Frage 1
Frage
A startups photo-sharing site is deployed in a VPC. An ELB distributes web traffic across
two subnets. ELB session stickiness is configured to use the AWS-generated session
cookie, with a session TTL of 5 minutes. The webserver Auto Scaling Group is configured
as: min-size=4, max-size=4. The startups preparing for a public launch, by running
load-testing software installed on a single EC2 instance running in us-west-2a. After 60
minutes of load-testing, the webserver logs show: Which recommendations can help ensure
load-testing HTTP requests are evenly distributed across the four webservers? Choose 2
answers.
Antworten
-
Re-configure the load-testing software to re-resolve DNS for each web request.
-
Use a 3rd-party load-testing service which offers globally-distributed test clients.
-
Configure ELB and Auto Scaling to distribute across us-west-2a and us-west-2c.
-
Configure ELB session stickiness to use the app-specific session cookie.
-
Launch and run the load-tester EC2 instance from us-east-1 instead.
Frage 2
Frage
Which of the following are correct statements with policy evaluation logic in AWS Identity
and Access Management? Choose 2 answers
Antworten
-
An explicit deny does not override an explicit allow
-
By default, all request are allowed
-
An explicit allow overrides default deny
-
An explicit allow overrides an explicit deny
-
By default, all requests are denied
Frage 3
Frage
How can you secure data at rest on an EBS volume?
Antworten
-
Write the data randomly instead of sequentially.
-
Use an encrypted file system on top of the EBS volume.
-
Encrypt the volume using the S3 server-side encryption service.
-
Create an IAM policy that restricts read and write access to the volume.
-
Attach the volume to an instance using EC2’s SSL interface.
Frage 4
Frage
If an application is storing hourly log files from thousands of instances from a high traffic
web site, which naming scheme would give optimal performance on S3?
Antworten
-
Sequential
-
HH-DD-MM-YYYY-log_instanceID
-
YYYY-MM-DD-HH-log_instanceID
-
instanceID_log-HH-DD-MM-YYYY
-
instanceID_log-YYYY-MM-DD-HH
Frage 5
Frage
Your application is trying to upload a 6 GB file to Simple Storage Service and receive a
“Your proposed upload exceeds the maximum allowed object size.” error message. What is
a possible solution for this?
Antworten
-
None, Simple Storage Service objects are limited to 5 GB
-
Use the multi-part upload API for this object
-
Use the large object upload API for this object
-
Contact support to increase your object size limit
-
Upload to a different region
Frage 6
Frage
Company C is currently hosting their corporate site in an Amazon S3 bucket with Static
Website Hosting enabled. Currently, when visitors go to http://www.companyc.com the
index.html page is returned. Company C now would like a new page welcome.html to be
returned when a visitor enters http://www.companyc.com in the browser. Which of the
following steps will allow Company C to meet this requirement? Choose 2 answers
Antworten
-
Upload an html page named welcome.html to their S3 bucket
-
Create a welcome subfolder in their S3 bucket
-
Set the Index Document property to welcome.html
-
Move the index.html page to a welcome subfolder
-
Set the Error Document property to welcome.html
Frage 7
Frage
Which of the following statements about SQS is true?
Antworten
-
Messages will be delivered one or more times and messages will be delivered in First in,
First out order
-
Messages will be delivered exactly once and message delivery order is indeterminate
-
Messages will be delivered exactly once and messages will be delivered in First in, First
out order
-
Messages will be delivered one or more times and message delivery order is
indeterminate
Frage 8
Frage
EC2 instances are launched from Amazon Machine images (AMIS). A given public AMI can:
Antworten
-
be used to launch EC2 Instances in any AWS region.
-
only be used to launch EC2 instances in the same country as the AMI is stored.
-
only be used to launch EC2 instances in the same AWS region as the AMI is stored.
-
only be used to launch EC2 instances in the same AWS availability zone as the AMI is
stored.
Frage 9
Frage
When a Simple Queue Service message triggers a task that takes 5 minutes to complete,
which process below will result in successful processing of the message and remove it from
the queue while minimizing the chances of duplicate processing?
Antworten
-
Retrieve the message with an increased visibility timeout, delete the message from the
queue, process the message
-
Retrieve the message with increased DelaySeconds, process the message, delete the
message from the queue
-
Retrieve the message with an increased visibility timeout, process the message, delete
the message from the queue
-
Retrieve the message with increased DelaySeconds, delete the message from the
queue, process the message
Frage 10
Frage
What is the format of structured notification messages sent by Amazon SNS?
Antworten
-
An XML object containing MessageId, UnsubscribeURL, Subject, Message and other
values
-
An JSON object containing MessageId, DuplicateFlag, Message and other values
-
An XML object containing MessageId, DuplicateFlag, Message and other values
-
An JSON object containing MessageId, unsubscribeURL, Subject, Message and other
values
Frage 11
Frage
Which approach below provides the least impact to provisioned throughput on the “Product”
table?
Antworten
-
Create an “Images” DynamoDB table to store the Image with a foreign key constraint to
the “Product” table
-
Add an image data type to the “Product” table to store the images in binary format
-
Serialize the image and store it in multiple DynamoDB tables
-
Store the images in Amazon S3 and add an S3 URL pointer to the “Product” table item
for each image
Frage 12
Frage
Which DynamoDB limits can be raised by contacting AWS support? Choose 2 answers
Antworten
-
The number of hash keys per account
-
The maximum storage used per account
-
The number of tables per account
-
The number of local secondary indexes per account
-
The number of provisioned throughput units per account
Frage 13
Frage
Which of the following items are required to allow an application deployed on an EC2
instance to write data to a DynamoDB table? Assume that no security Keys are allowed to
be stored on the EC2 instance. Choose 2 answers
Antworten
-
Create an IAM User that allows write access to the DynamoDB table.
-
Launch an EC2 Instance with the IAM User included in the launch configuration.
-
Create an IAM Role that allows write access to the DynamoDB table.
-
Launch an EC2 Instance with the IAM Role included in the launch configuration.
-
Add an IAM Role to a running EC2 instance.
-
Add an IAM User to a running EC2 Instance.
Frage 14
Frage
Which EC2 API call would you use to retrieve a list of Amazon Machine Images (AMIs)?
Frage 15
Frage
An Amazon S3 bucket, “myawsbucket” is configured with website hosting in Tokyo region,
what is the region-specific website endpoint?
Antworten
-
www.myawsbucket.ap-northeast-1.amazonaws.com
-
myawsbucket.s3-website-ap-northeast-l.amazonawscom
-
myawsbucket.amazonaws.com
-
myawsbucket.tokyo.amazonaws.com
Frage 16
Frage
A corporate web application is deployed within an Amazon VPC, and is connected to the
corporate data center via IPSec VPN. The application must authenticate against the
on-premise LDAP server. Once authenticated, logged-in users can only access an S3
keyspace specific to the user. Which two approaches can satisfy the objectives? Choose 2
answers
Antworten
-
The application authenticates against LDAP, and retrieves the name of an IAM role
associated with the user. The application then calls the IAM Security Token Service to
assume that IAM Role. The application can use the temporary credentials to access the
appropriate S3 bucket.
-
Develop an identity broker which authenticates against IAM Security Token Service to
assume an IAM Role to get temporary AWS security credentials. The application calls the
identity broker to get AWS temporary security credentials with access to the appropriate S3
bucket.
-
The application authenticates against IAM Security Token Service using the LDAP
credentials. The application uses those temporary AWS security credentials to access the
appropriate S3 bucket.
-
The application authenticates against LDAP. The application then calls the IAM Security
Service to login to IAM using the LDAP credentials. The application can use the IAM
temporary credentials to access the appropriate S3 bucket.
-
Develop an identity broker which authenticates against LDAP, and then calls IAM
Security Token Service to get IAM federated user credentials. The application calls the
identity broker to get IAM federated user credentials with access to the appropriate S3
bucket.
Frage 17
Frage
You are providing AWS consulting services for a company developing a new mobile
application that will be leveraging Amazon SNS Mobile Push for push notifications. In order
to send direct notification messages to individual devices each device registration identifier
or token needs to be registered with SNS; however the developers are not sure of the best
way to do this. You advise them to:
Antworten
-
Call the CreatePlatformEndPoint API function to register multiple device tokens.
-
Bulk upload the device tokens contained in a CSV file via the AWS Management
Console.
-
Let the push notification service (e.g. Amazon Device Messaging) handle the registration.
-
Implement a token vending service to handle the registration.
Frage 18
Frage
What type of block cipher does Amazon S3 offer for server side encryption?
Frage 19
Frage
You have written an application that uses the Elastic Load Balancing service to spread
traffic to several web servers Your users complain that they are sometimes forced to login
again in the middle of using your application, after they have already togged in. This is not
behavior you have designed. What is a possible solution to prevent this happening?
Antworten
-
Use instance memory to save session state.
-
Use instance storage to save session state.
-
Use EBS to save session state
-
Use ElastiCache to save session state.
-
Use Glacier to save session slate.
Frage 20
Frage
Which of the following is an example of a good DynamoDB hash key schema for
provisioned throughput efficiency?
Antworten
-
User ID, where the application has many different users.
-
Status Code where most status codes are the same.
-
Device ID, where one is by far more popular than all the others.
-
Game Type, where there are three possible game types.
Frage 21
Frage
Which statements about DynamoDB are true? Choose 2 answers
Antworten
-
DynamoDB uses optimistic concurrency control
-
DynamoDB restricts item access during writes
-
DynamoDB uses a pessimistic locking model
-
DynamoDB restricts item access during reads
-
DynamoDB uses conditional writes for consistency
Frage 22
Frage
You are writing to a DynamoDB table and receive the following exception:”
ProvisionedThroughputExceededException”. though according to your Cloudwatch metrics
for the table, you are not exceeding your provisioned throughput. What could be an
explanation for this?
Antworten
-
You haven’t provisioned enough DynamoDB storage instances
-
You’re exceeding your capacity on a particular Range Key
-
You’re exceeding your capacity on a particular Hash Key
-
You’re exceeding your capacity on a particular Sort Key
-
You haven’t configured DynamoDB Auto Scaling triggers
Frage 23
Frage
Company A has an S3 bucket containing premier content that they intend to make available
to only paid subscribers of their website. The S3 bucket currently has default permissions of
all objects being private to prevent inadvertent exposure of the premier content to
non-paying website visitors. How can Company A provide only paid subscribers the ability
to download a premier content file in the S3 bucket?
Antworten
-
Apply a bucket policy that grants anonymous users to download the content from the S3
bucket
-
Generate a pre-signed object URL for the premier content file when a paid subscriber
requests a download
-
Add a bucket policy that requires Multi-Factor Authentication for requests to access the
S3 bucket objects
-
Enable server side encryption on the S3 bucket for data protection against the
non-paying website visitors
Frage 24
Frage
What happens, by default, when one of the resources in a CloudFormation stack cannot be
created?
Antworten
-
The stack creation continues, and the final results indicate which steps failed.
-
CloudFormation templates are parsed in advance so stack creation is guaranteed to
succeed.
-
Previously-created resources are kept but the stack creation terminates.
-
Previously-created resources are deleted and the stack creation terminates.
Frage 25
Frage
What is the maximum number of S3 Buckets available per AWS account?
Antworten
-
There is no limit
-
100 per account
-
100 per IAM user
-
100 per region
-
500 per account
Frage 26
Frage
Which of the following are valid arguments for an SNS Publish request? Choose 3 answers
Antworten
-
Subject
-
Language
-
Message
-
Destination
-
TopicAm
-
Format
Frage 27
Frage
A meteorological system monitors 600 temperature gauges, obtaining temperature samples
every minute and saving each sample to a DynamoDB table. Each sample involves writing
1K of data and the writes are evenly distributed over time. How much write throughput is
required for the target table?
Frage 28
Frage
Which of the following platforms are supported by Elastic Beanstalk? Choose 2 answers
Antworten
-
Apache Tomcat
-
IBM Websphere
-
Oracle JBoss
-
Jetty
-
.NET
Frage 29
Frage
You attempt to store an object in the US-STANDARD region in Amazon S3, and receive a
confirmation that it has been successfully stored. You then immediately make another API
call and attempt to read this object. S3 tells you that the object does not exist What could
explain this behavior?
Antworten
-
US-STANDARD imposes a 1 second delay before new objects are readable.
-
You exceeded the bucket object limit, and once this limit is raised the object will be
visible.
-
Objects in Amazon S3 do not become visible until they are replicated to a second region.
-
US-STANDARD uses eventual consistency and it can take time for an object to be
readable in a bucket
Frage 30
Frage
Which features can be used to restrict access to data in S3? Choose 2 answers
Antworten
-
Set an S3 Bucket policy.
-
Enable IAM Identity Federation.
-
Set an S3 ACL on the bucket or the object.
-
Create a CloudFront distribution for the bucket.
-
Use S3 Virtual Hosting.
Frage 31
Frage
In AWS, which security aspects are the customer’s responsibility? Choose 4 answers
Antworten
-
Decommissioning storage devices
-
Patch management on the EC2 instance’s operating system
-
Controlling physical access to compute resources
-
Security Group and ACL (Access Control List) settings
-
Life-cycle management of IAM credentials
-
Encryption of EBS (Elastic Block Storage) volumes
Frage 32
Frage
What AWS products and features can be deployed by Elastic Beanstalk? Choose 3
answers
Antworten
-
Auto scaling groups
-
Route 53 hosted zones
-
Elastic Load Balancers
-
RDS Instances
-
Elastic IP addresses
-
SQS Queues
Frage 33
Frage
You run an ad-supported photo sharing website using S3 to serve photos to visitors of your
site. At some point you find out that other sites have been linking to the photos on your site,
causing loss to your business. What is an effective method to mitigate this?
Antworten
-
Store photos on an EBS volume of the web server
-
Remove public read access and use signed URLs with expiry dates.
-
Use CloudFront distributions for static content.
-
Block the IPs of the offending websites in Security Groups.
Frage 34
Frage
Which code snippet below returns the URL of a load balanced web site created in
CloudFormation with an AWS::ElasticLoadBalancing::LoadBalancer resource name
“ElasticLoad Balancer”?
Antworten
-
“Fn::Join” : [“”. [ “http://”, {“Fn::GetAtr” : [ “ElasticLoadBalancer”,”DNSName”]}]]
-
“Fn::Join” : [“.”, [ “http://”, {“Ref” : “ElasticLoadBalancerDNSName”}]]
-
“Fn::Join” : [“”. [ “http://”, {“Ref” : “ElasticLoadBalancerUrl”}]]
-
“Fn::Join” : [“”. [ “http://”, {“Fn::GetAtr” : [ “ElasticLoadBalancer”,”Url”]}]]
Frage 35
Frage
You are inserting 1000 new items every second in a DynamoDB table. Once an hour these
items are analyzed and then are no longer needed. You need to minimize provisioned
throughput, storage, and API calls. Given these requirements, what is the most efficient way
to manage these Items after the analysis?
Antworten
-
Retain the items in a single table
-
Delete items individually over a 24 hour period
-
Delete the table and create a new table per hour
-
Create a new table per hour
Frage 36
Frage
Which of the following statements about SWF are true? Choose 3 answers
Antworten
-
SWF uses deciders and workers to complete tasks
-
SWF requires at least 1 EC2 instance per domain
-
SWF triggers SNS notifications on task assignment
-
SWF requires an S3 bucket for workflow storage
-
SWF tasks are assigned once and never duplicated
-
SWF workflow executions can last up to a year
Frage 37
Frage
Company D is running their corporate website on Amazon S3 accessed from
http//www.companyd.com. Their marketing team has published new web fonts to a separate
S3 bucket accessed by the S3 endpoint https://s3-us-west1. amazonaws.com/cdfonts.
While testing the new web fonts, Company D recognized the web fonts are being blocked
by the browser. What should Company D do to prevent the web fonts from being blocked by
the browser?
Antworten
-
Create a policy on the cdfonts bucket to enable access to everyone
-
Add the Content-MD5 header to the request for webfonts in the cdfonts bucket from the
website
-
Configure the cdfonts bucket to allow cross-origin requests by creating a CORS
configuration
-
Enable versioning on the cdfonts bucket for each web font
Frage 38
Frage
How is provisioned throughput affected by the chosen consistency model when reading
data from a DynamoDB table?
Antworten
-
Strongly consistent reads use the same amount of throughput as eventually consistent
reads
-
Strongly consistent reads use variable throughput depending on read activity
-
Strongly consistent reads use more throughput than eventually consistent reads.
-
Strongly consistent reads use less throughput than eventually consistent reads
Frage 39
Frage
When uploading an object, what request header can be explicitly specified in a request to
Amazon S3 to encrypt object data when saved on the server side?
Frage 40
Frage
Which of the following are valid SNS delivery transports? Choose 2 answers
Antworten
-
SMS
-
DynamoDB
-
HTTP
-
UDP
-
Named Pipes
Frage 41
Frage
You have an environment that consists of a public subnet using Amazon VPC and 3
instances that are running in this subnet. These three instances can successfully
communicate with other hosts on the Internet. You launch a fourth instance in the same
subnet, using the same AMI and security group configuration you used for the others, but
find that this instance cannot be accessed from the Internet. What should you do to enable
internet access?
Antworten
-
Deploy a NAT instance into the public subnet.
-
Modify the routing table for the public subnet
-
Configure a publicly routable IP Address In the host OS of the fourth instance.
-
Assign an Elastic IP address to the fourth instance.
Frage 42
Frage
How can software determine the public and private IP addresses of the Amazon EC2
instance that it is running on?
Antworten
-
Query the appropriate Amazon CloudWatch metric.
-
Use ipconfig or ifconfig command.
-
Query the local instance userdata.
-
Query the local instance metadata.
Frage 43
Frage
Which of the following services are included at no additional cost with the use of the AWS
platform? Choose 2 answers
Antworten
-
CloudFormation
-
Simple Workflow Service
-
Elastic Load Balancing
-
Elastic Compute Cloud
-
Simple Storage Service
-
Auto Scaling
Frage 44
Frage
Which of the following programming languages have an officially supported AWS SDK?
Choose 2 answers
Frage 45
Frage
After launching an instance that you intend to serve as a NAT (Network Address
Translation) device in a public subnet you modify your route tables to have the NAT device
be the target of internet bound traffic of your private subnet. When you try and make an
outbound connection to the Internet from an instance in the private subnet, you are not
successful. Which of the following steps could resolve the issue?
Antworten
-
Attaching a second Elastic Network interface (ENI) to the NAT instance, and placing it in
the private subnet
-
Attaching an Elastic IP address to the instance in the private subnet
-
Attaching a second Elastic Network Interface (ENI) to the instance in the private subnet,
and placing it in the public subnet
-
Disabling the Source/Destination Check attribute on the NAT instance
Frage 46
Frage
Which of the following is chosen as the default region when making an API call with an
AWS SDK?
Antworten
-
ap-northeast-1
-
us-west-2
-
us-east-1
-
eu-west-1
-
us-central-1
Frage 47
Frage
When using a large Scan operation in DynamoDB, what technique can be used to minimize
the impact of a scan on a table’s provisioned throughput?
Antworten
-
Set a smaller page size for the scan
-
Prewarm the table by updating all items
-
Use parallel scans
-
Define a range index on the table
Frage 48
Frage
Which of the following services are key/value stores? Choose 3 answers
Frage 49
Frage
An application stores payroll information nightly in DynamoDB for a large number of
employees across hundreds of offices. Item attributes consist of individual name, office
identifier, and cumulative daily hours. Managers run reports for ranges of names working in
their office. One query is. “Return all Items in this office for names starting with A through
E”. Which table configuration will result in the lowest impact on provisioned throughput for
this query?
Antworten
-
Configure the table to have a range index on the name attribute, and a hash index on the
office identifier
-
Configure a hash index on the name attribute and no range index
-
Configure the table to have a hash index on the name attribute, and a range index on the
office identifier
-
Configure a hash index on the office Identifier attribute and no range index
Frage 50
Frage
What is one key difference between an Amazon EBS-backed and an instance-store backed
instance?
Antworten
-
Virtual Private Cloud requires EBS backed instances
-
Amazon EBS-backed instances can be stopped and restarted
-
Auto scaling requires using Amazon EBS-backed instances.
-
Instance-store backed instances can be stopped and restarted.
Frage 51
Frage
Company B provides an online image recognition service and utilizes SOS to decouple
system components for scalability The SQS consumers poll the imaging queue as often as
possible to keep end-to-end throughput as high as possible. However, Company B is
realizing that polling in tight loops is burning CPU cycles and increasing costs with empty
responses. How can Company B reduce the number of empty responses?
Antworten
-
Set the imaging queue visibility Timeout attribute to 20 seconds
-
Set the DelaySeconds parameter of a message to 20 seconds
-
Set the Imaging queue ReceiveMessageWaitTimeSeconds attribute to 20 seconds
-
Set the imaging queue MessageRetentionPeriod attribute to 20 seconds
Frage 52
Frage
What item operation allows the retrieval of multiple items from a DynamoDB table in a single
API call?
Antworten
-
GetItem
-
BatchItem
-
GetMultipleItems
-
GetItemRange
Frage 53
Frage
In DynamoDB, what type of HTTP response codes indicate that a problem was found with
the client request sent to the service?
Antworten
-
5xx HTTP response code
-
200 HTTP response code
-
306 HTTP response code
-
4xx HTTP response code
Frage 54
Frage
If a message is retrieved from a queue in Amazon SQS, how long is the message
inaccessible to other users by default?
Antworten
-
30 seconds
-
0 seconds
-
1 hour
-
1 day
-
forever
Frage 55
Frage
Games-R-Us is launching a new game app for mobile devices. Users will log into the game
using their existing Facebook account and the game will record player data and scoring
information directly to a DynamoDB table. What is the most secure approach for signing
requests to the DynamoDB API?
Antworten
-
Create an IAM user with access credentials that are distributed with the mobile app to
sign the requests
-
Distribute the AWS root account access credentials with the mobile app to sign the
requests
-
Request temporary security credentials using web identity federation to sign the requests
-
Establish cross account access between the mobile app and the DynamoDB table to sign
the requests