Question #11
Which of the following are characteristics of Amazon VPC subnets? (Choose two.)
- A. Each subnet maps to a single Availability Zone
- B. A CIDR block mask of /25 is the smallest range supported
- C. Instances in a private subnet can communicate with the internet only if they have an Elastic IP.
- D. By default, all subnets can route between each other, whether they are private or public
- E. V Each subnet spans at least 2 Availability zones to provide a high-availability environment
Correct Answer: AD
“Each subnet must reside entirely within one Availability Zone and cannot span zones.”
“Every subnet that you create is automatically associated with the main route table for the VPC.” http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.htmlQuestion #12
You are creating an Auto Scaling group whose Instances need to insert a custom metric into CloudWatch.
Which method would be the best way to authenticate your CloudWatch PUT request?
- A. Create an IAM role with the Put MetricData permission and modify the Auto Scaling launch configuration to launch instances in that role
- B. Create an IAM user with the PutMetricData permission and modify the Auto Scaling launch configuration to inject the userscredentials into the instance User Data
- C. Modify the appropriate Cloud Watch metric policies to allow the Put MetricData permission to instances from the Auto Scaling group
- D. Create an IAM user with the PutMetricData permission and put the credentials in a private repository and
Correct Answer: A
Creates an IAM role is always the best practice to give permissions to EC2 instances in order to interact with other AWS services
Question #13
When an EC2 instance that is backed by an S3-based AMI Is terminated, what happens to the data on me root volume?
- A. Data is automatically saved as an E8S volume.
- B. Data is automatically saved as an ESS snapshot.
- C. Data is automatically deleted.
- D. Data is unavailable until the instance is restarted.
Correct Answer: C
We recommend that you use AMIs backed by Amazon EBS, because they launch faster and use persistent storage. http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/RootDeviceStorage.html#choose-an-ami-by-root- device
Question #14
You have a web application leveraging an Elastic Load Balancer (ELB) In front of the web servers deployed using an Auto Scaling Group Your database is running on Relational Database Service (RDS) The application serves out technical articles and responses to them in general there are more views of an article than there are responses to the article. On occasion, an article on the site becomes extremely popular resulting in significant traffic Increases that causes the site to go down.
What could you do to help alleviate the pressure on the infrastructure while maintaining availability during these events? (Choose three.)
- A. Leverage CloudFront for the delivery of the articles.
- B. Add RDS read-replicas for the read traffic going to your relational database
- C. Leverage ElastiCache for caching the most frequently used data.
- D. Use SOS to queue up the requests for the technical posts and deliver them out of the queue.
- E. Use Route53 health checks to fail over to an S3 bucket for an error page.
Correct Answer: ABC
E is wrong, we are not using multiple regions, Route53 ELB-failvoer is not required.
D is wrong, SQS will only add to the strain on the server, and is not useful in this situation.
A is correct, as you can have users read from edge locations
B is correct, as you can service reads with read-replicas
C is correct, Elasticache would assist in this situation.
Question #15
The majority of your Infrastructure is on premises and you have a small footprint on AWS Your company has decided to roll out a new application that is heavily dependent on low latency connectivity to LOAP for authentication Your security policy requires minimal changes to the company’s existing application user management processes.
What option would you implement to successfully launch this application1?
- A. Create a second, independent LOAP server in AWS for your application to use for authentication
- B. Establish a VPN connection so your applications can authenticate against your existing on-premises LDAP servers
- C. Establish a VPN connection between your data center and AWS create a LDAP replica on AWS and configure your application to use the LDAP replica for authentication
- D. Create a second LDAP domain on AWS establish a VPN connection to establish a trust relationship
Correct Answer: C
Create read replica(RODC) of main LDAP server so that LDAP read replica or RODC can authenticate with application locally.
Creating new domain and trust relationship would require lot of work and changes in exiting ldap configuration so D cannot be answer here.