SAP-C01 : AWS Certified Solutions Architect – Professional : Part 08

SAP-C01 : AWS Certified Solutions Architect – Professional : Part 08

1. When does an AWS Data Pipeline terminate the AWS Data Pipeline-managed compute resources?

   • AWS Data Pipeline terminates AWS Data Pipeline-managed compute resources every 2 hours.
   • When the final activity that uses the resources is running
   • AWS Data Pipeline terminates AWS Data Pipeline-managed compute resources every 12 hours.
   • When the final activity that uses the resources has completed successfully or failed
   Explanation:
   Compute resources will be provisioned by AWS Data Pipeline when the first activity for a scheduled time that uses those resources is ready to run, and those instances will be terminated when the final activity that uses the resources has completed successfully or failed.

2. What bandwidths do AWS Direct Connect currently support?

   • 10Mbps and 100Mbps
   • 10Gbps and 100Gbps
   • 100Mbps and 1Gbps
   • 1Gbps and 10 Gbps
   Explanation:
   AWS Direct Connection currently supports 1Gbps and 10 Gbps.

3. The Principal element of an IAM policy refers to the specific entity that should be allowed or denied permission, whereas the translates to everyone except the specified entity.

   • NotPrincipal
   • Vendor
   • Principal
   • Action
   Explanation:
   The element NotPrincipal that is included within your IAM policy statements allows you to specify an exception to a list of principals to whom the access to a specific resource is either allowed or denied. Use the NotPrincipal element to specify an exception to a list of principals. For example, you can deny access to all principals except the one named in the NotPrincipal element.

4. Doug has created a VPC with CIDR 10.201.0.0/16 in his AWS account. In this VPC he has created a public subnet with CIDR block 10.201.31.0/24.
   While launching a new EC2 from the console, he is not able to assign the private IP address 10.201.31.6 to this instance.

   Which is the most likely reason for this issue?

   • Private address IP 10.201.31.6 is currently assigned to another interface
   • Private IP address 10.201.31.6 is reserved by Amazon for IP networking purposes.
   • Private IP address 10.201.31.6 is blocked via ACLs in Amazon infrastructure as a part of platform security.
   • Private IP address 10.201.31.6 is not part of the associated subnet’s IP address range.
   Explanation:
   In Amazon VPC, you can assign any Private IP address to your instance as long as it is: Part of the associated subnet’s IP address range
   Not reserved by Amazon for IP networking purposes Not currently assigned to another interface

5. A user is configuring MySQL RDS with PIOPS. What should be the minimum size of DB storage provided by the user?

   • 1 TB
   • 50 GB
   • 5 GB
   • 100 GB
   Explanation:
   If the user is trying to enable PIOPS with MySQL RDS, the minimum size of storage should be 100 GB.

6. The Statement element, of an AWS IAM policy, contains an array of individual statements. Each individual statement is a(n) _________ block enclosed in braces { }.

   • XML
   • JavaScript
   • JSON
   • AJAX
   Explanation:
   The Statement element, of an IAM policy, contains an array of individual statements. Each individual statement is a JSON block enclosed in braces { }.

7. If no explicit deny is found while applying IAM’s Policy Evaluation Logic, the enforcement code looks for any ______ instructions that would apply to the request.

   • “cancel”
   • “suspend”
   • “allow”
   • “valid”
   Explanation:
   If an explicit deny is not found among the applicable policies for a specific request, IAM’s Policy Evaluation Logic checks for any “allow” instructions to check if the request can be successfully completed.

8. An organization is hosting a scalable web application using AWS. The organization has configured ELB and Auto Scaling to make the application scalable.

   Which of the below mentioned statements is not required to be followed for ELB when the application is planning to host a web application on VPC?

   • The ELB and all the instances should be in the same subnet.
   • Configure the security group rules and network ACLs to allow traffic to be routed between the subnets in the VPC.
   • The internet facing ELB should have a route table associated with the internet gateway.
   • The internet facing ELB should be only in a public subnet.
   Explanation:
   Amazon Virtual Private Cloud (Amazon VPC) allows the user to define a virtual networking environment in a private, isolated section of the Amazon Web Services (AWS) cloud. The user has complete control over the virtual networking environment. Within this virtual private cloud, the user can launch AWS resources, such as an ELB, and EC2 instances. There are two ELBs available with VPC: internet facing and internal (private) ELB. For the internet facing ELB it is required that the ELB should be in a public subnet. After the user creates the public subnet, he should ensure to associate the route table of the public subnet with the internet gateway to enable the load balancer in the subnet to connect with the internet. The ELB and instances can be in a separate subnet. However, to allow communication between the instance and the ELB the user must configure the security group rules and network ACLs to allow traffic to be routed between the subnets in his VPC.

9. An organization (account ID 123412341234) has configured the IAM policy to allow the user to modify his credentials.

   What will the below mentioned statement allow the user to perform?

   

   • Allow the IAM user to update the membership of the group called TestingGroup
   • The IAM policy will throw an error due to an invalid resource name
   • The IAM policy will allow the user to subscribe to any IAM group
   • Allow the IAM user to delete the TestingGroup
   Explanation:
   AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. If the organization (account ID 123412341234) wants their users to manage their subscription to the groups, they should create a relevant policy for that. The below mentioned policy allows the respective IAM user to update the membership of the group called MarketingGroup.
   {
   “Version”: “2012-10-17”,
   “Statement”: [{
   “Effect”: “Allow”, “Action”: [ “iam:AddUserToGroup”,
   “iam:RemoveUserFromGroup”, “iam:GetGroup”
   ],
   “Resource”: “arn:aws:iam:: 123412341234:group/ TestingGroup ” }]

10. A user has configured EBS volume with PIOPS. The user is not experiencing the optimal throughput.

    Which of the following could not be factor affecting I/O performance of that EBS volume?

    • EBS bandwidth of dedicated instance exceeding the PIOPS
    • EBS volume size
    • EC2 bandwidth
    • Instance type is not EBS optimized
    Explanation:
    If the user is not experiencing the expected IOPS or throughput that is provisioned, ensure that the EC2 bandwidth is not the limiting factor, the instance is EBS-optimized (or include 10 Gigabit network connectivity) and the instance type EBS dedicated bandwidth exceeds the IOPS more than he has provisioned.

11. How can multiple compute resources be used on the same pipeline in AWS Data Pipeline?

    • You can use multiple compute resources on the same pipeline by defining multiple cluster objects in your definition file and associating the cluster to use for each activity via its runs On field.
    • You can use multiple compute resources on the same pipeline by defining multiple cluster definition files
    • You can use multiple compute resources on the same pipeline by defining multiple clusters for your activity.
    • You cannot use multiple compute resources on the same pipeline.
    Explanation:
    Multiple compute resources can be used on the same pipeline in AWS Data Pipeline by defining multiple cluster objects in your definition file and associating the cluster to use for each activity via its runs On field, which allows pipelines to combine AWS and on premise resources, or to use a mix of instance types for their activities.

12. The two policies that you attach to an IAM role are the access policy and the trust policy. The trust policy identifies who can assume the role and grants the permission in the AWS Lambda account principal by adding the _______ action.

    • aws:AssumeAdmin
    • lambda:InvokeAsync
    • sts:InvokeAsync
    • sts:AssumeRole
    Explanation:
    The two policies that you attach to an IAM role are the access policy and the trust policy. Remember that adding an account to the trust policy of a role is only half of establishing the trust relationship. By default, no users in the trusted accounts can assume the role until the administrator for that account grants the users the permission to assume the role by adding the Amazon Resource Name (ARN) of the role to an Allow element for the sts:AssumeRole action.

13. The MySecureData company has five branches across the globe. They want to expand their data centers such that their web server will be in the AWS and each branch would have their own database in the local data center. Based on the user login, the company wants to connect to the data center.

    How can MySecureData company implement this scenario with the AWS VPC?

    • Create five VPCs with the public subnet for the app server and setup the VPN gateway for each VPN to connect them individually.
    • Use the AWS VPN CloudHub to communicate with multiple VPN connections.
    • Use the AWS CloudGateway to communicate with multiple VPN connections.
    • It is not possible to connect different data centers from a single VPC.
    Explanation:
    A Virtual Private Cloud (VPC) is a virtual network dedicated to the user’s AWS account. The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data centre, he can setup a public and VPN only subnet which uses hardware VPN access to connect with his data centre. If the organization has multiple VPN connections, he can provide secure communication between sites using the AWS VPN CloudHub.
    The VPN CloudHub operates on a simple hub-and-spoke model that the user can use with or without a VPC. This design is suitable for customers with multiple branch offices and existing internet connections who would like to implement a convenient, potentially low-cost hub-and- spoke model for primary or backup connectivity between remote offices.

14. One of your AWS Data Pipeline activities has failed consequently and has entered a hard failure state after retrying thrice.

    You want to try it again. Is it possible to increase the number of automatic retries to more than thrice?

    • Yes, you can increase the number of automatic retries to 6.
    • Yes, you can increase the number of automatic retries to indefinite number.
    • No, you cannot increase the number of automatic retries.
    • Yes, you can increase the number of automatic retries to 10.
    Explanation:
    In AWS Data Pipeline, an activity fails if all of its activity attempts return with a failed state. By default, an activity retries three times before entering a hard failure state. You can increase the number of automatic retries to 10. However, the system does not allow indefinite retries.

15. True or False: In Amazon ElastiCache replication groups of Redis, for performance tuning reasons, you can change the roles of the cache nodes within the replication group, with the primary and one of the replicas exchanging roles.

    • True, however, you get lower performance.
    • FALSE
    • TRUE
    • False, you must recreate the replication group to improve performance tuning.
    Explanation:
    In Amazon ElastiCache, a replication group is a collection of Redis Cache Clusters, with one primary read-write cluster and up to five secondary, read-only clusters, which are called read replicas. You can change the roles of the cache clusters within the replication group, with the primary cluster and one of the replicas exchanging roles. You might decide to do this for performance tuning reasons.

16. How much memory does the cr1.8xlarge instance type provide?

    • 224 GB
    • 124 GB
    • 184 GB
    • 244 GB
    Explanation:
    The CR1 instances are part of the memory optimized instances. They offer lowest cost per GB RAM among all the AWS instance families. CR1 instances are part of the new generation of memory optimized instances, which can offer up to 244 GB RAM and run on faster CPUs (Intel Xeon E5-2670 with NUMA support) in comparison to the M2 instances of the same family. They support cluster networking for bandwidth intensive applications. cr1.8xlarge is one of the largest instance types of the CR1 family, which can offer 244 GB RAM.

17. How many cg1.4xlarge on-demand instances can a user run in one region without taking any limit increase approval from AWS?

    • 20
    • 2
    • 5
    • 10
    Explanation:
    Generally, AWS EC2 allows running 20 on-demand instances and 100 spot instances at a time. This limit can be increased by requesting at https://aws.amazon.com/contact-us/ec2-request.
    Excluding certain types of instances, the limit is lower than mentioned above. For cg1.4xlarge, the user can run only 2 on-demand instances at a time.

18. Regarding Amazon SNS, you can send notification messages to mobile devices through any of the following supported push notification services, EXCEPT:

    • Microsoft Windows Mobile Messaging (MWMM)
    • Google Cloud Messaging for Android (GCM)
    • Amazon Device Messaging (ADM)
    • Apple Push Notification Service (APNS)
    Explanation:
    In Amazon SNS, you have the ability to send notification messages directly to apps on mobile devices. Notification messages sent to a mobile endpoint can appear in the mobile app as message alerts, badge updates, or even sound alerts. Microsoft Windows Mobile Messaging (MWMM) doesn’t exist and is not supported by Amazon SNS.

19. You want to define permissions for a role in an IAM policy. Which of the following configuration formats should you use?

    • An XML document written in the IAM Policy Language
    • An XML document written in a language of your choice
    • A JSON document written in the IAM Policy Language
    • JSON document written in a language of your choice
    Explanation:
    You define the permissions for a role in an IAM policy. An IAM policy is a JSON document written in the IAM Policy Language.

20. IAM Secure and Scalable is an organization which provides scalable and secure SAAS to its clients. They are planning to host a web server and App server on AWS VPC as separate tiers. The organization wants to implement the scalability by configuring Auto Scaling and load balancer with their app servers (middle tier) too.

    Which of the below mentioned options suits their requirements?

    • Since ELB is internet facing, it is recommended to setup HAProxy as the Load balancer within the VPC.
    • Create an Internet facing ELB with VPC and configure all the App servers with it.
    • The user should make ELB with EC2-CLASSIC and enable SSH with it for security.
    • Create an Internal Load balancer with VPC and register all the App servers with it.
    Explanation:
    The Amazon Virtual Private Cloud (Amazon VPC) allows the user to define a virtual networking environment in a private, isolated section of the Amazon Web Services (AWS) cloud. The user has complete control over the virtual networking environment. Within this virtual private cloud, the user can launch AWS resources, such as an ELB, and EC2 instances.
    There are two ELBs available with VPC: internet facing and internal (private) ELB. For internal servers, such as App servers the organization can create an internal load balancer in their VPC and then place back-end application instances behind the internal load balancer. The internal load balancer will route requests to the back-end application instances, which are also using private IP addresses and only accept requests from the internal load balancer.