Up To The Immediate Present SAA-C01 Training Tools 2021

NEW QUESTION 1
In order to optimize performance for a compute cluster that requires low inter-node latency, which of the following feature should you use?

• A. Multiple Availability Zones
• B. AWS Direct Connect
• C. EC2 Dedicated Instances
• D. Placement Groups
• E. VPC private subnets

Answer: D

Explanation:
A placement group is a logical grouping of instances within a single Availability Zone. Using placement groups enables applications to participate in a low-latency, 10 Gigabits per second (Gbps) network. http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html References:

NEW QUESTION 2
A user has created photo editing software and hosted it on EC2. The software accepts requests from the user about the photo format and resolution and sends a message to S3 to enhance the picture accordingly. Which of the below mentioned AWS services will help make a scalable software with the AWS infrastructure in this scenario?

• A. AWS Simple Notification Service
• B. AWS Simple Queue Service
• C. AWS Elastic Transcoder
• D. AWS Glacier

Answer: B

Explanation:
Amazon Simple Queue Service (SQS) is a fast, reliable, scalable, and fully managed message queuing service. SQS provides a simple and cost-effective way to decouple the components of an application. The user can configure SQS, which will decouple the call between the EC2 application and S3. Thus, the application does not keep waiting for S3 to provide the data.

NEW QUESTION 3
After deciding that EMR will be useful in analyzing vast amounts of data for a gaming website that you are architecting you have just deployed an Amazon EMR Cluster and wish to monitor the cluster performance. Which of the following tools cannot be used to monitor the cluster performance?

• A. Kinesis
• B. Ganglia
• C. CloudWatch Metrics
• D. Hadoop Web Interfaces

Answer: A

Explanation:
Amazon EMR provides several tools to monitor the performance of your cluster. Hadoop Web Interfaces
Every cluster publishes a set of web interfaces on the master node that contain information about the cluster. You can access these web pages by using an SSH tunnel to connect them on the master node. For more information, see View Web Interfaces Hosted on Amazon EMR Clusters. CloudWatch Metrics
Every cluster reports metrics to CloudWatch. CloudWatch is a web service that tracks metrics, and which you can use to set alarms on those metrics. For more information, see Monitor Metrics with CloudWatch.
Ganglia
Ganglia is a cluster monitoring tool. To have this available, you have to install Ganglia on the cluster when you launch it. After you've done so, you can monitor the cluster as it runs by using an SSH tunnel to connect to the Ganglia UI running on the master node. For more information, see Monitor Performance with Ganglia.

NEW QUESTION 4
In regard to AWS CloudFormation, to pass values to your template at runtime you should use ____.

• A. parameters
• B. conditions
• C. resources
• D. mapping

Answer: A

Explanation:
Optional parameters are listed in the Parameters section. Parameters enable you to pass values
to your template at runtime, and can be dereferenced in the Resources and Outputs sections of the template.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/concept-template.html

NEW QUESTION 5
In Amazon EC2, can you create an EBS volume from a snapshot and attach it to another instance?

• A. No, you cannot attach EBS volumes to an instance.
• B. Yes, you can but only if the volume is larger than 2TB.
• C. No, you can't create an EBS volume from a snapshot.
• D. Yes, you ca

Answer: D

Explanation:
To keep a backup copy of your data, you can create a snapshot of an EBS volume, which is stored in Amazon S3. You can create an EBS volume from a snapshot, and attach it to another instance. http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/Storage.html

NEW QUESTION 6
A route table in VPC can be associated with multiple subnets. However, a subnet can be associated with only ____ route table(s) at a time.

• A. four
• B. two
• C. three
• D. one

Answer: D

Explanation:
Every subnet in your VPC must be associated with exactly one route table at a time. However, the
same route table can be associated with multiple subnets. http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Route_Tables.html

NEW QUESTION 7
You have been tasked with creating a VPC network topology for your company. The VPC network must support both Internet-facing applications and internally-facing applications accessed only over VPN. Both Internet-facing and internally-facing applications must be able to leverage at least three AZs for high availability. At a minimum, how many subnets must you create within your VPC to accommodate these requirements?

• A. 2
• B. 3
• C. 4
• D. 6

Answer: D

NEW QUESTION 8
When an EC2 EBS-backed (EBS root) instance is stopped, what happens to the data on any ephemeral store volumes?

• A. Data is automatically saved in an EBS volume.
• B. Data is unavailable until the instance is restarted.
• C. Data will be deleted and will no longer be accessible.
• D. Data is automatically saved as an EBS snapsho

Answer: C

Explanation:
When you stop a running instance, the following happens:
*The instance performs a normal shutdown and stops running; its status changes to stopping and then stopped.
*Any Amazon EBS volumes remain attached to the instance, and their data persists.
*Any data stored in the RAM of the host computer or the instance store volumes of the host computer is gone.

NEW QUESTION 9
You are designing the network infrastructure for an application server in Amazon VPC Users will
access all the application instances from the Internet as well as from an on-premises network The onpremises network is connected to your VPC over an AWS Direct Connect link.
How would you design routing to meet the above requirements?

• A. Configure a single routing Table with a default route via the Internet gateway Propagate a default route via BGP on the AWS Direct Connect customer route
• B. Associate the routing table with all VPC subnets.
• C. Configure a single routing table with a default route via the internet gateway Propagate specific routes for the on-premises networks via BGP on the AWS Direct Connect customer router Associate the routing table with all VPC subnets.
• D. Configure a single routing table with two default routes: one to the internet via an Internet gateway the other to the on-premises network via the VPN gateway use this routing table across all subnets in your VPC,
• E. Configure two routing tables one that has a default route via the Internet gateway and another that has a default route via the VPN gateway Associate both routing tables with each VPC subnet.

Answer: B

NEW QUESTION 10
An organization has a statutory requirement to protect the data at rest for the S3 objects. Which of the below mentioned options need not be enabled by the organization to achieve data security?

• A. MFA delete for S3 objects
• B. Client side encryption
• C. Bucket versioning
• D. Data replication

Answer: D

Explanation:
AWS S3 provides multiple options to achieve the protection of data at REST. The options include Permission (Policy), Encryption (Client and Server Side), Bucket Versioning and MFA based delete. The user can enable any of these options to achieve data protection. Data replication is an internal facility by AWS where S3 replicates each object across all the Availability Zones and the organization need not enable it in this case.

NEW QUESTION 11
Your company has set up an application in eu-west-1 with a disaster recovery site in eu-central-1. You want to be notified of any AWS API activity in regions other than these two.
How can you monitor AWS API activity in other regions?

• A. Create a CloudWatch alarm for CloudTrail events.
• B. Create a CloudWatch alarm for Trusted Advisor.
• C. Create a CloudWatch alarm for VPC flow logs.
• D. Create a CloudWatch alarm for SSH key usage.

Answer: A

NEW QUESTION 12
A user is planning to make a mobile game which can be played online or offline and will be hosted on EC2. The user wants to ensure that if someone breaks the highest score or they achieve some milestone they can inform all their colleagues through email. Which of the below mentioned AWS services helps achieve this goal?

• A. AWS Simple Workflow Service.
• B. AWS Simple Email Service.
• C. Amazon Cognito
• D. AWS Simple Queue Servic

Answer: B

Explanation:
Amazon Simple Email Service (Amazon SES) is a highly scalable and cost-effective email-sending service for businesses and developers. It integrates with other AWS services, making it easy to send emails from applications that are hosted on AWS.

NEW QUESTION 13
You are using Amazon SES as an email solution but are unsure of what its limitations are. Which statement below is correct in regards to that?

• A. New Amazon SES users who have received production access can send up to 1,000 emails per 24- hour period, at a maximum rate of 10 emails per second
• B. Every Amazon SES sender has the same set of sending limits
• C. Sending limits are based on messages rather than on recipients
• D. Every Amazon SES sender has a unique set of sending limits

Answer: D

Explanation:
Amazon Simple Email Service (Amazon SES) is a highly scalable and cost-effective email-sending service for businesses and developers. Amazon SES eliminates the complexity and expense of building an in-house email solution or licensing, installing, and operating a third-party email service for this type of email communication.
Every Amazon SES sender has a unique set of sending limits, which are calculated by Amazon SES on an ongoing basis:
Sending quota --the maximum number of emails you can send in a 24-hour period.
Maximum send rate --the maximum number of emails you can send per second. New Amazon SES users who have received production access can send up to 10,000 emails per 24-hour period, at a maximum rate of 5 emails per second. Amazon SES automatically adjusts these limits upward, as long as you send high-quality email. If your existing quota is not adequate for your needs and the system has not automatically increased your quota, you can submit an SES Sending Quota Increase case at any time.
Sending limits are based on recipients rather than on messages. You can check your sending limits at any time by using the Amazon SES console.
Note that if your email is detected to be of poor or questionable quality (e.g., high complaint rates, high bounce rates, spam, or abusive content), Amazon SES might temporarily or permanently reduce your permitted send volume, or take other action as AWS deems appropriate.

NEW QUESTION 14
What does Amazon RDS stand for?

• A. Regional Data Server.
• B. Relational Database Service.
• C. Nothing.
• D. Regional Database Servic

Answer: B

NEW QUESTION 15
Amazon's Redshift uses which block size for its columnar storage?

• A. 2KB
• B. 8KB
• C. 16KB
• D. 32KB
• E. 1024KB / 1MB

Answer: E

NEW QUESTION 16
When you use the AWS Management Console to delete an IAM user, IAM also deletes any signing certificates and any access keys belonging to the user.

• A. FALSE
• B. This is configurable
• C. TRUE

Answer: C

Explanation:
When you use the AWS Management Console to delete an IAM user, IAM automatically deletes the following information for you:
The user
Any group memberships -- that is, the user is removed from any IAM groups that the user was a member of:
Any password associated with the user Any access keys belonging to the user
All inline policies embedded in the user (policies that are applied to a user via group permissions are not affected) Note!
Any managed policies attached to the user are detached from the user when the user is deleted. Managed policies are not deleted when you delete a user.
Any associated MFA device http://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_manage.html#id_users_deleting_con sole

NEW QUESTION 17
In the context of AWS Security Best Practices for RDS, if you require encryption or data integrity authentication of data at rest for compliance or other purposes, you can add protection at the _____ using SQL cryptographic functions.

• A. physical layer
• B. security layer
• C. application layer
• D. data-link layer

Answer: C

Explanation:
Amazon RDS leverages the same secure infrastructure as Amazon EC2. You can use the Amazon RDS service without additional protection, but if you require encryption or data integrity authentication
of data at rest for compliance or other purposes, you can add protection at the application layer, or at the platform layer using SQL cryptographic functions.
https://d0.awsstatic.com/whitepapers/aws-security-best-practices.pdf

NEW QUESTION 18
Because of the extensibility limitations of striped storage attached to Windows Server, Amazon RDS does not currently support increasing storage on a _____ DB Instance.

• A. SQL Server
• B. MySQL
• C. Oracle

Answer: A

NEW QUESTION 19
When you resize the Amazon RDS DB instance, Amazon RDS will perform the upgrade during the next maintenance window. If you want the upgrade to be performed now, rather than waiting for the maintenance window, specify the ____ option.

• A. ApplyNow
• B. ApplySoon
• C. ApplyThis
• D. ApplyImmediately

Answer: D

Explanation:
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.DBInstance.Modifying.html

NEW QUESTION 20
Is an edge location in AWS the same as a region?

• A. True
• B. False

Answer: B

Explanation:

NEW QUESTION 21
You are signed in as root user on your account but there is an Amazon S3 bucket under your account that you cannot access. What is a possible reason for this?

• A. An IAM user assigned a bucket policy to an Amazon S3 bucket and didn't specify the root user as a principal
• B. The S3 bucket is full.
• C. The S3 bucket has reached the maximum number of objects allowed.
• D. You are in the wrong availability zone

Answer: A

Explanation:
With IAM, you can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users can access.
In some cases, you might have an IAM user with full access to IAM and Amazon S3. If the IAM user assigns a bucket policy to an Amazon S3 bucket and doesn't specify the root user as a principal, the root user is denied access to that bucket. However, as the root user, you can still access the bucket by modifying the bucket policy to allow root user access.

NEW QUESTION 22
A legacy application running in premises requires a Solutions Architect to be able to open a firewall to allow access to several Amazon S3 buckets. The Architect has a VPN connection to AWS in place. How should the Architect meet this requirement?

• A. Create an IAM role that allows access from the corporate network to Amazon S3.
• B. Configure a proxy on Amazon EC2 and use an Amazon S3 VPC endpoint.
• C. Use Amazon API Gateway to do IP whitelisting.
• D. Configure IP whitelisting on the customer’s gateway.

Answer: A

NEW QUESTION 23
Using SAML (Security Assertion Markup Language 2.0) you can give your federated users single sign Questions & Answers PDF P-206
on (SSO) access to the AWS Management Console.

• A. True
• B. False

Answer: A

NEW QUESTION 24
Please select the Amazon EC2 resource which cannot be tagged.

• A. images (AMIs, kernels, RAM disks)
• B. Amazon EBS volumes
• C. Elastic IP addresses
• D. VPCs

Answer: C

Explanation:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#tag-restrictions

NEW QUESTION 25
Your manager has just given you access to multiple VPN connections that someone else has recently set up between all your company's offices. She needs you to make sure that the communication between the VPNs is secure. Which of the following services would be best for providing a low-cost hub-and-spoke model for primary or backup connectivity between these remote offices?

• A. Amazon CloudFront
• B. AWS Direct Connect
• C. AWS CloudHSM
• D. AWS VPN CloudHub

Answer: D

Explanation:
If you have multiple VPN connections, you can provide secure communication between sites using
the AWS VPN CloudHub. The VPN CloudHub operates on a simple hub-and-spoke model that you can use with or without a VPC. This design is suitable for customers with multiple branch offices and existing Internet connections who would like to implement a convenient, potentially low-cost huband- spoke model for primary or backup connectivity between these remote offices.

NEW QUESTION 26
Select the correct set of options. These are the initial settings for the default security group:

• A. Allow no inbound traffic, Allow all outbound traffic and Allow instances associated with this security group to talk to each other
• B. Allow all inbound traffic, Allow no outbound traffic and Allow instances associated with this security group to talk to each other
• C. Allow no inbound traffic, Allow all outbound traffic and Does NOT allow instances associated with this security group to talk to each other
• D. Allow all inbound traffic, Allow all outbound traffic and Does NOT allow instances associated with this security group to talk to each other

Answer: A

Explanation:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html#defaultsecurity- group
A default security group is named default, and it has an ID assigned by AWS. The following are the initial settings for each default security group:
Allow inbound traffic only from other instances associated with the default security group Allow all outbound traffic from the instance
The default security group specifies itself as a source security group in its inbound rules. This is what allows instances associated with the default security group to communicate with other instances associated with the default security group.

NEW QUESTION 27
True or False: Automated backups are enabled by default for a new DB Instance.

• A. TRUE
• B. FALSE

Answer: A

NEW QUESTION 28
Can I delete a snapshot of the root device of an EBS volume used by a registered AMI?

• A. Only via API
• B. Only via Console
• C. Yes
• D. No

Answer: D

Explanation:
Note that you can’t delete a snapshot of the root device of an EBS volume used by a registered AMI. You must first deregister the AMI before you can delete the snapshot.
Source: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-deleting-snapshot.html

NEW QUESTION 29
You can seamlessly join an EC2 instance to your directory domain. What connectivity do you need to be able to connect remotely to this instance?

• A. You must have IP connectivity to the instance from the network you are connecting from.
• B. You must have the correct encryption keys to connect to the instance remotely.
• C. You must have enough bandwidth to connect to the instance.
• D. You must use MFA authentication to be able to connect to the instance remotel

Answer: A

Explanation:
You can seamlessly join an EC2 instance to your directory domain when the instance is launched
using the Amazon EC2 Simple Systems Manager. If you need to manually join an EC2 instance to your domain, you must launch the instance in the proper region and security group or subnet, then join
the instance to the domain. To be able to connect remotely to these instances, you must have IP connectivity to the instances from the network you are connecting from. In most cases, this requires that an Internet gateway be attached to your VPC and that the instance has a public IP address.

NEW QUESTION 30
......