AWS-Certified-Solutions-Architect-Professional Free Practice Test

Your team has a tomcat-based Java application you need to deploy into development, test and production environments. After some research, you opt to use Elastic Beanstalk due to its tight integration with your developer tools and RDS due to its ease of management. Your QA team lead points out that you need to roll a sanitized set of production data into your environment on a nightly basis.
Similarly, other software teams in your org want access to that same restored data via their EC2 instances in your VPC .The optimal setup for persistence and security that meets the above requirements would be the following.

1. A. Create your RDS instance as part of your Elastic Beanstalk definition and alter its security group to allow access to it from hosts in your application subnets.
2. B. Create your RDS instance separately and add its IP address to your appIication's DB connection strings in your code Alter its security group to allow access to it from hosts within your VPC's IP address block.
3. C. Create your RDS instance separately and pass its DNS name to your app's DB connection string as an environment variabl
4. D. Create a security group for client machines and add it as a valid source for DB traffic to the security group of the RDS instance itself.
5. E. Create your RDS instance separately and pass its DNS name to your's DB connection string as an environment variable Alter its security group to allow access to It from hosts In your application subnets.

Correct Answer: A

A benefits enrollment company is hosting a 3-tier web application running in a VPC on AWS which includes a NAT (Network Address Translation) instance in the public Web tier. There is enough provisioned capacity for the expected workload tor the new fiscal year benefit enrollment period plus some extra overhead Enrollment proceeds nicely for two days and then the web tier becomes unresponsive, upon investigation using CIoudWatch and other monitoring tools it is discovered that there is an extremely large and unanticipated amount of inbound traffic coming from a set of 15 specific IP addresses over port 80 from a country where the benefits company has no customers. The web tier instances are so overloaded that benefit enrollment administrators cannot even SSH into them. Which actMty would be useful in defending against this attack?

1. A. Create a custom route table associated with the web tier and block the attacking IP addresses from the IGW (Internet Gateway)
2. B. Change the EIP (Elastic IP Address) of the NAT instance in the web tier subnet and update the Nlain Route Table with the new EIP
3. C. Create 15 Security Group rules to block the attacking IP addresses over port 80
4. D. Create an inbound NACL (Network Access control list) associated with the web tier subnet with deny rules to block the attacking IP addresses

Correct Answer: D

True or False: In Amazon EIastiCache, you can use Cache Security Groups to configure the cache clusters that are part of a VPC.

1. A. FALSE
2. B. TRUE
3. C. True, this is applicable only to cache clusters that are running in an Amazon VPC environment.
4. D. True, but only when you configure the cache clusters using the Cache Security Groups from the console navigation pane.

Correct Answer: A
Amazon EIastiCache cache security groups are only applicable to cache clusters that are not running in an Amazon Virtual Private Cloud environment (VPC). If you are running in an Amazon Virtual Private Cloud, Cache Security Groups is not available in the console navigation pane.
Reference: http://docs.aws.amazon.com/AmazonEIastiCache/Iatest/UserGuide/CacheSecurityGroup.html

Which of the following is true of an instance profile when an IAM role is created using the console?

1. A. The instance profile uses a different name.
2. B. The console gives the instance profile the same name as the role it corresponds to.
3. C. The instance profile should be created manually by a user.
4. D. The console creates the role and instance profile as separate actions.

Correct Answer: B
Amazon EC2 uses an instance profile as a container for an IAM role. When you create an IAM role using the console, the console creates an instance profile automatically and gives it the same name as the role it corresponds to. If you use the AWS CLI, API, or an AWS SDK to create a role, you create the role and instance profile as separate actions, and you might give them different names.
Reference:
http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roIes_use_switch-role-ec2_instance-profiles.html

You have been given the task to define multiple AWS Data Pipeline schedules for different actMties in the same pipeline. Which of the following would successfully accomplish this task?

1. A. Creating multiple pipeline definition files
2. B. Defining multiple pipeline definitions in your schedule objects file and associating the desired schedule to the correct actMty via its schedule field
3. C. Defining multiple schedule objects in your pipeline definition file and associating the desired schedule to the correct actMty via its schedule field
4. D. Defining multiple schedule objects in the schedule field

Correct Answer: C
To define multiple schedules for different actMties in the same pipeline, in AWS Data Pipeline, you should define multiple schedule objects in your pipeline definition file and associate the desired schedule to the correct actMty via its schedule field. As an example of this, it could allow you to define a pipeline in which log files are stored in Amazon S3 each hour to drive generation of an aggregate report once a day. Reference: https://aws.amazon.com/datapipeIine/faqs/