Exam (elaborations) TEST BANK FOR AWS Certified Solutions Architect Stude Guide (Associate SAA-C02 EXAM) 3rd Edition By Ben Piper

1. True/false: The Developer Support plan provides access to a support application programming interface (API). A. True B. False 2. True/false: AWS is responsible for managing the network configuration of your EC2 instances. A. True B. False 3. Which of the following services is most useful for decoupling the components of a monolithic application? A. SNS B. KMS C. SQS D. Glacier 4. An application you want to run on EC2 requires you to license it based on the number of physical CPU sockets and cores on the hardware you plan to run the application on. Which of the following tenancy models should you specify? A. Dedicated host B. Dedicated instance C. Shared tenancy D. Bring your own license 5. True/false: Changing the instance type of an EC2 instance will change its elastic IP address. A. True B. False 6. True/false: You can use a Quick Start Amazon Machine Image (AMI) to create any instance type. A. True B. False 7. Which S3 encryption option does not require AWS persistently storing the encryption keys it uses to decrypt data? A. Client-side encryption B. SSE-KMS C. SSE-S3 D. SSE-C xxviii Assessment Test 8. True/false: Durability measures the percentage of likelihood that a given object will not be inadvertently lost by AWS over the course of a year. A. True B. False 9. True/false: After uploading a new object to S3, there will be a slight delay (one to two seconds) before the object is available. A. True B. False 10. You created a Virtual Private Cloud (VPC) using the Classless Inter-Domain Routing (CIDR) block 10.0.0.0/24. You need to connect to this VPC from your internal network, but the IP addresses in use on your internal network overlap with the CIDR. Which of the following is a valid way to address this problem? A. Remove the CIDR and use IPv6 instead. B. Change the VPC’s CIDR. C. Create a new VPC with a different CIDR. D. Create a secondary CIDR for the VPC. 11. True/false: An EC2 instance must be in a public subnet to access the Internet. A. True B. False 12. True/false: The route table for a public subnet must have a default route pointing to an Internet gateway as a target. A. True B. False 13. Which of the following use cases is well suited for DynamoDB? A. Running a MongoDB database on AWS B. Storing large binary files exceeding 1 GB in size C. Storing JSON documents that have a consistent structure D. Storing image assets for a website 14. True/false: You can create a DynamoDB global secondary index for an existing table at any time. A. True B. False 15. True/false: Enabling point-in-time RDS snapshots is sufficient to give you a recovery point objective (RPO) of less than 10 minutes. A. True B. False Assessment Test xxix 16. Which of the following steps does the most to protect your AWS account? A. Deleting unused Identity and Access Management (IAM) policies B. Revoking unnecessary access for IAM users C. Rotating root access keys D. Restricting access to S3 buckets E. Rotating Secure Shell (SSH) key pairs 17. Which of the following can be used to encrypt the operating system of an EC2 instance? A. AWS Secrets Manager B. CloudHSM C. AWS Key Management Service (KMS) D. AWS Security Token Service (STS) 18. What is a difference between a token generated by the AWS Security Token Service (STS) and an IAM access key? A. The token generated by STS can’t be used by an IAM principal. B. An IAM access key is unique. C. The token generated by STS can be used only once. D. The token generated by STS expires. 19. True/false: EC2 sends instance memory utilization metrics to CloudWatch every five minutes. A. True B. False 20. You configured a CloudWatch alarm to monitor CPU utilization for an EC2 instance. The alarm began in the INSUFFICIENT_DATA state and then entered the ALARM state. What can you conclude from this? A. The instance recently rebooted. B. CPU utilization is too high. C. The CPU utilization metric crossed the alarm threshold. D. The instance is stopped. 21. Where do AWS Config and CloudTrail store their logs? A. S3 buckets B. CloudWatch Logs C. CloudTrail Events D. DynamoDB E. Amazon Athena xxx Assessment Test 22. True/false: An EC2 instance in a private subnet can resolve an “A” resource record for a public hosted zone hosted in Route 53. A. True B. False 23. You want to use Route 53 to send users to the application load balancer closest to them. Which of the following routing policies lets you do this with the least effort? A. Latency routing B. Geolocation routing C. Geoproximity routing D. Edge routing 24. True/false: You can use an existing domain name with Route 53 without switching its registration to AWS. A. True B. False 25. You’re designing an application that takes multiple image files and combines them into a video file that users on the Internet can download. Which of the following can help you quickly implement your application in the fastest, most highly available, and most cost-effective manner? A. EC2 spot fleet B. Lambda C. Relational Database Service (RDS) D. Auto Scaling 26. You’re using EC2 Auto Scaling and want to implement a scaling policy that adds one extra instance only when the average CPU utilization of each instance exceeds 90 percent. However, you don’t want it to add more than one instance every five minutes. Which of the following scaling policies should you use? A. Simple B. Step C. Target tracking D. PercentChangeInCapacity 27. True/false: EC2 Auto Scaling automatically replaces group instances directly terminated by the root user. A. True B. False 28. Which ElastiCache engine can persistently store data? A. MySQL B. Memcached