NEW QUESTION 1
If an application is storing hourly log files from thousands of instances from a high traffic web site, which naming scheme would give optimal performance on S3?

• A. Sequential
• B. instancelD_Iog-HH-DD-NIM-YYYY
• C. instancelD_Iog-YYYY-NIM-DD-HH
• D. HH-DD-NINI-YYYY-Iog_instanceID
• E. YYYY-MM-DD-HH-|og_instance|D

Answer: E

NEW QUESTION 2
Which of the following items are required to allow an application deployed on an EC2 instance to write data to a DynamoDB table?
Assume that no security Keys are allowed to be stored on the EC2 instance. Choose 2 answers

• A. Create an IAM User that allows write access to the DynamoDB table.
• B. Add an IAM Role to a running EC2 instance.
• C. Add an IAM User to a running EC2 Instance.
• D. Launch an EC2 Instance with the IAM Role included in the launch configuration.
• E. Create an IAM Role that allows write access to the DynamoDB table.
• F. Launch an EC2 Instance with the IAM User included in the launch configuration.

Answer: DE

NEW QUESTION 3
Which of the following is an example of a good DynamoDB hash key schema for provisioned throughput efficiency?

• A. User ID, where the application has many different users.
• B. Status Code where most status codes are the same
• C. Device ID, where one is by far more popular than all the others.
• D. Game Type, where there are three possible game types

Answer: A

NEW QUESTION 4
What type of block cipher does Amazon S3 offer for server side encryption?

• A. Triple DES
• B. Advanced Encryption Standard
• C. Blowfish
• D. RC5

Answer: B

NEW QUESTION 5
An ELB is diverting traffic across 5 instances. One of the instances was unhealthy only for 20 minutes. What will happen after 20 minutes when the instance becomes healthy?

• A. ELB will never divert traffic back to the same instance
• B. ELB will not automatically send traffic to the same instanc
• C. However, the user can configure to start sending traffic to the same instance
• D. ELB starts sending traffic to the instance once it is healthy
• E. ELB terminates the instance once it is unhealth
• F. Thus, the instance cannot be healthy after 10 minutes

Answer: C

Explanation: AWS Elastic Load Balancing continuously checks the health of an instance. If one of the instances is unhealthy it stops sending traffic to it and automatically reroutes the traffic to the remaining running EC2 instances. If the failed EC2 instance is restored, Elastic Load Balancing will again start sending traffic to that instance.
Reference: http://docs.aws.amazon.com/E|asticLoadBaIancing/latest/DeveIoperGuide/Svclntro.htm|

NEW QUESTION 6
A root AWS account owner has created three IAM users: Bob, John and Michael. Michael is the IAM administrator. Bob and John are not the superpower users, but users with some pre-defined policies. John does not have access to modify his password. Thus, he asks Bob to change his password. How can Bob change John’s password?

• A. This statement is fals
• B. It should be Michael who changes the password for John
• C. It is not possible that John cannot modify his password
• D. Provided Bob is the manager of John
• E. Provided Michael has added Bob to a group, which has permissions to modify the IAM passwords

Answer: D

Explanation: Generally with IAM users, the password can be modified in two ways. The first option is to define the IAM level policy which allows each user to modify their own passwords. The other option is to create a group and create a policy for the group which can change the passwords of various IAM users.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/HowToPwdIAMUser.htmI

NEW QUESTION 7
A user is planning to make a mobile game which can be played online or offline and will be hosted on EC2.
The user wants to ensure that if someone breaks the highest score or they achieve some milestone they can inform all their colleagues through email. Which of the below mentioned AWS services helps achieve this goal?

• A. AWS Simple Workflow Service.
• B. AWS Simple Queue Service.
• C. Amazon Cognito
• D. AWS Simple Email Servic

Answer: D

Explanation: Amazon Simple Email Service (Amazon SES) is a highly scalable and cost-effective email-sending service for businesses and developers. It integrates with other AWS services, making it easy to send emails from applications that are hosted on AWS.
Reference: http://aws.amazon.com/ses/faqs/

NEW QUESTION 8
In DynamoDB, to get a detailed listing of secondary indexes on a table, you can use the action.

• A. DescribeTabIe
• B. BatchGetItem
• C. Getltem
• D. TabIeName

Answer: A

Explanation: In DynamoDB, DescribeTab|e returns information about the table, including the current status ofthe table, when it was created, the primary key schema, and any indexes on the table.
Reference: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Secondarylndexes.htmI

NEW QUESTION 9
Which of the following statements about SWF are true? Choose 3 answers

• A. SWF tasks are assigned once and never duplicated
• B. SWF requires an S3 bucket for workflow storage
• C. SWF workflow executions can last up to a year
• D. SWF triggers SNS notifications on task assignment
• E. SWF uses deciders and workers to complete tasks
• F. SWF requires atleast 1 EC2 instance per domain

Answer: ACE

NEW QUESTION 10
In AWS Elastic Beanstalk, you can update your deployed application even while it is part of a running environment. For a Java application, you can also use to update your deployed application.

• A. the AWS Toolkit for Eclipse
• B. the AWS Toolkit for Visual Studio
• C. the AWS Toolkit for JVM
• D. the AWS Toolkit for Netbeans

Answer: A

Explanation: In AWS Elastic Beanstalk, you can update your deployed application, even while it is part of a running environment. For a Java application, you can also use the AWS Toolkit for Eclipse to update your deployed application.
Reference: http://docs.aws.amazon.com/elasticbeanstaIk/latest/dg/GettingStarted.WaIkthrough.htmI

NEW QUESTION 11
You need to develop and run some new applications on AWS and you know that Elastic Beanstalk and CIoudFormation can both help as a deployment mechAMsm for a broad range of AWS resources. Which of the following statements best describes the differences between Elastic Beanstalk and C|oudFormation?

• A. Elastic Beanstalk uses Elastic load balancing and CIoudFormation doesn't.
• B. CIoudFormation is faster in deploying applications than Elastic Beanstalk.
• C. CIoudFormation is much more powerful than Elastic Beanstalk, because you can actually design and script custom resources
• D. Elastic Beanstalk is faster in deploying applications than C|oudFormatio

Answer: C

Explanation: These services are designed to complement each other. AWS Elastic Beanstalk provides an environment to easily develop and run applications in the cloud. It is integrated with developer tools and provides a one-stop experience for you to manage the lifecycle of your applications. AWS CIoudFormation is a convenient deployment mechAMsm for a broad range of AWS resources. It supports the infrastructure needs of many different types of applications such as existing enterprise applications, legacy applications, applications built using a variety of AWS resources and container-based solutions (including those built using AWS Elastic Beanstalk).
AWS CIoudFormation introduces two new concepts: The template, a JSON-format, text-based file that describes all the AWS resources you need to deploy to run your application and the stack, the set of AWS resources that are created and managed as a single unit when AWS CIoudFormation instantiates a template.
Reference: http://aws.amazon.com/c|oudformation/faqs/

NEW QUESTION 12
A user is part of a group which has a policy allowing him just read only access to EC2. The user is part of another group which has full access to EC2. What happens when the user tries to launch an instance?

• A. It will allow the user to launch the instance
• B. It will fail since the user has just read only access
• C. It will allow or deny based on the group under which the user has logged into EC2
• D. It will not allow the user to add to the conflicting groups

Answer: A

Explanation: The IAM group policy is always aggregated. In this case, if the user does not have permission for one group, but has permission for another group, he will have full access to EC2. Unless there is specific deny policy, the user will be able to access EC2.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/PoIiciesOverview.htmI

NEW QUESTION 13
Can a user associate and use his own DNS with ELB instead ofthe DNS provided by AWS ELB?

• A. Yes, by creating a CNAME with the existing domain name provider
• B. Yes, by configuring DNS in the AWS Console
• C. No
• D. Yes, only through Route 53 by mapping ELB and DNS

Answer: A

Explanation: The AWS ELB allows mapping a custom domain name with ELB. The user can map ELB with DNS in two ways: 1) By creating CNAME with the existing domain name service provider or 2) By creating a record with Route 53.
Reference:
http://docs.aws.amazon.com/E|asticLoadBaIancing/latest/DeveIoperGuide/using-domain-names-with-elb. html

NEW QUESTION 14
AWS Elastic Load Balancer supports SSL termination.

• A. Tru
• B. For specific availability zones only.
• C. False
• D. Tru
• E. For specific regions only
• F. Tru
• G. For all regions

Answer: D

Explanation: You can configure your load balancer in ELB (Elastic Load Balancing) to use a SSL certificate in order to improve your system security.The load balancer uses the certificate to terminate and then decrypt requests before sending them to the back-end instances. Elastic Load Balancing uses AWS Identity and Access Management (IAM) to upload your certificate to your load balancer.
Reference: http://docs.aws.amazon.com/EIasticLoadBaIancing/latest/DeveIoperGuide/US_SettingUpLoadBaIancerH TTPS.htmI

NEW QUESTION 15
Regarding Amazon SNS, to begin using Amazon SNS mobile push notifications, you first need that uses one of the supported push notification services: APNS, GCM, or ADM.

• A. an access policy for the mobile endpoints
• B. to active push notification service of Amazon SNS
• C. to know the type of mobile device operating system
• D. an app for the mobile endpoints

Answer: D

Explanation: In Amazon SNS, to begin using Amazon SNS mobile push notifications, you first need an app for the mobile endpoints that uses one of the supported push notification services: APNS, GCM, or ADM. After you've registered and configured the app to use one of these services, you configure Amazon SNS to send push notifications to the mobile endpoints.
Reference: http://docs.aws.amazon.com/sns/latest/dg/SNSMobiIePush.htmI

NEW QUESTION 16
How can you secure data at rest on an EBS volume?

• A. Attach the volume to an instance using EC2's SSL interface.
• B. Write the data randomly instead of sequentially.
• C. Use an encrypted file system on top of the BBS volume.
• D. Encrypt the volume using the S3 server-side encryption service.
• E. Create an IAM policy that restricts read and write access to the volum

Answer: C

NEW QUESTION 17
A user is creating an EBS volume. He asks for your advice. Which advice mentioned below should you not give to the user for creating an EBS volume?

• A. Take the snapshot of the volume when the instance is stopped
• B. Stripe multiple volumes attached to the same instance
• C. Create an AMI from the attached volume
• D. Attach multiple volumes to the same instance

Answer: C

Explanation: When a user creates an EBS volume, the user can attach it to a running instance. The user can attach multiple volumes to the same instance and stripe them together to increase the I/O. The user can take a snapshot from the existing volume but cannot create an AMI from the volume. However, the user can create an AMI from a snapshot.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVoIumes.htmI

NEW QUESTION 18
Which of the below mentioned options is not a best practice to securely manage the AWS access credentials?

• A. Enable MFA for prMleged users
• B. Create indMdual IAM users
• C. Keep rotating your secure access credentials at regular intervals
• D. Create strong access key and secret access key and attach to the root account

Answer: D

Explanation: It is a recommended approach to avoid using the access and secret access keys of the root account.
Thus, do not download or delete it. Instead make the IAM user as powerful as the root account and use its credentials. The user cannot generate their own access and secret access keys as they are always generated by AWS.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/IAMBestPractices.html

NEW QUESTION 19
You are writing to a DynamoDB table and receive the following exception:" ProvisionedThroughputExceededException". though according to your Cloudwatch metrics for the table, you are not exceeding your provisioned throughput.
What could be an explanation for this?

• A. You haven't provisioned enough DynamoDB storage instances
• B. You're exceeding your capacity on a particular Range Key
• C. You're exceeding your capacity on a particular Hash Key
• D. You're exceeding your capacity on a particular Sort Key
• E. You haven't configured DynamoDB Auto Scaling triggers

Answer: C

NEW QUESTION 20
A user is launching an AWS RDS instance with MySQL. The user wants to enable the Nlulti AZ feature. Which of the below mentioned parameters will not be allowed to configure by RDS?

• A. Availability Zone
• B. Region
• C. DB subnet group
• D. Database port

Answer: A

Explanation: If the user is launching RDS with Multi AZ the user cannot provision the Availability Zone. RDS is launched automatically instead
Reference: https://console.aws.amazon.com/rds/