If you configured an HTTPS listener on an ELB but you have not configured any
security policy which help to negotiate SSL between the ELB and Client. What will ELB
do in this scenario?
Correct
Incorrect
Question 2 of 50
2. Question
1 point(s)
Chef turns infrastructure into code.
Correct
Incorrect
Question 3 of 50
3. Question
1 point(s)
Which of the following is NOT one of the four areas of the performance efficiency
pillar?
Correct
Incorrect
Question 4 of 50
4. Question
1 point(s)
Select the feature in S3 that helps replicates data across AWS regions. Choose an answer
from the options below
Correct
Incorrect
Question 5 of 50
5. Question
1 point(s)
In five regions around the globe your website is hosted in 10 EC2 instances How could
you configure your site to maintain availability with minimum downtime if one of the five
regions was to lose network connectivity for an extended period?
Correct
Incorrect
Question 6 of 50
6. Question
1 point(s)
The user requests to restore the archive after 6 months and has moved an object to
Glacier using the life cycle rules. When the restore request is completed the user accesses
that archive. Which of the below mentioned statements is not true in this condition?
Correct
Incorrect
Question 7 of 50
7. Question
1 point(s)
A storage admin wants to encrypt all the objects stored in S3 using server side
encryption. The user does not want to use the AES 256 encryption key provided by S3.
How can the user achieve this?
Correct
Incorrect
Question 8 of 50
8. Question
1 point(s)
. You are planning to deploy a production database to EC2 and need to choose the best
storage type. You anticipate that you will need 20,000 IOPS, and an average of 8,000 –
10,000 IOPS. What storage medium should you choose?
Correct
Incorrect
Question 9 of 50
9. Question
1 point(s)
Which AWS-specific storage option would you set up for low cost, reliability, and
security? If a company is setting up an application that is used to share files. Because
these files are important to the sales team, the application must be highly available.
Correct
Incorrect
Question 10 of 50
10. Question
1 point(s)
The user requests to restore the archive after 6 months and has moved an object
to Glacier using the life cycle rules. When the restore request is completed the user
accesses that archive. Which of the below mentioned statements is not true in this
condition?
Correct
Incorrect
Question 11 of 50
11. Question
1 point(s)
If you want to optimize performance for a compute cluster that requires low internode
latency, which feature in the following list should you use?
Correct
Incorrect
Question 12 of 50
12. Question
1 point(s)
The term pilot light is often used to describe a DR scenario in which a minimal version
of an environment is always running in the cloud
Correct
Incorrect
Question 13 of 50
13. Question
1 point(s)
Which of the below mentioned AWS RDS logs cannot be viewed from the console for
MySQL?
Correct
Incorrect
Question 14 of 50
14. Question
1 point(s)
Select the feature in S3 that helps replicates data across AWS regions. Choose an
answer from the options below
Correct
Incorrect
Question 15 of 50
15. Question
1 point(s)
Which AWS-specific storage option would you set up for low cost, reliability, and
security? If a company is setting up an application that is used to share files. Because these
files are important to the sales team, the application must be highly available
Correct
Incorrect
Question 16 of 50
16. Question
1 point(s)
to restrict access to data in S3 Which features can be used? Choose the 3 correct
answers from the options below
Correct
Incorrect
Question 17 of 50
17. Question
1 point(s)
Which of the following are steps you should take in securing your Root AWS account?
(Choose 3)
Correct
Incorrect
Question 18 of 50
18. Question
1 point(s)
IAM policies are written using ________.
Correct
Incorrect
Question 19 of 50
19. Question
1 point(s)
Which of the following is AWS’ managed DDoS protection service?
Correct
Incorrect
Question 20 of 50
20. Question
1 point(s)
You need to use an AWS service to assess the security and compliance of your EC2
instances. Which of the following services should you use?
Correct
Incorrect
Question 21 of 50
21. Question
1 point(s)
Under the Shared Responsibility model, for which of the following does AWS not
assume responsibility?
Correct
Incorrect
Question 22 of 50
22. Question
1 point(s)
The AWS Risk and Compliance Program is made up of which of the following
components? (Choose 3)
Correct
Incorrect
Question 23 of 50
23. Question
1 point(s)
How would a system administrator add an additional layer of login security to a user’s
AWS Management Console?
Correct
Incorrect
Question 24 of 50
24. Question
1 point(s)
True or False: The Standard version of AWS Shield offers automated application (layer
7) traffic monitoring.
Correct
Incorrect
Question 25 of 50
25. Question
1 point(s)
Which of the below mentioned statements is not true with respect to the limitations
of IAM if an organization is planning to create a user with IAM. They are trying to
understand the limitations of IAM so that they can plan accordingly
Correct
Incorrect
Question 26 of 50
26. Question
1 point(s)
If you configured an HTTPS listener on an ELB but you have not configured any
security policy which help to negotiate SSL between the ELB and Client. What will ELB
do in this scenario?
Correct
Incorrect
Question 27 of 50
27. Question
1 point(s)
A user has configured ELB with SSL using a security policy for secure negotiation
between the client and load balancer. Which of the below mentioned security policies is
supported by ELB?
Correct
Incorrect
Question 28 of 50
28. Question
1 point(s)
A storage admin wants to encrypt all the objects stored in S3 using server side
encryption. The user does not want to use the AES 256 encryption key provided by S3.
How can the user achieve this?
Correct
Incorrect
Question 29 of 50
29. Question
1 point(s)
An organization is trying to create various IAM users. Which of the below mentioned
options is not a valid IAM username?
Correct
Incorrect
Question 30 of 50
30. Question
1 point(s)
The user is using server side encryption for data at rest and has enabled versioning
on an S3 bucket If the user is supplying his own keys for encryption (SSE-C), what is
recommended to the user for the purpose of security?
Correct
Incorrect
Question 31 of 50
31. Question
1 point(s)
To restrict access to data in S3 Which features can be used? Choose the 3 correct
answers from the options below.
Correct
Incorrect
Question 32 of 50
32. Question
1 point(s)
Which of the following is true about security groups? (Choose 2)
Correct
Incorrect
Question 33 of 50
33. Question
1 point(s)
You need to implement an automated service that will scan your AWS environment
with the goal of both improving security and reducing costs. Which service should you use?
Correct
Incorrect
Question 34 of 50
34. Question
1 point(s)
Which of the following cloud security controls ensures that only authorized and
authenticated users are able to access your resources?
Correct
Incorrect
Question 35 of 50
35. Question
1 point(s)
Which of the following cloud security controls ensures that only authorized and
authenticated users are able to access your resources?
Correct
Incorrect
Question 36 of 50
36. Question
1 point(s)
Which of the following is NOT considered a fault tolerant tool?
Correct
Incorrect
Question 37 of 50
37. Question
1 point(s)
True or False: Identity Access Management (IAM) is a Regional service
Correct
Incorrect
Question 38 of 50
38. Question
1 point(s)
A user has launched an instance in that subnet and has created a VPC with a public
subnet and a security group. The user is still unable to connect to the instance. The internet
gateway has also been created and attached to the route table. What can be the reason for
the error?
Correct
Incorrect
Question 39 of 50
39. Question
1 point(s)
A user has created a VPC with public and private subnets using the VPC wizard. The
user has not launched any instance manually and is trying to delete the VPC. What will
happen in this scenario?
Correct
Incorrect
Question 40 of 50
40. Question
1 point(s)
To send traffic to a secondary host in the event that the primary host went down
What would we need to attach to a Bastion host or NAT host for high availability? Chose
the correct answer
Correct
Incorrect
Question 41 of 50
41. Question
1 point(s)
Which AWS-specific storage option would you set up for low cost, reliability, and
security? If a company is setting up an application that is used to share files. Because
these files are important to the sales team, the application must be highly available.
Correct
Incorrect
Question 42 of 50
42. Question
1 point(s)
A VPC has created with two subnets: one public and one private. The user is planning
to run the patch update for the instances in the private subnet. How can the instances in
the private subnet connect to the internet?
Correct
Incorrect
Question 43 of 50
43. Question
1 point(s)
If you want to optimize performance for a compute cluster that requires low internode
latency, which feature in the following list should you use?
Correct
Incorrect
Question 44 of 50
44. Question
1 point(s)
To prevent an IP address block from accessing public objects in an S3 bucket Which
method can be used?
Correct
Incorrect
Question 45 of 50
45. Question
1 point(s)
How can software determine the public and private IP addresses of the Amazon EC2
instance that it is running on?
Correct
Incorrect
Question 46 of 50
46. Question
1 point(s)
If a user wants to understand AWS SNS. Which of the given endpoint is SNS unable
to send a notification?
Correct
Incorrect
Question 47 of 50
47. Question
1 point(s)
If you configured an HTTPS listener on an ELB but you have not configured any
security policy which help to negotiate SSL between the ELB and Client. What will ELB
do in this scenario?
Correct
Incorrect
Question 48 of 50
48. Question
1 point(s)
A user has created a VCP with the public and private subnets using the VCP wizard.
The VCP has CID 20.0.0.0/16. The public subnet uses CIDR 20.0.1.0/24. The user is
planning to host a web server in the public subnet with port 80 and database server in the
private subnet with port 3306.The user is configuring a security group for the public
subnet (WebSecGrp) and the private subnet (DBSecGrp). Which of the below mentioned
entries is the private subnet database security group DBSecGrp?
Correct
Incorrect
Question 49 of 50
49. Question
1 point(s)
A user has given full access of his S3 bucket to one of the IAM users using the bucket
ACL. When the IAM user logs in to the S3 console, which actions can he perform?
Correct
Incorrect
Question 50 of 50
50. Question
1 point(s)
A user is trying to connect to a running EC2 instance using SSH. However, the user
gets an Unprotected Private Key File error. Which of the below mentioned options can be
a possible reason for rejection?
Correct
Incorrect
Sign-Up with your email address to receive news, new content updates, FREE reports and our most-awaited special discount offers on curated titles !
Sign-Up with your email address to receive news, new content updates, FREE reports and our most-awaited special discount offers on curated titles !