SAP-C01 : AWS Certified Solutions Architect – Professional : Part 06

SAP-C01 : AWS Certified Solutions Architect – Professional : Part 06

1. How can an EBS volume that is currently attached to an EC2 instance be migrated from one Availability Zone to another?

   • Detach the volume and attach it to another EC2 instance in the other AZ.
   • Simply create a new volume in the other AZ and specify the original volume as the source.
   • Create a snapshot of the volume, and create a new volume from the snapshot in the other AZ.
   • Detach the volume, then use the ec2-migrate-volume command to move it to another AZ.

2. After launching an instance that you intend to serve as a NAT (Network Address Translation) device in a public subnet you modify your route tables to have the NAT device be the target of internet bound traffic of your private subnet. When you try and make an outbound connection to the internet from an instance in the private subnet, you are not successful.

   Which of the following steps could resolve the issue?

   • Disabling the Source/Destination Check attribute on the NAT instance
   • Attaching an Elastic IP address to the instance in the private subnet
   • Attaching a second Elastic Network Interface (ENI) to the NAT instance, and placing it in the private subnet
   • Attaching a second Elastic Network Interface (ENI) to the instance in the private subnet, and placing it in the public subnet

3. Your application provides data transformation services. Files containing data to be transformed are first uploaded to Amazon S3 and then transformed by a fleet of spot EC2 instances. Files submitted by your premium customers must be transformed with the highest priority.

   How should you implement such a system?

   • Use a DynamoDB table with an attribute defining the priority level. Transformation instances will scan the table for tasks, sorting the results by priority level.
   • Use Route 53 latency based-routing to send high priority tasks to the closest transformation instances.
   • Use two SQS queues, one for high priority messages, the other for default priority. Transformation instances first poll the high priority queue; if there is no message, they poll the default priority queue.
   • Use a single SQS queue. Each message contains the priority level. Transformation instances poll high-priority messages first.

4. Which of the following are characteristics of Amazon VPC subnets? (Choose two.)

   • Each subnet spans at least 2 Availability Zones to provide a high-availability environment.
   • Each subnet maps to a single Availability Zone. 
   • CIDR block mask of /25 is the smallest range supported.
   • By default, all subnets can route between each other, whether they are private or public. 
   • Instances in a private subnet can communicate with the Internet only if they have an Elastic IP.

5. In AWS, which security aspects are the customer’s responsibility? (Choose four.)

   • Security Group and ACL (Access Control List) settings
   • Decommissioning storage devices
   • Patch management on the EC2 instance’s operating system
   • Life-cycle management of IAM credentials
   • Controlling physical access to compute resources
   • Encryption of EBS (Elastic Block Storage) volumes

6. When you put objects in Amazon S3, what is the indication that an object was successfully stored?

   • A HTTP 200 result code and MD5 checksum, taken together, indicate that the operation was successful.
   • Amazon S3 is engineered for 99.999999999% durability. Therefore there is no need to confirm that data was inserted.
   • A success code is inserted into the S3 object metadata.
   • Each S3 account has a special bucket named _s3_logs. Success codes are written to this bucket with a timestamp and checksum.

7. Within the IAM service a GROUP is regarded as a:

   • A collection of AWS accounts
   • It’s the group of EC2 machines that gain the permissions specified in the GROUP.
   • There’s no GROUP in IAM, but only USERS and RESOURCES.
   • A collection of users.
   Explanation:
   Use groups to assign permissions to IAM users
   Instead of defining permissions for individual IAM users, it’s usually more convenient to create groups that relate to job functions (administrators, developers, accounting, etc.), define the relevant permissions for each group, and then assign IAM users to those groups. All the users in an IAM group inherit the permissions assigned to the group. That way, you can make changes for everyone in a group in just one place. As people move around in your company, you can simply change what IAM group their IAM user belongs to.

8. Amazon EC2 provides a repository of public data sets that can be seamlessly integrated into AWS cloud-based applications.

   What is the monthly charge for using the public data sets?

   • A 1-time charge of 10$ for all the datasets.
   • 1$ per dataset per month
   • 10$ per month for all the datasets
   • There is no charge for using the public data sets

9. In the Amazon RDS Oracle DB engine, the Database Diagnostic Pack and the Database Tuning Pack are only available with __________.

   • Oracle Standard Edition
   • Oracle Express Edition
   • Oracle Enterprise Edition
   • None of these

10. A 3-Ber e-commerce web application is currently deployed on-premises, and will be migrated to AWS for greater scalability and elasticity. The web tier currently shares read-only data using a network distributed file system. The app server tier uses a clustering mechanism for discovery and shared session state that depends on IP multicast. The database tier uses shared-storage clustering to provide database failover capability, and uses several read slaves for scaling. Data on all servers and the distributed file system directory is backed up weekly to off-site tapes.

    Which AWS storage and database architecture meets the requirements of the application?

    • Web servers: store read-only data in S3, and copy from S3 to root volume at boot time. App servers: share state using a combination of DynamoDB and IP unicast.
      Database: use RDS with multi-AZ deployment and one or more read replicas.
      Backup: web servers, app servers, and database backed up weekly to Glacier using snapshots.
    • Web servers: store read-only data in an EC2 NFS server, mount to each web server at boot time. App servers: share state using a combination of DynamoDB and IP multicast.
      Database: use RDS with multi- AZ deployment and one or more Read Replicas. Backup: web and app servers backed up weekly via AMIs, database backed up via DB snapshots.
    • Web servers: store read-only data in S3, and copy from S3 to root volume at boot time. App servers:
      share state using a combination of DynamoDB and IP unicast.
      Database: use RDS with multi-AZ deployment and one or more Read Replicas. Backup: web and app servers backed up weekly via AMIs, database backed up via DB snapshots.
    • Web servers: store read-only data in S3, and copy from S3 to root volume at boot time
      App servers:
      share state using a combination of DynamoDB and IP unicast. Database: use RDS with multi-AZ deployment.
      Backup: web and app servers backed up weekly via AMIs, database backed up via DB snapshots.

11. A user is running a batch process on EBS backed EC2 instances. The batch process launches few EC2 instances to process Hadoop Map reduce jobs which can run between 50 ?600 minutes or sometimes for even more time. The user wants a configuration that can terminate the instance only when the process is completed.

    How can the user configure this with CloudWatch?

    • Configure a job which terminates all instances after 600 minutes
    • It is not possible to terminate instances automatically
    • Configure the CloudWatch action to terminate the instance when the CPU utilization falls below 5%
    • Set up the CloudWatch with Auto Scaling to terminate all the instances
    Explanation:​
    Amazon CloudWatch alarm watches a single metric over a time period that the user specifies and performs one or more actions based on the value of the metric relative to a given threshold over a number of time periods. The user can setup an action which terminates the instances when their CPU utilization is below a certain threshold for a certain period of time. The EC2 action can either terminate or stop the instance as part of the EC2 action.

12. What is the maximum write throughput I can provision for a single Dynamic DB table?

    • 1,000 write capacity units
    • 100,000 write capacity units
    • Dynamic DB is designed to scale without limits, but if you go beyond 10,000 you have to contact AWS first.
    • 10,000 write capacity units

13. What is the name of licensing model in which I can use your existing Oracle Database licenses to run Oracle deployments on Amazon RDS?

    • Bring Your Own License
    • Role Bases License
    • Enterprise License
    • License Included

14. When you resize the Amazon RDS DB instance, Amazon RDS will perform the upgrade during the next maintenance window. If you want the upgrade to be performed now, rather than waiting for the maintenance window, specify the option.

    • ApplyNow
    • ApplySoon
    • ApplyThis
    • ApplyImmediately

15. If I write the below command, what does it do?

    ec2-run ami-e3a5408a -n 20 -g appserver

    • Start twenty instances as members of appserver group.
    • Creates 20 rules in the security group named appserver
    • Terminate twenty instances as members of appserver group.
    • Start 20 security groups

16. The ________ service is targeted at organizations with multiple users or systems that use AWS products such as Amazon EC2, Amazon SimpleDB, and the AWS Management Console.

    • Amazon RDS
    • AWS Integrity Management
    • AWS Identity and Access Management
    • Amazon EMR

17. Which AWS instance address has the following characteristics? :”If you stop an instance, its Elastic IP address is unmapped, and you must remap it when you restart the instance.”

    • Both A and B
    • None of these
    • VPC Addresses
    • EC2 Addresses
    Explanation:
    Stopping an instance
    EC2-Classic
    If you stop an instance, its Elastic IP address is disassociated, and you must reassociate the Elastic IP address when you restart the instance.
    EC2-VPC
    If you stop an instance, its Elastic IP address remains associated.

18. By default, Amazon Cognito maintains the last-written version of the data. You can override this behavior and resolve data conflicts programmatically.

    In addition, push synchronization allows you to use Amazon Cognito to send a silent notification to all devices associated with an identity to notify them that new data is available.

    • get
    • post
    • pull
    • push

19. You want to use AWS CodeDeploy to deploy an application to Amazon EC2 instances running within an Amazon Virtual Private Cloud (VPC).

    What criterion must be met for this to be possible?

    • The AWS CodeDeploy agent installed on the Amazon EC2 instances must be able to access only the public AWS CodeDeploy endpoint.
    • The AWS CodeDeploy agent installed on the Amazon EC2 instances must be able to access only the public Amazon S3 service endpoint.
    • The AWS CodeDeploy agent installed on the Amazon EC2 instances must be able to access the public AWS CodeDeploy and Amazon S3 service endpoints.
    • It is not currently possible to use AWS CodeDeploy to deploy an application to Amazon EC2 instances running within an Amazon Virtual Private Cloud (VPC.)
    Explanation:
    You can use AWS CodeDeploy to deploy an application to Amazon EC2 instances running within an Amazon Virtual Private Cloud (VPC).
    However, the AWS CodeDeploy agent installed on the Amazon EC2 instances must be able to access the public AWS CodeDeploy and Amazon S3 service endpoints.

20. An IAM user is trying to perform an action on an object belonging to some other root account’s bucket.

    Which of the below mentioned options will AWS S3 not verify?

    • The object owner has provided access to the IAM user
    • Permission provided by the parent of the IAM user on the bucket
    • Permission provided by the bucket owner to the IAM user
    • Permission provided by the parent of the IAM user
    Explanation:
    If the IAM user is trying to perform some action on the object belonging to another AWS user’s bucket, S3 will verify whether the owner of the IAM user has given sufficient permission to him. It also verifies the policy for the bucket as well as the policy defined by the object owner.