Amazon AWS-Solution-Architect-Associate Exam Questions and Answers 2021

NEW QUESTION 1
What would be the best way to retrieve the public IP address of your EC2 instance using the CLI?

• A. Using tags
• B. Using traceroute
• C. Using ipconfig
• D. Using instance metadata

Answer: D

Explanation: To determine your instance's public IP address from within the instance, you can use instance metadata. Use the following command to access the public IP address: For Linux use, $ curl
http://169.254.169.254/latest/meta-data/public-ipv4, and for Windows use, $ wget http://169.254.169.254/latest/meta-data/public-ipv4.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.htm|

NEW QUESTION 2
Select the incorrect statement

• A. In Amazon EC2, the private IP addresses only returned to Amazon EC2 when the instance is stopped or terminated
• B. In Amazon VPC, an instance retains its private IP addresses when the instance is stopped.
• C. In Amazon VPC, an instance does NOT retain its private IP addresses when the instance is stopped.
• D. In Amazon EC2, the private IP address is associated exclusive ly with the instance for its lifetime

Answer: C

NEW QUESTION 3
Which of the following statements are t rue about Amazon Route 53 resource records? Choose 2 answers

• A. An Alias record can map one DNS name to another Amazon Route 53 DNS name.
• B. A CNAME record can be created for your zone apex.
• C. An Amazon Route 53 CNAME record can point to any DNS record hosted anywhere.
• D. TIL can be set for an Alias record in Amazon Route 53.
• E. An Amazon Route 53 Alias record can point to any DNS record hosted anywher

Answer: AC

Explanation: Reference:
http://d0cs.aws.amazon.c0m/R0ute53/latest/Deve|0perGuide/resource-record-sets-chccsing-aIiasnon-ali as.htmI

NEW QUESTION 4
You need to set up a security certificate for a cIient's e-commerce website as it will use the HTTPS protocol. Which of the below AWS services do you need to access to manage your SSL server certificate?

• A. AWS Directory Service
• B. AWS Identity & Access Management
• C. AWS CIoudFormation
• D. Amazon Route 53

Answer: B

Explanation: AWS Identity and Access Management (IAM) is a web service that enables Amazon Web Services (AWS) customers to manage users and user permissions in AWS.
All your SSL server certificates are managed by AWS Identity and Access management (IAM). Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/ManagingServerCerts.htm|

NEW QUESTION 5
In Route 53, what does a Hosted Zone refer to?

• A. A hosted zone is a collection of geographical load balancing rules for Route 53.
• B. A hosted zone is a collection of resource record sets hosted by Route 53.
• C. A hosted zone is a selection of specific resource record sets hosted by CIoudFront for distribution to Route 53.
• D. A hosted zone is the Edge Location that hosts the Route 53 records for a use

Answer: B

Explanation: A Hosted Zone refers to a selection of resource record sets hosted by Route 53.
Reference: http://docs.aws.amazon.com/Route53/Iatest/DeveIoperGuide/AboutHostedZones.html

NEW QUESTION 6
To serve Web traffic for a popular product your chief financial officer and IT director have purchased 10 ml large heavy utilization Reserved Instances (Rls) evenly spread across two availability zones:
Route 53 is used to deliver the traffic to an Elastic Load Balancer (ELB). After several months, the product grows even more popular and you need additional capacity As a result, your company purchases two C3.2x|arge medium utilization Rls You register the two c3 2xIarge instances with your ELB and quickly find that the ml large instances are at 100% of capacity and the c3 2xIarge instances have significant capacity that's unused Which option is the most cost effective and uses EC2 capacity most effectively?

• A. Use a separate ELB for each instance type and distribute load to ELBs with Route 53 weighted round robin
• B. Configure Autoscaning group and Launch Configuration with ELB to add up to 10 more on-demand ml large instances when triggered by Cloudwatch shut off c3 2xIarge instances
• C. Route traffic to EC2 ml large and c3 2xIarge instances directly using Route 53 latency based routing and health checks shut off ELB
• D. Configure ELB with two c3 2xiarge Instances and use on-demand Autoscaling group for up to two additional c3.2x|arge instances Shut on mi .|arge instances.

Answer: D

NEW QUESTION 7
You nave multiple Amazon EC2 instances running in a cluster across multiple Availability Zones within the same region. What combination of the following should be used to ensure the highest network performance (packets per second), lowest latency, and Iowestjitter? Choose 3 answers

• A. Amazon EC2 placement groups
• B. Enhanced networking
• C. Amazon PV AMI
• D. Amazon HVM AM
• E. Amazon Linux
• F. Amazon VPC

Answer: ABE

NEW QUESTION 8
A user comes to you and wants access to Amazon CIoudWatch but only wants to monitor a specific LoadBaIancer. Is it possible to give him access to a specific set of instances or a specific LoadBaIancer?

• A. No because you can't use IAM to control access to CIoudWatch data for specific resources.
• B. Ye
• C. You can use IAM to control access to CIoudWatch data for specific resources.
• D. No because you need to be Sysadmin to access CIoudWatch data.
• E. Ye
• F. Any user can see all CIoudWatch data and needs no access right

Answer: A

Explanation: Amazon CIoudWatch integrates with AWS Identity and Access Management (IAM) so that you can
specify which CIoudWatch actions a user in your AWS Account can perform. For example, you could create an IAM policy that gives only certain users in your organization permission to use GetMetricStatistics. They could then use the action to retrieve data about your cloud resources.
You can't use IAM to control access to CIoudWatch data for specific resources. For example, you can't give a user access to CIoudWatch data for only a specific set of instances or a specific LoadBaIancer. Permissions granted using IAM cover all the cloud resources you use with CIoudWatch. In addition, you can't use IAM roles with the Amazon CIoudWatch command line tools.
Using Amazon CIoudWatch with IAM doesn't change how you use CIoudWatch. There are no changes to CIoudWatch actions, and no new CIoudWatch actions related to users and access control.
Reference: http://docs.aws.amazon.com/AmazonC|oudWatch/latest/DeveloperGuide/UsingIAM.htmI

NEW QUESTION 9
Can I test my DB Instance against a new version before upgrading?

• A. Only in VPC
• B. No
• C. Yes

Answer: C

NEW QUESTION 10
Location of Insta nces are -----

• A. Regional
• B. based on Availability Zone
• C. Global

Answer: B

NEW QUESTION 11
You need a persistent and durable storage to trace call actMty of an IVR (Interactive Voice Response) system. Call duration is mostly in the 2-3 minutes timeframe. Each traced call can be either active or terminated. An external application needs to know each minute the list of currently active calls, which are usually a few calls/second. Put once per month there is a periodic peak up to 1000 calls/second for a few hours. The system is open 24/7 and any downtime should be avoided.
Historical data is periodically archived to files. Cost saving is a priority for this project.
What database implementation would better fit this scenario, keeping costs as low as possible?

• A. Use RDS Multi-AZ with two tables, one for -Active calls" and one for -Terminated ca Ils". In this way the "Active caIIs_ table is always small and effective to access.
• B. Use DynamoDB with a "Calls" table and a Global Secondary Index on a "IsActive"' attribute that is present for active calls only In this way the Global Secondary index is sparse and more effective.
• C. Use DynamoDB with a 'Calls" table and a Global secondary index on a 'State" attribute that can equal to "active" or "terminated" in this way the Global Secondary index can be used for all Items in the table.
• D. Use RDS Multi-AZ with a "CALLS" table and an Indexed "STATE* field that can be equal to 'ACTIVE" or -TERMNATED" In this way the SOL query Is optimized by the use of the Index.

Answer: A

NEW QUESTION 12
You have multiple VPN connections and want to provide secure communication between sites using the AWS VPN CIoudHub. Which statement is the most accurate in describing what you must do to set this up correctly?

• A. Create a virtual private gateway with multiple customer gateways, each with unique Border Gateway Protocol (BGP) Autonomous System Numbers (ASNs)
• B. Create a virtual private gateway with multiple customer gateways, each with a unique set of keys
• C. Create a virtual public gateway with multiple customer gateways, each with a unique Private subnet
• D. Create a virtual private gateway with multiple customer gateways, each with unique subnet id

Answer: A

Explanation: If you have multiple VPN connections, you can provide secure communication between sites using the AWS VPN CIoudHub. The VPN CIoudHub operates on a simple hub-and-spoke model that you can use with or without a VPC. This design is suitable for customers with multiple branch offices and existing Internet connections who'd like to implement a convenient, potentially low-cost hub-and-spoke model for primary or backup connectMty between these remote offices.
To use the AWS VPN CIoudHub, you must create a virtual private gateway with multiple customer
gateways, each with unique Border Gateway Protocol (BGP) Autonomous System Numbers (ASNs). Customer gateways advertise the appropriate routes (BGP prefixes) over their VPN connections. These routing advertisements are received and re-advertised to each BGP peer, enabling each site to send data to and receive data from the other sites. The routes for each spoke must have unique ASNs and the sites must not have overlapping IP ranges. Each site can also send and receive data from the VPC as if they were using a standard VPN connection.
Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPN_CIoudHub.htmI

NEW QUESTION 13
What will be the status of the snapshot until the snapshot is complete.

• A. running
• B. working
• C. progressing
• D. pending

Answer: D

NEW QUESTION 14
What is the maximum response time for a Business level Premium Support case?

• A. 30 minutes
• B. 1 hour
• C. 12 hours
• D. 10 minutes

Answer: B

NEW QUESTION 15
Please select the most correct answer regarding the persistence of the Amazon Instance Store

• A. The data on an instance store volume persists only during the life of the associated Amazon EC2 instance
• B. The data on an instance store volume is lost when the security group rule of the associated instance is changed.
• C. The data on an instance store volume persists even after associated Amazon EC2 instance is deleted

Answer: B

NEW QUESTION 16
An organization has a statutory requirement to protect the data at rest for the S3 objects. Which of the below mentioned options need not be enabled by the organization to achieve data security?

• A. MFA delete for S3 objects
• B. Client side encryption
• C. Bucket versioning
• D. Data replication

Answer: D

Explanation: AWS S3 provides multiple options to achieve the protection of data at REST. The options include Permission (Policy), Encryption (Client and Server Side), Bucket Versioning and MFA based delete. The user can enable any of these options to achieve data protection. Data replication is an internal facility by AWS where S3 replicates each object across all the Availability Zones and the organization need not
enable it in this case.
Reference: http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf