Amazon Amazon Certifications SAP-C01 Questions & Answers

• Question 821:

  A user has created a MySQL RDS instance with PIOPS. Which of the below mentioned statements will help user understand the advantage of PIOPS?

  A. The user can achieve additional dedicated capacity for the EBS I/O with an enhanced RDS option

  B. It uses a standard EBS volume with optimized configuration the stacks

  C. It uses optimized EBS volumes and optimized configuration stacks

  D. It provides a dedicated network bandwidth between EBS and RDS

  Correct Answer: C

  RDS DB instance storage comes in two types: standard and provisioned IOPS. Standard storage is allocated on the Amazon EBS volumes and connected to the user's DB instance. Provisioned IOPS uses optimized EBS volumes and an optimized configuration stack. It provides additional, dedicated capacity for the EBS I/O.

  Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html

• Question 822:

  How many g2.2xlarge on-demand instances can a user run in one region without taking any limit increase approval from AWS?

  A. 20

  B. 2

  C. 5

  D. 10

  Correct Answer: C

  Generally, AWS EC2 allows running 20 on-demand instances and 100 spot instances at a time. This limit can be increased by requesting at https://aws.amazon.com/contact-us/ec2-request. Excluding certain types of instances, the limit is lower than mentioned above. For g2.2xlarge, the user can run only 5 on-demand instance at a time.

  Reference: http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_ec2

• Question 823:

  While implementing the policy keys in AWS Direct Connect, if you use and the request comes from an Amazon EC2 instance, the instance's public IP address is evaluated to determine if access is allowed.

  A. aws:SecureTransport

  B. aws:EpochIP

  C. aws:SourceIp

  D. aws:CurrentTime

  Correct Answer: C

  While implementing the policy keys in Amazon RDS, if you use aws: SourceIp and the request comes from an Amazon EC2 instance, the instance's public IP address is evaluated to determine if access is allowed.

  Reference: http://docs.aws.amazon.com/directconnect/latest/UserGuide/using_iam.html

• Question 824:

  You have subscribed to the AWS Business and Enterprise support plan.

  Your business has a backlog of problems, and you need about 20 of your IAM users to open technical

  support cases.

  How many users can open technical support cases under the AWS Business and Enterprise support plan?

  A. 5 users

  B. 10 users

  C. Unlimited

  D. 1 user

  Correct Answer: C

  In the context of AWS support, the Business and Enterprise support plans allow an unlimited number of users to open technical support cases (supported by AWS Identity and Access Management (IAM)).

  Reference: https://aws.amazon.com/premiumsupport/faqs/

• Question 825:

  A user is planning to host a web server as well as an app server on a single EC2 instance which is a part of the public subnet of a VPC.

  How can the user setup to have two separate public IPs and separate security groups for both the application as well as the web server?

  A. Launch VPC with two separate subnets and make the instance a part of both the subnets.

  B. Launch a VPC instance with two network interfaces. Assign a separate security group and elastic IP to them.

  C. Launch a VPC instance with two network interfaces. Assign a separate security group to each and AWS will assign a separate public IP to them.

  D. Launch a VPC with ELB such that it redirects requests to separate VPC instances of the public subnet.

  Correct Answer: B

  If you need to host multiple websites (with different IPs) on a single EC2 instance, the following is the suggested method from AWS. Launch a VPC instance with two network interfaces. Assign elastic IPs from VPC EIP pool to those interfaces (Because, when the user has attached more than one network interface with an instance, AWS cannot assign public IPs to them.) Assign separate Security Groups if separate Security Groups are needed This scenario also helps for operating network appliances, such as firewalls or load balancers that have multiple private IP addresses for each network interface.

  Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/MultipleIP.html

• Question 826:

  In Amazon IAM, what is the maximum length for a role name?

  A. 128 characters

  B. 512 characters

  C. 64 characters

  D. 256 characters

  Correct Answer: C

  In Amazon IAM, the maximum length for a role name is 64 characters.

  Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html

• Question 827:

  In which step of using AWS Direct Connect should the user determine the required port speed?

  A. Complete the Cross Connect

  B. Verify Your Virtual Interface

  C. Download Router Configuration

  D. Submit AWS Direct Connect Connection Request

  Correct Answer: D

  To submit an AWS Direct Connect connection request, you need to provide the following information:

  Your contact information.

  The AWS Direct Connect Location to connect to.

  Details of AWS Direct Connect partner if you use the AWS Partner Network (APN) service. The port speed

  you require, either 1 Gbps or 10 Gbps.

  Reference:

  http://docs.aws.amazon.com/directconnect/latest/UserGuide/getstarted.html#ConnectionRequest

• Question 828:

  An organization is planning to host an application on the AWS VPC. The organization wants dedicated instances. However, an AWS consultant advised the organization not to use dedicated instances with VPC as the design has a few limitations.

  Which of the below mentioned statements is not a limitation of dedicated instances with VPC?

  A. All instances launched with this VPC will always be dedicated instances and the user cannot use a default tenancy model for them.

  B. It does not support the AWS RDS with a dedicated tenancy VPC.

  C. The user cannot use Reserved Instances with a dedicated tenancy model.

  D. The EBS volume will not be on the same tenant hardware as the EC2 instance though the user has configured dedicated tenancy.

  Correct Answer: C

  The Amazon Virtual Private Cloud (Amazon VPC) allows the user to define a virtual networking environment in a private, isolated section of the Amazon Web Services (AWS) cloud. The user has complete control over the virtual networking environment. Dedicated instances are Amazon EC2 instances that run in a Virtual Private Cloud (VPC) on hardware that is dedicated to a single customer. The client's dedicated instances are physically isolated at the host hardware level from instances that are not dedicated instances as well as from instances that belong to other AWS accounts. All instances launched with the dedicated tenancy model of VPC will always be dedicated instances. Dedicated tenancy has a limitation that it may not support a few services, such as RDS. Even the EBS will not be on dedicated hardware. However, the user can save some cost as well as reserve some capacity by using a Reserved Instance model with dedicated tenancy.

  Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/dedicated-instance.html

• Question 829:

  An organization has 4 people in the IT operations team who are responsible to manage the AWS infrastructure. The organization wants to setup that each user will have access to launch and manage an instance in a zone which the other user cannot modify.

  Which of the below mentioned options is the best solution to set this up?

  A. Create four AWS accounts and give each user access to a separate account.

  B. Create an IAM user and allow them permission to launch an instance of a different sizes only.

  C. Create four IAM users and four VPCs and allow each IAM user to have access to separate VPCs.

  D. Create a VPC with four subnets and allow access to each subnet for the individual IAM user.

  Correct Answer: D

  A Virtual Private Cloud (VPC) is a virtual network dedicated to the user's AWS account. The user can

  create subnets as per the requirement within a VPC. The VPC also work with IAM and the organization

  can create IAM users who have access to various VPC services. The organization can setup access for

  the IAM user who can modify the security groups of the VPC. The sample policy is given below:

  {

  "Version": "2012-10-17",

  "Statement":

  [{ "Effect": "Allow",

  "Action": "ec2:RunInstances", "Resource":

  ["arn:aws:ec2:region::image/ami-*", "arn:aws:ec2:region:account:subnet/subnet-1a2b3c4d",

  "arn:aws:ec2:region:account:network-interface/*", "arn:aws:ec2:region:account:volume/*",

  "arn:aws:ec2:region:account:key-pair/*", "arn:aws:ec2:region:account:security-group/sg-123abc123" ] }]

  }

  With this policy the user can create four subnets in separate zones and provide IAM user access to each

  subnet.

  Reference:

  http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_IAM.html

• Question 830:

  An organization is setting a website on the AWS VPC. The organization has blocked a few IPs to avoid a D-DOS attack.

  How can the organization configure that a request from the above mentioned IPs does not access the application instances?

  A. Create an IAM policy for VPC which has a condition to disallow traffic from that IP address.

  B. Configure a security group at the subnet level which denies traffic from the selected IP.

  C. Configure the security group with the EC2 instance which denies access from that IP address.

  D. Configure an ACL at the subnet which denies the traffic from that IP address.

  Correct Answer: D

  A Virtual Private Cloud (VPC) is a virtual network dedicated to the user's AWS account. It enables the user to launch AWS resources into a virtual network that the user has defined. AWS provides two features that the user can use to increase security in VPC: security groups and network ACLs. Security group works at the instance level while ACL works at the subnet level. ACL allows both allow and deny rules. Thus, when the user wants to reject traffic from the selected IPs it is recommended to use ACL with subnets.

  Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html