0% found this document useful (0 votes)
103 views

Sysops 4

Uploaded by

Yogesh rao
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
103 views

Sysops 4

Uploaded by

Yogesh rao
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 98

2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Whizlabs O er | Flat 15% OFF SITEWIDE | Use Coupon - WHIZOFFER15

 j My Courses j AWS Certi ed SysOps Administrator Associate j New Practice Test IV j Report

Search Courses D
New Practice Test IV Completed on 08-July-2019

Attempt Marks Obtained Your score


06 65 / 65 100%

Time Taken Result


00 H 46 M 54 S Congratulations! Passed

Share your Result with your friends


hm
Domains wise Quiz Performance Report

No 1
Domain Other
Total Question 65
Correct 65
Incorrect 0
Unattempted 0
Marked for review 3

Total Total
All Domain All Domain
Total Question 65
Correct 65
Incorrect 0
Unattempted 0
Marked for review 3

https://www.whizlabs.com/learn/course/quiz-result/283506 1/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Review the Answers

Sorting by All

Question 1 Correct

Domain : Other

A company has a web application hosted on an EC2 Instance. The application has become a recent
target for attacks from the Internet. The attacks are making use of malformed HTTP requests. Which
of the following service can help mitigate this attack?

] A. AWS Application Load balancer

] B. AWS Autoscaling

] C. Network Access Control Lists

z] D. AWS WAF
A
Explanation:

Answer – D

The AWS Documentation mentions the following

AWS WAF is a web application firewall that helps protect your web applications from common web
exploits that could affect application availability, compromise security, or consume excessive
resources. AWS WAF gives you control over which traffic to allow or block to your web applications by
defining customizable web security rules. You can use AWS WAF to create custom rules that block
common attack patterns, such as SQL injection or cross-site scripting, and rules that are designed for
your specific application. 

Option A is incorrect since the Load balancer service is only used to distribute traffic

Option B is incorrect since this service is used to scale the architecture

Option C is incorrect since this feature cannot be used to block application level attacks

For more information on AWS WAF, please refer to the below URL

https://aws.amazon.com/waf/

https://www.whizlabs.com/learn/course/quiz-result/283506 2/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Ask our Experts

Rate this Question? vu


Question 2 Correct

Domain : Other

A company has a set of files in an S3 bucket. They are worried about all the attacks that happen
across the Internet. They are especially worried about cases where data is stolen and subject to
ransomware. Which of the following can help protect the files in the bucket?

z] A. Enable Versioning on the S3 bucket


A
] B. Enable S3 Bucket Encryption

] C. Moving the objects to Amazon Glacier

] D. Moving the objects to S3-Infrequent Access

Explanation:

Answer – A

Option A is CORRECT because enabling AWS S3 bucket versioning will help preserve and recover
changed and deleted S3 objects, which can help with ransomware attacks and accidents.

https://www.itproportal.com/features/con guring-aws-s3-dont-be-the-next-bucket-
blunder/

Option B is incorrect, because "S3 Encryption" would not help prevent "ransomware" attacks.
Encryption is of two types: "At-rest" and "In-transit". "Encryption at rest" means the server side
encryption on AWS  and "Encryption in transit" helps secure data in transit when it is accessed from
S3 buckets.

Options C and D are incorrect since these are used to move objects to lower cost storage

Try now labs related to this question

https://www.whizlabs.com/learn/course/quiz-result/283506 3/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Introduction to Amazon Simple Storage Service (S3)


This lab walks you through to Amazon Simple Storage Service. Amazon S3 has a simple web
services interface that you can use to store and retrieve any amount of data, at any time, from
anywhere on the web. In this lab we will demonstrate AWS S3 by creating a sample S3 bucket,
uploading an object to S3 bucket and setting up bucket permission and policy.

g Credit Needed 10 c Time 0 : 30 Try Now

Ask our Experts

Rate this Question? vu


Question 3 Correct

Domain : Other

A company has a set of files in an S3 bucket. Recently some employees inadvertently deleted some
files from the bucket. The CIO has now informed you that all measures should be taken to ensure that
the objects in the bucket are protected from such sort of incidents in the future. How could this be
accomplished?

z] A. Enable MFA delete by using root credentials and by using the AWS CLI
A
] B. Enable MFA delete by using root credentials and by using the AWS Console

Enable MFA delete by using an IAM user with administrative privileges and using the
] C.
AWS CLI

Enable MFA delete by using an IAM user with administrative privileges and using the
] D.
AWS Console.

Explanation:

Answer – A

This is given in the AWS Documentation

https://www.whizlabs.com/learn/course/quiz-result/283506 4/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Because this is clearly mentioned in the documentation, all other options are invalid

For more information on MFA delete, please refer to the below URL

https://aws.amazon.com/blogs/security/securing-access-to-aws-using-mfa-part-3/

Steps to activate MFA Delete through CLI:


1. aws s3api list-buckets --> gives the list of S3 buckets in the account.
2. aws s3api get-bucket-versioning --bucket <bucket name> --> tells us whether versioning is
enabled or not on the bucket.
3. aws s3api put-bucket-versioning --bucket <bucket name> --versioning-configuration
Status=Enabled--mfa <device serial number>--> this command enables versioning on the mentioned
S3 bucket and also enables MFA delete.

Follow the link on how to work with con guring MFA Delete on S3:

https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTVersioningStatus.html

https://docs.aws.amazon.com/general/latest/gr/aws_tasks-that-require-root.html

Please refer to the following link for using MFA through CLI

https://aws.amazon.com/premiumsupport/knowledge-center/authenticate-mfa-cli/

https://www.whizlabs.com/learn/course/quiz-result/283506 5/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Please refer to the below link on the steps that are needed to enable MFA delete for S3

https://www.cloudmantra.net/blog/how-to-enable-mfa-delete-for-s3-bucket/

Try now labs related to this question

Introduction to Amazon Simple Storage Service (S3)


This lab walks you through to Amazon Simple Storage Service. Amazon S3 has a simple web
services interface that you can use to store and retrieve any amount of data, at any time, from
anywhere on the web. In this lab we will demonstrate AWS S3 by creating a sample S3 bucket,
uploading an object to S3 bucket and setting up bucket permission and policy.

g Credit Needed 10 c Time 0 : 30 Try Now

Ask our Experts

Rate this Question? vu


Question 4 Correct

Domain : Other

 
As a Sysops Administrator, you are uploading files from your data center on to AWS Glacier. The total
amount of data in your data center is approximately 70 TB. But when you upload files, you can see the
names of the files are not the same as those which have uploaded. For example, you upload a file
demo.txt and then in Glacier you can see the archive ID as 
“TJgHcrOSfAkV6hdPqOATYfp_0ZaxL1pIBOc02iZ0gDPMr2ig-nhwd_PafstsdIf6HSrjHnP-
3p6LCJClYytFT_CBhT9CwNxbRaM5MetS3I-GqwxI3Y8QtgbJbhEQPs0mJ3KExample”
What can be done to ensure that you can have the same file in Glacier ensuring minimal impact to
cost? Choose 2 answers from the options given below.
 
 
 

Create a PostGreSQL database and have an entry for files names in Glacier against
A.
the action file names

B. Upload the files directly to glacier using the AWS Console

https://www.whizlabs.com/learn/course/quiz-result/283506 6/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

z C.
Use the AWS Snowball to upload the files to S3 and then move it to Glacier
storage for archival using Lifecycle rules. A
Use the AWS Snowball Edge device to upload the files. Here the file names will be
D.
the same in Glacier

z E.
Upload the files in Amazon S3 Infrequent Access and then use lifecycle policies
to move them to Glacier A
Explanation:

Answer – C and E

You can upload the files to Amazon S3 either directly or by using a Snowball device. The Lifecycle
policies can then be used to transition the storage class of the object to Glacier. So here the file
names will be preserved.

Option A is invalid because this would not be a cost effective and easy maintenance option

Option B is invalid because you cannot upload files directly to Glacier

Option D is invalid because the Snowball Edge device would not be a cost effective option

For more information on uploading an archive, please refer to the below URL

https://docs.aws.amazon.com/amazonglacier/latest/dev/uploading-an-archive.html

Try now labs related to this question

Introduction to Amazon Simple Storage Service (S3)


This lab walks you through to Amazon Simple Storage Service. Amazon S3 has a simple web
services interface that you can use to store and retrieve any amount of data, at any time, from
anywhere on the web. In this lab we will demonstrate AWS S3 by creating a sample S3 bucket,
uploading an object to S3 bucket and setting up bucket permission and policy.

g Credit Needed 10 c Time 0 : 30 Try Now

https://www.whizlabs.com/learn/course/quiz-result/283506 7/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Ask our Experts

Rate this Question? vu


Question 5 Marked as review Correct

Domain : Other

Your company wants to move a database from their On-premise infrastructure to AWS. This is a
MySQL database. They want you as a SysOps Administrator to facilitate this move. They want to
ensure this move is as easy as possible. Which of the following service would you choose for hosting
the database?

z] A. AWS RDS
A
] B. AWS DynamoDB

] C. AWS Redshift

] D. AWS EMR

Explanation:

Answer – A

The AWS Documentation mentions the following

Amazon Relational Database Service (Amazon RDS) is a web service that makes it easier to set up,
operate, and scale a relational database in the cloud. It provides cost-efficient, resizable capacity for
an industry-standard relational database and manages common database administration tasks.

One of the database engines supported by this service is MySQL. So this would be the best option.

Option B is invalid because this is a NoSQL database solution

Option C is invalid because this is peta byte storage solution

Option D is invalid because this is a Big data solution

For more information on AWS RDS, please refer to the below URL

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html
https://www.whizlabs.com/learn/course/quiz-result/283506 8/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Try now labs related to this question

Deploying Amazon RDS Multi-AZ and Read Replica, Simulate Failover

1. This lab walks you through the steps to launch Amazon Aurora RDS DB instance with
multi-AZ enabled and simulate failover.

2. You will practice it using Amazon Aurora.

g Credit Needed 10 c Time 1:0 Try Now

Ask our Experts

Rate this Question? vu


Question 6 Correct

Domain : Other

An application is hosted via a Load Balancer and Autoscaling Group. The application utilizes a lot of
memory. Which of the following inbuilt metrics should be used for Autoscaling?

] A. Memory Utilization

z] B. CPU Utilization
A
] C. BackendConnectionErrors

] D. HealthyHostCount

Explanation:

Answer – B

https://www.whizlabs.com/learn/course/quiz-result/283506 9/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Now this is a tricky question. The question mentions that the application is resource intensive. So, by
default we can assume that we could scale the instances in the Autoscaling Group by the Memory
utilization. But then it also mentions that we need to use a built-in metric. And Memory is not a built in
metric for EC2 in Cloudwatch , so we will use the metric of CPU Utilization

Option A is invalid because this is not an In-built metric

Options C and D are incorrect since these are metrics for the Elastic Load Balancer. And we should
scale based on the utilization of the EC2 Instances

For more information on the available metrics for EC2, please refer to the below URL

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/viewing_metrics_with_cloudwatch.html

Try now labs related to this question

Using CloudWatch for Resource Monitoring, Create CloudWatch Alarms and Dashboards
This lab walks you through the various CloudWatch features available which are used for
resource monitoring.

g Credit Needed 10 c Time 0 : 45 Try Now

Ask our Experts

Rate this Question? vu


Question 7 Correct

Domain : Other

An application is hosted via a Load Balancer and Autoscaling Group. There are lot of 4xx errors being
faced by users. You need to ensure that you understand the client addresses from these errors
originated. How can you accomplish this?

z] A.
If the Elastic Load Balancer logs were enabled, you can use the logs in the
Simple Storage service to get the IP addresses. A
] B. You can query the client’s workstations to get the logs

https://www.whizlabs.com/learn/course/quiz-result/283506 10/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

The logs would automatically be available. Download the logs using the Elastic
] C.
Load Balancer Console.

] D. Get the logs from the Autoscaling Group

Explanation:

Answer – A

The AWS Documentation mentions the following with the availability of logs for the Elastic Load
Balancer

Elastic Load Balancing provides access logs that capture detailed information about requests sent to
your load balancer. Each log contains information such as the time the request was received, the
client's IP address, latencies, request paths, and server responses. You can use these access logs to
analyze traffic patterns and to troubleshoot issues.

Access logging is an optional feature of Elastic Load Balancing that is disabled by default. After you
enable access logging for your load balancer, Elastic Load Balancing captures the logs and stores
them in the Amazon S3 bucket that you specify. You can disable access logging at any time.

Option B is invalid since this is not a viable option

Option C is invalid since the ELB logs would be available in S3 and by default are not automatically
available

Option D is invalid since we need to get the ELB logs

For more information on ELB access logs, please refer to the below URL

https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/access-log-collection.html

Try now labs related to this question

Introduction to AWS Elastic Load Balancing


This lab walks you through AWS Elastic Load Balancing. Elastic Load Balancing automatically
distributes incoming application traffic across multiple Amazon EC2 instances in the cloud. In
this lab, we will demonstrate elastic load balancing with 2 EC2 Instances.

https://www.whizlabs.com/learn/course/quiz-result/283506 11/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

g Credit Needed 10 c Time 0 : 30 Try Now

Ask our Experts

Rate this Question? vu


Question 8 Correct

Domain : Other

You’re the SysOps Administrator for a company. You have been instructed to setup a web server and
database server in a VPC. The database server should not have connectivity to the Internet. But you
need to ensure that the database server can securely download updates from the Internet? Which of
the following could you add to the VPC to achieve this? Choose 2 answers from the options given
below.

z A. NAT Instance
A
z B. NAT gateway
A
C. VPC Peering

D. VPN Connection

Explanation:

Answer – A and B

The AWS Documentation mentions the following

You can use a NAT device to enable instances in a private subnet to connect to the Internet (for
example, for software updates) or other AWS services, but prevent the Internet from initiating
connections with the instances. A NAT device forwards traffic from the instances in the private subnet
to the Internet or other AWS services, and then sends the response back to the instances. When traffic
goes to the Internet, the source IPv4 address is replaced with the NAT device’s address and similarly,
when the response traffic goes to those instances, the NAT device translates the address back to
those instances’ private IPv4 addresses.

AWS offers two kinds of NAT devices—a NAT gateway or a NAT instance.

https://www.whizlabs.com/learn/course/quiz-result/283506 12/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Option C is incorrect since this is used to connect multiple VPC’s together

Option D is incorrect since this used to establish virtual private connections

For more information on the NAT device, please refer to the below URL

https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat.html

Ask our Experts

Rate this Question? vu


Question 9 Correct

Domain : Other

A company has a number of sensitive files available in an S3 bucket. The CIO is worried about the
security of the documents in the bucket. As the SysOps Administrator, you have been instructed to
ensure all objects in the bucket are encrypted at rest. How can you achieve this?

z] A. Enable AWS S3 Default Encryption


A
Place the following statement in the bucket policy
"Statement":[  
             {           
            "Sid":"Stmt1504640908907",
                  "Effect":"Deny",
                  "Principal":"*",
                  "Action":"s3:GetObject",
        
] B.            "Resource":"arn:aws:s3:::/*",
                  "Condition":{  
                         "Bool":{  
                                "aws: SecureTransport":"false"                       
  
         }                    
      }             
   }      
]

https://www.whizlabs.com/learn/course/quiz-result/283506 13/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Place the following statement in the bucket policy


"Statement":[  
         
            {  
                 
                "Sid":"Stmt1504640908907",
                      "Effect":"Allow",
                       "Principal":"*",
                       "Action":"s3:GetObject",
] C.
                       "Resource":"arn:aws:s3:::/*",
                       "Condition":{  
                              "Bool":{  
                                "aws: SecureTransport":"false"                       
  
         }                    
      }             
   }      
]

] D. Enable versioning for the buckets

Explanation:

Answer – A

The AWS Documentation mentions the following

Amazon S3 default encryption provides a way to set the default encryption behaviour for an S3
bucket. You can set default encryption on a bucket so that all objects are encrypted when they are
stored in the bucket. The objects are encrypted using server-side encryption with either Amazon S3-
managed keys (SSE-S3) or AWS KMS-managed keys (SSE-KMS).

Options B and C are incorrect since this is used for securing data in transit

Option D is incorrect since this is used to help in avoiding accidental deletion of objects

For more information on S3 bucket Encryption, please refer to the below URL

https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html

Try now labs related to this question

https://www.whizlabs.com/learn/course/quiz-result/283506 14/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Introduction to Amazon Simple Storage Service (S3)


This lab walks you through to Amazon Simple Storage Service. Amazon S3 has a simple web
services interface that you can use to store and retrieve any amount of data, at any time, from
anywhere on the web. In this lab we will demonstrate AWS S3 by creating a sample S3 bucket,
uploading an object to S3 bucket and setting up bucket permission and policy.

g Credit Needed 10 c Time 0 : 30 Try Now

Ask our Experts

Rate this Question? vu


Question 10 Correct

Domain : Other

You work as a SysOps Administrator for a company. There is a Security requirement to ensure that API
calls for EC2 Instances are logged. You also need to be notified of any Termination API calls for EC2
Instances. How can you automate this requirement? Choose 2 answers from the options given below

z A. Create a trail in Cloudtrail


A
B. Create a log stream in Cloudwatch

z C.
Create a Lambda function and add it as an event destination for the S3 bucket.
Use SNS topic for notification. A
D. Create an SNS topic and add it as an event destination for the S3 bucket

Explanation:

Answer – A and C

The AWS Documentation mentions the following

AWS CloudTrail is a service that provides a record of actions taken by a user, role, or an AWS service.
CloudTrail captures API calls as events. For an ongoing record of events in your AWS account, you
create a trail. A trail enables CloudTrail to deliver log files of events to an Amazon S3 bucket.

https://www.whizlabs.com/learn/course/quiz-result/283506 15/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

You can take advantage of Amazon S3's bucket notification feature and direct Amazon S3 to publish
object-created events to AWS Lambda. Whenever CloudTrail writes logs to your S3 bucket, Amazon
S3 can then invoke your Lambda function by passing the Amazon S3 object-created event as a
parameter. The S3 event provides information, including the bucket name and key name of the log
object that CloudTrail created. Your Lambda function code can read the log object and process the
access records logged by CloudTrail. For example, you might write Lambda function code to notify
you if specific API call was made in your account.

Option B is incorrect since the correct service for API Logging is Cloudtrail

Option D is incorrect since AWS Lambda functions should be used for notifications

For more information on Lambda with Cloudtrail, please refer to the below URL

https://docs.aws.amazon.com/lambda/latest/dg/with-cloudtrail.html

Try now labs related to this question

Creating and Subscribing to SNS Topics, Adding SNS event for S3 bucket
This lab walks you through the creation and subscription of an Amazon SNS Topic. Using AWS
S3 bucket you will test the subscription.

g Credit Needed 10 c Time 0 : 30 Try Now

Ask our Experts

Rate this Question? vu


Question 11 Correct

Domain : Other

A company has a series of infrastructure stacks which make use of Chef and Puppet recipes which
they want to host in AWS. The company wants to ensure that this is done in the easiest way possible.
Which of the following service would be ideal for this scenario?

] A. AWS Beanstalk

z] B. AWS Opswork
A
https://www.whizlabs.com/learn/course/quiz-result/283506 16/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

] C. AWS EC2

] D. AWS Config

Explanation:

Answer – B

The AWS Documentation mentions the following

AWS OpsWorks is a configuration management service that provides managed instances of Chef and
Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the
configurations of your servers. OpsWorks lets you use Chef and Puppet to automate how servers are
configured, deployed, and managed across your Amazon EC2 instances or on-premises compute
environments. 

Option A is incorrect since this service does not have inbuilt support for Chef and Puppet

Option C is incorrect since this would involve a lot of maintenance

Option D is incorrect since this is a configuration service

For more information on AWS Opswork, please refer to the below URL

https://aws.amazon.com/opsworks/

Ask our Experts

Rate this Question? vu


Question 12 Correct

Domain : Other

A company has an on-premise asymmetric key management service. They want to integrate this with
AWS Services. How can you achieve this?

] A. Use AWS KMS and integrate this with the on-premise service

https://www.whizlabs.com/learn/course/quiz-result/283506 17/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

z] B. Use AWS CloudHSM and integrate this with the on-premise service
A
] C. Upload the customer key from KMS to the on-premise service

] D. Create an EC2 Instance out of the AMI from the AWS Marketplace

Explanation:

Answer – B

With CloudHSM you can work with both Symmetric and asymmetric keys

So, the below snapshot from the documentation shows how to generate RSA keys

Options A and C is incorrect since here you can only generate symmetric keys

Option D is incorrect since you can use the Cloud HSM service for this
https://www.whizlabs.com/learn/course/quiz-result/283506 18/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

For more information on managing keys in HSM, please refer to the below URL

https://docs.aws.amazon.com/cloudhsm/latest/userguide/manage-keys.html

Ask our Experts

Rate this Question? vu


Question 13 Correct

Domain : Other

Your company has setup a company web site by hosting an application on a set of EC2 Instances.
They have placed an Elastic Load Balancer in front of the EC2 Instances. You need to point the zone
apex record to an ELB(company.com). Which of the following records would you use for this?

] A. TXT

] B. MX

z] C. ALIAS
A
] D. AAAA

Explanation:

Answer – C

The AWS Documentation mentions the following

Unlike a CNAME record, you can create an alias record at the top node of a DNS namespace, also
known as the zone apex. For example, if you register the DNS name example.com, the zone apex is
example.com. You can't create a CNAME record for example.com, but you can create an alias record
for example.com that routes traffic to www.example.com.

When Route 53 receives a DNS query for an alias record, Route 53 responds with the applicable value
for that resource:

·         A CloudFront distribution – Route 53 responds with one or more IP addresses for CloudFront
edge servers that can serve your content.

https://www.whizlabs.com/learn/course/quiz-result/283506 19/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

·         An Elastic Beanstalk environment – Route 53 responds with one or more IP addresses for the
environment.

·         An ELB load balancer – Route 53 responds with one or more IP addresses for the load balancer.

·         An Amazon S3 bucket that is configured as a static website – Route 53 responds with one IP
address for the Amazon S3 bucket.

·         Another Route 53 record in the same hosted zone – Route 53 responds as if the query is for the
record that is referenced by the alias record.

Because of what mentioned in the AWS Documentation , all other options are invalid

For more information on choosing ALIAS records, please refer to the below URL

https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-choosing-
alias-non-alias.html

Ask our Experts

Rate this Question? vu


Question 14 Marked as review Correct

Domain : Other

You have 2 sets of Instances, one is for the web layer and the other is for the database layer. You need
to ensure internal communication for these instances. You have to ensure that the instances cannot
communicate with the Internet. Which of the following setups would adhere to this requirement?

z] A. Private subnets in different availability zones for the web and database layer.
A
] B. Public subnets in different availability zones for the web and database layer.

] C. Private subnets in different regions for the web and database layer.

] D. Public subnets in different regions for the web and database layer.

Explanation:

 
https://www.whizlabs.com/learn/course/quiz-result/283506 20/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Answer – A

You can have the subnets as private subnets and the Instances can communicate via their private IP
addresses

Option B is incorrect since you should not use public subnets since it clearly mentions that the
Instances should not be accessible to the Internet

Options C and D are incorrect since the Instances should be in a region and not across regions.

For more information on an example for a VPC configuration, please refer to the below URL

https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Scenario2.html

Try now labs related to this question

Build Amazon VPC with Public and Private Subnets from Scratch
Objective

1. Learn how to build Public and Private subnets from scratch.

2. VPC wizard will not be used. So every component required to build public and private
subnets will be created and configured manually.

3. This will give an in-depth understanding of internal components of VPC and subnets.

Lab Details:    

1. This lab walks you through to AWS Virtual Private Cloud (VPC) creation from scratch. 

2. In this lab, we will create a VPC without using VPC Wizard. We will create a public and
private subnets. Along with that we will be configuring Route tables.

g Credit Needed 10 c Time 0 : 30 Try Now

Ask our Experts

Rate this Question? vu


https://www.whizlabs.com/learn/course/quiz-result/283506 21/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Question 15 Correct

Domain : Other

You have 2 sets of EC2 Instances, one is placed in Public Subnet(web server), and the other one
placed in Private Subnet(Database server). The database server should not be publicly accessible. 
You have tested the setup, but you can see that the web server cannot access external services. 
Which of the following can help solve the issue?

z] A.
Create an Internet gateway, attach it to the VPC. Modify the Route tables for the
subnet for the web server. A
Create a NAT gateway, attach it to the VPC. Modify the Route tables for the subnet
] B.
for the web server.

] C. Ensure that private IP’s are assigned to the web servers for communication

] D. Ensure that the web server is placed behind an Elastic Load Balancer

Explanation:

Answer – A

The below diagram shows an example of a VPC with a public and private subnet. Here the web
servers can be placed in the public subnet. Here you need to attach an Internet gateway to the VPC
and modify the route tables accordingly.

https://www.whizlabs.com/learn/course/quiz-result/283506 22/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Option B is incorrect since the NAT gateway is normally used for secure communication of
Instances in the private subnet

Option C is incorrect since private IP’s are not used for communication with the Internet

Option D is incorrect since it is not necessary that the Instances need to be placed behind an ELB
for Internet access

For more information on an example for a VPC con guration, please refer to the below URL

https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Scenario2.html

https://www.whizlabs.com/learn/course/quiz-result/283506 23/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Try now labs related to this question

Build Amazon VPC with Public and Private Subnets from Scratch
Objective

1. Learn how to build Public and Private subnets from scratch.

2. VPC wizard will not be used. So every component required to build public and private
subnets will be created and configured manually.

3. This will give an in-depth understanding of internal components of VPC and subnets.

Lab Details:    

1. This lab walks you through to AWS Virtual Private Cloud (VPC) creation from scratch. 

2. In this lab, we will create a VPC without using VPC Wizard. We will create a public and
private subnets. Along with that we will be configuring Route tables.

g Credit Needed 10 c Time 0 : 30 Try Now

Ask our Experts

Rate this Question? vu


Question 16 Marked as review Correct

Domain : Other

You currently have a setup which contains a web server in a private subnet and a bastion host in the
public subnet. You have set the following Inbound Rules for the security groups for the Bastion host.
Protocol Type:TCP
Port Number:22
Source:51.10.2.1/32
 
Protocol Type:TCP
Port Number:22
https://www.whizlabs.com/learn/course/quiz-result/283506 24/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Source:sg-xxxxxxxx
 
Protocol Type:TCP
Port Number:389
Source:10.2.1.0/24
Ideally the setup to the bastion host should only connect from the IP address of 51.10.2.1. But from the
logs you can see there are other IPs also having the ability to establish a connection to the bastion
host? Which of the following is a clear explanation for this?

] A. The source IP of 51.10.2.1/32 does not limit the access to just one IP address

Since you have allowed the connection to port 389 which is higher than port 22,
] B.
hence other IPs are also able to establish communications.

z] C.
The IP addresses belonging to the security group of sg-xxxxxxxx are able to
connect to the bastion host A
By default, all IP addresses are allowed communication into the subnet from the
] D.
Internet

Explanation:

Answer – C

Since the security group for the bastion host is also allowing communication from the security group
for sg-xxxxxxxx , the IP addresses from this security group also have the ability to communicate with
the bastion host

Option A is incorrect since the /32 does limit it to one IP address

Options B and D are incorrect since these are not valid points

For more information on security groups for the VPC, please refer to the below URL

https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html

Try now labs related to this question

Build Amazon VPC with Public and Private Subnets from Scratch
Objective

1. Learn how to build Public and Private subnets from scratch.

https://www.whizlabs.com/learn/course/quiz-result/283506 25/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

2. VPC wizard will not be used. So every component required to build public and private
subnets will be created and configured manually.

3. This will give an in-depth understanding of internal components of VPC and subnets.

Lab Details:    

1. This lab walks you through to AWS Virtual Private Cloud (VPC) creation from scratch. 

2. In this lab, we will create a VPC without using VPC Wizard. We will create a public and
private subnets. Along with that we will be configuring Route tables.

g Credit Needed 10 c Time 0 : 30 Try Now

Ask our Experts

Rate this Question? vu


Question 17 Correct

Domain : Other

You are a SysOps Administrator for a company. Your company has a set of EC2 Instances in a VPC. You
have been told that a report needs to be generated for the list of IP addresses which are establishing
communication with the Instances in the subnet. Which of the following can help you achieve this
requirement?

z] A. AWS VPC Flow Logs


A
] B. AWS Cloudwatch

] C. AWS Cloudtrail

] D. AWS Config

Explanation:

Answer – A

https://www.whizlabs.com/learn/course/quiz-result/283506 26/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

The AWS Documentation mentions the following

VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and
from network interfaces in your VPC. Flow log data can be published to Amazon CloudWatch Logs
and Amazon S3. After you've created a flow log, you can retrieve and view its data in the chosen
destination.

Option B is incorrect since these are just meant for a logging service. Yes you can direct VPC Flow
logs to Cloudwatch , but the primary feature which still needs to be used for this requirement is VPC
Flow logs

Option C is incorrect since this service is used for API logging

Option D is incorrect since this service is used for configuration management

For more information on VPC Flow logs, please refer to the below URL

https://docs.aws.amazon.com/vpc/latest/userguide/ ow-logs.html

Try now labs related to this question

Build Amazon VPC with Public and Private Subnets from Scratch
Objective

1. Learn how to build Public and Private subnets from scratch.

2. VPC wizard will not be used. So every component required to build public and private
subnets will be created and configured manually.

3. This will give an in-depth understanding of internal components of VPC and subnets.

Lab Details:    

1. This lab walks you through to AWS Virtual Private Cloud (VPC) creation from scratch. 

2. In this lab, we will create a VPC without using VPC Wizard. We will create a public and
private subnets. Along with that we will be configuring Route tables.

g Credit Needed 10 c Time 0 : 30 Try Now

https://www.whizlabs.com/learn/course/quiz-result/283506 27/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Ask our Experts

Rate this Question? vu


Question 18 Correct

Domain : Other

Your company has a set of files in an S3 bucket. The CIO wants to be informed when access to a
bucket is open to the world. Which of the following can be used as a security measure but also
ensuring that you don’t put too much access restrictions on the bucket for existing users.

] A. Use a bucket policy and place a DENY statement for the PutObject Action

z] B.
Use AWS Config to monitor any malicious activity and then use SNS to send
notifications to the security department A
] C. Enable versioning for the bucket

Place the following statement in the bucket policy {   "Version":"2012-10-17",  


] D. "Statement":[     {       "Sid":"AddPerm",       "Effect":"Allow",       "Principal": "*",      
"Action":["s3:GetObject"],       "Resource":["arn:aws:s3:::examplebucket/*"]     }   ] }

Explanation:

Answer – B

The AWS Documentation mentions the following

AWS Config enables continuous monitoring of your AWS resources, making it simple to assess, audit,
and record resource configurations and changes. AWS Config does this through the use of rules that
define the desired configuration state of your AWS resources. AWS Config provides a number of AWS
managed rules that address a wide range of security concerns such as checking if you encrypted your
Amazon Elastic Block Store (Amazon EBS) volumes, tagged your resources appropriately, and enabled
multi-factor authentication (MFA) for root accounts

Option A is incorrect since this will put a restriction on the bucket users

Option C is incorrect since can only prevent from accidental deletion of objects

Option D is incorrect since this puts a security risk for allowing anonymous access to users

https://www.whizlabs.com/learn/course/quiz-result/283506 28/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

For more information on using AWS Config with S3, please refer to the below URL

https://aws.amazon.com/blogs/security/how-to-use-aws-con g-to-monitor-for-and-respond-to-
amazon-s3-buckets-allowing-public-access/

Ask our Experts

Rate this Question? vu


Question 19 Correct

Domain : Other

You work as a SysOps Administrator for a company. They have a set of EC2 Instances and there is a
requirement to monitor the Memory utilization of these resources. How could you go about achieving
this?

] A. Use the inbuilt metrics available in Cloudwatch

z] B. Install scripts on the EC2 Instance to publish custom metrics to CloudWatch


A
] C. Use the AWS Config service to configure the Memory utilization of the Instance

] D. Use the AWS Inspector service to configure the Memory utilization of the Instance

Explanation:

Answer – B

You need to use custom scripts for monitoring the memory utilization of Instances

The AWS Documentation mentions the following

https://www.whizlabs.com/learn/course/quiz-result/283506 29/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Option A is incorrect since there is no inbuilt metrics for Memory utilization

Options C and D are incorrect since these services cannot be used for enabling memory utilization of
the instances

For more information on using monitoring scripts, please refer to the below URL

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/mon-scripts.html

Try now labs related to this question

Using CloudWatch for Resource Monitoring, Create CloudWatch Alarms and Dashboards
This lab walks you through the various CloudWatch features available which are used for
resource monitoring.

g Credit Needed 10 c Time 0 : 45 Try Now

Ask our Experts

Rate this Question? vu


Question 20 Correct

Domain : Other

You work as a SysOps Administrator for a company. The company wants to deploy a MongoDB
database which will be heavily used by an application. The database needs to be hosted on an EC2

https://www.whizlabs.com/learn/course/quiz-result/283506 30/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Instance. You need to provision the environment. Which of the following EBS volume type would you
use for the EBS volumes for the underlying Instance?

] A. General Purpose SSD

z] B. Provisioned IOPS
A
] C. Throughput Optimized HDD

] D. Cold HDD

Explanation:

Answer – B

The AWS Documentation mentions the following and in this it mentions clearly what should be the
volume type to be used

https://www.whizlabs.com/learn/course/quiz-result/283506 31/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

For more information on EBS volume types, please refer to the below URL

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html

Try now labs related to this question

Creating AMI From EC2 Instance

https://www.whizlabs.com/learn/course/quiz-result/283506 32/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

This lab walks you through the steps to create AMI from Amazon EC2 Instance. You will
practice using Amazon Machine Images to launch Amazon EC2 Instance and Create AMI of that
EC2 Instance.

g Credit Needed 10 c Time 0 : 30 Try Now

Ask our Experts

Rate this Question? vu


Question 21 Correct

Domain : Other

A company wants to get an aggregate of the CPU utilization of all of their EC2 Instances across
multiple regions.  How can they achieve this in the easiest way possible?  Choose 2 answers from the
options available.

z A.
Create a custom dashboard. Add widgets for each region. Aggregate the CPU
utilization for all Instances in a region to each widget. A
Create a custom dashboard. Aggregate the CPU utilization for all Instances and add
B.
it as a widget to the dashboard.

C. Ensure basic monitoring is enabled for the Instances

z D. Ensure detailed monitoring is enabled for the Instances


A
Explanation:

Answer – A and D

You can aggregate the metrics for AWS resources across multiple resources. Amazon CloudWatch
cannot aggregate data across Regions. Metrics are completely separate between Regions.

For example, you can aggregate statistics for your EC2 instances that have detailed monitoring
enabled. Instances that use basic monitoring are not included. Therefore, you must enable detailed
monitoring (at an additional charge), which provides data in 1-minute periods.

Option B is incorrect since aggregation is not possible across all regions

Option C is incorrect since the documentation mentions that you need detailed monitoring

For more information on monitoring and metrics, please refer to the below URL
https://www.whizlabs.com/learn/course/quiz-result/283506 33/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/GetSingleMetricAllDimens

 https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cross_region_dashboard.h

Try now labs related to this question

Using CloudWatch for Resource Monitoring, Create CloudWatch Alarms and Dashboards
This lab walks you through the various CloudWatch features available which are used for
resource monitoring.

g Credit Needed 10 c Time 0 : 45 Try Now

Ask our Experts

Rate this Question? vu


Question 22 Correct

Domain : Other

You are currently publishing custom metrics using the AWS CLI. You need to view these metrics in
Cloudwatch on the dashboard. How can you achieve this?

Create a text widget. Choose the custom metric from the custom namespace for the
] A.
widget.

z] B.
Choose the desired widget. Choose the custom metric from the custom
namespace for the widget. A
Create a text widget. Choose the inbuilt metric from the custom namespace for the
] C.
widget.

Choose the desired widget. Choose the inbuilt metric from the custom namespace
] D.
for the widget.

Explanation:

https://www.whizlabs.com/learn/course/quiz-result/283506 34/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Answer – B

When you choose a widget for a dashboard, you can choose the widget you want and the custom
metric

Option A is incorrect since this is used when you want a block of text in Markdown format.

Options C and D are incorrect since we need to use the custom metrics which we have published

For more information on Cloudwatch dashboards, please refer to the below URL

https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Dashboards.html
https://www.whizlabs.com/learn/course/quiz-result/283506 35/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Try now labs related to this question

Using CloudWatch for Resource Monitoring, Create CloudWatch Alarms and Dashboards
This lab walks you through the various CloudWatch features available which are used for
resource monitoring.

g Credit Needed 10 c Time 0 : 45 Try Now

Ask our Experts

Rate this Question? vu


Question 23 Correct

Domain : Other

Your company has a set of EC2 Instances in a VPC. The Security Manager has been informed that a lot
of these instances have important security patches that are missing. You need to ensure that these
security violations are removed ASAP. Which of the following can help you accomplish this?

z] A. AWS Systems Manager


A
] B. AWS Inspector

] C. AWS Config

] D. AWS Trusted Advisor

Explanation:

Answer – A

The AWS Documentation mentions the following

AWS Systems Manager Patch Manager automates the process of patching managed instances with
security-related updates. For Linux-based instances, you can also install patches for non-security
https://www.whizlabs.com/learn/course/quiz-result/283506 36/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

updates. You can patch fleets of Amazon EC2 instances or your on-premises servers and virtual
machines (VMs) by operating system type. This includes supported versions of Windows, Ubuntu
Server, Red Hat Enterprise Linux (RHEL), SUSE Linux Enterprise Server (SLES), Amazon Linux, and
Amazon Linux 2. You can scan instances to see only a report of missing patches, or you can scan and
automatically install all missing patches.

Option B is incorrect since this can be used to scan instance for vulnerabilities but not patch the
instances

Option C is incorrect since this is just a configuration service

Option D is incorrect since this service is only used to give recommendations

For more information on Systems Patch Manager, please refer to the below URL

https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-patch.html

Ask our Experts

Rate this Question? vu


Question 24 Correct

Domain : Other

A company is hosting an important revenue generating application. On the last few occasions, the
application has come under large DDoS attacks. As a result of this, a lot of users were complaining
about the slowness of the application. You need to now avoid these situations in the future and now
require 24*7 support from AWS if such situations do occur in the future. Which of the following service
can help in this regard?

z] A. AWS Shield Advanced


A
] B. AWS Inspector

] C. AWS WAF

] D. AWS Systems Manager

Explanation:

https://www.whizlabs.com/learn/course/quiz-result/283506 37/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Answer – A

The AWS Documentation mentions the following

For higher levels of protection against attacks targeting your applications running on Amazon Elastic
Compute Cloud (EC2), Elastic Load Balancing(ELB), Amazon CloudFront, and Amazon Route
53 resources, you can subscribe to AWS Shield Advanced. In addition to the network and transport
layer protections that come with Standard, AWS Shield Advanced provides additional detection and
mitigation against large and sophisticated DDoS attacks, near real-time visibility into attacks, and
integration with AWS WAF, a web application firewall. AWS Shield Advanced also gives you 24x7
access to the AWS DDoS Response Team (DRT) and protection against DDoS related spikes in
your Amazon Elastic Compute Cloud (EC2), Elastic Load Balancing(ELB), Amazon CloudFront,
and Amazon Route 53 charges.

Option B is incorrect since this can be used to scan instance for vulnerabilities

Option C is partially correct, you can use the WAF service against certain types of attacks. But for
major DDoS attacks, you need to use the AWS Shield Advanced Service

Option D is incorrect since this service cannot protect against DDoS attacks

For more information on AWS Shield service, please refer to the below URL

https://aws.amazon.com/shield/

Ask our Experts

Rate this Question? vu


Question 25 Correct

Domain : Other

A company is planning on hosting an application that will be installed on a set of EC2 Instances. The
application is a batch processing system. The system will be run on weekdays at certain times or even
on the weekends. These batch processing workloads basically process data that will then be
consumed by business Intelligence applications. Which of the following is the most cost-effective
option for the underlying instance provided an occasional interruption in the batch processing is
bearable?

https://www.whizlabs.com/learn/course/quiz-result/283506 38/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

z] A. Spot Instances
A
] B. Reserved Instances

] C. Dedicated Hosts

] D. Dedicated Instances

Explanation:

Answer – A

The AWS Documentation mentions the following

A Spot Instance is an unused EC2 instance that is available for less than the On-Demand price.
Because Spot Instances enable you to request unused EC2 instances at steep discounts, you can
lower your Amazon EC2 costs significantly. The hourly price for a Spot Instance is called a Spot price.
The Spot price of each instance type in each Availability Zone is set by Amazon EC2, and adjusted
gradually based on the long-term supply of and demand for Spot Instances. Your Spot Instance runs
whenever capacity is available and the maximum price per hour for your request exceeds the Spot
price.

Spot Instances are a cost-effective choice if you can be flexible about when your applications run and
if your applications can be interrupted. For example, Spot Instances are well-suited for data analysis,
batch jobs, background processing, and optional tasks. 

The other types of instances would not be cost effective in this situation.

For more information on spot instances, please refer to the below URL

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-spot-instances.html

Try now labs related to this question

Creating AMI From EC2 Instance


This lab walks you through the steps to create AMI from Amazon EC2 Instance. You will
practice using Amazon Machine Images to launch Amazon EC2 Instance and Create AMI of that
EC2 Instance.

https://www.whizlabs.com/learn/course/quiz-result/283506 39/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

g Credit Needed 10 c Time 0 : 30 Try Now

Ask our Experts

Rate this Question? vu


Question 26 Correct

Domain : Other

Your company currently has setup an AWS Direct Connect connection between their on-premise data
centre and a VPC in the us-west region. They now want to connect their data centre to a VPC in the
us-east region. They need to ensure latency is low and maximum bandwidth for the connection. How
could they accomplish this in a cost-effective manner?

Create an AWS Direct Connect connection between the VPC in us-east region and
] A.
the on-premise data center

z] B. Setup an AWS Direct connect gateway


A
Create an AWS VPN managed connection between the VPC in us-east region and
] C.
the on-premise data center

] D. Use VPC peering

Explanation:

Answer – B

The AWS Documentation mentions the following

https://www.whizlabs.com/learn/course/quiz-result/283506 40/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Option A is incorrect since this would add more costs and maintenance

Option C is incorrect since AWS VPN does not lead to a low latency connection

Option D is incorrect since this is used to combine 2 VPC’s together

https://www.whizlabs.com/learn/course/quiz-result/283506 41/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

For more information on Direct Connect gateways, please refer to the below URL

https://docs.aws.amazon.com/directconnect/latest/UserGuide/direct-connect-gateways.html

Ask our Experts

Rate this Question? vu


Question 27 Correct

Domain : Other

Your company has 2 AWS accounts which has individual VPC’s. These VPC’s need to communicate
with each other. The AWS accounts are in different regions. The VPC’s have non-overlapping CIDR
blocks. Which of the following would be a cost-effective connectivity option?

] A. Use VPN connections

z] B. Use VPC peering between the 2 VPC’s


A
] C. Use AWS Direct Connect

] D. Use a NAT gateway

Explanation:

Answer – B

The AWS Documentation mentions the following

A VPC peering connection is a networking connection between two VPCs that enables you to route
traffic between them privately. Instances in either VPC can communicate with each other as if they are
within the same network. You can create a VPC peering connection between your own VPCs, with a
VPC in another AWS account, or with a VPC in a different AWS Region.

AWS uses the existing infrastructure of a VPC to create a VPC peering connection; it is neither a
gateway nor a VPN connection and does not rely on a separate piece of physical hardware. There is
no single point of failure for communication or a bandwidth bottleneck.

Options A and C are incorrect since VPC peering is easier to establish


https://www.whizlabs.com/learn/course/quiz-result/283506 42/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Option D is incorrect since this is used for instances in the private subnet to communicate with the
Internet

For more information on VPC peering, please refer to the below URL

https://docs.aws.amazon.com/vpc/latest/userguide/vpc-peering.html

Try now labs related to this question

Build Amazon VPC with Public and Private Subnets from Scratch
Objective

1. Learn how to build Public and Private subnets from scratch.

2. VPC wizard will not be used. So every component required to build public and private
subnets will be created and configured manually.

3. This will give an in-depth understanding of internal components of VPC and subnets.

Lab Details:    

1. This lab walks you through to AWS Virtual Private Cloud (VPC) creation from scratch. 

2. In this lab, we will create a VPC without using VPC Wizard. We will create a public and
private subnets. Along with that we will be configuring Route tables.

g Credit Needed 10 c Time 0 : 30 Try Now

Ask our Experts

Rate this Question? vu


Question 28 Correct

Domain : Other

https://www.whizlabs.com/learn/course/quiz-result/283506 43/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

You’ve just enabled MFA delete on an S3 bucket. Which of the following actions can you not perform
now without using MFA. Choose 2 answers from the options given below

A. Listing down the deleted versions in the bucket

z B. Permanently deleting an object version


A
z C. Suspend versioning on the bucket
A
D. Enable versioning on the bucket

Explanation:

Answer – B and C

The AWS Documentation mentions the following

Because this clearly mentioned in the AWS Documentation, all other options are invalid

For more information on MFA delete, please refer to the below URL

https://aws.amazon.com/blogs/security/securing-access-to-aws-using-mfa-part-3/

Try now labs related to this question


https://www.whizlabs.com/learn/course/quiz-result/283506 44/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Introduction to Amazon Simple Storage Service (S3)


This lab walks you through to Amazon Simple Storage Service. Amazon S3 has a simple web
services interface that you can use to store and retrieve any amount of data, at any time, from
anywhere on the web. In this lab we will demonstrate AWS S3 by creating a sample S3 bucket,
uploading an object to S3 bucket and setting up bucket permission and policy.

g Credit Needed 10 c Time 0 : 30 Try Now

Ask our Experts

Rate this Question? vu


Question 29 Correct

Domain : Other

You've been using Lambda functions for Dev, Test and Prod environments. Sometimes you need to
identify the applications running on the various instances running in these environments. Which of the
following options would help?

z] A. Resource tagging
A
] B. CPU utilization

] C. Memory Utilization

] D. Instance Metadata

Explanation:

Answer – A

########

The AWS Documentation mentions the following

"Implement a resource-identification system, such as tags for instances. This helps to ensure that
automated actions are targeted to the correct resource, and also allows for easier filtering,
modification, and troubleshooting according to categories that you define."

########

https://www.whizlabs.com/learn/course/quiz-result/283506 45/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

For more information refer below URL:

https://aws.amazon.com/answers/infrastructure-management/instance-scheduler/

Tags enable you to categorize your AWS resources in different ways, for example, by purpose, owner,
or environment. This is useful when you have many resources of the same type—you can quickly
identify a specific resource based on the tags you've assigned to it. For example, you could define a
set of tags for your account's Amazon EC2 instances that help you track each instance's owner and
stack level.

For more information on resource tagging, please refer to the below URL

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html

Try now labs related to this question

Creating AMI From EC2 Instance


This lab walks you through the steps to create AMI from Amazon EC2 Instance. You will
practice using Amazon Machine Images to launch Amazon EC2 Instance and Create AMI of that
EC2 Instance.

g Credit Needed 10 c Time 0 : 30 Try Now

Ask our Experts

Rate this Question? vu


Question 30 Correct

Domain : Other

You have a set of EC2 Instances. Sometimes these EC2 Instances reach 100% CPU utilization and need
to be restarted. You need to automate this ensuring that the restart happens if the threshold is
reached after 2 minutes. How can you accomplish this? Choose 2 answers from the options given
below

A. Use basic monitoring for the instances.

https://www.whizlabs.com/learn/course/quiz-result/283506 46/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

z B.
Use Cloudwatch alarms based on the CPU Utilization. Choose the action to
restart the instance A
z C. Use Detailed monitoring for the instances.
A
D. Use Cloudtrail events to restart the instances

Explanation:

Answer – B and C

The AWS Documentation mentions the following

By default, Amazon EC2 sends metric data to CloudWatch in 5-minute periods. To send metric data for
your instance to CloudWatch in 1-minute periods, you can enable detailed monitoring on the instance

Using Amazon CloudWatch alarm actions, you can create alarms that automatically stop, terminate,
reboot, or recover your instances. You can use the stop or terminate actions to help you save money
when you no longer need an instance to be running. You can use the reboot and recover actions to
automatically reboot those instances or recover them onto new hardware if a system impairment
occurs.

Option A is invalid because you need to enable detailed monitoring for the 2-minute interval
requirement

Option D is invalid because this is used API monitoring

For more information on using alarm actions, please refer to the below URL

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/UsingAlarmActions.html

Try now labs related to this question

Using CloudWatch for Resource Monitoring, Create CloudWatch Alarms and Dashboards
This lab walks you through the various CloudWatch features available which are used for
resource monitoring.

g Credit Needed 10 c Time 0 : 45 Try Now

https://www.whizlabs.com/learn/course/quiz-result/283506 47/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Ask our Experts

Rate this Question? vu


Question 31 Correct

Domain : Other

Your company owns a set of consulting companies. Each of these company’s along with you need to
have AWS accounts in place. You need to manage the global permissions and billing for these
accounts. Which of the following approach would you consider for this requirement?

z] A. Use AWS Organizations


A
] B. Use IAM policies

] C. Use IAM users

] D. Use Consolidated billing

Explanation:

Answer – A

The AWS Documentation mentions the following

AWS Organizations offers policy-based management for multiple AWS accounts. With Organizations,
you can create groups of accounts, automate account creation, apply and manage policies for those
groups. Organizations enables you to centrally manage policies across multiple accounts, without
requiring custom scripts and manual processes.

Using AWS Organizations, you can create Service Control Policies (SCPs) that centrally control AWS
service use across multiple AWS accounts. You can also use Organizations to help automate the
creation of new accounts through APIs. Organizations helps simplify the billing for multiple accounts
by enabling you to setup a single payment method for all the accounts in your organization through
consolidated billing. AWS Organizations is available to all AWS customers at no additional charge.

Options B and C are incorrect since these are fine for individual accounts but not for merged accounts

Option D is partially correct, you should now use the complete and new feature of AWS Organizations

For more information on AWS Organizations, please refer to the below URL
https://www.whizlabs.com/learn/course/quiz-result/283506 48/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

https://aws.amazon.com/organizations/

Ask our Experts

Rate this Question? vu


Question 32 Correct

Domain : Other

You’re a SysOps Administrator for a company. Your CIO wants to ensure that security practises are put
in place when it comes to maintaining their infrastructure in AWS. Which of the following would fall
under the responsibility of the customer? Choose 2 answers from the options below

z A. Patching of the OS on an EC2 Instance


A
z B. Rotation of Access Keys for IAM Users
A
C. Patching of the OS on the database Instance for AWS RDS

D. Patching of the database software on AWS RDS

E. Patching of PHP on an AWS Managed Elastic Beanstalk Application

Explanation:

Answer – A and B

The AWS Documentation mentions the following when it comes the other options

With managed platform updates, you no longer have to worry about keeping up with new patches or
updates for the platform running your application. Elastic Beanstalk performs updates in a safe
manner so that your end users are minimally impacted. The updates use an immutable
deployment mechanism. This ensures that Elastic Beanstalk provisions a parallel fleet of Amazon EC2
instances with the updates installed before swapping out and terminating the existing instances.
Elastic Beanstalk redirects traffic to the existing fleet of instances if the Elastic Beanstalk health
system detects any issues during the update, ensuring minimal impact to end users of your
application.

https://www.whizlabs.com/learn/course/quiz-result/283506 49/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Periodically, Amazon RDS performs maintenance on Amazon RDS resources. Maintenance most often
involves updates to the DB instance's underlying operating system (OS) or database engine version.
Updates to the operating system most often occur for security issues and should be done as soon as
possible.

For more information on Managed platforms for Elastic Beanstalk and Maintaining the RDS Instance,
please refer to the below URL

https://aws.amazon.com/about-aws/whats-new/2016/04/aws-elastic-beanstalk-introduces-
managed-platform-updates/

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance

Ask our Experts

Rate this Question? vu


Question 33 Correct

Domain : Other

A company has an application that needs to be deployed on a set of EC2 Instance. The application
needs a lot of dependent files that need to be downloaded and installed. You need to ensure that the
application is available in the least time possible on another set of EC2 Instance. Which of the
following can help accomplish this?

z] A. Create an AMI with the application and the necessary library files
A
] B. Use the User Data section to install the application and the necessary library files

Create an Opswork stack and ensure the stack downloads the necessary application
] C.
and files

Create an Elastic Beanstalk environment and ensure the stack downloads the
] D.
necessary application and files

Explanation:

https://www.whizlabs.com/learn/course/quiz-result/283506 50/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Answer – A

The AWS Documentation mentions the following

An Amazon Machine Image (AMI) provides the information required to launch an instance, which is a
virtual server in the cloud. You must specify a source AMI when you launch an instance. You can
launch multiple instances from a single AMI when you need multiple instances with the same
configuration. You can use different AMIs to launch instances when you need instances with different
configurations.

An AMI includes the following:

A template for the root volume for the instance (for example, an operating system, an application
server, and applications)

Launch permissions that control which AWS accounts can use the AMI to launch instances

A block device mapping that speci es the volumes to attach to the instance when it's launched

All other options are invalid since all of these would take more time to provision the environment

For more information on AMI’s please refer to the below URL

https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/AMIs.html

Try now labs related to this question

Creating AMI From EC2 Instance


This lab walks you through the steps to create AMI from Amazon EC2 Instance. You will
practice using Amazon Machine Images to launch Amazon EC2 Instance and Create AMI of that
EC2 Instance.

g Credit Needed 10 c Time 0 : 30 Try Now

Ask our Experts

Rate this Question? vu


Question 34 Correct

Domain : Other
https://www.whizlabs.com/learn/course/quiz-result/283506 51/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

A company has an application that is used to distribute software patches. The application is hosted on
a set of EC2 Instance. Users download patch updates. The users are complaining of slow response.
Which of the following can be used as an efficient and cost effective option to mitigate this issue?

z] A. Use a Cloud front distribution


A
] B. Use an Application Elastic Load Balancer

] C. Use Route 53

] D. Use a Classic Elastic Load Balancer

Explanation:

Answer – A

The AWS Documentation mentions the following

Amazon CloudFront is a web service that speeds up distribution of your static and dynamic web
content, such as .html, .css, .js, and image files, to your users. CloudFront delivers your content
through a worldwide network of data centers called edge locations. When a user requests content
that you're serving with CloudFront, the user is routed to the edge location that provides the lowest
latency (time delay), so that content is delivered with the best possible performance.

Options B and D are incorrect since this is only used to distribute traffic

Option C is incorrect since this is a domain name system service

For more information on Cloudfront distributions please refer to the below URL

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Introduction.html

Ask our Experts

Rate this Question? vu


Question 35 Correct

Domain : Other

https://www.whizlabs.com/learn/course/quiz-result/283506 52/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Your team has an EC2 Instance which has a volume type of General Purpose SSD. The size of the
volume is 6 TB. You need to increase the IOPS on the volume. How can you accomplish this? Choose 2
answers from the options given below

z A. Change the Volume to Provisioned IOPS


A
B. Increase the size of the volume

z C. Place the volume in a RAID 0 configuration


A
D. Place the volume in a RAID 1 configuration

Explanation:

Answer – A and C

The AWS Documentation mentions the following

An io1 volume can range in size from 4 GiB to 16 TiB and you can provision 100 up to 32,000 IOPS per
volume. The maximum IOPS for a General Purpose SSD is 16,000.

For greater I/O performance than you can achieve with a single volume, RAID 0 can stripe multiple
volumes together; for on-instance redundancy, RAID 1 can mirror two volumes together.

Option B is incorrect since the maximum IOPS for a general purpose SSD is reached at the size of
5,334 GiB and above

Option D is incorrect since you need to use RAID O

For more information on EBS volume types, please refer to the below URL

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html#EBSVolumeTypes_g

Try now labs related to this question

Creating AMI From EC2 Instance

https://www.whizlabs.com/learn/course/quiz-result/283506 53/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

This lab walks you through the steps to create AMI from Amazon EC2 Instance. You will
practice using Amazon Machine Images to launch Amazon EC2 Instance and Create AMI of that
EC2 Instance.

g Credit Needed 10 c Time 0 : 30 Try Now

Ask our Experts

Rate this Question? vu


Question 36 Correct

Domain : Other

Your company has a set of EC2 Instance. You have noticed that the Instance CPU credits go down to 0
several times during the monitoring of these instances. Which of the following can help alleviate this?
Choose 2 answers from the options given below.

z A. Change to t2.unlimited
A
z B. Change to a higher instance type
A
C. Use t1.micro instances

D. Use EBS optimized instances

Explanation:

Answer – A and B

The AWS Documentation mentions the following

A burstable performance instance configured as unlimited, such as T3 Unlimited or T2 Unlimited, can


sustain high CPU performance for any period of time whenever required. The hourly T3 or T2 instance
price automatically covers all interim spikes in usage if the average CPU utilization of the instance is at
or below the baseline over a rolling 24-hour period or the instance lifetime, whichever is shorter. If the
instance runs at higher CPU utilization for a prolonged period, it can do so for a flat additional rate per
vCPU-hour

You can also choose a higher instance type.

Option C is incorrect since this will give less CPU burst credits

https://www.whizlabs.com/learn/course/quiz-result/283506 54/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Option D is incorrect since this will not ensure high burst credits for CPU’s

For more information on burstable performance instances, please refer to the below URL

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances-
unlimited-mode.html

Try now labs related to this question

Creating AMI From EC2 Instance


This lab walks you through the steps to create AMI from Amazon EC2 Instance. You will
practice using Amazon Machine Images to launch Amazon EC2 Instance and Create AMI of that
EC2 Instance.

g Credit Needed 10 c Time 0 : 30 Try Now

Ask our Experts

Rate this Question? vu


Question 37 Correct

Domain : Other

Your company wants to migrate a JSON based data store onto AWS. They need low latency data
access to the store. The store also needs to be highly available. Which of the following would be the
ideal data store in AWS?

] A. AWS Aurora

] B. AWS S3

z] C. AWS DynamoDB
A
] D. AWS Redshift

Explanation:

https://www.whizlabs.com/learn/course/quiz-result/283506 55/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Answer – C

The AWS Documentation mentions the following

Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable
performance with seamless scalability. DynamoDB lets you offload the administrative burdens of
operating and scaling a distributed database, so that you don't have to worry about hardware
provisioning, setup and configuration, replication, software patching, or cluster scaling

Option A is incorrect since this is better for SQL based solutions

Option B is incorrect since this is used for object level storage

Option D is incorrect since this is used for data warehousing solutions

For more information on AWS DynamoDB, please refer to the below URL

https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Introduction.html

Ask our Experts

Rate this Question? vu


Question 38 Correct

Domain : Other

Your company has a high number of resources hosted in their AWS account. After a recent internal
technical audit on the EC2 Instances, it’s been noticed that a lot of Elastic IP’s are not being used.
Which of the following can be used to give more cost improvements suggestions?

z] A. AWS Trusted Advisor


A
] B. AWS Config

] C. AWS Inspector

] D. AWS Systems Manager

Explanation:

 
https://www.whizlabs.com/learn/course/quiz-result/283506 56/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Answer – A

This is one of the major components of the AWS Trusted Advisor

Option B is incorrect since this is a configuration-based service

Option C is incorrect since is used to scan servers for vulnerabilities


https://www.whizlabs.com/learn/course/quiz-result/283506 57/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Option D is incorrect since this is used for managing systems

For more information on AWS Trusted Advisor, please refer to the below URL

https://aws.amazon.com/premiumsupport/trustedadvisor/best-practices/

Ask our Experts

Rate this Question? vu


Question 39 Correct

Domain : Other

Your company currently has an EC2 Instance in a subnet in one availability zone. You need to ensure
scalability and high availability of the application. Which of the following can help achieve this?

Create an Autoscaling Group with subnets across 2 availability zones. Set a


] A.
minimum, desired and maximum capacity as 1

z] B.
Create an Autoscaling Group with subnets across 3 availability zones. Set a
minimum, desired and maximum capacity as 2 A
Create an Autoscaling Group with subnets across 2 regions. Set a minimum, desired
] C.
and maximum capacity as 1

Create an Autoscaling Group with subnets across 3 regions. Set a minimum, desired
] D.
and maximum capacity as 2

Explanation:

Answer – B

The AWS Documentation mentions the following

Amazon EC2 Auto Scaling enables you to take advantage of the safety and reliability of geographic
redundancy by spanning Auto Scaling groups across multiple Availability Zones within a region. When
one Availability Zone becomes unhealthy or unavailable, Auto Scaling launches new instances in an
unaffected Availability Zone. When the unhealthy Availability Zone returns to a healthy state, Auto

https://www.whizlabs.com/learn/course/quiz-result/283506 58/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Scaling automatically redistributes the application instances evenly across all of the designated
Availability Zones.

Option A is incorrect since you only have a capacity of one which does not full comply with scalability
and high availability

Options C and D are incorrect since the scaling should happen within a region

For more information on the benefits of Autoscaling, please refer to the below URL

https://docs.aws.amazon.com/autoscaling/ec2/userguide/auto-scaling-bene ts.html

Try now labs related to this question

Introduction to Amazon Auto Scaling


AWS Auto Scaling will automatically scale resources as needed to align to your selected
scaling strategy, This lab walks you through to use Auto Scaling to automatically launch or
terminate EC2’s instances based on user defined policies, schedules and health checks.

g Credit Needed 10 c Time 0 : 55 Try Now

Ask our Experts

Rate this Question? vu


Question 40 Correct

Domain : Other

An auto scaling group consists of certain EC2 instances. You launch new EC2 instances and you want
these to be added permanently to the existing auto scaling group. However, you notice that these new
instances are not being part of the aggregated metrics.  Which of the following could be a possible
reason for this?

z] A. It's because the warm period has not expired


A
] B. It's because the Instances have not completed their boot sequence

] C.  It's because the Instances have not been attached to the Autoscaling Group

https://www.whizlabs.com/learn/course/quiz-result/283506 59/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

] D. It’s because the wrong launch configuration has been used

Explanation:

Answer – A

The AWS Documentation mentions the following

With step scaling policies, you can specify the number of seconds that it takes for a newly launched
instance to warm up. Until its specified warm-up time has expired, an instance is not counted toward
the aggregated metrics of the Auto Scaling group. While scaling out, AWS also does not consider
instances that are warming up as part of the current capacity of the group. Therefore, multiple alarm
breaches that fall in the range of the same step adjustment result in a single scaling activity. This
ensures that we don't add more instances than you need.

Since this is clearly given in the AWS Documentation, all other options are invalid

For more information on step scaling policy, please refer to the below URL

https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-scaling-simple-step.html#as-step-
scaling-warmup

Try now labs related to this question

Introduction to Amazon Auto Scaling


AWS Auto Scaling will automatically scale resources as needed to align to your selected
scaling strategy, This lab walks you through to use Auto Scaling to automatically launch or
terminate EC2’s instances based on user defined policies, schedules and health checks.

g Credit Needed 10 c Time 0 : 55 Try Now

Ask our Experts

Rate this Question? vu


Question 41 Correct

Domain : Other

 
https://www.whizlabs.com/learn/course/quiz-result/283506 60/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Your company has the following architecture for their application on AWS
 
·         A set of EC2 Instances hosting the web part of the application.
·         A relational database for the backend using AWS RDS
·         A Load balancer for distribution of traffic
·         A NAT gateway for routing traffic from the database server to the Internet
Which of the following can be used to increase the scalability and availability of the application?
Choose 2 answers from the options given below
 
 
 

z A. Launch the EC2 Instances as part of an Autoscaling Group


A
z B. Enable Multi-AZ for the database
A
C. Use a NAT Instance instead of a NAT gateway

D. Use Route 53 instead of the Load balancer

Explanation:

Answer – A and B

The AWS Documentation mentions the following

Amazon EC2 Auto Scaling helps you ensure that you have the correct number of Amazon EC2
instances available to handle the load for your application. You create collections of EC2 instances,
called Auto Scaling groups. You can specify the minimum number of instances in each Auto Scaling
group, and Amazon EC2 Auto Scaling ensures that your group never goes below this size. You can
specify the maximum number of instances in each Auto Scaling group, and Amazon EC2 Auto Scaling
ensures that your group never goes above this size.

Amazon RDS Multi-AZ deployments provide enhanced availability and durability for Database (DB)
Instances, making them a natural fit for production database workloads. When you provision a Multi-
AZ DB Instance, Amazon RDS automatically creates a primary DB Instance and synchronously
replicates the data to a standby instance in a different Availability Zone (AZ). 

Option C is incorrect since the NAT gateway is preferred for better scalability and availability

Option D is incorrect since the Load balancer should be used for distributing traffic

For more information on EC2 Autoscaling and RDS Multi-AZ, please refer to the below URL

https://www.whizlabs.com/learn/course/quiz-result/283506 61/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

https://docs.aws.amazon.com/autoscaling/ec2/userguide/what-is-amazon-ec2-auto-scaling.html

https://aws.amazon.com/rds/details/multi-az/

Try now labs related to this question

Deploying Amazon RDS Multi-AZ and Read Replica, Simulate Failover

1. This lab walks you through the steps to launch Amazon Aurora RDS DB instance with
multi-AZ enabled and simulate failover.

2. You will practice it using Amazon Aurora.

g Credit Needed 10 c Time 1:0 Try Now

Ask our Experts

Rate this Question? vu


Question 42 Correct

Domain : Other

Your company has an AWS account. An external audit is going to be conducted for your account. You
need to give an auditor access to the logs so that they can carry out the audit process accordingly.
Which of the following is the best way to give access to the auditor?

] A. Create an IAM Role for the auditor. Ask the user to use federated access.

z] B. Create an IAM user that has read access to the logs created in S3 by Cloudtrail
A
] C. Create Access Keys. Give the Access Keys to auditor.

Create an IAM user that has read and write access to the logs created in S3 by
] D.
Cloudtrail

https://www.whizlabs.com/learn/course/quiz-result/283506 62/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Explanation:

Answer – B

The AWS Documentation mentions the following

AWS CloudTrail is an AWS service that helps you enable governance, compliance, and operational
and risk auditing of your AWS account. Actions taken by a user, role, or an AWS service are recorded
as events in CloudTrail. Events include actions taken in the AWS Management Console, AWS
Command Line Interface, and AWS SDKs and APIs.

Option A is incorrect since federated access is not the ideal access mechanism that should be granted

Option C is incorrect since Access keys is not a secure way to give access

Option D is incorrect since you should not give write access.

For more information on Cloudtrail, please refer to the below URL

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html

Ask our Experts

Rate this Question? vu


Question 43 Correct

Domain : Other

In your company a team is developing a mobile application. The users for the mobile application need
to have the ability to log in and access resources in AWS. Which of the following services would you
use? Choose 2 answers from the options given below

z A. AWS Cognito
A
z B. AWS IAM Roles
A
C. AWS Federated Access

D. AWS IAM users


https://www.whizlabs.com/learn/course/quiz-result/283506 63/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Explanation:

Answer – A and B

The AWS Documentation mentions the following

Amazon Cognito identity pools assign your authenticated users a set of temporary, limited privilege
credentials to access your AWS resources. The permissions for each user are controlled through IAM
roles that you create. You can define rules to choose the role for each user based on claims in the
user's ID token. You can define a default role for authenticated users. You can also define a separate
IAM role with limited permissions for guest users who are not authenticated.

Since this is clearly mentioned in the documentation, all other options are invalid

For more information on AWS Cognito and IAM Roles, please refer to the below URL

https://docs.aws.amazon.com/cognito/latest/developerguide/role-based-access-control.html

Ask our Experts

Rate this Question? vu


Question 44 Correct

Domain : Other

Your team has just created an AMI out of an EC2 Instance. You need to share it with another account.
The account belongs to the same company. Which of the following is the right way to ensure the
other account has access the AMI?

z] A. Share the AMI with the specific AWS account


A
] B. Mark the AMI as public

] C. Sell the AMI in the AWS Marketplace

] D. Make the AMI as a paid AMI

https://www.whizlabs.com/learn/course/quiz-result/283506 64/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Explanation:

Answer – A

The AWS Documentation mentions the following

You can share an AMI with specific AWS accounts without making the AMI public. All you need are the
AWS account IDs.

AMIs are a regional resource. Therefore, sharing an AMI makes it available in that region. To make an
AMI available in a different region, copy the AMI to the region and then share it. 

All of the other options are not valid since these are not secure ways to share the AMI

For more information on sharing the AMI, please refer to the below URL

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sharingamis-explicit.html

Try now labs related to this question

Creating AMI From EC2 Instance


This lab walks you through the steps to create AMI from Amazon EC2 Instance. You will
practice using Amazon Machine Images to launch Amazon EC2 Instance and Create AMI of that
EC2 Instance.

g Credit Needed 10 c Time 0 : 30 Try Now

Ask our Experts

Rate this Question? vu


Question 45 Correct

Domain : Other

You work as a SysOps Administrator for a company. You have been requested to create a set of EC2
Instances. While launching the instances you are getting the following error
“InsufficientInstanceCapacity”
https://www.whizlabs.com/learn/course/quiz-result/283506 65/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Which of the following would you most likely do in this situation? Choose 2 answers from the options
given below.

z A. Wait a few minutes and then submit your request again


A
z B. Try to launch an instance with a different instance type
A
You have reached the limit on the number of instances that you can launch in a
C.
region so raise a request with AWS

D. You've reached your EBS volume limit so raise a request with AWS

Explanation:

Answer – A and B

Option C is invalid because you should do this when you get the InstanceLimitExceeded error

Option D is invalid since this happens if your instance terminates immediately after launch

The AWS Documentation mentions the following

If you get an InsufficientInstanceCapacity error when you try to launch an instance or restart a


stopped instance, AWS does not currently have enough available On-Demand capacity to service
your request.

To resolve the issue, try the following:

·         Wait a few minutes and then submit your request again; capacity can shift frequently.

·         Submit a new request with a reduced number of instances. For example, if you're making a
single request to launch 15 instances, try making 3 requests for 5 instances, or 15 requests for 1
instance instead.

·         If you're launching an instance, submit a new request without specifying an Availability Zone.

·         If you're launching an instance, submit a new request using a different instance type (which you
can resize at a later stage).

·         If you are launching instances into a cluster placement group, you can get an insufficient
capacity error.

·         Try purchasing Reserved Instances, which are a long-term capacity reservation.

https://www.whizlabs.com/learn/course/quiz-result/283506 66/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

For more information on troubleshooting the launch of EC2 Instances, please refer to the below URL

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/troubleshooting-launch.html

Try now labs related to this question

Creating AMI From EC2 Instance


This lab walks you through the steps to create AMI from Amazon EC2 Instance. You will
practice using Amazon Machine Images to launch Amazon EC2 Instance and Create AMI of that
EC2 Instance.

g Credit Needed 10 c Time 0 : 30 Try Now

Ask our Experts

Rate this Question? vu


Question 46 Correct

Domain : Other

 
You’ve setup an RDS Instance. An application is being hosted on an EC2 Instance that connects to the
AWS RDS Instance. From the application, the following error is being encountered
“Error connecting to database”
You’ve verified that you are able to connect to the database from a bastion host in a public subnet via
the AWS Console. Which of the following could be possible issues? Choose 2 answers from the
options given below.
 
 
 

z A. The application is using the wrong port number in the connection string
A
z B.
The database server has the wrong ingress Security group rule for the web
server A
C. The database server has the wrong egress Security group rule for the web server

D. The certificate used by the web server is not recognised by the database server

https://www.whizlabs.com/learn/course/quiz-result/283506 67/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Explanation:

Answer – A and B

The AWS Documentation mentions the following

When you cannot connect to a DB instance, the following are common causes:

·         The access rules enforced by your local firewall and the ingress IP addresses that you
authorized to access your DB instance in the instance's security group are not in sync. The problem is
most likely the ingress rules in your security group. By default, DB instances do not allow access;
access is granted through a security group. To grant access, you must create your own security group
with specific ingress and egress rules for your situation.

·         The port you specified when you created the DB instance cannot be used to send or receive
communications due to your local firewall restrictions. In this case, check with your network
administrator to determine if your network allows the specified port to be used for inbound and
outbound communication.

·         Your DB instance is still being created and is not yet available. Depending on the size of your DB
instance, it can take up to 20 minutes before an instance is available.

Since this is clearly given in the AWS Documentation , all other options are incorrect

For more information on troubleshooting connecting to AWS RDS, please refer to the below URL

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Troubleshooting.html#CHAP_Tro

Try now labs related to this question

Launch Amazon EC2 instance, Launch Amazon RDS Instance, Connecting RDS from EC2
Instance

1. This lab walks you through the steps of connecting Amazon EC2 with Amazon RDS
Instance. 

https://www.whizlabs.com/learn/course/quiz-result/283506 68/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

2. We will create a EC2 instance under public subnet and an Amazon RDS in new Subnet
Group.

g Credit Needed 10 c Time 0 : 55 Try Now

Ask our Experts

Rate this Question? vu


Question 47 Correct

Domain : Other

You work as a SysOps Administrator for your company. The company is creating a series of EBS
Snapshots. This is required in case there is a need to recover an EBS Volume. But as per the business
continuity process of the company, EBS snapshots older than 6 months are no longer required. You
need to ensure that the snapshots are deleted when not required. How can you do this in the easiest
way possible? Please choose 2 correct options.

z A. Use Amazon Data Lifecycle Manager to delete the old snapshots.


A
Create an EC2 Instance. Setup a cron job to delete EBS snapshots older than 6
B.
months

z C.
Use Step Functions and Cloudwatch events to schedule the deletion of older
EBS snapshots A
Create an Elastic beanstalk environment. Setup a cron job to delete EBS snapshots
D.
older than 6 months

Explanation:

Answer - A and C

Option A is correct: You can use Amazon Data Lifecycle Manager (Amazon DLM) to automate the
creation, retention, and deletion of snapshots taken to back up your Amazon EBS volumes

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshot-lifecycle.html

https://www.whizlabs.com/learn/course/quiz-result/283506 69/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Option C is Correct: 

The AWS Documentation mentions the following

You can run CloudWatch Events rules according to a schedule. In this tutorial, you create an
automated snapshot of an existing Amazon Elastic Block Store (Amazon EBS) volume on a schedule.
You can choose a fixed rate to create a snapshot every few minutes or use a cron expression to
specify that the snapshot is made at a specific time of day.

For more information on using events for EBS snapshots, please refer to the below URL

https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/TakeScheduledSnapshot.html

https://aws.amazon.com/blogs/compute/automating-amazon-ebs-snapshot-management-with-
aws-step-functions-and-amazon-cloudwatch-events/

Ask our Experts

Rate this Question? vu


Question 48 Correct

Domain : Other

Your company currently has an environment that consists of EC2 Instances, S3 buckets , PostGreSQL
and the usage of the EFS File system. The IT Security department has now mandated that all data is
encrypted at rest. For which of the following can encryption be enabled without causing an
interruption to its current usage by users?

] A. EBS volumes

] B. PostGreSQL

z] C. S3 buckets
A
] D. EFS

Explanation:

Answer – C

https://www.whizlabs.com/learn/course/quiz-result/283506 70/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

The AWS Documentation mentions the following

You have the following options of protecting data at rest in Amazon S3.

·         Use Server-Side Encryption – You request Amazon S3 to encrypt your object before saving it on
disks in its data centers and decrypt it when you download the objects.

·         Use Client-Side Encryption – You can encrypt data client-side and upload the encrypted data to
Amazon S3. In this case, you manage the encryption process, the encryption keys, and related tools.

All other options are incorrect because of the following reasons

·         The Encryption can not be enabled after the service is created. The encryption is only available
when you create the service

·         So for example for EBS volumes, PostgreSQL database and EFS , you will need to recreate them
and enable encryption during the creation time. This will cause a disruption to users.

For more information on using encryption for S3, please refer to the below URL

https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingEncryption.html

Try now labs related to this question

Introduction to Amazon Simple Storage Service (S3)


This lab walks you through to Amazon Simple Storage Service. Amazon S3 has a simple web
services interface that you can use to store and retrieve any amount of data, at any time, from
anywhere on the web. In this lab we will demonstrate AWS S3 by creating a sample S3 bucket,
uploading an object to S3 bucket and setting up bucket permission and policy.

g Credit Needed 10 c Time 0 : 30 Try Now

Ask our Experts

Rate this Question? vu


Question 49 Correct

https://www.whizlabs.com/learn/course/quiz-result/283506 71/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Domain : Other

Your company has been managing its tapes via a custom vendor solution. There was an incident
where the tapes were not available. The company now wants to make use of AWS to stop this
problem from occurring in the future. Which of the following would be an ideal solution to help in this
regard?

] A. Store all the tape data in Amazon Glacier

z] B. Use AWS Storage Gateway as a VTL for cloud backup


A
] C. Store all the tape data on EBS volumes

] D. Store all the tape data in Amazon Simple Storage Service

Explanation:

Answer – B

The AWS Documentation mentions the following

Option A is invalid since even though Glacier is used for archive data when storing tape data, it is
better to use the AWS Storage gateway service
https://www.whizlabs.com/learn/course/quiz-result/283506 72/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Option C is invalid since EBS volumes are used for local storage for EC2 Instances

Option D is invalid since S3 is used for data that is frequently accessed

For more information on the AWS Storage Gateway, please refer to the below URL

https://aws.amazon.com/storagegateway/vtl/

Ask our Experts

Rate this Question? vu


Question 50 Correct

Domain : Other

You have a fleet of EC2 Instances. They need to have a shared data store. The size of the items will
vary from 1KB to 300 MB. The maximum size of the data store will be 3TB. The data needs to have a
consistent read view. There are few changes to the data with reasonably no conflicts. Which of the
following would be the ideal data store for the fleet of Instances?

z] A. Elastic File System


A
] B. Amazon S3

] C. Amazon EBS Volumes

] D. Amazon DynamoDB

Explanation:

Answer – A

The following is mentioned in the AWS Documentation when it comes to the features of EFS

Amazon EFS file systems can automatically scale from gigabytes to petabytes of data without
needing to provision storage. Tens, hundreds, or even thousands of Amazon EC2 instances can access
https://www.whizlabs.com/learn/course/quiz-result/283506 73/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

an Amazon EFS file system at the same time, and Amazon EFS provides consistent performance to
each Amazon EC2 instance.

Amazon EFS provides a file system interface, file system access semantics (such as strong
consistency and file locking), and concurrently-accessible storage for up to thousands of Amazon EC2
instances.

Option B is invalid since this is used for object level storage that is available from the Internet

Option C is invalid since this is used for local block level storage for EC2 Instances

Option D is invalid since this is used for NoSQL database and ideally not suitable for such large item
data sizes

For more information on the EFS file system, please refer to the below URL

https://aws.amazon.com/efs/faq/

Ask our Experts

Rate this Question? vu


Question 51 Correct

Domain : Other

You are the SysOps administrator for a company. The company has an application that connects and
makes use of an AWS RDS system. The RDS system is running into a lot of issues. It has been noticed
that the same types of queries are causing a performance hit on the database. Which of the following
services can be incorporated to reduce the performance issues? Choose 2 answers from the options
given below

z A. AWS RDS Read Replicas


A
z B. AWS ElastiCache
A
C. AWS RDS Multi-AZ

D. AWS RDS Automated Backups

Explanation:

https://www.whizlabs.com/learn/course/quiz-result/283506 74/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Answer – A and B

The AWS Documentation mentions the following

Amazon RDS Read Replicas provide enhanced performance and durability for database (DB)
instances. This feature makes it easy to elastically scale out beyond the capacity constraints of a
single DB instance for read-heavy database workloads. You can create one or more replicas of a given
source DB Instance and serve high-volume application read traffic from multiple copies of your data,
thereby increasing aggregate read throughput. 

Amazon ElastiCache offers fully managed Redis and Memcached. Seamlessly deploy, run, and scale
popular open source compatible in-memory data stores. Build data-intensive apps or improve the
performance of your existing apps by retrieving data from high throughput and low latency in-memory
data stores.

Option C is incorrect since this is used for high availability of the database

Option D is incorrect since this is used for maintaining backups for the database

For more information on read replica’s and ElastiCache, please refer to the below URL

https://aws.amazon.com/rds/details/read-replicas/

https://aws.amazon.com/elasticache/

Ask our Experts

Rate this Question? vu


Question 52 Correct

Domain : Other

You have an application that is connecting to an RDS instance. You need to ensure that the application
will continue to run even if the database becomes unresponsive. There should be the least amount of
downtime incurred when the primary database becomes unresponsive. Which of the following would
you implement?

] A. Create a read replica. Make the application connect to the Read Replica

z] B. Enable Multi-AZ for the database


A
https://www.whizlabs.com/learn/course/quiz-result/283506 75/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

] C. Use a Cloudfront distribution

] D. AWS RDS Automated Backups

Explanation:

Answer – B

The AWS Documentation mentions the following

Amazon RDS Multi-AZ deployments provide enhanced availability and durability for Database (DB)
Instances, making them a natural fit for production database workloads. When you provision a Multi-
AZ DB Instance, Amazon RDS automatically creates a primary DB Instance and synchronously
replicates the data to a standby instance in a different Availability Zone (AZ). Each AZ runs on its own
physically distinct, independent infrastructure, and is engineered to be highly reliable

Options A and D are partially correct , but for better switchover incase of a failure , you can make use
the Multi-AZ feature

Option C is incorrect since this is used for content delivery to users across the world

For more information on Multi-AZ, please refer to the below URL

https://aws.amazon.com/rds/details/multi-az/

Ask our Experts

Rate this Question? vu


Question 53 Correct

Domain : Other

Your company has a set of Windows 2012 servers on-premises. There are restrictions on the amount
of storage that can be used by these servers and AWS is being looked as an option for providing
storage to these servers. The volumes for these servers need to have NTFS file permissions. Which of
the following would you use for this purpose? Please select 2 correct options.

https://www.whizlabs.com/learn/course/quiz-result/283506 76/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

z A. AWS Storage volume gateway


A
z B. AWS Storage file gateway
A
C. AWS EFS

D. AWS S3

Explanation:

Answer – A and B.

Option B is correct. AWS Storage Gateway has added SMB (Service Message Block) protocol to File
Gateway, enabling le-based applications developed for Microsoft Windows to easily store and
access objects in S3.

https://aws.amazon.com/storagegateway/ le/

https://aws.amazon.com/about-aws/whats-new/2018/06/aws-storage-gateway-adds-
smb-support-to-store-objects-in-amazon-s3/

Option C is incorrect since this currently does not work for Windows-based systems

You can use the Volume gateway to create volumes with NTFS file permissions

https://www.whizlabs.com/learn/course/quiz-result/283506 77/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

For more information on how to get started with using Volumes on the AWS Storage gateway,
please refer to the below URL

https://docs.aws.amazon.com/storagegateway/latest/userguide/GettingStarted-use-
volumes.html

Option D is incorrect. AWS S3 is a service o ered by AWS that provides object storage through the
web service interface.

Ask our Experts

Rate this Question? vu


Question 54 Correct

Domain : Other

 
Your company has the following application in AWS which makes use of the following components
·         A set of EC2 Instances serving a web application
·         A Classic Load balancer set in front of the EC2 Instances
·         An AWS RDS Instance
From the Cloudwatch metrics, you can see the high value for the “SpilloverCount”. Which of the
following should you monitor first to ensure that this metric does not increase in the first place?
 
 
 

z] A. SurgeQueueLength
A
] B. HealthyHostCount

] C. BackendConnectionErrors

] D. CPU Utilization

Explanation:

 
https://www.whizlabs.com/learn/course/quiz-result/283506 78/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Answer – A

This is clearly given in the AWS Documentation

Because this is clearly mentioned in the documentation , all other options are invalid

For more information on metrics for the Classic Load balancer, please refer to the below URL

https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-cloudwatch-metrics.html

Try now labs related to this question

Introduction to AWS Elastic Load Balancing


This lab walks you through AWS Elastic Load Balancing. Elastic Load Balancing automatically
distributes incoming application traffic across multiple Amazon EC2 instances in the cloud. In
this lab, we will demonstrate elastic load balancing with 2 EC2 Instances.

https://www.whizlabs.com/learn/course/quiz-result/283506 79/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

g Credit Needed 10 c Time 0 : 30 Try Now

Ask our Experts

Rate this Question? vu


Question 55 Correct

Domain : Other

A company is hosting an application in AWS. The on-premise department needs to whitelist the
application based on the IP/s. Which AWS component/feature is the company ideally using which is
resulting in the whitelisting of the IP address?

z] A. AWS Network Load Balancer


A
] B. AWS Application Load Balancer

] C. AWS Classic Load balancer

] D. AWS Route 53

Explanation:

Answer – A

This is given in the AWS Documentation

https://www.whizlabs.com/learn/course/quiz-result/283506 80/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Options B and C are incorrect since you cannot allocate IP addresses to these Load balancers

Option D is incorrect since this is a domain name system

For more information on this use case scenario, please refer to the below URL

https://aws.amazon.com/blogs/networking-and-content-delivery/using-static-ip-addresses-for-
application-load-balancers/

Try now labs related to this question

Introduction to AWS Elastic Load Balancing


This lab walks you through AWS Elastic Load Balancing. Elastic Load Balancing automatically
distributes incoming application traffic across multiple Amazon EC2 instances in the cloud. In
this lab, we will demonstrate elastic load balancing with 2 EC2 Instances.

g Credit Needed 10 c Time 0 : 30 Try Now

https://www.whizlabs.com/learn/course/quiz-result/283506 81/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Ask our Experts

Rate this Question? vu


Question 56 Correct

Domain : Other

Your company is working on creating a set of Cloudformation stacks. You need to create the stacks for
the Operations department. You want to ensure that you are able to manually correct the errors? How
can you achieve this?

] A. Set the DeleteAPI for the stack to None

z] B. Set the OnFailure to DO_NOTHING when creating the stack


A
] C. Enable Termination protection on the stack

] D. Set the ForceAPI for the stack as DO_NOT_DELETE

Explanation:

Answer - B

This is given in the AWS Documentation

https://www.whizlabs.com/learn/course/quiz-result/283506 82/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Since this is clearly mentioned in the documentation, all other options are invalid

For more information on creating the stack via the API, please refer to the below URL

https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_CreateStack.html

Try now labs related to this question

Introduction to Amazon CloudFormation


This lab walks you through to AWS CloudFormation features. In this lab, we will demonstrate
the use AWS CloudFormation Stack in creating a simple LAMP Server.

g Credit Needed 10 c Time 0 : 30 Try Now

Ask our Experts

Rate this Question? vu


Question 57 Correct

Domain : Other

Your team is creating a number of Cloudformation stacks for multiple teams. There is request to
ensure that the AWS RDS Instance which is created as part of the stack is retained for future purposes
when the stack is deleted. How can you achieve this?

] A. Set the DeleteAPI for the stack to None

] B. Set the OnFailure to DO_NOTHING when creating the stack

] C. Enable Termination protection on the stack

z] D. Use the DeletionPolicy attribute for the stack resource


A
Explanation:
https://www.whizlabs.com/learn/course/quiz-result/283506 83/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Answer - D

This is given in the AWS Documentation

With the DeletionPolicy attribute you can preserve or (in some cases) backup a resource when its
stack is deleted. You specify a DeletionPolicy attribute for each resource that you want to control. If a
resource has no DeletionPolicy attribute, AWS CloudFormation deletes the resource by default.

Since this is clearly mentioned in the documentation, all other options are invalid

For more information on the deletion policy attribute, please refer to the below URL

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-
deletionpolicy.html

Try now labs related to this question

Introduction to Amazon CloudFormation


This lab walks you through to AWS CloudFormation features. In this lab, we will demonstrate
the use AWS CloudFormation Stack in creating a simple LAMP Server.

g Credit Needed 10 c Time 0 : 30 Try Now

Ask our Experts

Rate this Question? vu


Question 58 Correct

Domain : Other

You work as a SysOps Administrator for a company. The IT Management department want all systems
hosted in AWS for their company to be up and running with few outages also. You need to be notified
in case any issues occur to the underlying hardware that hosts the AWS resources. Which of the
following can help you achieve this?

] A. Use the AWS Trusted Advisor tool

https://www.whizlabs.com/learn/course/quiz-result/283506 84/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

z] B. Use the Personal Health Dashboard


A
] C. Use the AWS Config tool

] D. Use the AWS Cloudtrail tool

Explanation:

Answer – B

This is given in the AWS Documentation:

##############

AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing
events that may impact you. While the Service Health Dashboard displays the general status of AWS
services, Personal Health Dashboard gives you a personalized view into the performance and
availability of the AWS services underlying your AWS resources. The dashboard displays relevant and
timely information to help you manage events in progress, and provides proactive notification to help
you plan for scheduled activities. With Personal Health Dashboard, alerts are triggered by changes in
the health of AWS resources, giving you event visibility, and guidance to help quickly diagnose and
resolve issues.

################

Option A is incorrect since this tool can only give you recommendations

Option C is incorrect since this is only a con g tool

Option D is incorrect since is an API monitoring tool

For more information on the personal health dashboard, please refer to the below URL

https://aws.amazon.com/premiumsupport/phd/

Ask our Experts

Rate this Question? vu


Question 59 Correct

https://www.whizlabs.com/learn/course/quiz-result/283506 85/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Domain : Other

Your company is planning on hosting a set of databases using the AWS RDS service. The IT security
department has mandated that all traffic is encrypted in transit. How can you achieve this with a
database instance created with the AWS RDS service? Choose 2 answers from the options given
below.

z A. Use the SSL certificates provided by the AWS RDS service


A
z B. Set the Parameter Group for the RDS Instance
A
C. Use the .pem keys files that come for the underlying server

D. Use the KMS service to encrypt the traffic

Explanation:

Answer – A and B

This is given in the AWS Documentation. An example for the Microsoft SQL server is given below

https://www.whizlabs.com/learn/course/quiz-result/283506 86/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Option C is incorrect since you don’t have access to the underlying server

Option D is incorrect since the KMS service can’t be used to encrypt the traffic

For more information on this example please refer to the below URL

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/SQLServer.Concepts.General.SSL.Using.

https://www.whizlabs.com/learn/course/quiz-result/283506 87/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Try now labs related to this question

Deploying Amazon RDS Multi-AZ and Read Replica, Simulate Failover

1. This lab walks you through the steps to launch Amazon Aurora RDS DB instance with
multi-AZ enabled and simulate failover.

2. You will practice it using Amazon Aurora.

g Credit Needed 10 c Time 1:0 Try Now

Ask our Experts

Rate this Question? vu


Question 60 Correct

Domain : Other

Your company has setup an architecture which consists of files hosted in an S3 bucket. And a
Cloudfront distribution in front of the S3 bucket which is used to distribute content to the users. There
are a certain number of 4xx errors which are coming as responses to the requests to Cloudfront.
Which of the following can be possible reasons for such errors? Choose 2 answers from the options
given below.

z A. The user does not have access to the underlying bucket


A
B. The Cloudfront service is unavailable

z C. The object which the user is requesting for is not present


A
D. There is an Internal server error

Explanation:

Answer – A and C

The AWS Documentation provides the different status codes.

https://www.whizlabs.com/learn/course/quiz-result/283506 88/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Options B and D are incorrect since these pertain to 5xx errors

For more information on the HTTP Status error codes, please refer to the below URL

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/HTTPStatusCodes.html

Ask our Experts

Rate this Question? vu

https://www.whizlabs.com/learn/course/quiz-result/283506 89/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Question 61 Correct

Domain : Other

Your company is planning on setting up servers in a private subnet in a VPC. There is a requirement for
the Instances in the private subnet to access an S3 bucket. You need to ensure that the traffic does
not traverse the Internet. Which of the following is the ideal component to be used in this scenario?

] A. NAT gateway

] B. NAT Instance

z] C. VPC Endpoint
A
] D. Internet gateway

Explanation:

Answer – C

The AWS Documentation mentions the following

A VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC
endpoint services powered by PrivateLink without requiring an internet gateway, NAT device, VPN
connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP
addresses to communicate with resources in the service. Traffic between your VPC and the other
service does not leave the Amazon network.

Endpoints are virtual devices. They are horizontally scaled, redundant, and highly available VPC
components that allow communication between instances in your VPC and services without imposing
availability risks or bandwidth constraints on your network traffic.

All other options are invalid, since in these options the traffic would traverse the Internet

For more information on VPC Endpoints, please refer to the below URL

https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints.html

https://www.whizlabs.com/learn/course/quiz-result/283506 90/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Ask our Experts

Rate this Question? vu


Question 62 Correct

Domain : Other

You’ve just setup a custom VPC. You’ve launched Instances in a subnet in the custom VPC. You’ve
noticed that the Instances are not receiving a public DNS hostname. Which of the following could be
possible reasons for this? Choose 2 answers from the options given below.

z A.  enableDnsHostNames is set to No
A
B. There is no Internet gateway attached to the VPC

C. The route tables have not been modified to include the Internet gateway

z D. enableDnsSupport is set to No
A
Explanation:

Answer A and D

The AWS Documentation mentions the following

https://www.whizlabs.com/learn/course/quiz-result/283506 91/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Since this is clearly mentioned in the documentation, all other options are invalid

For more information on VPC DNS, please refer to the below URL

 
https://www.whizlabs.com/learn/course/quiz-result/283506 92/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html

Try now labs related to this question

Build Amazon VPC with Public and Private Subnets from Scratch
Objective

1. Learn how to build Public and Private subnets from scratch.

2. VPC wizard will not be used. So every component required to build public and private
subnets will be created and configured manually.

3. This will give an in-depth understanding of internal components of VPC and subnets.

Lab Details:    

1. This lab walks you through to AWS Virtual Private Cloud (VPC) creation from scratch. 

2. In this lab, we will create a VPC without using VPC Wizard. We will create a public and
private subnets. Along with that we will be configuring Route tables.

g Credit Needed 10 c Time 0 : 30 Try Now

Ask our Experts

Rate this Question? vu


Question 63 Correct

https://www.whizlabs.com/learn/course/quiz-result/283506 93/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Domain : Other

A development team needs to quickly deploy a container-based application onto AWS. They don’t
want the headache of managing the application infrastructure. Which of the following service can be
used to fulfil this requirement?

] A. AWS Opswork

z] B. AWS Elastic Beanstalk


A
] C. AWS Cloudformation

] D. AWS EC2

Explanation:

Answer – B

The AWS Documentation mentions the following

Elastic Beanstalk supports the deployment of web applications from Docker containers. With Docker
containers, you can define your own runtime environment. You can choose your own platform,
programming language, and any application dependencies (such as package managers or tools), that
aren't supported by other platforms. Docker containers are self-contained and include all the
configuration information and software your web application requires to run. All environment variables
defined in the Elastic Beanstalk console are passed to the containers.

By using Docker with Elastic Beanstalk, you have an infrastructure that automatically handles the
details of capacity provisioning, load balancing, scaling, and application health monitoring.

Option A is invalid since this environment should be used when you also want to use configuration
management tool such as Chef and Puppet

Option C is invalid since this is used to deploy infrastructure as code

Option D is invalid since here the team would need to manage the infrastructure

For more information on Elastic Beanstalk, please refer to the below URL

https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_docker.html

https://www.whizlabs.com/learn/course/quiz-result/283506 94/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Ask our Experts

Rate this Question? vu


Question 64 Correct

Domain : Other

A media company is currently making use of a number of AWS resources. One of them is a set of
DynamoDB tables. They want to reduce the latency of the requests made to the DynamoDB table.
Which of the following can help to fulfill this requirement?

z] A. Use DAX
A
] B. Use Global tables

] C. Use Secondary Indexes

] D. Use DynamoDB streams

Explanation:

Answer – A

The AWS Documentation mentions the following

Amazon DynamoDB Accelerator (DAX) is a fully managed, highly available, in-


memory cache for DynamoDB that delivers up to a 10x performance improvement – from milliseconds
to microseconds – even at millions of requests per second. DAX does all the heavy lifting required to
add in-memory acceleration to your DynamoDB tables, without requiring developers to manage
cache invalidation, data population, or cluster management. 

Option B is invalid since this is used to create a multi-master database 

Option C is invalid since this is used when you want to query data in the table via indexes

Option D is invalid since this is used when you want to be noti ed of changes in data to a
DynamoDB table

For more information on DynamoDB DAX, please refer to the below URL

https://aws.amazon.com/dynamodb/dax/

https://www.whizlabs.com/learn/course/quiz-result/283506 95/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Ask our Experts

Rate this Question? vu


Question 65 Correct

Domain : Other

You work as a SysOps Administrator for a company. The company has a large number of EC2
Instances and EBS volumes. There is a requirement for business continuity to ensure that the EBS
volumes are available in another region in case the primary region fails. How can you achieve this?

] A. Create a copy of the volume in another region.

] B. Create a snapshot from the volume in another region.

z] C. Create a snapshot. Copy the snapshot to the new region.


A
] D. Create a copy of the volume. Copy the volume to the new region.

Explanation:

Answer – C

The below snippet from the AWS Documentation showcases the use cases of EBS snapshots

https://www.whizlabs.com/learn/course/quiz-result/283506 96/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Options A and D are incorrect , since you need to create a snapshot

Option B is incorrect since you cannot directly create a snapshot in another region

For more information on EBS Snapshot copy, please refer to the below URL

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-copy-snapshot.html

Ask our Experts

Rate this Question? vu


Finish Review

https://www.whizlabs.com/learn/course/quiz-result/283506 97/98
2/14/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

Certi cation Company


Cloud Certi cation Support

Java Certi cation Discussions

PM Certi cation Blog

Big Data Certi cation Business

Follow us

hom
© Copyright 2020. Whizlabs Software Pvt. Ltd. All Right Reserved.

https://www.whizlabs.com/learn/course/quiz-result/283506 98/98

You might also like