We provide real SAA-C01 exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass Amazon-Web-Services SAA-C01 Exam quickly & easily. The SAA-C01 PDF type is available for reading and printing. You can print more and practice many times. With the help of our Amazon-Web-Services SAA-C01 dumps pdf and vce product and material, you can easily pass the SAA-C01 exam.
Free demo questions for Amazon-Web-Services SAA-C01 Exam Dumps Below:
NEW QUESTION 1
Every user you create in the IAM system starts with _____.
- A. full permissions
- B. no permissions
- C. partial permissions
Permissions let you specify who has access to AWS resources, and what actions they can perform on those resources.
Every IAM user starts with no permissions. http://docs.aws.amazon.com/IAM/latest/UserGuide/access_permissions.html#NoDefaultPermission
NEW QUESTION 2
Every user you create in the IAM system starts with .
- A. Partial permissions
- B. Full permissions
- C. No permissions
NEW QUESTION 3
In IAM, a policy has to include the information about who (user) is allowed to access the resource, known as the _____.
- A. permission
- B. role
- C. license
- D. principal
To specify resource-based permissions, you can attach a policy to the resource, such as an Amazon SNS topic, an Amazon S3 bucket, or an Amazon Glacier vault. In that case, the policy has to include information about who is allowed to access the resource, known as the principal. (For user-based policies, the principal is the IAM user that the policy is attached to, or the user who gets the policy from a group.)
NEW QUESTION 4
Someone is setting up a website with AWS services. She is configuring various security measures to be performed on the Amazon EC2 instances. Which security mechanisms below will help her avoid future data leaks and identify security vulnerabilities?
- A. Perform SQL injection for application testing.
- B. Run penetration testing on AWS with prior approval from Amazon.
- C. Perform a hardening test on the instance.
- D. All of the above
AWS security follows the shared security model where the user is as much responsible as Amazon. Since Amazon is a public cloud it is bound to be targeted by hackers. If an organization is planning to host their application on Amazon EC2, they should perform the below mentioned security checks as a measure to find any security weakness/data leaks:
Perform penetration testing as performed by attackers to find any vulnerability. The organization must take an approval from AWS before performing penetration testing Perform hardening testing to find if there are any unnecessary ports open Perform SQL injection to find any DB security issues The code memory checks are generally useful when the organization wants to improve the application performance.
NEW QUESTION 5
You have a web portal composed of two services. Each service must scale independently. Both services should be served under the same domain.
Which configuration allows this?
- A. Use two AWS Application Load Balancers: one for each servic
- B. Assign the same CNAME to both.
- C. Use one AWS Classic Load Balance
- D. Create a redirect in the web server based on user’s source IPs.
- E. Use two AWS Classic Load Balancers: one for each servic
- F. Assign the same CNAME to both.
- G. Use one AWS Application Load Balance
- H. Specify listener rules to route requests to each servic
NEW QUESTION 6
A user has defined an AutoScaling termination policy to first delete the instance with the nearest
billing hour. AutoScaling has launched 3 instances in the US-East-1A region and 2 instances in the USEast- 1B region. One of the instances in the US-East-1B region is running nearest to the billing hour.
Which instance will AutoScaling terminate first while executing the termination action?
- A. Random Instance from US-East-1A
- B. Instance with the nearest billing hour in US-East-1B
- C. Instance with the nearest billing hour in US-East-1A
- D. Random instance from US-East-1B
Even though the user has configured the termination policy, before AutoScaling selects an instance to terminate, it first identifies the Availability Zone that has more instances than the other Availability
Zones used by the group. Within the selected Availability Zone, it identifies the instance that matches the specified termination policy.
NEW QUESTION 7
Is the encryption of connections between my application and my DB Instance using SSL for the MySQL server engines available?
- A. Yes
- B. Only in VPC
- C. Only in certain regions
- D. No
NEW QUESTION 8
You have an application running on an Amazon Elastic Compute Cloud instance, that uploads 5 GB video objects to Amazon Simple Storage Service (S3). Video uploads are taking longer than expected, resulting in poor application performance. Which method will help improve performance of your application?
- A. Enable enhanced networking
- B. Use Amazon S3 multipart upload
- C. Leveraging Amazon CloudFront, use the HTTP POST method to reduce latency.
- D. Use Amazon Elastic Block Store Provisioned IOPs and use an Amazon EBS-optimized instance
Using multipart upload provides the following advantages:
- Improved throughput - You can upload parts in parallel to improve throughput.
- Quick recovery from any network issues - Smaller part size minimizes the impact of restarting a failed upload due to a network error.
- Pause and resume object uploads - You can upload object parts over time. Once you initiate a multipart upload there is no expiry; you must explicitly complete or abort the multipart upload.
- Begin an upload before you know the final object size.
- You can upload an object as you are creating it. http://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html
NEW QUESTION 9
A _____ is the concept of allowing (or disallowing) an entity such as a user, group, or role some type of access to one or more resources.
- A. user
- B. AWS Account
- C. resource
- D. permission
A permission is the concept of allowing (or disallowing) an entity such as a user, group, or role some type of access to one or more resources.
NEW QUESTION 10
You need to set up security for your VPC and you know that Amazon VPC provides two features that you can use to increase security for your VPC: security groups and network access control lists (ACLs). You have already looked into security groups and you are now trying to understand ACLs. Which statement below is incorrect in relation to ACLs?
- A. Supports allow rules and deny rules.
- B. Is stateful: Return traffic is automatically allowed, regardless of any rules.
- C. Processes rules in number order when deciding whether to allow traffic.
- D. Operates at the subnet level (second layer of defense).
Amazon VPC provides two features that you can use to increase security for your VPC:
Security groups--Act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level.
Network access control lists (ACLs)--Act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level.
Security groups are stateful: (Return traffic is automatically allowed, regardless of any rules) Network ACLs are stateless: (Return traffic must be explicitly allowed by rules)
NEW QUESTION 11
You are architecting an auto-scalable batch processing system using video processing pipelines and Amazon Simple Queue Service (Amazon SQS) for a customer. You are unsure of the limitations of SQS and need to find out. What do you think is a correct statement about the limitations of Amazon SQS?
- A. It supports an unlimited number of queues but a limited number of messages per queue for each user but automatically deletes messages that have been in the queue for more than 4 weeks.
- B. It supports an unlimited number of queues and unlimited number of messages per queue for each user but automatically deletes messages that have been in the queue for more than 4 days.
- C. It supports an unlimited number of queues but a limited number of messages per queue for each user but automatically deletes messages that have been in the queue for more than 4 days.
- D. It supports an unlimited number of queues and unlimited number of messages per queue for each user but automatically deletes messages that have been in the queue for more than 4 weeks.
Amazon Simple Queue Service (Amazon SQS) is a messaging queue service that handles message or workflows between other components in a system.
Amazon SQS supports an unlimited number of queues and unlimited number of messages perqueue for each user. Please be aware that Amazon SQS automatically deletes messages that have been in the queue for more than 4 days.
NEW QUESTION 12
By default, when an EBS volume is attached to a Windows instance, it may show up as any drive letter on the instance. You can change the settings of the ____ Service to set the drive letters of the EBS volumes per your specifications.
- A. EBSConfig Service
- B. AMIConfig Service
- C. Ec2Config Service
- D. Ec2-AMIConfig Service
Ec2Config Service is like sysprep and used specifically for windows instances. You can change parameters in OS before launching.
NEW QUESTION 13
You are running a successful multitier web application on AWS and your marketing department has asked you to add a reporting tier to the application. The reporting tier will aggregate and publish status reports every 30 minutes from user-generated information that is being stored in your web application s database. You are currently running a Multi-AZ RDS MySQL instance for the database tier. You also have implemented Elasticache as a database caching layer between the application tier and database tier. Please select the answer that will allow you to successfully implement the reporting tier with as little impact as possible to your database.
- A. Continually send transaction logs from your master database to an S3 bucket and generate the reports off the S3 bucket using S3 byte range requests.
- B. Generate the reports by querying the synchronously replicated standby RDS MySQL instance maintained through Multi-AZ.
- C. Launch a RDS Read Replica connected to your Multi AZ master database and generate reports by querying the Read Replica.
- D. Generate the reports by querying the ElastiCache database caching tie
Amazon RDS allows you to use read replicas with Multi-AZ deployments. In Multi-AZ deployments for MySQL, Oracle, SQL Server, and PostgreSQL, the data in your primary DB Instance is synchronously replicated to to a standby instance in a different Availability Zone (AZ). Because of their synchronous replication, Multi-AZ deployments for these engines offer greater data durability benefits than do read replicas. (In all Amazon RDS for Aurora deployments, your data is automatically
replicated across 3 Availability Zones.)
You can use Multi-AZ deployments and read replicas in conjunction to enjoy the complementary benefits of each. You can simply specify that a given Multi-AZ deployment is the source DB Instance for your Read replicas. That way you gain both the data durability and availability benefits of Multi-AZ deployments and the read scaling benefits of read replicas.
Note that for Multi-AZ deployments, you have the option to create your read replica in an AZ other than that of the primary and the standby for even more redundancy. You can identify the AZ corresponding to your standby by looking at the "Secondary Zone" field of your DB Instance in the AWS Management Console.
NEW QUESTION 14
Can I change the EC2 security groups after an instance is launched in EC2-Classic?
- A. Yes, you can change security groups after you launch an instance in EC2-Classic.
- B. No, you cannot change security groups after you launch an instance in EC2-Classic.
- C. Yes, you can only when you remove rules from a security group.
- D. Yes, you can only when you add rules to a security grou
After you launch an instance in EC2-Classic, you can't change its security groups. However, you can add rules to or remove rules from a security group, and those changes are automatically applied to all instances that are associated with the security group.
NEW QUESTION 15
You currently operate a web application. In the AWS US-East region The application runs on an autoscaled layer of EC2 instances and an RDS Multi-AZ database Your IT security compliance officer has
tasked you to develop a reliable and durable logging solution to track changes made to your EC2.IAM And RDS resources. The solution must ensure the integrity and confidentiality of your log data. Which of these solutions would you recommend?
- A. Create a new CloudTrail trail with one new S3 bucket to store the logs and with the global services option selecte
- B. Use IAM roles S3 bucket policies and Multi Factor Authentication (MFA). Delete on the S3 bucket that stores your logs.
- C. Create a new CloudTrail with one new S3 bucket to store the log
- D. Configure SNS to send log file delivery notifications to your management syste
- E. Use IAM roles and S3 bucket policies on the S3 bucket mat stores your logs.
- F. Create a new CloudTrail trail with an existing S3 bucket to store the logs and with the global services option selecte
- G. Use S3 ACLs and Multi Factor Authentication (MFA). Delete on the S3 bucket that stores your logs.
- H. Create three new CloudTrail trails with three new S3 buckets to store the logs one for the AWS Management console, one for AWS SDKs and one for command line tool
- I. Use IAM roles and S3 bucket policies on the S3 buckets that store your logs.
NEW QUESTION 16
You are building a system to distribute confidential documents to employees. Using CloudFront, what method could be used to serve content that is stored in S3, but not publically accessible from S3 directly?
- A. Add the CloudFront account security group "amazon-cf/amazon-cf-sg" to the appropriate S3 bucket policy.
- B. Create a S3 bucket policy that lists the CloudFront distribution ID as the Principal and the target bucket as the Amazon Resource Name (ARN).
- C. Create an Identity and Access Management (IAM) User for CloudFront and grant access to the objects in your S3 bucket to that IAM User.
- D. Create an Origin Access Identity (OAI) for CloudFront and grant access to the objects in your S3 bucket to that OAI.
You restrict access to Amazon S3 content by creating an origin access identity, which is a special CloudFront user. You change Amazon S3 permissions to give the origin access identity permission to access your objects, and to remove permissions from everyone else. When your users access your Amazon S3 objects using CloudFront URLs, the CloudFront origin access identity gets the objects on your users' behalf. If your users try to access objects using Amazon S3 URLs, they're denied access. The origin access identity has permission to access objects in your Amazon S3 bucket, but users don't.
NEW QUESTION 17
Because of the extensibility limitations of striped storage attached to Windows Server, Amazon RDS does not currently support increasing storage on a ____ DB Instance.
- A. SQL Server
- B. MySQL
- C. Oracle
NEW QUESTION 18
The one-time payment for Reserved Instances is ____ refundable if the reservation is cancelled.
- A. always
- B. in some circumstances
- C. never
the one-time fee is non-refundable.
NEW QUESTION 19
A user has created photo editing software and hosted it on EC2. The software accepts requests from the user about the photo format and resolution and sends a message to S3 to enhance the picture accordingly. Which of the below mentioned AWS services will help make a scalable software with the AWS infrastructure in this scenario?
- A. AWS Simple Notification Service
- B. AWS Simple Queue Service
- C. AWS Elastic Transcoder
- D. AWS Glacier
Amazon Simple Queue Service (SQS) is a fast, reliable, scalable, and fully managed message queuing service. SQS provides a simple and cost-effective way to decouple the components of an application. The user can configure SQS, which will decouple the call between the EC2 application and S3. Thus, the application does not keep waiting for S3 to provide the data.
NEW QUESTION 20
Select the incorrect statement
- A. In Amazon EC2, the private IP addresses only returned to Amazon EC2 when the instance is stopped or terminated
- B. In Amazon VPC, an instance retains its private IP addresses when the instance is stopped.
- C. In Amazon VPC, an instance does NOT retain its private IP addresses when the instance is stopped.
- D. In Amazon EC2, the private IP address is associated exclusively with the instance for its lifetime
A private IP address remains associated with the network interface when the instance is stopped and restarted, and is released when the instance is terminated.
NEW QUESTION 21
The fastest way to load 300 TB of data to AWS is _____.
- A. to directly upload all data to S3 over a dedicated 100 Mbps connection
- B. to use AWS Import/Export Snowball
- C. to use VM Import/Export
- D. to zip all the data and then upload to S3
Even with high-speed Internet connections, it can take months to transfer large amounts of data. For example, 100 terabytes of data will take more than 100 days to transfer over a dedicated 100 Mbps connection. That same transfer can be accomplished in less than one day, plus shipping time, using two Snowball appliances.
NEW QUESTION 22
Are you able to integrate a multi-factor token service with the AWS Platform?
- A. Yes, you can integrate private multi-factor token devices to authenticate users to the AWS platform.
- B. No, you cannot integrate multi-factor token devices with the AWS platform.
- C. Yes, using the AWS multi-factor token devices to authenticate users on the AWS platfor
Private MFA does not apply here.
Q. What is AWS MFA?
AWS multi-factor authentication (AWS MFA) provides an extra level of security that you can apply to your AWS environment. You can enable AWS MFA for your AWS account and for individual AWS Identity and Access Management (IAM) users you create under your account.
NEW QUESTION 23
Amazon's Redshift uses which block size for its columnar storage?
- A. 2KB
- B. 8KB
- C. 16KB
- D. 32KB
- E. 1024KB / 1MB
NEW QUESTION 24
A benefits enrollment company is hosting a 3-tier web application running in a VPC on AWS which includes a NAT (Network Address Translation) instance in the public Web tier. There is enough provisioned capacity for the expected workload tor the new fiscal year benefit enrollment period plus some extra overhead Enrollment proceeds nicely for two days and then the web tier becomes unresponsive, upon investigation using CloudWatch and other monitoring tools it is discovered that there is an extremely large and unanticipated amount of inbound traffic coming from a set of 15 specific IP addresses over port 80 from a country where the benefits company has no customers. The web tier instances are so overloaded that benefit enrollment administrators cannot even SSH into them. Which activity would be useful in defending against this attack?
- A. Create a custom route table associated with the web tier and block the attacking IP addresses from the IGW (Internet Gateway)
- B. Change the EIP (Elastic IP Address) of the NAT instance in the web tier subnet and update the Main Route Table with the new EIP
- C. Create 15 Security Group rules to block the attacking IP addresses over port 80
- D. Create an inbound NACL (Network Access control list) associated with the web tier subnet with deny rules to block the attacking IP addresses
Use AWS Identity and Access Management (IAM) to control who in your organization has permission to create and manage security groups and network ACLs (NACL). Isolate the responsibilities and roles for better defense. For example, you can give only your network administrators or security admin the permission to manage the security groups and restrict other roles.
NEW QUESTION 25
You receive the following request from a client to quickly deploy a static website for them,
specifically, on AWS. The requirements are low-cost, reliable, online storage, and a reliable and costeffective
way to route customers to the website, as well as a way to deliver content with low latency
and high data transfer speeds so that visitors to his website don't experience unnecessary delays. What do you think would be the minimum AWS services that could fulfill the client's request?
- A. Amazon Route 53, Amazon CloudFront and Amazon VPC.
- B. Amazon S3, Amazon Route 53 and Amazon RDS
- C. Amazon S3, Amazon Route 53 and Amazon CloudFront
- D. Amazon S3 and Amazon Route 53.
NEW QUESTION 26
P.S. Surepassexam now are offering 100% pass ensure SAA-C01 dumps! All SAA-C01 exam questions have been updated with correct answers: https://www.surepassexam.com/SAA-C01-exam-dumps.html (288 New Questions)