QUESTION 1
A user plans to use RDS as a managed DB platform. Which of the below mentioned features is not supported by RDS?
A. Automated backup
B. Automated scaling to manage a higher load
C. Automated failure detection and recovery
D. Automated software patching
Answer: B
Explanation:
AWS RDS provides a managed DB platform, which offers features, such as automated backup, patch management, automated failure detection and recovery.
The scaling is not automated and the user needs to plan it with a few clicks.
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html
QUESTION 2
A user has not enabled versioning on an S3 bucket. What will be the version ID of the object inside that bucket?
A. 0
B. There will be no version attached
C. Null
D. Blank
Answer: C
Explanation:
S3 objects stored in the bucket before the user has set the versioning state have a version ID of null. When the user enables versioning, the objects in the bucket do not change and their ID remains null.
http://docs.aws.amazon.com/AmazonS3/latest/dev/AddingObjectstoVersionSuspendedBuckets.html
QUESTION 3
A user has created a queue named "myqueue" with SQS. There are four messages published to
queue which are not received by the consumer yet. If the user tries to delete the queue, what will
happen?
A. A user can never delete a queue manually. AWS deletes it after 30 days of inactivity on queue
B. It will initiate the delete but wait for four days before deleting until all messages are deleted
automatically.
C. It will ask user to delete the messages first
D. It will delete the queue
Answer: D
Explanation:
SQS allows the user to move data between distributed components of applications so they can
perform different tasks without losing messages or requiring each component to be always
available. The user can delete a queue at any time, whether it is empty or not. It is important to
note that queues retain messages for a set period of time. By default, a queue retains messages
for four days.
http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/SQSConcepts.html
QUESTION 4
What happens if your application performs more reads or writes than your provisioned capacity?
A. Nothing
B. requests above your provisioned capacity will be performed but you will receive 400 error
codes.
C. requests above your provisioned capacity will be performed but you will receive 200 error
codes.
D. requests above your provisioned capacity will be throttled and you will receive 400 error codes.
Answer: D
Explanation:
Speaking about DynamoDB, if your application performs more reads/second or writes/second
than your table's provisioned throughput capacity allows, requests above your provisioned
capacity will be throttled and you will receive 400 error codes.
QUESTION 5
In relation to Amazon SQS, how can you ensure that messages are delivered in order?
A. Increase the size of your queue
B. Send them with a timestamp
C. Give each message a unique id.
D. AWS cannot guarantee that you will receive messages in the exact order you sent them
Answer: D
Explanation:
Amazon SQS makes a best effort to preserve order in messages, but due to the distributed
nature of the queue, AWS cannot guarantee that you will receive messages in the exact order
you sent them. You typically place sequencing information or timestamps in your messages so
that you can reorder them upon receipt.
https://aws.amazon.com/items/1343?externalID=1343
QUESTION 6 An organization has launched two applications: one for blogging and one for ECM on the same
AWS Linux EC2 instance running in the AWS VPC. The organization has attached two private
IPs (primary and secondary) to the above mentioned instance. The organization wants the
instance OS to recognize the secondary IP address. How can the organization configure this?
A. Use the ec2-net-utility package which updates routing tables, uses DHCP to refresh the
secondary IP and adds the network interface.
B. Use the ec2-net-utils package which will configure an additional network interface and update
the routing table
C. Use the ec2-ip-update package which can configure the network interface as well as update the
secondary IP with DHCP.
D. Use the ec2-ip-utility package which can update the routing tables as well as refresh the
secondary IP using DHCP.
Answer: B
Explanation:
A Virtual Private Cloud (VPC) is a virtual network dedicated to the user's AWS account. It enables
the user to launch AWS resources into a virtual network that the user has defined. With VPC the
user can specify multiple private IP addresses for his instances. The number of network
interfaces and private IP addresses that a user can specify for an instance depends on the
instance type. This scenario helps when the user wants to host multiple websites on a single EC2
instance. After the user has assigned a secondary private IP address to his instance, he needs to
configure the operating system on that instance to recognize the secondary private IP address.
For AWS Linux, the ec2-net-utils package can take care of this step. It configures additional
network interfaces that the user can attach while the instance is running, refreshes secondary IP
addresses during DHCP lease renewal, and updates the related routing rules.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/MultipleIP.html
QUESTION 7
What kind of service is provided by AWS DynamoDB?
A. Relational Database
B. NoSQL Database
C. Dynamic Database
D. Document Database
Answer: B
Explanation:
DynamoDB is a fast, fully managed NoSQL database service.
http://aws.amazon.com/dynamodb/
QUESTION 8
In relation to Amazon SQS, how many queues and messages can you have per queue for each
user?
A. Unlimited
B. 10
C. 256
D. 500
Answer: A
Explanation:
Amazon SQS supports an unlimited number of queues and unlimited number of messages per
queue for each user. Please be aware that Amazon SQS automatically deletes messages that
have been in the queue for more than 4 days.
https://aws.amazon.com/items/1343?externalID=1343
QUESTION 9
Doug has created a VPC with CIDR 10.201.0.0/16 in his AWS account. In this VPC he has
created a public subnet with CIDR block 10.201.31.0/24. While launching a new EC2 from the
console, he is not able to assign the private IP address 10.201.31.6 to this instance. Which is the
most likely reason for this issue?
A. Private IP address 10.201.31.6 is not part of the associated subnet's IP address range.
B. Private IP address 10.201.31.6 is blocked via ACLs in Amazon infrastructure as a part of
platform security.
C. Private address IP 10.201.31.6 is currently assigned to another interface.
D. Private IP address 10.201.31.6 is reserved by Amazon for IP networking purposes.
Answer: C
Explanation:
In Amazon VPC, you can assign any Private IP address to your instance as long as it is:
Part of the associated subnet's IP address range
Not reserved by Amazon for IP networking purposes
Not currently assigned to another interface
http://aws.amazon.com/vpc/faqs/
QUESTION 10
Regarding Amazon SQS, are there restrictions on the names of Amazon SQS queues?
A. No
B. Yes. Queue names must be unique within an AWS account and you cannot use hyphens (-)
and underscores (_)
C. Yes. Queue names are limited to 80 characters and queue names must be unique within an
AWS account
D. Yes. Queue names are limited to 80 characters but queue names do not need to be unique
within an AWS account
Answer: C
Explanation:
Queue names are limited to 80 characters. Alphanumeric characters plus hyphens (-) and
underscores (_) are allowed. Queue names must be unique within an AWS account.
After you delete a queue, you can reuse the queue name.
https://aws.amazon.com/sqs/faqs/
QUESTION 11
A user is planning to host a web server as well as an app server on a single EC2 instance which
is a part of the public subnet of a VPC. How can the user setup to have two separate public IPs
and separate security groups for both the application as well as the web server?
A. Launch a VPC instance with two network interfaces. Assign a separate security group to each
and AWS will assign a separate public IP to them.
B. Launch VPC with two separate subnets and make the instance a part of both the subnets.
C. Launch a VPC instance with two network interfaces. Assign a separate security group and
elastic IP to them.
D. Launch a VPC with ELB such that it redirects requests to separate VPC instances of the public
subnet.
Answer: C
Explanation:
If you need to host multiple websites(with different IPs) on a single EC2 instance, the following is
the suggested method from AWS.
Launch a VPC instance with two network interfaces
Assign elastic IPs from VPC EIP pool to those interfaces (Because, when the user has attached
more than one network interface with an instance, AWS cannot assign public IPs to them.) Assign
separate Security Groups if separate Security Groups are needed This scenario also helps for
operating network appliances, such as firewalls or load balancers that have multiple private IP
addresses for each network interface.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/MultipleIP.html
QUESTION 12
An online gaming site asked you if you can deploy a database that is a fast, highly scalable
NoSQL database service in AWS for a new site that he wants to build. Which database should
you recommend?
A. Amazon Redshift
B. Amazon SimpleDB
C. Amazon DynamoDB
D. Amazon RDS
Answer: C
Explanation:
Amazon DynamoDB is ideal for database applications that require very low latency and
predictable performance at any scale but don't need complex querying capabilities like joins or
transactions. Amazon DynamoDB is a fully-managed NoSQL database service that offers high
performance, predictable throughput and low cost. It is easy to set up, operate, and scale. With
Amazon DynamoDB, you can start small, specify the throughput and storage you need, and
easily scale your capacity requirements on the fly. Amazon DynamoDB automatically partitions
data over a number of servers to meet your request capacity. In addition, DynamoDB
automatically replicates your data synchronously across multiple Availability Zones within an
AWS Region to ensure high-availability and data durability.
https://aws.amazon.com/running_databases/#dynamodb_anchor
QUESTION 13
How long are the messages kept on an SQS queue by default?
A. If a message is not read, it is never deleted
B. 2 weeks
C. 1 day
D. 4 days
Answer: D
Explanation:
The SQS message retention period is configurable and can be set anywhere from 1 minute to 2
weeks. The default is 4 days and once the message retention limit is reached your messages will
be automatically deleted. The option for longer message retention provides greater flexibility to
allow for longer intervals between message production and consumption.
https://aws.amazon.com/sqs/faqs/
QUESTION 14
Regarding Amazon SWF, the coordination logic in a workflow is contained in a software program
called a ________.
A. Handler
B. Decider
C. Cordinator
D. Worker
Answer: B
Explanation:
In Amazon SWF, the coordination logic in a workflow is contained in a software program called a
decider. The decider schedules activity tasks, provides input data to the activity workers,
processes events that arrive while the workflow is in progress, and ultimately ends (or closes) the
workflow when the objective has been completed.
http://docs.aws.amazon.com/amazonswf/latest/developerguide/swf-dg-intro-to-swf.html
QUESTION 15
A user has attached one RDS security group with 5 RDS instances. The user has changed the
ingress rule for the security group. What will be the initial status of the ingress rule?
A. Approving
B. Implementing
C. Authorizing
D. It is not possible to assign a single group to multiple DB instances
Answer: C
Explanation:
When the user makes any changes to the RDS security group the rule status will be authorizing
for some time until the changes are applied to all instances that the group is connected with.
Once the changes are propagated the rule status will change to authorized.
QUESTION 16
A user has attached an EBS volume to a running Linux instance as a "/dev/sdf" device. The user
is unable to see the attached device when he runs the command "df -h". What is the possible
reason for this?
A. The volume is not in the same AZ of the instance
B. The volume is not formatted
C. The volume is not attached as a root device
D. The volume is not mounted
Answer: D
Explanation:
When a user creates an EBS volume and attaches it as a device, it is required to mount the
device. If the device/volume is not mounted it will not be available in the listing.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html
QUESTION 17
An account owner has created an IAM user with the name examkiller. The account owner wants
to give EC2 access of only the US West region to that IAM user. How can the owner configure
this?
A. While creating a policy provide the region as a part of the resources
B. Create an IAM user in the US West region and give access to EC2
C. Create an IAM policy and define the region in the condition
D. It is not possible to provide access based on the region
Answer: C
Explanation:
The IAM policy is never region specific. If the user wants to configure the region specific setting,
he needs to provide conditions as part of the policy.
http://awspolicygen.s3.amazonaws.com/policygen.html
QUESTION 18
What is the maximum time messages can be stored in SQS?
A. 14 days
B. one month
C. 4 days
D. 7 days
Answer: A
Explanation:
A message can be stored in the Simple Queue Service (SQS) from 1 minute up to a maximum of
14 days.
QUESTION 19
In DynamoDB, the default table size is:
A. 5 GB
B. 1 GB
C. 10 GB
D. There is no table size
Answer: D
Explanation:
DynamoDB has seamless scalability with no table size limits and unlimited storage, so you
shouldn't be worried about managing storage on the host or to provisioning more drive, as your
data requirement changes.
http://aws.amazon.com/dynamodb/
QUESTION 20
A user is launching an AWS RDS instance with MySQL. The user wants to enable the Multi AZ
feature. Which of the below mentioned parameters will not be allowed to configure by RDS?
A. Availability Zone
B. Region
C. DB subnet group
D. Database port
Answer: A
Explanation:
If the user is launching RDS with Multi AZ the user cannot provision the Availability Zone. RDS is
launched automatically instead
https://console.aws.amazon.com/rds/
QUESTION 21
You want to have multiple versions of your application running at the same time, with all versions
launched via AWS Elastic Beanstalk. Is this possible?
A. No. However if you have 2 AWS accounts this can be done
B. No. AWS Elastic Beanstalk is not designed to support multiple running environments
C. Yes. AWS Elastic Beanstalk is designed to support a number of multiple running environments
D. Yes. However AWS Elastic Beanstalk is designed to support only 2 multiple running
environments
Answer: C
Explanation:
AWS Elastic Beanstalk is designed to support multiple running environments. As an example you
could have one for integration testing, one for pre-production, and one for production, with each
environment independently configured and running on its own separate AWS resources.
https://aws.amazon.com/elasticbeanstalk/faqs/
QUESTION 22
A user has launched an EBS backed Linux instance. How can a user detach the root device and
attach it to another instance as a secondary volume?
A. Unmount the root volume first and then detach it
B. It is not possible to mount the root volume to some other instance
C. Stop the first instance and then attach instance's root volume as a new volume to the other
instance
D. It is not possible to mount the root device as a secondary volume on the other instance
Answer: C
Explanation:
If an Amazon EBS volume is the root device of an instance, it cannot be detached unless the
instance is in the stopped state.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-detaching-volume.html
QUESTION 23
When using Amazon SQS how much data can you store in a message?
A. 8 KB
B. 2 KB
C. 16 KB
D. 4 KB
Answer: A
Explanation:
With Amazon SQS version 2008-01-01, the maximum message size for both SOAP and Query
requests is 8KB.
If you need to send messages to the queue that are larger than 8 KB, AWS recommends that you
split the information into separate messages. Alternatively, you could use Amazon S3 or Amazon
SimpleDB to hold the information and include the pointer to that information in the Amazon SQS
message. If you send a message that is larger than 8KB to the queue, you will receive a
MessageTooLong error with HTTP code 400.
https://aws.amazon.com/items/1343?externalID=1343
QUESTION 24
A user has launched one EC2 instance in the US West region. The user wants to access the
RDS instance launched in the US East region from that EC2 instance. How can the user
configure the access for that EC2 instance?
A. It is not possible to access RDS of the US East region from the US West region
B. Open the security group of the US West region in the RDS security group's ingress rule
C. Configure the IP range of the US West region instance as the ingress security rule of RDS
D. Create an IAM role which has access to RDS and launch an instance in the US West region
with it
Answer: C
Explanation:
The user cannot authorize an Amazon EC2 security group if it is in a different AWS Region than
the RDS DB instance. The user can authorize an IP range or specify an Amazon EC2 security
group in the same region that refers to an IP address in another region.
QUESTION 25
In regard to AWS CloudFormation, what is a stack?
A. The set of AWS templates that are created and managed as a template
B. The set of AWS resources that are created and managed as a template
C. The set of AWS resources that are created and managed as a single unit
D. The set of AWS templates that are created and managed as a single unit
Answer: C
Explanation:
A stack is the set of AWS resources that are created and managed as a single unit when AWS
CloudFormation initiates a template.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/concept-stack.html
QUESTION 26
In regard to DynamoDB, what is the Global secondary index?
A. An index with a hash and range key that can be different from those on the table.
B. An index that has the same range key as the table, but a different hash key
C. An index that has the same hash key and range key as the table
D. An index that has the same hash key as the table, but a different range key
Answer: A
Explanation:
Global secondary index -- an index with a hash and range key that can be different from those on
the table.
http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/DataModel.html
QUESTION 27
Which of the below mentioned options is not a best practice to securely manage the AWS access
credentials?
A. Enable MFA for privileged users
B. Create individual IAM users
C. Keep rotating your secure access credentials at regular intervals
D. Create strong access key and secret access key and attach to the root account
Answer: D
Explanation:
It is a recommended approach to avoid using the access and secret access keys of the root
account. Thus, do not download or delete it. Instead make the IAM user as powerful as the root
account and use its credentials. The user cannot generate their own access and secret access
keys as they are always generated by AWS.
http://docs.aws.amazon.com/IAM/latest/UserGuide/IAMBestPractices.html
QUESTION 28
You have been given a scope to deploy some AWS infrastructure for a large organisation. The
requirements are that you will have a lot of EC2 instances but may need to add more when the
average utilization of your Amazon EC2 fleet is high and conversely remove them when CPU
utilization is low. Which AWS services would be best to use to accomplish this?
A. Amazon CloudFront, Amazon CloudWatch and Elastic Load Balancing.
B. Auto Scaling, Amazon CloudWatch and AWS CloudTrail.
C. Auto Scaling, Amazon CloudWatch and Elastic Load Balancing.
D. Auto Scaling, Amazon CloudWatch and AWS Elastic Beanstalk
Answer: C
Explanation:
Auto Scaling enables you to follow the demand curve for your applications closely, reducing the
need to manually provision Amazon EC2 capacity in advance. For example, you can set a
condition to add new Amazon EC2 instances in increments to the Auto Scaling group when the
average utilization of your Amazon EC2 fleet is high; and similarly, you can set a condition to
remove instances in the same increments when CPU utilization is low. If you have predictable
load changes, you can set a schedule through Auto Scaling to plan your scaling activities. You
can use Amazon CloudWatch to send alarms to trigger scaling activities and Elastic Load
Balancing to help distribute traffic to your instances within Auto Scaling groups. Auto Scaling
enables you to run your Amazon EC2 fleet at optimal utilization.
http://aws.amazon.com/autoscaling/
QUESTION 29
You are building an online store on AWS that uses SQS to process your customer orders.
Your backend system needs those messages in the same sequence the customer orders have
been put in. How can you achieve that?
A. You can do this with SQS but you also need to use SWF
B. Messages will arrive in the same order by default
C. You can use sequencing information on each message
D. It is not possible to do this with SQS
Answer: C
Explanation:
Amazon SQS is engineered to always be available and deliver messages. One of the resulting
tradeoffs is that SQS does not guarantee first in, first out delivery of messages. For many
distributed applications, each message can stand on its own, and as long as all messages are
delivered, the order is not important. If your system requires that order be preserved, you can
place sequencing information in each message, so that you can reorder the messages when the
queue returns them.
QUESTION 30
A user has launched an EC2 instance and installed a website with the Apache webserver. The
webserver is running but the user is not able to access the website from the internet. What can be
the possible reason for this failure?
A. The security group of the instance is not configured properly.
B. The instance is not configured with the proper key-pairs.
C. The Apache website cannot be accessed from the internet.
D. Instance is not configured with an elastic IP.
Answer: A
Explanation:
In Amazon Web Services, when a user has configured an instance with Apache, the user needs
to ensure that the ports in the security group are opened as configured in Apache config. E.g.
If Apache is running on port 80, the user should open port 80 in the security group.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html
QUESTION 31
When you use the AWS Elastic Beanstalk console to deploy a new application you'll need to
upload a source bundle and it should ___________________________.
A. Consist of a single .zip file
B. Consist of a single .war file
C. Consist of a single .zip file or .war file
D. Consist of a folder with all files
Answer: C
Explanation:
When you use the AWS Elastic Beanstalk console to deploy a new application or an application
version, you'll need to upload a source bundle. Your source bundle must meet the following
requirements:
Consist of a single .zip file or .war file
Not exceed 512 MB
Not include a parent folder or top-level directory (subdirectories are fine)
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.deployment.source.html
QUESTION 32
A user had defined an IAM policy similar to the one given below on a bucket:
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::12112112:user/test"
},
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::examkiller"
]
}
]
}
What will this do?
A. It will result in an error saying invalid policy statement
B. It will create an IAM policy for the user test
C. Allows the user test of the AWS account ID 12112112 to perform GetBucketLocation,
ListBucket and GetObject on the bucket examkiller
D. It will allow all the IAM users of the account ID 12112112 to perform GetBucketLocation,
ListBucket and GetObject on bucket examkiller
Answer: C
Explanation:
The IAM policy allows to test a user in the account 12112112 to perform:
s3:GetBucketLocation
s3:ListBucket
s3:GetObject
Amazon S3 permissions on the examkiller bucket.
http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
QUESTION 33
A user has configured a bucket S3 to host a static website. What difference will there be when
static website hosting is enabled?
A. It will help the user identify this bucket as the website root to map with the domain
B. It will create a new version of the bucket
C. It will not make any difference, but will help the user to configure the error page
D. It will provide the region specific website endpoint
Answer: D
Explanation:
To host a static website, the user needs to configure an Amazon S3 bucket for website hosting
and then upload the website contents to the bucket. The website is then available at the regionspecific
website endpoint of the bucket.
http://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html
QUESTION 34
How does Amazon SQS allow multiple readers to access the same message queue without
losing messages or processing them many times?
A. By identifying a user by his unique id
B. By using unique cryptography
C. Amazon SQS queue has a configurable visibility timeout.
D. Multiple readers can't access the same message queue
Answer: C
Explanation:
Every Amazon SQS queue has a configurable visibility timeout. For the designated amount of
time after a message is read from a queue, it will not be visible to any other reader. As long as
the amount of time that it takes to process the message is less than the visibility timeout, every
message will be processed and deleted. In the event that the component processing the
message fails or becomes unavailable, the message will again become visible to any component
reading the queue once the visibility timeout ends. This allows you to have many components all
reading messages from the same queue, with each working to process different messages.
https://aws.amazon.com/sqs/faqs/
QUESTION 35
In DynamoDB, a secondary index is a data structure that contains a subset of attributes from a
table, along with an alternate key to support ______ operations.
A. None of the above
B. Both
C. Query
D. Scan
Answer: C
Explanation:
In DynamoDB, a secondary index is a data structure that contains a subset of
attributes from a table, along with an alternate key to support Query operations.
http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/SecondaryIndexes.html
QUESTION 36
A user is trying to understand AWS SNS. To which of the below mentioned end points is SNS
unable to send a notification?
A. AWS SES
B. Email JSON
C. AWS SQS
D. HTTP
Answer: A
Explanation:
Amazon Simple Notification Service (Amazon SNS) is a fast, flexible, and fully managed push
messaging service. Amazon SNS can deliver notifications by SMS text message or email to the
Amazon Simple Queue Service (SQS) queues or to any HTTP endpoint. The user can select one
the following transports as part of the subscription requests: "HTTP", "HTTPS","Email", "Email-
JSON", "SQS", "and SMS".
http://aws.amazon.com/sns/faqs/
QUESTION 37
Which of the following device names is recommended for an EBS volume that can be attached to
an Amazon EC2 Instance running Windows?
A. xvd[a-e]
B. /mnt/sd[b-e]
C. xvd[f-p]
D. /dev/sda1
Answer: C
Explanation:
The xvd[f-p] is the recommended device name for EBS volumes that can be attached to the
Amazon EC2 Instances running on Windows.
http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/device_naming.html