Das ist ein zeitlich begrenztes Quiz.
Du hast 1 Stunde 20 Minuten um die 60 Fragen in diesem Quiz zu beantworten.
A customer is using AWS for Dev and Test. The customer wants to setup the Dev environment with Cloudformation. Which of the below mentioned steps are not required while using Cloudformation?
Create a stack
Configure a service
Create and upload the template
Provide the parameters configured as part of the template
A user has created an S3 bucket which is not publicly accessible. The bucket is having thirty objects which are also private. If the user wants to make the objects public, how can he configure this with minimal efforts?
The user should select all objects from the console and apply a single policy to mark them public
The user can write a program which programmatically makes all objects public using S3 SDK
Set the AWS bucket policy which marks all objects as public
Make the bucket ACL as public so it will also mark all objects as public
A user has launched two EBS backed EC2 instances in the US-East-1a region. The user wants to change the zone of one of the instances. How can the user change it?
Stop one of the instances and change the availability zone
The zone can only be modified using the AWS CLI
From the AWS EC2 console, select the Actions – > Change zones and specify new zone
Create an AMI of the running instance and launch the instance in a separate AZ
A user has configured an Auto Scaling group with ELB. The user has enabled detailed CloudWatch monitoring on Elastic Load balancing. Which of the below mentioned statements will help the user understand this functionality better?
ELB sends data to CloudWatch every minute only and does not charge the user
ELB will send data every minute and will charge the user extra
ELB is not supported by CloudWatch
It is not possible to setup detailed monitoring for ELB
A user has configured the Auto Scaling group with the minimum capacity as 3 and the maximum capacity as 5. When the user configures the AS group, how many instances will Auto Scaling launch?
3
0
5
2
A user is running one instance for only 3 hours every day. The user wants to save some cost with the instance. Which of the below mentioned Reserved Instance categories is advised in this case?
The user should not use RI; instead only go with the on-demand pricing
The user should use the AWS high utilized RI
The user should use the AWS medium utilized RI
The user should use the AWS low utilized RI
A root account owner has created an S3 bucket testmycloud. The account owner wants to allow everyone to upload the objects as well as enforce that the person who uploaded the object should manage the permission of those objects. Which is the easiest way to achieve this?
The root account owner should create a bucket policy which allows the IAM users to upload the object
The root account owner should create the bucket policy which allows the other account owners to set the object policy of that bucket
The root account should use ACL with the bucket to allow everyone to upload the object
The root account should create the IAM users and provide them the permission to upload content to the bucket
A user has configured ELB with three instances. The user wants to achieve High Availability as well as redundancy with ELB. Which of the below mentioned AWS services helps the user achieve this for ELB?
Route 53
AWS Mechanical Turk
Auto Scaling
AWS EMR
A user has setup a CloudWatch alarm on an EC2 action when the CPU utilization is above 75%. The alarm sends a notification to SNS on the alarm state. If the user wants to simulate the alarm action how can he achieve this?
The user can set the alarm state to `Alarm’ using CLI
Run the SNS action manually
From the AWS console change the state to `Alarm’
Run activities on the CPU such that its utilization reaches above 75%
A user is planning to evaluate AWS for their internal use. The user does not want to incur any charge on his account during the evaluation. Which of the below mentioned AWS services would incur a charge if used?
AWS S3 with 1 GB of storage
AWS micro instance running 24 hours daily
AWS ELB running 24 hours a day
AWS PIOPS volume of 10 GB size
A user is trying to save some cost on the AWS services. Which of the below mentioned options will not help him save cost?
Delete the unutilized EBS volumes once the instance is terminated
Delete the AutoScaling launch configuration after the instances are terminated
Release the elastic IP if not required once the instance is terminated
Delete the AWS ELB after the instances are terminated
A user has created a VPC with CIDR 20.0.0.0/16 with only a private subnet and VPN connection using the VPC wizard. The user wants to connect to the instance in a private subnet over SSH. How should the user define the security rule for SSH?
Allow Inbound traffic on port 22 from the user’s network
The user has to create an instance in EC2 Classic with an elastic IP and configure the security group of a private subnet to allow SSH from that elastic IP
The user can connect to a instance in a private subnet using the NAT instance
Allow Inbound traffic on port 80 and 22 to allow the user to connect to a private subnet over the Internet
You are using ElastiCache Memcached to store session state and cache database queries in your infrastructure. You notice in Cloud Watch that Evictions and GetMisses are Doth very high. What two actions could you take to rectify this? (Choose two.)
Increase the number of nodes in your cluster
Tweak the max-item-size parameter
Shrink the number of nodes in your cluster
Increase the size of the nodes in the duster
Which statement best describes ElastiCache?
Reduces the latency by splitting the workload across multiple AZs
A simple web services interface to create and store multiple data sets, query your data easily, and return the results
Offload the read traffic from your database in order to reduce latency caused by read-heavy workload
Managed service that makes it easy to set up, operate and scale a relational database in the cloud
A user has received a message from the support team that an issue occurred 1 week back between 3 AM to 4 AM and the EC2 server was not reachable. The user is checking the CloudWatch metrics of that instance. How can the user find the data easily using the CloudWatch console?
The user can find the data by giving the exact values in the time Tab under CloudWatch metrics.
The user can find the data by filtering values of the last 1 week for a 1 hour period in the Relative tab under CloudWatch metrics.
It is not possible to find the exact time from the console. The user has to use CLI to provide the specific time.
The user can find the data by giving the exact values in the Absolute tab under CloudWatch metrics.
George has shared an EC2 AMI created in the US East region from his AWS account with Stefano. George copies the same AMI to the US West region. Can Stefano access the copied AMI of George’s account from the US West region?
No, copy AMI does not copy the permission
It is not possible to share the AMI with a specific account
Yes, since copy AMI copies all private account sharing permissions
Yes, since copy AMI copies all the permissions attached with the AMI
A user has launched a large EBS backed EC2 instance in the US-East-1a region. The user wants to achieve Disaster Recovery (DR) for that instance by creating another small instance in Europe. How can the user achieve DR?
Copy the running instance using the “Instance Copy” command to the EU region
Create an AMI of the instance and copy the AMI to the EU region. Then launch the instance from the EU AMI
Copy the instance from the US East region to the EU region
Use the “Launch more like this” option to copy the instance from one region to another
A user has configured an Auto Scaling group with ELB. The user has enabled detailed CloudWatch monitoring on Auto Scaling. Which of the below mentioned statements will help the user understand the functionality better?
It is not possible to setup detailed monitoring for Auto Scaling
In this case, Auto Scaling will send data every minute and will charge the user extra
Detailed monitoring will send data every minute without additional charges
Auto Scaling sends data every minute only and does not charge the user
A user is trying to setup a recurring Auto Scaling process. The user has setup one process to scale up every day at 8 am and scale down at 7 PM. The user is trying to setup another recurring process which scales up on the 1st of every month at 8 AM and scales down the same day at 7 PM. What will Auto Scaling do in this scenario?
Auto Scaling will execute both processes but will add just one instance on the 1st
Auto Scaling will add two instances on the 1st of the month
Auto Scaling will schedule both the processes but execute only one process randomly
Auto Scaling will throw an error since there is a conflict in the schedule of two separate Auto Scaling Processes
A user has created an ELB with three instances. How many security groups will ELB create by default?
1
A user has setup an RDS DB with Oracle. The user wants to get notifications when someone modifies the security group of that DB. How can the user configure that?
It is not possible to get the notifications on a change in the security group
Configure SNS to monitor security group changes
Configure event notification on the DB security group
Configure the CloudWatch alarm on the DB for a change in the security group
You are managing the AWS account of a big organization. The organization has more than 1000+ employees and they want to provide access to the various services to most of the employees. Which of the below mentioned options is the best possible solution in this case?
The user should create a separate IAM user for each employee and provide access to them as per the policy
The user should create an IAM role and attach STS with the role. The user should attach that role to the EC2 instance and setup AWS authentication on that server
The user should create IAM groups as per the organization’s departments and add each user to the group for better access control
Attach an IAM role with the organization’s authentication service to authorize each user for various AWS services
A user has launched an EC2 instance. The user is planning to setup the CloudWatch alarm. Which of the below mentioned actions is not supported by the CloudWatch alarm?
Notify the Auto Scaling launch config to scale up
Send an SMS using SNS
Notify the Auto Scaling group to scale down
Stop the EC2 instance
A user has configured a VPC with a new subnet. The user has created a security group. The user wants to configure that instances of the same subnet communicate with each other. How can the user configure this with the security group?
There is no need for a security group modification as all the instances can communicate with each other inside the same subnet
Configure the subnet as the source in the security group and allow traffic on all the protocols and ports
Configure the security group itself as the source and allow traffic on all the protocols and ports
The user has to use VPC peering to configure this
A sys admin is maintaining an application on AWS. The application is installed on EC2 and user has configured ELB and Auto Scaling. Considering future load increase, the user is planning to launch new servers proactively so that they get registered with ELB. How can the user add these instances with Auto Scaling?
Increase the desired capacity of the Auto Scaling group
Increase the maximum limit of the Auto Scaling group
Launch an instance manually and register it with ELB on the fly
Decrease the minimum limit of the Auto Scaling grou
An organization has added 3 of his AWS accounts to consolidated billing. One of the AWS accounts has purchased a Reserved Instance (RI) of a small instance size in the US-East-1a zone. All other AWS accounts are running instances of a small size in the same zone. What will happen in this case for the RI pricing?
Only the account that has purchased the RI will get the advantage of RI pricing
One instance of a small size and running in the US-East-1a zone of each AWS account will get the benefit of RI pricing
Any single instance from all the three accounts can get the benefit of AWS RI pricing if they are running in the same zone and are of the same size
If there are more than one instances of a small size running across multiple accounts in the same zone no one will get the benefit of RI
A user has launched 10 instances from the same AMI ID using Auto Scaling. The user is trying to see the average CPU utilization across all instances of the last 2 weeks under the CloudWatch console. How can the user achieve this?
View the Auto Scaling CPU metrics
Aggregate the data over the instance AMI ID
The user has to use the CloudWatchanalyser to find the average data across instances
It is not possible to see the average CPU utilization of the same AMI ID since the instance ID is different
An application is generating a log file every 5 minutes. The log file is not critical but may be required only for verification in case of some major issue. The file should be accessible over the internet whenever required. Which of the below mentioned options is a best possible storage solution for it?
AWS S3
AWS Glacier
AWS RDS
AWS RRS
A user has created a VPC with CIDR 20.0.0.0/16. The user has created public and VPN only subnets along with hardware VPN access to connect to the user’s datacenter. The user wants to make so that all traffic coming to the public subnet follows the organization’s proxy policy. How can the user make this happen?
Setting up a NAT with the proxy protocol and configure that the public subnet receives traffic from NAT
Settin up a proxy policy in the internet gateway connected with the public subnet
It is not possible to setup the proxy policy for a public subnet
Setting the route table and security group of the public subnet which receives traffic from a virtual private gateway
A user has enabled the Multi AZ feature with the MS SQL RDS database server. Which of the below mentioned statements will help the user understand the Multi AZ feature better?
In a Multi AZ, AWS runs two DBs in parallel and copies the data asynchronously to the replica copy
In a Multi AZ, AWS runs two DBs in parallel and copies the data synchronously to the replica copy
In a Multi AZ, AWS runs just one DB but copies the data synchronously to the standby replica copy
AWS MS SQL does not support the Multi AZ feature
A user has created an ELB with Auto Scaling. Which of the below mentioned offerings from ELB helps the user to stop sending new requests traffic from the load balancer to the EC2 instance when the instance is being deregistered while continuing in-flight requests?
ELB sticky session
ELB deregistration check
ELB connection draining
ELB auto registration Off
A user has developed an application which is required to send the data to a NoSQL database. The user wants to decouple the data sending such that the application keeps processing and sending data but does not wait for an acknowledgement of DB. Which of the below mentioned applications helps in this scenario?
AWS Simple Notification Service
AWS Simple Workflow
AWS Simple Queue Service
AWS Simple Query Service
A user has a refrigerator plant. The user is measuring the temperature of the plant every 15 minutes. If the user wants to send the data to CloudWatch to view the data visually, which of the below mentioned statements is true with respect to the information given above?
The user needs to use AWS CLI or API to upload the data
The user can use the AWS Import Export facility to import data to CloudWatch
The user will upload data from the AWS console
The user cannot upload data to CloudWatch since it is not an AWS service metric
A user has launched an ELB which has 5 instances registered with it. The user deletes the ELB by mistake. What will happen to the instances?
ELB will ask the user whether to delete the instances or not
Instances will be terminated
ELB cannot be deleted if it has running instances registered with it
Instances will keep running
An organization has created 50 IAM users. The organization has introduced a new policy which will change the access of an IAM user. How can the organization implement this effectively so that there is no need to apply the policy at the individual user level?
Use the IAM groups and add users as per their role to different groups and apply policy to group
The user can create a policy and apply it to multiple users in a single go with the AWS CLI
Add each user to the IAM role as per their organization role to achieve effective policy setupAdd each user to the IAM role as per their organization role to achieve effective policy setup
Use the IAM role and implement access at the role level
A user is publishing custom metrics to CloudWatch. Which of the below mentioned statements will help the user understand the functionality better?
The user can use the CloudWatch Import tool
The user should be able to see the data in the console after around 15 minutes
If the user is uploading the custom data, the user must supply the namespace, timezone, and metric name as part of the command
The user can view as well as upload data using the console, CLI and APIs
A user has setup a web application on EC2. The user is generating a log of the application performance at every second. There are multiple entries for each second. If the user wants to send that data to CloudWatch every minute, what should he do?
The user should send only the data of the 60th second as CloudWatch will map the receive data timezone with the sent data timezone
It is not possible to send the custom metric to CloudWatch every minute
Give CloudWatch the Min, Max, Sum, and SampleCount of a number of every minute
Calculate the average of one minute and send the data to CloudWatch
A user has created a queue named “myqueue” in US-East region with AWS SQS. The user’s AWS account ID is 123456789012. If the user wants to perform some action on this queue, which of the below Queue URL should he use?
http://sqs.us-east-1.amazonaws.com/123456789012/myqueue
http://sqs.amazonaws.com/123456789012/myqueue
http://sqs.123456789012.us-east-1.amazonaws.com/myqueue
http://123456789012.sqs.us-east-1.amazonaws.com/myqueue
A user is accessing RDS from an application. The user has enabled the Multi AZ feature with the MS SQL RDS DB. During a planned outage how will AWS ensure that a switch from DB to a standby replica will not affect access to the application?
RDS will have an internal IP which will redirect all requests to the new DB
RDS uses DNS to switch over to stand by replica for seamless transition
The switch over changes Hardware so RDS does not need to worry about access
RDS will have both the DBs running independently and the user has to manually switch over
A user is planning to use AWS Cloudformation. Which of the below mentioned functionalities does not help him to correctly understand Cloudfromation?
Cloudformation follows the DevOps model for the creation of Dev & Test.
AWS Cloudfromation does not charge the user for its service but only charges for the AWS resources created with it.
Cloudformation works with a wide variety of AWS services, such as EC2, EBS, VPC, IAM, S3, RDS, ELB, etc.
CloudFormation provides a set of application bootstrapping scripts which enables the user to install Software.
You are tasked with the migration of a highly trafficked Node JS application to AWS. In order to comply with organizational standards Chef recipes must be used to configure the application servers that host this application and to support application lifecycle events. Which deployment option meets these requirements while minimizing administrative burden?
Create a new stack within Opsworks add the appropriate layers to the stack and deploy the application.
Create a new application within Elastic Beanstalk and deploy this application to a new environment.
Launch a Mode JS server from a community AMI and manually deploy the application to the launched EC2 instance.
Launch and configure Chef Server on an EC2 instance and leverage the AWS CLI to launch application servers and configure those instances using Chef.
Which of the following statements about this S3 bucket policy is true?
Denies the server with the IP address 192 168 100 0 full access to the “mybucket” bucket
Denies the server with the IP address 192 168 100 188 full access to the “mybucket” bucket
Grants all the servers within the 192 168 100 0/24 subnet full access to the “mybucket” bucket
Grants all the servers within the 192 168 100 188/32 subnet full access to the “mybucket” bucket
Which two AWS services provide out-of-the-box user configurable automatic backup-as-a-service and backup rotation options? (Choose two.)
Amazon S3
Amazon RDS
Amazon EBS
Amazon Red shift
What would happen to an RDS (Relational Database Service) multi-Availability Zone deployment of the primary DB instance fails?
The IP of the primary DB instance is switched to the standby OB instance
The RDS (Relational Database Service) DB instance reboots
A new DB instance is created in the standby availability zone
The canonical name record (CNAME) is changed from primary to standby
You use S3 to store critical data for your company Several users within your group currently have lull permissions to your S3 buckets You need to come up with a solution mat does not impact your users and also protect against the accidental deletion of objects. Which two options will address this issue? (Choose two.)
Enable versioning on your S3 Buckets
Configure your S3 Buckets with MFA delete
Create a Bucket policy and only allow read only permissions to all users at the bucket level
Enable object life cycle policies and configure the data older than 3 months to be archived in Glacier
An application that you are managing has EC2 instances & Dynamo DB tables deployed to several AWS Regions. In order to monitor the performance of the application globally, you would like to see two graphs: 1.) Avg CPU Utilization across all EC2 instances 2.) Number of Throttled Requests for all DynamoDB tables How can you accomplish this?
Tag your resources with the application name, and select the tag name as the dimension in the Cloudwatch Management console to view the respective graphs.
Use the Cloud Watch CLI tools to pull the respective metrics from each regional .endpointAggregate the data offline & store it for graphing in CloudWatch.
Add SNMP traps to each instance and DynamoDB table. Leverage a central monitoring server to capture data from each instance and table. Put the aggregate data into Cloud Watch for graphing.
When configuring the agent set the appropriate application name & view the graphs in CloudWatch.
You are attempting to connect to an instance in Amazon VPC without success. You have already verified that the VPC has an Internet Gateway (IGW) the instance has an associated Elastic IP (EIP) and correct security group rules are in place. Which VPC component should you evaluate next?
The configuration of a MAT instance
The configuration of the Routing Table
The configuration of the internet Gateway (IGW)
The configuration of SRC’DST checking
Which of the following requires a custom CloudWatch metric to monitor?
Data transfer of an EC2 instance
Disk usage activity of an EC2 instance
Memory Utilization of an EC2 instance
CPU Utilization of an EC2mstance
A customer has a web application that uses cookie Based sessions to track logged in users It Is deployed on AWS using ELB and Auto Scaling. The customer observes that when load increases. Auto Scaling launches new Instances but the load on the easting Instances does not decrease, causing all existing users to have a sluggish experience. Which two answer choices independently describe a behavior that could be the cause of the sluggish user experience? (Choose two.)
ELB’s normal behavior sends requests from the same user to the same backend instance.
ELB’s behavior when sticky sessions are enabled causes ELB to send requests in the same session to the same backend instance.
A faulty browser is not honoring the TTL of the ELB DNS name.
The web application uses long polling such as comet or websockets. Thereby keeping a connection open to a web server for a long time.
You have been asked to leverage Amazon VPC EC2 and SQS to implement an application that submits and receives millions of messages per second to a message queue. You want to ensure your application has sufficient bandwidth between your EC2 instances and SQS. Which option will provide the most scalable solution for communicating between the application and SQS?
Ensure the application instances are properly configured with an Elastic Load Balancer
Ensure the application instances are launched in private subnets with the EBS-optimized option enabled
Ensure the application instances are launched in public subnets with the associate-public-IP address=true option enabled
Launch application instances in private subnets with an Auto Scaling group and Auto Scaling triggers configured to watch the SQS queue size
You have been asked to propose a multi-region deployment of a web-facing application where a controlled portion of your traffic is being processed by an alternate region. Which configuration would achieve that goal?
Route53 record sets with weighted routing policy
Route53 record sets with latency based routing policy
Auto Scaling with scheduled scaling actions set
Elastic Load Balancing with health checks enabled
An organization’s security policy requires multiple copies of all critical data to be replicated across at least a primary and backup data center. The organization has decided to store some critical data on Amazon S3. Which option should you implement to ensure this requirement is met?
Use the S3 copy API to replicate data between two S3 buckets in different regions
You do not need to implement anything since S3 data is automatically replicated between regions
Use the S3 copy API to replicate data between two S3 buckets in different facilities within an AWS Region
You do not need to implement anything since S3 data is automatically replicated between multiple facilities within an AWS Region
The majority of your Infrastructure is on premises and you have a small footprint on AWS. Your company has decided to roll out a new application that is heavily dependent on low latency connectivity to LDAP for authentication. Your security policy requires minimal changes to the company’s existing application user management processes. What option would you implement to successfully launch this application?
Create a second, independent LOAP server in AWS for your application to use for authentication
Establish a VPN connection so your applications can authenticate against your existing on-premises LDAP servers
Establish a VPN connection between your data center and AWS create a LDAP replica on AWS and configure your application to use the LDAP replica for authentication
Create a second LDAP domain on AWS establish a VPN connection to establish a trust relationship between your new and existing domains and use the new domain for authentication
When preparing for a compliance assessment of your system built inside of AWS. What are three best-practices for you to prepare for an audit? (Choose three.)
Gather evidence of your IT operational controls
Request and obtain applicable third-party audited AWS compliance reports and certifications
Request and obtain a compliance and security tour of an AWS data center for a pre-assessment security review
Request and obtain approval from AWS to perform relevant network scans and in-depth penetration tests of your system’s Instances and endpoints
Schedule meetings with AWS’s third-party auditors to provide evidence of AWS compliance that maps to your control objectives
You have set up Individual AWS accounts for each project. You have been asked to make sure your AWS Infrastructure costs do not exceed the budget set per project for each month. Which of the following approaches can help ensure that you do not exceed the budget each month?
Consolidate your accounts so you have a single bill for all accounts and projects.
Set up auto scaling with CloudWatch alarms using SNS to notify you when you are running too many Instances in a given account.
Set up CloudWatch billing alerts for all AWS resources used by each project, with a notification occurring when the amount for each resource tagged to a particular project matches the budget allocated to the project.
Set up CloudWatch billing alerts for all AWS resources used by each account, with email notifications when it hits 50%. 80% and 90% of its budgeted monthly spend.
You are creating an Auto Scaling group whose Instances need to insert a custom metric into CloudWatch. Which method would be the best way to authenticate your CloudWatch PUT request?
Create an IAM role with the Put MetricData permission and modify the Auto Scaling launch configuration to launch instances in that role
Create an IAM user with the PutMetricData permission and modify the Auto Scaling launch configuration to inject the userscredentials into the instance User Data
Modify the appropriate Cloud Watch metric policies to allow the Put MetricData permission to instances from the Auto Scaling group
Create an IAM user with the PutMetricData permission and put the credentials in a private repository and have applications on the server pull the credentials as needed
Your organization’s security policy requires that all privileged users either use frequently rotated passwords or one-time access credentials in addition to username/password. Which two of the following options would allow an organization to enforce this policy for AWS users? (Choose two.)
Configure multi-factor authentication for privileged 1AM users
Create IAM users for privileged accounts
Implement identity federation between your organization’s Identity provider leveraging the 1AM Security Token Service
Enable the IAM single-use password policy option for privileged users
A user is launching an instance. He is on the "Tag the instance" screen. Which of the below mentioned information will not help the user understand the functionality of an AWS tag?
Each tag will have a key and value
The user can apply tags to the S3 bucket
The maximum value of the tag key length is 64 unicode characters
AWS tags are used to find the cost distribution of various resources
An organization is setting up programmatic billing access for their AWS account. Which of the below mentioned services is not required or enabled when the organization wants to use programmatic access?
Programmatic access
AWS bucket to hold the billing report
AWS billing alerts
Monthly Billing report
A user is using the AWS SQS to decouple the services. Which of the below mentioned operations is not supported by SQS?
SendMessageBatch
DeleteMessageBatch
CreateQueue
DeleteMessageQueue