Question 55

You are signed in as root user on your account but there is an Amazon S3 bucket under your account that you cannot access. What is a possible reason for this?

Correct Answer:A
With IAM, you can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users can access.
In some cases, you might have an IAM user with full access to IAM and Amazon S3. If the IAM user assigns a bucket policy to an Amazon S3 bucket and doesn't specify the root user as a principal, the root user is denied access to that bucket. However, as the root user, you can still access the bucket by modifying the bucket policy to allow root user access.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/iam-troubleshooting.htmI#testing2

Question 56

Your department creates regular analytics reports from your company's log files All log data is collected in Amazon 53 and processed by daily Amazon Elastic MapReduce (EMR) jobs that generate daily PDF reports and aggregated tables in CSV format for an Amazon Redshift data warehouse.
Your CFO requests that you optimize the cost structure for this system.
Which of the following alternatives will lower costs without compromising average performance of the system or data integrity for the raw data?

Correct Answer:C
Using Reduced Redundancy Storage
Amazon 53 stores objects according to their storage class. It assigns the storage class to an object when it is written to Amazon 53. You can assign objects a specific sto rage class (standard or reduced redundancy) only when you write the objects to an Amazon 53 bucket or when you copy objects that are already stored in Amazon 53. Standard is the default storage class. For information about storage classes, see Object Key and Metadata.
In order to reduce storage costs, you can use reduced redundancy storage for noncritical, reproducible data at lower levels of redundancy than Amazon 53 provides with standard storage. The lower level of redundancy results in less durability and availability, but in many cases, the lower costs can make
reduced redundancy storage an acceptable storage solution. For example, it can be a cost effective solution for sharing media content that is durably stored elsewhere. It can also make sense if you are storing thumbnails and other resized images that can be easily reproduced from an original image. Reduced redundancy storage is designed to provide 99.99% durability of objects over a given year.
This durability level corresponds to an average annual expected loss of 0.01% of objects. For example, if you store 10,000 objects using the RRS option, you can, on average, expect to incur an annual loss of a single object per year (0.01% of 10,000 objects).
Note
This annual loss represents an expected average and does not guarantee the loss of less than 0.01% of objects in a given year.
Reduced redundancy storage stores objects on multiple devices across multiple facilities, providing 400 times the durability of a typical disk drive, but it does not replicate objects as many times as Amazon 53 standard storage. In addition, reduced redundancy storage is designed to sustain the loss of data in a single facility.
If an object in reduced redundancy storage has been lost, Amazon 53 will return a 405 error on requests made to that object. Amazon 53 also offers notifications for reduced redundancy storage object loss: you can configure your bucket so that when Amazon 53 detects the loss of an RRS object, a notification will be sent through Amazon Simple Notification Service (Amazon SNS). You can then replace the lost object. To enable notifications, you can use the Amazon 53 console to set the Notifications property of your bucket.

Question 57

Can I initiate a "forced failover" for my Oracle Multi-AZ DB Instance deployment?

Correct Answer:A

Question 58

A user comes to you and wants access to Amazon CIoudWatch but only wants to monitor a specific LoadBaIancer. Is it possible to give him access to a specific set of instances or a specific LoadBaIancer?

Correct Answer:A
Amazon CIoudWatch integrates with AWS Identity and Access Management (IAM) so that you can
specify which CIoudWatch actions a user in your AWS Account can perform. For example, you could create an IAM policy that gives only certain users in your organization permission to use GetMetricStatistics. They could then use the action to retrieve data about your cloud resources.
You can't use IAM to control access to CIoudWatch data for specific resources. For example, you can't give a user access to CIoudWatch data for only a specific set of instances or a specific LoadBaIancer. Permissions granted using IAM cover all the cloud resources you use with CIoudWatch. In addition, you can't use IAM roles with the Amazon CIoudWatch command line tools.
Using Amazon CIoudWatch with IAM doesn't change how you use CIoudWatch. There are no changes to CIoudWatch actions, and no new CIoudWatch actions related to users and access control.
Reference: http://docs.aws.amazon.com/AmazonC|oudWatch/latest/DeveloperGuide/UsingIAM.htmI

Question 59

Before I delete an EBS volume, what can I do if I want to recreate the volume later?

Correct Answer:B

Question 60

What is a Security Group?

Correct Answer:D

START AWS-Solution-Architect-Associate EXAM