AWS-Solution-Architect-Associate Exam
[Far out] aws solution architect associate dumps
It is more faster and easier to pass the Amazon aws solution architect associate questions exam by using Practical Amazon AWS Certified Solutions Architect - Associate questuins and answers. Immediate access to the Most up-to-date aws solution architect associate certification Exam and find the same core area aws solution architect associate questions questions with professionally verified answers, then PASS your exam with a high score now.
Q241. A web design company currently runs several FTP servers that their 250 customers use to upload and download large graphic files They wish to move this system to AWS to make it more scalable, but they wish to maintain customer privacy and Keep costs to a minimum.
What AWS architecture would you recommend?
A. ASK their customers to use an 53 client instead of an FTP client. Create a single 53 bucket Create an IAM user for each customer Put the IAM Users in a Group that has an IAM policy that permits access to sub-directories within the bucket via use of the 'username' Policy variable.
B. Create a single 53 bucket with Reduced Redundancy Storage turned on and ask their customers to use an 53 client instead of an FTP client Create a bucket for each customer with a Bucket Policy that permits access only to that one customer.
C. Create an auto-scaling group of FTP servers with a scaling policy to automatically scale-in when minimum network traffic on the auto-scaling group is below a given threshold. Load a central list of ftp users from 53 as part of the user Data startup script on each Instance.
D. Create a single 53 bucket with Requester Pays turned on and ask their customers to use an 53 client instead of an FTP client Create a bucket tor each customer with a Bucket Policy that permits access only to that one customer.
Answer: A
Q242. What would be the best way to retrieve the public IP address of your EC2 instance using the CLI?
A. Using tags
B. Using traceroute
C. Using ipconfig
D. Using instance metadata
Answer: D
Explanation:
To determine your instance's public IP address from within the instance, you can use instance metadata. Use the following command to access the public IP address: For Linux use, $ curl
http://169.254.169.254/latest/meta-data/public-ipv4, and for Windows use, $ wget http://169.254.169.254/latest/meta-data/public-ipv4.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.htm|
Q243. Your company previously configured a heavily used, dynamically routed VPN connection between your on-premises data center and AWS. You recently provisioned a DirectConnect connection and would like to start using the new connection. After configuring DirectConnect settings in the AWS Console, which of the following options win provide the most seamless transition for your users?
A. Delete your existing VPN connection to avoid routing loops configure your DirectConnect router with the appropriate settings and verity network traffic is leveraging DirectConnect.
B. Configure your DirectConnect router with a higher 8GP priority man your VPN router, verify network traffic is leveraging Directconnect and then delete your existing VPN connection.
C. Update your VPC route tables to point to the DirectConnect connection configure your DirectConnect router with the appropriate settings verify network traffic is leveraging DirectConnect and then delete the VPN connection.
D. Configure your DirectConnect router, update your VPC route tables to point to the DirectConnect connection, configure your VPN connection with a higher BGP pointy. And verify network traffic is leveraging the DirectConnect connection.
Answer: D
Q244. In the Launch Db Instance Wizard, where can I select the backup and maintenance options?
A. Under DB INSTANCE DETAILS
B. Under REVI EW
C. Under MANAGEMENT OPTIONS
D. Under ENGINE SELECTION
Answer: C
Q245. A client of yours has a huge amount of data stored on Amazon S3, but is concerned about someone stealing it while it is in transit. You know that all data is encrypted in transit on AWS, but which of the following is wrong when describing server-side encryption on AWS?
A. Amazon S3 server-side encryption employs strong multi-factor encryption.
B. Amazon S3 server-side encryption uses one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256), to encrypt your data.
C. In server-side encryption, you manage encryption/decryption of your data, the encryption keys, and related tools.
D. Server-side encryption is about data encryption at rest—that is, Amazon S3 encrypts your data as it writes it to disks.
Answer: C
Explanation:
Amazon S3 encrypts your object before saving it on disks in its data centers and decrypts it when you download the objects. You have two options depending on how you choose to manage the encryption keys: Server-side encryption and client-side encryption.
Server-side encryption is about data encryption at rest—that is, Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts it for you when you access it. As long as you authenticate your request and you have access permissions, there is no difference in the way you access encrypted or unencrypted objects. Amazon S3 manages encryption and decryption for you. For example, if you share your objects using a pre-signed URL, that URL works the same way for both encrypted and unencrypted objects.
In client-side encryption, you manage encryption/decryption of your data, the encryption keys, and related tools. Server-side encryption is an alternative to client-side encryption in which Amazon S3 manages the encryption of your data, freeing you from the tasks of managing encryption and encryption keys.
Amazon S3 server-side encryption employs strong multi-factor encryption. Amazon S3 encrypts each object with a unique key. As an additional safeguard, it encrypts the key itself with a master key that it regularly rotates. Amazon S3 server-side encryption uses one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256), to encrypt your data.
Reference: http://docs.aws.amazon.com/AmazonS3/Iatest/dev/UsingServerSideEncryption.htmI
Q246. Which Amazon Storage behaves like raw, unformatted, external block devices that you can attach to your instances?
A. None of these.
B. Amazon Instance Storage
C. Amazon EBS
D. All of these
Answer: C
Q247. Is the encryption of connections between my application and my DB Instance using SSL for the MySQL server engines available?
A. Yes
B. Only in VPC
C. Only in certain regions
D. No
Answer: A
Q248. Your company policies require encryption of sensitive data at rest. You are considering the possible options for protecting data while storing it at rest on an EBS data volume, attached to an EC2 instance. Which of these options would allow you to encrypt your data at rest? (Choose 3 answers)
A. Implement third party volume encryption tools
B. Do nothing as EBS volumes are encrypted by default
C. Encrypt data inside your applications before storing it on EBS
D. Encrypt data using native data encryption drivers at the file system level
E. Implement SSL/TLS for all services running on the server
Answer: A, C, D
Q249. A user has launched one EC2 instance in the US East region and one in the US West region. The user has launched an RDS instance in the US East region. How can the user configure access from both the EC2 instances to RDS?
A. It is not possible to access RDS of the US East region from the US West region
B. Configure the US West region’s security group to allow a request from the US East region’s instance and configure the RDS security group’s ingress rule for the US East EC2 group
C. Configure the security group of the US East region to allow traffic from the US West region’s instance and configure the RDS security group’s ingress rule for the US East EC2 group
D. Configure the security group of both instances in the ingress rule of the RDS security group
Answer: C
Explanation:
The user cannot authorize an Amazon EC2 security group if it is in a different AWS Region than the RDS
DB instance. The user can authorize an IP range or specify an Amazon EC2 security group in the same region that refers to an IP address in another region. In this case allow IP of US West inside US East’s security group and open the RDS security group for US East region.
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithSecurityGroups.html
Q250. An edge location refers to which Amazon Web Service?
A. An edge location is refered to the network configured within a Zone or Region
B. An edge location is an AWS Region
C. An edge location is the location of the data center used for Amazon CIoudFront.
D. An edge location is a Zone within an AWS Region
Answer: C
Explanation:
Amazon CIoudFront is a content distribution network. A content delivery network or content distribution network (CDN) is a large distributed system of sewers deployed in multiple data centers across the world. The location of the data center used for CDN is called edge location.
Amazon CIoudFront can cache static content at each edge location. This means that your popular static content (e.g., your site’s logo, navigational images, cascading style sheets, JavaScript code, etc.) will be available at a nearby edge location for the browsers to download with low latency and improved performance for viewers. Caching popular static content with Amazon CIoudFront also helps you offload requests for such files from your origin sever — CIoudFront serves the cached copy when available and only makes a request to your origin server if the edge location receMng the browser’s request does not have a copy of the file.
Reference: http://aws.amazon.com/c|oudfront/