Tag: AWS Certified Solutions Architect – Professional SAP-C01

AWS Certified Solutions Architect – Professional SAP-C01 – Question149

An organization (account ID 123412341234) has configured the IAM policy to allow the user to modify his credentials.
What will the below mentioned statement allow the user to perform?


A. Allow the IAM user to update the membership of the group called TestingGroup
B. The IAM policy will throw an error due to an invalid resource name
C. The IAM policy will allow the user to subscribe to any IAM group
D. Allow the IAM user to delete the TestingGroup

Correct Answer: A

Explanation:

Explanation: AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. If the organization (account ID 123412341234) wants their users to manage their subscription to the groups, they should create a relevant policy for that. The below mentioned policy allows the respective IAM user to update the membership of the group called MarketingGroup.
{
“Version”: “2012-10-17”,
“Statement”: [{
“Effect”: “Allow”,
“Action”: [ “iam:AddUserToGroup”, “iam:RemoveUserFromGroup”, “iam:GetGroup” ],
“Resource”: “arn:aws:iam:: 123412341234:group/ TestingGroup ”
}]
Reference:
http://docs.aws.amazon.com/IAM/latest/UserGuide/Credentials-Permiss…

AWS Certified Solutions Architect – Professional SAP-C01 – Question148

An organization is hosting a scalable web application using AWS. The organization has configured ELB and Auto Scaling to make the application scalable.
Which of the below mentioned statements is not required to be followed for ELB when the application is planning to host a web application on VPC?

A. The ELB and all the instances should be in the same subnet.
B. Configure the security group rules and network ACLs to allow traffic to be routed between the subnets in the VPC.
C. The internet facing ELB should have a route table associated with the internet gateway.
D. The internet facing ELB should be only in a public subnet.

Correct Answer: A

Explanation:

Explanation: Amazon Virtual Private Cloud (Amazon VPC) allows the user to define a virtual networking environment in a private, isolated section of the Amazon Web Services (AWS) cloud.
The user has complete control over the virtual networking environment. Within this virtual private cloud, the user can launch AWS resources, such as an ELB, and EC2 instances. There are two ELBs available with VPC: internet facing and internal (private) ELB. For the internet facing ELB it is required that the ELB should be in a public subnet. After the user creates the public subnet, he should ensure to associate the route table of the public subnet with the internet gateway to enable the load balancer in the subnet to connect with the internet. The ELB and instances can be in a separate subnet. However, to allow communication between the instance and the ELB the user must configure the security group rules and network ACLs to allow traffic to be routed between the subnets in his VPC.
Reference:
http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGui…

AWS Certified Solutions Architect – Professional SAP-C01 – Question147

If no explicit deny is found while applying IAM's Policy Evaluation Logic, the enforcement code looks for any ______ instructions that would apply to the request.

A. "cancel"
B. "suspend"
C. "allow”
D. "valid"

Correct Answer: C

Explanation:

Explanation: If an explicit deny is not found among the applicable policies for a specific request, IAM’s Policy Evaluation Logic checks for any “allow” instructions to check if the request can be successfully completed.
Reference:
http://docs.aws.amazon.com/IAM/latest/UserGuide/AccessPolicyLanguag…

AWS Certified Solutions Architect – Professional SAP-C01 – Question146

The Statement element, of an AWS IAM policy, contains an array of individual statements.
Each individual statement is a(n) _________ block enclosed in braces { }.

A. XML
B. JavaScript
C. JSON
D. AJAX

Correct Answer: C

Explanation:

Explanation: The Statement element, of an IAM policy, contains an array of individual statements. Each individual statement is a JSON block enclosed in braces { }.
Reference:
http://docs.aws.amazon.com/IAM/latest/UserGuide/AccessPolicyLanguag…

AWS Certified Solutions Architect – Professional SAP-C01 – Question145

A user is configuring MySQL RDS with PIOPS. What should be the minimum size of DB storage provided by the user?

A. 1 TB
B. 50 GB
C. 5 GB
D. 100 GB

Correct Answer: D

Explanation:

Explanation: If the user is trying to enable PIOPS with MySQL RDS, the minimum size of storage should be 100 GB.
Reference:
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.html

AWS Certified Solutions Architect – Professional SAP-C01 – Question144

Doug has created a VPC with CIDR 10.201.0.0/16 in his AWS account.
In this VPC he has created a public subnet with CIDR block 10.201.31.0/24. While launching a new EC2 from the console, he is not able to assign the private IP address 10.201.31.6 to this instance.
Which is the most likely reason for this issue?

A. Private address IP 10.201.31.6 is currently assigned to another interface
B. Private IP address 10.201.31.6 is reserved by Amazon for IP networking purposes.
C. Private IP address 10.201.31.6 is blocked via ACLs in Amazon infrastructure as a part of platform security.
D. Private IP address 10.201.31.6 is not part of the associated subnet's IP address range.

Correct Answer: A

Explanation:

Explanation: In Amazon VPC, you can assign any Private IP address to your instance as long as it is: Part of the associated subnet’s IP address range Not reserved by Amazon for IP networking purposes Not currently assigned to another interface
Reference:
http://aws.amazon.com/vpc/faqs/

AWS Certified Solutions Architect – Professional SAP-C01 – Question143

The Principal element of an IAM policy refers to the specific entity that should be allowed or denied permission, whereas the translates to everyone except the specified entity.

A. NotPrincipal
B. Vendor
C. Principal
D. Action

Correct Answer: A

Explanation:

Explanation: The element NotPrincipal that is included within your IAM policy statements allows you to specify an exception to a list of principals to whom the access to a specific resource is either allowed or denied. Use the NotPrincipal element to specify an exception to a list of principals. For example, you can deny access to all principals except the one named in the NotPrincipal element.
Reference:
http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_…

AWS Certified Solutions Architect – Professional SAP-C01 – Question142

What bandwidths do AWS Direct Connect currently support?

A. 10Mbps and 100Mbps
B. 10Gbps and 100Gbps
C. 100Mbps and 1Gbps
D. 1Gbps and 10 Gbps

Correct Answer: D

Explanation:

Explanation: AWS Direct Connection currently supports 1Gbps and 10 Gbps.
Reference:
http://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html

AWS Certified Solutions Architect – Professional SAP-C01 – Question141

When does an AWS Data Pipeline terminate the AWS Data Pipeline-managed compute resources?

A. AWS Data Pipeline terminates AWS Data Pipeline-managed compute resources every 2 hours.
B. When the final activity that uses the resources is running
C. AWS Data Pipeline terminates AWS Data Pipeline-managed compute resources every 12 hours.
D. When the final activity that uses the resources has completed successfully or failed

Correct Answer: D

Explanation:

Explanation: Compute resources will be provisioned by AWS Data Pipeline when the first activity for a scheduled time that uses those resources is ready to run, and those instances will be terminated when the final activity that uses the resources has completed successfully or failed.
Reference:
https://aws.amazon.com/datapipeline/faqs/

AWS Certified Solutions Architect – Professional SAP-C01 – Question140

MapMySite is setting up a web application in the AWS VPC. The organization has decided to use an AWS RDS instead of using its own DB instance for HA and DR requirements. The organization also wants to secure RDS access.
How should the web application be setup with RDS?

A. Create a VPC with one public and one private subnet. Launch an application instance in the public subnet while RDS is launched in the private subnet.
B. Setup a public and two private subnets in different AZs within a VPC and create a subnet group. Launch RDS with that subnet group.
C. Create a network interface and attach two subnets to it. Attach that network interface with RDS while launching a DB instance.
D. Create two separate VPCs and launch a Web app in one VPC and RDS in a separate VPC and connect them with VPC peering.

Correct Answer: B

Explanation:

Explanation: A Virtual Private Cloud (VPC) is a virtual network dedicated to the user’s AWS account. It enables the user to launch AWS resources, such as RDS into a virtual network that the user has defined. Subnets are segments of a VPC’s IP address range that the user can designate to a group of VPC resources based on the security and operational needs.
A DB subnet group is a collection of subnets (generally private) that a user can create in a VPC and assign to the RDS DB instances. A DB subnet group allows the user to specify a particular VPC when creating the DB instances. Each DB subnet group should have subnets in at least two Availability Zones in a given region.
Reference:
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html