Actual Amazon-Web-Services SOA-C01 Testing Bible Online

NEW QUESTION 1
A user has created an ELB with the availability zone US-East-1

• A. The user wants to add more zones to ELB to achieve High Availabilit
• B. How can the user add more zones to the existing ELB?
• C. It is not possible to add more zones to the existing ELB
• D. The only option is to launch instances in different zones and add to ELB
• E. The user should stop the ELB and add zones and instances as required
• F. The user can add zones on the fly from the AWS console

Answer: D

Explanation:
The user has created an Elastic Load Balancer with the availability zone and wants to add more zones to the existing ELB. The user can do so in two ways:
From the console or CLI, add new zones to ELB;
Launch instances in a separate AZ and add instances to the existing ELB.

NEW QUESTION 2
An organization is using cost allocation tags to find the cost distribution of different departments and projects. One of the instances has two separate tags with the key/ value as ??InstanceName/HR??, ??CostCenter/HR??. What will AWS do in this case?

• A. InstanceName is a reserved tag for AW
• B. Thus, AWS will not allow this tag
• C. AWS will not allow the tags as the value is the same for different keys
• D. AWS will allow tags but will not show correctly in the cost allocation report due to the same value ofthe two separate keys
• E. AWS will allow both the tags and show properly in the cost distribution report

Answer: D

Explanation:
AWS provides cost allocation tags to categorize and track the AWS costs. When the user applies tags to his AWS resources, AWS generates a cost allocation report as a comma-separated value (CSV file. with the usage and costs aggregated by those tags. Each tag will have a key-value and can be applied to services, such as EC2, S3, RDS, EMR, etc. It is required that the key should be different for each tag. The value can be the same for different keys. In this case since the value is different, AWS will properly show the distribution report with the correct values.

NEW QUESTION 3
A user is observing the EC2 CPU utilization metric on CloudWatch. The user has observed some interesting patterns while filtering over the 1 week period for a particular hour. The user wants to zoom that data point to a more granular period. How can the user do that easily with CloudWatch?

• A. The user can zoom a particular period by selecting that period with the mouse and then releasing the mouse
• B. The user can zoom a particular period by double clicking on that period with the mouse
• C. The user can zoom a particular period by specifying the aggregation data for that period
• D. The user can zoom a particular period by specifying the period in the Time Range

Answer: A

NEW QUESTION 4
A user has created a VPC with CIDR 20.0.0.0/16 using the wizard. The user has created a public
subnet CIDR (20.0.0.0/24. and VPN only subnets CIDR (20.0.1.0/24. along with the VPN gateway (vgw-12345. to connect to the user??s data centre. Which of the below mentioned options is a valid entry for the main route table in this scenario?

• A. Destination: 20.0.0.0/24 and Target: vgw-12345
• B. Destination: 20.0.0.0/16 and Target: ALL
• C. Destination: 20.0.1.0/16 and Target: vgw-12345
• D. Destination: 0.0.0.0/0 and Target: vgw-12345

Answer: D

Explanation:
The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data centre, he can setup a public and VPN only subnet which uses hardware VPN access to connect with his data centre. When the user has configured this setup with Wizard, it will create a virtual private gateway to route all traffic of the VPN subnet. Here are the valid entries for the main route table in this scenario: Destination: 0.0.0.0/0 & Target: vgw-12345 (To route all internet traffic to the VPN gateway.
Destination: 20.0.0.0/16 & Target: local (To allow local routing in VPC.

NEW QUESTION 5
A user has configured Elastic Load Balancing by enabling a Secure Socket Layer (SSL. negotiation configuration known as a Security Policy. Which of the below mentioned options is not part of this secure policy while negotiating the SSL connection between the user and the client?

• A. SSL Protocols
• B. Client Order Preference
• C. SSL Ciphers
• D. Server Order Preference

Answer: B

Explanation:
Elastic Load Balancing uses a Secure Socket Layer (SSL. negotiation configuration which is known as a Security Policy. It is used to negotiate the SSL connections between a client and the load balancer. A security policy is a combination of SSL Protocols, SSL Ciphers, and the Server Order Preference option.

NEW QUESTION 6
An instance is launched into a VPC subnet with the network ACL configured to allow all inbound traffic and deny all outbound traffic. The instance's security group is configured to allow SSH from any IP address and deny all outbound traffic. What changes need to be made to allow SSH access to the instance?

• A. The outbound security group needs to be modified to allow outbound traffic.
• B. The outbound network ACL needs to be modified to allow outbound traffic.
• C. Nothing, it can be accessed from any IP address using SSH.
• D. Both the outbound security group and outbound network ACL need to be modified to allow outbound traffic.

Answer: B

Explanation:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html

NEW QUESTION 7
A user has configured ELB with Auto Scaling. The user suspended the Auto Scaling AddToLoadBalancer
(which adds instances to the load balancer. process for a while. What will happen to the instances launched during the suspension period?

• A. The instances will not be registered with ELB and the user has to manually register when the process is resumed
• B. The instances will be registered with ELB only once the process has resumed
• C. Auto Scaling will not launch the instance during this period due to process suspension
• D. It is not possible to suspend only the AddToLoadBalancer process

Answer: A

Explanation:
Auto Scaling performs various processes, such as Launch, Terminate, add to Load Balancer etc. The user can also suspend the individual process. The AddToLoadBalancer process type adds instances to the load balancer when the instances are launched. If this process is suspended, Auto Scaling will launch the instances but will not add them to the load balancer. When the user resumes this process, Auto Scaling will resume adding new instances launched after resumption to the load balancer. However, it will not add running instances that were launched while the process was suspended; those instances must be added manually.

NEW QUESTION 8
An Application team is using Remote Desktop to connect to its application server and perform administrative tasks. After deployment a Windows service a existing subnets, the team discovers that it is unable to communicate with the new servers. A SysOps Administrative has obtained the VPC logs as shown in the table) related to the communication to help troubleshooting the problem.

How can this issue be resolved?

• A. Check the route Tables to validate that the Remote Desktop and return traffic is allowed to and from the new servers.
• B. Check the security groups to validate that Remote Desktop is allowed into the new servers.
• C. Check the network access control lists to validate that the Remote Desktop and return traffic is allowed to and from the new servers.
• D. Ensures that the RDP service and Windows firewall are open and listening on Port 3389 TCP.

Answer: D

NEW QUESTION 9
A user is creating a CloudFormation stack. Which of the below mentioned limitations does not hold true for CloudFormation?

• A. One account by default is limited to 100 templates
• B. The user can use 60 parameters and 60 outputs in a single template
• C. The template, parameter, output, and resource description fields are limited to 4096 characters
• D. One account by default is limited to 20 stacks

Answer: A

Explanation:
AWS CloudFormation is an application management tool which provides application modelling, deployment, configuration, management and related activities. The limitations given below apply to the CloudFormation template and stack. There are no limits to the number of templates but each AWS CloudFormation account is limited to a maximum of 20 stacks by default. The Template, Parameter, Output, and Resource description fields are limited to 4096 characters. The user can include up to 60 parameters and 60 outputs in a template.

NEW QUESTION 10
You have an Auto Scaling group associated with an Elastic Load Balancer (ELB). You have noticed that instances launched via the Auto Scaling group are being marked unhealthy due to an ELB health check, but these unhealthy instances are not being terminated.
What do you need to do to ensure trial instances marked unhealthy by the ELB will be terminated and replaced?

• A. Change the thresholds set on the Auto Scaling group health check
• B. Add an Elastic Load Balancing health check to your Auto Scaling group
• C. Increase the value for the Health check interval set on the Elastic Load Balancer
• D. Change the health check set on the Elastic Load Balancer to use TCP rather than HTTP checks

Answer: B

Explanation:
Reference:
http://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/as-add-elb-healthcheck.html
Add an Elastic Load Balancing Health Check to your Auto Scaling Group
By default, an Auto Scaling group periodically reviews the results of EC2 instance status to determine the health state of each instance. However, if you have associated your Auto Scaling group with an Elastic Load Balancing load balancer, you can choose to use the Elastic Load Balancing health check. In this case, Auto Scaling determines the health status of your instances by checking the results of both the EC2 instance status check and the Elastic Load Balancing instance health check.
For information about EC2 instance status checks, see Monitor Instances With Status Checks in the Amazon EC2 User Guide for Linux Instances. For information about Elastic Load Balancing health checks, see Health Check in the Elastic Load Balancing Developer Guide.
This topic shows you how to add an Elastic Load Balancing health check to your Auto Scaling group, assuming that you have created a load balancer and have registered the load balancer with your Auto Scaling group. If you have not registered the load balancer with your Auto Scaling group, see Set Up a Scaled and Load-Balanced Application.
Auto Scaling marks an instance unhealthy if the calls to the Amazon EC2 action DescribeInstanceStatus return any state other than running, the system status shows impaired, or the calls to Elastic Load Balancing action DescribeInstanceHealth returns OutOfService in the instance state field.
If there are multiple load balancers associated with your Auto Scaling group, Auto Scaling checks the health state of your EC2 instances by making health check calls to each load balancer. For each call, if the Elastic Load Balancing action returns any state other than InService, the instance is marked as
unhealthy. After Auto Scaling marks an instance as unhealthy, it remains in that state, even if subsequent calls from other load balancers return an InService state for the same instance.

NEW QUESTION 11
A user has created a VPC with public and private subnets using the VPC Wizard. The VPC has CIDR 20.0.0.0/16. The private subnet uses CIDR 20.0.0.0/24. Which of the below mentioned entries are required in the main route table to allow the instances in VPC to communicate with each other?

• A. Destination : 20.0.0.0/24 and Target : VPC
• B. Destination : 20.0.0.0/16 and Target : ALL
• C. Destination : 20.0.0.0/0 and Target : ALL
• D. Destination : 20.0.0.0/24 and Target : Local

Answer: D

NEW QUESTION 12
A syslog Administrator is created additional Amazon EC2 instances and receive an Instancelimitexceeded error.
What is the cause of the issue and how can it be resolve?

• A. The Administrator has requested too many instances at once and must request fewer instances in batches
• B. The concurrent running instance limit has been reached and an EC2 limit increase request must be filed with AWS Support
• C. AWS does not currently nave enough available capacity and a different instance type must be used
• D. The Administrator must specify the maximum number of instances to be ?V created provisioning EC stances

Answer: B

Explanation:
EC2 Service Limits: AWS sets limits for these resources on a per-region basis.
If you are getting an InstanceLimitExceeded error when you try to launch an instance, you have reached your concurrent running instance limit. For new AWS accounts, the default limit is 20. If you need additional running instances, complete the form at Request to Increase Amazon EC2 Instance Limit.
By default, all AWS accounts have a limit of 20 running instances at any time per region. If you attempt to start another one, even if it already existed in the stopped state, you will receive this error message.
To resolve this issue, you can do any of the following: Stop one of your other running instances
Contact AWS support and request your running EC2 instances quota limit be raised.

NEW QUESTION 13
A user has created an Auto Scaling group using CLI. The user wants to enable CloudWatch detailed monitoring for that group. How can the user configure this?

• A. When the user sets an alarm on the Auto Scaling group, it automatically enables detail monitoring
• B. By default detailed monitoring is enabled for Auto Scaling
• C. Auto Scaling does not support detailed monitoring
• D. Enable detail monitoring from the AWS console

Answer: B

Explanation:
CloudWatch is used to monitor AWS as well as the custom services. It provides either basic or detailed monitoring for the supported AWS products. In basic monitoring, a service sends data points to CloudWatch every five minutes, while in detailed monitoring a service sends data points to CloudWatch every minute. To enable detailed instance monitoring for a new Auto Scaling group, the user does not need to take any extra steps. When the user creates an Auto Scaling launch config as the first step for creating an Auto Scaling group, each launch configuration contains a flag named InstanceMonitoring.Enabled. The default value of this flag is true. Thus, the user does not need to set this flag if he wants detailed monitoring.

NEW QUESTION 14
Which of the following statements about this S3 bucket policy is true?

• A. Denies the server with the IP address 192.166 100.0 full access to the "mybucket" bucket
• B. Denies the server with the IP address 192.166 100.188 full access to the "mybucket bucket
• C. Grants all the servers within the 192 168 100 0/24 subnet full access to the "mybucket" bucket
• D. Grants all the servers within the 192 168 100 188/32 subnet full access to the "mybucket" bucket

Answer: C

NEW QUESTION 15
An organization (account ID 123412341234. has configured the IAM policy to allow the user to modify his credentials. What will the below mentioned statement allow the user to perform?
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow", "Action": [ "iam:AddUserToGroup",
"iam:RemoveUserFromGroup", "iam:GetGroup"
],
"Resource": "arn:aws:iam:: 123412341234:group/TestingGroup"
}]

• A. The IAM policy will throw an error due to an invalid resource name
• B. The IAM policy will allow the user to subscribe to any IAM group
• C. Allow the IAM user to update the membership of the group called TestingGroup
• D. Allow the IAM user to delete the TestingGroup

Answer: C

Explanation:
AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. If the organization (account ID 123412341234. wants their users to manage their subscription to the groups, they should create a relevant policy for that. The below mentioned policy allows the respective IAM user to update the membership of the group called MarketingGroup.
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow", "Action": [ "iam:AddUserToGroup",
"iam:RemoveUserFromGroup", "iam:GetGroup"
],
"Resource": "arn:aws:iam:: 123412341234:group/ TestingGroup "
}]

NEW QUESTION 16
A user has launched an EBS backed EC2 instance. The user has rebooted the instance. Which of the below mentioned statements is not true with respect to the reboot action?

• A. The private and public address remains the same
• B. The Elastic IP remains associated with the instance
• C. The volume is preserved
• D. The instance runs on a new host computer

Answer: D

Explanation:
A user can reboot an EC2 instance using the AWS console, the Amazon EC2 CLI or the Amazon EC2 API. Rebooting an instance is equivalent to rebooting an operating system. However, it is recommended that the user use the Amazon EC2 to reboot the instance instead of running the operating system reboot command from the instance. The instance remains on the same host computer and maintains its public DNS name, private IP address, and any data on its instance store volumes. It typically takes a few minutes for the reboot to complete, but the time it takes to reboot depends on the instance configuration.

NEW QUESTION 17
You are creating an Auto Scaling group whose Instances need to insert a custom metric into CloudWatch.
Which method would be the best way to authenticate your CloudWatch PUT request?

• A. Create an IAM role with the Put MetricData permission and modify the Auto Scaling launch configuration to launch instances in that role
• B. Create an IAM user with the Put MetricData permission and modify the Auto Scaling launch configuration to inject the users credentials into the instance User Data
• C. Modify the appropriate Cloud Watch metric policies to allow the Put MetricData permission to instances from the Auto Scaling group
• D. Create an IAM user with the Put MetricData permission and put the credentials in a private repository and have applications on the server pull the credentials as needed

Answer: A

NEW QUESTION 18
A Syslog Administrator is troubleshooting an Amazon EC2 server and discovers a bottleneck in reading and writing data to the attached Amazon EBS block storage volume. The instance is a larger and the EBS is io1 with 1,000 IOPS provisioned initially, the Administrator increase the provisioned IOPS to 2,000, but performance does not improve.
What should the Administrator do next?

• A. Change the instance type to a t2 large.
• B. Change the volume to gp2 and make it larger.
• C. Change the instance type to c4 xlarge.
• D. Change the volume to Amazon S3 and introduce random key prepending

Answer: D

NEW QUESTION 19
A user is trying to understand the detailed CloudWatch monitoring concept. Which of the below mentioned services does not provide detailed monitoring with CloudWatch?

• A. AWS EMR
• B. AWS RDS
• C. AWS ELB
• D. AWS Route53

Answer: A

Explanation:
CloudWatch is used to monitor AWS as well as the custom services. It provides either basic or detailed monitoring for the supported AWS products. In basic monitoring, a service sends data points to CloudWatch every five minutes, while in detailed monitoring a service sends data points to CloudWatch every minute. Services, such as RDS, EC2, Auto Scaling, ELB, and Route 53 can provide the monitoring data every minute.

NEW QUESTION 20
A company is running an Oracle database engine that handles heavy online transaction processing (OLTP) structured data traffic.
How can a SysOps administrator ensure that the database has high availability?

• A. Use Amazon DynamoOB to store the data
• B. Use Amazon RDS Multi -AZ deployment to store the data
• C. Use Amazon RDS read replicas in a different region to store the data
• D. Use an Amazon Redshift cluster to store the data

Answer: B

NEW QUESTION 21
A user has launched an EC2 instance. The instance got terminated as soon as it was launched. Which of the below mentioned options is not a possible reason for this?

• A. The user account has reached the maximum EC2 instance limit
• B. The snapshot is corrupt
• C. The AMI is missin
• D. It is the required part
• E. The user account has reached the maximum volume limit

Answer: A

Explanation:
When the user account has reached the maximum number of EC2 instances, it will not be allowed to launch an instance. AWS will throw an ??InstanceLimitExceeded?? error. For all other reasons, such as ??AMI is missing part??, ??Corrupt Snapshot?? or ??Volume limit has reached?? it will launch an EC2 instance and then terminate it.

NEW QUESTION 22
......