.amazon.com/EIasticLoadBalancing/latest/DeveIoperGuide/TerminologyandKeyConcepts. html
Q15. How long are the messages kept on an SQS queue by default?
A. If a message is not read, it is never deleted
B. 2 weeks
C. 1 day
D. 4 days
Answer: D
Explanation:
The SQS message retention period is configurable and can be set anywhere from 1 minute to 2 weeks. The default is 4 days and once the message retention limit is reached your messages will be automatically deleted. The option for longer message retention provides greater filexibility to allow for longer intervals between message production and consumption.
Reference: https://aws.amazon.com/sqs/faqs/