2016 October Amazon Official New Released AWS Certified Solutions Architect – Associate Dumps in Lead2pass.com!
100% Free Download! 100% Pass Guaranteed!
Pass AWS Certified Solutions Architect – Associate exam with the latest Lead2pass AWS Certified Solutions Architect – Associate dumps: Lead2pass AWS Certified Solutions Architect – Associate exam questions and answers in PDF are prepared by our experts. Moreover, they are based on the recommended syllabus that covering all the AWS Certified Solutions Architect – Associate exam objectives.
Following questions and answers are all new published by Amazon Official Exam Center: http://www.lead2pass.com/aws-certified-solutions-architect-associate.html
QUESTION 201
Which services allow the customer to retain full administrative privileges of the underlying EC2 instances? Choose 2 answers
A. Amazon Relational Database Service
B. Amazon Elastic Map Reduce
C. Amazon ElastiCache
D. Amazon DynamoDB
E. AWS Elastic Beanstalk
Answer: BE
QUESTION 202
A company is building a two-tier web application to serve dynamic transaction-based content.
The data tier is leveraging an Online Transactional Processing (OLTP) database.
What services should you leverage to enable an elastic and scalable web tier?
A. Elastic Load Balancing, Amazon EC2, and Auto Scaling
B. Elastic Load Balancing, Amazon RDS with Multi-AZ, and Amazon S3
C. Amazon RDS with Multi-AZ and Auto Scaling
D. Amazon EC2, Amazon DynamoDB, and Amazon S3
Answer: A
QUESTION 203
Your application provides data transformation services. Files containing data to be transformed are first uploaded to Amazon S3 and then transformed by a fleet of spot EC2 instances.
Files submitted by your premium customers must be transformed with the highest priority.
How should you implement such a system?
A. Use a DynamoDB table with an attribute defining the priority level.
Transformation instances will scan the table for tasks, sorting the results by priority level.
B. Use Route 53 latency based-routing to send high priority tasks to the closest transformation instances.
C. Use two SQS queues, one for high priority messages, the other for default priority. Transformation instances first poll the high priority queue; if there is no message, they poll the default priority queue.
D. Use a single SQS queue.
Each message contains the priority level.
Transformation instances poll high-priority messages first.
Answer: C
QUESTION 204
Which technique can be used to integrate AWS IAM (Identity and Access Management) with an on-premise LDAP (Lightweight Directory Access Protocol) directory service?
A. Use an IAM policy that references the LDAP account identifiers and the AWS credentials.
B. Use SAML (Security Assertion Markup Language) to enable single sign-on between AWS and LDAP.
C. Use AWS Security Token Service from an identity broker to issue short-lived AWS credentials.
D. Use IAM roles to automatically rotate the IAM credentials when LDAP credentials are updated.
E. Use the LDAP credentials to restrict a group of users from launching specific EC2 instance types.
Answer: B
Explanation:
https://d0.awsstatic.com/whitepapers/aws-whitepaper-single-sign-on-integrating-aws-open-ldap-and-shibboleth.pdf
QUESTION 205
Which of the following are characteristics of Amazon VPC subnets? Choose 2 answers
A. Each subnet spans at least 2 Availability Zones to provide a high-availability environment.
B. Each subnet maps to a single Availability Zone.
C. CIDR block mask of/25 is the smallest range supported.
D. By default, all subnets can route between each other, whether they are private or public.
E. Instances in a private subnet can communicate with the Internet only if they have an Elastic IP.
Answer: BD
Explanation:
Even though we know the right Answers it is sometimes good to know why the other Answers are wrong.
A. Is wrong because a subnet maps to a single AZ.
C. Is wrong because /28 is the smallest subnet, amazon takes first four and last addresses per subnet.
E. Is wrong because a private subnet needs a NAT appliance.
QUESTION 206
A customer is leveraging Amazon Simple Storage Service in eu-west-1 to store static content for a web-based property. The customer is storing objects using the Standard Storage class. Where are the customers objects replicated?
A. A single facility in eu-west-1 and a single facility in eu-central-1
B. A single facility in eu-west-1 and a single facility in us-east-1
C. Multiple facilities in eu-west-1
D. A single facility in eu-west-1
Answer: C
Explanation:
Objects stored in a region never leave the region unless you explicitly transfer them to another region. For example, objects stored in the EU (Ireland) region never leave it.
http://docs.aws.amazon.com/AmazonS3/latest/dev/Introduction.html#Regions
QUESTION 207
Your web application front end consists of multiple EC2 instances behind an Elastic Load Balancer. You configured ELB to perform health checks on these EC2 instances, if an instance fails to pass health checks, which statement will be true?
A. The instance gets terminated automatically by the ELB.
B. The instance gets quarantined by the ELB for root cause analysis.
C. The instance is replaced automatically by the ELB.
D. The ELB stops sending traffic to the instance that failed its health check.
Answer: D
QUESTION 208
In AWS, which security aspects are the customer’s responsibility? Choose 4 answers
A. Security Group and ACL (Access Control List) settings
B. Decommissioning storage devices
C. Patch management on the EC2 instance’s operating system
D. Life-cycle management of IAM credentials
E. Controlling physical access to compute resources
F. Encryption of EBS (Elastic Block Storage) volumes
Answer: ACDF
Explanation:
http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf
QUESTION 209
You have a web application running on six Amazon EC2 instances, consuming about 45% of resources on each instance. You are using auto-scaling to make sure that six instances are running at all times. The number of requests this application processes is consistent and does not experience spikes. The application is critical to your business and you want high availability at all times. You want the load to be distributed evenly between all instances. You also want to use the same Amazon Machine Image (AMI) for all instances. Which of the following architectural choices should you make?
A. Deploy 6 EC2 instances in one availability zone and use Amazon Elastic Load Balancer.
B. Deploy 3 EC2 instances in one region and 3 in another region and use Amazon Elastic Load Balancer.
C. Deploy 3 EC2 instances in one availability zone and 3 in another availability zone and use Amazon Elastic Load Balancer.
D. Deploy 2 EC2 instances in three regions and use Amazon Elastic Load Balancer.
Answer: C
Explanation:
A load balancer accepts incoming traffic from clients and routes requests to its registered EC2 instances in one or more Availability Zones.
http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/how-elb-works.html
Updated Security Whitepaper link:
https://d0.awsstatic.com/whitepapers/aws-security-whitepaper.pdf
QUESTION 210
You have decided to change the instance type for instances running in your application tier that is using Auto Scaling. In which area below would you change the instance type definition?
A. Auto Scaling policy
B. Auto Scaling group
C. Auto Scaling tags
D. Auto Scaling launch configuration
Answer: D
QUESTION 211
When an EC2 EBS-backed (EBS root) instance is stopped, what happens to the data on any ephemeral store volumes?
A. Data is automatically saved in an EBS volume.
B. Data is unavailable until the instance is restarted.
C. Data will be deleted and will no longer be accessible.
D. Data is automatically saved as an EBS snapshot.
Answer: C
Explanation:
An “EBS-backed” instance is an EC2 instance which uses an EBS volume as it’s root device.
An EBS volume behaves like a raw, unformatted, external block device that you can attach to a single instance and are not physically attached to the Instance host computer (more like a network attached storage). The volume persists independently from the running life of an instance. After an EBS volume is attached to an instance, you can use it like any other physical hard drive. You can also detach an EBS volume from one instance and attach it to another instance. EBS volumes can also be created as encrypted volumes using the Amazon EBS encryption feature.
QUESTION 212
Which of the following items are required to allow an application deployed on an EC2 instance to write data to a DynamoDB table? Assume that no security keys are allowed to be stored on the EC2 instance.
(Choose 2 answers)
A. Create an IAM Role that allows write access to the DynamoDB table.
B. Add an IAM Role to a running EC2 instance.
C. Create an IAM User that allows write access to the DynamoDB table.
D. Add an IAM User to a running EC2 instance.
E. Launch an EC2 Instance with the IAM Role included in the launch configuration.
Answer: AE
Explanation:
http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/TicTacToe.Phase3.html
QUESTION 213
When you put objects in Amazon S3, what is the indication that an object was successfully stored?
A. A HTTP 200 result code and MD5 checksum, taken together, indicate that the operation was successful.
B. Amazon S3 is engineered for 99.999999999% durability. Therefore there is no need to confirm that data was inserted.
C. A success code is inserted into the S3 object metadata.
D. Each S3 account has a special bucket named _s3_logs. Success codes are written to this bucket with a timestamp and checksum.
Answer: A
Explanation:
To ensure that data is not corrupted traversing the network, use the Content-MD5 form field. When you use this form field, Amazon S3 checks the object against the provided MD5 value. If they do not match, Amazon S3 returns an error.
The status code returned to the client upon successful upload if success_action_redirect is not specified.
Accepts the values 200, 201, or 204 (default).
http://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectPOST.html
QUESTION 214
What is one key difference between an Amazon EBS-backed and an instance-store backed instance?
A. Amazon EBS-backed instances can be stopped and restarted.
B. Instance-store backed instances can be stopped and restarted.
C. Auto scaling requires using Amazon EBS-backed instances.
D. Virtual Private Cloud requires EBS backed instances.
Answer: A
Explanation:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ComponentsAMIs.html#storage-for-the-root-device
QUESTION 215
A company wants to implement their website in a virtual private cloud (VPC). The web tier will use an Auto Scaling group across multiple Availability Zones (AZs). The database will use Multi-AZ RDS MySQL and should not be publicly accessible. ‘What is the minimum number of subnets that need to be configured in the VPC?
A. 1
B. 2
C. 3
D. 4
Answer: D
Explanation:
Would use VPC with private (DB) and public (WEB) subnets:
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.Scenarios.html
Multi AZ requirement forces me to multiply subnets by two.
Reasons:
For DB: Your VPC must have at least one subnet in at least two of the Availability Zones in the region where you want to deploy your DB instance. A subnet is a segment of a VPC’s IP address range that you can specify and that lets you group instances based on your security and operational needs
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html
For Web: After creating a VPC, you can add one or more subnets in each Availability Zone. Each subnet must reside entirely within one Availability Zone and cannot span zones
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html
QUESTION 216
You have launched an Amazon Elastic Compute Cloud (EC2) instance into a public subnet with a primary private IP address assigned, an internet gateway is attached to the VPC, and the public route table is configured to send all Internet-based traffic to the Internet gateway. The instance security group is set to allow all outbound traffic but cannot access the internet. Why is the Internet unreachable from this instance?
A. The instance does not have a public IP address.
B. The internet gateway security group must allow all outbound traffic.
C. The instance security group must allow all inbound traffic.
D. The instance “Source/Destination check” property must be enabled.
Answer: A
Explanation:
Ensure that instances in your subnet have public IP addresses or Elastic IP addresses.
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Internet_Gateway.html
QUESTION 217
You launch an Amazon EC2 instance without an assigned AVVS identity and Access Management (IAM) role. Later, you decide that the instance should be running with an IAM role. Which action must you take in order to have a running Amazon EC2 instance with an IAM role assigned to it?
A. Create an image of the instance, and register the image with an IAM role assigned and an Amazon EBS volume mapping.
B. Create a new IAM role with the same permissions as an existing IAM role, and assign it to the running instance.
C. Create an image of the instance, add a new IAM role with the same permissions as the desired IAM role, and deregister the image with the new role assigned.
D. Create an image of the instance, and use this image to launch a new instance with the desired IAM role assigned.
Answer: D
Explanation:
http://docs.aws.amazon.com/IAM/latest/UserGuide/roles-usingrole-ec2instance.html
QUESTION 218
How can the domain’s zone apex, for example, “myzoneapexdomain.com”, be pointed towards an Elastic Load Balancer?
A. By using an Amazon Route 53 Alias record
B. By using an AAAA record
C. By using an Amazon Route 53 CNAME record
D. By using an A record
Answer: A
Explanation:
You can create an alias resource record set at the zone apex.
You cannot create a CNAME record at the top node of a DNS namespace, also known as the zone apex.
For example, if you register the DNS name example.com, the zone apex is example.com.
http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-choosing-alias-non-alias.html
QUESTION 219
An instance is launched into a VPC subnet with the network ACL configured to allow all inbound traffic and deny all outbound traffic. The instance’s security group is configured to allow SSH from any IP address and deny all outbound traffic. What changes need to be made to allow SSH access to the instance?
A. The outbound security group needs to be modified to allow outbound traffic.
B. The outbound network ACL needs to be modified to allow outbound traffic.
C. Nothing, it can be accessed from any IP address using SSH.
D. Both the outbound security group and outbound network ACL need to be modified to allow outbound traffic.
Answer: B
Explanation:
Need to open TCP Port 1024-65535 at Outbound Rules
“Allows outbound responses to the remote computer. Network ACLs are stateless, therefore this rule is required to allow response traffic for inbound requests.”
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html
QUESTION 220
For which of the following use cases are Simple Workflow Service (SWF) and Amazon EC2 an appropriate solution? Choose 2 answers
A. Using as an endpoint to collect thousands of data points per hour from a distributed fleet of sensors
B. Managing a multi-step and multi-decision checkout process of an e-commerce website
C. Orchestrating the execution of distributed and auditable business processes
D. Using as an SNS (Simple Notification Service) endpoint to trigger execution of video transcoding jobs
E. Using as a distributed session store for your web application
Answer: BC
Explanation:
https://aws.amazon.com/swf/faqs/
QUESTION 221
A customer wants to leverage Amazon Simple Storage Service (S3) and Amazon Glacier as part of their backup and archive infrastructure. The customer plans to use third-party software to support this integration. Which approach will limit the access of the third party software to only the Amazon S3 bucket named “company-backup”?
A. A custom bucket policy limited to the Amazon S3 API in thee Amazon Glacier archive “company-backup”
B. A custom bucket policy limited to the Amazon S3 API in “company-backup”
C. A custom IAM user policy limited to the Amazon S3 API for the Amazon Glacier archive “company-backup”.
D. A custom IAM user policy limited to the Amazon S3 API in “company-backup”.
Answer: D
Explanation:
http://docs.aws.amazon.com/AmazonS3/latest/dev/example-policies-s3.html
QUESTION 222
A client application requires operating system privileges on a relational database server. What is an appropriate configuration for a highly available database architecture?
A. A standalone Amazon EC2 instance
B. Amazon RDS in a Multi-AZ configuration
C. Amazon EC2 instances in a replication configuration utilizing a single Availability Zone
D. Amazon EC2 instances in a replication configuration utilizing two different Availability Zones
Answer: D
Explanation:
http://docs.aws.amazon.com/dms/latest/userguide/CHAP_Introduction.ReplicationInstance.html
QUESTION 223
What is a placement group?
A. A collection of Auto Scaling groups in the same region
B. A feature that enables EC2 instances to interact with each other via high bandwidth, low latency connections
C. A collection of authorized CloudFront edge locations for a distribution
D. A collection of Elastic Load Balancers in the same Region or Availability Zone
Answer: B
Explanation:
A placement group is a logical grouping of instances within a single Availability Zone. Using placement groups enables applications to participate in a low-latency, 10 Gigabits per second (Gbps) network. Placement groups are recommended for applications that benefit from low network latency, high network throughput, or both.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html
QUESTION 224
A company has a workflow that sends video files from their on-premise system to AWS for transcoding. They use EC2 worker instances that pull transcoding jobs from SQS. Why is SQS an appropriate service for this scenario?
A. SQS guarantees the order of the messages.
B. SQS synchronously provides transcoding output.
C. SQS checks the health of the worker instances.
D. SQS helps to facilitate horizontal scaling of encoding tasks.
Answer: D
Explanation:
Imho the idea for SQS is to improve scalability.
Elastic Beanstalk is checking the health of EC2 instances, not sure if SQS does.
QUESTION 225
When creation of an EBS snapshot is initiated, but not completed, the EBS volume:
A. Can be used while the snapshot is in progress.
B. Cannot be detached or attached to an EC2 instance until the snapshot completes
C. Can be used in read-only mode while the snapshot is in progress.
D. Cannot be used until the snapshot completes.
Answer: A
Explanation:
Snapshots occur asynchronously; the point-in-time snapshot is created immediately, but the status of the snapshot is pending until the snapshot is complete (when all of the modified blocks have been transferred to Amazon S3), which can take several hours for large initial snapshots or subsequent snapshots where many blocks have changed.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-creating-snapshot.html
Comparing with others’, you will find our AWS Certified Solutions Architect – Associate exam questions are more helpful and precise since all the AWS Certified Solutions Architect – Associate exam content is regularly updated and has been checked for accuracy by our team of Amazon expert professionals.
AWS Certified Solutions Architect – Associate new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDNlBGazRSTENUQW8
2016 Amazon AWS Certified Solutions Architect – Associate exam dumps (All 423 Q&As) from Lead2pass:
http://www.lead2pass.com/aws-certified-solutions-architect-associate.html [100% Exam Pass Guaranteed]