Renew AWS-Certified-Developer-Associate Training Tools 2021

NEW QUESTION 1
An orgAMzation has created 10 IAM users. The orgAMzation wants those users to work independently and access AWS. Which of the below mentioned options is not a possible solution?

• A. Create the access key and secret access key for each user and provide access to AWS using the console
• B. Create the X.509 certificate for each user and provide them access to AWS CLI
• C. Enable MFA for each IAM user and assign them the virtual MFA device to access the console
• D. Provide each user with the IAM login and password for the AWS console

Answer: A

Explanation:
If an orgAMzation has created the IAM users, the users can access AWS services either with an IAM specific login/password or console. The orgAMzation can generate the IAM X.509 certificates to access AWS with CLI. The orgAMzation can also enable MFA for each IAM user, which allows an added security for each IAM user. If the orgAMzation has created the access key and secret key than the user cannot access the console using those keys. Access key and secret access key are useful for CLI or
Webservices.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_Introduction.htm|

NEW QUESTION 2
What happens, by default, when one of the resources in a CIoudFormation stack cannot be created?

• A. Previously-created resources are kept but the stack creation terminates.
• B. Previously-created resources are deleted and the stack creation terminates.
• C. The stack creation continues, and the final results indicate which steps failed.
• D. CIoudFormation templates are parsed in advance so stack creation is guaranteed to succee

Answer: B

NEW QUESTION 3
In regard to DynamoDB, can I modify the index once it is created?

• A. Yes, if it is a primary hash key index
• B. Yes, if it is a Global secondary index
• C. No
• D. Yes, if it is a local secondary index

Answer: C

Explanation:
Currently, in DynamoDB, an index cannot be modified once it is created. Reference: http://aws.amazon.com/dynamodb/faqs/#security_anchor

NEW QUESTION 4
An orgAMzation is having an application which can start and stop an EC2 instance as per schedule. The orgAMzation needs the MAC address of the instance to be registered with its software. The instance is launched in EC2-CLASSIC. How can the orgAMzation update the MAC registration every time an instance is booted?

• A. The instance MAC address never change
• B. Thus, it is not required to register the MAC address every time.
• C. The orgAMzation should write a boot strapping script which will get the MAC address from the instance metadata and use that script to register with the application.
• D. AWS never provides a MAC address to an instance; instead the instance ID is used for identifying the instance for any software registration.
• E. The orgAMzation should provide a MAC address as a part of the user dat
• F. Thus, whenever the instance is booted the script assigns the fixed MAC address to that instance.

Answer: B

Explanation:
AWS provides an on demand, scalable infrastructure. AWS EC2 allows the user to launch On-Demand instances. AWS does not provide a fixed MAC address to the instances launched in EC2-CLASSIC. If the instance is launched as a part of EC2-VPC, it can have an ENI which can have a fixed MAC. However, with EC2-CLASSIC, every time the instance is started or stopped it will have a new MAC address.
To get this MAC, the orgAMzation can run a script on boot which can fetch the instance metadata and get the MAC address from that instance metadata. Once the MAC is received, the orgAMzation can register that MAC with the software.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AESDG-chapter-instancedata.html

NEW QUESTION 5
Which OS does the current version of AWS Elastic Beanstalk use?

• A. Amazon Linux AMI, Windows Server 2003 R2 AMI or the Windows Server 2008 R2 AMI
• B. Amazon Linux AMI only
• C. Amazon Linux AMI or the Windows Server 2008 R2 AMI
• D. Windows Sewer 2008 R2 AMI only

Answer: C

Explanation:
The current version of AWS Elastic Beanstalk uses the Amazon Linux AMI or the Windows Server 2008 R2 AMI.
Reference: https://aws.amazon.com/elasticbeansta|k/faqs/

NEW QUESTION 6
True or False: In DynamoDB, Scan operations are always eventually consistent.

• A. No, scan is like Query operation
• B. Yes
• C. No, scan is strongly consistent by default
• D. No, you can optionally request strongly consistent sca

Answer: B

Explanation:
In DynamoDB, Scan operations are always eventually consistent.
Reference: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/APISummary.htmI

NEW QUESTION 7
In DynamoDB, could you use IAM to grant access to Amazon DynamoDB resources and API actions?

• A. Yes
• B. Depended to the type of access
• C. In DynamoDB there is no need to grant access
• D. No

Answer: A

Explanation:
Amazon DynamoDB integrates with AWS Identity and Access Management (IAM). You can use AWS IAM to grant access to Amazon DynamoDB resources and API actions. To do this, you first write an AWS IAM policy, which is a document that explicitly lists the permissions you want to grant. You then attach that policy to an AWS IAM user or role.
Reference: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/UsingIAMWithDDB.htmI

NEW QUESTION 8
A user has created an EBS volume with 1000 IOPS. What is the average IOPS that the user will get for most of the year as per EC2 SLA if the instance is attached to the EBS optimized instance?

• A. 900
• B. 990
• C. 950
• D. 1000

Answer: A

Explanation:
As per AWS SLA if the instance is attached to an EBS-Optimized instance, then the Provisioned IOPS volumes are designed to deliver within 10% of the provisioned IOPS performance 99.9% of the time in a given year. Thus, if the user has created a volume of 1000 IOPS, the user will get a minimum 900 IOPS 99.9% time of the year.
Reference: http://aws.amazon.com/ec2/faqs/

NEW QUESTION 9
How do you configure SQS to support longer message retention?

• A. Set the lVIessageRetentionPeriod attribute using the SetQueueAttributes method
• B. Using a Lambda function
• C. You can'
• D. It is set to 14 days and cannot be changed
• E. You need to request it from AWS

Answer: A

Explanation:
To configure the message retention period, set the lVIessageRetentionPeriod attribute using the SetQueueAttributes method. This attribute is used to specify the number of seconds a message will be retained by SQS. Currently the default value for the message retention period is 4 days. Using the lVIessageRetentionPeriod attribute, the message retention period can be set anywhere from 60 seconds (1 minute), up to 1209600 seconds (14 days).
Reference: https://aws.amazon.com/sqs/faqs/

NEW QUESTION 10
A user is planning to create a structured database in the cloud. Which of the below mentioned AWS offerings help the user achieve the goal?

• A. AWS DynamoDB
• B. AWS RDS
• C. AWS Simp|eDB
• D. AWS RSD

Answer: B

Explanation:
AWS RDS is a managed database server offered by AWS, which makes it easy to set up, operate, and scale a relational database or structured data in cloud.
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html

NEW QUESTION 11
An orgAMzation has 20 employees. The orgAMzation wants to give all the users access to the orgAMzation AWS account. Which of the below mentioned options is the right solution?

• A. Share the root credentials with all the users
• B. Create an IAM user for each employee and provide access to them
• C. It is not advisable to give AWS access to so many users
• D. Use the IAM role to allow access based on STS

Answer: B

Explanation:
AWS Identity and Access Management is a web service that enables the AWS customers to manage users and user permissions in AWS. The IAM is targeted at orgAMzations with multiple users or systems that use AWS products such as Amazon EC2, Amazon RDS, and the AWS Management Console. With IAM, the orgAMzaiton can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users can access.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_Introduction.htm|

NEW QUESTION 12
Regarding Amazon SWF, the coordination logic in a workflow is contained in a software program called a

• A. Handler
• B. Decider
• C. Cordinator
• D. Worker

Answer: B

Explanation:
In Amazon SWF, the coordination logic in a workflow is contained in a software program called a decider. The decider schedules actMty tasks, provides input data to the actMty workers, processes events that arrive while the workflow is in progress, and ultimately ends (or closes) the workflow when the objective has been completed.
Reference: http://docs.aws.amazon.com/amazonswf/latest/developerguide/swf-dg-intro-to-swf.html

NEW QUESTION 13
An orgAMzation has created an application which is hosted on the AWS EC2 instance. The application stores images to S3 when the end user uploads to it. The orgAMzation does not want to store the AWS secure credentials required to access the S3 inside the instance. Which of the below mentioned options is a possible solution to avoid any security threat?

• A. Use the IAM role and assign it to the instance.
• B. Since the application is hosted on EC2, it does not need credentials to access S3.
• C. Use the X.509 certificates instead of the access and the secret access keys.
• D. Use the IAM based single sign between the AWS resources and the orgAMzation applicatio

Answer: A

Explanation:
The AWS IAM role uses temporary security credentials to access AWS services. Once the role is assigned to an instance, it will not need any security credentials to be stored on the instance. Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

NEW QUESTION 14
An orgAMzation is setting up their website on AWS. The orgAMzation is working on various security measures to be performed on the AWS EC2 instances. Which of the below mentioned security mechAMsms will not help the orgAMzation to avoid future data leaks and identify security weaknesses?

• A. Perform SQL injection for application testing.
• B. Run penetration testing on AWS with prior approval from Amazon.
• C. Perform a hardening test on the AWS instance.
• D. Perform a Code Check for any memory leak

Answer: D

Explanation:
AWS security follows the shared security model where the user is as much responsible as Amazon. Since Amazon is a public cloud it is bound to be targeted by hackers. If an orgAMzation is planning to host their application on AWS EC2, they should perform the below mentioned security checks as a measure to find any security weakness/data leaks:
Perform penetration testing as performed by attackers to find any vulnerability. The orgAMzation must take an approval from AWS before performing penetration testing
Perform hardening testing to find if there are any unnecessary ports open Perform SQL injection to find any DB security issues
The code memory checks are generally useful when the orgAMzation wants to improve the application performance.
Reference: http://aws.amazon.com/security/penetration-testing/

NEW QUESTION 15
Regarding Amazon SNS, when you want to subscribe to a topic and receive notifications to your email, in the Protocol drop-down box, you should select .

• A. Email
• B. Message
• C. SMTP
• D. IMAP

Answer: A

Explanation:
In Amazon SNS, when you want to subscribe to a topic and receive notifications to your email, select Email in the Protocol drop-down box. Enter an email address you can use to receive the notification in the Endpoint field.
Reference: http://docs.aws.amazon.com/sns/latest/dg/SubscribeTopic.html

NEW QUESTION 16
What is the maximum number of S3 Buckets available per AWS account?

• A. 100 per region
• B. there is no limit
• C. 100 per account
• D. 500 per account
• E. 100 per IAM user

Answer: C

NEW QUESTION 17
What is one key difference between an Amazon EBS-backed and an instance-store backed instance?

• A. Virtual Private Cloud requires EBS backed instances
• B. Amazon EBS-backed instances can be stopped and restarted
• C. Auto scaling requires using Amazon EBS-backed instances.
• D. Instance-store backed instances can be stopped and restarte

Answer: B

NEW QUESTION 18
A user has created a snapshot of an EBS volume. Which of the below mentioned usage cases is not possible with respect to a snapshot?

• A. Nlirroring the volume from one AZ to another AZ
• B. Launch an instance
• C. Decrease the volume size
• D. Increase the size of the volume

Answer: C

Explanation:
The EBS snapshots are a point in time backup ofthe volume. It is helpful to move the volume from one AZ to another or launch a new instance. The user can increase the size of the volume but cannot decrease it less than the original snapshot size.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.htmI

NEW QUESTION 19
A user has developed an application which is required to send the data to a NoSQL database. The user wants to decouple the data sending such that the application keeps processing and sending data but
does not wait for an acknowledgement of DB. Which of the below mentioned applications helps in this scenario?

• A. AWS Simple Notification Service
• B. AWS Simple Workflow
• C. AWS Simple Query Service
• D. AWS Simple Queue Service

Answer: D

Explanation:
Amazon Simple Queue Service (SQS) is a fast, reliable, scalable, and fully managed message queuing service. SQS provides a simple and cost-effective way to decouple the components of an application. In this case, the user can use AWS SQS to send messages which are received from an application and sent to DB. The application can continue processing data without waiting for any acknowledgement from DB. The user can use SQS to transmit any volume of data without losing messages or requiring other services to always be available.
Reference: http://aws.amazon.com/sqs/

NEW QUESTION 20
Company A has an S3 bucket containing premier content that they intend to make available to only paid subscribers of their website. The S3 bucket currently has default permissions of all objects being private to prevent inadvertent exposure of the premier content to non-paying website visitors. How can Company A provide only paid subscribers the ability to download a premier content file in the S3 bucket?

• A. Apply a bucket policy that grants anonymous users to download the content from the S3 bucket
• B. Generate a pre-signed object URL for the premier content file when a paid subscriberrequests adownload
• C. Add a bucket policy that requires Multi-Factor Authentication for requests to access the S3 bucket objects
• D. Enable server side encryption on the S3 bucket for data protection against the non-paying website visitors

Answer: B

NEW QUESTION 21
A user is running a MySQL RDS instance. The user will not use the DB for the next 3 months. How can the user save costs?

• A. Pause the RDS actMties from CLI until it is required in the future
• B. Stop the RDS instance
• C. Create a snapshot of RDS to launch in the future and terminate the instance now
• D. Change the instance size to micro

Answer: C

Explanation:
The RDS instances unlike the AWS EBS backed instances cannot be stopped or paused. The user needs to take the final snapshot, terminate the instance and launch a new instance in the future from that snapshot
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.BackingUpAndRestoringAmazonR DSInstances.htmI

NEW QUESTION 22
A user had defined an IAM policy similar to the one given below on a bucket:
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "A||ow",
"PrincipaI": {
"AWS": "arn:aws:iam::12112112:user/test"
}!
"Action": [ "s3:GetBucketLocation", "s3:ListBucket", "s3:GetObject"
]!
"Resource": [ "arn:aws:s3:::examkiI|er"
}
}
What will this do?

• A. It will result in an error saying invalid policy statement
• B. It will create an IAM policy for the user test
• C. Allows the user test of the AWS account ID 12112112 to perform GetBucketLocation, ListBucket and GetObject on the bucket examkiller
• D. It will allow all the IAM users of the account ID 12112112 to perform GetBucketLocation, ListBucket and GetObject on bucket examkiller

Answer: C

Explanation:
The IAM policy allows to test a user in the account 12112112 to perform: s3:GetBucketLocation
s3:ListBucket s3:GetObject
Amazon S3 permissions on the examkiller bucket.
Reference: http://docs.aws.amazon.com/AmazonS3/Iatest/dev/access-policy-language-overview.html

NEW QUESTION 23
A user has an S3 object in the US Standard region with the content "coIor=red". The user updates the object with the content as "coIor="white". If the user tries to read the value 1 minute after it was uploaded, what will S3 return?

• A. It will return "coIor=white"
• B. It will return "coIor=red"
• C. It will return an error saying that the object was not found
• D. It may return either "coIor=red" or "color=white" i.
• E. any of the value

Answer: D

Explanation:
AWS S3 follows the eventual consistent model in the US Standard Region. Once the object is updated it
may return the new value or the old value based on whether all the content is replicated across multiple servers until it becomes consistent (eventual).
Reference: http://docs.aws.amazon.com/AmazonS3/Iatest/dev/Introduction.htmI

NEW QUESTION 24
A user has created an RDS instance with MySQL. The user is using the HeidiSQL client to connect with the RDS DB. The client is unable to connect to DB from his home machine. What is a possible reason for the failure?

• A. The user has to open port 80 in the RDS security group to connect with RDS DNS
• B. The security group is not configured to allow a request from the user’s IP on port 3306
• C. You can never connect to RDS from your desktop
• D. The user has to open port 22 in the RDS security group to connect with RDS DNS

Answer: B

Explanation:
If the user needs to connect to RDS then he has to open port 3306 in the RDS security group for his IP address.
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html

NEW QUESTION 25
In DynamoDB, if you create a table and request 10 units of write capacity and 200 units of read capacity of provisioned throughput, how much would you be charged in US East (Northern Virginia) Region?

• A. $0.05 per hour
• B. $0.10 per hour
• C. $0.03 per hour
• D. $0.15 per hour

Answer: A

Explanation:
To understand pricing in DynamoDB, consider the following example. If you create a table and request 10 units of write capacity and 200 units of read capacity of provisioned throughput, you would be charged:
$0.01 + (4 x $0.01) = $0.05 per hour
Reference: http://aws.amazon.com/dynamodb/pricing/

NEW QUESTION 26
A startup s photo-sharing site is deployed in a VPC. An ELB distributes web traffic across two subnets. ELB session stickiness is configured to use the AWS-generated session cookie, with a session TTL of 5 minutes. The webserver Auto Scaling Group is configured as: min-size=4, max-size=4.
The startups preparing for a public launch, by running load-testing software installed on a single EC2 instance running in us-west-2a. After 60 minutes of load-testing, the webserver logs show:

Which recommendations can help ensure load-testing HTTP requests are evenly distributed across the
four webservers? Choose 2 answers

• A. Launch and run the load-tester EC2 instance from us-east-1 instead.
• B. Re-configure the load-testing software to re-resolve DNS for each web request.
• C. Use a 3rd-party load-testing service which offers globally-distributed test clients.
• D. Configure ELB and Auto Scaling to distribute across us-west-2a and us-west-2c.
• E. Configure ELB session stickiness to use the app-specific session cooki

Answer: BE

NEW QUESTION 27
......