SAA-C01 Exam - AWS Certified Solutions Architect - Associate

NEW QUESTION 1
You need to add a route to your routing table in order to allow connections to the internet from your subnet. What route should you add?

• A. Destination: 192.168.1.258/0 --> Target: your Internet gateway
• B. Destination: 0.0.0.0/33 --> Target: your virtual private gateway
• C. Destination: 0.0.0.0/0 --> Target: 0.0.0.0/24
• D. Destination: 10.0.0.0/32 --> Target: your virtual private gateway
• E. Destination: 0.0.0.0/0 --> Target: your Internet gateway

Answer: E

NEW QUESTION 2
Which of the following statements is true of tags and resource identifiers for EC2 instances?

• A. You can't select instances by their tags for stoppage, termination, or deletion
• B. You don't need to specify the resource identifier while terminating a resource.
• C. You don't need to specify the resource identifier while stopping a resource.
• D. You can select instances by their tags for stoppage, termination, or deletion

Answer: A

Explanation:
You can assign tags only to resources that already exist. You can't terminate, stop, or delete a resource based solely on its tags; you must specify the resource identifier. For example, to delete snapshots that you tagged with a tag key called DeleteMe, you must use the DeleteSnapshots action with the resource identifiers of the snapshots, such as snap-1234567890abcdef0. To identify resources by their tags, you can use the DescribeTags action to list all of your tags and their associated resources. http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/Using_Tags.html

NEW QUESTION 3
Which of the following statements is true of using a network in Amazon CloudFront?

• A. CloudFront loads static content from all edge locations.
• B. CloudFront provides a capacity reservation for EC2 instances in an Availability Zone.
• C. CloudFront caches content at edge locations for a specified period of time.
• D. CloudFront detects unhealthy instances and stops sending traffic to the

Answer: C

Explanation:
CloudFront caches content at edge locations for a period of time that you specify. When a visitor requests content that has been cached for longer than the expiration date, CloudFront checks the origin server to see if a newer version of the content is available. http://docs.aws.amazon.com/gettingstarted/latest/swh/getting-started-create-cfdist.html

NEW QUESTION 4
You have a high performance compute application and you need to minimize network latency between EC2 instances as much as possible. What can you do to achieve this?

• A. Use Elastic Load Balancing to load balance traffic between availability zones
• B. Create a CloudFront distribution and to cache objects from an S3 bucket at Edge Locations.
• C. Create a placement group within an Availability Zone and place the EC2 instances within that placement group.
• D. Deploy your EC2 instances within the same region, but in different subnets and different availability zones so as to maximize redundancy.

Answer: C

Explanation:

NEW QUESTION 5
Your company runs an application that generates several thousand 1-GB reports a month. Approximately 10% of these reports will be accessed once during the first 30 days and must be available on demand. After 30 days, reports are no longer accessed as a part of normal business processes but must be retained for compliance reasons.
Which architecture would meet these requirements with the lowest cost?

• A. Upload the reports to Amazon S3 Standard storage clas
• B. Set a lifecycle configuration on the bucket to transition the reports to Amazon Glacier after 30 days.
• C. Upload the reports to Amazon S3 Standard – Infrequent Access storage clas
• D. Set a lifecycle configuration on the bucket to transition the reports to Amazon Glacier after 30 days.
• E. Upload the reports to Amazon Glacie
• F. When reports are requested, copy them to Amazon S3 Standard storage class for acces
• G. Delete the copied reports after they have been viewed.
• H. Upload the reports to Amazon S3 Standard – Infrequent Access storage clas
• I. When reports arerequested, copy them to Amazon S3 Standard storage class for acces
• J. Delete the copied reports after they have been viewed.

Answer: B

NEW QUESTION 6
A customer has a single 3-TB volume on-premises that is used to hold a large repository of images
and print layout files. This repository is growing at 500 GB a year and must be presented as a single logical volume. The customer is becoming increasingly constrained with their local storage capacity and wants an off-site backup of this data, while maintaining low-latency access to their frequently accessed data. Which AWS Storage Gateway configuration meets the customer requirements?

• A. Gateway-Cached volumes with snapshots scheduled to Amazon S3
• B. Gateway-Stored volumes with snapshots scheduled to Amazon S3
• C. Gateway-Virtual Tape Library with snapshots to Amazon S3
• D. Gateway-Virtual Tape Library with snapshots to Amazon Glacier

Answer: A

NEW QUESTION 7
Having set up a website to automatically be redirected to a backup website if it fails, you realize that there are different types of failovers that are possible. You need all your resources to be available the majority of the time. Using Amazon Route 53 which configuration would best suit this requirement?

• A. Active-active failover.
• B. Non
• C. Route 53 can't failover.
• D. Active-passive failover.
• E. Active-active-passive and other mixed configuration

Answer: A

Explanation:
You can set up a variety of failover configurations using Amazon Route 53 alias: weighted, latency, geolocation routing, and failover resource record sets.
Active-active failover: Use this failover configuration when you want all of your resources to be available the majority of the time. When a resource becomes unavailable, Amazon Route 53 can detect that it's unhealthy and stop including it when responding to queries. Active-passive failover:
Use this failover configuration when you want a primary group of resources to be available the majority of the time and you want a secondary group of resources to be on standby in case all of the primary resources become unavailable. When responding to queries, Amazon Route 53 includes only the healthy primary resources. If all of the primary resources are unhealthy, Amazon Route 53 begins to include only the healthy secondary resources in response to DNS queries. Active-active-passive and other mixed configurations: You can combine alias and non-alias resource record sets to produce a variety of Amazon Route 53 behaviors.

NEW QUESTION 8
Using Amazon IAM, can I give permission based on organizational groups?

• A. Yes but only in certain cases
• B. No
• C. Yes always

Answer: C

Explanation:
An IAM group is a collection of IAM users. You can use groups to specify permissions for a collection of users, which can make those permissions easier to manage for those users. http://docs.aws.amazon.com/IAM/latest/UserGuide/id.html

NEW QUESTION 9
A Solutions Architect is designing network architecture for an application that has compliance requirements. The application will be hosted on Amazon EC2 instances in a private subnet and will be using Amazon S3 for storing data. The compliance requirements mandate that the data cannot traverse the public Internet.
What is the MOST secure way to satisfy this requirement?

• A. Use a NAT Instance.
• B. Use a NAT Gateway.
• C. Use a VPC endpoint.
• D. Use a Virtual Private Gatewa

Answer: C

Explanation:
Reference https://aws.amazon.com/blogs/aws/new-vpc-endpoint-for-amazon-s3/

NEW QUESTION 10
A company wants to implement their website in a virtual private cloud (VPC). The web tier will use an Auto Scaling group across multiple Availability Zones (AZs). The database will use Multi-AZ RDS MySQL and should not be publicly accessible. What is the minimum number of subnets that need to be configured in the VPC?

• A. 1
• B. 2
• C. 3
• D. 4

Answer: D

Explanation:
Since multi-AZ RDS needs 2 private subnets to provide high availability and 2 public subnets are needed for ELB(web-tier) application.
Would use VPC with private (DB) and public (WEB) subnets: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.Scenarios.html Multi AZ requirement forces me to multiply subnets by two.
Reasons:
For DB: Your VPC must have at least one subnet in at least two of the Availability Zones in the region where you want to deploy your DB instance. A subnet is a segment of a VPC’s IP address
range that you can specify and that lets you group instances based on your security and operational needs http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstancein aVPC.html
For Web: After creating a VPC, you can add one or more subnets in each Availability Zone. Each subnet must reside entirely within one Availability Zone and cannot span zones http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html

NEW QUESTION 11
You are looking at ways to improve some existing infrastructure as it seems a lot of engineering resources are being taken up with basic management and monitoring tasks and the costs seem to be excessive. You are thinking of deploying Amazon ElasticCache to help. Which of the following statements is true in regards to ElasticCache?

• A. You can improve load and response times to user actions and queries however the cost associated with scaling web applications will be more.
• B. You can't improve load and response times to user actions and queries but you can reduce the cost associated with scaling web applications.
• C. You can improve load and response times to user actions and queries however the cost associated with scaling web applications will remain the same.
• D. You can improve load and response times to user actions and queries and also reduce the cost associated with scaling web applications.

Answer: D

Explanation:
Amazon ElastiCache is a web service that makes it easy to deploy and run Memcached or Redis protocol-compliant server nodes in the cloud. Amazon ElastiCache improves the performance of web applications by allowing you to retrieve information from a fast, managed, in-memory caching system, instead of relying entirely on slower disk-based databases. The service simplifies and offloads the management, monitoring and operation of in-memory cache environments, enabling your engineering resources to focus on developing applications.
Using Amazon ElastiCache, you can not only improve load and response times to user actions and queries, but also reduce the cost associated with scaling web applications.

NEW QUESTION 12
You have three Amazon EC2 instances with Elastic IP addresses in the US East (Virginia) region, and you want to distribute requests across all three IPs evenly for users for whom US East (Virginia) is the appropriate region.
How many EC2 instances would be sufficient to distribute requests in other regions?

• A. 3
• B. 9
• C. 2
• D. 1

Answer: D

Explanation:
If your application is running on Amazon EC2 instances in two or more Amazon EC2 regions, and if you have more than one Amazon EC2 instance in one or more regions, you can use latency-based routing to route traffic to the correct region and then use weighted resource record sets to route traffic to instances within the region based on weights that you specify.
For example, suppose you have three Amazon EC2 instances with Elastic IP addresses in the US East (Virginia) region and you want to distribute requests across all three IPs evenly for users for whom US East (Virginia) is the appropriate region. Just one Amazon EC2 instance is sufficient in the other regions, although you can apply the same technique to many regions at once.

NEW QUESTION 13
You have been asked to design a fault-tolerant and scalable web application across three Availability Zones. The presentation logic will reside on web servers behind an ELB Classic Load Balancer, and the application logic will reside on a set of app servers behind a second load balancer.
How should you use Auto Scaling groups?

• A. Deploy one Auto Scaling group that includes all the web and app servers across all Availability Zones.
• B. Deploy three Auto Scaling groups: one for each Availability Zone that includes both web and app servers.
• C. Deploy two Auto Scaling groups: one for the web servers in all Availability Zones and one for the app servers in all Availability Zones.
• D. Deploy six Auto Scaling groups: a web server group in each Availability Zone and an app server group in each Availability Zone.

Answer: C

NEW QUESTION 14
You are setting up some EBS volumes for a customer who has requested a setup which includes a RAID (redundant array of inexpensive disks). AWS has some recommendations for RAID setups. Which RAID setup is not recommended for Amazon EBS?

• A. RAID 5 only
• B. RAID 5 and RAID 6
• C. RAID 1 only
• D. RAID 1 and RAID 6

Answer: B

Explanation:
With Amazon EBS, you can use any of the standard RAID configurations that you can use with a traditional bare metal server, as long as that particular RAID configuration is supported by the operating system for your instance. This is because all RAID is accomplished at the software level. For greater I/O performance than you can achieve with a single volume, RAID 0 can stripe multiple volumes together; for on-instance redundancy, RAID 1 can mirror two volumes together. RAID 5 and RAID 6 are not recommended for Amazon EBS because the parity write operations of these RAID modes consume some of the IOPS available to your volumes.

NEW QUESTION 15
For IAM user, a virtual Multi-Factor Authentication (MFA) device uses an application that generates
______ -digit authentication codes that are compatible with the time-based one-time password (TOTP) standard.

• A. three
• B. four
• C. six
• D. five

Answer: C

Explanation:
A virtual MFA device uses an application that generates six-digit authentication codes that are compatible with the time-based one-time password (TOTP) standard. Therefore, any application that you wish to use in order to make your smart phone your virtual MFA device needs to conform with the standard. http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html

NEW QUESTION 16
A startup company hired you to help them build a mobile application, that will ultimately store billions of images and videos in S3. The company is lean on funding, and wants to minimize operational costs, however, they have an aggressive marketing plan, and expect to double their current installation base every six months. Due to the nature of their business, they are expecting sudden and large increases in traffic to and from S3, and need to ensure that it can handle the performance needs of their application. What other information must you gather from this customer in order to determine whether S3 is the right option?

• A. You must know how many customers the company has today, because this is critical in understanding what their customer base will be in two years.
• B. You must find out the total number of requests per second at peak usage.
• C. You must know the size of the individual objects being written to S3, in order to properly design the key namespace.
• D. In order to build the key namespace correctly, you must understand the total amount of storage needs for each S3 bucket.

Answer: B

NEW QUESTION 17
Which of the following is true of Amazon CloudWatch?

• A. Amazon CloudWatch monitors Amazon Web Services (AWS) resources and the applications that run on AWS in real-time.
• B. Amazon CloudWatch is a web service that gives businesses an easy and cost effective way to distribute content with low latency and high data transfer speeds.
• C. Amazon CloudWatch runs code without provisioning or managing servers.
• D. None of these are tru

Answer: A

Explanation:
Amazon CloudWatch monitors your Amazon Web Services (AWS) resources and the applications you run on AWS in real-time.
You can use CloudWatch to collect and track metrics, which are variables you can measure for your resources and applications. CloudWatch alarms send notifications or automatically make changes to the resources you are monitoring based on rules that you define. For example, you can monitor the CPU usage and disk reads and writes of your Amazon EC2 instances and then use this data to determine whether you should launch additional instances to handle increased load. You can also use this data to stop under-used instances to save money. In addition to monitoring the built-in metrics that come with AWS, you can monitor your own custom metrics.
With CloudWatch, you gain system-wide visibility into resource utilization, application performance, and operational health. http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/WhatIsCloudWatch.html

NEW QUESTION 18
True or False: Amazon Route 53 provides highly available and scalable Domain Name System (DNS), domain name registration, and health-checking web services.

• A. False, you can only import an existing domain using Amazon Route 53.
• B. True, however, it only provides .com domains.
• C. FALSE
• D. TRUE

Answer: D

Explanation:
Amazon Route 53 provides highly available and scalable Domain Name System (DNS), domain name registration, and health-checking web services.
http://aws.amazon.com/route53/faqs/

NEW QUESTION 19
A Solutions Architect is designing a photo application on AWS. Every time a user uploads a photo to Amazon S3, the Architect must insert a new item to a DynamoDB table.
Which AWS-managed service is the BEST fit to insert the item?

• A. Lambda@Edge
• B. AWS Lambda
• C. Amazon API Gateway
• D. Amazon EC2 instances

Answer: B

Explanation:
Reference https://aws.amazon.com/blogs/machine-learning/build-your-own-face-recognitionservice- using-amazon-rekognition/

NEW QUESTION 20
Can you use CloudWatch to monitor memory and disk utilization usage for your Amazon EC2 Linux instances?

• A. CloudWatch can only measure memory usage.
• B. CloudWatch can only collect memory and disk usage metrics when an instance is running.
• C. It is possible only on Linux EC2 instances using the CloudWatch Monitoring scripts for Linux.
• D. CloudWatch can only measure disk usag

Answer: C

Explanation:
Using the Cloudwatch Monitoring scripts for Linux, you can measure memory and disk usage of your Linux EC2 instances.
http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/mon-scripts.html

NEW QUESTION 21
Every user you create in the IAM system starts with .

• A. Partial permissions
• B. Full permissions
• C. No permissions

Answer: C

NEW QUESTION 22
What is the data model of DynamoDB?

• A. Since DynamoDB is schema-less, there is no data model.
• B. "Items", with Keys and one or more Attribute; and "Attribute", with Name and Value.
• C. "Table", a collection of Items; "Items", with Keys and one or more Attribute; and "Attribute", with Name and Value.
• D. "Database", which is a set of "Tables", which is a set of "Items", which is a set of "Attributes".

Answer: C

Explanation:
The data model of DynamoDB is: "Table", a collection of Items;
"Items", with Keys and one or more Attribute; "Attribute", with Name and Value.

NEW QUESTION 23
Fill in the blanks: The base URI for all requests for instance metadata is

• A. http://254.169.169.254/latest/
• B. http://169.169.254.254/latest/
• C. http://127.0.0.1/latest/
• D. http://169.254.169.254/latest/

Answer: D

Explanation:
http://aws.amazon.com/search?searchQuery=metadata&searchPath=all&x=0&y=0

NEW QUESTION 24
A user is observing the EC2 CPU utilization metric on CloudWatch. The user has observed some interesting patterns while filtering over the 1-week period for a particular hour. The user wants to zoom that data point to a more granular period. How can the user do that easily with CloudWatch?

• A. The user can zoom a particular period by selecting that period with the mouse and then releasing the mouse
• B. The user can zoom a particular period by specifying the aggregation data for that period
• C. The user can zoom a particular period by double clicking on that period with the mouse
• D. The user can zoom a particular period by specifying the period in the Time Range

Answer: A

Explanation:
Amazon CloudWatch provides the functionality to graph the metric data generated either by the AWS services or the custom metric to make it easier for the user to analyse. The AWS CloudWatch console provides the option to change the granularity of a graph and zoom in to see data over a shorter time period. To zoom, the user has to click in the graph details pane, drag on the graph area for selection, and then release the mouse button.

NEW QUESTION 25
You log in to IAM on your AWS console and notice the following message. "Delete your root access keys." Why do you think IAM is requesting this?

• A. Because the root access keys will expire as soon as you log out.
• B. Because the root access keys expire after 1 week.
• C. Because the root access keys are the same for all users.
• D. Because they provide unrestricted access to your AWS resource

Answer: D

Explanation:
In AWS an access key is required in order to sign requests that you make using the command-line interface (CLI), using the AWS SDKs, or using direct API calls. Anyone who has the access key for your root account has unrestricted access to all the resources in your account, including billing
information. One of the best ways to protect your account is to not have an access key for your root account. We recommend that unless you must have a root access key (this is very rare), that you do not generate one. Instead, AWS best practice is to create one or more AWS Identity and Access Management (IAM) users, give them the necessary permissions, and use IAM users for everyday interaction with AWS.

NEW QUESTION 26
Security groups in VPC operate at the _____.

• A. data transport layer level
• B. subnet level
• C. instance level
• D. gateway level

Answer: C

Explanation:
You can secure your VPC instances using only security groups. When you launch an instance in a VPC, you can associate one or more security groups that you've created. The security groups act as a
firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level.
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Security.html

NEW QUESTION 27
You are designing a web application that stores static assets in an Amazon Simple Storage Service (S3) bucket. You expect this bucket to immediately receive over 150 PUT requests per second. What should you do to ensure optimal performance?

• A. Use multi-part upload.
• B. Add a random prefix to the key names.
• C. Amazon S3 will automatically manage performance at this scale.
• D. Use a predictable naming scheme, such as sequential numbers or date time sequences, in the key names

Answer: B

Explanation:
If you anticipate that your workload will consistently exceed 100 requests per second, you should avoid sequential key names. If you must use sequential numbers or date and time patterns in key names, add a random prefix to the key name. The randomness of the prefix more evenly distributes key names across multiple index partitions. Examples of introducing randomness are provided later in this topic.

NEW QUESTION 28
Much of your company's data does not need to be accessed often, and can take several hours for retrieval time, so it's stored on Amazon Glacier. However, someone within your organization has expressed concerns that his data is more sensitive than the other data, and is wondering whether the high level of encryption that he knows is on S3 is also used on the much cheaper Glacier service. Which of the following statements would be most applicable in regards to this concern?

• A. There is no encryption on Amazon Glacier, that's why it is cheaper.
• B. Amazon Glacier automatically encrypts the data using AES-128 a lesser encryption method than Amazon S3 but you can change it to AES-256 if you are willing to pay more.
• C. Amazon Glacier automatically encrypts the data using AES-256, the same as Amazon S3.
• D. Amazon Glacier automatically encrypts the data using AES-128 a lesser encryption method than Amazon S3.

Answer: C

Explanation:
Like Amazon S3, the Amazon Glacier service provides low-cost, secure, and durable storage. But where S3 is designed for rapid retrieval, Glacier is meant to be used as an archival service for data that is not accessed often, and for which retrieval times of several hours are suitable.
Amazon Glacier automatically encrypts the data using AES-256 and stores it durably in an immutable form. Amazon Glacier is designed to provide average annual durability of 99.999999999% for an archive. It stores each archive in multiple facilities and multiple devices.
Unlike traditional systems which can require laborious data verification and manual repair, Glacier performs regular, systematic data integrity checks, and is built to be automatically self-healing.

NEW QUESTION 29
What are the benefits of CloudTrail integration with CloudWatch Logs?

• A. It delivers API activity captured by CloudTrail to an S3 bucket.
• B. It doesn't exist
• C. It delivers SDK activity captured by CloudTrail to a CloudWatch Logs log stream.
• D. It delivers API activity captured by CloudTrail to a CloudWatch Logs log strea

Answer: D

Explanation:
CloudTrail integration with CloudWatch Logs delivers API activity captured by CloudTrail to a CloudWatch Logs log stream in the CloudWatch Logs log group you specify. http://aws.amazon.com/cloudtrail/faqs/

NEW QUESTION 30
Amazon S3 buckets in all Regions provide which of the following?

• A. Read-after-write consistency for PUTS of new objects AND Strongly consistent for POST & DELETES
• B. Read-after-write consistency for POST of new objects AND Eventually consistent for overwrite PUTS & DELETES
• C. Read-after-write consistency for PUTS of new objects AND Eventually consistent for overwrite PUTS & DELETES
• D. Read-after-write consistency for POST of new objects AND Strongly consistent for POST & DELETES

Answer: C

Explanation:

NEW QUESTION 31
......