NEW QUESTION 1
A user is configuring MySQL RDS with PIOPS. What should be the minimum PIOPS that the user should provision?

• A. 1000
• B. 200
• C. 2000
• D. 500

Answer: A

Explanation: If a user is trying to enable PIOPS with MySQL RDS, the minimum size of storage should be 100 GB and the minimum PIOPS should be 1000.
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.html

NEW QUESTION 2
You deployed your company website using Elastic Beanstalk and you enabled log file rotation to S3. An Elastic Map Reduce job is periodically analyzing the logs on S3 to build a usage dashboard that you share with your CIO.
You recently improved overall performance of the website using Cloud Front for dynamic content delivery and your website as the origin.
After this architectural change, the usage dashboard shows that the traffic on your website dropped by an order of magnitude. How do you fix your usage dashboard'?

• A. Enable Cloud Front to deliver access logs to S3 and use them as input of the Elastic Map Reduce job.
• B. Turn on Cloud Trail and use trail log tiles on S3 as input of the Elastic Map Reduce job
• C. Change your log collection process to use Cloud Watch ELB metrics as input of the Elastic MapReduce job
• D. Use Elastic Beanstalk "Rebuild Environment" option to update log delivery to the Elastic lV|ap Reduce job.
• E. Use Elastic Beanstalk 'Restart App server(s)" option to update log delivery to the Elastic Map Reduce job.

Answer: D

NEW QUESTION 3
An ERP application is deployed across multiple AZs in a single region. In the event of failure, the Recovery Time Objective (RTO) must be less than 3 hours, and the Recovery Point Objective (RPO) must be 15 minutes the customer realizes that data corruption occurred roughly 1.5 hours ago.
What DR strategy could be used to achieve this RTO and RPO in the event of this kind of failure?

• A. Take hourly DB backups to S3, with transaction logs stored in S3 every 5 minutes.
• B. Use synchronous database master-slave replication between two availability zones.
• C. Take hourly DB backups to EC2 Instance store volumes with transaction logs stored In S3 every 5 minutes.
• D. Take 15 minute DB backups stored In Glacier with transaction logs stored in S3 every 5 minute

Answer: A

NEW QUESTION 4
Which of the following cannot be done using AWS Data Pipeline?

• A. Create complex data processing workloads that are fault tolerant, repeatable, and highly available.
• B. Regularly access your data where it's stored, transform and process it at scale, and efficiently transfer the results to another AWS service.
• C. Generate reports over data that has been stored.
• D. Move data between different AWS compute and storage services as well as on-premise data sources at specified intervals.

Answer: C

Explanation: AWS Data Pipeline is a web service that helps you reliably process and move data between different AWS compute and storage services as well as on-premise data sources at specified intervals. With AWS Data Pipeline, you can regularly access your data where it’s stored, transform and process it at scale, and efficiently transfer the results to another AWS.
AWS Data Pipeline helps you easily create complex data processing workloads that are fault tolerant, repeatable, and highly available. AWS Data Pipeline also allows you to move and process data that was
previously locked up in on-premise data silos. Reference: http://aws.amazon.com/datapipe|ine/

NEW QUESTION 5
Doug has created a VPC with CIDR 10.201.0.0/16 in his AWS account. In this VPC he has created a public subnet with CIDR block 10.201.31.0/24. While launching a new EC2 from the console, he is not able to assign the private IP address 10.201.31.6 to this instance. Which is the most likely reason for this issue?

• A. Private address IP 10.201.31.6 is currently assigned to another interface.
• B. Private IP address 10.201.31.6 is reserved by Amazon for IP networking purposes.
• C. Private IP address 10.201.31.6 is blocked via ACLs in Amazon infrastructure as a part of platform security.
• D. Private IP address 10.201.31.6 is not part of the associated subnet's IP address rang

Answer: A

Explanation: In Amazon VPC, you can assign any Private IP address to your instance as long as it is: Part of the associated subnet's IP address range
Not reserved by Amazon for IP networking purposes Not currently assigned to another interface Reference: http://aws.amazon.com/vpc/faqs/

NEW QUESTION 6
If a single condition within an IAM policy includes multiple values for one key, it will be evaluated using a logical .

• A. OR
• B. NAND
• C. NOR
• D. AND

Answer: A

Explanation: If a single condition within an IAM policy includes multiple values for one key, it will be evaluated using a logical OR.
Reference: http://docs.aws.amazon.com/IAM/Iatest/UserGuide/reference_poIicies_eIements.html

NEW QUESTION 7
You are designing an SSUTLS solution that requires HTTPS clients to be authenticated by the Webserver using client certificate authentication. The solution must be resilient.
Which of the following options would you consider for configuring the web server infrastructure? (Choose 2 answers)

• A. Configure ELB with TCP listeners on TCP/443. And place the Web servers behind it.
• B. Configure your Web servers with EIP
• C. Place the Web servers in a Route53 Record Set and configure health checks against all Web servers.
• D. Configure ELB with HTTPS listeners, and place the Web sewers behind it.
• E. Configure your web sewers as the origins for a CIoudFront distributio
• F. Use custom SSL certificates on your C|oudFront distribution.

Answer: AB

NEW QUESTION 8
In Amazon EIastiCache, the default cache port is:

• A. for Memcached 11210 and for Redis 6380.
• B. for Memcached 11211 and for Redis 6380.
• C. for Memcached 11210 and for Redis 6379.
• D. for Memcached 11211 and for Redis 6379.

Answer: D

Explanation: In Amazon EIastiCache, you can specify a new port number for your cache cluster, which by default is 11211 for Memcached and 6379 for Redis.
Reference: http://docs.aws.amazon.com/AmazonEIastiCache/Iatest/UserGuide/GettingStarted.AuthorizeAccess.htm|

NEW QUESTION 9
You have an application running on an EC2 Instance which will allow users to download flies from a private S3 bucket using a pre-signed URL. Before generating the URL the application should verify the existence of the file in S3.
How should the application use AWS credentials to access the S3 bucket securely?

• A. Use the AWS account access Keys the application retrieves the credentials from the source code of the application.
• B. Create an IAM user for the application with permissions that allow list access to the S3 bucket launch the instance as the IANI user and retrieve the IAM user's credentials from the EC2 instance user data.
• C. Create an IAM role for EC2 that allows list access to objects in the S3 bucke
• D. Launch the instance with the role, and retrieve the roIe's credentials from the EC2 Instance metadata
• E. Create an IAM user for the application with permissions that allow list access to the S3 bucke
• F. The application retrieves the IAM user credentials from a temporary directory with permissions that allow read access only to the application user.

Answer: C

NEW QUESTION 10
In the context of IAM roles for Amazon EC2, which of the following NOT true about delegating permission to make API requests?

• A. You cannot create an IAM role.
• B. You can have the application retrieve a set of temporary credentials and use them.
• C. You can specify the role when you launch your instances.
• D. You can define which accounts or AWS services can assume the rol

Answer: A

Explanation: Amazon designed IANI roles so that your applications can securely make API requests from your instances, without requiring you to manage the security credentials that the applications use. Instead of creating and distributing your AWS credentials, you can delegate permission to make API requests using IAM roles as follows: Create an IAM role. Define which accounts or AWS services can assume the role. Define which API actions and resources the application can use after assuming the role. Specify the role when you launch your instances. Have the application retrieve a set of temporary credentials and use them.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

NEW QUESTION 11
You are designing Internet connectMty for your VPC. The Web sewers must be available on the Internet. The application must have a highly available architecture.
Which alternatives should you consider? (Choose 2 answers)

• A. Configure a NAT instance in your VPC Create a default route via the NAT instance and associate itwith all subnets Configure a DNS A record that points to the NAT instance public IP address.
• B. Configure a C|oudFront distribution and configure the origin to point to the private IP addresses of your Web sewers Configure a Route53 CNAME record to your CIoudFront distribution.
• C. Place all your web servers behind ELB Configure a Route53 CNMIE to point to the ELB DNS name.
• D. Assign EIPs to all web sewer
• E. Configure a Route53 record set with all E|Ps, with health checks and DNS failover.
• F. Configure ELB with an EIP Place all your Web servers behind ELB Configure a Route53 A record that points to the EIP.

Answer: CD

NEW QUESTION 12
Your company is getting ready to do a major public announcement of a social media site on AWS. The website is running on EC2 instances deployed across multiple Availability Zones with a MuIti-AZ RDS MySQL Extra Large DB Instance. The site performs a high number of small reads and writes per second and relies on an eventual consistency model. After comprehensive tests you discover that there is read contention on RDS MySQL. Which are the best approaches to meet these requirements? (Choose 2 answers)

• A. Deploy E|astiCache in-memory cache running in each availability zone
• B. Implement sharding to distribute load to multiple RDS lV|ySQL instances
• C. Increase the RDS MySQL Instance size and Implement provisioned IOPS
• D. Add an RDS MySQL read replica in each availability zone

Answer: AC

NEW QUESTION 13
What bandwidths do AWS Direct Connect currently support?

• A. 10Mbps and 100Mbps
• B. 10Gbps and 100Gbps
• C. 100Mbps and 1Gbps
• D. 1Gbps and 10 Gbps

Answer: D

Explanation: AWS Direct Connection currently supports 1Gbps and 10 Gbps.
Reference: http://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html

NEW QUESTION 14
After launching an instance that you intend to serve as a NAT (Network Address Translation) device in a public subnet you modify your route tables to have the NAT device be the target of internet bound traffic of your private subnet. When you try and make an outbound connection to the internet from an instance in the private subnet, you are not successful. Which of the following steps could resolve the issue?

• A. Disabling the Source/Destination Check attribute on the NAT instance
• B. Attaching an Elastic IP address to the instance in the private subnet
• C. Attaching a second Elastic Network Interface (ENI) to the NAT instance, and placing it in the private subnet
• D. Attaching a second Elastic Network Interface (ENI) to the instance in the private subnet, and placing it in the public subnet

Answer: A

NEW QUESTION 15
In Amazon Cognito, your mobile app authenticates with the Identity Provider (|dP) using the provider’s SDK. Once the end user is authenticated with the IdP, the OAuth or OpenID Connect token returned from the IdP is passed by your app to Amazon Cognito, which returns a new for the user and a set
of temporary, limited-prMlege AWS credentials.

• A. Cognito Key Pair
• B. Cognito API
• C. Cognito ID
• D. Cognito SDK

Answer: C

Explanation: Your mobile app authenticates with the identity provider (IdP) using the provider’s SDK. Once the end user is authenticated with the IdP, the OAuth or OpenID Connect token returned from the IdP is passed by your app to Amazon Cognito, which returns a new Cognito ID for the user and a set of temporary,
limited-prMlege AWS credentials.
Reference: http://aws.amazon.com/cognito/faqs/

NEW QUESTION 16
When using Numeric Conditions within IAM, short versions of the available comparators can be used instead of the more verbose versions. Which of the following is the short version of the Numeric Condition "NumericLessThanEquaIs"?

• A. numlteq
• B. numlteql
• C. numltequals
• D. numeql

Answer: A

Explanation: When using Numeric Conditions within IAM, short versions of the available comparators can be used instead of the more verbose versions. For instance, numlteq is the short version of NumericLessThanEquaIs.
Reference: http://awsdocs.s3.amazonaws.com/SQS/2011-10-01/sqs-dg-2011-10-01.pdf

NEW QUESTION 17
How can an EBS volume that is currently attached to an EC2 instance be migrated from one Availability Zone to another?

• A. Detach the volume and attach it to another EC2 instance in the other AZ.
• B. Simply create a new volume in the other AZ and specify the original volume as the source.
• C. Create a snapshot of the volume, and create a new volume from the snapshot in the other AZ.
• D. Detach the volume, then use the ec2-migrate-voiume command to move it to another AZ.

Answer: C

NEW QUESTION 18
Your company hosts a social media site supporting users in multiple countries. You have been asked to provide a highly available design tor the application that leverages multiple regions tor the most recently accessed content and latency sensitive portions of the wet) site The most latency sensitive component of the application involves reading user preferences to support web site personalization and ad selection. In addition to running your application in multiple regions, which option will support this appIication’s requirements?

• A. Serve user content from S3. CIoudFront and use Route53 latency-based routing between ELBs in each region Retrieve user preferences from a local DynamoDB table in each region and leverage SQS to capture changes to user preferences with SOS workers for propagating updates to each table.
• B. Use the S3 Copy API to copy recently accessed content to multiple regions and serve user content from S3. C|oudFront with dynamic content and an ELB in each region Retrieve user preferences from an EIasticCache cluster in each region and leverage SNS notifications to propagate user preference changes to a worker node in each region.
• C. Use the S3 Copy API to copy recently accessed content to multiple regions and serve user content from S3 CIoudFront and Route53 latency-based routing Between ELBs In each region Retrieve user preferences from a DynamoDB table and leverage SQS to capture changes to user preferences with SOS workers for propagating DynamoDB updates.
• D. Serve user content from S3. C|oudFront with dynamic content, and an ELB in each region Retrieve user preferences from an EIastiCache cluster in each region and leverage Simple Workflow (SWF) to manage the propagation of user preferences from a centralized OB to each EIastiCache cluster.

Answer: A