High Value SAA-C01 Courses 2021

NEW QUESTION 1
A customer implemented AWS Storage Gateway with a gateway-cached volume at their main office. An event takes the link between the main and branch office offline. Which methods will enable the branch office to access their data? (Choose three.)

• A. Use a HTTPS GET to the Amazon S3 bucket where the files are located.
• B. Restore by implementing a lifecycle policy on the Amazon S3 bucket.
• C. Make an Amazon Glacier Restore API call to load the files into another Amazon S3 bucket within four to six hours.
• D. Launch a new AWS Storage Gateway instance AMI in Amazon EC2, and restore from a gateway snapshot.
• E. Create an Amazon EBS volume from a gateway snapshot, and mount it to an Amazon EC2 instance.
• F. Launch an AWS Storage Gateway virtual iSCSI device at the branch office, and restore from a gateway snapshot.

Answer: DEF

Explanation:
A is certainly not right, because files persisted by Storage Gateway to S3 are not visible, let alone be accessible.
https://forums.aws.amazon.com/thread.jspa?threadID=109748
B is invalid option because you cannot apply Lifecycle Policies because AWS Storage Gateway
does not give you that option. Cached Volumes are never stored to Glacier and hence “C” is not valid.

NEW QUESTION 2
A Solutions Architect is designing a new social media application. The application must provide a secure method for uploading profile photos. Each user should be able to upload a profile photo into a shared storage location for one week after their profile is created.
Which approach will meet all of these requirements?

• A. Use Amazon Kinesis with AWS CloudTrail for auditing the specific times when profile photos are uploaded.
• B. Use Amazon EBS volumes with IAM policies restricting user access to specific time periods.
• C. Use Amazon S3 with the default private access policy and generate pre-signed URLs each time a new site profile is created.
• D. Use Amazon CloudFront with AWS CloudTrail for auditing the specific times when profile photos are uploaded.

Answer: C

NEW QUESTION 3
You work for a market analysis firm who are designing a new environment. They will ingest large amounts of market data via Kinesis and then analyze this data using Elastic Map Reduce. The data is then imported in to a high performance NoSQL Cassandra database which will run on EC2 and then be accessed by traders from around the world. The database volume itself will sit on 2 EBS volumes that will be grouped into a RAID 0 volume. They are expecting very high demand during peak times, with an IOPS performance level of approximately 15,000. Which EBS volume should you recommend?

• A. Magnetic
• B. General Purpose SSD
• C. Provisioned IOPS (PIOPS)
• D. Turbo IOPS (TIOPS)

Answer: C

Explanation:

NEW QUESTION 4
Fill in the blanks: A _____ is a storage device that moves data in sequences of bytes or bits (blocks). Hint: These devices support random access and generally use buffered I/O.

• A. block map
• B. storage block
• C. mapping device
• D. block device

Answer: D

NEW QUESTION 5
Because of the extensibility limitations of striped storage attached to Windows Server, Amazon RDS does not currently support increasing storage on a _____ DB Instance.

• A. SQL Server
• B. MySQL
• C. Oracle

Answer: A

NEW QUESTION 6
Will my standby RDS instance be in the same Availability Zone as my primary?

• A. Only for Oracle RDS types
• B. Yes
• C. Only if configured at launch
• D. No

Answer: D

NEW QUESTION 7
You are building a system to distribute confidential training videos to employees. Using CloudFront, what method could be used to serve content that is stored in S3, but not publicly accessible from S3 directly?

• A. Create an Origin Access Identity (OAI) for CloudFront and grant access to the objects in your S3 bucket to that OAI.
• B. Add the CloudFront account security group "amazon-cf/amazon-cf-sg" to the appropriate S3 bucket policy.
• C. Create an Identity and Access Management (IAM) User for CloudFront and grant access to the objects in your S3 bucket to that IAM User.
• D. Create a S3 bucket policy that lists the CloudFront distribution ID as the Principal and the target bucket as the Amazon Resource Name (ARN).

Answer: A

NEW QUESTION 8
What's an ECU?

• A. Extended Cluster User.
• B. None of these.
• C. Elastic Computer Usage.
• D. Elastic Compute Uni

Answer: B

Explanation:
The EC2 Compute Unit (ECU) provides the relative measure of the integer processing power of an Amazon EC2 instance.
https://aws.amazon.com/ec2/faqs/

NEW QUESTION 9
Which set of Amazon S3 features helps to prevent and recover from accidental data loss?

• A. Object lifecycle and service access logging
• B. Object versioning and Multi-factor authentication
• C. Access controls and server-side encryption
• D. Website hosting and Amazon S3 policies

Answer: B

Explanation:
Versioning-enabled buckets enable you to recover objects from accidental deletion or overwrite. In addition to that, they have made it a requirement that delete operations on versioned data can only be done using MFA (Multi factor authentication).

NEW QUESTION 10
A company is launching a marketing campaign on their website tomorrow and expects a significant increase in traffic. The website is designed as a multi-tiered web architecture, and the increase in traffic could potentially overwhelm the current design.
What should a Solutions Architect do to minimize the effects from a potential failure in one or more of the tiers?

• A. Migrate the database to Amazon RDS.
• B. Set up DNS failover to a statistic website.
• C. Use Auto Scaling to keep up with the demand.
• D. Use both a SQL and a NoSQL database in the desig

Answer: C

NEW QUESTION 11
You are developing a new mobile application and are considering storing user preferences in AWS.2w. This would provide a more uniform cross-device experience to users using multiple mobile devices to access the application. The preference data for each user is estimated to be 50KB in size Additionally 5 million customers are expected to use the application on a regular basis. The solution needs to be cost-effective, highly available, scalable and secure, how would you design a solution to meet the above requirements?

• A. Setup an RDS MySQL instance in 2 availability zones to store the user preference dat
• B. Deploy a public facing application on a server in front of the database to manage security and access credentials
• C. Setup a DynamoDB table with an item for each user having the necessary attributes to hold the user preference
• D. The mobile application will query the user preferences directly from theDynamoDB tabl
• E. Utilize ST
• F. Web Identity Federation, and DynamoDB Fine Grained Access Control to authenticate and authorize access.
• G. Setup an RDS MySQL instance with multiple read replicas in 2 availability zones to store the user preference data .The mobile application will query the user preferences from the read replica
• H. Leverage the MySQL user management and access privilege system to manage security and access credentials.
• I. Store the user preference data in S3 Setup a DynamoDB table with an item for each user and an item attribute pointing to the user’ S3 objec
• J. The mobile application will retrieve the S3 URL fromDynamoDB and then access the S3 object directly utilize STS, Web identity Federation, and S3 ACLs to authenticate and authorize access.

Answer: B

Explanation:
https://aws.amazon.com/blogs/aws/fine-grained-access-control-for-amazon-dynamodb/ Here are some of the things that you can build using fine-grained access control:
A mobile app that displays information for nearby airports, based on the user’s location. The app can access and display attributes such airline names, arrival times, and flight numbers. However,
it cannot access or display pilot names or passenger counts.
A mobile game which stores high scores for all users in a single table. Each user can update their own scores, but has no access to the other ones.

NEW QUESTION 12
One of the criteria for a new deployment is that the customer wants to use AWS Storage Gateway. However, you are not sure whether you should use gateway-cached volumes or gateway-stored volumes or even what the differences are. Which statement below best describes those differences?

• A. Gateway-cached lets you store your data in Amazon Simple Storage Service (Amazon S3) and retain a copy of frequently accessed data subsets locall
• B. Gateway-stored enables you to configure your on-premises gateway to store all your data locally and then asynchronously back up point-intime snapshots of this data to Amazon S3.
• C. Gateway-cached is free whilst gateway-stored is not.
• D. Gateway-cached is up to 10 times faster than gateway-stored.
• E. Gateway-stored lets you store your data in Amazon Simple Storage Service (Amazon S3) and retaina copy of frequently accessed data subsets locall
• F. Gateway-cached enables you to configure your onpremises gateway to store all your data locally and then asynchronously back up point-in-timesnapshots of this data to Amazon S3.

Answer: A

Explanation:
Volume gateways provide cloud-backed storage volumes that you can mount as Internet Small Computer System Interface (iSCSI) devices from your on-premises application servers. The gateway supports the following volume configurations:
Gateway-cached volumes. You store your data in Amazon Simple Storage Service (Amazon S3) and retain a copy of frequently accessed data subsets locally. Gateway-cached volumes offer a substantial cost savings on primary storage and minimize the need to scale your storage on-premises. You also retain low-latency access to your frequently accessed data.
Gateway-stored volumes. If you need low-latency access to your entire data set, you can configure your on-premises gateway to store all your data locally and then asynchronously back up point-intime snapshots of this data to Amazon S3. This configuration provides durable and inexpensive offsite backups that you can recover to your local data center or Amazon EC2. For example, if you need replacement capacity for disaster recovery, you can recover the backups to Amazon EC2. References:

NEW QUESTION 13
Can a 'user' be associated with multiple AWS accounts?

• A. No
• B. Yes

Answer: A

NEW QUESTION 14
A user is sending a custom metric to CloudWatch. If the call to the CloudWatch APIs has different dimensions, but the same metric name, how will CloudWatch treat all the requests?

• A. It will treat each unique combination of dimensions as a separate metric.
• B. It will group all the calls into a single call.
• C. It will overwrite the previous dimension data with the new dimension data.
• D. It will reject the request as there cannot be a separate dimension for a single metri

Answer: A

Explanation:
A dimension is a key-value pair used to uniquely identify a metric. CloudWatch treats each unique combination of dimensions as a separate metric. Thus, if the user is making 4 calls with the same metric name but a separate dimension, it will create 4 separate metrics. http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/cloudwatch_concepts.ht ml

NEW QUESTION 15
In Amazon EC2, how many Elastic IP addresses can you have by default?

• A. 10
• B. 2
• C. 5
• D. 20

Answer: C

Explanation:
The number of Elastic IP addresses you can have in EC2 is 5.

NEW QUESTION 16
You need to set up security for your VPC and you know that Amazon VPC provides two features that you can use to increase security for your VPC: security groups and network access control lists (ACLs). You have already looked into security groups and you are now trying to understand ACLs. Which statement below is incorrect in relation to ACLs?

• A. Supports allow rules and deny rules.
• B. Is stateful: Return traffic is automatically allowed, regardless of any rules.
• C. Processes rules in number order when deciding whether to allow traffic.
• D. Operates at the subnet level (second layer of defense).

Answer: B

Explanation:
Amazon VPC provides two features that you can use to increase security for your VPC:
Security groups--Act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level.
Network access control lists (ACLs)--Act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level.
Security groups are stateful: (Return traffic is automatically allowed, regardless of any rules) Network ACLs are stateless: (Return traffic must be explicitly allowed by rules)

NEW QUESTION 17
Can you change the security groups associated with the primary network interface (eth0) of an EC2 instance running inside a VPC?

• A. Yes
• B. Only if the instance is stopped
• C. Only when the instance is launched
• D. No

Answer: A

Explanation:
After you launch an instance in a VPC, you can change its security groups. Security groups are associated with network interfaces. Changing an instance's security groups changes the security groups associated with the primary network interface (eth0).
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html#vpc-securitygroups

NEW QUESTION 18
In Amazon EC2, partial instance-hours are billed ____.

• A. per second used in the hour
• B. per minute used
• C. by combining partial segments into full hours
• D. as full hours

Answer: D

Explanation:
Partial instance-hours are billed to the next hour. References:

NEW QUESTION 19
A favored client needs you to quickly deploy a database that is a relational database service with minimal administration as he wants to spend the least amount of time administering it. Which database would be the best option?

• A. Amazon SimpleDB
• B. Your choice of relational AMIs on Amazon EC2 and EBS.
• C. Amazon RDS
• D. Amazon Redshift

Answer: C

Explanation:
Amazon Relational Database Service (Amazon RDS) is a web service that makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while managing time-consuming database administration tasks, freeing you up to focus on your applications and business.
Amazon RDS gives you access to the capabilities of a familiar MySQL, Oracle, SQL Server, or PostgreSQL database engine. This means that the code, applications, and tools you already use today with your existing databases can be used with Amazon RDS. Amazon RDS automatically patches the database software and backs up your database, storing the backups for a user-defined retention period and enabling point-in-time recovery.

NEW QUESTION 20
A manufacturing company captures data from machines running at customer sites. Currently, thousands of machines send data every 5 minutes, and this is expected to grow to hundreds of thousands of machines in the near future. The data is logged with the intent to be analyzed in the future as needed.
What is the SIMPLEST method to store this streaming data at scale?

• A. Create an Amazon Kinesis Firehouse delivery stream to store the data in Amazon S3.
• B. Create an Auto Scaling group of Amazon EC2 servers behind ELBs to write the data into Amazon RDS.
• C. Create an Amazon SQS queue, and have the machines write to the queue.
• D. Create an Amazon EC2 server farm behind an ELB to store the data in Amazon EBS Cold HDD volumes.

Answer: B

NEW QUESTION 21
You are designing an intrusion detection prevention (IDS/IPS) solution for a customer web application in a single VPC. You are considering the options for implementing IDS/IPS protection for traffic coming from the Internet.
Which of the following options would you consider? (Choose two.)

• A. Implement IDS/IPS agents on each Instance running in VPC
• B. Configure an instance in each subnet to switch its network interface card to promiscuous mode and analyze network traffic.
• C. Implement Elastic Load Balancing with SSL listeners in front of the web applications
• D. Implement a reverse proxy layer in front of web servers and configure IDS/IPS agents on each reverse proxy server.

Answer: AD

Explanation:
EC2 does not allow promiscuous mode, and you cannot put something in between the ELB and the web server (like a listener or IDP)

NEW QUESTION 22
You have been setting up an Amazon Virtual Private Cloud (Amazon VPC) for your company, including setting up subnets. Security is a concern, and you are not sure which is the best security practice for securing subnets in your VPC. Which statement below is correct in describing the protection of AWS resources in each subnet?

• A. You can use multiple layers of security, including security groups and network access control lists (ACL).
• B. You can only use access control lists (ACL).
• C. You don't need any security in subnets.
• D. You can use multiple layers of security, including security groups, network access control lists (ACL)and CloudHS

Answer: A

Explanation:
A subnet is a range of IP addresses in your VPC. You can launch AWS resources into a subnet that you select. Use a public subnet for resources that must be connected to the Internet, and a private
subnet for resources that won't be connected to the Internet.
To protect the AWS resources in each subnet, you can use multiple layers of security, including security groups and network access control lists (ACL).

NEW QUESTION 23
Select the correct statement:

• A. You don't need not specify the resource identifier while stopping a resource
• B. You can terminate, stop, or delete a resource based solely on its tags
• C. You can't terminate, stop, or delete a resource based solely on its tags
• D. You don't need to specify the resource identifier while terminating a resource

Answer: C

Explanation:
You can’t terminate, stop, or delete a resource based solely on its tags; you must specify the resource identifier.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#tag-restrictions

NEW QUESTION 24
What cloud service does Amazon S3 offer?

• A. Atomic updates across keys over the Internet
• B. Messaging over the Internet
• C. Storage over the Internet
• D. Object locking over the Internet

Answer: C

Explanation:
Amazon S3 has a simple web services interface that you can use to store and retrieve any amount of data, at any time, from anywhere on the web. http://docs.aws.amazon.com/AmazonS3/latest/dev/Introduction.html

NEW QUESTION 25
Which one of the following can't be used as an origin server with Amazon CloudFront?

• A. A web server running in your infrastructure
• B. Amazon S3
• C. Amazon Glacier
• D. A web server running on Amazon EC2 instances

Answer: C

Explanation:
Amazon CloudFront is designed to work with Amazon S3 as your origin server, customers can also use Amazon CloudFront with origin servers running on Amazon EC2 instances or with any other custom origin.

NEW QUESTION 26
......