Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

AWS SA Practice Exam Questions 2023-2024 Correct Answers., Exams of Company Secretarial Practice

AWSSAPracticeExam Questions 2023-2024 Correct Answers. Your company has gotten back results from an audit. One of the mandates from the audit is that your application, which is hosted on EC2, must encrypt the data before writing this data to storage. It has been directed internally that you must have the ability to manage dedicated hardware security module instances to generate and store your encryption keys. Which service could you use to meet this requirement? - Correct Answer AWS CloudHSM You have been given an assignment to configure Network ACLs in your VPC. Before configuring the NACLs, you need to understand how the NACLs are evaluated. How are NACL rules evaluated? - Correct Answer NACL rules are evaluated by rule number from lowest to highest and executed immediately when a matching rule is found

Typology: Exams

2023/2024

Available from 11/19/2024

A-Grade
A-Grade ๐Ÿ‡บ๐Ÿ‡ธ

3.7

(3)

909 documents

1 / 9

Toggle sidebar

Related documents


Partial preview of the text

Download AWS SA Practice Exam Questions 2023-2024 Correct Answers. and more Exams Company Secretarial Practice in PDF only on Docsity!

AWS SA Practice Exam Questions 2023 - 2024 Correct

Answers.

Your company has gotten back results from an audit. One of the mandates from the audit is that your application, which is hosted on EC2, must encrypt the data before writing this data to storage. It has been directed internally that you must have the ability to manage dedicated hardware security module instances to generate and store your encryption keys. Which service could you use to meet this requirement? - Correct Answer AWS CloudHSM You have been given an assignment to configure Network ACLs in your VPC. Before configuring the NACLs, you need to understand how the NACLs are evaluated. How are NACL rules evaluated? - Correct Answer NACL rules are evaluated by rule number from lowest to highest and executed immediately when a matching rule is found A consultant is hired by a small company to configure an AWS environment. The consultant begins working with the VPC and launching EC2 instances within the VPC. The initial instances will be placed in a public subnet. The consultant begins to create security groups. The consultant has launched several instances, created security groups, and has associated security groups with instances. The consultant wants to change the security groups that are associated with the instance. Which statement is true? - Correct Answer You can change the security groups for an instance when the instance is in the running or stopped state. You have been evaluating the NACLs in your company. Most of the NACLs are configured the same: 100 All Traffic Allow 200 All Traffic Deny

  • All Traffic Deny If a request comes in, how will it be evaluated? - Correct Answer The request will be allowed. An insurance company is creating an application that will perform analytics in near real- time on huge datasets in the terabyte range, and potentially even petabyte. The company is evaluating an AWS data storage option. Which AWS service will allow storage of petabyte-scale data and also allow fast complex queries over a large number of rows? - Correct Answer Amazon Redshift is a fully-managed, petabyte-scale data warehouse service in the Cloud You are managing S3 buckets in your organization. This management of S3 extends to Amazon Glacier. For auditing purposes you would like to be informed if an object is restored to S3 from Glacier. What is the most efficient way you can do this? - Correct Answer Configure S3 notifications for restore operations from Glacier

Your company needs to deploy an application in the company AWS account. The application will reside on EC2 instances in an Auto Scaling Group fronted by an Application Load Balancer. The company has been using Elastic Beanstalk to deploy the application due to limited AWS experience within the organization. The application now needs upgrades and a small team of subcontractors have been hired to perform these upgrades. Which web service can be used to provide users that you authenticate with short-term security credentials that can control access to your AWS resources? - Correct Answer AWS Security Token Service (AWS STS) is the service that you can use to create and provide trusted users with temporary security credentials that can control access to your AWS resources. You work for a consulting company, which is currently undergoing both a financial and technical audit. You have been asked by the auditors to produce regular reports in regards to your PCI compliance. You need to produce this as fast and as efficiently as possible. Which AWS service should you consider using? - Correct Answer AWS Audit Manager You have been put in charge of S3 buckets for your company. The buckets are separated based on the type of data they are holding and the level of security required for that data. You have several buckets that have data you want to safeguard from accidental deletion. Which configuration will meet this requirement? - Correct Answer Enable versioning on the bucket and multi-factor authentication delete as well. You have been evaluating the NACLs in your company. Currently, you are looking at the default network ACL. Which statement is true about NACLs? - Correct Answer The default configuration of the default NACL is Allow, and the default configuration of a custom NACL is Deny. You work for an Australian company, who are currently being audited and need some compliance reports regarding your applications that are hosted on AWS. Specifically, they need a Australian Hosting Certification Framework - Strategic Certification certificate. You need to get this as quickly as possible. What should you do? - Correct Answer AWS Artifact is a single source you can visit to get the compliance-related information that matters to you, such as AWS security and compliance reports or select online agreements. A financial tech company has decided to begin migrating their applications to the AWS cloud. Currently, they host their entire application using several self-managed Kubernetes clusters. One of their major concerns during this migration is monitoring and collecting system metrics due to the very large-scale deployments that are in place. Your Chief Technology Officer wants to avoid using AWS-proprietary technology-based monitoring services and instead leverage existing, well-known, open-source applications to help meet the monitoring requirements. Which combination of the following AWS services would best fit the company requirements while minimizing operational overhead? - Correct Answer AWS Managed Service for Prometheus and AWS Managed Grafana ( Prometheus offers open-source monitoring. Amazon Managed Service for

Prometheus is a serverless, Prometheus-compatible monitoring service for container metrics. It is perfect for monitoring Kubernetes clusters at scale. And Grafana is a well- known open-source analytics and monitoring application. Amazon Managed Grafana offers a fully managed service for infrastructure for data visualizations. You can leverage this service to query, correlate, and visualize operational metrics from multiple sources.) Currently, you are employed as a solutions architect for a large international shipping company. The company is undergoing an IT transformation and they want to create an immutable database, where they can track packages as they are sent around the world. They will need to track what boxes they go in, what trucks they are sent in, and what aircraft or sea containers they are shipped in. The database needs to be immutable and cryptographically verifiable, and they would like to leverage the AWS cloud to achieve this. What database technology would best suit this requirement? - Correct Answer Amazon Quantum Ledger Database (QLDB) This is an immutable and cryptographically verifiable database and would be the best solution. An online retailer currently runs their application within AWS. Currently, everything is running on Amazon EC2 instances, including all application software. The application is well-written and completes order processes following a specific workflow logic order. The online retailer has begun to explore shifting their entire code base to AWS Lambda for each compute-based portion of the workflow, but they are not sure how best to interconnect the functions. There are three major requirements that need to be met. The first is that they need to implement a 20 - minute wait period between certain functions in the application code and process. The second is they want to be able to conditionally handle a few different known scenarios that may occur during the order processing. The last requirement is to have an auditable workflow history. Which AWS service is the best fit for their workflow orchestration needs that has the le - Correct Answer AWS Step Functions with AWS Lambda (Use AWS Step Functions to orchestrate Lambda functions for the computation. This service allows you to implement long-running workflows with wait periods and conditional catches.) The AWS team in a large company is spending a lot of time monitoring EC2 instances and maintenance when the instances report health check failures. How can you most efficiently automate this monitoring and repair? - Correct Answer Create an Amazon CloudWatch alarm that monitors an Amazon EC2 instance and automatically reboots the instance if a health check fails. Jennifer is a cloud engineer for her application team. The application leverages several third-party SaaS vendors to complete their workflows within the application. Currently, the team uses numerous AWS Lambda functions for each SaaS vendor that run daily to connect to the configured vendor. The functions initiate a transfer of data files, ranging from one megabyte up to 80 gibibytes in size. These data files are stored in an Amazon S3 bucket and then referenced by the application itself. The data transfer routinely fails due to execution timeout limits in the Lambda functions, and the team wants to find a simpler and less error-prone way of transferring the required data. Which solution or AWS service could be the best fit for their solution? - Correct Answer AppFlow offers a

fully managed service for easily automating the exchange of data between SaaS vendors and AWS services like Amazon S3. You can transfer up to 100 gibibytes per flow, and this avoids the Lambda function timeouts. A financial institution has an application that produces huge amounts of actuary data, which is ultimately expected to be in the terabyte range. There is a need to run complex analytic queries against terabytes of structured data, using sophisticated query optimization, columnar storage on high-performance storage, and massively parallel query execution. Which service will best meet this requirement? - Correct Answer Amazon Redshift is a fast, fully-managed cloud data warehouse that makes it simple and cost-effective to analyze all your data using standard SQL and your existing Business Intelligence (BI) tools. It enables you to run complex analytic queries against terabytes to petabytes of structured data, using sophisticated query optimization, columnar storage on high-performance storage, and massively parallel query execution. Most results come back in seconds. With Redshift, you can start small for just $0.25 per hour with no commitments and scale out to petabytes of data for $1,000 per terabyte per year, less than a tenth of the cost of traditional on-premises solutions. Amazon Redshift also includes Amazon Redshift Spectrum, allowing you to run SQL queries directly against exabytes of unstructured data in Amazon S3 data lakes. No loading or transformation is required, and you can use open data formats, including Avro, CSV, Grok, Amazon Ion, JSON, ORC, Parquet, RCFile, RegexSerDe, Sequence, Text, and TSV. Redshift Spectrum automatically scales query compute capacity based on the data retrieved, so queries against Amazon S3 run fast, regardless of data set size. A new startup is considering the advantages of using DynamoDB versus a traditional relational database in AWS RDS. The NoSQL nature of DynamoDB presents a small learning curve to the team members who all have experience with traditional databases. The company will have multiple databases, and the decision will be made on a case-by- case basis. Which of the following use cases would favor DynamoDB? Select THREE. - Correct Answer Storing infrequently accessed data, Storing metadata for S3 objects, Managing web session data An application team has decided to leverage AWS for their application infrastructure. The application performs proprietary, internal processes that other business applications utilize for their daily workloads. It is built with Apache Kafka to handle real-time streaming, which virtual machines running the application in docker containers consume the data from. The team wants to leverage services that provide less overhead but also cause the least amount of disruption to coding and deployments. Which combination of AWS services would best meet the requirements? - Correct Answer Amazon MSK and Amazon ECS Fargate (service is meant for applications that currently use or are going to use Apache Kafka for messaging. It allows for managing of control plane operations in AWS. and Fargate containers offer the least disruptive changes, while also minimizing the operational overhead of managing the compute services) You have taken over management of several instances in the company AWS environment. You want to quickly review scripts used to bootstrap the instances at

runtime. A URL command can be used to do this. What can you append to the URL http://169.254.169.254/latest/ to retrieve this data? - Correct Answer user-data/ (When you launch an instance in Amazon EC2, you have the option of passing user data to the instance that can be used to perform common automated configuration tasks and even run scripts after the instance starts. You can pass two types of user data to Amazon EC2: shell scripts and cloud-init directives.) Your team has provisioned Auto Scaling groups in a single Region. The Auto Scaling groups, at max capacity, would total 40 EC2 On-Demand Instances between them. However, you notice that the Auto Scaling groups will only scale out to a portion of that number of instances at any one time. What could be the problem? - Correct Answer There is a vCPU-based On-Demand Instance limit per Region.(Remember that each EC2 instance can have a variance of the number of vCPUs, depending on its type and your configuration, so it's always wise to calculate your vCPU needs to make sure you are not going to hit quotas easily.) Recently, you've been experiencing issues with your dynamic application that is running on EC2 instances. These instances aren't able to keep up with the amount of traffic being sent to them, and customers are getting timeouts. Upon further investigation, there is no discernible traffic pattern for these surges. The application can be easily containerized. What can you do to fix the problem while keeping cost in mind? - Correct Answer Migrate the application to ECS. Use Fargate to run the required tasks.(This would be a perfect use case for Fargate, as the workload is unpredictable. It will automatically scale in and out based on the workload being thrown at it.) You have been brought in as a consultant for a large-scale enterprise that requires assistance with a move to AWS. The application team that is part of the migration currently runs a messaging application that uses RabbitMQ as their message queue software. The consumer and producer applications run on virtual machines via Java runtimes, and they poll the RabbitMQ queues and process messages as they are found. The team wants to avoid any major coding changes on the initial move to the cloud.Which AWS services would you recommend them to use initially? - Correct Answer Set up Amazon MQ to easily integrate RabbitMQ into AWS and Install the Java application on Amazon EC2 instances (Leverage Amazon MQ to more easily migrate applications to AWS that currently rely on custom message broker services like RabbitMQ and ActiveMQ And To avoid major coding changes, you can install and run the Java application on Amazon EC2 instances. This most closely resembles the on-premises virtual machines) You work for a large online education company that teaches IT using pre-recorded videos. You have converted their online videos into text to be accessible for the hearing impaired. They now want to convert the transcribed text into other languages using artificial intelligence and machine learning. Which AWS service should they use? - Correct Answer Amazon Translate is a machine learning service that allows you to automate language translation.

An Application Load Balancer is fronting an Auto Scaling Group of EC2 instances, and the instances are backed by an RDS database. The Auto Scaling Group has been configured to use the Default Termination Policy. You are testing the Auto Scaling Group and have triggered a scale-in. Which instance will be terminated first? - Correct Answer The instance launched from the oldest launch configuration You work for a large online education company that teaches IT using pre-recorded videos. They want to make their website available to the hearing impaired and need to find a way to convert their videos and audio into speech that they can then display as subtitles. Which AWS service should they use? - Correct Answer Amazon Transcribe converts speech to text automatically. You can use this service to generate subtitles. You have landed your dream job at Amazon and are moving to the Alexa team. You will be tasked with product design and improvement. You meet a new colleague who does not come from a tech background, and they would like to know what services make up the Alexa service. Select the correct services. - Correct Answer Amazon Polly turns your text into lifelike speech and allows you to create applications that talk to and interact with you using a variety of languages and accents. It is part of the Alexa suite of services, Amazon Transcribe is used to convert speech to text automatically. You can use this service to generate subtitles. It is part of the Alexa suite of services, Amazon Lex allows you to build conversational interfaces in your applications using natural-language models. It is part of the Alexa suite of services An application is hosted on an EC2 instance in a VPC. The instance is in a subnet in the VPC, and the instance has a public IP address. There is also an internet gateway and a security group with the proper ingress configured. But your testers are unable to access the instance from the Internet. What could be the problem? - Correct Answer Add a route to the route table, from the subnet containing the instance, to the Internet Gateway. The question doesn't state if the subnet containing the instance is public or private. Your application team stores critical data within a third-party SaaS cloud vendor. The data comes from an internal application that runs on Amazon ECS Fargate, which then stores the data within Amazon S3 in a proprietary format. Currently, AWS Lambda functions are triggered via Amazon S3 event notifications to trigger the transfer of data to an SaaS application. Due to resource and time limits, you are exploring other means of completing this workflow of transferring data from AWS to the SaaS solution. Which AWS service offers the most efficiency and has the least operational overhead? - Correct Answer Amazon AppFlow (AppFlow offers a fully managed service for easily automating the bidirectional exchange of data to SaaS vendors from AWS services like Amazon S3. This helps avoid resource constraints.) You work for a large healthcare provider as an AWS lead architect. There is a need to collect data in real-time from devices throughout the organization. The data will include log and event data from sources such as servers, desktops, and mobile devices. The data initially captured will be technical device data, but the goal is to expand the effort to collecting clinical data in real-time from handheld devices used by nurses and doctors.

Which AWS service best meets this requirement? - Correct Answer Kinesis Data Streams can be used to collect log and event data from sources such as servers, desktops, and mobile devices. You can then build Kinesis applications to continuously process the data, generate metrics, power live dashboards, and emit aggregated data into stores such as Amazon S3. You work for an advertising company that has a real-time bidding application. You are also using CloudFront on the front end to accommodate a worldwide user base. Your users begin complaining about response times and pauses in real-time bidding. What is the best service that can be used to reduce DynamoDB response times by an order of magnitude (milliseconds to microseconds)? - Correct Answer Amazon DynamoDB Accelerator (DAX) is a fully managed, highly available, in-memory cache that can reduce Amazon DynamoDB response times from milliseconds to microseconds, even at millions of requests per second. You are working in a large healthcare facility which uses EBS volumes on most of the EC2 instances. The CFO has approached you about some cost savings and it has been decided that some of the EC2 instances and EBS volumes would be deleted. What step can be taken to preserve the data on the EBS volumes and keep the data available on short notice? - Correct Answer Take point-in-time snapshots of your Amazon EBS volumes. Your company needs to shift an application to the cloud. You are looking for a solution to collect, process, gain immediate insight, and then transfer the application data to AWS. Part of this effort also includes moving a large data warehouse into AWS. The warehouse is 50TB, and it would take over a month to migrate the data using the current bandwidth available. What is the best option available to perform this one time migration considering both cost and performance aspects? - Correct Answer The AWS Snowball Edge is a type of Snowball device with on-board storage and compute power for select AWS capabilities. Snowball Edge can undertake local processing and edge-computing workloads in addition to transferring data between your local environment and the AWS Cloud(Snowball Edge devices have three options for device configurations: storage optimized, compute optimized, and with GPU. When this guide refers to Snowball Edge devices, it's referring to all options of the device. Whenever specific information applies to only one or more optional configurations of devices, like how the Snowball Edge with GPU has an on-board GPU, it will be called out. Each Snowball Edge device can transport data at speeds faster than the internet. This transport is done by shipping the data in the appliances through a regional carrier. The appliances are rugged shipping containers, complete with E Ink shipping labels. The AWS Snowball Edge device differs from the standard Snowball because it can bring the power of the AWS Cloud to your on- premises location, with local storage and compute functionality.) A company is going to use several EC2 instances to host various reference applications. The applications are expected to receive steady and relatively low traffic. These applications are expected to run for 3 years, at which time the applications will be evaluated for upgrade. What type of EC2 will meet this requirement considering cost as

an additional factor? - Correct Answer Reserved Instances provide you with a significant discount (up to 75%) compared to On-Demand instance pricing. In addition, when Reserved Instances are assigned to a specific Availability Zone, they provide a capacity reservation, giving you additional confidence in your ability to launch instances when you need them. A company needs to deploy EC2 instances to handle overnight batch processing. This includes media transcoding and some voice to text transcription. This is not high priority work, and it is OK if these batch runs get interrupted. What is the best EC2 instance purchasing option for this work? - Correct Answer Spot instances provide the best value when used in the proper scenario. This scenario, batch runs and interruptions allowed, is perfectly suited for Spot Instances. After an IT Steering Committee meeting, you have been put in charge of configuring a hybrid environment for the company's compute resources. You weigh the pros and cons of various technologies, such as VPN and Direct Connect, and based on the requirements you have decided to configure a VPN connection. What features and advantages can a VPN connection provide? - Correct Answer It provides a connection between an on-premises network and a VPC, using a secure and private connection with IPsec and TLS. You have joined a newly formed software company as a Solutions Architect. It is a small company, and you are the only employee with AWS experience. The owner has asked for your recommendations to ensure that the AWS resources are deployed to proactively remain within budget. Which AWS service can you use to help ensure you don't have cost overruns for your AWS resources? - Correct Answer AWS Budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount. You can also use AWS Budgets to set reservation utilization or coverage targets and receive alerts when your utilization drops below the threshold you define. And remember the keyword, proactively. With AWS Budgets, we can be proactive about attending to cost overruns before they become a major budget issue at the end of the month or quarter. Your team owns three separate AWS accounts: one for production, one for staging, and one for development. Recently, there has been a push from the CEO to begin breaking down costs to the most comprehensive, detailed level. In addition to this level of detail, the team needs to store daily comma-separated value (CSV) reports in Amazon S3 for ingestion into the company's internal analytics tooling. - Correct Answer What would be the most efficient solution for this scenario? - Correct Answer Use AWS Cost and Usage Reports to generate reports, and have it export CSV reports daily to a centralized Amazon S3 bucket. (AWS Cost and Usage Reports offers the greatest amount of detail for spending reports. They can also be set up to automatically store updated reports in Amazon S3 every 24 hours.)

You work for a Defense contracting company. The company develops software applications which perform intensive calculations in the area of Mechanical Engineering related to metals for ship building. You have a 3 - year contract and decide to purchase reserved EC2 instances for a 3 - year duration. You are informed that the particular program has been canceled abruptly and negotiations have brought the contract to an amicable conclusion one year early. What can you do to stop incurring charges and save money on the EC2 instances? - Correct Answer Sell the reserved instances on the Reserved Instance Marketplace.(The Reserved Instance Marketplace is a platform that supports the sale of third-party and AWS customers' unused Standard Reserved Instances, which vary in term lengths and pricing options. For example, you may want to sell Reserved Instances after moving instances to a new AWS Region, changing to a new instance type, ending projects before the term expiration, when your business needs change, or if you have unneeded capacity.) You are managing data storage for your company, and there are many EBS volumes. Your management team has given you some new requirements. Certain metrics on the EBS volumes need to be monitored, and the database team needs to be notified by email when certain metric thresholds are exceeded. Which AWS services can be configured to meet these requirements? - Correct Answer CloudWatch can be used to monitor the volume, and SNS can be used to send emails to the Ops team. Amazon SNS is for messaging-oriented applications, with multiple subscribers requesting and receiving "push" notifications of time-critical messages via a choice of transport protocols, including HTTP, Amazon SQS, and email.