NEW QUESTION 1
The AWS console for DynamoDB enables you to do all the following operations, except:

• A. Set up alarms to monitor your tabIe's capacity usage.
• B. Create, update, and delete tables.
• C. Import Data from other databases or from files.
• D. View your tabIe's top monitoring metrics on real-time graphs from CIoudWatc

Answer: C

Explanation:
The AWS console for DynamoDB enables you to do all the above operation but not Importing Data from other databases or from files and it is not possible to do it.
Reference: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ConsoIeDynamoDB.html

NEW QUESTION 2
Which of the following statements about SQS is true?

• A. Messages will be delivered exactly once and messages will be delivered in First in, First out order
• B. Messages will be delivered exactly once and message delivery order is indeterminate
• C. Messages will be delivered one or more times and messages will be delivered in First in, First out order
• D. Messages will be delivered one or more times and message delivery order is indeterminate

Answer: D

NEW QUESTION 3
A user is trying to share a video file with all his friends. Which of the below mentioned AWS services will be cheapest and easy to use?

• A. AWS S3
• B. AWS EC2
• C. AWS RRS
• D. AWS Glacier

Answer: C

Explanation:
AWS RRS provides the same functionality as AWS S3, but at a cheaper rate. It is ideally suited for non mission critical applications. It provides less durability than S3, but is a cheaper option.
Reference: http://docs.aws.amazon.com/AmazonS3/Iatest/dev/UsingRRS.htmI

NEW QUESTION 4
True or False: AWS CIoudFormation allows you to create Microsoft Windows stacks.

• A. False, AWS CIoudFormation does not support Microsoft Windows.
• B. False, Amazon doesn’t support Microsoft Windows.
• C. False, you cannot create Windows stacks.
• D. True

Answer: D

Explanation:
AWS CIoudFormation allows you to create Microsoft Windows stacks based on Amazon EC2 Windows Amazon Machine Images (AMIs) and provides you with the ability to install software, to use remote desktop to access your stack, and to update and configure your stack.
Reference: http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/cfn-windows-stacks.html

NEW QUESTION 5
In DynamoDB, a secondary index is a data structure that contains a subset of attributes from a table, along with an alternate key to support operations.

• A. None of the above
• B. Both
• C. Query
• D. Scan

Answer: C

Explanation:
In DynamoDB, a secondary index is a data structure that contains a subset of attributes from a table, along with an alternate key to support Query operations.
Reference: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Secondarylndexes.htmI

NEW QUESTION 6
A corporate web application is deployed within an Amazon VPC, and is connected to the corporate data center via IPSec VPN. The application must authenticate against the on-premise LDAP server. Once authenticated, logged-in users can only access an S3 keyspace specific to the user.
Which two approaches can satisfy the objectives? Choose 2 answers

• A. The application authenticates against LDA
• B. The application then calls the IAM Security Service to login to IAM using the LDAP credential
• C. The application can use the IAM temporary credentials to access the appropriate S3 bucket.
• D. The application authenticates against LDAP, and retrieves the name of an IAM role associated with the use
• E. The application then calls the IAM Security Token Service to assume that IAM Rol
• F. The application can use the temporary credentials to access the appropriate S3 bucket.
• G. The application authenticates against IAM Security Token Service using the LDAP credential
• H. The application uses those temporary AWS security credentials to access the appropriate S3 bucket.
• I. Develop an identity broker which authenticates against LDAP, and then calls IAM Security Token Service to get IAM federated user credential
• J. The application calls the identity broker to get IAM federated user credentials with access to the appropriate S3 bucket.
• K. Develop an identity broker which authenticates against IAM Security Token Service to assume an IAM Role to get temporary AWS security credential
• L. The application calls the identity broker to get AWS temporary security credentials with access to the appropriate S3 bucket.

Answer: BD

NEW QUESTION 7
Which one of the following operations is NOT a DynamoDB operation?

• A. BatchWrite|tem
• B. DescribeTabIe
• C. BatchGetItem
• D. BatchDeIeteItem

Answer: D

Explanation:
In DynamoDB, Deleteltem deletes a single item in a table by primary key, but BatchDeIeteItem doesn’t exist.
Reference: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/operationIist.htmI

NEW QUESTION 8
Your application is trying to upload a 6 GB file to Simple Storage Service and receive a "Your proposed upload exceeds the maximum allowed object size." error message.
What is a possible solution for this?

• A. None, Simple Storage Service objects are limited to 5 GB
• B. Use the multi-part upload API for this object
• C. Use the large object upload API for this object
• D. Contact support to increase your object size limit
• E. Upload to a different region

Answer: B

NEW QUESTION 9
A user has created an EBS instance in the US-East-1a AZ. The user has a volume of 30 GB in the US-East-1 b zone. How can the user attach the volume to an instance?

• A. Since both the volume and the instance are in the same region, the user can attach the volume
• B. Use the volume migrate function to move the volume from one AZ to another and attach to the instance
• C. Take a snapshot of the volum
• D. Create a new volume in the USEast-1a and attach that to the instance
• E. Use the volume replicate function to create a new volume in the US-East-1a and attach that to the volume

Answer: C

Explanation:
If an EBS volume is not in the same AZ of an EC2 instance, it cannot be attached to the instance. The only option is to take a snapshot of the volume and create a new volume in the instance’s AZ. Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.htmI

NEW QUESTION 10
Can a user associate and use his own DNS with ELB instead ofthe DNS provided by AWS ELB?

• A. Yes, by creating a CNAME with the existing domain name provider
• B. Yes, by configuring DNS in the AWS Console
• C. No
• D. Yes, only through Route 53 by mapping ELB and DNS

Answer: A

Explanation:
The AWS ELB allows mapping a custom domain name with ELB. The user can map ELB with DNS in two ways: 1) By creating CNAME with the existing domain name service provider or 2) By creating a record with Route 53.
Reference:
http://docs.aws.amazon.com/E|asticLoadBaIancing/latest/DeveIoperGuide/using-domain-names-with-elb. html

NEW QUESTION 11
A user is running a MySQL RDS instance. The user will not use the DB for the next 3 months. How can the user save costs?

• A. Pause the RDS actMties from CLI until it is required in the future
• B. Stop the RDS instance
• C. Create a snapshot of RDS to launch in the future and terminate the instance now
• D. Change the instance size to micro

Answer: C

Explanation:
The RDS instances unlike the AWS EBS backed instances cannot be stopped or paused. The user needs to take the final snapshot, terminate the instance and launch a new instance in the future from that snapshot
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.BackingUpAndRestoringAmazonR DSInstances.htmI

NEW QUESTION 12
What kind of service is provided by AWS DynamoDB?

• A. Relational Database
• B. NoSQL Database
• C. Dynamic Database
• D. Document Database

Answer: B

Explanation:
DynamoDB is a fast, fully managed NoSQL database service. Reference: http://aws.amazon.com/dynamodb/

NEW QUESTION 13
The user has created multiple AutoScaIing groups. The user is trying to create a new AS group but it fails. How can the user know that he has reached the AS group limit specified by AutoScaIing in that region?

• A. Run the command: as-describe-account-limits
• B. Run the command: as-describe-group-limits
• C. Run the command: as-max-account-limits
• D. Run the command: as-list-account-limits

Answer: A

Explanation:
A user can see the number of AutoScaIing resources currently allowed for the AWS account either by using the as-describe-account-Iimits command or by calling the DescribeAccountLimits action. Reference:http://docs.aws.amazon.com/AutoScaIing/latest/DeveIoperGuide/ts-as-capacity.html

NEW QUESTION 14
A user is launching an AWS RDS with MySQL. Which of the below mentioned options allows the user to configure the INNODB engine parameters?

• A. Options group
• B. Engine parameters
• C. Parameter groups
• D. DB parameters

Answer: C

Explanation:
With regard to RDS, the user can manage the configuration of a DB engine by using a DB parameter group. A DB parameter group contains engine configuration values that can be applied to one or more DB instances of the same instance type.
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html

NEW QUESTION 15
In DynamoDB, what type of HTTP response codes indicate that a problem was found with the client request sent to the service?

• A. 5xx HTTP response code
• B. 200 HTTP response code
• C. 306 HTTP response code
• D. 4xx HTTP response code

Answer: D

NEW QUESTION 16
An orgAMzation has enabled a strict password policy for its IAM users. The orgAMzation is taking help from the IAM console to set the password policy. Which of the below mentioned rules cannot be specified by the user as a part of the policy?

• A. Allow at least one lower case letter
• B. Allow at least one number
• C. Allow at least one non-alphanumeric character
• D. Do not allow the user to use the password from the last three passwords

Answer: D

Explanation:
AWS IAM allows an orgAMzation to create multiple users and provide them access to various AWS services. By default when the user is created, he does not have password enabled and can not login to AWS console. If the orgAMzation wants to allow the users to login to AWS console, they can enable password for each user. It is required that IAM users follow certain guidelines to set their IAM login password. For this IAM provides root account owner to setup passwrod policy. The password policy also lets the specify whether all IAM users can change their own passwords. As part of policy, orgAMzation can specify that passwords for IAM users must be of a certain minimum length, must include certain characters, and a few more criteria such as below.
One upper/ lower or both letters One alpha numeric
One number
Reference: http://docs.aws.amazon.com/|AM/Iatest/UserGuide/Using_ManagingPasswordPoIicies.htm|

NEW QUESTION 17
An orgAMzation is setting up their website on AWS. The orgAMzation is working on various security measures to be performed on the AWS EC2 instances. Which of the below mentioned security mechAMsms will not help the orgAMzation to avoid future data leaks and identify security weaknesses?

• A. Perform SQL injection for application testing.
• B. Run penetration testing on AWS with prior approval from Amazon.
• C. Perform a hardening test on the AWS instance.
• D. Perform a Code Check for any memory leak

Answer: D

Explanation:
AWS security follows the shared security model where the user is as much responsible as Amazon. Since Amazon is a public cloud it is bound to be targeted by hackers. If an orgAMzation is planning to host their application on AWS EC2, they should perform the below mentioned security checks as a measure to find any security weakness/data leaks:
Perform penetration testing as performed by attackers to find any vulnerability. The orgAMzation must take an approval from AWS before performing penetration testing
Perform hardening testing to find if there are any unnecessary ports open Perform SQL injection to find any DB security issues
The code memory checks are generally useful when the orgAMzation wants to improve the application performance.
Reference: http://aws.amazon.com/security/penetration-testing/

NEW QUESTION 18
Company C is currently hosting their corporate site in an Amazon S3 bucket with Static Website Hosting enabled. Currently, when visitors go to http://www.companyc.com the index.htmI page is returned. Company C now would like a new page weIcome.htmI to be returned when a visitor enters http://www.companyc.com in the browser.
Which of the following steps will allow Company C to meet this requirement? Choose 2 answers

• A. Upload an html page named we|come.htm| to their S3 bucket
• B. Create a welcome subfolder in their S3 bucket
• C. Set the Index Document property to weIcome.htmI
• D. Move the index.htmI page to a welcome subfolder
• E. Set the Error Document property to weIcome.htmI

Answer: AC

NEW QUESTION 19
......