AWS-SysOps | ExamData

Question#231

You run a web application with the following components Elastic Load Balancer (EL8), 3 Web/Application servers, 1 MySQL RDS database with read replicas, and
Amazon Simple Storage Service (Amazon S3) for static content. Average response time for users is increasing slowly.
What three CloudWatch RDS metrics will allow you to identify if the database is the bottleneck? (Choose three.)

A. The number of outstanding IOs waiting to access the disk.
B. The amount of write latency.
C. The amount of disk space occupied by binary logs on the master.
D. The amount of time a Read Replica DB Instance lags behind the source DB Instance
E. The average number of disk I/O operations per second.

Discover Answer

ABD

Question#232

Which method can be used to prevent an IP address block from accessing public objects in an S3 bucket?

A. Create a bucket policy and apply it to the bucket
B. Create a NACL and attach it to the VPC of the bucket
C. Create an ACL and apply it to all objects in the bucket
D. Modify the IAM policies of any users that would access the bucket

Discover Answer

A
Reference:
http://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html

Question#233

Your organization is preparing for a security assessment of your use of AWS.
In preparation for this assessment, which two IAM best practices should you consider implementing? (Choose two.)

A. Create individual IAM users for everyone in your organization
B. Configure MFA on the root account and for privileged IAM users
C. Assign IAM users and groups configured with policies granting least privilege access
D. Ensure all users have been assigned and are frequently rotating a password, access ID/secret key, and X.509 certificate

Discover Answer

BC
Reference:
http://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html

Question#234

Your business is building a new application that will store its entire customer database on a RDS MySQL database, and will have various applications and users that will query that data for different purposes.
Large analytics jobs on the database are likely to cause other applications to not be able to get the query results they need to, before time out. Also, as your data grows, these analytics jobs will start to take more time, increasing the negative effect on the other applications.
How do you solve the contention issues between these different workloads on the same data?

A. Enable Multi-AZ mode on the RDS instance
B. Use ElastiCache to offload the analytics job data
C. Create RDS Read-Replicas for the analytics work
D. Run the RDS instance on the largest size possible

Discover Answer

C
https://aws.amazon.com/rds/details/read-replicas/

Question#235

What would happen to an RDS (Relational Database Service) multi-Availability Zone deployment if the primary DB instance fails?

A. The IP of the primary DB Instance is switched to the standby DB Instance.
B. A new DB instance is created in the standby availability zone.
C. The canonical name record (CNAME) is changed from primary to standby.
D. The RDS (Relational Database Service) DB instance reboots.

Discover Answer

C
Failover Process for Amazon RDS:
In the event of a planned or unplanned outage of your DB instance, Amazon RDS automatically switches to a standby replica in another Availability Zone if you have enabled Multi-AZ. The time it takes for the failover to complete depends on the database activity and other conditions at the time the primary DB instance became unavailable.
The failover mechanism automatically changes the DNS record of the DB instance to point to the standby DB instance. As a result, you will need to re-establish any existing connections to your DB instance.
Reference:
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.MultiAZ.html

Question#236

When you put objects in Amazon S3, what is the indication that an object was successfully stored?

A. Each S3 account has a special bucket named_s3_logs. Success codes are written to this bucket with a timestamp and checksum.
B. A success code is inserted into the S3 object metadata.
C. A HTTP 200 result code and MD5 checksum, taken together, indicate that the operation was successful.
D. Amazon S3 is engineered for 99.999999999% durability. Therefore, there is no need to confirm that data was inserted.

Discover Answer

C
There are two opportunities for a copy request to return an error. One can occur when Amazon S3 receives the copy request and the other can occur while
Amazon S3 is copying the files. If the error occurs before the copy operation starts, you receive a standard Amazon S3 error. If the error occurs during the copy operation, the error response is embedded in the 200 OK response. This means that a 200 OK response can contain either a success or an error. Make sure to design your application to parse the contents of the response and handle it appropriately.
If the copy is successful, you receive a response that contains the information about the copied object.

Question#237

How can an EBS volume that is currently attached to an EC2 instance be migrated from one Availability Zone to another?

A. Simply create a new volume in the other AZ and specify the original volume as the source.
B. Detach the volume, then use the ec2-migrate-volume command to move it to another AZ.
C. Create a snapshot of the volume, and create a new volume from the snapshot in the other AZ.
D. Detach the volume and attach it to another EC2 instance in the other AZ.

Discover Answer

C
These snapshots can be used to create multiple new EBS volumes, expand the size of a volume, or move volumes across Availability Zone
Reference:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumes.html

Question#238

You have a business-to-business web application running in a VPC consisting of an Elastic Load Balancer (ELB), web servers, application servers and a database. Your web application should only accept traffic from pre-defined customer IP addresses.
Which two options meet this security requirement? (Choose two.)

A. Configure web server VPC security groups to allow traffic from your customers' IPs
B. Configure your web servers to filter traffic based on the ELB's "X-forwarded-for" header
C. Configure ELB security groups to allow traffic from your customers' IPs and deny all outbound traffic
D. Configure a VPC NACL to allow web traffic from your customers' IPs and deny all outbound traffic

Discover Answer

AB

Question#239

How can software determine the public and private IP addresses of the Amazon EC2 instance that it is running on?

A. Query the local instance metadata.
B. Query the appropriate Amazon CloudWatch metric.
C. Query the local instance userdata.
D. Use ipconfig or ifconfig command.

Discover Answer

A
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.htm

Question#240

The compliance department within your multi-national organization requires that all data for your customers that reside in the European Union (EU) must not leave the EU and also data for customers that reside in the US must not leave the US without explicit authorization.
What must you do to comply with this requirement for a web based profile management application running on EC2?

A. Run EC2 instances in multiple AWS Availability Zones in single Region and leverage an Elastic Load Balancer with session stickiness to route traffic to the appropriate zone to create their profile
B. Run EC2 instances in multiple Regions and leverage Route 53's Latency Based Routing capabilities to route traffic to the appropriate region to create their profile
C. Run EC2 instances in multiple Regions and leverage a third party data provider to determine if a user needs to be redirect to the appropriate region to create their profile
D. Run EC2 instances in multiple AWS Availability Zones in a single Region and leverage a third party data provider to determine if a user needs to be redirect to the appropriate zone to create their profile

Discover Answer

C