Amazon Amazon Certifications SAP-C01 Questions & Answers

• Question 711:

  In Amazon Redshift, how many slices does a dw2.8xlarge node have?

  A. 16

  B. 8

  C. 32

  D. 2

  Correct Answer: C

  The disk storage for a compute node in Amazon Redshift is divided into a number of slices, equal to the number of processor cores on the node. For example, each DW1.XL compute node has two slices, and each DW2.8XL compute node has 32 slices.

  Reference: http://docs.aws.amazon.com/redshift/latest/dg/t_Distributing_data.html

• Question 712:

  True or False: The Amazon ElastiCache clusters are not available for use in VPC at this time.

  A. TRUE

  B. True, but they are available only in the GovCloud.

  C. True, but they are available only on request

  D. FALSE

  Correct Answer: D

  Amazon Elasticache clusters can be run in an Amazon VPC. With Amazon VPC, you can define a virtual network topology and customize the network configuration to closely resemble a traditional network that you might operate in your own datacenter. You can now take advantage of the manageability, availability and scalability benefits of Amazon ElastiCache Clusters in your own isolated network. The same functionality of Amazon ElastiCache, including automatic failure detection, recovery, scaling, auto discovery, Amazon CloudWatch metrics, and software patching, are now available in Amazon VPC.

  Reference: http://aws.amazon.com/about-aws/whats-new/2012/12/20/amazon-elasticache-announces-support-foramazon-vpc/

• Question 713:

  A user has created a VPC with CIDR 20.0.0.0/16. The user has created one subnet with CIDR 20.0.0.0/16 in this VPC. The user is trying to create another subnet with the same VPC for CIDR 20.0.0.1/24.

  What will happen in this scenario?

  A. The VPC will modify the first subnet CIDR automatically to allow the second subnet IP range

  B. The second subnet will be created

  C. It will throw a CIDR overlaps error

  D. It is not possible to create a subnet with the same CIDR as VPC

  Correct Answer: C

  A Virtual Private Cloud (VPC) is a virtual network dedicated to the user's AWS account. A user can create a subnet with VPC and launch instances inside that subnet. The user can create a subnet with the same size of VPC. However, he cannot create any other subnet since the CIDR of the second subnet will conflict with the first subnet.

  Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html

• Question 714:

  ABC has created a multi-tenant Learning Management System (LMS). The application is hosted for five different tenants (clients) in the VPCs of the respective AWS accounts of the tenant. ABC wants to setup a centralized server which can connect with the LMS of each tenant upgrade if required. ABC also wants to ensure that one tenant VPC should not be able to connect to the other tenant VPC for security reasons. How can ABC setup this scenario?

  A. ABC has to setup one centralized VPC which will peer in to all the other VPCs of the tenants.

  B. ABC should setup VPC peering with all the VPCs peering each other but block the IPs from CIDR of the tenant VPCs to deny them.

  C. ABC should setup all the VPCs with the same CIDR but have a centralized VPC. This way only the centralized VPC can talk to the other VPCs using VPC peering.

  D. ABC should setup all the VPCs meshed together with VPC peering for all VPCs.

  Correct Answer: A

  A Virtual Private Cloud (VPC) is a virtual network dedicated to the user's AWS account. It enables the user to launch AWS resources into a virtual network that the user has defined. A VPC peering connection allows the user to route traffic between the peer VPCs using private IP addresses as if they are a part of the same network. This is helpful when one VPC from the same or different AWS account wants to connect with resources of the other VPC. The organization wants to setup that one VPC can connect with all the other VPCs but all other VPCs cannot connect among each other. This can be achieved by configuring VPC peering where one VPC is peered with all the other VPCs, but the other VPCs are not peered to each other. The VPCs are in the same or a separate AWS account and should not have overlapping CIDR blocks.

  Reference: http://docs.aws.amazon.com/AmazonVPC/latest/PeeringGuide/peering-configurations-fullaccess.html#many-vpcs-full-acces

• Question 715:

  Can a Direct Connect link be connected directly to the Internet?

  A. Yes, this can be done if you pay for it.

  B. Yes, this can be done only for certain regions.

  C. Yes

  D. No

  Correct Answer: D

  AWS Direct Connect is a network service that provides an alternative to using the Internet to utilize AWS cloud service. Hence, a Direct Connect link cannot be connected to the Internet directly.

  Reference: http://aws.amazon.com/directconnect/faqs/

• Question 716:

  An organization is having a VPC for the HR department, and another VPC for the Admin department. The HR department requires access to all the instances running in the Admin VPC while the Admin department requires access to all the resources in the HR department.

  How can the organization setup this scenario?

  A. Setup VPC peering between the VPCs of Admin and HR.

  B. Setup ACL with both VPCs which will allow traffic from the CIDR of the other VPC.

  C. Setup the security group with each VPC which allows traffic from the CIDR of another VPC.

  D. It is not possible to connect resources of one VPC from another VPC.

  Correct Answer: A

  A Virtual Private Cloud (VPC) is a virtual network dedicated to the user's AWS account. It enables the user to launch AWS resources into a virtual network that the user has defined. A VPC peering connection allows the user to route traffic between the peer VPCs using private IP addresses as if they are a part of the same network. This is helpful when one VPC from the same or different AWS account wants to connect with resources of the other VPC.

  Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-peering.html

• Question 717:

  An organization has developed an application which provides a smarter shopping experience. They need

  to show a demonstration to various stakeholders who may not be able to access the in premise application

  so they decide to host a demo version of the application on AWS.

  Consequently, they will need a fixed elastic IP attached automatically to the instance when it is launched.

  In this scenario which of the below mentioned options will not help assign the elastic IP automatically?

  A. Write a script which will fetch the instance metadata on system boot and assign the public IP using that metadata.

  B. Provide an elastic IP in the user data and setup a bootstrapping script which will fetch that elastic IP and assign it to the instance.

  C. Create a controlling application which launches the instance and assigns the elastic IP based on the parameter provided when that instance is booted.

  D. Launch instance with VPC and assign an elastic IP to the primary network interface.

  Correct Answer: A

  Explanation: EC2 allows the user to launch On-Demand instances. If the organization is using an application temporarily only for demo purposes the best way to assign an elastic IP would be: Launch an instance with a VPC and assign an EIP to the primary network interface. This way on every instance start it will have the same IP Create a bootstrapping script and provide it some metadata, such as user data which can be used to assign an EIP Create a controller instance which can schedule the start and stop of the instance and provide an EIP as a parameter so that the controller instance can check the instance boot and assign an EIP The instance metadata gives the current instance data, such as the public/private IP. It can be of no use for assigning an EIP.

  Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AESDG-chapter-instancedata.html

• Question 718:

  You create a VPN connection, and your VPN device supports Border Gateway Protocol (BGP).

  Which of the following should be specified to configure the VPN connection?

  A. Classless routing

  B. Classfull routing

  C. Dynamic routing

  D. Static routing

  Correct Answer: C

  If you create a VPN connection, you must specify the type of routing that you plan to use, which will depend upon on the make and model of your VPN devices. If your VPN device supports Border Gateway Protocol (BGP), you need to specify dynamic routing when you configure your VPN connection. If your device does not support BGP, you should specify static routing.

  Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_VPN.html

• Question 719:

  An organization is setting up RDS for their applications. The organization wants to secure RDS access with VPC.

  Which of the following options is not required while designing the RDS with VPC?

  A. The organization must create a subnet group with public and private subnets. Both the subnets can be in the same or separate AZ.

  B. The organization should keep minimum of one IP address in each subnet reserved for RDS failover.

  C. If the organization is connecting RDS from the internet it must enable the VPC attributes DNS hostnames and DNS resolution.

  D. The organization must create a subnet group with VPC using more than one subnet which are a part of separate AZs.

  Correct Answer: A

  A Virtual Private Cloud (VPC) is a virtual network dedicated to the user's AWS account. It enables the user to launch AWS resources, such as RDS into a virtual network that the user has defined. Subnets are segments of a VPC's IP address range that the user can designate to a group of VPC resources based on security and operational needs. A DB subnet group is a collection of subnets (generally private) that the user can create in a VPC and assign to the RDS DB instances. A DB subnet group allows the user to specify a particular VPC when creating the DB instances. Each DB subnet group should have subnets in at least two Availability Zones in a given region. If the RDS instance is required to be accessible from the internet the organization must enable the VPC attributes, DNS hostnames and DNS resolution. For each RDS DB instance that the user runs in a VPC, he should reserve at least one address in each subnet in the DB subnet group for use by Amazon RDS for recovery actions.

  Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html

• Question 720:

  What happens when Dedicated instances are launched into a VPC?

  A. If you launch an instance into a VPC that has an instance tenancy of dedicated, you must manually create a Dedicated instance.

  B. If you launch an instance into a VPC that has an instance tenancy of dedicated, your instance is created as a Dedicated instance, only based on the tenancy of the instance.

  C. If you launch an instance into a VPC that has an instance tenancy of dedicated, your instance is automatically a Dedicated instance, regardless of the tenancy of the instance.

  D. None of these are true.

  Correct Answer: C

  If you launch an instance into a VPC that has an instance tenancy of dedicated, your instance is automatically a Dedicated instance, regardless of the tenancy of the instance.

  Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/dedicated-instance.html