29 November, 2020

High Quality Amazon-Web-Services SAA-C01 Preparation Online

Our pass rate is high to 98.9% and the similarity percentage between our SAA-C01 study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the Amazon-Web-Services SAA-C01 exam in just one try? I am currently studying for the Amazon-Web-Services SAA-C01 exam. Latest Amazon-Web-Services SAA-C01 Test exam practice questions and answers, Try Amazon-Web-Services SAA-C01 Brain Dumps First.

Online Amazon-Web-Services SAA-C01 free dumps demo Below:

Page: 1 / 24

Total 288 questions Full Exam Access

Question 1

When an EC2 instance that is backed by an S3-based AMI is terminated, what happens to the data on the root volume?

Data is automatically saved as an EBS snapshot.

Data is automatically saved as an EBS volume.

Data is unavailable until the instance is restarted.

Data is automatically delete

Question 2

Which route must be added to your routing table in order to allow connections to the Internet from your subnet?

Destination: 0.0.0.0/0 --> Target: your Internet gateway

Destination: 192.168.1.257/0 --> Target: your Internet gateway

Destination: 0.0.0.0/33 --> Target: your virtual private gateway

Destination: 0.0.0.0/0 --> Target: 0.0.0.0/24

Destination: 10.0.0.0/32 --> Target: your virtual private gateway

Question 3

You have just discovered that you can upload your objects to Amazon S3 using Multipart Upload API. You start to test it out but are unsure of the benefits that it would provide. Which of the following is not a benefit of using multipart uploads?

You can begin an upload before you know the final object size.

Quick recovery from any network issues.

Pause and resume object uploads.

It\'s more secure than normal uploa

Question 4

In Route 53, what does a Hosted Zone refer to?

A hosted zone is a collection of geographical load balancing rules for Route 53.

A hosted zone is a collection of resource record sets hosted by Route 53.

A hosted zone is a selection of specific resource record sets hosted by CloudFront for distribution to Route 53.

A hosted zone is the Edge Location that hosts the Route 53 records for a use

Question 5

Company has three AWS accounts. They have created separate IAM users within each account. Company wants a single IAM login URL such as https://company.signin.aws.amazon.com/console/
for use by IAM users in all three accounts. How can this be achieved?

Merge all the accounts with consolidated billing

Create the S3 bucket with an alias name and use the redirect rule to forward requests to various accounts

Create the same account alias with each account ID

It is not possible to have the same IAM account login URL for separate AWS accounts

Question 6

A/An ____ acts as a firewall that controls the traffic allowed to reach one or more instances.

security group

ACL

IAM

Private IP Addresses

Question 7

While creating an EC2 snapshot using the API, which Action should I be using?

MakeSnapShot

FreshSnapshot

DeploySnapshot

CreateSnapshot

Question 8

Your system recently experienced down time during the troubleshooting process. You found that a new administrator mistakenly terminated several production EC2 instances.
Which of the following strategies will help prevent a similar situation in the future? The administrator still must be able to:
- launch, start stop, and terminate development resources.
- launch and start production instances.

Create an IAM user, which is not allowed to terminate instances by leveraging production EC2 termination protection.

Leverage resource based tagging along with an IAM user, which can prevent specific users from terminating production EC2 resources.

Leverage EC2 termination protection and multi-factor authentication, which together require users to authenticate before terminating EC2 instances

Create an IAM user and apply an IAM role which prevents users from terminating production EC2 instances.

My answer: -

Reference answer: B

Reference analysis:

Working with volumes
When an API action requires a caller to specify multiple resources, you must create a policy statement that allows users to access all required resources. If you need to use a Condition element with one or more of these resources, you must create multiple statements as shown in this example. The following policy allows users to attach volumes with the tag "volume_user=iam-user-name" to
instances with the tag "department=dev", and to detach those volumes from those instances. If you attach this policy to an IAM group, the aws:username policy variable gives each IAM user in the group permission to attach or detach volumes from the instances with a tag named volume_user that has his or her IAM user name as a value.
$\"SAA-C01$
Launching instances (RunInstances)
The RunInstances API action launches one or more instances. RunInstances requires an AMI and creates an instance; and users can specify a key pair and security group in the request. Launching into EC2-VPC requires a subnet, and creates a network interface. Launching from an Amazon EBS-backed AMI creates a volume. Therefore, the user must have permission to use these Amazon EC2
resources. The caller can also configure the instance using optional parameters to RunInstances, such as the instance type and a subnet. You can create a policy statement that requires users to specify an optional parameter, or restricts users to particular values for a parameter. The examples in this section demonstrate some of the many possible ways that you can control the configuration of an instance that a user can launch.
Note that by default, users don\'t have permission to describe, start, stop, or terminate the resulting instances. One way to grant the users permission to manage the resulting instances is to create a specific tag for each instance, and then create a statement that enables them to manage instances with that tag. For more information, see 2: Working with instances.
/a. AMI
The following policy allows users to launch instances using only the AMIs that have the specified tag, "department=dev", associated with them. The users can\'t launch instances using other AMIs because the Condition element of the first statement requires that users specify an AMI that has this tag. The users also can\'t launch into a subnet, as the policy does not grant permissions for the subnet and network interface resources. They can, however, launch into EC2-Classic. The second statement uses a wildcard to enable users to create instance resources, and requires users to specify the key pair project_keypair and the security group sg-1a2b3c4d. Users are still able to launch instances without a key pair.
$\"SAA-C01$
Alternatively, the following policy allows users to launch instances using only the specified AMIs, ami-9e1670f7 and ami-45cf5c3c. The users can\'t launch an instance using other AMIs (unless another statement grants the users permission to do so), and the users can\'t launch an instance into a subnet.
$\"SAA-C01$
Alternatively, the following policy allows users to launch instances from all AMIs owned by Amazon. The Condition element of the first statement tests whether ec2:Owner is amazon. The users can\'t launch an instance using other AMIs (unless another statement grants the users permission to do so). The users are able to launch an instance into a subnet.
$\"SAA-C01$
/b. Instance type
The following policy allows users to launch instances using only the t2.micro or t2.small instance type, which you might do to control costs. The users can\'t launch larger instances because the Condition element of the first statement tests whether ec2:InstanceType is either t2.micro or t2.small.
$\"SAA-C01$
Alternatively, you can create a policy that denies users permission to launch any instances except t2.micro and t2.small instance types.
$\"SAA-C01$
/c. Subnet
The following policy allows users to launch instances using only the specified subnet, subnet- 12345678. The group can\'t launch instances into any another subnet (unless another statement grants the users permission to do so). Users are still able to launch instances into EC2-Classic.
$\"SAA-C01$
Alternatively, you could create a policy that denies users permission to launch an instance into any other subnet. The statement does this by denying permission to create a network interface, except where subnet subnet-12345678 is specified. This denial overrides any other policies that are created to allow launching instances into other subnets. Users are still able to launch instances into EC2- Classic.
$\"SAA-C01$
https://aws.amazon.com/blogs/security/resource-level-permissions-for-ec2-controllingmanagement- access-on-specific-instances/
*August 2016 Update* One way to work around this is to use a combination of an Amazon CloudWatch Events rule and AWS Lambda to tag newly created instances.

Question 9

A popular e-commerce application runs on AWS. The application encounters performance issues. The database is unable to handle the amount of queries and load during peak times. The database is running on the RDS Aurora engine on the largest instance size available.
What should an administrator do to improve performance?

Convert the database to Amazon Redshift.

Create a CloudFront distribution.

Convert the database to use EBS Provisioned IOPS.

Create one or more read replica

Question 10

Reserved Instances are available for Multi-AZ Deployments.

True

False

Question 11

A customer is leveraging Amazon Simple Storage Service in eu-west-1 to store static content for a web-based property. The customer is storing objects using the Standard Storage class. Where are the customers objects replicated?

A single facility in eu-west-1 and a single facility in eu-central-1

A single facility in eu-west-1 and a single facility in us-east-1

Multiple facilities in eu-west-1

A single facility in eu-west-1

Question 12

You are signed in as root user on your account but there is an Amazon S3 bucket under your account that you cannot access. What is a possible reason for this?

An IAM user assigned a bucket policy to an Amazon S3 bucket and didn\'t specify the root user as a principal

The S3 bucket is full.

The S3 bucket has reached the maximum number of objects allowed.

You are in the wrong availability zone

Question 13

Can a user get a notification of each instance start / terminate configured with Auto Scaling?

Yes, if configured with the Launch Config

Yes, always

Yes, if configured with the Auto Scaling group

Question 14

Because of the extensibility limitations of striped storage attached to Windows Server, Amazon RDS does not currently support increasing storage on a _____ DB Instance.

SQL Server

MySQL

Oracle

Question 15

An AWS customer runs a public blogging website. The site users upload two million blog entries a month. The average blog entry size is 200 KB. The access rate to blog entries drops to negligible 6 months after publication and users rarely access a blog entry 1 year after publication. Additionally,
blog entries have a high update rate during the first 3 months following publication, this drops to no updates after 6 months. The customer wants to use CloudFront to improve his user's load times. Which of the following recommendations would you make to the customer?

Duplicate entries into two different buckets and create two separate CloudFront distributions where S3 access is restricted only to Cloud Front identity

Create a CloudFront distribution with "US\'Europe price class for US/Europe users and a different CloudFront distribution with All Edge Locations\' for the remaining users.

Create a CloudFront distribution with S3 access restricted only to the CloudFront identity and partition the blog entry\'s location in S3 according to the month it was uploaded to be used with CloudFront behaviors.

Create a CloudFronl distribution with Restrict Viewer Access Forward Query string set to true and minimum TTL of 0.

Question 16

You can have 1 subnet stretched across multiple availability zones.

True

False

Question 17

You are migrating an existing enterprise application to AWS. It requires standard file system access from multiple instances. It also requires high storage throughput with consistently low latencies. You are looking for a storage solution that will grow and shrink capacity automatically.
How can you accomplish this in AWS?

Create an Amazon S3 bucket that the application can use for its storage requirements.

Create an Amazon EFS file system and mount it on all of the application instances.

Launch an EBS-backed EC2 instanc

Create and share an NFS mount with the application.

Launch an Amazon Redshift cluster with dense storage nodes to use with the applicatio

Question 18

Can you move a Reserved Instance from one Availability Zone to another?

Yes, but each Reserved Instance is associated with a specific Region that cannot be changed.

Yes, only in US-West-2.

Yes, only in US-East-1.

Question 19

You have a Business support plan with AWS. One of your EC2 instances is running Microsoft Windows Server 2008 R2 and you are having problems with the software. Can you receive support from AWS for this software?

Yes

No, AWS does not support any third-party software.

No, Microsoft Windows Server 2008 R2 is not supported.

No, you need to be on the enterprise support pla

Question 20

You have set up an S3 bucket with a number of images in it and you have decided that you want anybody to be able to access these images, even anonymous users. To accomplish this you create a bucket policy. You will need to use an Amazon S3 bucket policy that specifies a ____ in the principal element, which means anyone can access the bucket.

hash tag (#)

anonymous user

wildcard (*)

S3 user

Question 21

An administrator is using Amazon CloudFormation to deploy a three tier web application that consists of a web tier and application tier that will utilize Amazon DynamoDB for storage when creating the CloudFormation template which of the following would allow the application instance access to the DynamoDB tables without exposing API credentials?

Create an Identity and Access Management Role that has the required permissions to read and write from the required DynamoDB table and associate the Role to the application instances by referencing an instance profile.

Use the Parameter section in the Cloud Formation template to nave the user input Access and Secret Keys from an already created IAM user that has me permissions required to read and write from the required DynamoDB table.

Create an Identity and Access Management Role that has the required permissions to read and write from the required DynamoDB table and reference the Role in the instance profile property of the application instance.

Create an identity and Access Management user in the CloudFormation template that has permissions to read and write from the required DynamoDB table, use the GetAtt function to retrieve the Access and secret keys and pass them to the application instance through user-data.

Question 22

A custom network ACL that you create _____ until you add rules, and is not associated with a subnet until you explicitly associate it with one.

blocks only inbound traffic by default

allows outbound traffic by default

allows all inbound and outbound traffic by default

blocks all inbound and outbound traffic by default

Question 23

An edge location refers to which Amazon Web Service?

An edge location is referred to the network configured within a Zone or Region

An edge location is an AWS Region

An edge location is the location of the data center used for Amazon CloudFront.

An edge location is a Zone within an AWS Region

Question 24

Amazon Web Services offer 3 different levels of support, which of the below are valid support levels.

Corporate, Business, Developer

Enterprise, Business, Developer

Enterprise, Business, Free Tier

Enterprise, Company, Free Tier

Question 25

You have been tasked with creating a VPC network topology for your company. The VPC network must support both Internet-facing applications and internally-facing applications accessed only over VPN. Both Internet-facing and internally-facing applications must be able to leverage at least three AZs for high availability. At a minimum, how many subnets must you create within your VPC to accommodate these requirements?

Question 26

Amazon EC2 provides a repository of public data sets that can be seamlessly integrated into AWS cloud-based applications. What is the monthly charge for using the public data sets?

A 1 time charge of 10$ for all the datasets.

1$ per dataset per month

10$ per month for all the datasets

There is no charge for using the public data sets

Question 27

Which of the following statements is true of tagging an Amazon EC2 resource?

You don\'t need to specify the resource identifier while terminating a resource.

You can terminate, stop, or delete a resource based solely on its tags.

You can\'t terminate, stop, or delete a resource based solely on its tags.

You don\'t need to specify the resource identifier while stopping a resourc

Page: 1 / 24

Total 288 questions Full Exam Access