aws solution architect associate dumps [Aug 2017]

AWS-Solution-Architect-Associate Royal Pack Testengine pdf

100% Actual & Verified — 100% PASS

Unlimited access to the world's largest Dumps library!

Download AWS-Solution-Architect-Associate Dumps Free

It is impossible to pass Amazon aws solution architect associate questions exam without any help in the short term. Come to Exambible soon and find the most advanced, correct and guaranteed Amazon aws solution architect associate exam dumps practice questions. You will get a surprising result by our Update AWS Certified Solutions Architect - Associate practice guides.


If you would certainly such as to recognize more concerning AWS-Solution-Architect-Associate exam, call us or merely visit us at our internet 2PASSEASY.COM site.

Q181. You are designing an intrusion detection prevention (IDS/IPS) solution for a customer web application in a single VPC. You are considering the options for implementing IOS IPS protection for traffic coming from the Internet.

Which of the following options would you consider? (Choose 2 answers)

A. Implement IDS/IPS agents on each Instance running In VPC

B. Configure an instance in each subnet to switch its network interface card to promiscuous mode and analyze network traffic.

C. Implement Elastic Load Balancing with SSL listeners In front of the web applications

D. Implement a reverse proxy layer in front of web servers and configure IDS/ IPS agents on each reverse proxy server.

Answer: B, D


Q182. You have been storing massive amounts of data on Amazon Glacier for the past 2 years and now start to wonder if there are any limitations on this. What is the correct answer to your QUESTION ?

A. The total volume of data is limited but the number of archives you can store are unlimited.

B. The total volume of data is unlimited but the number of archives you can store are limited.

C. The total volume of data and number of archives you can store are unlimited.

D. The total volume of data is limited and the number of archives you can store are limited. 

Answer: C

Explanation:

An archive is a durably stored block of information. You store your data in Amazon Glacier as archives. You may upload a single file as an archive, but your costs will be lower if you aggregate your data.  TAR and ZIP are common formats that customers use to aggregate multiple files into a single file before uploading to Amazon Glacier.

The total volume of data and number of archives you can store are unlimited. IndMdual Amazon Glacier archives can range in size from 1 byte to 40 terabytes.

The largest archive that can be uploaded in a single upload request is 4 gigabytes.

For items larger than 100 megabytes, customers should consider using the MuItipart upload capability. Archives stored in Amazon Glacier are immutable, i.e. archives can be uploaded and deleted but cannot be edited or overwritten.

Reference: https://aws.amazon.com/gIacier/faqs/


Q183. A corporate web application is deployed within an Amazon Virtual Private Cloud (VPC) and is connected to the corporate data center via an IPsec VPN. The application must authenticate against the on-premises LDAP server. After authentication, each logged-in user can only access an Amazon Simple Storage   Space (53) keyspace specific to that user.

Which two approaches can satisfy these objectives? (Choose 2 answers)

A. Develop an identity broker that authenticates against IAM security Token service to assume a Lam role in order to get temporary AWS security credentials The application calls the identity broker to get AWS temporary security credentials with access to the appropriate 53 bucket.

B. The application authenticates against LDAP and retrieves the name of an IAM role associated with the user. The application then ca Ils the IAM Security Token Service to assume that IAM role The application can use the temporary credentials to access the appropriate 53 bucket.

C. Develop an identity broker that authenticates against LDAP and then calls IAM Security To ken Service to get IAM federated user credentials The application calls the identity broker to get IAM federated user credentials with access to the appropriate 53 bucket.

D. The application authenticates against LDAP the application then calls the AWS identity and Access Management (IAM) Security service to log in to IAM using the LDAP credentials the application can use the IAM temporary credentials to access the appropriate 53 bucket.

E. The application authenticates against IAM Security Token Service using the LDAP credentials the application uses those temporary AWS security credentials to access the appropriate 53 bucket.

Answer: B, C


Q184. While creating the snapshots using the command line tools, which command should I be using?

A. ec2-deploy-snapshot

B. ec2-fresh-snapshot

C. ec2-create-snapshot

D. ec2-new-snapshot 

Answer: C


Q185. After setting up several database instances in Amazon Relational Database Service (Amazon RDS) you decide that you need to track the performance and health of your databases. How can you do this?

A. Subscribe to Amazon RDS events to be notified when changes occur with a DB instance, DB snapshot, DB parameter group, or DB security group.

B. Use the free Amazon CIoudWatch service to monitor the performance and health of a DB instance.

C. All of the items listed will track the performance and health of a database.

D. View, download, or watch database log files using the Amazon RDS console or Amazon RDS APIs. You can also query some database log files that are loaded into database tables.

Answer:

Explanation:

Amazon Relational Database Service (Amazon RDS) is a web service that makes it easier to set up, operate, and scale a relational database in the cloud. It provides cost-efficient, resizeable capacity for an industry-standard relational database and manages common database administration tasks.

There are several ways you can track the performance and health of a database or a DB instance. You can:

Use the free Amazon CIoudWatch service to monitor the performance and health of a DB instance. Subscribe to Amazon RDS events to be notified when changes occur with a DB instance, DB snapshot, DB parameter group, or DB security group.

View, download, or watch database log files using the Amazon RDS console or Amazon RDS APIs. You can also query some database log files that are loaded into database tables.

Use the AWS CIoudTraiI service to record AWS calls made by your AWS account. The calls are recorded in log files and stored in an Amazon S3 bucket.

Reference:  http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Monitoring.htmI


Q186. Which IAM role do you use to grant AWS Lambda permission to access a DynamoDB Stream?

A. Dynamic role

B. Invocation role

C. Execution role

D. Event Source role

Answer: C

Explanation:

You grant AWS Lambda permission to access a DynamoDB Stream using an IAM role known as the "execution ro|e".

Reference: http://docs.aws.amazon.com/|ambda/latest/dg/intro-permission-model.htm|


Q187. Because of the extensibility limitations of striped storage attached to Windows Sewer, Amazon RDS does not currently support increasing storage on a _ DB Instance.

A. SQL Sewer

B. MySQL

C. Oracle 

Answer: A


Q188. Select the correct statement:

A. You don't need not specify the resource identifier while stopping a resource

B. You can terminate, stop, or delete a resource based solely on its tags

C. You can't terminate, stop, or delete a resource based solely on its tags

D. You don't need to specify the resource identifier while terminating a resource 

Answer: C


Q189. Identify a true statement about the On-Demand instances purchasing option provided by Amazon EC2.

A. Pay for the instances that you use by the hour, with no long-term commitments or up-front payments.

B. Make a low, one-time, up-front payment for an instance, reserve it for a one- or three-year term, and pay a significantly lower hourly rate for these instances.

C. Pay for the instances that you use by the hour, with long-term commitments or up-front payments.

D. Make a high, one-time, all-front payment for an instance, reserve it for a one- or three-year term, and

pay a significantly higher hourly rate for these instances. 

Answer: A

Explanation:

On-Demand instances allow you to pay for the instances that you use by the hour, with no long-term commitments or up-front payments.

Reference:  http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/reserved-instances-offerings.html


Q190. In the context of AWS support, why must an EC2 instance be unreachable for 20 minutes rather than allowing customers to open tickets immediately?

A. Because most reachability issues are resolved by automated processes in less than 20 minutes

B. Because all EC2 instances are unreachable for 20 minutes every day when AWS does routine maintenance

C. Because all EC2 instances are unreachable for 20 minutes when first launched

D. Because of all the reasons listed here 

Answer: A

Explanation:

An EC2 instance must be unreachable for 20 minutes before opening a ticket, because most reachability issues are resolved by automated processes in less than 20 minutes and will not require any action on the part of the customer. If the instance is still unreachable after this time frame has passed, then you should open a case with support.

Reference: https://aws.amazon.com/premiumsupport/faqs/


Q191. A user wants to use an EBS-backed Amazon EC2 instance for a temporary job. Based on the input data,  the job is most likely to finish within a week. Which of the following steps should be followed to terminate the instance automatically once the job is finished?

A. Configure the EC2 instance with a stop instance to terminate it.

B. Configure the EC2 instance with ELB to terminate the instance when it remains idle.

C. Configure the CIoudWatch alarm on the instance that should perform the termination action once the instance is idle.

D. Configure the Auto Scaling schedule actMty that terminates the instance after 7 days. 

Answer: C

Explanation:

Auto Scaling can start and stop the instance at a pre-defined time. Here, the total running time is unknown. Thus, the user has to use the CIoudWatch alarm, which monitors the CPU utilization. The user can create an alarm that is triggered when the average CPU utilization percentage has been lower than 10 percent

for 24 hours, signaling that it is idle and no longer in use. When the utilization is below the threshold limit, it will terminate the instance as a part of the instance action.

Reference: http://docs.aws.amazon.com/AmazonCIoudWatch/|atest/Deve|operGuide/UsingAIarmActions.html


Q192. What is the default maximum number of Access Keys per user?

A. 10

B. 15

C. 2

D. 20

Answer:

Explanation:

The default maximum number of Access Keys per user is 2.

Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.htmI


Q193. You have a lot of data stored in the AWS Storage Gateway and your manager has come to you asking about how the billing is calculated, specifically the Virtual Tape Shelf usage. What would be a correct response to this?

A. You are billed for the virtual tape data you store in Amazon Glacier and are billed for the size of the virtual tape.

B. You are billed for the virtual tape data you store in Amazon Glacier and billed for the portion of virtual tape capacity that you use, not for the size of the virtual tape.

C. You are billed for the virtual tape data you store in Amazon S3 and billed for the portion of virtual tape capacity that you use, not for the size of the virtual tape.

D. You are billed for the virtual tape data you store in Amazon S3 and are billed for the size of the virtual tape.

Answer:

Explanation:

The AWS Storage Gateway is a service connecting an on-premises software appliance with cloud-based storage to provide seamless and secure integration between an organization’s on-premises IT environment and AWS’s storage infrastructure.

AWS Storage Gateway billing is as follows. Volume storage usage (per GB per month):

You are billed for the Cached volume data you store in Amazon S3. You are only billed for volume capacity you use, not for the size of the volume you create.

Snapshot Storage usage (per GB per month): You are billed for the snapshots your gateway stores in Amazon S3. These snapshots are stored and billed as Amazon EBS snapshots. Snapshots are  incremental backups, reducing your storage charges. When taking a new snapshot, only the data that has changed since your last snapshot is stored.

Virtual Tape Library usage (per GB per month):

You are billed for the virtual tape data you store in Amazon S3. You are only billed for the portion of virtual tape capacity that you use, not for the size of the virtual tape.

Virtual Tape Shelf usage (per GB per month):

You are billed for the virtual tape data you store in Amazon Glacier. You are only billed for the portion of virtual tape capacity that you use, not for the size of the virtual tape.

Reference: https://aws.amazon.com/storagegateway/faqs/


Q194. What are the initial settings of an user created security group?

A. Allow all inbound traffic and Allow no outbound traffic

B. AI low no inbound traffic and AI low no outbound traffic

C. AI low no inbound traffic and AI low all outbound traffic

D. Allow all inbound traffic and Allow all outbound traffic 

Answer: C


Q195. Which of the below mentioned options is not available when an instance is launched by Auto Scaling with EC2 Classic?

A. Public IP

B. Elastic IP

C. Private DNS

D. Private IP 

Answer: B

Explanation:

Auto Scaling supports both EC2 classic and EC2-VPC. When an instance is launched as a part of EC2 classic, it will have the public IP and DNS as well as the private IP and DNS.

Reference:  http://docs.aws.amazon.com/AutoScaIing/latest/DeveIoperGuide/GettingStartedTutoriaI.html