Amazon (SAP-C01) Exam Questions And Answers page 42
An organization is planning to extend their data center by connecting their DC with the AWS VPC using the VPN gateway. The organization is setting up a dynamically routed VPN connection.
Which of the below mentioned answers is not required to setup this configuration?
Which of the below mentioned answers is not required to setup this configuration?
Elastic IP ranges that the organization wants to advertise over the VPN connection to the VPC.
Internet-routable IP address (static) of the customer gateway's external interface.
Border Gateway Protocol (BGP) Autonomous System Number (ASN) of the customer gateway.
Designing highly available, cost-efficient, fault-tolerant, scalable systems
Implementing cost control strategies
An organization is planning to host an application on the AWS VPC. The organization wants dedicated instances. However, an AWS consultant advised the organization not to use dedicated instances with VPC as the design has a few limitations.
Which of the below mentioned statements is not a limitation of dedicated instances with VPC?
Which of the below mentioned statements is not a limitation of dedicated instances with VPC?
All instances launched with this VPC will always be dedicated instances and the user cannot use a default tenancy model for them.
It does not support the AWS RDS with a dedicated tenancy VPC.
The user cannot use Reserved Instances with a dedicated tenancy model.
The EBS volume will not be on the same tenant hardware as the EC2 instance though the user has configured dedicated tenancy.
Designing highly available, cost-efficient, fault-tolerant, scalable systems
An organization is planning to host a web application in the AWS VPC. The organization does not want to host a database in the public cloud due to statutory requirements.
How can the organization setup in this scenario?
How can the organization setup in this scenario?
The organization should plan the app server on the public subnet and database in the organization's data center and connect them with the VPN gateway.
The organization should plan the app server on the public subnet and use RDS with the private subnet for a secure data operation.
The organization should use the public subnet for the app server and use RDS with a storage gateway to access as well as sync the data securely from the local data center.
The organization should plan the app server on the public subnet and database in a private subnet so it will not be in the public cloud.
Designing enterprise-wide scalable operations on AWS
Designing for security and compliance
An organization is planning to host a Wordpress blog as well a joomla CMS on a single instance launched with VPC. The organization wants to have separate domains for each application and assign them using Route 53. The organization may have about ten instances each with two applications as mentioned above. While launching the instance, the organization configured two separate network interfaces (primary + ENI) and wanted to have two elastic IPs for that instance. It was suggested to use a public IP from AWS instead of an elastic IP as the number of elastic IPs is restricted.
What action will you recommend to the organization?
What action will you recommend to the organization?
I agree with the suggestion but will prefer that the organization should use separate subnets with each ENI for different public IPs.
I do not agree as it is required to have only an elastic IP since an instance has more than one ENI and AWS does not assign a public IP to an instance with multiple ENIs.
I do not agree as AWS VPC does not attach a public IP to an ENI; so the user has to use only an elastic IP only.
I agree with the suggestion and it is recommended to use a public IP from AWS since the organization is going to use DNS with Route 53.
Designing highly available, cost-efficient, fault-tolerant, scalable systems
Designing for security and compliance
An organization is planning to host a Wordpress blog as well as joomla CMS on a single instance launched with VPC. The organization wants to create separate domains for each application using Route 53. The organization may have about ten instances each with these two applications. While launching each instance, the organization configured two separate network interfaces (primary + secondary ENI) with their own Elastic IPs to the instance. The suggestion was to use a public IP from AWS instead of an Elastic IP as the number of elastic IPs allocation per region is restricted in the account.
What action will you recommend to the organization?
What action will you recommend to the organization?
Only Elastic IP can be used by requesting limit increase, since AWS does not assign a public IP to an instance with multiple ENIs.
AWS VPC does not attach a public IP to an ENI; so the only way is to use an Elastic IP.
I agree with the suggestion but will prefer that the organization should use separate subnets with each ENI for different public IPs.
I agree with the suggestion and it is recommended to use a public IP from AWS since the organization is going to use DNS with Route 53.
Designing highly available, cost-efficient, fault-tolerant, scalable systems
Designing enterprise-wide scalable operations on AWS
An organization is planning to setup a management network on the AWS VPC. The organization is trying to secure the webserver on a single VPC instance such that it allows the internet traffic as well as the back-end management traffic. The organization wants to make so that the back end management network interface can receive the SSH traffic only from a selected IP range, while the internet facing webserver will have an IP address which can receive traffic from all the internet IPs.
How can the organization achieve this by running web server on a single instance?
How can the organization achieve this by running web server on a single instance?
It is not possible to have two IP addresses for a single instance.
The organization should create two network interfaces with the same subnet and security group to assign separate IPs to each network interface.
The organization should create two network interfaces with separate subnets so one instance can have two subnets and the respective security groups for controlled access.
The organization should launch an instance with two separate subnets using the same network interface which allows to have a separate CIDR as well as security groups.
Designing enterprise-wide scalable operations on AWS
Designing for security and compliance
An organization is planning to use NoSQL DB for its scalable data needs. The organization wants to host an application securely in AWS VPC.
What action can be recommended to the organization?
What action can be recommended to the organization?
The organization should setup their own NoSQL cluster on the AWS instance and configure route tables and subnets.
The organization should only use a DynamoDB because by default it is always a part of the default subnet provided by AWS.
The organization should use a DynamoDB while creating a table within the public subnet.
The organization should use a DynamoDB while creating a table within a private subnet.
Designing enterprise-wide scalable operations on AWS
Designing for security and compliance
An organization is purchasing licensed software. The software license can be registered only to a specific MAC Address. The organization is going to host the software in the AWS environment.
How can the organization fulfil the license requirement as the MAC address changes every time an instance is started/stopped/terminated?
How can the organization fulfil the license requirement as the MAC address changes every time an instance is started/stopped/terminated?
It is not possible to have a fixed MAC address with AWS.
The organization should use VPC with the private subnet and configure the MAC address with that subnet.
The organization should use VPC with an elastic network interface which will have a fixed MAC Address.
The organization should use VPC since VPC allows to configure the MAC address for each EC2 instance.
Designing highly available, cost-efficient, fault-tolerant, scalable systems
Designing for security and compliance
An organization is setting a website on the AWS VPC. The organization has blocked a few IPs to avoid a D-DOS attack.
How can the organization configure that a request from the above mentioned IPs does not access the application instances?
How can the organization configure that a request from the above mentioned IPs does not access the application instances?
Create an IAM policy for VPC which has a condition to disallow traffic from that IP address.
Configure a security group at the subnet level which denies traffic from the selected IP.
Configure the security group with the EC2 instance which denies access from that IP address.
Configure an ACL at the subnet which denies the traffic from that IP address.
Designing highly available, cost-efficient, fault-tolerant, scalable systems
Designing for security and compliance
An organization is setting up a backup and restore system in AWS of their in premise system. The organization needs High Availability(HA) and Disaster Recovery(DR) but is okay to have a longer recovery time to save costs.
Which of the below mentioned setup options helps achieve the objective of cost saving as well as DR in the most effective way?
Which of the below mentioned setup options helps achieve the objective of cost saving as well as DR in the most effective way?
Setup pre-configured servers and create AMIs. Use EIP and Route 53 to quickly switch over to AWS from in premise.
Setup the backup data on S3 and transfer data to S3 regularly using the storage gateway.
Setup a small instance with AutoScaling; in case of DR start diverting all the load to AWS from on premise.
Replicate on premise DB to EC2 at regular intervals and setup a scenario similar to the pilot light.
Designing highly available, cost-efficient, fault-tolerant, scalable systems
Implementing cost control strategies
Comments