ditectrev / aws-certified-solutions-architect-associate-saa-c03-practice-tests-exams-questions-answers Goto Github PK

Answer should be C. Better answer is to allow KMS to handle the the signed certs

According to documentation:
https://docs.aws.amazon.com/AmazonS3/latest/userguide/Welcome.html#ConsistencyModel

Amazon S3 provides strong read-after-write consistency for PUT and DELETE requests of objects in your Amazon S3 bucket in all AWS Regions. This behavior applies to both writes to new objects as well as PUT requests that overwrite existing objects and DELETE requests.

I think they changed it in 2020 from eventual consistency. Thought I might be missing some catch in "any type" of first answer.

Answer should be - [x] Assign an IAM role to the Amazon EC2 instance.

Is there a method in the IAM system to allow or deny access to a specific instance?
The correct answer is yes
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow

Answer should be -[ ] A Route payment requests through two NAT instances setup for High Availability and whitelist the Elastic IP addresses attached to the MAT instances

Answer should be A

To serve Web traffic for a popular product your chief financial officer and IT director have purchased 10 ml large heavy utilization Reserved Instances (RIs) evenly spread across two Availability Zones: Route 53 is used to deliver the traffic to an Elastic Load Balancer (ELB). After several months, the product grows even more popular and you need additional capacity As a result, your company purchases two C3.2xlarge medium utilization RIs You register the two c3 2xlarge instances with your ELB and quickly find that the ml large instances are at 100% of capacity and the c3 2xlarge instances have significant capacity that's unused Which option is the most cost effective and uses EC2 capacity most effectively?

• Use a separate ELB for each instance type and distribute load to ELBs with Route 53 weighted round robin.
• Configure Autoscaning group and Launch Configuration with ELB to add up to 10 more on-demand ml large instances when triggered by Cloudwatch shut off c3 2xlarge instances.
• Route traffic to EC2 ml large and c3 2xlarge instances directly using Route 53 latency based routing and health checks shut off ELB.
• Configure Autoscaling group and Launch Configuration with ELB to add up to 10 more on-demand m1.large instances when triggered by Cloudwatch. Shut off c3.2xlarge instances.

it should be A government client needs you to set up secure cryptographic key storage for some of their extremely confidential data. You decide that the AWS CloudHSM is the best service for this. However, there seem to be a few pre-requisites before this can happen, one of those being a security group that has certain ports open. Which of the following is correct in regards to those security groups?

The questions contain few duplicated questions, clearly visible with markdownlint Visual Studio Code extension.

Quite some links are broken, https://slugify.online might be helpful to fix them.

Question is written wrong. It should be `### A major customer has asked you to set up his AWS infrastructure so that it will be easy to recover in the case of a disaster of some sort. Which of the following is important when thinking about being able to quickly launch resources in AWS to ensure business continuity in case of a disaster?

• Create and maintain AMIs of key servers where fast recovery is required.
• Regularly run your servers, test them, and apply any software updates and configuration changes.
• Ensure that you have all supporting custom software packages available in AW.
• All items listed here are important when thinking about disaster recovery.`

You forgot to add A web company is looking to implement an intrusion detection and prevention system into their deployed VPC. This platform should have the ability to scale to thousands of instances running inside of the VPC

Answert should be 4
Would use VPC with private (DB) and public (WEB) subnets:
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.Scenarios.html
Multi AZ requirement forces me to multiply subnets by two.
Reasons:
For DB: Your VPC must have at least one subnet in at least two of the Availability Zones in
the region where you want to deploy your DB instance. A subnet is a segment of a VPC’s IP
address range that you can specify and that lets you group instances based on your security
and operational needs
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSIns
tanceinaVPC.html
For Web: After creating a VPC, you can add one or more subnets in each Availability Zone.
Each subnet must reside entirely within one Availability Zone and cannot span zones
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html

The answer should be
B.
Amazon RDS for MySQL with Multi-AZ.