Latest SOA-C01 Ebook 2021

NEW QUESTION 1
An organization has added 3 of his AWS accounts to consolidated billing. One of the AWS accounts has purchased a Reserved Instance (RI. of a small instance size in the US-East-1a zone. All other AWS accounts are running instances of a small size in the same zone. What will happen in this case for the RI pricing?

• A. Only the account that has purchased the RI will get the advantage of RI pricing
• B. One instance of a small size and running in the US-East-1a zone of each AWS account will get the benefit of RI pricing
• C. Any single instance from all the three accounts can get the benefit of AWS RI pricing if they are running in the same zone and are of the same size
• D. If there are more than one instances of a small size running across multiple accounts in the same zone no one will get the benefit of RI

Answer: C

Explanation:
AWS consolidated billing enables the organization to consolidate payments for multiple Amazon Web Services (AWS. accounts within a single organization by making a single paying account. For billing purposes, consolidated billing treats all the accounts on the consolidated bill as one account. This means that all accounts on a consolidated bill can receive the hourly cost benefit of the Amazon EC2 Reserved Instances purchased by any other account. In this case only one Reserved Instance has been purchased by one account. Thus, only a single instance from any of the accounts will get the advantage of RI. AWS will implement the blended rate for each instance if more than one instance is running concurrently.

NEW QUESTION 2
A company Development team to access the AWS Management Console. A System Administrator has been asked to find a solution so that the Developers can sign in to the console using Active Directory (AD) credentials and not as IAM users.
What steps should the Systems Administrator take to enable functionality?

• A. Set up an Amazon Cognit federation, and the obtain temporary credentials using AWS Security Token Servic
• B. Assign the temporary credentials to an IAM role to allow a developers access to the AWS resource.
• C. Set up Active Directory Connector to use the corporate AD servers Enable AWS console access under the AWS Directory Service Console for the AD Connector that was just create
• D. Created a role with the resources and permissions that the Development team should have access to use.
• E. Connect the corporate AD servers to AWS using Amazon Cognito user pools Enable AWS console access within conito, and then assign the appropriate role to the user pool.
• F. Create a SAML template file using IAM assign the template to the corporate AD through the Simple AD Grant the Development team access to the SAML template.

Answer: A

NEW QUESTION 3
A user has launched an EC2 instance store backed instance in the US-East-1a zone. The user created AMI #1 and copied it to the Europe region. After that, the user made a few updates to the application running in the US-East-1a zone. The user makes an AMI#2 after the changes. If the user launches a new instance in Europe from the AMI #1 copy, which of the below mentioned statements is true?

• A. The new instance will have the changes made after the AMI copy as AWS just copies the reference of the original AMI during the copyin
• B. Thus, the copied AMI will have all the updated data
• C. The new instance will have the changes made after the AMI copy since AWS keeps updating the AMI
• D. It is not possible to copy the instance store backed AMI from one region to another
• E. The new instance in the EU region will not have the changes made after the AMI copy

Answer: D

Explanation:
Within EC2, when the user copies an AMI, the new AMI is fully independent of the source AMI; there is no link to the original (source. AMI. The user can modify the source AMI without affecting the new AMI and vice a versa. Therefore, in this case even if the source AMI is modified, the copied AMI of the EU region will not have the changes. Thus, after copy the user needs to copy the new source AMI to the destination region to get those changes.

NEW QUESTION 4
A user is checking the CloudWatch metrics from the AWS console. The user notices that the CloudWatch data is coming in UTC. The user wants to convert the data to a local time zone. How can the user perform this?

• A. In the CloudWatch dashboard the user should set the local timezone so that CloudWatch shows the data only in the local time zone
• B. In the CloudWatch console select the local timezone under the Time Range tab to view the data as per the local timezone
• C. The CloudWatch data is always in UTC; the user has to manually convert the data
• D. The user should have send the local timezone while uploading the data so that CloudWatch will show the data only in the local timezone

Answer: B

Explanation:
If the user is viewing the data inside the CloudWatch console, the console provides options to filter values
either using the relative period, such as days/hours or using the Absolute tab where the user can provide data with a specific date and time. The console also provides the option to search using the local timezone under the time range caption in the console because the time range tab allows the user to change the time zone.

NEW QUESTION 5
A user is trying to pre-warm a blank EBS volume attached to a Linux instance. Which of the below mentioned steps should be performed by the user?

• A. There is no need to pre-warm an EBS volume
• B. Contact AWS support to pre-warm
• C. Unmount the volume before pre-warming
• D. Format the device

Answer: C

Explanation:
When the user creates a new EBS volume or restores a volume from the snapshot, the back-end storage blocks are immediately allocated to the user EBS. However, the first time when the user is trying to access a block of the storage, it is recommended to either be wiped from the new volumes or instantiated from the snapshot (for restored volumes. before the user can access the block. This preliminary action takes time and can cause a 5 to 50 percent loss of IOPS for the volume when the block is accessed for the first time. To avoid this it is required to pre warm the volume. Pre-warming an EBS volume on a Linux instance requires that the user should unmount the blank device first and then write all the blocks on the device using a command, such as ??dd??.

NEW QUESTION 6
A company is running an Oracle database engine that handles heavy online transaction processing (OLTP) structured data traffic.
How can a SysOps administrator ensure that the database has high availability?

• A. Use Amazon DynamoOB to store the data
• B. Use Amazon RDS Multi -AZ deployment to store the data
• C. Use Amazon RDS read replicas in a different region to store the data
• D. Use an Amazon Redshift cluster to store the data

Answer: B

NEW QUESTION 7
A user has created a public subnet with VPC and launched an EC2 instance within it. The user is trying to delete the subnet. What will happen in this scenario?

• A. It will delete the subnet and make the EC2 instance as a part of the default subnet
• B. It will not allow the user to delete the subnet until the instances are terminated
• C. It will delete the subnet as well as terminate the instances
• D. The subnet can never be deleted independently, but the user has to delete the VPC first

Answer: B

Explanation:
A Virtual Private Cloud (VPC. is a virtual network dedicated to the user??s AWS account. A user can create a subnet with VPC and launch instances inside that subnet. When an instance is launched it will have a network interface attached with it. The user cannot delete the subnet until he terminates the instance and deletes the network interface.

NEW QUESTION 8
A user has setup Auto Scaling with ELB on the EC2 instances. The user wants to configure that
whenever the CPU utilization is below 10%, Auto Scaling should remove one instance. How can the user configure this?

• A. The user can get an email using SNS when the CPU utilization is less than 10%. The user can use the desired capacity of Auto Scaling to remove the instance
• B. Use CloudWatch to monitor the data and Auto Scaling to remove the instances using scheduled actions
• C. Configure CloudWatch to send a notification to Auto Scaling Launch configuration when the CPU utilization is less than 10% and configure the Auto Scaling policy to remove the instance
• D. Configure CloudWatch to send a notification to the Auto Scaling group when the CPU Utilization is less than 10% and configure the Auto Scaling policy to remove the instance

Answer: D

Explanation:
Amazon CloudWatch alarms watch a single metric over a time period that the user specifies and performs one or more actions based on the value of the metric relative to a given threshold over a number of time periods. The user can setup to receive a notification on the Auto Scaling group with the CloudWatch alarm when the CPU utilization is below a certain threshold. The user can configure the Auto Scaling policy to take action for removing the instance. When the CPU utilization is below 10% CloudWatch will send an alarm to the Auto Scaling group to execute the policy.

NEW QUESTION 9
Which services allow the customer to retain full administrative privileges of the underlying EC2 instances?
Choose 2 answers

• A. Amazon Elastic Map Reduce
• B. Elastic Load Balancing
• C. AWS Elastic Beanstalk
• D. Amazon ElastiCache
• E. Amazon Relational Database service

Answer: AC

Explanation:
The below services provide Root level access:
* EC2
* Elastic Beanstalk
* Elastic MapReduce ?V Master Node
* Opswork

NEW QUESTION 10
A user is measuring the CPU utilization of a private data centre machine every minute. The machine provides the aggregate of data every hour, such as Sum of data??, ??Min value??, ??Max value, and ??Number of Data points??.
The user wants to send these values to CloudWatch. How can the user achieve this?

• A. Send the data using the put-metric-data command with the aggregate-values parameter
• B. Send the data using the put-metric-data command with the average-values parameter
• C. Send the data using the put-metric-data command with the statistic-values parameter
• D. Send the data using the put-metric-data command with the aggregate ?Vdata parameter

Answer: C

Explanation:
AWS CloudWatch supports the custom metrics. The user can always capture the custom data and upload the data to CloudWatch using CLI or APIs. The user can publish the data to CloudWatch as single data points or as an aggregated set of data points called a statistic set using the command put- metric-data. When sending the aggregate data, the user needs to send it with the parameter statistic-values:
awscloudwatch put-metric-data --metric-name <Name> --namespace <Custom namespace -- timestamp
<UTC Format> --statistic-values Sum=XX,Minimum=YY,Maximum=AA,SampleCount=BB --unit Milliseconds

NEW QUESTION 11
The Database Administrator learn is interested in performing manual backups of Amazon DRS Oracle DB instance.
What step be taken to perform the backups?

• A. Attach an Amazon EBS volume with Oracle RMAN installed to the RDS instance
• B. Take a snapshot of the EBS volume that is attached to the DB instance.
• C. Install Oracle Secure Backup on the RDS instance and back up the Oracle database to Amazon S3
• D. Take a snapshot of the DB instance

Answer: D

NEW QUESTION 12
You have decided to change the Instance type for instances running In your application tier that are using Auto Scaling.
In which area below would you change the instance type definition?

• A. Auto Scaling launch configuration
• B. Auto Scaling group
• C. Auto Scaling policy
• D. Auto Scaling tags

Answer: A

Explanation:
Reference:
http://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/WhatIsAutoScaling.html

NEW QUESTION 13
A SysOps Administrator supports a legacy application that is hardcoded to service example.com. The application has recently been moved to AWS. The external DNS are managed by a third-party provider. The Administrator has set up an internal domain for example.com and configured this record using Amazon Route.
What solution offers the MOST efficient way to have instances in the same account resolve to the Route 53 service instead of the provider?

• A. Hardcode the name server record to the internal Route 53 IP address tor each instance
• B. Enable DNS resolution in the subnets as required
• C. Ensure that DNS resolution is enabled on the VPC
• D. Create an OS-specific hardcoded entry tor DNS resolution to the private URL

Answer: C

Explanation:
Using DNS with Your VPC
Domain Name System (DNS) is a standard by which names used on the Internet are resolved to their corresponding IP addresses. A DNS hostname is a name that uniquely and absolutely names a computer; it's composed of a host name and a domain name. DNS servers resolve DNS hostnames to their corresponding IP addresses.
Public IPv4 addresses enable communication over the Internet, while private IPv4 addresses enable communication within the network of the instance (either EC2-Classic or a VPC). For more information, see IP Addressing in Your VPC.
We provide an Amazon DNS server. To use your own DNS server, create a new set of DHCP options for your VPC. For more information, see DHCP Options Sets.
Contents
DNS Hostnames
DNS Support in Your VPC DNS Limits
Viewing DNS Hostnames for Your EC2 Instance Updating DNS Support for Your VPC
Using Private Hosted Zones

NEW QUESTION 14
You are managing the AWS account of a big organization. The organization has more than 1000+ employees and they want to provide access to the various services to most of the employees. Which of the below mentioned options is the best possible solution in this case?

• A. The user should create a separate IAM user for each employee and provide access to them as per the policy
• B. The user should create an IAM role and attach STS with the rol
• C. The user should attach that role to the EC2 instance and setup AWS authentication on that server
• D. The user should create IAM groups as per the organization??s departments and add each user to the group for better access control
• E. Attach an IAM role with the organization??s authentication service to authorize each user for various AWS services

Answer: D

Explanation:
AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. The user is managing an AWS account for an organization that already has an identity system, such as the login system for the corporate network (SSO. In this case, instead of creating individual IAM users or groups for each user who need AWS access, it may be more practical to use a proxy server to translate the user identities from the organization network into the temporary AWS security credentials. This proxy server will attach an IAM role to the user after authentication.

NEW QUESTION 15
A sys admin has enabled a log on ELB. Which of the below mentioned activities are not captured by the log?

• A. Response processing time
• B. Front end processing time
• C. Backend processing time
• D. Request processing time

Answer: B

Explanation:
Elastic Load Balancing access logs capture detailed information for all the requests made to the load balancer. Each request will have details, such as client IP, request path, ELB IP, time, and latencies. The time will have information, such as Request Processing time, Backend Processing time and Response Processing time.

NEW QUESTION 16
A user has launched an EC2 Windows instance from an instance store backed AMI. The user has also set the Instance initiated shutdown behavior to stop. What will happen when the user shuts down the OS?

• A. It will not allow the user to shutdown the OS when the shutdown behaviour is set to Stop
• B. It is not possible to set the termination behaviour to Stop for an Instance store backed AMI instance
• C. The instance will stay running but the OS will be shutdown
• D. The instance will be terminated

Answer: B

Explanation:
When the EC2 instance is launched from an instance store backed AMI, it will not allow the user to configure the shutdown behaviour to ??Stop??. It gives a warning that the instance does not have the EBS root volume.

NEW QUESTION 17
A system admin is planning to encrypt all objects being uploaded to S3 from an application. The system admin does not want to implement his own encryption algorithm; instead he is planning to use server side encryption by supplying his own key (SSE-C.. Which parameter is not required while making a call for SSE-C?

• A. x-amz-server-side-encryption-customer-key-AES-256
• B. x-amz-server-side-encryption-customer-key
• C. x-amz-server-side-encryption-customer-algorithm
• D. x-amz-server-side-encryption-customer-key-MD5

Answer: A

Explanation:
AWS S3 supports client side or server side encryption to encrypt all data at rest. The server side encryption can either have the S3 supplied AES-256 encryption key or the user can send the key along with each API call to supply his own encryption key (SSE-C.. When the user is supplying his own encryption key, the user has to send the below mentioned parameters as a part of the API calls:
x-amz-server-side-encryption-customer-algorithm: Specifies the encryption algorithm
x-amz-server-side-encryption-customer-key: To provide the base64-encoded encryption key
x-amz-server-side-encryption-customer-key-MD5: To provide the base64-encoded 128-bit MD5 digest of the encryption key

NEW QUESTION 18
A SysOps Administrator needs a report of all IAM users and the status of MFA for each user. Which IAM feature would meet this requirement?

• A. IAM Rotes report
• B. IAM MFA report
• C. IAM User Policies report
• D. IAM Credential report

Answer: D

Explanation:
Getting Credential Reports for Your AWS Account
You can generate and download a credential report that lists all users in your account and the status of their various credentials, including passwords, access keys, and MFA devices. You can get a credential report from the AWS Management Console, the AWS SDKs and Command Line Tools, or the IAM API.
You can use credential reports to assist in your auditing and compliance efforts. You can use the report to audit the effects of credential lifecycle requirements, such as password and access key rotation. You can provide the report to an external auditor, or grant permissions to an auditor so that he or she can download the report directly.
You can generate a credential report as often as once every four hours. When you request a report, IAM first checks whether a report for the AWS account has been generated within the past four hours. If so, the most recent report is downloaded. If the most recent report for the account is older than four hours, or if there are no previous reports for the account, IAM generates and downloads a new report.

NEW QUESTION 19
A user has launched 5 instances in EC2-CLASSIC and attached 5 elastic IPs to the five different
instances in the US East region. The user is creating a VPC in the same region. The user wants to assign an elastic IP to the VPC instance. How can the user achieve this?

• A. The user has to request AWS to increase the number of elastic IPs associated with the account
• B. AWS allows 10 EC2 Classic IPs per region; so it will allow to allocate new Elastic IPs to the same region
• C. The AWS will not allow to create a new elastic IP in VPC; it will throw an error
• D. The user can allocate a new IP address in VPC as it has a different limit than EC2

Answer: D

Explanation:
A Virtual Private Cloud (VPC. is a virtual network dedicated to the user??s AWS account. A user can create a subnet with VPC and launch instances inside that subnet. A user can have 5 IP addresses per region with EC2 Classic. The user can have 5 separate IPs with VPC in the same region as it has a separate limit than EC2 Classic.

NEW QUESTION 20
A user has created a VPC with CIDR 20.0.0.0/16 using the wizard. The user has created a public subnet CIDR (20.0.0.0/24. and VPN only subnets CIDR (20.0.1.0/24. along with the VPN gateway (vgw-12345. to connect to the user??s data centre. The user??s data centre has CIDR 172.28.0.0/12. The user has also setup a NAT instance (i-123456. to allow traffic to the internet from the VPN subnet. Which of the below mentioned options is not a valid entry for the main route table in this scenario?

• A. Destination: 20.0.1.0/24 and Target: i-12345
• B. Destination: 0.0.0.0/0 and Target: i-12345
• C. Destination: 172.28.0.0/12 and Target: vgw-12345
• D. Destination: 20.0.0.0/16 and Target: local

Answer: A

Explanation:
The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data centre, he can setup a public and VPN only subnet which uses hardware VPN access to connect with his data centre. When the user has configured this setup with Wizard, it will create a virtual private gateway to route all traffic of the VPN subnet. If the user has setup a NAT instance to route all the internet requests then all requests to the internet should be routed to it. All requests to the organization??s DC will be routed to the VPN gateway.
Here are the valid entries for the main route table in this scenario:
Destination: 0.0.0.0/0 & Target: i-12345 (To route all internet traffic to the NAT Instance.
Destination: 172.28.0.0/12 & Target: vgw-12345 (To route all the organization??s data centre traffic to the VPN gateway.
Destination: 20.0.0.0/16 & Target: local (To allow local routing in VPC.

NEW QUESTION 21
A user has created a VPC with public and private subnets. The VPC has CIDR 20.0.0.0/16. The private subnet uses CIDR 20.0.1.0/24 and the public subnet uses CIDR 20.0.0.0/24. The user is planning to host a web server in the public subnet (port 80. and a DB server in the private subnet (port 3306.. The user is configuring a security group of the NAT instance. Which of the below mentioned entries is not required for the NAT security group?

• A. For Inbound allow Source: 20.0.1.0/24 on port 80
• B. For Outbound allow Destination: 0.0.0.0/0 on port 80
• C. For Inbound allow Source: 20.0.0.0/24 on port 80
• D. For Outbound allow Destination: 0.0.0.0/0 on port 443

Answer: C

Explanation:
A user can create a subnet with VPC and launch instances inside that subnet. If the user has created a public private subnet to host the web server and DB server respectively, the user should configure that the instances in the private subnet can connect to the internet using the NAT instances. The user should first configure that NAT can receive traffic on ports 80 and 443 from the private subnet. Thus, allow ports 80 and 443 in Inbound for the private subnet 20.0.1.0/24. Now to route this traffic to the internet configure ports 80 and 443 in Outbound with destination 0.0.0.0/0. The NAT should not have an entry for the public subnet CIDR.

NEW QUESTION 22
Your organization is preparing for a security assessment of your use of AWS.
In preparation for this assessment, which two IAM best practices should you consider implementing? Choose 2 answers

• A. Create individual IAM users for everyone in your organization
• B. Configure MFA on the root account and for privileged IAM users
• C. Assign IAM users and groups configured with policies granting least privilege access
• D. Ensure all users have been assigned and are frequently rotating a password, access ID/secret key, and X.509 certificate

Answer: BC

Explanation:
Reference:
http://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html

NEW QUESTION 23
Your business is building a new application that will store its entire customer database on a RDS MySQL database, and will have various applications and users that will query that data for different purposes.
Large analytics jobs on the database are likely to cause other applications to not be able to get the query results they need to, before time out. Also, as your data grows, these analytics jobs will start to take more time, increasing the negative effect on the other applications.
How do you solve the contention issues between these different workloads on the same data?

• A. Enable Multi-AZ mode on the RDS instance
• B. Use ElastiCache to offload the analytics job data
• C. Create RDS Read-Replicas for the analytics work
• D. Run the RDS instance on the largest size possible

Answer: B

Explanation:
Amazon ElastiCache is a web service that makes it easy to deploy and run Memcached or Redis protocol-compliant server nodes in the cloud. Amazon ElastiCache improves the performance of web applications by allowing you to retrieve information from a fast, managed, in-memory caching system, instead of relying entirely on slower disk-based databases. The service simplifies and offloads the management, monitoring and operation of in-memory cache environments, enabling your engineering resources to focus on developing applications. Using Amazon ElastiCache, you can not only improve load and response times to user actions and queries, but also reduce the cost associated with scaling web applications.
Amazon ElastiCache automates common administrative tasks required to operate a distributed cache environment. Using Amazon ElastiCache, you can add a caching layer to your application architecture in a matter of minutes via a few clicks of the AWS Management Console. Once a cache cluster is provisioned, Amazon ElastiCache automatically detects and replaces failed cache nodes, providing a resilient system that mitigates the risk of overloaded databases, which slow website and application load times. Through integration with Amazon CloudWatch monitoring, Amazon ElastiCache provides enhanced visibility into key performance metrics associated with your cache nodes. Amazon ElastiCache is protocol-compliant with Memcached and Redis, so code, applications, and popular tools that you use today with your existing Memcached or Redis environments will work seamlessly with the service. As with all Amazon Web Services,

NEW QUESTION 24
A sys admin is using server side encryption with AWS S3. Which of the below mentioned statements helps the user understand the S3 encryption functionality?

• A. The server side encryption with the user supplied key works when versioning is enabled
• B. The user can use the AWS console, SDK and APIs to encrypt or decrypt the content for server side encryption with the user supplied key
• C. The user must send an AES-128 encrypted key
• D. The user can upload his own encryption key to the S3 console

Answer: A

Explanation:
AWS S3 supports client side or server side encryption to encrypt all data at rest. The server side encryption can either have the S3 supplied AES-256 encryption key or the user can send the key along with each API call to supply his own encryption key. The encryption with the user supplied key (SSE-C. does not work with the AWS console. The S3 does not store the keys and the user has to send a key with each request. The SSE-C works when the user has enabled versioning.

NEW QUESTION 25
A user is trying to save some cost on the AWS services. Which of the below mentioned options will not help him save cost?

• A. Delete the unutilized EBS volumes once the instance is terminated
• B. Delete the AutoScaling launch configuration after the instances are terminated
• C. Release the elastic IP if not required once the instance is terminated
• D. Delete the AWS ELB after the instances are terminated

Answer: B

Explanation:
AWS bills the user on a as pay as you go model. AWS will charge the user once the AWS resource is allocated. Even though the user is not using the resource, AWS will charge if it is in service or allocated. Thus, it is advised that once the user??s work is completed he should:
Terminate the EC2 instance Delete the EBS volumes Release the unutilized Elastic IPs Delete ELB The AutoScaling launch configuration does not cost the user. Thus, it will not make any difference to the cost whether it is deleted or not.

NEW QUESTION 26
A user has a refrigerator plant. The user is measuring the temperature of the plant every 15 minutes. If the user wants to send the data to CloudWatch to view the data visually, which of the below mentioned statements is true with respect to the information given above?

• A. The user needs to use AWS CLI or API to upload the data
• B. The user can use the AWS Import Export facility to import data to CloudWatch
• C. The user will upload data from the AWS console
• D. The user cannot upload data to CloudWatch since it is not an AWS service metric

Answer: A

Explanation:
AWS CloudWatch supports the custom metrics. The user can always capture the custom data and upload the data to CloudWatch using CLI or APIs. While sending the data the user has to include the metric name, namespace and timezone as part of the request.

NEW QUESTION 27
A user has created a queue named ??awsmodule?? with SQS. One of the consumers of queue is down for 3 days and then becomes available. Will that component receive message from queue?

• A. Yes, since SQS by default stores message for 4 days
• B. No, since SQS by default stores message for 1 day only
• C. No, since SQS sends message to consumers who are available that time
• D. Yes, since SQS will not delete message until it is delivered to all consumers

Answer: A

Explanation:
SQS allows the user to move data between distributed components of applications so they can perform different tasks without losing messages or requiring each component to be always available. Queues retain messages for a set period of time. By default, a queue retains messages for four days. However, the user can configure a queue to retain messages for up to 14 days after the message has been sent.

NEW QUESTION 28
A user has developed an application which is required to send the data to a NoSQL database. The user wants to decouple the data sending such that the application keeps processing and sending data but does not wait for an acknowledgement of DB. Which of the below mentioned applications helps in this scenario?

• A. AWS Simple Notification Service
• B. AWS Simple Workflow
• C. AWS Simple Queue Service
• D. AWS Simple Query Service

Answer: C

Explanation:
Amazon Simple Queue Service (SQS. is a fast, reliable, scalable, and fully managed message queuing service. SQS provides a simple and cost-effective way to decouple the components of an application. In this case, the user can use AWS SQS to send messages which are received from an application and sent to DB. The application can continue processing data without waiting for any acknowledgement from DB. The user can use SQS to transmit any volume of data without losing messages or requiring other services to always be available.

NEW QUESTION 29
A user runs the command ??dd if=/dev/xvdf of=/dev/null bs=1M?? on an EBS volume created from a snapshot and attached to a Linux instance. Which of the below mentioned activities is the user performing with the step given above?

• A. Pre warming the EBS volume
• B. Initiating the device to mount on the EBS volume
• C. Formatting the volume
• D. Copying the data from a snapshot to the device

Answer: A

Explanation:
When the user creates an EBS volume and is trying to access it for the first time it will encounter reduced IOPS due to wiping or initiating of the block storage. To avoid this as well as achieve the best performance it is required to pre warm the EBS volume. For a volume created from a snapshot and attached with a Linux OS, the ??dd?? command pre warms the existing data on EBS and any restored snapshots of volumes that have been previously fully pre warmed. This command maintains incremental snapshots; however, because this operation is read-only, it does not pre warm unused space that has never been written to on the original volume. In the command ??dd if=/dev/xvdf of=/dev/null bs=1M?? , the parameter ??if=input file?? should be set to the drive that the user wishes to warm. The ??of=output file?? parameter should be set to the Linux null virtual device, /dev/null. The ??bs?? parameter sets the block size of the read operation; for optimal performance, this should be set to 1 MB.

NEW QUESTION 30
A user has setup a VPC with CIDR 20.0.0.0/16. The VPC has a private subnet (20.0.1.0/24. and a public subnet (20.0.0.0/24.. The user??s data centre has CIDR of 20.0.54.0/24 and 20.1.0.0/24. If the private subnet wants to communicate with the data centre, what will happen?

• A. It will allow traffic communication on both the CIDRs of the data centre
• B. It will not allow traffic with data centre on CIDR 20.1.0.0/24 but allows traffic communication on 20.0.54.0/24
• C. It will not allow traffic communication on any of the data centre CIDRs
• D. It will allow traffic with data centre on CIDR 20.1.0.0/24 but does not allow on 20.0.54.0/24

Answer: D

Explanation:
VPC allows the user to set up a connection between his VPC and corporate or home network data centre. If the user has an IP address prefix in the VPC that overlaps with one of the networks' prefixes, any traffic to the network's prefix is dropped. In this case CIDR 20.0.54.0/24 falls in the VPC??s CIDR range of 20.0.0.0/16. Thus, it will not allow traffic on that IP. In the case of 20.1.0.0/24, it does not fall in the VPC??s CIDR range. Thus, traffic will be allowed on it.

NEW QUESTION 31
......