getcertified4sure.com

AWS-Solution-Architect-Associate Exam

Amazing aws solution architect associate exam dumps To Try



we provide Precise Amazon aws solution architect associate dumps exam question which are the best for clearing aws solution architect associate certification test, and to get certified by Amazon AWS Certified Solutions Architect - Associate. The aws solution architect associate questions Questions & Answers covers all the knowledge points of the real aws solution architect associate dumps exam. Crack your Amazon aws solution architect associate exam dumps Exam with latest dumps, guaranteed!

Q131. You are setting up your first Amazon Virtual Private Cloud (Amazon VPC) so you decide to use the VPC wizard in the AWS console to help make it easier for you. Which of the following statements is correct regarding instances that you launch into a default subnet via the VPC wizard?

A. Instances that you launch into a default subnet receive a public IP address and 10 private IP addresses.

B. Instances that you launch into a default subnet receive both a public IP address and a private IP address.

C. Instances that you launch into a default subnet don't receive any ip addresses and you need to define them manually.

D. Instances that you launch into a default subnet receive a public IP address and 5 private IP addresses. 

Answer: B

Explanation:

Instances that you launch into a default subnet receive both a public IP address and a private IP address. Instances in a default subnet also receive both public and private DNS hostnames. Instances that you launch into a nondefault subnet in a default VPC don't receive a public IP address or a DNS hostname. You can change your subnet's default public IP addressing behavior.

Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/default-vpc.html


Q132. Your company has multiple IT departments, each with their own VPC. Some VPCs are located within the same AWS account, and others in a different AWS account. You want to peer together all VPCs to enable the IT departments to have full access to each others' resources. There are certain limitations placed on VPC peering. Which of the following statements is incorrect in relation to VPC peering?

A. Private DNS values cannot be resolved between instances in peered VPCs.

B. You can have up to 3 VPC peering connections between the same two VPCs at the same time.

C. You cannot create a VPC peering connection between VPCs in different regions.

D. You have a limit on the number active and pending VPC peering connections that you can have per VPC.

Answer:

Explanation:

To create a VPC peering connection with another VPC, you need to be aware of the following limitations and rules:

You cannot create a VPC peering connection between VPCs that have matching or overlapping CIDR blocks.

You cannot create a VPC peering connection between VPCs in different regions.

You have a limit on the number active and pending VPC peering connections that you can have per VPC. VPC peering does not support transitive peering relationships; in a VPC peering connection, your VPC will not have access to any other VPCs that the peer VPC may be peered with. This includes VPC peering connections that are established entirely within your own AWS account.

You cannot have more than one VPC peering connection between the same two VPCs at the same time. The Maximum Transmission Unit (MTU) across a VPC peering connection is 1500 bytes.

A placement group can span peered VPCs; however, you will not get full-bisection bandwidth between instances in peered VPCs.

Unicast reverse path forwarding in VPC peering connections is not supported.

You cannot reference a security group from the peer VPC as a source or destination for ingress or egress rules in your security group. Instead, reference CIDR blocks of the peer VPC as the source or destination of your security group's ingress or egress rules.

Private DNS values cannot be resolved between instances in peered VPCs. Reference:

http://docs.aws.amazon.com/AmazonVPC/Iatest/PeeringGuide/vpc-peering-overview.htmI#vpc-peering-Ii mitations


Q133. True or False: In Amazon Route 53, you can create a hosted zone for a top-level domain (TLD).

A. FALSE

B. False, Amazon Route 53 automatically creates it for you.

C. True, only if you send an XML document with a CreateHostedZoneRequest element for TLD.

D. TRUE

Answer: A

Explanation:

In Amazon Route 53, you cannot create a hosted zone for a top-level domain (TLD).

Reference:  http://docs.aws.amazon.com/Route53/latest/APIReference/API_CreateHostedZone.htmI


Q134. Can you specify the security group that you created for a VPC when you launch an instance in EC2-Classic?

A. No, you can specify the security group created for EC2-Classic when you launch a VPC instance.

B. No

C. Yes

D. No, you can specify the security group created for EC2-Classic to a non-VPC based instance only. 

Answer: B

Explanation:

If you're using EC2-Classic, you must use security groups created specifically for EC2-Classic. When you launch an instance in EC2-Classic, you must specify a security group in the same region as the instance. You can't specify a security group that you created for a VPC when you launch an instance in

EC2-Classic.

Reference:

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.htmI#ec2-classic-securit y-groups


Q135. An organization has a statutory requirement to protect the data at rest for the S3 objects. Which of the below mentioned options need not be enabled by the organization to achieve data security?

A. MFA delete for S3 objects

B. Client side encryption

C. Bucket versioning

D. Data replication 

Answer: D

Explanation:

AWS S3 provides multiple options to achieve the protection of data at REST. The options include Permission (Policy), Encryption (Client and Server Side), Bucket Versioning and MFA based delete. The user can enable any of these options to achieve data protection. Data replication is an internal facility by AWS where S3 replicates each object across all the Availability Zones and the organization need not

enable it in this case.

Reference: http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf


Q136. You are looking at ways to improve some existing infrastructure as it seems a lot of engineering resources are being taken up with basic management and monitoring tasks and the costs seem to be excessive.

You are thinking of deploying Amazon E|asticCache to help. Which of the following statements is true in regards to EIasticCache?

A. You can improve load and response times to user actions and queries however the cost associated with scaling web applications will be more.

B. You can't improve load and response times to user actions and queries but you can reduce the cost associated with scaling web applications.

C. You can improve load and response times to user actions and queries however the cost associated with scaling web applications will remain the same.

D. You can improve load and response times to user actions and queries and also reduce the cost associated with scaling web applications.

Answer:

Explanation:

Amazon EIastiCache is a web service that makes it easy to deploy and run Memcached or Redis protocol-compliant server nodes in the cloud. Amazon EIastiCache improves the performance of web applications by allowing you to retrieve information from a fast, managed, in-memory caching system, instead of relying entirely on slower disk-based databases. The service simplifies and offloads the management, monitoring and operation of in-memory cache environments, enabling your engineering resources to focus on developing applications.

Using Amazon EIastiCache, you can not only improve load and response times to user actions and queries, but also reduce the cost associated with scaling web applications.

Reference: https://aws.amazon.com/eIasticache/faqs/


Q137. You are migrating a legacy client-server application to AWS. The application responds to a specific DNS domain (e.g. www.examp|e.com) and has a 2-tier architecture, with multiple application sewers and a database server. Remote clients use TCP to connect to the application sewers. The application servers need to know the IP address of the clients in order to function properly and are currently taking that information from the TCP socket. A MuIti-AZ RDS MySQL instance will be used for the database. During the migration you can change the application code, but you have to file a change request.

How would you implement the architecture on AWS in order to maximize scalability and high availability?

A. File a change request to implement Alias Resource support in the application. Use Route 53 Alias Resource Record to distribute load on two application servers in different AZs.

B. File a change request to implement Latency Based Routing support in the application. Use Route 53 with Latency Based Routing enabled to distribute load on two application servers in different AZs.

C. File a change request to implement Cross-Zone support in the application. Use an ELB with a TCP Listener and Cross-Zone Load Balancing enabled, two application servers in different AZs.

D. File a change request to implement Proxy Protocol support in the application. Use an ELB with a TCP Listener and Proxy Protocol enabled to distribute load on two application servers in different AZs.

Answer: D


Q138. As AWS grows, most of your cIients' main concerns seem to be about security, especially when all of their competitors also seem to be using AWS. One of your clients asks you whether having a competitor who hosts their EC2 instances on the same physical host would make it easier for the competitor to hack into  the cIient's data. Which of the following statements would be the best choice to put your cIient's mind at rest?

A. Different instances running on the same physical machine are isolated from each other via a 256-bit Advanced Encryption Standard (AES-256).

B. Different instances running on the same physical machine are isolated from each other via the Xen hypervisor and via a 256-bit Advanced Encryption Standard (AES-256).

C. Different instances running on the same physical machine are isolated from each other via the Xen hypervisor.

D. Different instances running on the same physical machine are isolated from each other via IAM permissions.

Answer: C

Explanation:

Amazon Elastic Compute Cloud (EC2) is a key component in Amazon’s Infrastructure as a Service (IaaS), providing resizable computing capacity using server instances in AWS’s data centers. Amazon EC2 is designed to make web-scale computing easier by enabling you to obtain and configure capacity with minimal friction.

You create and launch instances, which are collections of platform hardware and software. Different instances running on the same physical machine are isolated from each other via the Xen hypervisor.

Amazon is active in the Xen community, which provides awareness of the latest developments. In addition, the AWS firewall resides within the hypervisor layer, between the physical network interface and the instance's virtual interface. All packets must pass through this layer, thus an instance’s neighbors have no more access to that instance than any other host on the Internet and can be treated as if they are on

separate physical hosts. The physical RAM is separated using similar mechanisms.

Reference:  http://d0.awsstatic.com/whitepapers/Security/AWS%20Security%20Whitepaper.pdf


Q139. An ERP application is deployed across multiple AZs in a single region. In the event of failure, the Recovery Time Objective (RTO) must be less than 3 hours, and the Recovery Point Objective (RPO) must be 15 minutes the customer realizes that data corruption occurred roughly 1.5 hours ago.

What DR strategy could be used to achieve this RTO and RPO in the event of this kind of failure?

A. Take hourly DB backups to 53, with transaction logs stored in 53 every 5 minutes.

B. Use synchronous database master-slave replication between two availability zones.

C. Take hourly DB backups to EC2 Instance store volumes with transaction logs stored In 53 every 5 minutes.

D. Take 15 minute DB backups stored In Glacier with transaction logs stored in 53 every 5 minutes. 

Answer: A


Q140. A user has launched a large EBS backed EC2 instance in the US-East-1a region. The user wants to achieve Disaster Recovery (DR) for that instance by creating another small instance in Europe. How can the user achieve DR?

A. Copy the instance from the US East region to the EU region

B. Use the "Launch more like this" option to copy the instance from one region to another

C. Copy the running instance using the "|nstance Copy" command to the EU region

D. Create an AMI of the instance and copy the AMI to the EU region. Then launch the instance from the EU AMI

Answer:

Explanation:

To launch an EC2 instance it is required to have an AMI in that region. If the AMI is not available in that region, then create a new AMI or use the copy command to copy the AMI from one region to the other region.

Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/CopyingAMIs.htmI


© Copyright Getcertified4sure.com. examcollectionuk.com
All other trademarks and copyrights are the property of their respective owners.
All rights reserved.