NEW QUESTION 1
Disabling automated backups disables the point-in-time recovery feature.

• A. True
• B. False

Answer: A

NEW QUESTION 2
You have been asked to create VPC for your company. The VPC must support both Internet-facing web applications (ie they need to be publicly accessible) and internal private applications (i.e. they are not publicly accessible and can be accessed only over VPN). The internal private applications must be inside a private subnet. Both the internet-facing and private applications must be able to
leverage at least three Availability Zones for high availability. At a minimum, how many subnets must you create within your VPC to achieve this?

• A. 5
• B. 3
• C. 4
• D. 6

Answer: D

NEW QUESTION 3
Which of the following is an incorrect statement about Amazon CloudWatch?

• A. You can use CloudWatch to collect and track metrics, which are the variables you want to measure for your resources and applications.
• B. You can set CloudWatch alarms to send notifications or automatically make changes to the resources you are monitoring, based on rules that you define.
• C. You can control and monitor all Security Groups and their related rules.
• D. You gain system-wide visibility into resource utilization, application performance, and operational health.

Answer: C

Explanation:
Amazon CloudWatch monitors your Amazon Web Services (AWS) resources and the applications you run on AWS in real-time.
You can use CloudWatch to collect and track metrics, which are the variables you want to measure for your resources and applications. CloudWatch alarms send notifications or automatically make changes to the resources you are monitoring based on rules that you define.
For example, you can monitor the CPU usage and disk reads and writes of your Amazon Elastic Compute Cloud (Amazon EC2) instances and then use this data to determine whether you should launch additional instances to handle increased load. You can also use this data to stop under-used instances to save money. In addition to monitoring the built-in metrics that come with AWS, you can monitor your own custom metrics. With CloudWatch, you gain system-wide visibility into resource utilization, application performance, and operational health. http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/WhatIsCloudWatch.html

NEW QUESTION 4
To view information about an Amazon EBS volume, open the Amazon EC2 console at https://console.aws.amazon.com/ec2/, click ______ in the Navigation pane.

• A. EBS
• B. Describe
• C. Details
• D. Volumes

Answer: D

Explanation:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-describing-volumes.html

NEW QUESTION 5
Your department creates regular analytics reports from your company's log files. All log data is collected in Amazon S3 and processed by daily Amazon Elastic MapReduce (EMR) jobs that generate daily PDF reports and aggregated tables in CSV format for an Amazon Redshift data warehouse. Your CFO requests that you optimize the cost structure for this system.
Which of the following alternatives will lower costs without compromising average performance of the system or data integrity for the raw data?

• A. Use reduced redundancy storage (RRS) for all data In S3. Use a combination of Spot Instances and Reserved Instances for Amazon EMR job
• B. Use Reserved Instances for Amazon Redshift.
• C. Use reduced redundancy storage (RRS) for PDF and .csv data in S3. Add Spot Instances to EMR job
• D. Use Spot Instances for Amazon Redshift.
• E. Use reduced redundancy storage (RRS) for PDF and .csv data In Amazon S3. Add Spot Instances to Amazon EMR job
• F. Use Reserved Instances for Amazon Redshift.
• G. Use reduced redundancy storage (RRS) for all data in Amazon S3. Add Spot Instances to Amazon EMR job
• H. Use Reserved Instances for Amazon Redshift.

Answer: D

Explanation:
Reserved Instances (a.k.a. Reserved Nodes) are appropriate for steady-state production workloads, and offer significant discounts over On-Demand pricing.
https://aws.amazon.com/redshift
Q: What are some EMR best practices?
If you are running EMR in production you should specify an AMI version, Hive version, Pig version, etc. to make sure the version does not change unexpectedly (e.g. when EMR later adds support for a newer version). If your cluster is mission critical, only use Spot instances for task nodes because if the Spot price increases you may lose the instances. In development, use logging and enable debugging
to spot and correct errors faster. If you are using GZIP, keep your file size to 1–2 GB because GZIP files cannot be split. Click here to download the white paper on Amazon EMR best practices. https://aws.amazon.com/elasticmapreduce/faqs

NEW QUESTION 6
You are checking the workload on some of your General Purpose (SSD) and Provisioned IOPS (SSD) volumes and it seems that the I/O latency is higher than you require. You should probably check the _____ to make sure that your application is not trying to drive more IOPS than you have
provisioned.

• A. Amount of IOPS that are available
• B. Acknowledgement from the storage subsystem
• C. Average queue length
• D. Time it takes for the I/O operation to complete

Answer: C

Explanation:
In EBS workload demand plays an important role in getting the most out of your General Purpose (SSD) and Provisioned IOPS (SSD) volumes. In order for your volumes to deliver the amount of IOPS that are available, they need to have enough I/O requests sent to them. There is a relationship
between the demand on the volumes, the amount of IOPS that are available to them, and the latency of the request (the amount of time it takes for the I/O operation to complete). Latency is the
true end-to-end client time of an I/O operation; in other words, when the client sends a IO, how long does it take to get an acknowledgement from the storage subsystem that the IO read or write is complete.
If your I/O latency is higher than you require, check your average queue length to make sure that your application is not trying to drive more IOPS than you have provisioned. You can maintain high IOPS while keeping latency down by maintaining a low average queue length (which is achieved by provisioning more IOPS for your volume).

NEW QUESTION 7
Which of the following is not a valid configuration type for AWS Storage gateway.

• A. Gateway-accessed volumes
• B. Gateway-cached volumes
• C. Gateway-stored volumes
• D. Gateway-Virtual Tape Library

Answer: A

NEW QUESTION 8
What does Amazon EMR stand for?

• A. Elastic Magnetic Resonance
• B. Encrypted Machine Reads
• C. Elastic MapReduce
• D. Encrypted Machine Rendering

Answer: C

Explanation:
Amazon EMR stands for Elastic MapReduce (Amazon EMR.) Amazon EMR is a managed cluster platform that simplifies running big data frameworks, such as Apache Hadoopand Apache Spark, on AWS to process and analyze vast amounts of data. By using these frameworks and related opensource projects, such as Apache Hive and Apache Pig, you can process data for analytics purposes
and business intelligence workloads. http://docs.aws.amazon.com/ElasticMapReduce/latest/DeveloperGuide/emr-what-is-emr.html

NEW QUESTION 9
You have launched an Amazon Elastic Compute Cloud (EC2) instance into a public subnet with a primary private IP address assigned, an Internet gateway is attached to the VPC, and the public route table is configured to send all Internet-based traffic to the Internet gateway. The instance security group is set to allow all outbound traffic but cannot access the internet. Why is the Internet unreachable from this instance?

• A. The instance does not have a public IP address.
• B. The internet gateway security group must allow all outbound traffic.
• C. The instance security group must allow all inbound traffic.
• D. The instance "Source/Destination check" property must be enable

Answer: A

Explanation:
Ensure that instances in your subnet have public IP addresses or Elastic IP addresses. https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Internet_Gateway.html

NEW QUESTION 10
How many Elastic IP by default in Amazon Account?

• A. 1 Elastic IP
• B. 3 Elastic IP
• C. 5 Elastic IP
• D. 0 Elastic IP

Answer: C

Explanation:
"By default, all AWS accounts are limited to 5 Elastic IP addresses, because public (IPv4) Internet addresses are a scarce public resource." http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html

NEW QUESTION 11
A bank is writing new software that is heavily dependent upon the database transactions for write consistency. The application will also occasionally generate reports on data in the database, and will do joins across multiple tables. The database must automatically scale as the amount of data growth. Which AWS service should be used to run the database?

• A. Amazon S3
• B. Amazon Aurora
• C. Amazon DynamoDB
• D. Amazon Redshift

Answer: C

NEW QUESTION 12
An Auto Scaling group is running at the desired capacity of 5 instances and receives a trigger from the Cloudwatch Alarm to increase the capacity by 1. The cool down period is 5 minutes.
Cloudwatch sends another trigger after 2 minutes to decrease the desired capacity by 1. What will be the count of instances at the end of 4 minutes?

• A. 7
• B. 6
• C. 4
• D. 5

Answer: B

Explanation:
The cool down period is the time difference between the end of one scaling activity (can be start or terminate) and the start of another one (can be start or terminate). During the cool down period, Auto Scaling does not allow the desired capacity of the Auto Scaling group to be changed by any other CloudWatch alarm. Thus, in this case the trigger from the second alarm will have no effect. http://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/AS_Concepts.html#healthcheck

NEW QUESTION 13
You have an EC2 instance which needs to find out both its private IP address and its public IP address. To do this you need to;

• A. Run IPCONFIG (Windows) or IFCONFIG (Linux)
• B. Retrieve the instance Metadata from http://169.254.169.254/latest/meta-data/
• C. Retrieve the instance Userdata from http://169.254.169.254/latest/meta-data/
• D. Use the following command; AWS EC2 displayIP

Answer: B

NEW QUESTION 14
By default, EBS volumes that are created and attached to an instance at launch are deleted when that instance is terminated. You can modify this behavior by changing the value of the flag to false when you launch the instance

• A. DeleteOnTermination
• B. RemoveOnDeletion
• C. RemoveOnTermination
• D. TerminateOnDeletion

Answer: A

Explanation:
By default, Amazon EBS root device volumes are automatically deleted when the instance terminates. However, by default, any additional EBS volumes that you attach at launch, or any EBS volumes that you attach to an existing instance persist even after the instance terminates.
This behavior is controlled by the volume’s DeleteOnTermination attribute, which you can modify. http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html

NEW QUESTION 15
You are designing a connectivity solution between on-premises infrastructure and Amazon VPC Your server’s on-premises will DE communicating with your VPC instances. You will De establishing IPSec
tunnels over the Internet. You will be using VPN gateways and terminating the IPsec tunnels on AWSsupported customer gateways.
Which of the following objectives would you achieve by implementing an IPSec tunnel as outlined above? (Choose four.)

• A. End-to-end protection of data in transit
• B. End-to-end Identity authentication
• C. Data encryption across the Internet
• D. Protection of data in transit over the Internet
• E. Peer identity authentication between VPN gateway and customer gateway
• F. Data integrity protection across the Internet

Answer: CDEF

NEW QUESTION 16
Which of the following are true regarding AWS CloudTrail? (Choose three.)

• A. CloudTrail is enabled globally
• B. CloudTrail is enabled by default
• C. CloudTrail is enabled on a per-region basis
• D. CloudTrail is enabled on a per-service basis.
• E. Logs can be delivered to a single Amazon S3 bucket for aggregation.
• F. CloudTrail is enabled for all available services within a region.
• G. Logs can only be processed and delivered to the region in which they are generate

Answer: ACE

Explanation:
A: have a trail with the Apply trail to all regions option enabled.
C: have multiple single region trails.
E: Log files from all the regions can be delivered to a single S3 bucket. Global service events are always delivered to trails that have the Apply trail to all regions option enabled. Events are delivered from a single region to the bucket for the trail. This setting cannot be changed. If you have a single region trail, you should enable the Include global services option. If you have multiple single region trails, you should enable the Include global services option in only one of the trails.
D: Incorrect. Once enabled it is applicable for all the supported services, service can't be selected.

NEW QUESTION 17
The new DB Instance that is created when you promote a Read Replica retains the backup window period.

• A. TRUE
• B. FALSE

Answer: A

Explanation:
"The new DB instance that is created when you promote a Read Replica retains the backup retention period, backup window period, and parameter group of the former Read Replica source." http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReadRepl.html

NEW QUESTION 18
Amazon EC2 provides virtual computing environments known as _____ .

• A. instances
• B. volumes
• C. microsystems
• D. servers

Answer: A

Explanation:
Amazon EC2 provides virtual computing environments known as instances. When you launch an instance, the instance type that you specify determines the hardware of the host computer used for your instance. Each instance type offers different compute, memory, and storage capabilities and are grouped in instance families based on these capabilities. Select an instance type based on the requirements of the application or software that you plan to run on your instance. http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/concepts.html

NEW QUESTION 19
A user has created an ELB with Auto Scaling. Which of the below mentioned offerings from ELB helps the user to stop sending new requests traffic from the load balancer to the EC2 instance when the instance is being deregistered while continuing in-flight requests?

• A. ELB sticky session
• B. ELB deregistration check
• C. ELB auto registration Off
• D. ELB connection draining

Answer: D

Explanation:
The Elastic Load Balancer connection draining feature causes the load balancer to stop sending new requests to the back-end instances when the instances are deregistering or become unhealthy, while ensuring that in-flight requests continue to be served.

NEW QUESTION 20
A _____ is the concept of allowing (or disallowing) an entity such as a user, group, or role some type of access to one or more resources.

• A. user
• B. AWS Account
• C. resource
• D. permission

Answer: D

Explanation:
A permission is the concept of allowing (or disallowing) an entity such as a user, group, or role some type of access to one or more resources.

NEW QUESTION 21
An organization has a statutory requirement to protect the data at rest for data stored in EBS volumes. Which of the below mentioned options can the organization use to achieve data protection?

• A. Data replication.
• B. Data encryption.
• C. Data snapshot.
• D. All the options listed her

Answer: D

Explanation:
For protecting the Amazon EBS data at REST, the user can use options, such as Data Encryption (Windows / Linux / third party based), Data Replication (AWS internally replicates data for redundancy), and Data Snapshot (for point in time backup).

NEW QUESTION 22
It is advised that you watch the Amazon CloudWatch " _____ " metric (available via the AWS Management Console or Amazon Cloud Watch APIs) carefully and recreate the Read Replica should it fall behind due to replication errors.

• A. Write Lag
• B. Read Replica
• C. Replica Lag
• D. Single Replica

Answer: C

Explanation:
The amount of time a Read Replica DB instance lags behind the source DB instance. Applies to MySQL, MariaDB, and PostgreSQL Read Replicas. http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/rds-metricscollected.html

NEW QUESTION 23
What does the AWS Storage Gateway provide?

• A. It provides data security features by enabling an encrypted data storage on Amazon S3.
• B. It provides an encrypted SSL endpoint for backups in the cloud.
• C. It provides seamless integration with data security features between your on-premises ITenvironment and the Amazon Web Services (AWS) storage infrastructure.
• D. It provides a backup solution to on-premises Cloud storag

Answer: C

Explanation:
AWS Storage Gateway connects an on-premises software appliance with cloud-based storage to provide seamless integration with data security features between your on-premises IT environment and the Amazon Web Services (AWS) storage infrastructure. http://docs.aws.amazon.com/storagegateway/latest/userguide/WhatIsStorageGateway.html

NEW QUESTION 24
A user has created an ELB with the availability zone US-East-1

• A. The user wants to add more zones to ELB to achieve High Availabilit
• B. How can the user add more zones to the existing ELB?
• C. The user should stop the ELB and add zones and instances as required
• D. The only option is to launch instances in different zones and add to ELB
• E. It is not possible to add more zones to the existing ELB
• F. The user can add zones on the fly from the AWS console

Answer: D

Explanation:
The user has created an Elastic Load Balancer with the availability zone and wants to add more zones to the existing ELB. The user can do so in two ways:
From the console or CLI, add new zones to ELB;
Launch instances in a separate AZ and add instances to the existing ELB.

NEW QUESTION 25
You have an EC2 Security Group with several running EC2 instances. You change the Security Group rules to allow inbound traffic on a new port and protocol, and launch several new instances in the same Security Group. The new rules apply:

• A. Immediately to all instances in the security group.
• B. Immediately to the new instances only.
• C. Immediately to the new instances, but old instances must be stopped and restarted before the new rules apply.
• D. To all instances, but it may take several minutes for old instances to see the changes.

Answer: A

Explanation:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html#vpc-securitygroups

NEW QUESTION 26
Through which of the following interfaces is AWS Identity and Access Management available?
A) AWS Management Console
B) Command line interface (CLI)
C) IAM Query API
D) Existing libraries

• A. Only through Command line interface (CLI)
• B. A, B and C
• C. A and C
• D. All of the above

Answer: D

Explanation:
Accessing IAM:
1 - AWS Management Console 2 - AWS Command Line Tools
3 - AWS SDKs (i.e. Existing libraries) 4 - IAM HTTPS API
http://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html#intro-accessing

NEW QUESTION 27
A user has created an EBS volume with 1000 IOPS. What is the average IOPS that the user will get for most of the year as per EC2 SLA if the instance is attached to the EBS optimized instance?

• A. 950
• B. 990
• C. 1000
• D. 900

Answer: D

Explanation:
As per AWS SLA if the instance is attached to an EBS-Optimized instance, then the Provisioned IOPS volumes are designed to deliver within 10% of the provisioned IOPS performance 99.9% of the time in a given year. Thus, if the user has created a volume of 1000 IOPS, the user will get a minimum 900 IOPS 99.9% time of the year.

NEW QUESTION 28
Which of the following statements is true of using a network in Amazon CloudFront?

• A. CloudFront loads static content from all edge locations.
• B. CloudFront provides a capacity reservation for EC2 instances in an Availability Zone.
• C. CloudFront caches content at edge locations for a specified period of time.
• D. CloudFront detects unhealthy instances and stops sending traffic to the

Answer: C

Explanation:
CloudFront caches content at edge locations for a period of time that you specify. When a visitor requests content that has been cached for longer than the expiration date, CloudFront checks the origin server to see if a newer version of the content is available. http://docs.aws.amazon.com/gettingstarted/latest/swh/getting-started-create-cfdist.html

NEW QUESTION 29
What is the name of licensing model in which I can use your existing Oracle Database licenses to run Oracle deployments on Amazon RDS?

• A. Bring Your Own License
• B. Role Bases License
• C. Enterprise License
• D. License Included

Answer: A

Explanation:
https://aws.amazon.com/oracle/

NEW QUESTION 30
......