Amazon Amazon Certifications SAP-C01 Questions & Answers

• Question 801:

  True or False: In Amazon ElastiCache replication groups of Redis, for performance tuning reasons, you can change the roles of the cache nodes within the replication group, with the primary and one of the replicas exchanging roles.

  A. True, however, you get lower performance.

  B. FALSE

  C. TRUE

  D. False, you must recreate the replication group to improve performance tuning.

  Correct Answer: C

  In Amazon ElastiCache, a replication group is a collection of Redis Cache Clusters, with one primary read-write cluster and up to five secondary, read-only clusters, which are called read replicas. You can change the roles of the cache clusters within the replication group, with the primary cluster and one of the replicas exchanging roles. You might decide to do this for performance tuning reasons.

  Reference: http://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/Replication.Redis.Groups.html

• Question 802:

  One of your AWS Data Pipeline activities has failed consequently and has entered a hard failure state after retrying thrice.

  You want to try it again. Is it possible to increase the number of automatic retries to more than thrice?

  A. Yes, you can increase the number of automatic retries to 6.

  B. Yes, you can increase the number of automatic retries to indefinite number.

  C. No, you cannot increase the number of automatic retries.

  D. Yes, you can increase the number of automatic retries to 10.

  Correct Answer: D

  In AWS Data Pipeline, an activity fails if all of its activity attempts return with a failed state. By default, an activity retries three times before entering a hard failure state. You can increase the number of automatic retries to 10. However, the system does not allow indefinite retries.

  Reference: https://aws.amazon.com/datapipeline/faqs/

• Question 803:

  The MySecureData company has five branches across the globe. They want to expand their data centers such that their web server will be in the AWS and each branch would have their own database in the local data center. Based on the user login, the company wants to connect to the data center. How can MySecureData company implement this scenario with the AWS VPC?

  A. Create five VPCs with the public subnet for the app server and setup the VPN gateway for each VPN to connect them individually.

  B. Use the AWS VPN CloudHub to communicate with multiple VPN connections.

  C. Use the AWS CloudGateway to communicate with multiple VPN connections.

  D. It is not possible to connect different data centers from a single VPC.

  Correct Answer: B

  A Virtual Private Cloud (VPC) is a virtual network dedicated to the user's AWS account. The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data centre, he can setup a public and VPN only subnet which uses hardware VPN access to connect with his data centre. If the organization has multiple VPN connections, he can provide secure communication between sites using the AWS VPN CloudHub. The VPN CloudHub operates on a simple hub-and-spoke model that the user can use with or without a VPC. This design is suitable for customers with multiple branch offices and existing internet connections who would like to implement a convenient, potentially low-cost hub-and- spoke model for primary or backup connectivity between remote offices.

  Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPN_CloudHub.html

• Question 804:

  The two policies that you attach to an IAM role are the access policy and the trust policy. The trust policy identifies who can assume the role and grants the permission in the AWS Lambda account principal by adding the _______ action.

  A. aws:AssumeAdmin

  B. lambda:InvokeAsync

  C. sts:InvokeAsync

  D. sts:AssumeRole

  Correct Answer: D

  The two policies that you attach to an IAM role are the access policy and the trust policy. Remember that adding an account to the trust policy of a role is only half of establishing the trust relationship. By default, no users in the trusted accounts can assume the role until the administrator for that account grants the users the permission to assume the role by adding the Amazon Resource Name (ARN) of the role to an Allow element for the sts:AssumeRole action.

  Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_manage_modify.html

• Question 805:

  How can multiple compute resources be used on the same pipeline in AWS Data Pipeline?

  A. You can use multiple compute resources on the same pipeline by defining multiple cluster objects in your definition file and associating the cluster to use for each activity via its runs On field.

  B. You can use multiple compute resources on the same pipeline by defining multiple cluster definition files

  C. You can use multiple compute resources on the same pipeline by defining multiple clusters for your activity.

  D. You cannot use multiple compute resources on the same pipeline.

  Correct Answer: A

  Multiple compute resources can be used on the same pipeline in AWS Data Pipeline by defining multiple cluster objects in your definition file and associating the cluster to use for each activity via its runs On field, which allows pipelines to combine AWS and on premise resources, or to use a mix of instance types for their activities.

  Reference: https://aws.amazon.com/datapipeline/faqs/

• Question 806:

  A user has configured EBS volume with PIOPS. The user is not experiencing the optimal throughput.

  Which of the following could not be factor affecting I/O performance of that EBS volume?

  A. EBS bandwidth of dedicated instance exceeding the PIOPS

  B. EBS volume size

  C. EC2 bandwidth

  D. Instance type is not EBS optimized

  Correct Answer: B

  If the user is not experiencing the expected IOPS or throughput that is provisioned, ensure that the EC2 bandwidth is not the limiting factor, the instance is EBS-optimized (or include 10 Gigabit network connectivity) and the instance type EBS dedicated bandwidth exceeds the IOPS more than he has provisioned.

  Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-io-characteristics.html

• Question 807:

  An organization (account ID 123412341234) has configured the IAM policy to allow the user to modify his credentials.

  What will the below mentioned statement allow the user to perform?

  

  A. Allow the IAM user to update the membership of the group called TestingGroup

  B. The IAM policy will throw an error due to an invalid resource name

  C. The IAM policy will allow the user to subscribe to any IAM group

  D. Allow the IAM user to delete the TestingGroup

  Correct Answer: A

  AWS Identity and Access Management is a web service which allows organizations to manage users and

  user permissions for various AWS services. If the organization (account ID 123412341234) wants their

  users to manage their subscription to the groups, they should create a relevant policy for that. The below

  mentioned policy allows the respective IAM user to update the membership of the group called

  MarketingGroup.

  {

  "Version": "2012-10-17",

  "Statement": [{

  "Effect": "Allow", "Action": [ "iam:AddUserToGroup",

  "iam:RemoveUserFromGroup", "iam:GetGroup"

  ],

  "Resource": "arn:aws:iam:: 123412341234:group/ TestingGroup " }]

  Reference:

  http://docs.aws.amazon.com/IAM/latest/UserGuide/Credentials-Permissions-examples.html#credspolicies-credentials

• Question 808:

  An organization is hosting a scalable web application using AWS. The organization has configured ELB and Auto Scaling to make the application scalable.

  Which of the below mentioned statements is not required to be followed for ELB when the application is planning to host a web application on VPC?

  A. The ELB and all the instances should be in the same subnet.

  B. Configure the security group rules and network ACLs to allow traffic to be routed between the subnets in the VPC.

  C. The internet facing ELB should have a route table associated with the internet gateway.

  D. The internet facing ELB should be only in a public subnet.

  Correct Answer: A

  Amazon Virtual Private Cloud (Amazon VPC) allows the user to define a virtual networking environment in a private, isolated section of the Amazon Web Services (AWS) cloud. The user has complete control over the virtual networking environment. Within this virtual private cloud, the user can launch AWS resources, such as an ELB, and EC2 instances. There are two ELBs available with VPC: internet facing and internal (private) ELB. For the internet facing ELB it is required that the ELB should be in a public subnet. After the user creates the public subnet, he should ensure to associate the route table of the public subnet with the internet gateway to enable the load balancer in the subnet to connect with the internet. The ELB and instances can be in a separate subnet. However, to allow communication between the instance and the ELB the user must configure the security group rules and network ACLs to allow traffic to be routed between the subnets in his VPC.

  Reference: http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/CreateVPCForELB.html

• Question 809:

  If no explicit deny is found while applying IAM's Policy Evaluation Logic, the enforcement code looks for any ______ instructions that would apply to the request.

  A. "cancel"

  B. "suspend"

  C. "allow"

  D. "valid"

  Correct Answer: C

  If an explicit deny is not found among the applicable policies for a specific request, IAM's Policy Evaluation Logic checks for any "allow" instructions to check if the request can be successfully completed.

  Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/AccessPolicyLanguage_EvaluationLogic.html

• Question 810:

  The Statement element, of an AWS IAM policy, contains an array of individual statements. Each individual statement is a(n) _________ block enclosed in braces { }.

  A. XML

  B. JavaScript

  C. JSON

  D. AJAX

  Correct Answer: C

  The Statement element, of an IAM policy, contains an array of individual statements. Each individual statement is a JSON block enclosed in braces { }.

  Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/AccessPolicyLanguage_ElementDescriptions.html