Amazon Amazon Certifications SAP-C01 Questions & Answers

• Question 811:

  A user is configuring MySQL RDS with PIOPS. What should be the minimum size of DB storage provided by the user?

  A. 1 TB

  B. 50 GB

  C. 5 GB

  D. 100 GB

  Correct Answer: D

  If the user is trying to enable PIOPS with MySQL RDS, the minimum size of storage should be 100 GB.

  Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.html

• Question 812:

  Doug has created a VPC with CIDR 10.201.0.0/16 in his AWS account. In this VPC he has created a

  public subnet with CIDR block 10.201.31.0/24.

  While launching a new EC2 from the console, he is not able to assign the private IP address 10.201.31.6

  to this instance.

  Which is the most likely reason for this issue?

  A. Private address IP 10.201.31.6 is currently assigned to another interface

  B. Private IP address 10.201.31.6 is reserved by Amazon for IP networking purposes.

  C. Private IP address 10.201.31.6 is blocked via ACLs in Amazon infrastructure as a part of platform security.

  D. Private IP address 10.201.31.6 is not part of the associated subnet's IP address range.

  Correct Answer: A

  In Amazon VPC, you can assign any Private IP address to your instance as long as it is: Part of the associated subnet's IP address range Not reserved by Amazon for IP networking purposes Not currently assigned to another interface

  Reference: http://aws.amazon.com/vpc/faqs/

• Question 813:

  The Principal element of an IAM policy refers to the specific entity that should be allowed or denied permission, whereas the translates to everyone except the specified entity.

  A. NotPrincipal

  B. Vendor

  C. Principal

  D. Action

  Correct Answer: A

  The element NotPrincipal that is included within your IAM policy statements allows you to specify an exception to a list of principals to whom the access to a specific resource is either allowed or denied. Use the NotPrincipal element to specify an exception to a list of principals. For example, you can deny access to all principals except the one named in the NotPrincipal element.

  Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html#Principal

• Question 814:

  What bandwidths do AWS Direct Connect currently support?

  A. 10Mbps and 100Mbps

  B. 10Gbps and 100Gbps

  C. 100Mbps and 1Gbps

  D. 1Gbps and 10 Gbps

  Correct Answer: D

  AWS Direct Connection currently supports 1Gbps and 10 Gbps.

  Reference: http://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html

• Question 815:

  When does an AWS Data Pipeline terminate the AWS Data Pipeline-managed compute resources?

  A. AWS Data Pipeline terminates AWS Data Pipeline-managed compute resources every 2 hours.

  B. When the final activity that uses the resources is running

  C. AWS Data Pipeline terminates AWS Data Pipeline-managed compute resources every 12 hours.

  D. When the final activity that uses the resources has completed successfully or failed

  Correct Answer: D

  Compute resources will be provisioned by AWS Data Pipeline when the first activity for a scheduled time that uses those resources is ready to run, and those instances will be terminated when the final activity that uses the resources has completed successfully or failed.

  Reference:

  https://aws.amazon.com/datapipeline/faqs/

• Question 816:

  MapMySite is setting up a web application in the AWS VPC. The organization has decided to use an AWS

  RDS instead of using its own DB instance for HA and DR requirements.

  The organization also wants to secure RDS access.

  How should the web application be setup with RDS?

  A. Create a VPC with one public and one private subnet. Launch an application instance in the public subnet while RDS is launched in the private subnet.

  B. Setup a public and two private subnets in different AZs within a VPC and create a subnet group. Launch RDS with that subnet group.

  C. Create a network interface and attach two subnets to it. Attach that network interface with RDS while launching a DB instance.

  D. Create two separate VPCs and launch a Web app in one VPC and RDS in a separate VPC and connect them with VPC peering.

  Correct Answer: B

  A Virtual Private Cloud (VPC) is a virtual network dedicated to the user's AWS account. It enables the user to launch AWS resources, such as RDS into a virtual network that the user has defined. Subnets are segments of a VPC's IP address range that the user can designate to a group of VPC resources based on the security and operational needs. A DB subnet group is a collection of subnets (generally private) that a user can create in a VPC and assign to the RDS DB instances. A DB subnet group allows the user to specify a particular VPC when creating the DB instances. Each DB subnet group should have subnets in at least two Availability Zones in a given region.

  Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html

• Question 817:

  In Amazon ElastiCache, the failure of a single cache node can have an impact on the availability of your application and the load on your back-end database while ElastiCache provisions a replacement for the failed cache node and it get repopulated.

  Which of the following is a solution to reduce this potential availability impact?

  A. Spread your memory and compute capacity over fewer number of cache nodes, each with smaller capacity.

  B. Spread your memory and compute capacity over a larger number of cache nodes, each with smaller capacity.

  C. Include fewer number of high capacity nodes.

  D. Include a larger number of cache nodes, each with high capacity.

  Correct Answer: B

  In Amazon ElastiCache, the number of cache nodes in the cluster is a key factor in the availability of your cluster running Memcached. The failure of a single cache node can have an impact on the availability of your application and the load on your back-end database while ElastiCache provisions a replacement for the failed cache node and it get repopulated. You can reduce this potential availability impact by spreading your memory and compute capacity over a larger number of cache nodes, each with smaller capacity, rather than using a fewer number of high capacity nodes.

  Reference: http://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/CacheNode.Memcached.html

• Question 818:

  An organization is creating a VPC for their application hosting. The organization has created two private

  subnets in the same AZ and created one subnet in a separate zone.

  The organization wants to make a HA system with the internal ELB.

  Which of these statements is true with respect to an internal ELB in this scenario?

  A. ELB can support only one subnet in each availability zone.

  B. ELB does not allow subnet selection; instead it will automatically select all the available subnets of the VPC.

  C. If the user is creating an internal ELB, he should use only private subnets.

  D. ELB can support all the subnets irrespective of their zones.

  Correct Answer: A

  The Amazon Virtual Private Cloud (Amazon VPC) allows the user to define a virtual networking environment in a private, isolated section of the Amazon Web Services (AWS) cloud. The user has complete control over the virtual networking environment. Within this virtual private cloud, the user can launch AWS resources, such as an ELB, and EC2 instances. There are two ELBs available with VPC: internet facing and internal (private) ELB. For internal servers, such as App servers the organization can create an internal load balancer in their VPC and then place back-end application instances behind the internal load balancer. The internal load balancer will route requests to the back-end application instances, which are also using private IP addresses and only accept requests from the internal load balancer. The Internal ELB supports only one subnet in each AZ and asks the user to select a subnet while configuring internal ELB.

  Reference: http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/USVPC_creating_basic_lb.html

• Question 819:

  Which of the following is the Amazon Resource Name (ARN) condition operator that can be used within an Identity and Access Management (IAM) policy to check the case-insensitive matching of the ARN?

  A. ArnCheck

  B. ArnMatch

  C. ArnCase

  D. ArnLike

  Correct Answer: D

  Amazon Resource Name (ARN) condition operators let you construct Condition elements that restrict access based on comparing a key to an ARN. ArnLike, for instance, is a case-insensitive matching of the ARN. Each of the six colon- delimited components of the ARN is checked separately and each can include a multi-character match wildcard (*) or a single-character match wildcard (?).

  Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/AccessPolicyLanguage_ElementDescriptions.html

• Question 820:

  A user authenticating with Amazon Cognito will go through a multi-step process to bootstrap their

  credentials.

  Amazon Cognito has two different flows for authentication with public providers.

  Which of the following are the two flows?

  A. Authenticated and non-authenticated

  B. Public and private

  C. Enhanced and basic

  D. Single step and multistep

  Correct Answer: C

  A user authenticating with Amazon Cognito will go through a multi-step process to bootstrap their credentials. Amazon Cognito has two different flows for authentication with public providers: enhanced and basic.

  Reference: http://docs.aws.amazon.com/cognito/devguide/identity/concepts/authentication-flow/