AWS-Solution-Architect-Associate Amazon Exam Questions and Free Practice Test

Question 61

An organization has a statutory requirement to protect the data at rest for the S3 objects. Which of the below mentioned options need not be enabled by the organization to achieve data security?

A. MFA delete for S3 objects

B. Client side encryption

C. Bucket versioning

D. Data replication

Correct Answer:D
AWS S3 provides multiple options to achieve the protection of data at REST. The options include Permission (Policy), Encryption (Client and Server Side), Bucket Versioning and MFA based delete. The user can enable any of these options to achieve data protection. Data replication is an internal facility by AWS where S3 replicates each object across all the Availability Zones and the organization need not
enable it in this case.
Reference: http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf

Question 62

Willi be alerted when automatic fail over occurs?

A. Only if SNS configured

B. No

C. Yes

D. Only if Cloudwatch configured

Correct Answer:C

Question 63

You have an application running on an EC2 Instance which will allow users to download fl ies from a private 53 bucket using a pre-assigned URL. Before generating the URL the application should verify the existence of the fi Ie in 53.
How should the application use AWS credentials to access the 53 bucket securely?

A. Use the AWS account access Keys the application retrieves the credentials from the source code of the application.

B. Create an IAM user for the application with permissions that allow list access to the 53 bucket launch the instance as the IAM user and retrieve the IAM user's credentials from the EC2 instance user data.

C. Create an IAM role for EC2 that allows list access to objects in the 53 bucke

D. Launch the instance with the role, and retrieve the roIe's credentials from the EC2 Instance metadata

E. Create an IAM user for the application with permissions that allow list access to the 53 bucke

F. The application retrieves the IAM user credentials from a temporary directory with permissions that allow read access only to the application user.

Correct Answer:C

Question 64

True or False: Without IAM, you cannot control the tasks a particular user or system can do and what AWS resources they might use.

A. FALSE

B. TRUE

Correct Answer:A

Question 65

Which set of Amazon 53 features helps to prevent and recoverfrom accidental data loss?

A. Object lifecycle and service access logging

B. Object versioning and Multi-factor authentication

C. Access controls and server-side encryption

D. Website hosting and Amazon 53 policies

Correct Answer:B
Reference: http://media.amazonwebservices.com/AWS Security_Best_Practices.pdf

Question 66

While launching an RDS DB instance, on which page I can select the Availability Zone?

A. REVIEW

B. DB INSTANCE DETAILS

C. MANAGEMENT OPTIONS

D. ADDITIONAL CONFIGURATION

Correct Answer:D

START AWS-Solution-Architect-Associate EXAM