NEW QUESTION 1
AWS Elastic Beanstalk will change the health status of a web server environment tier to gray color when:

• A. AWS Elastic Beanstalk detects other problems with the environment that are known to make the application unavailable
• B. Your application hasn't responded to the application health check URL within the last one hour.
• C. Your application hasn't responded to the application health check URL within the last five minutes.
• D. Your appIication's health status is unknown because status is reported when the application is not in the ready state.

Answer: D

Explanation:
AWS Elastic Beanstalk will change the health status of a web server environment tier to gray color when your appIication's health status is unknown (because status is reported when the application is not in the ready state).
Reference: http://docs.aws.amazon.com/elasticbeanstaIk/latest/dg/using-features.heaIthstatus.htmI

NEW QUESTION 2
A user is creating multiple IAM users. What advice should be given to him to enhance the security?

• A. Grant least prMleges to the indMdual user
• B. Grant all higher prMleges to the group
• C. Grant less prMleges for user, but higher prMleges for the group
• D. Grant more prMleges to the user, but least prMleges to the group

Answer: A

Explanation:
It is a recommended rule that the root user should grant the least prMleges to the IAM user or the group. The higher the prMleges, the more problems it can create.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/IAMBestPractices.htmI

NEW QUESTION 3
A user is running a webserver on EC2. The user wants to receive the SMS when the EC2 instance utilization is above the threshold limit. Which AWS services should the user configure in this case?

• A. AWS CIoudWatch + AWS SES.
• B. AWS CIoudWatch + AWS SNS.
• C. AWS CIoudWatch + AWS SQS.
• D. AWS EC2 + AWS Cloudwatc

Answer: B

Explanation:
Amazon SNS makes it simple and cost-effective to push to mobile devices, such as iPhone, iPad, Android, Kindle Fire, and internet connected smart devices, as well as pushing to other distributed services. In this case, the user can configure that Cloudwatch sends an alarm on when the threshold is crossed to SNS which will trigger an SMS.
Reference: http://aws.amazon.com/sns/

NEW QUESTION 4
When AutoScaIing is launching a new instance based on condition, which of the below mentioned policies will it follow?

• A. Based on the criteria defined with cross zone Load balancing
• B. Launch an instance which has the highest load distribution
• C. Launch an instance in the AZ with the fewest instances
• D. Launch an instance in the AZ which has the highest instances

Answer: C

Explanation:
AutoScaIing attempts to distribute instances evenly between the Availability Zones that are enabled for the user’s AutoScaIing group. Auto Scaling does this by attempting to launch new instances in the Availability Zone with the fewest instances.
Reference:http://docs.aws.amazon.com/AutoScaIing/latest/Deve|operGuide/AS_Concepts.htmI

NEW QUESTION 5
You run an ad-supported photo sharing website using S3 to serve photos to visitors of your site. At some point you find out that other sites have been linking to the photos on your site, causing loss to your business.
What is an effective method to mitigate this?

• A. Store photos on an EBS volume ofthe web server
• B. Remove public read access and use signed URLs with expiry dates.
• C. Use C|oudFront distributions for static content.
• D. Block the IPs of the offending websites in Security Group

Answer: B

NEW QUESTION 6
You need to develop and run some new applications on AWS and you know that Elastic Beanstalk and CIoudFormation can both help as a deployment mechAMsm for a broad range of AWS resources. Which of the following statements best describes the differences between Elastic Beanstalk and C|oudFormation?

• A. Elastic Beanstalk uses Elastic load balancing and CIoudFormation doesn't.
• B. CIoudFormation is faster in deploying applications than Elastic Beanstalk.
• C. CIoudFormation is much more powerful than Elastic Beanstalk, because you can actually design and script custom resources
• D. Elastic Beanstalk is faster in deploying applications than C|oudFormatio

Answer: C

Explanation:
These services are designed to complement each other. AWS Elastic Beanstalk provides an environment to easily develop and run applications in the cloud. It is integrated with developer tools and provides a one-stop experience for you to manage the lifecycle of your applications. AWS CIoudFormation is a convenient deployment mechAMsm for a broad range of AWS resources. It supports the infrastructure needs of many different types of applications such as existing enterprise applications, legacy applications, applications built using a variety of AWS resources and container-based solutions (including those built using AWS Elastic Beanstalk).
AWS CIoudFormation introduces two new concepts: The template, a JSON-format, text-based file that describes all the AWS resources you need to deploy to run your application and the stack, the set of AWS resources that are created and managed as a single unit when AWS CIoudFormation instantiates a template.
Reference: http://aws.amazon.com/c|oudformation/faqs/

NEW QUESTION 7
When a user is launching an instance with EC2, which of the below mentioned options is not available during the instance launch console for a key pair?

• A. Proceed without the key pair
• B. Upload a new key pair
• C. Select an existing key pair
• D. Create a new key pair

Answer: B

Explanation:
While launching an EC2 instance, the user can create a new key pair, select an existing key pair or proceed without a key pair. The user cannot upload a new key pair in the EC2 instance launch console. Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/launching-instance.html

NEW QUESTION 8
A bucket owner has allowed another account’s IAM users to upload or access objects in his bucket. The IAM user of Account A is trying to access an object created by the IAM user of account B. What will happen in this scenario?

• A. The bucket policy may not be created as S3 will give error due to conflict of Access Rights
• B. It is not possible to give permission to multiple IAM users
• C. AWS S3 will verify proper rights given by the owner of Account A, the bucket owner as well as by the IAM user B to the object
• D. It is not possible that the IAM user of one account accesses objects of the other IAM user

Answer: C

Explanation:
If a IAM user is trying to perform some action on an object belonging to another AWS user’s bucket, S3 will verify whether the owner of the IAM user has given sufficient permission to him. It also verifies the policy for the bucket as well as the policy defined by the object owner.
Reference:
http://docs.aws.amazon.com/AmazonS3/Iatest/dev/access-control-auth-workflow-object-operation.htmI

NEW QUESTION 9
A user has setup an application on EC2 which uses the IAM user access key and secret access key to make secure calls to S3. The user wants to temporarily stop the access to S3 for that IAM user. What should the root owner do?

• A. Delete the IAM user
• B. Change the access key and secret access key for the users
• C. Disable the access keys for the IAM user
• D. Stop the instance

Answer: C

Explanation:
If the user wants to temporarily stop the access to S3 the best solution is to disable the keys. Deleting the user will result in a loss of all the credentials and the app will not be useful in the future. If the user stops the instance IAM users can still access S3. The change of the key does not help either as they are still active. The best possible solution is to disable the keys.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/NIanagingCredentia|s.html

NEW QUESTION 10
Does Amazon DynamoDB support both increment and decrement atomic operations?

• A. No, neither increment nor decrement operations.
• B. Only increment, since decrement are inherently impossible with DynamoDB's data model.
• C. Only decrement, since increment are inherently impossible with DynamoDB's data model.
• D. Yes, both increment and decrement operation

Answer: D

Explanation:
Amazon DynamoDB supports increment and decrement atomic operations.
Reference: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/APISummary.html

NEW QUESTION 11
A user has launched an EC2 instance and installed a website with the Apache webserver. The webserver is running but the user is not able to access the website from the internet. What can be the possible reason for this failure?

• A. The security group of the instance is not configured properly.
• B. The instance is not configured with the proper key-pairs.
• C. The Apache website cannot be accessed from the internet.
• D. Instance is not configured with an elastic I

Answer: A

Explanation:
In Amazon Web Services, when a user has configured an instance with Apache, the user needs to ensure that the ports in the security group are opened as configured in Apache config. E.g. If Apache is running on port 80, the user should open port 80 in the security group.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html

NEW QUESTION 12
You have a number of image files to encode. In an Amazon SQS worker queue, you create an Amazon SQS message for each file specifying the command (jpeg-encode) and the location of the file in Amazon S3. Which of the following statements best describes the functionality of Amazon SQS?

• A. Amazon SQS is for single-threaded sending or receMng speeds.
• B. Amazon SQS is a non-distributed queuing system.
• C. Amazon SQS is a distributed queuing system that is optimized for horizontal scalability, not for single-threaded sending or receMng speeds.
• D. Amazon SQS is a distributed queuing system that is optimized for vertical scalability and for single-threaded sending or receMng speeds.

Answer: C

Explanation:
Amazon SQS is a distributed queuing system that is optimized for horizontal scalability, not for
single-threaded sending or receMng speeds. A single client can send or receive Amazon SQS messages at a rate of about 5 to 50 messages per second. Higher receive performance can be achieved by requesting multiple messages (up to 10) in a single call. It may take several seconds before a message that has been to a queue is available to be received.
Reference: http://media.amazonwebservices.com/AWS_Storage_Options.pdf

NEW QUESTION 13
Which of the following are valid arguments for an SNS Publish request? Choose 3 answers

• A. TopicAm
• B. Subject
• C. Destination
• D. Format
• E. Message F.Language

Answer: ABE

NEW QUESTION 14
ExamKiIIer has three AWS accounts. They have created separate IAM users within each account. ExamKiIIer wants a single IAM console URL such as https://examkiIIer.signin.aws.amazon.com/consoIe/ for all account users. How can this be achieved?

• A. Merge all the accounts with consolidated billing
• B. Create the same account alias with each account ID
• C. It is not possible to have the same IAM account login URL for separate AWS accounts
• D. Create the S3 bucket with an alias name and use the redirect rule to forward requests to various accounts

Answer: C

Explanation:
If a user wants the URL of the AWS IAM sign-in page to have a company name instead of the AWS account ID, he can create an alias for his AWS account ID. The alias should be unique.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAIias.html

NEW QUESTION 15
Which of the below mentioned options is not a best practice to securely manage the AWS access credentials?

• A. Enable MFA for prMleged users
• B. Create indMdual IAM users
• C. Keep rotating your secure access credentials at regular intervals
• D. Create strong access key and secret access key and attach to the root account

Answer: D

Explanation:
It is a recommended approach to avoid using the access and secret access keys of the root account.
Thus, do not download or delete it. Instead make the IAM user as powerful as the root account and use its credentials. The user cannot generate their own access and secret access keys as they are always generated by AWS.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/IAMBestPractices.html

NEW QUESTION 16
In relation to Amazon Simple Workflow Service (Amazon SWF),what is an "ActMty Worker"?

• A. An indMdual task undertaken by a workflow
• B. The automation of a business process
• C. A piece of software that implements tasks
• D. All answers listed are correct

Answer: C

Explanation:
In relation to Amazon Simple Workflow Service (Amazon SWF), an actMty worker is a program that receives actMty tasks, performs them, and provides results back. Which translates to a piece of software that implements tasks.
Reference: http://docs.aws.amazon.com/amazonswf/latest/developerguide/swf-dg-develop-actMty.html

NEW QUESTION 17
A user has enabled serverside encryption with S3. The user downloads the encrypted object from S3. How can the user decrypt it?

• A. S3 does not support server side encryption
• B. S3 provides a server side key to decrypt the object
• C. The user needs to decrypt the object using their own private key
• D. S3 manages encryption and decryption automatically

Answer: D

Explanation:
If the user is using the server-side encryption feature, Amazon S3 encrypts the object data before saving it on disks in its data centres and decrypts it when the user downloads the objects. Thus, the user is free from the tasks of managing encryption, encryption keys, and related tools.
Reference: http://docs.aws.amazon.com/AmazonS3/Iatest/dev/UsingEncryption.htmI

NEW QUESTION 18
You cannot access your AWS console, so you revert to using the CLI that you are not familiar with. Which of the following commands is not a valid CLI command for EC2 instances?

• A. ec2-allocate-address
• B. ec2-attach-internet-gateway
• C. ec2-associate-route-table
• D. ec2-allocate-interface

Answer: D

Explanation:
You can use the CLI tools to manage your Amazon EC2 resources (such as instances, security groups, and volumes) and your Amazon VPC resources (such as VPCs, subnets, route tables, and Internet gateways). Before you can start using the tools, you must download and configure them.
The following are valid CLI commands for EC2 instances: ec2-accept-vpc-peering-connection
ec2-allocate-address
ec2-assign-private-ip-addresses ec2-associate-address
ec2-associate-dhcp-options ec2-associate-route-table
ec2-attach-internet-gateway
ec2-attach-network-interface (not ec2-allocate-interface) Reference:
http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/command-reference.html

NEW QUESTION 19
......