Amazon Amazon Certifications SAP-C01 Questions & Answers

• Question 781:

  An organization has created 5 IAM users. The organization wants to give them the same login ID but different passwords. How can the organization achieve this?

  A. The organization should create each user in a separate region so that they have their own URL to login

  B. The organization should create a separate login ID but give the IAM users the same alias so that each one can login with their alias

  C. It is not possible to have the same login ID for multiple IAM users of the same account

  D. The organization should create various groups and add each user with the same login ID to different groups. The user can login with their own group ID

  Correct Answer: C

  AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. Whenever the organization is creating an IAM user, there should be a unique ID for each user. It is not possible to have the same login ID for multiple users. The names of users, groups, roles, instance profiles must be alphanumeric, including the following common characters: plus (+), equal (=), comma (,), period (.), at (@), and dash (-).

  Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_SettingUpUser.html

• Question 782:

  In Amazon VPC, what is the default maximum number of BGP advertised routes allowed per route table?

  A. 15

  B. 100

  C. 5

  D. 10

  Correct Answer: B

  The maximum number of BGP advertised routes allowed per route table is 100.

  Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Appendix_Limits.html

• Question 783:

  The CFO of a company wants to allow one of his employees to view only the AWS usage report page.

  Which of the below mentioned IAM policy statements allows the user to have access to the AWS usage report page?

  A. "Effect": "Allow", "Action": ["Describe"], "Resource": "Billing"

  B. "Effect": "Allow", "Action": ["aws-portal: ViewBilling"], "Resource": "*"

  C. "Effect": "Allow", "Action": ["aws-portal: ViewUsage"], "Resource": "*"

  D. "Effect": "Allow", "Action": ["AccountUsage], "Resource": "*"

  Correct Answer: C

  AWS Identity and Access Management is a web service which allows organizations to manage users and

  user permissions for various AWS services. If the CFO wants to allow only AWS usage report page

  access, the policy for that IAM user will be as given below:

  {

  "Version": "2012-10-17",

  "Statement": [

  {

  "Effect": "Allow", "Action": [

  "aws-portal:ViewUsage"

  ],

  "Resource": "*"

  }

  ]

  }

  Reference:

  http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html

• Question 784:

  In IAM, which of the following is true of temporary security credentials?

  A. Once you issue temporary security credentials, they cannot be revoked.

  B. None of these are correct.

  C. Once you issue temporary security credentials, they can be revoked only when the virtual MFA device is used.

  D. Once you issue temporary security credentials, they can be revoked.

  Correct Answer: A

  Temporary credentials in IAM are valid throughout their defined duration of time and hence can't be revoked. However, because permissions are evaluated each time an AWS request is made using the credentials, you can achieve the effect of revoking the credentials by changing the permissions for the credentials even after they have been issued.

  Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_disableperms.html

• Question 785:

  What types of identities do Amazon Cognito identity pools support?

  A. They support both authenticated and unauthenticated identities.

  B. They support only unauthenticated identities.

  C. They support neither authenticated nor unauthenticated identities.

  D. They support only authenticated identities.

  Correct Answer: A

  Amazon Cognito identity pools support both authenticated and unauthenticated identities. Authenticated identities belong to users who are authenticated by a public login provider or your own backend authentication process. Unauthenticated identities typically belong to guest users.

  Reference: http://docs.aws.amazon.com/cognito/devguide/identity/identity-pools/

• Question 786:

  What feature of the load balancing service attempts to force subsequent connections to a service to be redirected to the same node as long as it is online?

  A. Node balance

  B. Session retention

  C. Session multiplexing

  D. Session persistence

  Correct Answer: D

  Session persistence is a feature of the load balancing service. It attempts to force subsequent connections to a service to be redirected to the same node as long as it is online.

  Reference: http://docs.rackspace.com/loadbalancers/api/v1.0/clb-devguide/content/Concepts-d1e233.html

• Question 787:

  Which of the following components of AWS Data Pipeline specifies the business logic of your data management?

  A. Task Runner

  B. Pipeline definition

  C. AWS Direct Connect

  D. Amazon Simple Storage Service 9Amazon S3)

  Correct Answer: B

  A pipeline definition specifies the business logic of your data management.

  Reference: http://docs.aws.amazon.com/datapipeline/latest/DeveloperGuide/what-is-datapipeline.html

• Question 788:

  Does an AWS Direct Connect location provide access to Amazon Web Services in the region it is associated with as well as access to other US regions?

  A. No, it provides access only to the region it is associated with.

  B. No, it provides access only to the US regions other than the region it is associated with.

  C. Yes, it provides access.

  D. Yes, it provides access but only when there's just one Availability Zone in the region.

  Correct Answer: C

  An AWS Direct Connect location provides access to Amazon Web Services in the region it is associated with, as well as access to other US regions. For example, you can provision a single connection to any AWS Direct Connect location in the US and use it to access public AWS services in all US Regions and AWS GovCloud (US).

  Reference: http://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html

• Question 789:

  By default, what is the maximum number of Cache Nodes you can run in Amazon ElastiCache?

  A. 20

  B. 50

  C. 100

  D. 200

  Correct Answer: A

  In Amazon ElastiCache, you can run a maximum of 20 Cache Nodes.

• Question 790:

  An organization is setting up a backup and restore system in AWS of their in premise system. The organization needs High Availability(HA) and Disaster Recovery(DR) but is okay to have a longer recovery time to save costs.

  Which of the below mentioned setup options helps achieve the objective of cost saving as well as DR in the most effective way?

  A. Setup pre-configured servers and create AMIs. Use EIP and Route 53 to quickly switch over to AWS from in premise.

  B. Setup the backup data on S3 and transfer data to S3 regularly using the storage gateway.

  C. Setup a small instance with AutoScaling; in case of DR start diverting all the load to AWS from on premise.

  D. Replicate on premise DB to EC2 at regular intervals and setup a scenario similar to the pilot light.

  Correct Answer: B

  AWS has many solutions for Disaster Recovery(DR) and High Availability(HA). When the organization wants to have HA and DR but are okay to have a longer recovery time they should select the option backup and restore with S3. The data can be sent to S3 using either Direct Connect, Storage Gateway or over the internet. The EC2 instance will pick the data from the S3 bucket when started and setup the environment. This process takes longer but is very cost effective due to the low pricing of S3. In all the other options, the EC2 instance might be running or there will be AMI storage costs. Thus, it will be a costlier option. In this scenario the organization should plan appropriate tools to take a backup, plan the retention policy for data and setup security of the data.

  Reference: http://d36cz9buwru1tt.cloudfront.net/AWS_Disaster_Recovery.pdf