AWS-Certified-Solutions-Architect-Professional Amazon Exam Questions and Free Practice Test

Question 7

Select the correct set of options. These are the initial settings for the default security group:

A. Allow no inbound traffic, Allow all outbound traffic and Allow instances associated with this security group to talk to each other

B. Allow all inbound traffic, Allow no outbound traffic and Allow instances associated with this security group to talk to each other

C. Allow no inbound traffic, Allow all outbound traffic and Does NOT allow instances associated with this security group to talk to each other

D. Allow all inbound traffic, Allow all outbound traffic and Does NOT allow instances associated with this security group to talk to each other

Correct Answer:A

Question 8

Which of the following is true while using an IAM role to grant permissions to applications running on Amazon EC2 instances?

A. All applications on the instance share the same role, but different permissions.

B. All applications on the instance share multiple roles and permissions.

C. MuItipIe roles are assigned to an EC2 instance at a time.

D. Only one role can be assigned to an EC2 instance at a tim

Correct Answer:D
Only one role can be assigned to an EC2 instance at a time, and all applications on the instance share the same role and permissions.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/role-usecase-ec2app.htmI

Question 9

An organization has 4 people in the IT operations team who are responsible to manage the AWS infrastructure. The organization wants to setup that each user will have access to launch and manage an instance in a zone which the other user cannot modify. Which of the below mentioned options is the best solution to set this up?

A. Create four AWS accounts and give each user access to a separate account.

B. Create an IAM user and allow them permission to launch an instance of a different sizes only.

C. Create four IAM users and four VPCs and allow each IAM user to have access to separate VPCs.

D. Create a VPC with four subnets and allow access to each subnet for the indMdual IAM use

Correct Answer:D
A Virtual Private Cloud (VPC) is a virtual network dedicated to the user’s AWS account. The user can create subnets as per the requirement within a VPC. The VPC also work with IAM and the organization can create IAM users who have access to various VPC services. The organization can setup access for the IAM user who can modify the security groups of the VPC. The sample policy is given below:
{
"Version": "2012-10-I7",
"Statement":
[{ "Effect": "AIIow", "Action": "ec2:RunInstances", "Resource":
["arn:aws:ec2:region::image/ami-*", "arn:aws:ec2:region:accountzsubnet/subnet-1a2b3c4d", "arn:aws:ec2:region:account:network-interface/*", "arn:aws:ec2:region:account:vo|ume/*", "arn:aws:ec2:region:account:key-pair/*", "arn:aws:ec2:region:account:security-group/sg-123abc123" ]
}l I
With this policy the user can create four subnets in separate zones and provide IAM user access to each subnet
Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_IANI.htmI

Question 10

A user is trying to create a PIOPS EBS volume with 4000 IOPS and 100 GB size. AWS does not allow the user to create this volume. What is the possible root cause for this?

A. PIOPS is supported for EBS higher than 500 GB size

B. The maximum IOPS supported by EBS is 3000

C. The ratio between IOPS and the EBS volume is higher than 30

D. The ratio between IOPS and the EBS volume is lower than 50

Correct Answer:C
A Provisioned IOPS (SSD) volume can range in size from 4 GiB to 16 TiB and you can provision up to 20,000 IOPS per volume. The ratio of IOPS provisioned to the volume size requested should be a maximum of 30; for example, a volume with 3000 IOPS must be atleast 100 GB.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVo|umeTypes.htmI#EBSVoIumeTypes_pio ps

Question 11

Which of the following cache engines does Amazon EIastiCache support?

A. Amazon EIastiCache supports Memcached and Redis.

B. Amazon EIastiCache supports Redis and WinCache.

C. Amazon EIastiCache supports Memcached and Hazelcast.

D. Amazon EIastiCache supports Memcached onl

Correct Answer:A
The cache engines supported by Amazon EIastiCache are Memcached and Redis.
Reference: http://docs.aws.amazon.com/AmazonEIastiCache/latest/UserGuide/SeIectEngine.html

Question 12

You are designing a connectMty solution between on-premises infrastructure and Amazon VPC. Your servers on-premises will be communicating with your VPC instances. You will be establishing IPSec tunnels over the Internet You will be using VPN gateways, and terminating the IPSec tunnels on AWS supported customer gateways.
Which of the following objectives would you achieve by implementing an IPSec tunnel as outlined above? Choose 4 answers

A. End-to-end protection of data in transit

B. End-to-end Identity authentication

C. Data encwption across the Internet

D. Protection of data in transit over the Internet

E. Peer identity authentication between VPN gateway and customer gateway

F. Data integrity protection across the Internet

Correct Answer:CDEF

START AWS-Certified-Solutions-Architect-Professional EXAM