Real SAA-C01 Q&A 2021

NEW QUESTION 1
A user is trying to launch a similar EC2 instance from an existing instance with the option "Launch More like this". The AMI of the selected instance is deleted. What will happen in this case?

• A. AWS does not need an AMI for the "Launch more like this" option
• B. AWS will launch the instance but will not create a new AMI
• C. AWS will create a new AMI and launch the instance
• D. AWS will throw an error saying that the AMI is deregistered

Answer: D

Explanation:
If the user has deregistered the AMI of an EC2 instance and is trying to launch a similar instance with the option "Launch more like this", AWS will throw an error saying that the AMI is deregistered or not available.

NEW QUESTION 2
What is a placement group?

• A. A collection of Auto Scaling groups in the same region
• B. A feature that enables EC2 instances to interact with each other via high bandwidth, low latency connections
• C. A collection of authorized CloudFront edge locations for a distribution
• D. A collection of Elastic Load Balancers in the same Region or Availability Zone

Answer: B

Explanation:
A placement group is a logical grouping of instances within a single Availability Zone. Using placement groups enables applications to participate in a low-latency, 10 Gigabits per second (Gbps) network. Placement groups are recommended for applications that benefit from low network latency, high network throughput, or both.

NEW QUESTION 3
What is the network performance offered by the c4.8xlarge instance in Amazon EC2?

• A. 20 Gigabit
• B. 10 Gigabit
• C. Very High but variable
• D. 5 Gigabit

Answer: B

Explanation:
Networking performance offered by the c4.8xlarge instance is 10 Gigabit. References:

NEW QUESTION 4
A user has launched five instances and have registered them with an ELB. How can the user add the sixth EC2 instance to the ELB?

• A. The user must stop the ELB and add the sixth instance.
• B. The user can add the sixth instance on the fly through API, CLI or the AWS Management Console.
• C. The user can add the instance and change the ELB config file.
• D. The ELB can only have a maximum of five instance

Answer: B

Explanation:
Elastic Load Balancing automatically distributes incoming traffic across multiple EC2 instances. You create a load balancer and register instances with the load balancer in one or more Availability Zones. The load balancer serves as a single point of contact for clients. This enables you to increase
the availability of your application. You can add and remove EC2 instances from your load balancer as your needs change, without disrupting the overall flow of information. http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/SvcIntro.html

NEW QUESTION 5
When you run a DB Instance as a Multi-AZ deployment, the " " serves database writes and reads

• A. secondary
• B. backup
• C. stand by
• D. primary

Answer: D

NEW QUESTION 6
A company is launching a static website using the zone apex (mycompany.com). The company wants to use Amazon Route 53 for DNS.
Which steps should the company perform to implement a scalable and cost-effective solution? (Choose two.)

• A. Host the website on an Amazon EC2 instance with ELB and Auto Scaling, and map a Route 53 alias record to the ELB endpoint.
• B. Host the website using AWS Elastic Beanstalk, and map a Route 53 alias record to the Beanstalk stack.
• C. Host the website on an Amazon EC2 instance, and map a Route 53 alias record to the public IP address of the Amazon EC2 instance.
• D. Serve the website from an Amazon S3 bucket, and map a Route 53 alias record to the website endpoint.
• E. Create a Route 53 hosted zone, and set the NS records of the domain to use Route 53 name servers.

Answer: CD

NEW QUESTION 7
After you recommend Amazon Redshift to a client as an alternative solution to paying data warehouses to analyze his data, your client asks you to explain why you are recommending Redshift. Which of the following would be a reasonable response to his request?

• A. It has high performance at scale as data and query complexity grows.
• B. It prevents reporting and analytic processing from interfering with the performance of OLTP workloads.
• C. You don't have the administrative burden of running your own data warehouse and dealing with setup, durability, monitoring, scaling, and patching.
• D. All answers listed are a reasonable response to his question

Answer: D

Explanation:
Amazon Redshift delivers fast query performance by using columnar storage technology to improve I/O efficiency and parallelizing queries across multiple nodes. Redshift uses standard PostgreSQL JDBC and ODBC drivers, allowing you to use a wide range of familiar SQL clients.
Data load speed scales linearly with cluster size, with integrations to Amazon S3, Amazon DynamoDB, Amazon Elastic MapReduce, Amazon Kinesis or any SSH-enabled host.
AWS recommends Amazon Redshift for customers who have a combination of needs, such as: High performance at scale as data and query complexity grows Desire to prevent reporting and analytic processing from interfering with the performance of OLTP workloads.
Large volumes of structured data to persist and query using standard SQL and existing BI tools Desire to the administrative burden of running one's own data warehouse and dealing with setup,
durability, monitoring, scaling and patching References:

NEW QUESTION 8
Can I change the EC2 security groups after an instance is launched in EC2-Classic?

• A. Yes, you can change security groups after you launch an instance in EC2-Classic.
• B. No, you cannot change security groups after you launch an instance in EC2-Classic.
• C. Yes, you can only when you remove rules from a security group.
• D. Yes, you can only when you add rules to a security grou

Answer: B

Explanation:
After you launch an instance in EC2-Classic, you can't change its security groups. However, you can add rules to or remove rules from a security group, and those changes are automatically applied to all instances that are associated with the security group.

NEW QUESTION 9
A group can contain many users. Can a user belong to multiple groups?

• A. Yes always
• B. No
• C. Yes but only if they are using two factor authentication
• D. Yes but only in VPC

Answer: A

Explanation:
A group can contain many users, and a user can belong to multiple groups. http://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html

NEW QUESTION 10
Which IAM role do you use to grant AWS Lambda permission to access a DynamoDB Stream?

• A. Dynamic role
• B. Invocation role
• C. Execution role
• D. Event Source role

Answer: C

Explanation:
You grant AWS Lambda permission to access a DynamoDB Stream using an IAM role known as the "execution role".

NEW QUESTION 11
In order to enable encryption at rest using EC2 and Elastic Block Store you need to

• A. Configure encryption when creating the EBS volume
• B. Configure encryption using the appropriate Operating Systems file system
• C. Configure encryption using X.509 certificates
• D. Mount the EBS volume in to S3 and then encrypt the bucket using a bucket polic

Answer: A

NEW QUESTION 12
What does Amazon S3 stand for?

• A. Simple Storage Solution.
• B. Storage Storage Storage (triple redundancy Storage).
• C. Storage Server Solution.
• D. Simple Storage Servic

Answer: D

Explanation:
Amazon Simple Storage Service (Amazon S3) is storage for the Internet. It provides a simple interface to manage scalable, reliable, and low latency data storage service over the Internet. http://docs.aws.amazon.com/AmazonS3/latest/gsg/GetStartedWithS3.html

NEW QUESTION 13
Placement Groups can be created across 2 or more Availability Zones.

• A. True
• B. False

Answer: B

Explanation:

NEW QUESTION 14
In Amazon RDS, security groups are ideally used to:

• A. Define maintenance period for database engines
• B. Launch Amazon RDS instances in a subnet
• C. Create, describe, modify, and delete DB instances
• D. Control what IP addresses or EC2 instances can connect to your databases on a DB instance

Answer: D

Explanation:
In Amazon RDS, security groups are used to control what IP addresses or EC2 instances can connect to your databases on a DB instance.
When you first create a DB instance, its firewall prevents any database access except through rules specified by an associated security group.

NEW QUESTION 15
You are responsible for a legacy web application whose server environment is approaching end of life You would like to migrate this application to AWS as quickly as possible, since the application environment currently has the following limitations:
The VM's single 10GB VMDK is almost full
Me virtual network interface still uses the 10Mbps driver, which leaves your 100Mbps WAN connection completely underutilized
It is currently running on a highly customized. Windows VM within a VMware environment: You do not have me installation media
This is a mission critical application with an RTO (Recovery Time Objective) of 8 hours. RPO (Recovery Point Objective) of 1 hour. How could you best migrate this application to AWS while meeting your business continuity requirements?

• A. Use the EC2 VM Import Connector for vCenter to import the VM into EC2.
• B. Use Import/Export to import the VM as an ESS snapshot and attach to EC2.
• C. Use S3 to create a backup of the VM and restore the data into EC2.
• D. Use me ec2-bundle-instance API to Import an Image of the VM into EC2

Answer: A

Explanation:
https://aws.amazon.com/developertools/2759763385083070

NEW QUESTION 16
Which of the following are true regarding encrypted Amazon Elastic Block Store (EBS) volumes? (Choose two.)

• A. Supported on all Amazon EBS volume types
• B. Snapshots are automatically encrypted
• C. Available to all instance types
• D. Existing volumes can be encrypted
• E. shared volumes can be encrypted

Answer: AB

Explanation:
This feature is supported on all Amazon EBS volume types (General Purpose (SSD), Provisioned IOPS (SSD), and Magnetic). You can access encrypted Amazon EBS volumes the same way you access existing volumes; encryption and decryption are handled transparently and they require no
additional action from you, your Amazon EC2 instance, or your application. Snapshots of encrypted
Amazon EBS volumes are automatically encrypted, and volumes that are created from encrypted Amazon EBS snapshots are also automatically encrypted.

NEW QUESTION 17
A user has created an Auto Scaling group with default configurations from CLI. The user wants to configure CloudWatch alarm on the EC2 instances, which are launched by the Auto Scaling group. The user has created an alarm to monitor the CPU utilization every minute. Which of the below mentioned statements is true?

• A. The alarm creation will fail since the user has not enabled detailed monitoring on the EC2 instances
• B. The user has to first enable detailed monitoring on the EC2 instances to support alarm monitoring at every minute
• C. It will fetch the data at every minute but the four data points [corresponding to 4 minutes] will not have value since the EC2 basic monitoring metrics are collected every five minutes
• D. It will fetch the data every minute from EC2 instances regardless if detailed monitoring is enabled or not.

Answer: D

Explanation:
CloudWatch is used to monitor AWS as well as the custom services. To enable detailed instance monitoring for a new Auto Scaling group, the user does not need to take any extra steps. Auto Scaling does not need Detailed Monitoring for alarm creation on 1 min period. The Detailed Monitoring flag in launch config is for making metrics available on individual instances for 1 min period. http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/as-metricscollected.html

NEW QUESTION 18
What are the initial settings of a user created security group?

• A. Allow all inbound traffic and Allow no outbound traffic
• B. Allow no inbound traffic and Allow no outbound traffic
• C. Allow no inbound traffic and Allow all outbound traffic
• D. Allow all inbound traffic and Allow all outbound traffic

Answer: C

NEW QUESTION 19
What is the minimum charge for the data transferred between Amazon RDS and Amazon EC2 Instances in the same Availability Zone?

• A. USD 0.10 per GB
• B. No charg
• C. It is free.
• D. USD 0.02 per GB
• E. USD 0.01 per GB

Answer: B

Explanation:
For data transferred between an Amazon EC2 instance and Amazon RDS DB Instance in different Availability Zones of the same Region, there is no Data Transfer charge for traffic in or out of the
Amazon RDS DB Instance. References:

NEW QUESTION 20
A large real-estate brokerage is exploring the option or adding a cost-effective location based alert to their existing mobile application. The application backend infrastructure currently runs on AWS Users who opt in to this service will receive alerts on their mobile device regarding real-estate otters in proximity to their location. For the alerts to be relevant delivery time needs to be in the low minute count the existing mobile app has 5 million users across the us. Which one of the following architectural suggestions would you make to the customer?

• A. The mobile application will submit its location to a web service endpoint utilizing Elastic Load Balancing and EC2 instances: DynamoDB will be used to store and retrieve relevant otters EC2 instances will communicate with mobile earners/device providers to push alerts back to mobile application.
• B. Use AWS DirectConnect or VPN to establish connectivity with mobile carriers EC2 instances will receive the mobile applications ' location through carrier connection: ROS will be used to store and relevant relevant offers EC2 instances will communicate with mobile carriers to push alerts back to the mobile application
• C. The mobile application will send device location using SQ
• D. EC2 instances will retrieve the relevant others from DynamoDB AWS Mobile Push will be used to send offers to the mobile application
• E. The mobile application will send device location using AWS Mobile Push EC2 instances will retrieve the relevant offers from DynamoDB EC2 instances will communicate with mobilecarriers/device providers to push alerts back to the mobile applicatio

Answer: A

Explanation:
AWS using SQS to store the message from mobile apps,and using AWS Mobile Push to send offers to mobile apps.

NEW QUESTION 21
What are characteristics of Amazon S3? (Choose two.)

• A. S3 allows you to store objects of virtually unlimited size.
• B. S3 offers Provisioned IOPS.
• C. S3 allows you to store unlimited amounts of data.
• D. S3 should be used to host a relational database.
• E. Objects are directly accessible via a UR

Answer: CE

NEW QUESTION 22
You are designing Internet connectivity for your VPC. The Web servers must be available on the Internet. The application must have a highly available architecture.
Which alternatives should you consider? (Choose two.)

• A. Configure a NAT instance in your VP
• B. Create a default route via the NAT instance and associate it with all subnet
• C. Configure a DNS A record that points to the NAT instance public IP address.
• D. Configure a CloudFront distribution and configure the origin to point to the private IP addresses ofyour Web server
• E. Configure a Route53 CNAME record to your CloudFront distribution.
• F. Place all your web servers behind EL8. Configure a Route53 CNMIE to point to the ELB DNS name.
• G. Assign EIPs to all web server
• H. Configure a Route53 record set with all EIPs with health checks and DNS failover.
• I. Configure ELB with an EI
• J. Place all your Web servers behind EL
• K. Configure a Route53 A record that points to the EIP.

Answer: CD

NEW QUESTION 23
Which of the following is not a service of the security category of the AWS trusted advisor service?

• A. Security Groups - Specific Ports Unrestricted
• B. MFA on Root Account
• C. IAM Use
• D. Vulnerability scans on existing VPC

Answer: D

Explanation:

NEW QUESTION 24
You have just finshed setting up an advertisement server in which one of the obvious choices for a service was Amazon Elastic Map Reduce ( EMR) and are now troubleshooting some weird cluster states that you are seeing. Which of the below is not an Amazon EMR cluster state?

• A. STARTING
• B. STOPPED
• C. RUNNING
• D. WAITING

Answer: B

Explanation:
Amazon Elastic Map Reduce (EMR) is a web service that enables businesses, researchers, data analysts, and developers to easily and cost-effectively process vast amounts of data. Amazon EMR historically referred to an Amazon EMR cluster (and all processing steps assigned to it) as a "cluster". Every cluster has a unique identifier that starts with "j-". The different cluster states of an Amazon
EMR cluster are listed below. STARTING? The cluster provisions, starts, and configures EC2 instances. BOOTSTRAPPING - Bootstrap actions are being executed on the cluster.
RUNNING - A step for the cluster is currently being run. WAITING - The cluster is currently active, but has no steps to run. TERMINATING -The cluster is in the process of shutting down. TERMINATED – The cluster was shut down without error.
TERMINATED_WITH_ERRORS - The cluster was shut down with errors.

NEW QUESTION 25
Without _____ , you must either create multiple AWS accounts-each with its own billing and subscriptions to AWS products-or your employees must share the security credentials of a single AWS account.

• A. Amazon RDS
• B. Amazon Glacier
• C. Amazon EMR
• D. Amazon IAM

Answer: D

NEW QUESTION 26
A client of yours has a huge amount of data stored on Amazon S3, but is concerned about someone stealing it while it is in transit. You know that all data is encrypted in transit on AWS, but which of the following is wrong when describing server-side encryption on AWS?

• A. Amazon S3 server-side encryption employs strong multi-factor encryption.
• B. Amazon S3 server-side encryption uses one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256), to encrypt your data.
• C. In server-side encryption, you manage encryption/decryption of your data, the encryption keys, and related tools.
• D. Server-side encryption is about data encryption at rest--that is, Amazon S3 encrypts your data as it writes it to disks.

Answer: C

Explanation:
Amazon S3 encrypts your object before saving it on disks in its data centers and decrypts it when you download the objects. You have two options depending on how you choose to manage the encryption keys: Server-side encryption and client-side encryption. Server-side encryption is about data encryption at rest--that is, Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts it for you when you access it. As long as you authenticate your request and you
have access permissions, there is no difference in the way you access encrypted or unencrypted objects. Amazon S3 manages encryption and decryption for you. For example, if you share your objects using a pre-signed URL, that URL works the same way for both encrypted and unencrypted objects.
In client-side encryption, you manage encryption/decryption of your data, the encryption keys, and related tools. Server-side encryption is an alternative to client-side encryption in which Amazon S3 manages the encryption of your data, freeing you from the tasks of managing encryption and encryption keys. Amazon S3 server-side encryption employs strong multi-factor encryption. Amazon S3 encrypts each object with a unique key. As an additional safeguard, it encrypts the key itself with a master key that it regularly rotates. Amazon S3 server-side encryption uses one of the strongest
block ciphers available, 256-bit Advanced Encryption Standard (AES-256), to encrypt your data.

NEW QUESTION 27
What does Amazon EBS stand for?

• A. Elastic Block Storage
• B. Elastic Business Server
• C. Elastic Blade Server
• D. Elastic Block Store

Answer: D

Explanation:
https://aws.amazon.com/ebs/ Amazon Elastic Block Store (EBS)
Amazon Elastic Block Store (Amazon EBS) provides persistent block level storage volumes for use with Amazon EC2 instances in the AWS Cloud. Each Amazon EBS volume is automatically replicated within its Availability Zone to protect you from component failure, offering high availability and durability. Amazon EBS volumes offer the consistent and low- latency performance needed to run your workloads. With Amazon EBS, you can scale your usage up or down within minutes all while paying a low price for only what you provision.

NEW QUESTION 28
When you put objects in Amazon S3, what is the indication that an object was successfully stored?

• A. A HTTP 200 result code and MD5 checksum, taken together, indicate that the operation was successful.
• B. Amazon S3 is engineered for 99.999999999% durabilit
• C. Therefore there is no need to confirm that data was inserted.
• D. A success code is inserted into the S3 object metadata.
• E. Each S3 account has a special bucket named _s3_log
• F. Success codes are written to this bucket with a timestamp and checksum.

Answer: A

Explanation:
To ensure that data is not corrupted traversing the network, use the Content-MD5 form field. When you use this form field, Amazon S3 checks the object against the provided MD5 value. If they do not match, Amazon S3 returns an error. The status code returned to the client upon successful upload if success_action_redirect is not specified. Accepts the values 200, 201, or 204 (default). http://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectPOST.html

NEW QUESTION 29
In regards to IAM you can edit user properties later, but you cannot use the console to change the ____.

• A. user name
• B. password
• C. default group

Answer: A

NEW QUESTION 30
......