AWS-Certified-Developer-Associate Exam - Amazon AWS Certified Developer Associate

NEW QUESTION 1
You are writing to a DynamoDB table and receive the following exception:" ProvisionedThroughputExceededException". though according to your Cloudwatch metrics for the table, you are not exceeding your provisioned throughput.
What could be an explanation for this?

• A. You haven't provisioned enough DynamoDB storage instances
• B. You're exceeding your capacity on a particular Range Key
• C. You're exceeding your capacity on a particular Hash Key
• D. You're exceeding your capacity on a particular Sort Key
• E. You haven't configured DynamoDB Auto Scaling triggers

Answer: C

NEW QUESTION 2
A user has launched an EC2 instance and installed a website with the Apache webserver. The webserver is running but the user is not able to access the website from the internet. What can be the possible reason for this failure?

• A. The security group of the instance is not configured properly.
• B. The instance is not configured with the proper key-pairs.
• C. The Apache website cannot be accessed from the internet.
• D. Instance is not configured with an elastic I

Answer: A

Explanation: In Amazon Web Services, when a user has configured an instance with Apache, the user needs to ensure that the ports in the security group are opened as configured in Apache config. E.g. If Apache is running on port 80, the user should open port 80 in the security group.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html

NEW QUESTION 3
Doug has created a VPC with CIDR 10.201.0.0/16 in his AWS account. In this VPC he has created a public subnet with CIDR block 10.201.31.0/24. While launching a new EC2 from the console, he is not able to assign the private IP address 10.201.31.6 to this instance. Which is the most likely reason for this issue?

• A. Private IP address 10.201.31.6 is not part of the associated subnet's IP address range.
• B. Private IP address 10.201.31.6 is blocked via ACLs in Amazon infrastructure as a part of platform security.
• C. Private address IP 10.201.31.6 is currently assigned to another interface.
• D. Private IP address 10.201.31.6 is reserved by Amazon for IP networking purpose

Answer: C

Explanation: In Amazon VPC, you can assign any Private IP address to your instance as long as it is: Part of the associated subnet's IP address range
Not reserved by Amazon for IP networking purposes Not currently assigned to another interface Reference: http://aws.amazon.com/vpc/faqs/

NEW QUESTION 4
Regarding Amazon SNS, when you want to subscribe to a topic and receive notifications to your email, in the Protocol drop-down box, you should select .

• A. Email
• B. Message
• C. SMTP
• D. IMAP

Answer: A

Explanation: In Amazon SNS, when you want to subscribe to a topic and receive notifications to your email, select Email in the Protocol drop-down box. Enter an email address you can use to receive the notification in the Endpoint field.
Reference: http://docs.aws.amazon.com/sns/latest/dg/SubscribeTopic.html

NEW QUESTION 5
A user wants to access RDS from an EC2 instance using IP addresses. Both RDS and EC2 are in the same region, but different AZs. Which of the below mentioned options help configure that the instance is accessed faster?

• A. Configure the Private IP of the Instance in RDS security group
• B. Security group of EC2 allowed in the RDS security group
• C. Configuring the elastic IP of the instance in RDS security group
• D. Configure the Public IP of the instance in RDS security group

Answer: A

Explanation: If the user is going to specify an IP range in RDS security group, AWS recommends using the private IP address of the Amazon EC2 instance. This provides a more direct network route from the Amazon EC2 instance to the Amazon RDS DB instance, and does not incur network charges for the data sent outside of the Amazon network.
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithSecurityGroups.html

NEW QUESTION 6
What is the format of structured notification messages sent by Amazon SNS?

• A. An XML object containing MessageId, UnsubscribeURL, Subject, lVIessage and other values
• B. An JSON object containing MessageId, DupIicateFIag, lVIessage and other values
• C. An XML object containing MessageId, DupIicateFIag, lVIessage and other values
• D. An JSON object containing MessageId, unsubscribeURL, Subject, lVIessage and other values

Answer: D

NEW QUESTION 7
A user is creating a snapshot of an EBS volume. Which of the below statements is incorrect in relation to the creation of an EBS snapshot?

• A. Its incremental
• B. It can be used to launch a new instance
• C. It is stored in the same AZ as the volume
• D. It is a point in time backup of the EBS volume

Answer: C

Explanation: The EBS snapshots are a point in time backup of the EBS volume. It is an incremental snapshot, but is always specific to the region and never specific to a single AZ.
Hence the statement "|t is stored in the same AZ as the volume" is incorrect.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.htmI

NEW QUESTION 8
A corporate web application is deployed within an Amazon VPC, and is connected to the corporate data center via IPSec VPN. The application must authenticate against the on-premise LDAP server. Once authenticated, logged-in users can only access an S3 keyspace specific to the user.
Which two approaches can satisfy the objectives? Choose 2 answers

• A. The application authenticates against LDA
• B. The application then calls the IAM Security Service to login to IAM using the LDAP credential
• C. The application can use the IAM temporary credentials to access the appropriate S3 bucket.
• D. The application authenticates against LDAP, and retrieves the name of an IAM role associated with the use
• E. The application then calls the IAM Security Token Service to assume that IAM Rol
• F. The application can use the temporary credentials to access the appropriate S3 bucket.
• G. The application authenticates against IAM Security Token Service using the LDAP credential
• H. The application uses those temporary AWS security credentials to access the appropriate S3 bucket.
• I. Develop an identity broker which authenticates against LDAP, and then calls IAM Security Token Service to get IAM federated user credential
• J. The application calls the identity broker to get IAM federated user credentials with access to the appropriate S3 bucket.
• K. Develop an identity broker which authenticates against IAM Security Token Service to assume an IAM Role to get temporary AWS security credential
• L. The application calls the identity broker to get AWS temporary security credentials with access to the appropriate S3 bucket.

Answer: BD

NEW QUESTION 9
Can a user associate and use his own DNS with ELB instead ofthe DNS provided by AWS ELB?

• A. Yes, by creating a CNAME with the existing domain name provider
• B. Yes, by configuring DNS in the AWS Console
• C. No
• D. Yes, only through Route 53 by mapping ELB and DNS

Answer: A

Explanation: The AWS ELB allows mapping a custom domain name with ELB. The user can map ELB with DNS in two ways: 1) By creating CNAME with the existing domain name service provider or 2) By creating a record with Route 53.
Reference:
http://docs.aws.amazon.com/E|asticLoadBaIancing/latest/DeveIoperGuide/using-domain-names-with-elb. html

NEW QUESTION 10
A user has configured an automated backup between 5 AM — 5:30 AM for the MySQL RDS DB. Will the performance of RDS get frozen momentarily during a backup?

• A. No
• B. Yes, only if the instance size is smaller than large size
• C. Yes, provided it is a single zone implementation
• D. Yes, always

Answer: C

Explanation: Amazon RDS provides two different methods for backing up and restoring the Amazon DB instances. A brief I/O freeze, typically lasting a few seconds, occurs during both automated backups and DB snapshot operations on Single-AZ DB instances.
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.BackingUpAndRestoringAmazonR DSInstances.htmI

NEW QUESTION 11
An orgAMzation has hosted an application on the EC2 instances. There will be multiple users connecting to the instance for setup and configuration of application. The orgAMzation is planning to implement certain security best practices. Which of the below mentioned pointers will not help the orgAMzation achieve better security arrangement?

• A. Apply the latest patch of OS and always keep it updated.
• B. Allow only IAM users to connect with the EC2 instances with their own secret access key.
• C. Disable the password based login for all the user
• D. All the users should use their own keys to connect with the instance securely.
• E. Create a procedure to revoke the access rights of the indMdual user when they are not required to connect to EC2 instance anymore for the purpose of application configuration.

Answer: B

Explanation: Since AWS is a public cloud any application hosted on EC2 is prone to hacker attacks. It becomes extremely important for a user to setup a proper security mechAMsm on the EC2 instances. A few of the security measures are listed below:
Always keep the OS updated with the latest patch
Always create separate users with in OS if they need to connect with the EC2 instances, create their keys and disable their password
Create a procedure using which the admin can revoke the access of the user when the business work on the EC2 instance is completed
Lock down unnecessary ports
Audit any proprietary applications that the user may be running on the EC2 instance
Provide temporary escalated prMleges, such as sudo for users who need to perform occasional prMleged tasks
The IAM is useful when users are required to work with AWS resources and actions, such as launching an instance. It is not useful to connect (RDP / SSH) with an instance.
Reference: http://aws.amazon.com/articles/1233/

NEW QUESTION 12
Can one instance be registered with two ELBs in the same region?

• A. No
• B. Yes, provided both ELBs have the same health check configuration
• C. Yes, always
• D. Yes, provided both ELBs are in the same AZ

Answer: C

Explanation: Yes, it is possible to have one instance part of two separate ELBs, though both ELBs have different configurations. ELBs are never launched in specific zones.
Reference:
http://docs.aws.amazon.com/EIasticLoadBaIancing/latest/DeveIoperGuide/enable-disable-az.html

NEW QUESTION 13
Regarding Amazon SQS, are there restrictions on the names of Amazon SQS queues?

• A. No
• B. Ye
• C. Queue names must be unique within an AWS account and you cannot use hyphens (-) and underscores (_)
• D. Ye
• E. Queue names are limited to 80 characters and queue names must be unique within an AWS account
• F. Ye
• G. Queue names are limited to 80 characters but queue names do not need to be unique within an AWS account

Answer: C

Explanation: Queue names are limited to 80 characters. Alphanumeric characters plus hyphens (-) and underscores (_) are allowed. Queue names must be unique within an AWS account. After you delete a queue, you can reuse the queue name.
Reference: https://aws.amazon.com/sqs/faqs/

NEW QUESTION 14
How can you secure data at rest on an EBS volume?

• A. Attach the volume to an instance using EC2's SSL interface.
• B. Write the data randomly instead of sequentially.
• C. Use an encrypted file system on top of the BBS volume.
• D. Encrypt the volume using the S3 server-side encryption service.
• E. Create an IAM policy that restricts read and write access to the volum

Answer: C

NEW QUESTION 15
What happens, by default, when one of the resources in a CIoudFormation stack cannot be created?

• A. Previously-created resources are kept but the stack creation terminates.
• B. Previously-created resources are deleted and the stack creation terminates.
• C. The stack creation continues, and the final results indicate which steps failed.
• D. CIoudFormation templates are parsed in advance so stack creation is guaranteed to succee

Answer: B

NEW QUESTION 16
A user has launched five instances with ELB. How can the user add the sixth EC2 instance to ELB?

• A. The user can add the sixth instance on the fly.
• B. The user must stop the ELB and add the sixth instance.
• C. The user can add the instance and change the ELB config file.
• D. The ELB can only have a maximum of five instance

Answer: A

Explanation: Elastic Load Balancing automatically distributes incoming traffic across multiple EC2 instances. You create a load balancer and register instances with the load balancer in one or more Availability Zones. The load balancer serves as a single point of contact for clients. This enables you to increase the availability of your application. You can add and remove EC2 instances from your load balancer as your needs change, without disrupting the overall flow of information.
Reference: http://docs.aws.amazon.com/E|asticLoadBaIancing/latest/DeveIoperGuide/Svclntro.htm|

NEW QUESTION 17
An orgAMzation has 10000 employees. The orgAMzation wants to give restricted AWS access to each employee. How can the orgAMzation achieve this?

• A. Create an IAM user for each employee and make them a part of the group
• B. It is not recommended to support 10000 users with IAM
• C. Use STS and create the users’ run time
• D. Use Identity federation with SSO

Answer: D

Explanation: Identity federation enables users from an existing directory to access resources within your AWS account,
making it easier to manage your users by maintaining their identities in a single place. In this case, the federated user is the only solution since AWS does not allow creating more than 5000 IAM users. Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html

NEW QUESTION 18
Your supervisor has asked you to build a simple file synchronization service for your department. He doesn't want to spend too much money and he wants to be notified of any changes to files by email. What do you think would be the best Amazon service to use for the email solution?

• A. Amazon CIoudSearch
• B. Amazon Elastic Transcoder
• C. Amazon SES
• D. Amazon AppStream

Answer: C

Explanation: File change notifications can be sent via email to users following the resource with Amazon Simple Email Service (Amazon SES), an easy-to-use, cost-effective email solution.
Reference: http://media.amazonwebservices.com/architecturecenter/AWS_ac_ra_fiIesync_08.pdf