AWS-Solution-Architect-Associate Amazon Exam Questions and Free Practice Test

Question 67

Your manager has just given you access to multiple VPN connections that someone else has recently set up between all your company's offices. She needs you to make sure that the communication between the VPNs is secure. Which of the following services would be best for providing a low-cost hub-and-spoke model for primary or backup connectMty between these remote offices?

A. Amazon C|oudFront

B. AWS Direct Connect

C. AWS C|oudHSM

D. AWS VPN CIoudHub

Correct Answer:D
If you have multiple VPN connections, you can provide secure communication between sites using the
AWS VPN CIoudHub. The VPN CIoudHub operates on a simple hub-and-spoke model that you can use with or without a VPC. This design is suitable for customers with multiple branch offices and existing Internet connections who would like to implement a convenient, potentially low-cost hub-and-spoke model for primary or backup connectMty between these remote offices.
Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPN_CIoudHub.htmI

Question 68

You have launched an Amazon Elastic Compute Cloud (EC2) instance into a public subnet with a primary private I P address assigned, an internet gateway is attached to the VPC, and the public route table is configured to send all Internet-based traffic to the Internet gateway. The instance security group is set to allow all outbound traffic but cannot access the internet. Why is the Internet unreachable from this instance?

A. The instance does not have a public IP address.

B. The internet gateway security group must allow all outbound traffic.

C. The instance security group must allow all inbound traffic.

D. The instance "Source/Destination check" property must be enable

Correct Answer:A

Question 69

Which features can be used to restrict access to data in 53? Choose 2 answers

A. Set an 53 ACL on the bucket or the object.

B. Create a Cloud Front distribution for the bucket.

C. Set an 53 bucket policy.

D. Enable IAM Identity Federation

E. Use 53 Virtua I Hosting

Correct Answer:CD
Reference:
http://docs.aws.amazon.com/AmazonCioudFront/latest/DeveIoperGuide/private-contentrestricting-access
-to-s3.html

Question 70

You need to set up a security certificate for a cIient's e-commerce website as it will use the HTTPS protocol. Which of the below AWS services do you need to access to manage your SSL server certificate?

A. AWS Directory Service

B. AWS Identity & Access Management

C. AWS CIoudFormation

D. Amazon Route 53

Correct Answer:B
AWS Identity and Access Management (IAM) is a web service that enables Amazon Web Services (AWS) customers to manage users and user permissions in AWS.
All your SSL server certificates are managed by AWS Identity and Access management (IAM). Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/ManagingServerCerts.htm|

Question 71

You are in the process of creating a Route 53 DNS failover to direct traffic to two EC2 zones. Obviously, if one fails, you would like Route 53 to direct traffic to the other region. Each region has an ELB with some instances being distributed. What is the best way for you to configure the Route 53 health check?

A. Route 53 doesn't support ELB with an internal health check.You need to create your own Route 53 health check of the ELB

B. Route 53 natively supports ELB with an internal health chec

C. Turn "Eva|uate target health" off and "Associate with Health Check" on and R53 will use the ELB's internal health check.

D. Route 53 doesn't support ELB with an internal health chec

E. You need to associate your resource record set for the ELB with your own health check

F. Route 53 natively supports ELB with an internal health chec

G. Turn "Eva|uate target health" on and "Associate with Health Check" off and R53 will use the ELB's internal health check.

Correct Answer:D
With DNS Failover, Amazon Route 53 can help detect an outage of your website and redirect your end users to alternate locations where your application is operating properly. When you enable this feature, Route 53 uses health checks-regularly making Internet requests to your appIication’s endpoints from multiple locations around the world-to determine whether each endpoint of your application is up or down.
To enable DNS Failover for an ELB endpoint, create an Alias record pointing to the ELB and set the "EvaIuate Target HeaIth" parameter to true. Route 53 creates and manages the health checks for your ELB automatically. You do not need to create your own Route 53 health check of the ELB. You also do not need to associate your resource record set for the ELB with your own health check, because Route 53 automatically associates it with the health checks that Route 53 manages on your behalf. The ELB health check will also inherit the health of your backend instances behind that ELB.
Reference:
http://aws.amazon.com/about-aws/whats-new/2013/05/30/amazon-route-53-adds-elb-integration-for-dns- fai|over/

Question 72

Can you create IAM security credentials for existing users?

A. Yes, existing users can have security credentials associated with their account.

B. No, IAM requires that all users who have credentials set up are not existing users

C. No, security credentials are created within GROUPS, and then users are associated to GROUPS at a later time.

D. Yes, but only IAM credentials, not ordinary security credential

Correct Answer:A

START AWS-Solution-Architect-Associate EXAM