Amazon Amazon Certifications SAP-C01 Questions & Answers

• Question 611:

  Your supervisor has given you the task of creating an elastic network interface on each of your web servers that connect to a mid-tier network where an application server resides. He also wants this set up as a Dual-homed Instance on Distinct Subnets. Instead of routing network packets through the dual-homed instances, where should each dual-homed instance receive and process requests to fulfil his criteria?

  A. On one of the web servers

  B. On the front end

  C. On the back end

  D. Through a security group

  Correct Answer: B

  You can place an elastic network interface on each of your web servers that connects to a mid- tier network where an application server resides. The application server can also be dual-homed to a back-end network (subnet) where the database server resides. If it is set up like this, instead of routing network packets through the dual-homed instances, each dual-homed instance receives and processes requests on the front end and initiates a connection to the back end before finally sending requests to the servers on the back-end network.

  Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html

• Question 612:

  Which of the following should be followed before connecting to Amazon Virtual Private Cloud (Amazon VPC) using AWS Direct Connect?

  A. Provide a public Autonomous System Number (ASN) to identify your network on the Internet.

  B. Create a virtual private gateway and attach it to your Virtual Private Cloud (VPC).

  C. Allocate a private IP address to your network in the 122.x.x.x range.

  D. Provide a public IP address for each Border Gateway Protocol (BGP) session.

  Correct Answer: B

  To connect to Amazon Virtual Private Cloud (Amazon VPC) by using AWS Direct Connect, you must first do the following: Provide a private Autonomous System Number (ASN) to identify your network on the Internet. Amazon then allocates a private IP address in the 169.x.x.x range to you. Create a virtual private gateway and attach it to your VPC.

  Reference: http://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html

• Question 613:

  A user has created a VPC with CIDR 20.0.0.0/16. The user has created one subnet with CIDR 20.0.0.0/16 by mistake. The user is trying to create another subnet of CIDR 20.0.1.0/24.

  How can the user create the second subnet?

  A. The user can modify the first subnet CIDR with AWS CLI

  B. The user can modify the first subnet CIDR from the console

  C. There is no need to update the subnet as VPC automatically adjusts the CIDR of the first subnet based on the second subnet's CIDR

  D. It is not possible to create a second subnet with overlapping IP CIDR without deleting the first subnet.

  Correct Answer: D

  A Virtual Private Cloud (VPC) is a virtual network dedicated to the user's AWS account. A user can create a subnet with VPC and launch instances inside the subnet. The user can create a subnet with the same size of VPC. However, he cannot create any other subnet since the CIDR of the second subnet will conflict with the first subnet. The user cannot modify the CIDR of a subnet once it is created. Thus, in this case if required, the user has to delete the subnet and create new subnets.

  Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html

• Question 614:

  Which of the following is the final step that should be completed to start using AWS Direct Connect?

  A. Creating your Virtual Interface

  B. Configuring your router

  C. Completing the Cross Connect

  D. Verifying your Virtual Interface

  Correct Answer: D

  You can get started using AWS Direct Connect by completing the following steps. Step 1: Sign Up for Amazon Web Services Step 2: Submit AWS Direct Connect Connection Request Step 3: Complete the Cross Connect (optional) Step 4: Configure Redundant Connections with AWS Direct Connect Step 5: Create a Virtual Interface Step 6: Download Router Configuration Step 7: Verify Your Virtual Interface

  Reference: http://docs.aws.amazon.com/directconnect/latest/UserGuide/getstarted.html#connected

• Question 615:

  A company has registered 10 new domain names. The company uses the domains for online marketing. The company needs a solution that will redirect online visitors to a specific URL for each domain. All domains and target URLS are defined in a JSON document. All DNS records are managed by Amazon Route 53.

  A solutions architect must implement a redirect service that accepts HTTP and HTTPS requests.

  Which combination of steps should the solutions architect take to meet these requirements with the LEAST amount of operational effort? (Choose three.)

  A. Create a dynamic webpage that runs on an Amazon EC2 instance. Configure the webpage to use the JSON document in combination with the event message to look up and respond with a redirect URL.

  B. Create an Application Load Balancer that includes HTTP and HTTPS listeners.

  C. Create an AWS Lambda function that uses the JSON document in combination with the event message to look up and respond with a redirect URL.

  D. Use an Amazon API Gateway API with a custom domain to publish an AWS Lambda function.

  E. Create an Amazon CloudFront distribution. Deploy a Lambda@Edge function.

  F. Create an SSL certificate by using AWS Certificate Manager (ACM). Include the domains as Subject Alternative Names.

  Correct Answer: ABF

• Question 616:

  Identify a correct statement about the expiration date of the "Letter of Authorization and Connecting Facility Assignment (LOA-CFA)," which lets you complete the Cross Connect step of setting up your AWS Direct Connect.

  A. If the cross connect is not completed within 90 days, the authority granted by the LOA-CFA expires.

  B. If the virtual interface is not created within 72 days, the LOA-CFA becomes outdated.

  C. If the cross connect is not completed within a user-defined time, the authority granted by the LOA- CFA expires.

  D. If the cross connect is not completed within the specified duration from the appropriate provider, the LOA-CFA expires.

  Correct Answer: A

  An AWS Direct Connect location provides access to AWS in the region it is associated with. You can establish connections with AWS Direct Connect locations in multiple regions, but a connection in one region does not provide connectivity to other regions. Note: If the cross connect is not completed within 90 days, the authority granted by the LOA-CFA expires.

  Reference: http://docs.aws.amazon.com/directconnect/latest/UserGuide/Colocation.html

• Question 617:

  After setting an AWS Direct Connect, which of the following cannot be done with an AWS Direct Connect Virtual Interface?

  A. You can exchange traffic between the two ports in the same region connecting to different Virtual Private Gateways (VGWs) if you have more than one virtual interface.

  B. You can change the region of your virtual interface.

  C. You can delete a virtual interface; if its connection has no other virtual interfaces, you can delete the connection.

  D. You can create a hosted virtual interface.

  Correct Answer: A

  You must create a virtual interface to begin using your AWS Direct Connect connection. You can create a public virtual interface to connect to public resources or a private virtual interface to connect to your VPC. Also, it is possible to configure multiple virtual interfaces on a single AWS Direct Connect connection, and you'll need one private virtual interface for each VPC to connect to. Each virtual interface needs a VLAN ID, interface IP address, ASN, and BGP key. To use your AWS Direct Connect connection with another AWS account, you can create a hosted virtual interface for that account. These hosted virtual interfaces work the same as standard virtual interfaces and can connect to public resources or a VPC.

  Reference: http://docs.aws.amazon.com/directconnect/latest/UserGuide/WorkingWithVirtualInterfaces.html

• Question 618:

  An elastic network interface (ENI) is a virtual network interface that you can attach to an instance in a VPC. An ENI can include one public IP address, which can be auto-assigned to the elastic network interface for eth0 when you launch an instance, but only when you_____.

  A. create an elastic network interface for eth1

  B. include a MAC address

  C. use an existing network interface

  D. create an elastic network interface for eth0

  Correct Answer: D

  An elastic network interface (ENI) is defined as a virtual network interface that you can attach to an instance in a VPC and can include one public IP address, which can be auto-assigned to the elastic network interface for eth0 when you launch an instance, but only when you create an elastic network interface for eth0 instead of using an existing network interface.

  Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html

• Question 619:

  You need to develop and run some new applications on AWS and you know that Elastic Beanstalk and CloudFormation can both help as a deployment mechanism for a broad range of AWS resources.

  Which of the following is TRUE statements when describing the differences between Elastic Beanstalk and CloudFormation?

  A. AWS Elastic Beanstalk introduces two concepts: The template, a JSON or YAML-format, text- based file

  B. Elastic Beanstalk supports AWS CloudFormation application environments as one of the AWS resource types.

  C. Elastic Beanstalk automates and simplifies the task of repeatedly and predictably creating groups of related resources that power your applications. CloudFormation does not.

  D. You can design and script custom resources in CloudFormation

  Correct Answer: D

  These services are designed to complement each other. AWS Elastic Beanstalk provides an environment to easily deploy and run applications in the cloud. It is integrated with developer tools and provides a one-stop experience for you to manage the lifecycle of your applications. AWS CloudFormation is a convenient provisioning mechanism for a broad range of AWS resources. It supports the infrastructure needs of many different types of applications such as existing enterprise applications, legacy applications, applications built using a variety of AWS resources and container-based solutions (including those built using AWS Elastic Beanstalk). AWS CloudFormation supports Elastic Beanstalk application environments as one of the AWS resource types. This allows you, for example, to create and manage an AWS Elastic Beanstalk-hosted application along with an RDS database to store the application data. In addition to RDS instances, any other supported AWS resource can be added to the group as well.

  Reference: https://aws.amazon.com/cloudformation/faqs

• Question 620:

  What is a circular dependency in AWS CloudFormation?

  A. When Nested Stacks depend on each other.

  B. When Resources form a Depend On loop.

  C. When a Template references an earlier version of itself.

  D. When a Template references a region, which references the original Template.

  Correct Answer: B

  To resolve a dependency error, add a Depends On attribute to resources that depend on other resources in your template. In some cases, you must explicitly declare dependencies so that AWS CloudFormation can create or delete resources in the correct order. For example, if you create an Elastic IP and a VPC with an Internet gateway in the same stack, the Elastic IP must depend on the Internet gateway attachment. For additional information, see Depends On Attribute.

  Reference: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/troubleshooting.html#troubleshootingerrors-dependency-error