Want to know Actualtests AWS-Certified-Developer-Associate Exam practice test features? Want to lear more about Amazon AWS Certified Developer Associate certification experience? Study Certified Amazon AWS-Certified-Developer-Associate answers to Leading AWS-Certified-Developer-Associate questions at Actualtests. Gat a success with an absolute guarantee to pass Amazon AWS-Certified-Developer-Associate (AWS Certified Developer Associate) test on your first attempt.
Q33. In Amazon EC2, which of the following is the type of monitoring data for Amazon EBS volumes that is available automatically in 5-minute periods at no charge?
A. Primary
B. Basic
C. Initial
D. Detailed
Answer: B
Explanation:
Basic is the type of monitoring data (for Amazon EBS volumes) which is available automatically in 5-minute periods at no charge called.
Reference:
http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/monitoring-volume-status.html
Q34. A user is planning to host a web server as well as an app server on a single EC2 instance which is a part of the public subnet of a VPC. How can the user setup to have two separate public IPs and separate security groups for both the application as well as the web server?
A. Launch a VPC instance with two network interfaces. Assign a separate security group to each and AWS will assign a separate public IP to them.
B. Launch VPC with two separate subnets and make the instance a part of both the subnets.
C. Launch a VPC instance with two network interfaces. Assign a separate security group and elastic IP to them.
D. Launch a VPC with ELB such that it redirects requests to separate VPC instances of the public subnet.
Answer: C
Explanation:
If you need to host multiple websites(with different IPs) on a single EC2 instance, the following is the suggested method from AWS.
Launch a VPC instance with two network interfaces
Assign elastic IPs from VPC EIP pool to those interfaces (Because, when the user has attached more than one network interface with an instance, AWS cannot assign public IPs to them.)
Assign separate Security Groups if separate Security Groups are needed
This scenario also helps for operating network appliances, such as firewalls or load balancers that have multiple private IP addresses for each network interface.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/MuItipIeIP.html
Q35. A user has launched one EC2 instance in the US West region. The user wants to access the RDS instance launched in the US East region from that EC2 instance. How can the user configure the access for that EC2 instance?
A. It is not possible to access RDS of the US East region from the US West region
B. Open the security group of the US West region in the RDS security group’s ingress rule
C. Configure the IP range of the US West region instance as the ingress security rule of RDS
D. Create an IAM role which has access to RDS and launch an instance in the US West region with it
Answer: C
Explanation:
The user cannot authorize an Amazon EC2 security group if it is in a different AWS Region than the RDS DB instance. The user can authorize an IP range or specify an Amazon EC2 security group in the same region that refers to an IP address in another region.
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithSecurityGroups.html
Q36. A user has enabled serverside encryption with S3. The user downloads the encrypted object from S3. How can the user decrypt it?
A. S3 does not support server side encryption
B. S3 provides a server side key to decrypt the object
C. The user needs to decrypt the object using their own private key
D. S3 manages encryption and decryption automatically
Answer: D
Explanation:
If the user is using the server-side encryption feature, Amazon S3 encrypts the object data before saving it on disks in its data centres and decrypts it when the user downloads the objects. Thus, the user is free from the tasks of managing encryption, encryption keys, and related tools.
Reference: http://docs.aws.amazon.com/AmazonS3/Iatest/dev/UsingEncryption.htmI
Q37. An orgAMzation has hosted an application on the EC2 instances. There will be multiple users connecting to the instance for setup and configuration of application. The orgAMzation is planning to implement certain security best practices. Which of the below mentioned pointers will not help the orgAMzation achieve better security arrangement?
A. Apply the latest patch of OS and always keep it updated.
B. Allow only IAM users to connect with the EC2 instances with their own secret access key.
C. Disable the password based login for all the users. All the users should use their own keys to connect with the instance securely.
D. Create a procedure to revoke the access rights of the indMdual user when they are not required to connect to EC2 instance anymore for the purpose of application configuration.
Answer: B
Explanation:
Since AWS is a public cloud any application hosted on EC2 is prone to hacker attacks. It becomes extremely important for a user to setup a proper security mechAMsm on the EC2 instances. A few of the security measures are listed below:
Always keep the OS updated with the latest patch
Always create separate users with in OS if they need to connect with the EC2 instances, create their keys and disable their password
Create a procedure using which the admin can revoke the access of the user when the business work on the EC2 instance is completed
Lock down unnecessary ports
Audit any proprietary applications that the user may be running on the EC2 instance
Provide temporary escalated prMleges, such as sudo for users who need to perform occasional prMleged tasks
The IAM is useful when users are required to work with AWS resources and actions, such as launching an instance. It is not useful to connect (RDP / SSH) with an instance.
Reference: http://aws.amazon.com/articles/1233/
Q38. A user is setting up an Elastic Load BaIancer(ELB). Which of the below parameters should the user consider so as the instance gets registered with the ELB?
A. ELB DNS
B. IP address
C. Security group
D. ELB IP
Answer: B
Explanation:
The EC2 instances are registered with the load balancer using the IP addresses associated with the instances. When an instance is stopped and then started, the IP address associated with the instance changes. This prevents the load balancer from routing traffic to the restarted instance. When the user stops and then starts registered EC2 instances, it is recommended that to de-register the stopped instance from load balancer, and then register the restarted instance. Failure to do so may prevent the load balancer from performing health checks and routing the traffic to the restarted instance.
Q39. A user has created an EBS instance in the US-East-1a AZ. The user has a volume of 30 GB in the US-East-1 b zone. How can the user attach the volume to an instance?
A. Since both the volume and the instance are in the same region, the user can attach the volume
B. Use the volume migrate function to move the volume from one AZ to another and attach to the instance
C. Take a snapshot of the volume. Create a new volume in the USEast-1a and attach that to the instance
D. Use the volume replicate function to create a new volume in the US-East-1a and attach that to the volume
Answer: C
Explanation:
If an EBS volume is not in the same AZ of an EC2 instance, it cannot be attached to the instance. The only option is to take a snapshot of the volume and create a new volume in the instance’s AZ. Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.htmI
Q40. A user has attached one RDS security group with 5 RDS instances. The user has changed the ingress rule for the security group. What will be the initial status of the ingress rule?
A. Approving
B. Implementing
C. Authorizing
D. It is not possible to assign a single group to multiple DB instances
Answer: C
Explanation:
When the user makes any changes to the RDS security group the rule status will be authorizing for some time until the changes are applied to all instances that the group is connected with. Once the changes are propagated the rule status will change to authorized.
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithSecurityGroups.html