Amazon (SAP-C01) Exam Questions And Answers page 66
Regarding Amazon SNS, you can send notification messages to mobile devices through any of the following supported push notification services, EXCEPT:
Google Cloud Messaging for Android (GCM)
Amazon Device Messaging (ADM)
Apple Push Notification Service (APNS)
Designing highly available, cost-efficient, fault-tolerant, scalable systems
Regarding Identity and Access Management (IAM), Which type of special account belonging to your application allows your code to access Google services programmatically?
Service account
Simple Key
OAuth
Code account
Designing for security and compliance
Select the correct set of options. These are the initial settings for the default security group:
Allow no inbound traffic, Allow all outbound traffic and Allow instances associated with this security group to talk to each other
Allow all inbound traffic, Allow no outbound traffic and Allow instances associated with this security group to talk to each other
Allow no inbound traffic, Allow all outbound traffic and Does NOT allow instances associated with this security group to talk to each other
Allow all inbound traffic, Allow all outbound traffic and Does NOT allow instances associated with this security group to talk to each other
Designing for security and compliance
What is the correct statement about Amazon ElastiCache?
Single Choice
Select the correct statement about Amazon ElastiCache.
It makes it easy to set up, manage, and scale a distributed in-memory cache environment in the cloud.
It allows you to quickly deploy your cache environment only if you install software.
It does not integrate with other Amazon Web Services.
It cannot run in the Amazon Virtual Private Cloud (Amazon VPC) environment.
Designing highly available, cost-efficient, fault-tolerant, scalable systems
Designing for security and compliance
Someone has recommended a new client to you and you know he is into online gaming and you are almost certain he will want to set up an online gaming site which will require a database service that provides fast and predictable performance with seamless scalability.
Which of the following AWS databases would be best suited to an online gaming site?
Which of the following AWS databases would be best suited to an online gaming site?
Amazon SimpleDB
Amazon DynamoDB
Amazon Redshift
Amazon ElastiCache
Designing highly available, cost-efficient, fault-tolerant, scalable systems
Designing enterprise-wide scalable operations on AWS
Someone is creating a VPC for their application hosting. He has created two private subnets in the same availability zone and created one subnet in a separate availability zone. He wants to make a High Availability system with an internal Elastic Load Balancer.
Which choice is true regarding internal ELBs in this scenario? (Choose two.)
Which choice is true regarding internal ELBs in this scenario? (Choose two.)
Internal ELBs should only be launched within private subnets.
Amazon ELB service does not allow subnet selection; instead it will automatically select all the available subnets of the VPC.
Internal ELBs can support only one subnet in each availability zone.
An internal ELB can support all the subnets irrespective of their zones.
Designing highly available, cost-efficient, fault-tolerant, scalable systems
Designing enterprise-wide scalable operations on AWS
The AWS IT infrastructure that AWS provides, complies with the following IT security standards, including:
SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70 Type II), SOC 2 and SOC 3
FISMA, DIACAP, and FedRAMP
PCI DSS Level 1, ISO 27001, ITAR and FIPS 140-2
HIPAA, Cloud Security Alliance (CSA) and Motion Picture Association of America (MPAA)
All of the above
Designing for security and compliance
The CFO of a company wants to allow one of his employees to view only the AWS usage report page.
Which of the below mentioned IAM policy statements allows the user to have access to the AWS usage report page?
Which of the below mentioned IAM policy statements allows the user to have access to the AWS usage report page?
"Effect": "Allow", "Action": ["Describe"], "Resource": "Billing"
"Effect": "Allow", "Action": ["aws-portal: ViewBilling"], "Resource": "*"
"Effect": "Allow", "Action": ["aws-portal: ViewUsage"], "Resource": "*"
"Effect": "Allow", "Action": ["AccountUsage], "Resource": "*"
Designing enterprise-wide scalable operations on AWS
The CISO of a large enterprise with multiple IT departments, each with its own AWS account, wants one central place where AWS permissions for users can be managed and users authentication credentials can be synchronized with the company s existing on-premises solution.
Which solution will meet the CISO s requirements?
Which solution will meet the CISO s requirements?
Define AWS IAM roles based on the functional responsibilities of the users in a central account. Create a SAML-based identity management provider. Map users in the on-premises groups to IAM roles. Establish trust relationships between the other accounts and the central account.
Deploy a common set of AWS IAM users, groups, roles, and policies in all of the AWS accounts using AWS Organizations. Implement federation between the on-premises identity provider and the AWS accounts.
Use AWS Organizations in a centralized account to define service control policies (SCPs). Create a SAML-based identity management provider in each account and map users in the on-premises groups to AWS IAM roles.
Perform a thorough analysis of the user base and create AWS IAM users accounts that have the necessary permissions. Set up a process to provision and deprovision accounts based on data in the on-premises solution.
Designing for security and compliance
The company Security team requires that all data uploaded into an Amazon S3 bucket must be encrypted. The encryption keys must be highly available and the company must be able to control access on a per-user basis, with different users having access to different encryption keys.
Which of the following architectures will meet these requirements? (Choose two.)
Which of the following architectures will meet these requirements? (Choose two.)
Use Amazon S3 server-side encryption with Amazon S3-managed keys. Allow Amazon S3 to generate an AWS/S3 master key, and use IAM to control access to the data keys that are generated.
Use Amazon S3 server-side encryption with AWS KMS-managed keys, create multiple customer master keys, and use key policies to control access to them.
Use Amazon S3 server-side encryption with customer-managed keys, and use AWS CloudHSM to manage the keys. Use CloudHSM client software to control access to the keys that are generated.
Use Amazon S3 server-side encryption with customer-managed keys, and use two AWS CloudHSM instances configured in high-availability mode to manage the keys. Use the CloudHSM client software to control access to the keys that are generated.
Use Amazon S3 server-side encryption with customer-managed keys, and use two AWS CloudHSM instances configured in high-availability mode to manage the keys. Use IAM to control access to the keys that are generated in CloudHSM.
Designing highly available, cost-efficient, fault-tolerant, scalable systems
Designing for security and compliance
Comments