How can we secure data at rest on an EBS volume?
How can we secure data at rest on an EBS volume?
A customer needs corporate IT governance & cost oversight of all AWS resources consumed by its divisions. The divisions want to maintain administrative control of the discrete AWS resources they consume & keep those resources separate from the resources of other divisions. Which of the following options, when used together will support the autonomy/control of divisions while enabling corporate IT to maintain governance & cost oversight?
A customer needs corporate IT governance & cost oversight of all AWS resources consumed by its divisions. The divisions want to maintain administrative control of the discrete AWS resources they consume & keep those resources separate from the resources of other divisions. Which of the following options, when used together will support the autonomy/control of divisions while enabling corporate IT to maintain governance & cost oversight?
You have decided to change the instance type for instances running in your application tier that is using Auto Scaling. In which area below would you change the instance type definition?
You have decided to change the instance type for instances running in your application tier that is using Auto Scaling. In which area below would you change the instance type definition?
A characteristic of Amazon VPC subnets is:
A characteristic of Amazon VPC subnets is:
An instance is launched into a VPC subnet with the network ACL configured to allow all inbound traffic and deny all outbound traffic. The instance’s security group is configured to allow SSH from any IP address and deny all outbound traffic. What changes need to be made to allow SSH access to the instance?
An instance is launched into a VPC subnet with the network ACL configured to allow all inbound traffic and deny all outbound traffic. The instance’s security group is configured to allow SSH from any IP address and deny all outbound traffic. What changes need to be made to allow SSH access to the instance?
What is one key difference between an Amazon EBS-backed & an instance-store backed instance?
What is one key difference between an Amazon EBS-backed & an instance-store backed instance?
Which features can be used to restrict access to data in S3?
Which features can be used to restrict access to data in S3?
A company wants to implement their website in a virtual private cloud (VPC). The web tier will use an Auto Scaling group across multiple Availability Zones (AZs). The database will use Multi-AZ RDS MySQL & should not be publicly accessible. ‘What is the minimum number of subnets that need to be configured in the VPC?
A company wants to implement their website in a virtual private cloud (VPC). The web tier will use an Auto Scaling group across multiple Availability Zones (AZs). The database will use Multi-AZ RDS MySQL & should not be publicly accessible. ‘What is the minimum number of subnets that need to be configured in the VPC?
A company is storing data on Amazon Simple Storage Service (S3). The company’s security policy mandates that data is encrypted at rest. Which of the following methods can achieve this?
A company is storing data on Amazon Simple Storage Service (S3). The company’s security policy mandates that data is encrypted at rest. Which of the following methods can achieve this?
You are configuring your company’s application to use Auto Scaling & need to move user state information. Which of the following AWS services provides a shared data store with durability & low latency?
You are configuring your company’s application to use Auto Scaling & need to move user state information. Which of the following AWS services provides a shared data store with durability & low latency?
A placement group is:
A placement group is:
A customer needs to capture all client connection information from their load balancer every five minutes. The company wants to use this data for analyzing traffic patterns & troubleshooting their applications. Which of the following options meets the customer requirements?
A customer needs to capture all client connection information from their load balancer every five minutes. The company wants to use this data for analyzing traffic patterns & troubleshooting their applications. Which of the following options meets the customer requirements?
A company needs to deploy virtual desktops to its customers in a virtual private cloud, leveraging existing security controls. Which set of AWS services & features will meet the company’s requirements?
A company needs to deploy virtual desktops to its customers in a virtual private cloud, leveraging existing security controls. Which set of AWS services & features will meet the company’s requirements?
-
-
-
-
Per the AWS Acceptable Use Policy, penetration testing of EC2 instances:
Per the AWS Acceptable Use Policy, penetration testing of EC2 instances:
You run an ad-supported photo sharing website using S3 to serve photos to visitors of your site. At some point you find out that other sites have been linking to the photos on your site, causing loss to your business. What is an effective method to mitigate this?
You run an ad-supported photo sharing website using S3 to serve photos to visitors of your site. At some point you find out that other sites have been linking to the photos on your site, causing loss to your business. What is an effective method to mitigate this?
Which procedure for backing up a relational database on EC2 that is using a set of RAlD EBS volumes for storage minimizes the time during which the database cannot be written to & results in a consistent backup?
Which procedure for backing up a relational database on EC2 that is using a set of RAlD EBS volumes for storage minimizes the time during which the database cannot be written to & results in a consistent backup?
A characteristic of Amazon S3 is:
A characteristic of Amazon S3 is:
Choose a valid statement about Amazon S3:
Choose a valid statement about Amazon S3:
Which of the following requires a custom CloudWatch metric to monitor?
Which of the following requires a custom CloudWatch metric to monitor?
When an EC2 instance that is backed by an S3-based AMI is terminated, what happens to the data on the root volume?
When an EC2 instance that is backed by an S3-based AMI is terminated, what happens to the data on the root volume?
The service that allows the customer to retain full administrative privileges of the underlying EC2 instances is:
The service that allows the customer to retain full administrative privileges of the underlying EC2 instances is:
A company is building a two-tier web application to serve dynamic transaction-based content. The data tier is leveraging an Online Transactional Processing (OLTP) database. What services should we leverage to enable an elastic and scalable web tier?
A company is building a two-tier web application to serve dynamic transaction-based content. The data tier is leveraging an Online Transactional Processing (OLTP) database. What services should we leverage to enable an elastic and scalable web tier?
-
-
-
-
You are working with a customer who has 10 TB of archival data that they want to migrate to Amazon Glacier. The customer has a 1-Mbps connection to the Internet. Which service or feature provides the fastest method of getting the data into Amazon Glacier?
You are working with a customer who has 10 TB of archival data that they want to migrate to Amazon Glacier. The customer has a 1-Mbps connection to the Internet. Which service or feature provides the fastest method of getting the data into Amazon Glacier?
A customer is leveraging Amazon Simple Storage Service in eu-west-1 to store static content for a web-based property. The customer is storing objects using the Standard Storage class. Where are the customers objects replicated?
A customer is leveraging Amazon Simple Storage Service in eu-west-1 to store static content for a web-based property. The customer is storing objects using the Standard Storage class. Where are the customers objects replicated?
Which of the following items are required to allow an application deployed on an EC2 instance to write data to a DynamoDB table? Assume that no security keys are allowed to be stored on the EC2 instance.
Which of the following items are required to allow an application deployed on an EC2 instance to write data to a DynamoDB table? Assume that no security keys are allowed to be stored on the EC2 instance.
A company has a workflow that sends video files from their on-premise system to AWS for transcoding. They use EC2 worker instances that pull transcoding jobs from SQS. Why is SQS an appropriate service for this scenario?
A company has a workflow that sends video files from their on-premise system to AWS for transcoding. They use EC2 worker instances that pull transcoding jobs from SQS. Why is SQS an appropriate service for this scenario?
If we want to launch Amazon Elastic Compute Cloud (EC2) instances & assign each instance a predetermined private IP address you should:
If we want to launch Amazon Elastic Compute Cloud (EC2) instances & assign each instance a predetermined private IP address you should:
Which Amazon Elastic Compute Cloud feature can you query from within the instance to access instance properties?
Which Amazon Elastic Compute Cloud feature can you query from within the instance to access instance properties?
You launch an Amazon EC2 instance without an assigned AWS identity and Access Management (IAM) role. Later, you decide that the instance should be running with an IAM role. Which action must you take in order to have a running Amazon EC2 instance with an IAM role assigned to it?
You launch an Amazon EC2 instance without an assigned AWS identity and Access Management (IAM) role. Later, you decide that the instance should be running with an IAM role. Which action must you take in order to have a running Amazon EC2 instance with an IAM role assigned to it?
-
-
-
-
For which of the following use cases are Simple Workflow Service (SWF) and Amazon EC2 an appropriate solution?
For which of the following use cases are Simple Workflow Service (SWF) and Amazon EC2 an appropriate solution?
You are tasked with setting up a Linux bastion host for access to Amazon EC2 instances running in your VPC. Only clients connecting from the corporate external public IP address 72.34.51.100 should have SSH access to the host. Which option will meet the customer requirement?
You are tasked with setting up a Linux bastion host for access to Amazon EC2 instances running in your VPC. Only clients connecting from the corporate external public IP address 72.34.51.100 should have SSH access to the host. Which option will meet the customer requirement?
-
-
-
-
We need to configure an Amazon S3 bucket to serve static assets for your public-facing web application. Which methods ensure that all objects uploaded to the bucket are set to public read?
We need to configure an Amazon S3 bucket to serve static assets for your public-facing web application. Which methods ensure that all objects uploaded to the bucket are set to public read?
Your application provides data transformation services. Files containing data to be transformed are first uploaded to Amazon S3 & then transformed by a fleet of spot EC2 instances. Files submitted by your premium customers must be transformed with the highest priority. How should we implement such system?
Your application provides data transformation services. Files containing data to be transformed are first uploaded to Amazon S3 & then transformed by a fleet of spot EC2 instances. Files submitted by your premium customers must be transformed with the highest priority. How should we implement such system?
You are working with a customer who is using Chef configuration management in their data center. Which service is designed to let the customer leverage existing Chef recipes in AWS?
You are working with a customer who is using Chef configuration management in their data center. Which service is designed to let the customer leverage existing Chef recipes in AWS?
A customer wants to leverage Amazon Simple Storage Service (S3) & Amazon Glacier as part of their backup & archive infrastructure. The customer plans to use third-party software to support this integration. Which approach will limit the access of the third party software to only the Amazon S3 bucket named "company-backup"?
A customer wants to leverage Amazon Simple Storage Service (S3) & Amazon Glacier as part of their backup & archive infrastructure. The customer plans to use third-party software to support this integration. Which approach will limit the access of the third party software to only the Amazon S3 bucket named "company-backup"?
When an EC2 EBS-backed (EBS root) instance is stopped, what happens to the data on any ephemeral store volumes?
When an EC2 EBS-backed (EBS root) instance is stopped, what happens to the data on any ephemeral store volumes?
Which technique should we use to integrate AWS IAM (Identity and Access Management) with an on-premise LDAP (Lightweight Directory Access Protocol) directory service?
Which technique should we use to integrate AWS IAM (Identity and Access Management) with an on-premise LDAP (Lightweight Directory Access Protocol) directory service?
When creation of an EBS snapshot is initiated, but not completed, the EBS volume:
When creation of an EBS snapshot is initiated, but not completed, the EBS volume:
You have launched an Amazon Elastic Compute Cloud (EC2) instance into a public subnet with a primary private IP address assigned, an internet gateway is attached to the VPC, & the public route table is configured to send all Internet-based traffic to the Internet gateway. The instance security group is set to allow all outbound traffic but cannot access the internet. Why is the Internet unreachable from this instance?
You have launched an Amazon Elastic Compute Cloud (EC2) instance into a public subnet with a primary private IP address assigned, an internet gateway is attached to the VPC, & the public route table is configured to send all Internet-based traffic to the Internet gateway. The instance security group is set to allow all outbound traffic but cannot access the internet. Why is the Internet unreachable from this instance?
How can the domain’s zone apex, for example, "myzoneapexdomain.com", be pointed towards an Elastic Load Balancer?
How can the domain’s zone apex, for example, "myzoneapexdomain.com", be pointed towards an Elastic Load Balancer?
Which of the following are characteristics of a reserved instance?
Which of the following are characteristics of a reserved instance?
You have an environment that consists of a public subnet using Amazon VPC & three instances that are running in this subnet. These 3 instances can successfully communicate with other hosts on the Internet. You launch a 4th instance in the same subnet, using the same AMI and security group configuration you used for the others, but find that this instance cannot be accessed from the internet. What should you do to enable Internet access?
You have an environment that consists of a public subnet using Amazon VPC & three instances that are running in this subnet. These 3 instances can successfully communicate with other hosts on the Internet. You launch a 4th instance in the same subnet, using the same AMI and security group configuration you used for the others, but find that this instance cannot be accessed from the internet. What should you do to enable Internet access?
An AutoScaling group spans 3 AZs and currently has 4 running EC2 instances. When AutoScaling needs to terminate an EC2 instance by default, AutoScaling will:
An AutoScaling group spans 3 AZs and currently has 4 running EC2 instances. When AutoScaling needs to terminate an EC2 instance by default, AutoScaling will:
When you put objects in Amazon S3, what is the indication that an object was successfully stored?
When you put objects in Amazon S3, what is the indication that an object was successfully stored?
In order to optimize performance for a compute cluster that requires low inter-node latency, which of the following feature should you use?
In order to optimize performance for a compute cluster that requires low inter-node latency, which of the following feature should you use?
A client application requires operating system privileges on a relational database server. What is an appropriate configuration for a highly available database architecture?
A client application requires operating system privileges on a relational database server. What is an appropriate configuration for a highly available database architecture?