AWS-Certified-Solutions-Architect-Professional Free Practice Test

True or False: In Amazon EIastiCache, you can use Cache Security Groups to configure the cache clusters that are part of a VPC.

1. A. FALSE
2. B. TRUE
3. C. True, this is applicable only to cache clusters that are running in an Amazon VPC environment.
4. D. True, but only when you configure the cache clusters using the Cache Security Groups from the console navigation pane.

Correct Answer: A
Amazon EIastiCache cache security groups are only applicable to cache clusters that are not running in an Amazon Virtual Private Cloud environment (VPC). If you are running in an Amazon Virtual Private Cloud, Cache Security Groups is not available in the console navigation pane.
Reference: http://docs.aws.amazon.com/AmazonEIastiCache/Iatest/UserGuide/CacheSecurityGroup.html

Which of the following is true of an instance profile when an IAM role is created using the console?

1. A. The instance profile uses a different name.
2. B. The console gives the instance profile the same name as the role it corresponds to.
3. C. The instance profile should be created manually by a user.
4. D. The console creates the role and instance profile as separate actions.

Correct Answer: B
Amazon EC2 uses an instance profile as a container for an IAM role. When you create an IAM role using the console, the console creates an instance profile automatically and gives it the same name as the role it corresponds to. If you use the AWS CLI, API, or an AWS SDK to create a role, you create the role and instance profile as separate actions, and you might give them different names.
Reference:
http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roIes_use_switch-role-ec2_instance-profiles.html

You have been given the task to define multiple AWS Data Pipeline schedules for different actMties in the same pipeline. Which of the following would successfully accomplish this task?

1. A. Creating multiple pipeline definition files
2. B. Defining multiple pipeline definitions in your schedule objects file and associating the desired schedule to the correct actMty via its schedule field
3. C. Defining multiple schedule objects in your pipeline definition file and associating the desired schedule to the correct actMty via its schedule field
4. D. Defining multiple schedule objects in the schedule field

Correct Answer: C
To define multiple schedules for different actMties in the same pipeline, in AWS Data Pipeline, you should define multiple schedule objects in your pipeline definition file and associate the desired schedule to the correct actMty via its schedule field. As an example of this, it could allow you to define a pipeline in which log files are stored in Amazon S3 each hour to drive generation of an aggregate report once a day. Reference: https://aws.amazon.com/datapipeIine/faqs/

An organization is planning to host an application on the AWS VPC. The organization wants dedicated instances. However, an AWS consultant advised the organization not to use dedicated instances with VPC as the design has a few limitations. Which of the below mentioned statements is not a limitation of dedicated instances with VPC?

1. A. All instances launched with this VPC will always be dedicated instances and the user cannot use a default tenancy model for them.
2. B. It does not support the AWS RDS with a dedicated tenancy VPC.
3. C. The user cannot use Reserved Instances with a dedicated tenancy model.
4. D. The EBS volume will not be on the same tenant hardware as the EC2 instance though the user has configured dedicated tenancy.

Correct Answer: C
The Amazon Virtual Private Cloud (Amazon VPC) allows the user to define a virtual networking environment in a private, isolated section of the Amazon Web Services (AWS) cloud. The user has complete control over the virtual networking environment. Dedicated instances are Amazon EC2 instances that run in a Virtual Private Cloud (VPC) on hardware that is dedicated to a single customer. The cIient’s dedicated instances are physically isolated at the host hardware level from instances that are not dedicated instances as well as from instances that belong to other AWS accounts.
All instances launched with the dedicated tenancy model of VPC will always be dedicated instances. Dedicated tenancy has a limitation that it may not support a few services, such as RDS. Even the EBS will not be on dedicated hardware. However the user can save some cost as well as reserve some capacity
by using a Reserved Instance model with dedicated tenancy.
Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/dedicated-instance.html

You are designing a social media site and are considering how to mitigate distributed denial-of-service (DDoS) attacks. Which of the below are viable mitigation techniques? (Choose 3 answers)

1. A. Add multiple elastic network interfaces (ENIs) to each EC2 instance to increase the network bandwidth.
2. B. Use dedicated instances to ensure that each instance has the maximum performance possible.
3. C. Use an Amazon C|oudFront distribution for both static and dynamic content.
4. D. Use an Elastic Load Balancer with auto scaling groups at the we
5. E. App and Amazon Relational Database Service (RDS) tiers
6. F. Add alert Amazon CIoudWatch to look for high Network in and CPU utilization.
7. G. Create processes and capabilities to quickly add and remove rules to the instance OS firewal

Correct Answer: CEF