Amazon Amazon Certifications SAP-C01 Questions & Answers

• Question 641:

  A user has configured two security groups which allow traffic as given below: 1: SecGrp1:

  Inbound on port 80 for 0.0.0.0/0 Inbound on port 22 for 0.0.0.0/0 2: SecGrp2:

  Inbound on port 22 for 10.10.10.1/32

  If both the security groups are associated with the same instance, which of the below mentioned

  statements is true?

  A. It is not possible to have more than one security group assigned to a single instance

  B. It is not possible to create the security group with conflicting rules. AWS will reject the request

  C. It allows inbound traffic for everyone on both ports 22 and 80

  D. It allows inbound traffic on port 22 for IP 10.10.10.1 and for everyone else on port 80

  Correct Answer: C

  A user can attach more than one security group to a single EC2 instance. In this case, the rules from each security group are effectively aggregated to create one set of rules. AWS uses this set of rules to determine whether to allow access or not. Thus, here the rule for port 22 with IP 10.10.10.1/32 will merge with IP 0.0.0.0/0 and open ports 22 and 80 for all.

  Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html

• Question 642:

  An organization hosts an app on EC2 instances which multiple developers need access to in order to

  perform updates.

  The organization plans to implement some security best practices related to instance access.

  Which one of the following recommendations will not help improve its security in this way?

  A. Disable the password based login for all the users. All the users should use their own keys to connect with the instance securely.

  B. Create an IAM policy allowing only IAM users to connect to the EC2 instances with their own SSH key.

  C. Create a procedure to revoke the access rights of the individual user when they are not required to connect to EC2 instance anymore for the purpose of application configuration.

  D. Apply the latest patch of OS and always keep it updated.

  Correct Answer: B

  Since AWS is a public cloud any application hosted on EC2 is prone to hacker attacks. It becomes extremely important for a user to setup a proper security mechanism on the EC2 instances. A few of the security measures are listed below:

  1.

  Always keep the OS updated with the latest patch

  2.

  Always create separate users with in OS if they need to connect with the EC2 instances, create their keys and disable their password

  3.

  Create a procedure using which the admin can revoke the access of the user when the business work on the EC2 instance is completed. . Lock down unnecessary ports

  4.

  Audit any proprietary applications that the user may be running on the EC2 instance. Provide temporary escalated privileges, such as sudo for users who need to perform occasional privileged tasks IAM is useful when users are required to work with AWS resources and actions, such as launching an instance. It is not useful in this case because it does not manage who can connect via RDP or SSH with an instance.

  Reference: http://aws.amazon.com/articles/1233/

• Question 643:

  In CloudFormation, if you want to map an Amazon Elastic Block Store to an Amazon EC2 instance, _________.

  A. you reference the logical IDs to associate the block stores with the instance

  B. you reference the physical IDs of the instance along with the resource type

  C. you reference the instance IDs of the block store along with the resource properties

  D. you reference the physical IDs of both the block stores and the instance

  Correct Answer: A

  In AWS CloudFormation, if you want to map an Amazon Elastic Block Store to an Amazon EC2 instance, you reference the logical IDs to associate the block stores with the instance.

  Reference: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/concept-resources.html

• Question 644:

  You have written a CloudFormation template that creates 1 Elastic Load Balancer fronting 2 EC2 Instances.

  Which section of the template should you edit so that the DNS of the load balancer is returned upon creation of the stack?

  A. Parameters

  B. Outputs

  C. Mappings

  D. Resources

  Correct Answer: B

  You can use AWS CloudFormation's sample templates or create your own templates to describe the AWS

  resources, and any associated dependencies or runtime parameters, required to run your application. In

  the following example, the output named BackupLoadBalancerDNSName returns the DNS name for the

  resource with the logical ID BackupLoadBalancer only when the CreateProdResources condition is true.

  (The second output shows how to specify multiple outputs.) "Outputs" : {

  "BackupLoadBalancerDNSName" : {

  "Description": "The DNSName of the backup load balancer", "Value" : { "Fn::GetAtt" :

  [ "BackupLoadBalancer", "DNSName" ]}, "Condition" : "CreateProdResources" }, "InstanceID" : {

  "Description": "The Instance ID", "Value" : { "Ref" : "EC2Instance" }

  }

  }

  Reference:

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/outputs-section-structure.html

• Question 645:

  Which system is used by Amazon Machine Images paravirtual (PV) virtualization during the boot process?

  A. PV-BOOT

  B. PV-AMI

  C. PV-WORM

  D. PV-GRUB

  Correct Answer: D

  Amazon Machine Images that use paravirtual (PV) virtualization use a system called PV-GRUB during the boot process. PV-GRUB is a paravirtual boot loader that runs a patched version of GNU GRUB 0.97.

  When you start an instance, PV- GRUB starts the boot process and then chain loads the kernel specified by your image's menu.lst file.

  Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/UserProvidedKernels.html

• Question 646:

  A user has launched a dedicated EBS backed instance with EC2. You are curious where the EBS volume for this instance will be created.

  Which statement is correct about the EBS volume's creation?

  A. The EBS volume will not be created on the same tenant hardware assigned to the dedicated instance

  B. AWS does not allow a dedicated EBS backed instance launch

  C. The EBS volume will be created on the same tenant hardware assigned to the dedicated instance

  D. The user can specify where the EBS will be created

  Correct Answer: A

  The dedicated instances are Amazon EC2 instances that run in a Virtual Private Cloud (VPC) on hardware that is dedicated to a single customer. When a user launches an Amazon EBS-backed dedicated instance, the EBS volume does not run on single-tenant hardware.

  Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/dedicated-instance.html

• Question 647:

  Which EC2 functionality allows the user to place the Cluster Compute instances in clusters?

  A. Cluster group

  B. Cluster security group

  C. GPU units

  D. Cluster placement group

  Correct Answer: D

  The Amazon EC2 cluster placement group functionality allows users to group cluster compute instances in clusters.

  Reference: https://aws.amazon.com/ec2/faqs/

• Question 648:

  If you have a running instance using an Amazon EBS boot partition, you can call the _______ API to release the compute resources but preserve the data on the boot partition.

  A. Stop Instances

  B. Terminate Instances

  C. AMI Instance

  D. Ping Instance

  Correct Answer: A

  If you have a running instance using an Amazon EBS boot partition, you can also call the Stop Instances API to release the compute resources but preserve the data on the boot partition.

  Reference: https://aws.amazon.com/ec2/faqs/#How_quickly_will_systems_be_running

• Question 649:

  Does Autoscaling automatically assign tags to resources?

  A. No, not unless they are configured via API.

  B. Yes, it does.

  C. Yes, by default.

  D. No, it does not.

  Correct Answer: B

  Tags don't have any semantic meaning to Amazon EC2 and are interpreted strictly as a string of characters. Tags are assigned automatically to the instances created by an Auto Scaling group. Auto Scaling adds a tag to the instance with a key of aws: autoscaling:groupName and a value of the name of the Auto Scaling group.

  Reference: http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/Using_Tags.html

• Question 650:

  A user has suspended the scaling process on the Auto Scaling group. A scaling activity to increase the

  instance count was already in progress.

  What effect will the suspension have on that activity?

  A. No effect. The scaling activity continues

  B. Pauses the instance launch and launches it only after Auto Scaling is resumed

  C. Terminates the instance

  D. Stops the instance temporary

  Correct Answer: A

  The user may want to stop the automated scaling processes on the Auto Scaling groups either to perform manual operations or during emergency situations. To perform this, the user can suspend one or more scaling processes at any time. When this process is suspended, Auto Scaling creates no new scaling activities for that group. Scaling activities that were already in progress before the group was suspended continue until completed.

  Reference: http://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/AS_Concepts.html