QUESTION 121
A user is uploading archives to Glacier. The user is trying to understand key Glacier resources.
Which of the below mentioned options is not a Glacier resource?
A. Notification configuration
B. Archive ID
C. Job
D. Archive
Answer: B
Explanation:
AWS Glacier has four resources. Vault and Archives are core data model concepts. Job is
required to initiate download of archive. The notification configuration is required to send user
notification when archive is available for download.
http://docs.aws.amazon.com/amazonglacier/latest/dev/amazon-glacier-data-model.html
QUESTION 122
An organization has 10 departments. The organization wants to track the AWS usage of each
department. Which of the below mentioned options meets the requirement?
A. Setup IAM groups for each department and track their usage
B. Create separate accounts for each department, but use consolidated billing for payment and
tracking
C. Create separate accounts for each department and track them separately
D. Setup IAM users for each department and track their usage
Answer: B
Explanation:
The cost of an IAM user or groups can never be tracked separately for the purpose of billing.
The best solution in this case is to create a separate account for each department and use
consolidated billing.
http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_Introduction.html
QUESTION 123
Regarding Amazon SWF, at times you might want to record information in the workflow history of
a workflow execution that is specific to your use case. _________ enable you to record
information in the workflow execution history that you can use for any custom or scenario-specific
purpose.
A. Markers
B. Tags
C. Hash keys
D. Events
Answer: A
Explanation:
In Amazon SWF, at times you might want to record information in the workflow history of a
workflow execution that is specific to your use case. Markers enable you to record information in
the workflow execution history that you can use for any custom or scenario-specific purpose.
http://docs.aws.amazon.com/amazonswf/latest/developerguide/swf-dg-adv.html
QUESTION 124
How can you peek at a message in Amazon SQS?
A. Log the message ID and the receipt handle for your messages and correlate them to confirm
when a message has been received and deleted
B. Send the message to Amazon S3
C. You can't
D. Set up a CloudWatch alarm to auto send you the message
Answer: A
Explanation:
With version 2008-01-01, the PeekMessage action has been removed from Amazon SQS. This
functionality was used mainly to debug small systems -- specifically to confirm a message was
successfully sent to the queue or deleted from the queue.
To do this with version 2008-01-01, you can log the message ID and the receipt handle for your
messages and correlate them to confirm when a message has been received and deleted.
https://aws.amazon.com/items/1343?externalID=1343
QUESTION 125
In regard to DynamoDB, for which one of the following parameters does Amazon not charge you?
A. Cost per provisioned write units
B. Cost per provisioned read units
C. Storage cost
D. I/O usage within the same Region
Answer: D
Explanation:
In DynamoDB, you will be charged for the storage and the throughput you use rather than for the
I/O which has been used.
http://aws.amazon.com/dynamodb/pricing/
QUESTION 126
An organization has created 10 IAM users. The organization wants those users to work
independently and access AWS. Which of the below mentioned options is not a possible
solution?
A. Create the access key and secret access key for each user and provide access to AWS using
the console
B. Create the X.509 certificate for each user and provide them access to AWS CLI
C. Enable MFA for each IAM user and assign them the virtual MFA device to access the console
D. Provide each user with the IAM login and password for the AWS console
Answer: A
Explanation:
If an organization has created the IAM users, the users can access AWS services either with an
IAM specific login/password or console. The organization can generate the IAM X.509 certificates
to access AWS with CLI. The organization can also enable MFA for each IAM user, which allows
an added security for each IAM user. If the organization has created the access key and secret
key than the user cannot access the console using those keys. Access key and secret access
key are useful for CLI or Webservices.
http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_Introduction.html
QUESTION 127
What is the maximum size for messages stored in SQS?
A. 256KB
B. 128KB
C. 1024KB
D. 64KB
Answer: A
Explanation:
By default, SQS queues allow you to send the largest supported payload size, currently 256KB.
You can choose to specify a limit on how many bytes can be sent per payload, using the
MaximumMessageSize attribute of the SetQueueAttributes method.
http://aws.amazon.com/sqs/faqs/
QUESTION 128
A user is planning to host data with RDS. Which of the below mentioned databases is not
supported by RDS?
A. PostgreSQL
B. SQLDB
C. Oracle
D. MS SQL
Answer: B
Explanation:
Amazon Relational Database Service (Amazon RDS) is a web service that makes it easier to set
up, operate, and scale a relational database in the cloud. AWS RDS supports popular DBs, such
as MySQL, PostgreSQL, MS SQL and Oracle. This means that the code, applications, and tools
user is already using with existing databases can be used with Amazon RDS too. In short, it is a
managed Relation Database offering from AWS which manages backups, software patching,
automatic failure detection, and recovery of Database.
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html
QUESTION 129
An EC2 instance has one additional EBS volume attached to it. How can a user attach the same
volume to another running instance in the same AZ?
A. Terminate the first instance and only then attach to the new instance
B. Attach the volume as read only to the second instance
C. Detach the volume first and attach to new instance
D. No need to detach. Just select the volume and attach it to the new instance, it will take care of
mapping internally
Answer: C
Explanation:
If an EBS volume is attached to a running EC2 instance, the user needs to detach the volume
from the original instance and then attach it to a new running instance. The user doesn't need to
stop / terminate the original instance.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-detaching-volume.html
QUESTION 130
A user has configured an automated backup between 5 AM ?5:30 AM for the MySQL RDS DB.
Will the performance of RDS get frozen momentarily during a backup?
A. No
B. Yes, only if the instance size is smaller than large size
C. Yes, provided it is a single zone implementation
D. Yes, always
Answer: C
Explanation:
Amazon RDS provides two different methods for backing up and restoring the Amazon DB
instances. A brief I/O freeze, typically lasting a few seconds, occurs during both automated
backups and DB snapshot operations on Single-AZ DB instances.
QUESTION 131
A root AWS account owner has created three IAM users: Bob, John and Michael. Michael is the
IAM administrator. Bob and John are not the superpower users, but users with some pre-defined
policies. John does not have access to modify his password. Thus, he asks Bob to change his
password. How can Bob change John's password?
A. This statement is false. It should be Michael who changes the password for John
B. It is not possible that John cannot modify his password
C. Provided Bob is the manager of John
D. Provided Michael has added Bob to a group, which has permissions to modify the IAM
passwords
Answer: D
Explanation:
Generally with IAM users, the password can be modified in two ways. The first option is to define
the IAM level policy which allows each user to modify their own passwords. The other option is to
create a group and create a policy for the group which can change the passwords of various IAM
users.
http://docs.aws.amazon.com/IAM/latest/UserGuide/HowToPwdIAMUser.html
QUESTION 132
Regarding Amazon SNS, to send messages to a queue through a topic, you must subscribe the
queue to the Amazon SNS topic. You specify the queue by its _______.
A. ARN
B. Token
C. Registration ID
D. URL
Answer: A
Explanation:
In Amazon SNS, to send messages to a queue through a topic, you must subscribe the queue to
the Amazon SNS topic. You specify the queue by its ARN.
http://docs.aws.amazon.com/sns/latest/dg/SendMessageToSQS.html
QUESTION 133
To scale up the AWS resources using manual AutoScaling, which of the below mentioned
parameters should the user change?
A. Maximum capacity
B. Desired capacity
C. Preferred capacity
D. Current capacity
Answer: B
Explanation:
The Manual Scaling as part of Auto Scaling allows the user to change the capacity of Auto
Scaling group. The user can add / remove EC2 instances on the fly. To execute manual scaling,
the user should modify the desired capacity. AutoScaling will adjust instances as per the
requirements. If the user is trying to CLI, he can use command as-set-desired-capacity <Auto
Scaling Group Name> --desired-capacity <New Capacity>
http://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/as-manual-scaling.html
QUESTION 134
A user has configured a website and launched it using the Apache web server on port 80. The
user is using ELB with the EC2 instances for Load Balancing. What should the user do to ensure
that the EC2 instances accept requests only from ELB?
A. Open the port for an ELB static IP in the EC2 security group
B. Configure the security group of EC2, which allows access to the ELB source security group
C. Configure the EC2 instance so that it only listens on the ELB port
D. Configure the security group of EC2, which allows access only to the ELB listener
Answer: B
Explanation:
When a user is configuring ELB and registering the EC2 instances with it, ELB will create a
source security group. If the user wants to allow traffic only from ELB, he should remove all the
rules set for the other requests and open the port only for the ELB source security group.
QUESTION 135
When working with AWS CloudFormation Templates what is the maximum number of stacks that
you can create?
A. 500
B. 50
C. 20
D. 10
Answer: C
Explanation:
CloudFormation Limits
Maximum number of AWS CloudFormation stacks that you can create is 20 stacks.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cloudformation-limits.html
QUESTION 136
Does DynamoDB support in-place atomic updates?
A. It is not defined
B. Yes
C. It does support in-place non-atomic updates
D. No
Answer: B
Explanation:
DynamoDB supports in-place atomic updates.
QUESTION 137
A user is having access to objects of an S3 bucket which is not owned by him. If he is trying to set
the objects of that bucket public, which of the below mentioned options may be a right fit for this
action?
A. Make the bucket public with full access
B. Define the policy for the bucket
C. Provide ACL on the object
D. Create an IAM user with permission
Answer: C
Explanation:
An S3 object ACL is the only way to manage access to objects which are not owned by the
bucket owner. An AWS account that owns the bucket can grant another AWS account permission
to upload objects. The bucket owner does not own these objects. The AWS account that created
the object must grant permissions using object ACLs.
http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-alternatives-guidelines.html
QUESTION 138
A bucket owner has allowed another account's IAM users to upload or access objects in his
bucket. The IAM user of Account A is trying to access an object created by the IAM user of
account B. What will happen in this scenario?
A. The bucket policy may not be created as S3 will give error due to conflict of Access Rights
B. It is not possible to give permission to multiple IAM users
C. AWS S3 will verify proper rights given by the owner of Account A, the bucket owner as well as
by the IAM user B to the object
D. It is not possible that the IAM user of one account accesses objects of the other IAM user
Answer: C
Explanation:
If a IAM user is trying to perform some action on an object belonging to another AWS user's
bucket, S3 will verify whether the owner of the IAM user has given sufficient permission to him.
It also verifies the policy for the bucket as well as the policy defined by the object owner.
QUESTION 139
A user wants to achieve High Availability with PostgreSQL DB. Which of the below mentioned
functionalities helps achieve HA?
A. Read Replica
B. Multi AZ
C. Multi region
D. PostgreSQL does not support HA
Answer: B
Explanation:
The Multi AZ feature allows the user to achieve High Availability. For Multi AZ, Amazon RDS
automatically provisions and maintains a synchronous "standby" replica in a different Availability
Zone.
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html
QUESTION 140
A user is launching an instance with EC2. Which of the below mentioned options does the user
need to consider before launching an instance?
A. Select the region where the instance is being launched.
B. Select the instance type.
C. All the options listed should be considered..
D. Select the OS of the AMI.
Answer: C
Explanation:
Regarding Amazon EC2, when launching an instance, the user needs to select the region the
instance would be launched from. While launching, the user needs to plan for the instance type
and the OS of the instance.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-instance_linux.html
QUESTION 141
A user has created an EBS volume with 1000 IOPS. What is the average IOPS that the user will
get for most of the year as per EC2 SLA if the instance is attached to the EBS optimized
instance?
A. 900
B. 990
C. 950
D. 1000
Answer: A
Explanation:
As per AWS SLA if the instance is attached to an EBS-Optimized instance, then the Provisioned
IOPS volumes are designed to deliver within 10% of the provisioned IOPS performance 99.9% of
the time in a given year. Thus, if the user has created a volume of 1000 IOPS, the user will get a
minimum 900 IOPS 99.9% time of the year.
http://aws.amazon.com/ec2/faqs/
QUESTION 142
Which of the following programming languages have an officially supported AWS SDK? Choose 2
answers
A. Perl
B. PHP
C. Pascal
D. Java
E. SQL
Answer: BD
QUESTION 143
Which statements about DynamoDB are true? Choose 2 answers
A. DynamoDB uses a pessimistic locking model
B. DynamoDB uses optimistic concurrency control
C. DynamoDB uses conditional writes for consistency
D. DynamoDB restricts item access during reads
E. DynamoDB restricts item access during writes
Answer: BC
QUESTION 144
You have an environment that consists of a public subnet using Amazon VPC and 3 instances
that are running in this subnet. These three instances can successfully communicate with other
hosts on the Internet. You launch a fourth instance in the same subnet, using the same AMI and
security group configuration you used for the others, but find that this instance cannot be
accessed from the Internet.
What should you do to enable internet access?
A. Deploy a NAT instance into the public subnet.
B. Modify the routing table for the public subnet
C. Configure a publically routable IP Address In the host OS of the fourth instance.
D. Assign an Elastic IP address to the fourth instance.
Answer: D
QUESTION 145
How can you secure data at rest on an EBS volume?
A. Attach the volume to an instance using EC2's SSL interface.
B. Write the data randomly instead of sequentially.
C. Use an encrypted file system on top of the BBS volume.
D. Encrypt the volume using the S3 server-side encryption service.
E. Create an IAM policy that restricts read and write access to the volume.
Answer: C
QUESTION 146
Which of the following is an example of a good DynamoDB hash key schema for provisioned
throughput efficiency?
A. User ID, where the application has many different users.
B. Status Code where most status codes are the same
C. Device ID, where one is by far more popular than all the others.
D. Game Type, where there are three possible game types
Answer: A
QUESTION 147
Which of the following statements about SWF are true? Choose 3 answers
A. SWF tasks are assigned once and never duplicated
B. SWF requires an S3 bucket for workflow storage
C. SWF workflow executions can last up to a year
D. SWF triggers SNS notifications on task assignment
E. SWF uses deciders and workers to complete tasks
F. SWF requires at least 1 EC2 instance per domain
Answer: ACE
QUESTION 148
Which of the following are correct statements with policy evaluation logic in AWS Identity and
Access Management? Choose 2 answers
A. By default, all requests are denied
B. An explicit allow overrides an explicit deny
C. An explicit allow overrides default deny.
D. An explicit deny does not override an explicit allow
E. By default, all request are allowed
Answer: AC
QUESTION 150
Company D is running their corporate website on Amazon S3 accessed from
http//www.companyd.com. Their marketing team has published new web fonts to a separate S3
bucket accessed by the S3 endpoint https://s3-us-west1.amazonaws.com/cdfonts. While testing
the new web fonts, Company D recognized the web fonts are being blocked by the browser. What
should Company D do to prevent the web fonts from being blocked by the browser?
A. Enable versioning on the cdfonts bucket for each web font
B. Create a policy on the cdfonts bucket to enable access to everyone
C. Add the Content-MD5 header to the request for webfonts in the cdfonts bucket from the website
D. Configure the cdfonts bucket to allow cross-origin requests by creating a CORS configuration
Answer: D
QUESTION 151
What is one key difference between an Amazon EBS-backed and an instance-store backed
instance?
A. Virtual Private Cloud requires EBS backed instances
B. Amazon EBS-backed instances can be stopped and restarted
C. Auto scaling requires using Amazon EBS-backed instances.
D. Instance-store backed instances can be stopped and restarted.
Answer: B
QUESTION 152
A meteorological system monitors 600 temperature gauges, obtaining temperature samples every
minute and saving each sample to a DynamoDB table. Each sample involves writing 1K of data
and the writes are evenly distributed over time.
How much write throughput is required for the target table?
A. 1 write capacity unit
B. 10 write capacity units
C. 60 write capacity units
D. 600 write capacity units
E. 3600 write capacity units
Answer: B
QUESTION 153
A startup s photo-sharing site is deployed in a VPC. An ELB distributes web traffic across two
subnets. ELB session stickiness is configured to use the AWS-generated session cookie, with a
session TTL of 5 minutes. The webserver Auto Scaling Group is configured as: min-size=4, maxsize=
- The startups preparing for a public launch, by running load-testing software installed on a
single EC2 instance running in us-west-2a. After 60 minutes of load-testing, the webserver logs
show:
Which recommendations can help ensure load-testing HTTP requests are evenly distributed
across the four webservers? Choose 2 answers
A. Launch and run the load-tester EC2 instance from us-east-1 instead.
B. Re-configure the load-testing software to re-resolve DNS for each web request.
C. Use a 3rd-party load-testing service which offers globally-distributed test clients.
D. Configure ELB and Auto Scaling to distribute across us-west-2a and us-west-2c.
E. Configure ELB session stickiness to use the app-specific session cookie.
Answer: BE
QUESTION 154
You have written an application that uses the Elastic Load Balancing service to spread traffic to
several web servers Your users complain that they are sometimes forced to login again in the
middle of using your application, after they have already togged in. This is not behavior you have
designed. What is a possible solution to prevent this happening?
A. Use instance memory to save session state.
B. Use instance storage to save session state.
C. Use EBS to save session state
D. Use ElastiCache to save session state.
E. Use Glacier to save session slate.
Answer: D
QUESTION 155
If a message is retrieved from a queue in Amazon SQS, how long is the message inaccessible to
other users by default?
A. 0 seconds
B. 1 hour
C. 1 day
D. forever
E. 30 seconds
Answer: E
QUESTION 156
Which of the following are valid SNS delivery transports? Choose 2 answers
A. HTTP
B. UDP
C. SMS
D. DynamoDB
E. Named Pipes
Answer: AC
QUESTION 157
When uploading an object, what request header can be explicitly specified in a request to
Amazon S3 to encrypt object data when saved on the server side?
A. x-amz-storage-class
B. Content-MD5
C. x-amz-security-token
D. x-amz-server-side-encryption
Answer: D
QUESTION 158
Which DynamoDB limits can be raised by contacting AWS support? Choose 2 answers
A. The number of hash keys per account
B. The maximum storage used per account
C. The number of tables per account
D. The number of local secondary indexes per account
E. The number of provisioned throughput units per account
Answer: CE
QUESTION 159
In AWS, which security aspects are the customer's responsibility? Choose 4 answers
A. Life-cycle management of IAM credentials
B. Decommissioning storage devices
C. Security Group and ACL (Access Control List) settings
D. Encryption of EBS (Elastic Block Storage) volumes
E. Controlling physical access to compute resources
F. Patch management on the EC2 instance's operating system
Answer: ABCF
QUESTION 160
You are providing AWS consulting services for a company developing a new mobile application
that will be leveraging Amazon SNS Mobile Push for push notifications. In order to send direct
notification messages to individual devices each device registration identifier or token needs to be
registered with SNS; however the developers are not sure of the best way to do this.
You advise them to:
A. Bulk upload the device tokens contained in a CSV file via the AWS Management Console.
B. Let the push notification service (e.g. Amazon Device Messaging) handle the registration.
C. Implement a token vending service to handle the registration.
D. Call the CreatePlatformEndPoint API function to register multiple device tokens.
Answer: B
QUESTION 161
In DynamoDB, what type of HTTP response codes indicate that a problem was found with the
client request sent to the service?
A. 5xx HTTP response code
B. 200 HTTP response code
C. 306 HTTP response code
D. 4xx HTTP response code
Answer: D
QUESTION 162
You are inserting 1000 new items every second in a DynamoDB table. Once an hour these items
are analyzed and then are no longer needed. You need to minimize provisioned throughput,
storage, and API calls.
Given these requirements, what is the most efficient way to manage these Items after the
analysis?
A. Retain the items in a single table
B. Delete items individually over a 24 hour period
C. Delete the table and create a new table per hour
D. Create a new table per hour
Answer: C
QUESTION 163
Which features can be used to restrict access to data in S3? Choose 2 answers
A. Use S3 Virtual Hosting
B. Set an S3 Bucket policy.
C. Enable IAM Identity Federation.
D. Set an S3 ACL on the bucket or the object.
E. Create a CloudFront distribution for the bucket
Answer: CD
QUESTION 164
Company B provides an online image recognition service and utilizes SOS to decouple system
components for scalability The SQS consumers poll the imaging queue as often as possible to
keep end-to-end throughput as high as possible. However, Company B is realizing that polling in
tight loops is burning CPU cycles and increasing costs with empty responses.
How can Company B reduce the number of empty responses?
A. Set the imaging queue visibility Timeout attribute to 20 seconds
B. Set the Imaging queue ReceiveMessageWaitTimeSeconds attribute to 20 seconds
C. Set the imaging queue MessageRetentionPeriod attribute to 20 seconds
D. Set the DelaySeconds parameter of a message to 20 seconds
Answer: B
QUESTION 165
What AWS products and features can be deployed by Elastic Beanstalk? Choose 3 answers
A. Auto scaling groups
B. Route 53 hosted zones
C. Elastic Load Balancers
D. RDS Instances
E. Elastic IP addresses
F. SQS Queues
Answer: ACD
QUESTION 166
What is the maximum number of S3 Buckets available per AWS account?
A. 100 per region
B. there is no limit
C. 100 per account
D. 500 per account
E. 100 per IAM user
Answer: C
QUESTION 167
What is the format of structured notification messages sent by Amazon SNS?
A. An XML object containing MessageId, UnsubscribeURL, Subject, Message and other values
B. An JSON object containing MessageId, DuplicateFlag, Message and other values
C. An XML object containing MessageId, DuplicateFlag, Message and other values
D. An JSON object containing MessageId, unsubscribeURL, Subject, Message and other values
Answer: D
QUESTION 168
When using a large Scan operation in DynamoDB, what technique can be used to minimize the
impact of a scan on a table's provisioned throughput?
A. Set a smaller page size for the scan
B. Use parallel scans
C. Define a range index on the table
D. Prewarm the table by updating all items
Answer: C
QUESTION 169
Which code snippet below returns the URL of a load balanced web site created in
CloudFormation with an AWS::ElasticLoadBalancing::LoadBalancer resource name "ElasticLoad
Balancer"?
A. "Fn::Join" : ["". [ "http://", {"Fn::GetAtr" : [ "ElasticLoadBalancer","DNSName"]}]]
B. "Fn::Join" : ["". [ "http://", {"Fn::GetAtr" : [ "ElasticLoadBalancer","Url"]}]]
C. "Fn::Join" : ["". [ "http://", {"Ref" : "ElasticLoadBalancerUrl"}]]
D. "Fn::Join" : [".", [ "http://", {"Ref" : "ElasticLoadBalancerDNSName"}]]
Answer: B
QUESTION 170
You are getting a lot of empty receive requests when using Amazon SQS.
This is making a lot of unnecessary network load on your instances.
What can you do to reduce this load?
A. Subscribe your queue to an SNS topic instead.
B. Use as long of a poll as possible, instead of short polls.
C. Alter your visibility timeout to be shorter.
D. Use <code>sqsd</code> on your EC2 instances.
Answer: B
Explanation:
One benefit of long polling with Amazon SQS is the reduction of the number of empty responses,
when there are no messages available to return, in reply to a ReceiveMessage request sent to an
Amazon SQS queue. Long polling allows the Amazon SQS service to wait until a message is
available in the queue before sending a response.