Our pass rate is high to 98.9% and the similarity percentage between our aws solution architect associate questions study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the Amazon aws solution architect associate questions exam in just one try? I am currently studying for the Amazon aws solution architect associate dumps exam. Latest Amazon aws solution architect associate dumps Test exam practice questions and answers, Try Amazon aws solution architect associate questions Brain Dumps First.

Q161. An EC2 instance is connected to an ENI (Elastic Network Interface) in one subnet. What happens when you attach an ENI of a different subnet to this EC2 instance?

A. The EC2 instance follows the rules of the older subnet

B. The EC2 instance follows the rules of both the subnets

C. Not possible, cannot be connected to 2 ENIs

D. The EC2 instance follows the rules of the newer subnet 

Answer: B

Explanation:

AWS allows you create an elastic network interface (ENI), attach an ENI to an EC2 instance, detach an ENI from an EC2 instance and attach this ENI to another EC2 instance. The attributes of a network traffic follow the ENI which is attached to an EC2 instance or detached from an EC2 instance. When you move an ENI from one EC2 instance to another, network traffic is redirected to the new EC2 instance. You can create and attach additional ENIs to an EC2 instance.

Attaching multiple network interfaces (ENIs) to an EC2 instance is useful to: Create a management network.

Use network and security appliances in your VPC.

Create dual-homed instances with workloads/roles on distinct subnets Create a low-budget, high-availability solution.

Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.htm|


Q162. Can you create IAM security credentials for existing users?

A. Yes, existing users can have security credentials associated with their account.

B. No, IAM requires that all users who have credentials set up are not existing users

C. No, security credentials are created within GROUPS, and then users are associated to GROUPS at a later time.

D. Yes, but only IAM credentials, not ordinary security credentials. 

Answer: A


Q163. You have just set up yourfirst Elastic Load Balancer (ELB) but it does not seem to be configured properly. You discover that before you start using ELB, you have to configure the listeners for your load balancer. Which protocols does ELB use to support the load balancing of applications?

A. HTTP and HTTPS

B. HTTP, HTTPS , TCP, SSL and SSH

C. HTTP, HTTPS , TCP, and SSL

D. HTTP, HTTPS , TCP, SSL and SFTP

Answer:

Explanation:

Before you start using Elastic Load BaIancing(ELB), you have to configure the listeners for your load balancer. A listener is a process that listens for connection requests. It is configured with a protocol and a port number for front-end (client to load balancer) and back-end (load balancer to back-end instance) connections.

Elastic Load Balancing supports the load balancing of applications using HTTP, HTTPS (secure HTTP), TCP, and SSL (secure TCP) protocols. The HTTPS uses the SSL protocol to establish secure connections over the HTTP layer. You can also use SSL protocol to establish secure connections over the TCP layer.

The acceptable ports for both HTTPS/SSL and HTTP/TCP connections are 25, 80, 443, 465, 587, and

1024-65535.

Reference:

http://docs.aws.amazon.com/E|asticLoadBaIancing/latest/DeveIoperGuide/elb-listener-config.htmI


Q164. Your company has an on-premises multi-tier PHP web application, which recently experienced downtime due to a large burst In web traffic due to a company announcement Over the coming days, you are expecting similar announcements to drive similar unpredictable bursts, and are looking to find ways to quickly improve your infrastructures ability to handle unexpected increases in traffic.

The application currently consists of 2 tiers a web tier which consists of a load balancer and several Linux Apache web servers as well as a database tier which hosts a Linux server hosting a MySQL database. Which scenario below will provide full site functionality, while helping to improve the ability of your application in the short timeframe required?

A. Failover environment: Create an 53 bucket and configure it for website hosting. Migrate your DNS to Route53 using zone file import, and leverage Route53 DNS failover to failover to the 53 hosted website.

B. Hybrid environment: Create an AMI, which can be used to launch web servers in EC2. Create an Auto Scaling group, which uses the AMI to scale the web tier based on incoming traffic. Leverage Elastic Load Balancing to balance traffic between on-premises web servers and those hosted In AWS.

C. Offload traffic from on-premises environment: Setup a C|oudFront distribution, and configure CIoudFront to cache objects from a custom origin. Choose to customize your object cache behavior, and select a TIL that objects should exist in cache.

D. Migrate to AWS: Use VM Import/Export to quickly convert an on-premises web server to an AMI. Create an Auto Scaling group, which uses the imported AMI to scale the web tier based on incoming traffic. Create an RDS read replica and setup replication between the RDS instance and on-premises MySQL server to migrate the database.

Answer: C


Q165. You're trying to delete an SSL certificate from the IAM certificate store, and you're getting the message "Certificate: <certificate-id> is being used by CIoudFront." Which of the following statements is probably the reason why you are getting this error?

A. Before you can delete an SSL certificate, you need to either rotate SSL certificates or revert from using a custom SSL certificate to using the default CIoudFront certificate.

B. You can't delete SSL certificates . You need to request it from AWS.

C. Before you can delete an SSL certificate, you need to set up the appropriate access level in IAM

D. Before you can delete an SSL certificate you need to set up https on your server. 

Answer: A

Explanation:

CIoudFront is a web service that speeds up distribution of your static and dynamic web content, for example, .htmI, .css, .php, and image files, to end users.

Every CIoudFront web distribution must be associated either with the default CIoudFront certificate or with a custom SSL certificate. Before you can delete an SSL certificate, you need to either rotate SSL  certificates (replace the current custom SSL certificate with another custom SSL certificate) or revert from using a custom SSL certificate to using the default CIoudFront certificate.

Reference: http://docs.aws.amazon.com/AmazonCIoudFront/latest/Deve|operGuide/Troubleshooting.htm|


Q166. Can Amazon 53 uploads resume on failure or do they need to restart?

A. Restart from beginning

B. You can resume them, if you flag the "resume on fai lure" option before uploading.

C. Resume on failure

D. Depends on the file size 

Answer: C


Q167. Can I use Provisioned IOPS with VPC?

A. Only Oracle based RDS

B. No

C. Only with MSSQL based RDS

D. Yes for all RDS instances 

Answer: D


Q168. You are designing a connectMty solution between on-premises infrastructure and Amazon VPC. Your server's on-premises will De communicating with your VPC instances. You will De establishing IPSec tunnels over the internet You will be using VPN gateways and terminating the IPsec tunnels on AWS supported customer gateways.

Which of the following objectives would you achieve by implementing an IPSec tunnel as outlined above? (Choose 4 answers)

A. End-to-end protection of data in transit

B. End-to-end Identity authentication

C. Data encryption across the Internet

D. Protection of data in transit over the Internet

E. Peer identity authentication between VPN gateway and customer gateway

F. Data integrity protection across the Internet

Answer: C, 0, E, F