NEW QUESTION 1
A user is trying to understand the CloudWatch metrics for the AWS services. It is required that the user should first understand the namespace for the AWS services. Which of the below mentioned is not a valid namespace for the AWS services?

• A. AWS/StorageGateway
• B. AWS/CloudTrail
• C. AWS/ElastiCache
• D. AWS/SWF

Answer: B

Explanation:
Amazon CloudWatch is basically a metrics repository. The AWS product puts metrics into this repository, and the user can retrieve the data or statistics based on those metrics. To distinguish the data for each service, the CloudWatch metric has a namespace. Namespaces are containers for metrics. All AWS services that provide the Amazon CloudWatch data use a namespace string, beginning with "AWS/". All the services which are supported by CloudWatch will have some namespace. CloudWatch does not monitor CloudTrail. Thus, the namespace “AWS/CloudTrail” is incorrect.

NEW QUESTION 2
How can the domain's zone apex for example "myzoneapexdomain com" be pointed towards an Elastic Load Balancer?

• A. By using an AAAA record
• B. By using an A record
• C. By using an Amazon Route 53 CNAME record
• D. By using an Amazon Route 53 Alias record

Answer: D

Explanation: Reference:
http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-choosing-alias-non-alias.html

NEW QUESTION 3
A root account owner is trying to understand the S3 bucket ACL. Which of the below mentioned options cannot be used to grant ACL on the object using the authorized predefined group?

• A. Authenticated user group
• B. All users group
• C. Log Delivery Group
• D. Canonical user group

Answer: D

Explanation:
An S3 bucket ACL grantee can be an AWS account or one of the predefined Amazon S3 groups. Amazon S3 has a set of predefined groups. When granting account access to a group, the user can specify one of the URLs of that group instead of a canonical user ID. AWS S3 has the following predefined groups: Authenticated Users group: It represents all AWS accounts. All Users group: Access permission to this group allows anyone to access the resource. Log Delivery group: WRITE permission on a bucket enables this group to write server access logs to the bucket.

NEW QUESTION 4
An organization is generating digital policy files which are required by the admins for verification. Once the files are verified they may not be required in the future unless there is some compliance issue. If the organization wants to save them in a cost effective way, which is the best possible solution?

• A. AWS RRS
• B. AWS S3
• C. AWS RDS
• D. AWS Glacier

Answer: D

Explanation:
Amazon S3 stores objects according to their storage class. There are three major storage classes: Standard, Reduced Redundancy and Glacier. Standard is for AWS S3 and provides very high durability. However, the costs are a little higher. Reduced redundancy is for less critical files. Glacier is for archival and the files which are accessed infrequently. It is an extremely low-cost storage service that provides secure and durable storage for data archiving and backup.

NEW QUESTION 5
A user has created an application which will be hosted on EC2. The application makes calls to DynamoDB to fetch certain data. The application is using the DynamoDB SDK to connect with from the EC2 instance. Which of the below mentioned statements is true with respect to the best practice for security in this scenario?

• A. The user should attach an IAM role with DynamoDB access to the EC2 instance
• B. The user should create an IAM user with DynamoDB access and use its credentials within the application to connect with DynamoDB
• C. The user should create an IAM role, which has EC2 access so that it will allow deploying the application
• D. The user should create an IAM user with DynamoDB and EC2 acces
• E. Attach the user with the application so that it does not use the root account credentials

Answer: A

Explanation:
With AWS IAM a user is creating an application which runs on an EC2 instance and makes requests to AWS, such as DynamoDB or S3 calls. Here it is recommended that the user should not create an IAM user and pass the user's credentials to the application or embed those credentials inside the application. Instead, the user should use roles for EC2 and give that role access to DynamoDB /S3. When the roles are attached to EC2, it will give temporary security credentials to the application hosted on that EC2, to connect with DynamoDB / S3.

NEW QUESTION 6
A user has created a VPC with CIDR 20.0.0.0/16 using VPC Wizard. The user has created a public CIDR
(20.0.0.0/24. and a VPN only subnet CIDR (20.0.1.0/24. along with the hardware VPN access to connect to the user’s data centre. Which of the below mentioned components is not present when the VPC is setup with the wizard?

• A. Main route table attached with a VPN only subnet
• B. A NAT instance configured to allow the VPN subnet instances to connect with the internet
• C. Custom route table attached with a public subnet
• D. An internet gateway for a public subnet

Answer: B

Explanation:
The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data centre, he can setup a public and VPN only subnet which uses hardware VPN access to connect with his data centre. When the user has configured this setup with Wizard, it will update the main route table used with the VPN-only subnet, create a custom route table and associate it with the public subnet. It also creates an internet gateway for the public subnet. The wizard does not create a NAT instance by default. The user can create it manually and attach it with a VPN only subnet.

NEW QUESTION 7
A user is running one instance for only 3 hours every day. The user wants to save some cost with the instance. Which of the below mentioned Reserved Instance categories is advised in this case?

• A. The user should not use RI; instead only go with the on-demand pricing
• B. The user should use the AWS high utilized RI
• C. The user should use the AWS medium utilized RI
• D. The user should use the AWS low utilized RI

Answer: A

Explanation:
The AWS Reserved Instance provides the user with an option to save some money by paying a one-time fixed amount and then save on the hourly rate. It is advisable that if the user is having 30% or more usage of an instance per day, he should go for a RI. If the user is going to use an EC2 instance for more than 2200-2500 hours per year, RI will help the user save some cost. Here, the instance is not going to run for less than 1500 hours. Thus, it is advisable that the user should use the on-demand pricing.

NEW QUESTION 8
A user has configured the AWS CloudWatch alarm for estimated usage charges in the US East region. Which of the below mentioned statements is not true with respect to the estimated charges?
Exhibit:

• A. It will store the estimated charges data of the last 14 days
• B. It will include the estimated charges of every AWS service
• C. The metric data will represent the data of all the regions
• D. The metric data will show data specific to that region

Answer: D

Explanation:
When the user has enabled the monitoring of estimated charges for the AWS account with AWS CloudWatch, the estimated charges are calculated and sent several times daily to CloudWatch in the form of metric data. This data will be stored for 14 days. The billing metric data is stored in the US East (Northern Virginia. Region and represents worldwide charges. This data also includes the estimated charges for every service in AWS used by the user, as well as the estimated overall AWS charges.

NEW QUESTION 9
You have identified network throughput as a bottleneck on your m1.small EC2 instance when uploading data Into Amazon S3 In the same region.
How do you remedy this situation?

• A. Add an additional ENI
• B. Change to a larger Instance
• C. Use DirectConnect between EC2 and S3
• D. Use EBS PIOPS on the local volume

Answer: B

Explanation: Reference:
https://media.amazonwebservices.com/AWS_Amazon_EMR_Best_Practices.pdf

NEW QUESTION 10
A user has provisioned 2000 IOPS to the EBS volume. The application hosted on that EBS is experiencing less IOPS than provisioned. Which of the below mentioned options does not affect the IOPS of the volume?

• A. The application does not have enough IO for the volume
• B. The instance is EBS optimized
• C. The EC2 instance has 10 Gigabit Network connectivity
• D. The volume size is too large

Answer: D

Explanation:
When the application does not experience the expected IOPS or throughput of the PIOPS EBS volume that was provisioned, the possible root cause could be that the EC2 bandwidth is the limiting factor and the instance might not be either EBS-optimized or might not have 10 Gigabit network connectivity. Another possible cause for not experiencing the expected IOPS could also be that the user is not driving enough I/O to the EBS volumes. The size of the volume may not affect IOPS.

NEW QUESTION 11
When an EC2 instance mat is backed by an S3-Dased AMI is terminated, what happens to the data on the root volume?

• A. Data is automatically deleted
• B. Data is automatically saved as an EBS snapsho
• C. Data is unavailable until the instance is restarted
• D. Data is automatically saved as an EBS volum

Answer: A

NEW QUESTION 12
When creation of an EBS snapshot Is initiated but not completed the EBS volume?

• A. Cannot De detached or attached to an EC2 instance until me snapshot completes
• B. Can be used in read-only mode while me snapshot is in progress
• C. Can be used while me snapshot Is in progress
• D. Cannot be used until the snapshot completes

Answer: C

Explanation: Reference:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-copy-snapshot.html

NEW QUESTION 13
A user has created a VPC with CIDR 20.0.0.0/24. The user has created a public subnet with CIDR 20.0.0.0/25. The user is trying to create the private subnet with CIDR 20.0.0.128/25. Which of the below mentioned statements is true in this scenario?

• A. It will not allow the user to create the private subnet due to a CIDR overlap
• B. It will allow the user to create a private subnet with CIDR as 20.0.0.128/25
• C. This statement is wrong as AWS does not allow CIDR 20.0.0.0/25
• D. It will not allow the user to create a private subnet due to a wrong CIDR range

Answer: B

Explanation:
When the user creates a subnet in VPC, he specifies the CIDR block for the subnet. The CIDR block of a subnet can be the same as the CIDR block for the VPC (for a single subnet in the VPC., or a subset (to enable multiple subnets.. If the user creates more than one subnet in a VPC, the CIDR blocks of the subnets must not overlap. Thus, in this case the user has created a VPC with the CIDR block 20.0.0.0/24, which supports 256 IP addresses (20.0.0.0 to 20.0.0.255.. The user can break this CIDR block into two subnets, each supporting 128 IP addresses. One subnet uses the CIDR block 20.0.0.0/25 (for addresses 20.0.0.0 - 20.0.0.127. and the other uses the CIDR block 20.0.0.128/25 (for addresses 20.0.0.128 - 20.0.0.255..

NEW QUESTION 14
A user is accessing RDS from an application. The user has enabled the Multi AZ feature with the MS SQL RDS DB. During a planned outage how will AWS ensure that a switch from DB to a standby replica will not affect access to the application?

• A. RDS will have an internal IP which will redirect all requests to the new DB
• B. RDS uses DNS to switch over to stand by replica for seamless transition
• C. The switch over changes Hardware so RDS does not need to worry about access
• D. RDS will have both the DBs running independently and the user has to manually switch over

Answer: B

Explanation:
In the event of a planned or unplanned outage of a DB instance, Amazon RDS automatically switches to a standby replica in another Availability Zone if the user has enabled Multi AZ. The automatic failover mechanism simply changes the DNS record of the DB instance to point to the standby DB instance. As a result, the user will need to re-establish any existing connections to the DB instance. However, as the DNS is the same, the application can access DB seamlessly.

NEW QUESTION 15
A user has setup a custom application which generates a number in decimals. The user wants to track that number and setup the alarm whenever the number is above a certain limit. The application is sending the data to CloudWatch at regular intervals for this purpose. Which of the below mentioned statements is not true with respect to the above scenario?

• A. The user can get the aggregate data of the numbers generated over a minute and send it to CloudWatch
• B. The user has to supply the timezone with each data point
• C. CloudWatch will not truncate the number until it has an exponent larger than 126 (i.
• D. (1 x 10^126.
• E. The user can create a file in the JSON format with the metric name and value and supply it to CloudWatch

Answer: B

NEW QUESTION 16
A user has launched an EC2 instance. The user is planning to setup the CloudWatch alarm. Which of the
below mentioned actions is not supported by the CloudWatch alarm?

• A. Notify the Auto Scaling launch config to scale up
• B. Send an SMS using SNS
• C. Notify the Auto Scaling group to scale down
• D. Stop the EC2 instance

Answer: B

Explanation:
A user can create a CloudWatch alarm that takes various actions when the alarm changes state. An alarm watches a single metric over the time period that the user has specified, and performs one or more actions based on the value of the metric relative to a given threshold over a number of time periods. The actions could be sending a notification to an Amazon Simple Notification Service topic (SMS, Email, and HTTP end point.,notifying the Auto Scaling policy or changing the state of the instance to Stop/Terminate.

NEW QUESTION 17
A root account owner has given full access of his S3 bucket to one of the IAM users using the bucket ACL. When the IAM user logs in to the S3 console, which actions can he perform?

• A. He can just view the content of the bucket
• B. He can do all the operations on the bucket
• C. It is not possible to give access to an IAM user using ACL
• D. The IAM user can perform all operations on the bucket using only API/SDK

Answer: C

Explanation:
Each AWS S3 bucket and object has an ACL (Access Control List. associated with it. An ACL is a list of grants identifying the grantee and the permission granted. The user can use ACLs to grant basic read/write permissions to other AWS accounts. ACLs use an Amazon S3–specific XML schema. The user cannot grant permissions to other users (IAM users. in his account.

NEW QUESTION 18
A user wants to disable connection draining on an existing ELB. Which of the below mentioned statements helps the user disable connection draining on the ELB?

• A. The user can only disable connection draining from CLI
• B. It is not possible to disable the connection draining feature once enabled
• C. The user can disable the connection draining feature from EC2 -> ELB console or from CLI
• D. The user needs to stop all instances before disabling connection draining

Answer: C

Explanation:
The Elastic Load Balancer connection draining feature causes the load balancer to stop sending new requests to the back-end instances when the instances are deregistering or become unhealthy, while ensuring that inflight requests continue to be served. The user can enable or disable connection draining from the AWS EC2 console -> ELB or using CLI.