Amazon Amazon Certifications SAP-C01 Questions & Answers

• Question 671:

  Which of the following cannot be used to manage Amazon ElastiCache and perform administrative tasks?

  A. AWS software development kits (SDKs)

  B. Amazon S3

  C. ElastiCache command line interface (CLI)

  D. AWS CloudWatch

  Correct Answer: D

  CloudWatch is a monitoring tool and doesn't give users access to manage Amazon ElastiCache.

  Reference: http://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/WhatIs.Managing.html

• Question 672:

  A user has created a VPC with public and private subnets using the VPC wizard. The VPC has CIDR 20.0.0.0/16. The private subnet uses CIDR 20.0.0.0/24. The NAT instance ID is i-a12345.

  Which of the below mentioned entries are required in the main route table attached with the private subnet to allow instances to connect with the internet?

  A. Destination: 20.0.0.0/0 and Target: 80

  B. Destination: 20.0.0.0/0 and Target: i-a12345

  C. Destination: 20.0.0.0/24 and Target: i-a12345

  D. Destination: 0.0.0.0/0 and Target: i-a12345

  Correct Answer: D

  A user can create a subnet with VPC and launch instances inside that subnet. If the user has created a public private subnet, the instances in the public subnet can receive inbound traffic directly from the Internet, whereas the instances in the private subnet cannot. If these subnets are created with Wizard, AWS will create two route tables and attach to the subnets. The main route table will have the entry "Destination: 0.0.0.0/0 and Target: i-a12345", which allows all the instances in the private subnet to connect to the internet using NAT.

  Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html

• Question 673:

  In Amazon ElastiCache, the default cache port is:

  A. for Memcached 11210 and for Redis 6380.

  B. for Memcached 11211 and for Redis 6380.

  C. for Memcached 11210 and for Redis 6379.

  D. for Memcached 11211 and for Redis 6379.

  Correct Answer: D

  In Amazon ElastiCache, you can specify a new port number for your cache cluster, which by default is 11211 for Memcached and 6379 for Redis.

  Reference: http://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/GettingStarted.AuthorizeAccess.html

• Question 674:

  An organization is setting up their website on AWS. The organization is working on various security measures to be performed on the AWS EC2 instances.

  Which of the below mentioned security mechanisms will not help the organization to avoid future data leaks and identify security weaknesses?

  A. Run penetration testing on AWS with prior approval from Amazon.

  B. Perform SQL injection for application testing.

  C. Perform a Code Check for any memory leaks.

  D. Perform a hardening test on the AWS instance.

  Correct Answer: C

  AWS security follows the shared security model where the user is as much responsible as Amazon. Since Amazon is a public cloud it is bound to be targeted by hackers. If an organization is planning to host their application on AWS EC2, they should perform the below mentioned security checks as a measure to find any security weakness/data leaks: Perform penetration testing as performed by attackers to find any vulnerability. The organization must take an approval from AWS before performing penetration testing Perform hardening testing to find if there are any unnecessary ports open Perform SQL injection to find any DB security issues The code memory checks are generally useful when the organization wants to improve the application performance.

  Reference: http://aws.amazon.com/security/penetration-testing/

• Question 675:

  A user is hosting a public website on AWS. The user wants to have the database and the app server on the AWS VPC. The user wants to setup a database that can connect to the Internet for any patch upgrade but cannot receive any request from the internet. How can the user set this up?

  A. Setup DB in a private subnet with the security group allowing only outbound traffic.

  B. Setup DB in a public subnet with the security group allowing only inbound data.

  C. Setup DB in a local data center and use a private gateway to connect the application with DB.

  D. Setup DB in a private subnet which is connected to the internet via NAT for outbound.

  Correct Answer: D

  A Virtual Private Cloud (VPC) is a virtual network dedicated to the user's AWS account. It enables the user to launch AWS resources into a virtual network that the user has defined. AWS provides two features that the user can use to increase security in VPC: security groups and network ACLs. When the user wants to setup both the DB and App on VPC, the user should make one public and one private subnet. The DB should be hosted in a private subnet and instances in that subnet cannot reach the internet. The user can allow an instance in his VPC to initiate outbound connections to the internet but prevent unsolicited inbound connections from the internet by using a Network Address Translation (NAT) instance.

  Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html

• Question 676:

  Which of the following components of AWS Data Pipeline polls for tasks and then performs those tasks?

  A. Pipeline Definition

  B. Task Runner

  C. Amazon Elastic MapReduce (EMR)

  D. AWS Direct Connect

  Correct Answer: B

  Task Runner polls for tasks and then performs those tasks.

  Reference: http://docs.aws.amazon.com/datapipeline/latest/DeveloperGuide/what-is-datapipeline.html

• Question 677:

  To get started using AWS Direct Connect, in which of the following steps do you configure Border Gateway Protocol (BGP)?

  A. Complete the Cross Connect

  B. Configure Redundant Connections with AWS Direct Connect

  C. Create a Virtual Interface

  D. Download Router Configuration

  Correct Answer: C

  Explanation: In AWS Direct Connect, your network must support Border Gateway Protocol (BGP) and BGP MD5 authentication, and you need to provide a private Autonomous System Number (ASN) for that to connect to Amazon Virtual Private Cloud (VPC). To connect to public AWS products such as Amazon EC2 and Amazon S3, you will also need to provide a public ASN that you own (preferred) or a private ASN. You have to configure BGP in the Create a Virtual Interface step.

  Reference: http://docs.aws.amazon.com/directconnect/latest/UserGuide/getstarted.html#createvirtualinterface

• Question 678:

  Can Provisioned IOPS be used on RDS instances launched in a VPC?

  A. Yes, they can be used only with Oracle based instances.

  B. Yes, they can be used for all RDS instances.

  C. No

  D. Yes, they can be used only with MySQL based instances.

  Correct Answer: B

  The basic building block of Amazon RDS is the DB instance. DB instance storage comes in three types:

  Magnetic, General Purpose (SSD), and Provisioned IOPS (SSD). When you buy a server, you get CPU,

  memory, storage, and IOPS, all bundled together. With Amazon RDS, these are split apart so that you can

  scale them independently.

  So, for example, if you need more CPU, less IOPS, or more storage, you can easily allocate them.

  Reference:

  http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/RDSFAQ.PIOPS.html

• Question 679:

  Mike is appointed as Cloud Consultant in ABC.com. ABC has the following VPCs set- up in the US East Region: A VPC with CIDR block 10.10.0.0/16, a subnet in that VPC with CIDR block 10.10.1.0/24 A VPC with CIDR block 10.40.0.0/16, a subnet in that VPC with CIDR block 10.40.1.0/24 ABC.com is trying to establish network connection between two subnets, a subnet with CIDR block 10.10.1.0/24 and another subnet with CIDR block 10.40.1.0/24.

  Which one of the following solutions should Mike recommend to ABC.com?

  A. Create 2 Virtual Private Gateways and configure one with each VPC.

  B. Create 2 Internet Gateways, and attach one to each VPC.

  C. Create a VPC Peering connection between both VPCs.

  D. Create one EC2 instance in each subnet, assign Elastic IPs to both instances, and configure a set up Site-to-Site VPN connection between both EC2 instances.

  Correct Answer: C

  A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IP addresses. EC2 instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account within a single region. AWS uses the existing infrastructure of a VPC to create a VPC peering connection; it is neither a gateway nor a VPN connection, and does not rely on a separate piece of physical hardware.

  Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-peering.html

• Question 680:

  You want to use Amazon Redshift and you are planning to deploy dw1.8xlarge nodes. What is the minimum amount of nodes that you need to deploy with this kind of configuration?

  A. 1

  B. 4

  C. 3

  D. 2

  Correct Answer: D

  For a single-node configuration in Amazon Redshift, the only option available is the smallest of the two options. The 8XL extra-large nodes are only available in a multi-node configuration.

  Reference: http://docs.aws.amazon.com/redshift/latest/mgmt/working-with-clusters.html