Actual of aws solution architect associate exam dumps free practice exam materials and secret for Amazon certification for consumer, Real Success Guaranteed with Updated aws solution architect associate certification pdf dumps vce Materials. 100% PASS AWS Certified Solutions Architect - Associate exam Today!
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Amazon AWS-Solution-Architect-Associate Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW AWS-Solution-Architect-Associate Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/AWS-Solution-Architect-Associate-exam-dumps.html
Q111. You have a number of image files to encode. In an Amazon SQS worker queue, you create an Amazon SQS message for each file specifying the command (jpeg-encode) and the location of the file in Amazon S3. Which of the following statements best describes the functionality of Amazon SQS?
A. Amazon SQS is a distributed queuing system that is optimized for horizontal scalability, not for single-threaded sending or receMng speeds.
B. Amazon SQS is for single-threaded sending or receMng speeds.
C. Amazon SQS is a non-distributed queuing system.
D. Amazon SQS is a distributed queuing system that is optimized for vertical scalability and for single-threaded sending or receMng speeds.
Answer: A
Explanation:
Amazon SQS is a distributed queuing system that is optimized for horizontal scalability, not for
single-threaded sending or receMng speeds. A single client can send or receive Amazon SQS messages at a rate of about 5 to 50 messages per second. Higher receive performance can be achieved by requesting multiple messages (up to 10) in a single call. It may take several seconds before a message that has been to a queue is available to be received.
Reference: http://media.amazonwebservices.com/AWS_Storage_Options.pdf
Q112. Can you specify the security group that you created for a VPC when you launch an instance in EC2-Classic?
A. No, you can specify the security group created for EC2-Classic when you launch a VPC instance.
B. No
C. Yes
D. No, you can specify the security group created for EC2-Classic to a non-VPC based instance only.
Answer: B
Explanation:
If you're using EC2-Classic, you must use security groups created specifically for EC2-Classic. When you launch an instance in EC2-Classic, you must specify a security group in the same region as the instance. You can't specify a security group that you created for a VPC when you launch an instance in
EC2-Classic.
Reference:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.htmI#ec2-classic-securit y-groups
Q113. What does the following command do with respect to the Amazon EC2 security groups? ec2-revoke RevokeSecurityGroup Ingress
A. Removes one or more security groups from a rule.
B. Removes one or more security groups from an Amazon EC2 instance.
C. Removes one or more rules from a security group.
D. Removes a security group from our account.
Answer: C
Q114. You currently operate a web application In the AWS US-East region The application runs on an autoscaled layer of EC2 instances and an RDS Multi-AZ database Your IT security compliance officer has tasked you to develop a reliable and durable logging solution to track changes made to your EC2.1AM And RDS resources. The solution must ensure the integrity and confidentiality of your log data. Which of these solutions would you recommend?
A. Create a new C|oudTraiI trail with one new 53 bucket to store the logs and with the global services option selected Use IAM roles 53 bucket policies and Multi Factor Authentication (MFA) Delete on the 53 bucket that stores your logs.
B. Create a new CIoudTraiI with one new 53 bucket to store the logs Configure SNS to send log file delivery notifications to your management system Use IAM roles and 53 bucket policies on the 53 bucket mat stores your logs.
C. Create a new CIoudTraiI trail with an existing 53 bucket to store the logs and with the global services option selected Use 53 ACLs and Multi Factor Authentication (MFA) Delete on the 53 bucket that stores your logs.
D. Create three new C|oudTrai| trails with three new 53 buckets to store the logs one for the AWS Management console, one for AWS 5DKs and one for command line tools Use IAM roles and 53 bucket policies on the 53 buckets that store your logs.
Answer: A
Q115. An organization has developed a mobile application which allows end users to capture a photo on their mobile device, and store it inside an application. The application internally uploads the data to AWS S3. The organization wants each user to be able to directly upload data to S3 using their Google ID. How will the mobile app allow this?
A. Use the AWS Web identity federation for mobile applications, and use it to generate temporary security credentials for each user.
B. It is not possible to connect to AWS S3 with a Google ID.
C. Create an IAM user every time a user registers with their Google ID and use IAM to upload files to S3.
D. Create a bucket policy with a condition which allows everyone to upload if the login ID has a Google part to it.
Answer: A
Explanation:
For Amazon Web Services, the Web identity federation allows you to create cloud-backed mobile apps that use public identity providers, such as login with Facebook, Google, or Amazon. It will create temporary security credentials for each user, which will be authenticated by the AWS services, such as S3.
Reference: http://docs.aws.amazon.com/STS/latest/UsingSTS/CreatingWIF.htmI
Q116. In Route 53, what does a Hosted Zone refer to?
A. A hosted zone is a collection of geographical load balancing rules for Route 53.
B. A hosted zone is a collection of resource record sets hosted by Route 53.
C. A hosted zone is a selection of specific resource record sets hosted by CIoudFront for distribution to Route 53.
D. A hosted zone is the Edge Location that hosts the Route 53 records for a user.
Answer: B
Explanation:
A Hosted Zone refers to a selection of resource record sets hosted by Route 53.
Reference: http://docs.aws.amazon.com/Route53/Iatest/DeveIoperGuide/AboutHostedZones.html
Q117. If I want an instance to have a public IP address, which IP address should I use'?
A. Elastic I P Address
B. Class B IP Address
C. Class A IP Address
D. Dynamic IP Address
Answer: A
Q118. Read Replicas require a transactional storage engine and are only supported for the _ _ storage engine
A. OracIeISAM
B. MSSQLDB
C. InnoDB
D. IV|y|SAIV|
Answer: C
Q119. Your fortune 500 company has under taken a TCO analysis evaluating the use of Amazon 53 versus acquiring more hardware The outcome was that ail employees would be granted access to use Amazon 53 for storage of their personal documents.
Which of the following will you need to consider so you can set up a solution that incorporates single sign-on from your corporate AD or LDAP directory and restricts access for each user to a designated user folder in a bucket? (Choose 3 Answers)
A. Setting up a federation proxy or identity provider
B. Using AWS Security Token Service to generate temporary tokens
C. Tagging each folder in the bucket
D. Configuring IAM role
E. Setting up a matching IAM user for every user in your corporate directory that needs access to a folder in the bucket
Answer: A, B, D
Q120. The common use cases for DynamoDB Fine-Grained Access Control (FGAC) are cases in which the end user wants .
A. to change the hash keys of the table directly
B. to check if an IAM policy requires the hash keys of the tables directly
C. to read or modify any codecommit key of the table directly, without a middle-tier service
D. to read or modify the table directly, without a middle-tier service
Answer: D
Explanation:
FGAC can benefit any application that tracks information in a DynamoDB table, where the end user (or application client acting on behalf of an end user) wants to read or modify the table directly, without a middle-tier service. For instance, a developer of a mobile app named Acme can use FGAC to track the
top score of every Acme user in a DynamoDB table. FGAC allows the application client to modify only the top score for the user that is currently running the application.
Reference: http://aws.amazon.com/dynamodb/faqs/#security_anchor