NEW QUESTION 1
Your fortune 500 company has under taken a TCO analysis evaluating the use of Amazon S3 versus acquiring more hardware The outcome was that ail employees would be granted access to use Amazon S3 for storage of their personal documents.
Which of the following will you need to consider so you can set up a solution that incorporates single sign-on from your corporate AD or LDAP directory and restricts access for each user to a designated user folder in a bucket? (Choose 3 Answers)

• A. Setting up a federation proxy or identity provider
• B. Using AWS Security Token Service to generate temporary tokens
• C. Tagging each folder in the bucket
• D. Configuring IAM role
• E. Setting up a matching IAM user for every user in your corporate directory that needs access to a folder in the bucket

Answer: ABD

NEW QUESTION 2
What does elasticity mean to AWS?

• A. The ability to scale computing resources up easily, with minimal friction and down with latency.
• B. The ability to scale computing resources up and down easily, with minimal friction.
• C. The ability to provision cloud computing resources in expectation of future demand.
• D. The ability to recover from business continuity events with minimal frictio

Answer: B

NEW QUESTION 3
The AWS IT infrastructure that AWS provides, complies with the following IT security standards, including:

• A. SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70 Type II), SOC 2 and SOC 3
• B. FISMA, DIACAP, and FedRA|V|P
• C. PCI DSS Level 1, ISO 27001, ITAR and FIPS 140-2
• D. HIPAA, Cloud Security Alliance (CSA) and Motion Picture Association of America (NIPAA)
• E. All of the above

Answer: ABC

NEW QUESTION 4
How can multiple compute resources be used on the same pipeline in AWS Data Pipeline?

• A. You can use multiple compute resources on the same pipeline by defining multiple cluster objects in your definition file and associating the cluster to use for each actMty via its runsOn field.
• B. You can use multiple compute resources on the same pipeline by defining multiple cluster definition files.
• C. You can use multiple compute resources on the same pipeline by defining multiple clusters for your actMty.
• D. You cannot use multiple compute resources on the same pipelin

Answer: A

Explanation: MuItipIe compute resources can be used on the same pipeline in AWS Data Pipeline by defining multiple cluster objects in your definition file and associating the cluster to use for each actMty via its runsOn field, which allows pipelines to combine AWS and on-premise resources, or to use a mix of instance types for their actMties.
Reference: https://aws.amazon.com/datapipe|ine/faqs/

NEW QUESTION 5
Your application provides data transformation services. Files containing data to be transformed are first uploaded to Amazon S3 and then transformed by a fileet of spot EC2 instances. Files submitted by your premium customers must be transformed with the highest priority. How should you implement such a system?

• A. Use a DynamoDB table with an attribute defining the priority leve
• B. Transformation instances will scan the table for tasks, sorting the results by priority level.
• C. Use Route 53 latency based-routing to send high priority tasks to the closest transformation instances.
• D. Use two SQS queues, one for high priority messages, the other for default priorit
• E. Transformation instances first poll the high priority queue; if there is no message, they poll the default priority queue.
• F. Use a single SQS queu
• G. Each message contains the priority leve
• H. Transformation instances poll high-priority messages first.

Answer: C

NEW QUESTION 6
An EC2 instance that performs source/destination checks by default is launched in a private VPC subnet. All security, NACL, and routing definitions are configured as expected. A custom NAT instance is launched.
Which of the following must be done for the custom NAT instance to work?

• A. The source/destination checks should be disabled on the NAT instance.
• B. The NAT instance should be launched in public subnet.
• C. The NAT instance should be configured with a public IP address.
• D. The NAT instance should be configured with an elastic IP addres

Answer: A

Explanation: Each EC2 instance performs source/destination checks by default. This means that the instance must be the source or destination of any traffic it sends or receives. However, a NAT instance must be able to send and receive traffic when the source or destination is not itself. Therefore, you must disable source/destination checks on the NAT instance.
Reference:
http://docs.aws.amazon.com/AmazonVPC/Iatest/UserGuide/VPC_NAT_|nstance.htm|#EIP_Disab|e_Src DestCheck

NEW QUESTION 7
An organization is hosting a scalable web application using AWS. The organization has configured internet facing ELB and Auto Scaling to make the application scalable. Which of the below mentioned
statements is required to be followed when the application is planning to host a web application on VPC?

• A. The ELB can be in a public or a private subnet but should have the ENI which is attached to an elastic IP.
• B. The ELB must not be in any subnet; instead it should face the internet directly.
• C. The ELB must be in a public subnet of the VPC to face the internet traffic.
• D. The ELB can be in a public or a private subnet but must have routing tables attached to divert the internet traffic to it.

Answer: C

Explanation: The Amazon Virtual Private Cloud (Amazon VPC) allows the user to define a virtual networking environment in a private, isolated section of the Amazon Web Services (AWS) cloud. The user has complete control over the virtual networking environment. Within this virtual private cloud, the user can launch AWS resources, such as an ELB, and EC2 instances. There are two ELBs available with VPC: internet facing and internal (private) ELB. For internet facing ELB it is required that ELB should be in a public subnet.
After the user creates the public subnet, he should ensure to associate the route table of the public subnet with the internet gateway to enable the load balancer in the subnet to connect with the internet. Reference: http://docs.aws.amazon.com/EIasticLoadBalancing/latest/DeveIoperGuide/CreateVPCForELB.htmI

NEW QUESTION 8
Can a Direct Connect link be connected directly to the Internet?

• A. Yes, this can be done if you pay for it.
• B. Yes, this can be done only for certain regions.
• C. Yes
• D. No

Answer: D

Explanation: AWS Direct Connect is a network service that provides an alternative to using the Internet to utilize AWS cloud service. Hence, a Direct Connect link cannot be connected to the Internet directly.
Reference: http://aws.amazon.com/directconnect/faqs/

NEW QUESTION 9
In the context of AWS Cloud Hardware Security ModuIe(HSM), does your application need to reside in the same VPC as the CIoudHSM instance?

• A. No, but the sewer or instance on which your application and the HSNI client is running must have network (IP) reachability to the HSNI.
• B. Yes, always
• C. No, but they must reside in the same Availability Zone.
• D. No, but it should reside in same Availability Zone as the DB instanc

Answer: A

Explanation: Your application does not need to reside in the same VPC as the CIoudHSM instance.
However, the server or instance on which your application and the HSM client is running must have network (IP) reachability to the HSM. You can establish network connectMty in a variety of ways, including operating your application in the same VPC, with VPC peering, with a VPN connection, or with Direct Connect.
Reference: https://aws.amazon.com/cIoudhsm/faqs/

NEW QUESTION 10
Your company runs a customer facing event registration site This site is built with a 3-tier architecture with web and application tier servers and a MySQL database The application requires 6 web tier sewers and 6 application tier servers for normal operation, but can run on a minimum of 65% server capacity and a single NIySQL database. When deploying this application in a region with three availability zones (AZs) which architecture provides high availability?

• A. A web tier deployed across 2 AZs with 3 EC2 (Elastic Compute Cloud) instances in each AZ inside an Auto Scaling Group behind an ELB (elastic load balancer), and an application tier deployed across 2 AZs with 3 EC2 instances in each AZ inside an Auto Scaling Group behind an ELB and one RDS (RelationalDatabase Service) instance deployed with read replicas in the other AZ.
• B. A web tier deployed across 3 AZs with 2 EC2 (Elastic Compute Cloud) instances in each AZ inside an Auto Scaling Group behind an ELB (elastic load balancer) and an application tier deployed across 3 AZs with 2 EC2 instances in each AZ inside an Auto Scaling Group behind an ELB and one RDS (Relational Database Service) Instance deployed with read replicas in the two other AZs.
• C. A web tier deployed across 2 AZs with 3 EC2 (Elastic Compute Cloud) instances in each AZ inside an Auto Scaling Group behind an ELB (elastic load balancer) and an application tier deployed across 2 AZs with 3 EC2 instances m each AZ inside an Auto Scaling Group behind an ELS and a Multi-AZ RDS (Relational Database Service) deployment.
• D. A web tier deployed across 3 AZs with 2 EC2 (Elastic Compute Cloud) instances in each AZ Inside an Auto Scaling Group behind an ELB (elastic load balancer). And an application tier deployed across 3 AZs with 2 EC2 instances in each AZ inside an Auto Scaling Group behind an ELB and a MuIti-AZ RDS (Relational Database services) deployment.

Answer: D

NEW QUESTION 11
A customer has a 10 GB AWS Direct Connect connection to an AWS region where they have a web application hosted on Amazon Elastic Computer Cloud (EC2). The application has dependencies on an on-premises mainframe database that uses a BASE (Basic Available. Sort stale Eventual consistency) rather than an ACID (Atomicity. Consistency isolation. Durability) consistency model. The application is exhibiting undesirable behavior because the database is not able to handle the volume of writes. How can you reduce the load on your on-premises database resources in the most cost-effective way?

• A. Use an Amazon Elastic Map Reduce (EMR) S3DistCp as a synchronization mechanism between the on-premises database and a Hadoop cluster on AWS.
• B. Modify the application to write to an Amazon SQS queue and develop a worker process to flush the queue to the on-premises database.
• C. Modify the application to use DynamoDB to feed an EMR cluster which uses a map function to write to the on-premises database.
• D. Provision an RDS read-replica database on AWS to handle the writes and synchronize the two databases using Data Pipeline.

Answer: A

NEW QUESTION 12
While implementing the policy keys in AWS Direct Connect, if you use and the request comes from
an Amazon EC2 instance, the instance's public IP address is evaluated to determine if access is allowed.

• A. aws:SecureTransport
• B. aws:EpochIP
• C. aws:SourceIp
• D. aws:CurrentTime

Answer: C

Explanation: While implementing the policy keys in Amazon RDS, if you use aws:SourceIp and the request comes from an Amazon EC2 instance, the instance's public IP address is evaluated to determine if access is allowed. Reference: http://docs.aws.amazon.com/directconnect/latest/UserGuide/using_iam.htmI

NEW QUESTION 13
You are migrating a legacy client-server application to AWS. The application responds to a specific DNS domain (e.g. www.examp|e.com) and has a 2-tier architecture, with multiple application sewers and a database sewer. Remote clients use TCP to connect to the application servers. The application servers need to know the IP address of the clients in order to function properly and are currently taking that information from the TCP socket. A MuIti-AZ RDS MySQL instance will be used for the database. During the migration you can change the application code, but you have to file a change request.
How would you implement the architecture on AWS in order to maximize scalability and high availability?

• A. File a change request to implement Alias Resource support in the applicatio
• B. Use Route 53 Alias Resource Record to distribute load on two application servers in different Azs.
• C. File a change request to implement Latency Based Routing support in the applicatio
• D. Use Route 53 with Latency Based Routing enabled to distribute load on two application servers in different Azs.
• E. File a change request to implement Cross-Zone support in the applicatio
• F. Use an ELB with a TCP Listener and Cross-Zone Load Balancing enabled, two application servers in different AZs.
• G. File a change request to implement Proxy Protocol support in the applicatio
• H. Use an ELB with a TCP Listener and Proxy Protocol enabled to distribute load on two application servers in different Azs.

Answer: D

NEW QUESTION 14
In Amazon EIastiCache, which of the following statements is correct?

• A. When you launch an EIastiCache cluster into an Amazon VPC private subnet, every cache node is assigned a public IP address within that subnet.
• B. You cannot use EIastiCache in a VPC that is configured for dedicated instance tenancy.
• C. If your AWS account supports only the EC2-VPC platform, E|astiCache will never launch your cluster in a VPC.
• D. EIastiCache is not fully integrated with Amazon Virtual Private Cloud (VPC).

Answer: B

Explanation: The VPC must allow non-dedicated EC2 instances. You cannot use EIastiCache in a VPC that is configured for dedicated instance tenancy.
Reference: http://docs.aws.amazon.com/AmazonE|astiCache/latest/UserGuide/AmazonVPC.EC.htmI

NEW QUESTION 15
Cognito Sync is an AWS service that you can use to synchronize user profile data across mobile devices without requiring your own backend. When the device is online, you can synchronize data. If you also set up push sync, what does it allow you to do?

• A. Notify other devices that a user profile is available across multiple devices
• B. Synchronize user profile data with less latency
• C. Notify other devices immediately that an update is available
• D. Synchronize online data faster

Answer: C

Explanation: Cognito Sync is an AWS service that you can use to synchronize user profile data across mobile devices without requiring your own backend. When the device is online, you can synchronize data, and if you have
also set up push sync, notify other devices immediately that an update is available. Reference: http://docs.aws.amazon.com/cognito/devguide/sync/

NEW QUESTION 16
Select the correct set of options. These are the initial settings for the default security group:

• A. Allow no inbound traffic, Allow all outbound traffic and Allow instances associated with this security group to talk to each other
• B. Allow all inbound traffic, Allow no outbound traffic and Allow instances associated with this security group to talk to each other
• C. Allow no inbound traffic, Allow all outbound traffic and Does NOT allow instances associated with this security group to talk to each other
• D. Allow all inbound traffic, Allow all outbound traffic and Does NOT allow instances associated with this security group to talk to each other

Answer: A

NEW QUESTION 17
A read only news reporting site with a combined web and application tier and a database tier that receives large and unpredictable traffic demands must be able to respond to these traffic fluctuations automatically. What AWS services should be used meet these requirements?

• A. Stateless instances for the web and application tier synchronized using EIastiCache Memcached in an autoscaimg group monitored with CIoudWatch and RDS with read replicas.
• B. Stateful instances for the web and application tier in an autoscaling group monitored with CIoudWatch and RDS with read replicas.
• C. Stateful instances for the web and application tier in an autoscaling group monitored with CIoudWatc
• D. And multi-AZ RDS.
• E. Stateless instances for the web and application tier synchronized using EIastiCache Memcached in an autoscaling group monitored with CIoudWatch and multi-AZ RDS.

Answer: A

NEW QUESTION 18
A user is trying to create a PIOPS EBS volume with 4000 IOPS and 100 GB size. AWS does not allow the user to create this volume. What is the possible root cause for this?

• A. PIOPS is supported for EBS higher than 500 GB size
• B. The maximum IOPS supported by EBS is 3000
• C. The ratio between IOPS and the EBS volume is higher than 30
• D. The ratio between IOPS and the EBS volume is lower than 50

Answer: C

Explanation: A Provisioned IOPS (SSD) volume can range in size from 4 GiB to 16 TiB and you can provision up to 20,000 IOPS per volume. The ratio of IOPS provisioned to the volume size requested should be a maximum of 30; for example, a volume with 3000 IOPS must be atleast 100 GB.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVo|umeTypes.htmI#EBSVoIumeTypes_pio ps