Questions and Answers - AWS Certified Cloud Architect Associate

Introduction

• 30 questions

• Expected time to completion: 45 minutes.

• Answers at the end of the page.

Questions

1. What is the maximum number of vaults an AWS account can create in a region?

2. __A solutions arch is designing a highly scalable system to track patient records

Records must remain available for immediate download:__

a. Store files in EBS, create lifecycle policy to move them to Glacier Glacier after 6 months

b. Store files in Glacier, create lifecycle policy to move them to Glacier S3 after 6 months

c. Store files in S3, create lifecycle policy to move them to Glacier Glacier after 6 months

d. Store files in EFS, create lifecycle policy to move them to Glacier after 6 months

3. What is longest duration of an SWF workflow execution?

• 12 months
• 30 days
• 364 days
• 10 days

4. Which services provide full administrative control of EC2 instances?

   • Elastic Beanstalk
   • RDS
   • MapReduce
   • LightSail
   • DynamoDB
   • ElasticCache

5. Standard retrieval of S3 Glacier data typically completes between.

   • 1 - 24 hours
   • 3 - 5 hours
   • 1 - 5 hours
   • 5 - 24 hours

6. Which of the following are true?

• Transfer Acceleration is only supported on virtual-hosted style requests.
• Transfer Acceleration is only supported on path style requests.
• Transfer Acceleration is supported for both virtual and path style requests.
• The name of the bucket used for Transfer Acceleration must be DNS-compliant and must not contain periods (”.”).

7. __Which of the following 3 API actions in AWS STS return temporary security

credentials with a default expiration time of one hour?__

• GetFederationToken
• AssumeRole
• AssumeRolewithSAML
• AssumeRoleWithWebIdentity
• GetSessionToken

8. Which of the following are true?

   • S3 One Zone Infrequent Access does not support SSL
   • S3 Intelligent-Tiering accrues a small monthly monitoring and auto-tiering fee
   • S3 Glacier provides three retrieval options that range from a few minutes to hours.
   • Data stored in S3 One Zone Infrequent Access will be lost in the event of

   Availability Zone destruction.

9. __Database requires occasional internet connection to download system and

database updates__

• Db in private subnet
• Db in public subnet
• NAT instance in public subnet and route internet bound traffic to NAT from

private subnet

• NAT instance in private subnet and route internet bound traffic to NAT from

private subnet

10. Which is true?

S3 supports

• Eventual consistency for overwrite PUTS and UPDATES
• Eventual consistency for overwrite PUTS and DELETES
• Read after write consistency for PUTS of new objects in all regions
• Read after write consistency for PUTS of new objects in US regions

11. __Requirement to host a database on an EC2 instance. The storage option chosen

must support 28,000 IOPs__

• EBS Provisioned IOPS SSD

• EBS Throughput Optimized HDD

• EBS General Purpose SSD

• EBS Max IOPS SSD

12. __An application is being designed for deployment into AWS. The application will

use Amazon S3 buckets for storing as well as reading data. The write traffic is expected to be 6,500 requests per second and the read traffic will be around 8,000 requests per second.__

What is the best way to architect the solution for maximum Amazon s3 performance?

• Use as many s3 prefixes as you need in parallel to achieve the required

throughput.

• Prefix each object name with a hex hash key along with the current date.

Make the keys distinctive.

• Enable versioning on the S3 bucket.

• Setup cross region replication on the bucket and preform reads from the

secondary bucket.

13. Which AWS network feature gives low latency and high packet per second network performance?

Choose One

• Amazon Hypervisor
• Security Group
• Amazon HVM
• Placement Group

14. __A company has an application hosted in AWS. The application is deployed on a

set of Ec2 instances across two AZs for high availability. The infrastructure is deployed behind a application load balancer.__

The following are requirements from and administrative perspective.

• Ensure notifications are sent when the read requests exceed 100 per minute.

• Ensure latency exceeds 15 seconds

• Any API activity which calls sensitive data must be monitored.

Which of the following meets the requirements? Choose 2.

a. Use CloudTrail to monitor API activity.

b. Use CloudWatch to monitor API activity. Not used to monitor API activity.

c. Use CloudWatch metrics to create custom metrics and setup an alarm to send out notifications when the threshold is reached.

d. Use custom log software to monitor latency and read requests to the application load balancer.

15. __An EC2 instances hosts a voting application that accesses DynamoDB table.

The instance needs to be able to access the table in the most secure way possible.__

Which of the following is the most secure way for the EC2 instance to access the DynamoDB table?

• Use KMS keys with permissions to interact with DynamoDb and assign those

keys to the applications.

• Use an IAM user account that is designated as a service account to ensure

minimum required credentials and assing to the instance.

• Use an IAM role with permissions to interact with DynamoDB and assign it

to the EC2 instance.

• Configure a VPC gateway endpoint to allow the resources to access

DynamoDB

Note: Always choose a role over a user account.

16. __Where to get info like timestamps, client ip, latencies, request paths from

load balancers.__

Choose One:

• Metrics from CloudWatch
• Access Logs from the web servers
• Access Logs from the load balancers
• Metrics from CloudTrail

17. __A company has a workflow that sends video files from their datacenter into

the cloud for transcoding. They are using EC2 instances to pull transcoding jobs from SQS.__

Why is SQS the best choice for creating a decoupled architecture?

• SQS guarantees the order of messages.

• SQS checks the health of the worker instances.

• SQS makes it easier to carry out horizontal scaling of the encoding tasks.

• SQS synchronously provides transcoding output.

18. __Connecting to EC2 via putty receives ‘Connection timed out’ error. What

possible causes?__

Choose 3:

• Role attached to EC2 instance
• Security Group rules
• Private/public keys
• Route table for the subnet
• Username/password
• Network access control list

19. __Which S3 encryption method could be used for data assuming you do not want

to manage the encryption keys yourself?

Choose One__

• SSE-S3
• SSE-C
• SSE-KMS
• SSE-KMS with CloudHSM

20. __An RDS MySQL database is getting lots of read and has become the bottleneck

for the application. What action can be peformed to ensure that the database does not remain a bottleneck.__

• Setup CloudFront distribution in front of the database.

CloudFront in front of a database is not a typical architecture.

• Setup an Elastic Load Balancer in front of the database.

Load Balancers sit in front of application and web servers not database.

• Setup an ElastiCache cluster in front of the database.

• Setup SNS in front of the database

21. Default visibility time for a queue in SQS

• 12 hours
• 30 secs
• 1 day
• 1 hour

22. __Custom application with 200GB MySQL database runs on an EC2 instance.

The application is only being used for short periods of time in the morning and sometimes in the evening.

What is the most cost effective storage type?__

• Amazon EBS provisioned IOPS SSD.

• Amazon EBS Throughput Optimized HDD

• Amazon EBS General Purpose SSD

• Amazon EFS

23. Which of the following are true?

Choose 2

• Default max amount of bucket is 100

• Default max amount of objects in bucket is infinity (theoretically)

• AWS Inspector is an automated security assessment tool which needs no agent

installed on target instances.

• AWS Systems manager uses an event based architecture

24. __A reporting application runs on EC2 instances behind an application load

balancer. The EC2 instances are part of an auto scaling group with multi Availability Zone deployment. Due to the complexity, the reports take up to 15 minutes. A solutions architect is concerned users will receive 500 errors if a report is requested during scale-in.__

What is the best measure to mitigate this?

• Use sticky sessions

• Use connection draining

• Increase the cool down period for the auto scaling group to greater than

1500 seconds.

• Increase the de-registration delay timeout for the target group to greater

than 1500 seconds.

25. __A consultant designs large scale architectures using several AWS services

that include IAM, EC2, RDS, Dynamo DB and VPC. The consultant would like to take his designs and make them easier to deploy to AWS, that is, in a more automated manner.__

Which service would best meet the requirement?

• Elastic Beanstalk.

• CodeDeploy

• CloudFormation

• OpsWorks

26. __An enterprise application has a queue from which tasks are received and processed. However some tasks are processed more than once. How would a

solutions architect ensure tasks are only processed only once?__

A solutions architect would ensure tasks are processed only once by using:

• Kinesis Data Streams

• Kinesis Data Firehose

• SNS

• FIFO SQS

27. __How do new instances of an Auto Scaling Group identify their public and

private IP addresses?__

• Ipconfig for windows Ifconfig for linux
• CloudTrail
• Using a Curl or Get command to get the latest meta-data from http://169.254.169.253/latest/meta-data/
• Using a Curl or Get command to get the latest user-data from http://169.254.169.253/latest/user-data/

28. __A database application running on an EC2 instance needs to get updates from

the internet. A solutions architect needs to design a solution to get the updates without exposing the instance to the internet.__

Which solution best meets these requirements?

• Attach a VPC endpoint and add routes for 0.0.0.0./0

• Launch a NAT gateway and add routes for 0.0.0.0./0

• Deploy a NAT instance in a public subnet and add routes for 0.0.0.0./0

• Attach an internet Gateway and add routes for 0.0.0.0./0

29. __Logs for an application, comprising multiple EC2 instances, are stored

in an S3 buckets with event setup to trigger a Lambda function. The Lambda function submits a new AWS Batch job to Job queue. After a while you notice that your job is stuck in runnable state.__

What would you do to ensure that your job is moved into starting state?

• Disable Events on the S3 bucket and re-enable after some time.

• Ensure that awslogs log driver is configured on compute resources which will send

log information to CloudWatch logs.

• Disable S3 bucket events.

• Ensure that awslogs log driver is configured on the Job queue which will send

log information to CloudWatch logs.

30. __A solutions architect is designing a system which needs a minimum of 8

m5.large instances to serve traffic. The system will be deployed in us-eas-1 and needs to be able to handle the failure of an entire availability zone (AZ).__

Assume all instances properly linked and you can use AZs a through f

How should you distribute the servers to save as much cost as possible while maintaining high availability?

• 3 servers in each AZ (a - d)
• 8 servers in each AZ (a and b)
• 2 servers in each AZ (a - e)
• 4 servers in each AZ (a - c)

31. __As the cloud administrator of a company, you notice that one of the EC2

instances is restarting frequently. There is need to trouble shoot and analyze the system logs.__

What can be used in AWS to store and analyze the log files from the EC2 instances?

• AWS S3
• AWS CloudTrail
• AWS SQS
• AWS CloudWatch Logs.

32. How would you increase the number of connections to an RDS instance?

• Create a new parameter group, attach it to the DB instance and change the setting.
• Login to the RDS instance and modify database config file under /etc/mysql/my.cnf
• Modify setting in default options group attached to DB instance.
• Create a new option group, attach it to DB instance and change the setting.

33. __An e-commerce application is hosted in AWS. The last time a new product was

launched, the application experienced a performance issue due to an enormous spike in traffic. Management decided that capacity must be doubled the week after the product is launched.__

Which is the MOST efficient way for management to ensure that capacity requirements are met?

• Add a Step Scaling policy
• Add a Dynamic Scaling policy
• Add a Scheduled Scaling action.
• Add Scheduled Reserved Instances.

34. __A Solutions Architect is designing a solution that includes a managed VPN connection.

To monitor whether the VPN connection is up or down, the Architect should use:__

• An external service to ping the VPN endpoint from outside the VPC.
• AWS CloudTrail to monitor the endpoint.
• The CloudWatch TunnelState Metric.
• An AWS Lambda function triggered by CloudTrail activity event.

35. __A company’s development team plans to create an Amazon S3 bucket that

contains millions of images. The team wants to maximize the read performance of Amazon S3.__

Which naming scheme should the company use?

• Add a hexadecimal hash as the prefix.
• Add a date as the prefix.
• Add a sequential id as the suffix.
• Add a hexadecimal hash as the suffix.

36. __You are launching an AWS ECS instance. You would like to set the ECS

container agent configuration during the ECS instance launch__

What should you do?

• Set configuration in the ECS metadata parameter during cluster creation.
• Set configuration in the user data parameters of ECS instance.
• Define configuration in the task definition.
• Define configuration in the service definition.

37. __A company has a legacy application using a proprietary file system and

plans to migrate the application to AWS.__

Which storage service should the company use?

• Amazon DynamoDB
• Amazon S3
• Amazon EBS
• Amazon EFS

Answers

• Click here for

the answers to these questions.