Proper study guides for Update Amazon AWS Certified Solutions Architect - Associate certified begins with Amazon aws solution architect associate questions preparation products which designed to deliver the Guaranteed aws solution architect associate dumps questions by making you pass the aws solution architect associate certification test at your first time. Try the free aws solution architect associate certification demo right now.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Amazon AWS-Solution-Architect-Associate Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW AWS-Solution-Architect-Associate Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/AWS-Solution-Architect-Associate-exam-dumps.html
Q141. A customer enquires about whether all his data is secure on AWS and is especially concerned about Elastic Map Reduce (EMR) so you need to inform him of some of the security features in place for AWS. Which of the below statements would be an incorrect response to your customers enquiry?
A. Amazon ENIR customers can choose to send data to Amazon S3 using the HTTPS protocol for secure transmission.
B. Amazon S3 provides authentication mechanisms to ensure that stored data is secured against unauthorized access.
C. Every packet sent in the AWS network uses Internet Protocol Security (IPsec).
D. Customers may encrypt the input data before they upload it to Amazon S3.
Answer: C
Explanation:
Amazon S3 provides authentication mechanisms to ensure that stored data is secured against unauthorized access. Unless the customer who is uploading the data specifies otherwise, only that customer can access the data. Amazon EMR customers can also choose to send data to Amazon S3
using the HTTPS protocol for secure transmission. In addition, Amazon EMR always uses HTTPS to send data between Amazon S3 and Amazon EC2. For added security, customers may encrypt the input data before they upload it to Amazon S3 (using any common data compression tool); they then need to add a decryption step to the beginning of their cluster when Amazon EMR fetches the data from Amazon S3. Reference: https://aws.amazon.com/elasticmapreduce/faqs/
Q142. Select the correct set of options. These are the initial settings for the default security group:
A. Allow no inbound traffic, Allow all outbound traffic and Allow instances associated with this security group to talk to each other
B. Allow all inbound traffic, Allow no outbound traffic and Allow instances associated with this security group to talk to each other
C. Allow no inbound traffic, Allow all outbound traffic and Does NOT allow instances associated with this security group to talk to each other
D. AI low all inbound traffic, Allow all outbound traffic and Does NOT allow instances associated with this security group to talk to each other
Answer: A
Q143. Which IAM role do you use to grant AWS Lambda permission to access a DynamoDB Stream?
A. Dynamic role
B. Invocation role
C. Execution role
D. Event Source role
Answer: C
Explanation:
You grant AWS Lambda permission to access a DynamoDB Stream using an IAM role known as the "execution ro|e".
Reference: http://docs.aws.amazon.com/|ambda/latest/dg/intro-permission-model.htm|
Q144. Select the most correct
The device name /dev/sdal (within Amazon EC2) is _
A. Possible for EBS volumes
B. Reserved for the root device
C. Recommended for EBS volumes
D. Recommended for instance store volumes
Answer: B
Q145. You are designing a social media site and are considering how to mitigate distributed denial-of service (DDoS) attacks. Which of the below are viable mitigation techniques? (Choose 3 answers)
A. Add multiple elastic network interfaces (ENis) to each EC2 instance to increase the network bandwidth.
B. Use dedicated instances to ensure that each instance has the maximum performance possible.
C. Use an Amazon C|oudFront distribution for both static and dynamic content.
D. Use an Elastic Load Balancer with auto scaling groups at the web. App and Amazon Relational Database Service (RDS) tiers
E. Add alert Amazon CIoudWatch to look for high Network in and CPU utilization.
F. Create processes and capabilities to quickly add and remove rules to the instance OS firewall.
Answer: C, E, F
Q146. A/An _ acts as a firewall that controls the traffic allowed to reach one or more instances.
A. security group
B. ACL
C. IAM
D. Private IP Addresses
Answer: A
Q147. Which of the following is true of Amazon EC2 security group?
A. You can modify the outbound rules for EC2-Classic.
B. You can modify the rules for a security group only if the security group controls the traffic for just one instance.
C. You can modify the rules for a security group only when a new instance is created.
D. You can modify the rules for a security group at any time.
Answer: D
Explanation:
A security group acts as a virtual firewall that controls the traffic for one or more instances. When you launch an instance, you associate one or more security groups with the instance. You add rules to each security group that allow traffic to or from its associated instances. You can modify the rules for a security group at any time; the new rules are automatically applied to all instances that are associated with the security group.
Reference: http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/using-network-security.htmI
Q148. If I write the below command, what does it do? ec2-run ami-e3a5408a -n 20 -g appserver
A. Start twenty instances as members of appserver group.
B. Creates 20 rules in the security group named appserver
C. Terminate twenty instances as members of appserver group.
D. Start 20 security groups
Answer: A
Q149. A user is sending bulk emails using AWS SES. The emails are not reaching some of the targeted audience because they are not authorized by the ISPs. How can the user ensure that the emails are all delivered?
A. Send an email using DKINI with SES.
B. Send an email using SMTP with SES.
C. Open a ticket with AWS support to get it authorized with the ISP.
D. Authorize the ISP by sending emails from the development account.
Answer: A
Explanation:
Domain Keys Identified MaiI (DKIM) is a standard that allows senders to sign their email messages and ISPs, and use those signatures to verify that those messages are legitimate and have not been modified by a third party in transit.
Reference: http://docs.aws.amazon.com/ses/latest/DeveloperGuide/dkim.html
Q150. Is it possible to get a history of all EC2 API calls made on your account for security analysis and operational troubleshooting purposes?
A. Yes, by default, the history of your API calls is logged.
B. Yes, you should turn on the CIoudTraiI in the AWS console.
C. No, you can only get a history of VPC API calls.
D. No, you cannot store history of EC2 API calls on Amazon.
Answer: B
Explanation:
To get a history of all EC2 API calls (including VPC and EBS) made on your account, you simply turn on C|oudTrai| in the AWS Management Console.
Reference: https://aws.amazon.com/ec2/faqs/