©2019 by Raghavendra Kambhampati

AWS SA Associate Practice Questions – 15

Question 1:

What are the minimum components required to enable a web-based

application with public web servers and a private database tier? (select three)

A. Internet gateway

B. Assign EIP addressing to database instances on private subnet

C. Virtual private gateway

D. Assign database instances to private subnet and private IP addressing

E. Assign EIP and private IP addressing to web servers on public subnet

Answer (A,D,E)

Question 2:

Refer to the network drawing. How are packets routed from private subnet

to public subnet for the following web-based application with a database tier?

A. Internet gateway

B. custom route table

C. 10.0.0.0/16

D. nat-instance-id

E. igw-id

F. add custom route table

Answer (D)

Question 3:

What VPC component provides Network Address Translation?

A. NAT instance

B. NAT gateway

C. virtual private gateway

D. Internet gateway

E. ECS

Answer (D)

Question 4:

What are the advantages of NAT gateway over NAT instance? (Select two)

A. NAT gateway requires a single EC2 instance

B. NAT gateway is scalable

C. NAT gateway translates faster

D. NAT gateways is a managed service

E. NAT gateway is Linux-based

Answer (B,D)

Question 5:

What is the management responsibility of tenants and not Amazon AWS?

A. EC2 instances

B. RDS

C. Beanstalk

D. NAT instance

Answer (A,D)

Question 6:

What two features provide an encrypted (VPN) connection from VPC to an

enterprise data center?

A. Internet gateway

B. Amazon RDS

C. Virtual private gateway

D. CSR 1000V router

E. NAT gateway

Answer (C,D)

Question 7:

What two attributes are supported when configuring an Amazon Virtual

private gateway (VPG)?

A. route propagation

B. Elastic IP (EIP)

C. DHCP

D. public IPv4 address

E. public subnets

Answer (A,C)

Question 8:

What two features are available with AWS Direct Connect service?

A. internet access

B. extend on-premises VLANs to cloud

C. bidirectional forwarding detection (BFD)

D. load balancing between Direct Connect and VPN connection

E. public and private AWS services

Answer (C,E)

Question 9:

When is Direct Connect a preferred solution over VPN IPsec?

A. fast and reliable connection

B. redundancy is a key requirement

C. fast and easy to deploy

D. layer 3 connectivity

E. layer 2 connectivity

Answer (A)

Question 10:

You have been asked to setup a VPC endpoint connection between VPC and

S3 buckets for storing backups and snapshots. What AWS components are

currently required when configuring a VPC endpoint?

A. Internet gateway

B. NAT instance

C. Elastic IP

D. private IP address

Answer (D)

Question 11:

What are the primary advantages of VPC endpoints? (Select two)

A. reliability

B. cost

C. throughput

D. security

Answer (B,D)

Question 12:

What are the DHCP option attributes used to assign private DNS servers to

your VPC?

A. dns resolution and domain name

B. hostnames and internet domain

C. domain servers and domain name

D. domain-name-servers and domain-name

Answer (D)

Question 13:

What DNS attributes are configured when Default VPC option is selected?

A. DNS resolution: yes / DNS hostnames: yes

B. DNS resolution: yes / DNS hostnames: no

C. DNS resolution: no / DNS hostnames: yes

D. DNS resolution: no / DNS hostnames: no

Answer (A)

Question 14:

What configuration settings are required from the remote VPC in order to

create cross-account peering? (Select three)

A. VPC ID

B. account username

C. account ID

D. CMK keys

E. VPC CIDR block

F. volume type

Answer (A,C,E)

Question 15:

What CIDR block range is supported for IPv4 addressing and subnetting

within a single VPC?

A. /16 to /32

B. /16 to /24

C. /16 to /28

D. /16 to /20

Answer (C)

Question 16:

What problem is caused by the fact that VPC peering does not permit

transitive routing?

A. additional VPC route tables to manage

B. virtual private gateway is required

C. Internet gateway is required for each VPC

D. routing between connected spokes through hub VPC is complex

E. increased number of peer links required

Answer (E)

Question 17:

What two statements correctly describes Elastic Load Balancer operation?

A. spans multiple regions

B. assigned per EC2 instance

C. assigned per subnet

D. assigned per Auto-Scaling group

E. no cross-region support

Answer (D,E)

Question 18:

What are two advantages of Elastic IP (EIP) over AWS public IPv4

addresses?

A. EIP can be reassigned

B. EIP is private

C. EIP is dynamic

D. EIP is persistent

E. EIP is public and private

Answer (A,D)

Question 19:

What AWS services are globally managed? (Select four)

A. IAM

B. S3

C. CloudFront

D. Route 53

E. DynamoDB

F. WAF

G. ELB

Answer (A,C,D,F)

Question 20:

What methods are available for creating a VPC? (Select three)

A. AWS management console

B. AWS marketplace

C. VPC wizard

D. VPC console

E. Direct Connect

Answer (A,C,D)

Question 21:

What two default settings are configured for tenants by AWS when Default

VPC option is selected?

A. creates a size /20 default subnet in each Availability Zone

B. creates an Internet gateway

C. creates a main route table with local route 10.0.0.0/16

D. create a virtual private gateway

E. create a security group that explicitly denies all traffic

Answer (A,B)

Question 22:

What three statements correctly describes IP address allocation within a VPC?

A. EC2 instance must be terminated to reassign an IP address

B. EC2 instance that is paused can reassign IP address

C. EC2 instance that is stopped can reassign IP address

D. private IP addresses are allocated from a pool and can be reassigned

E. private IP addresses can be assigned by tenant

F. VPC supports dual stack mode (IPv4/IPv6)

Answer (A,E,F)

Question 23:

What are two advantages of selecting default tenancy option for your VPC

when creating it?

A. performance and reliability

B. some AWS services do not work with a dedicated tenancy VPC

C. tenant can launch instances within VPC as default or dedicated

instances

D. instance launch is faster

Answer (B,C)

Question 24:

What is the purpose of a local route within a VPC route table?

A. local route is derived from the default VPC CIDR block 10.0.0.0/16

B. communicate between instances within the same subnet or different

subnets

C. used to communicate between instances within the same subnet

D. default route for communicating between private and public subnets

E. only installed in the main route table

Answer (C)

Question 25:

What is the default behavior when adding a new subnet to your VPC? (Select

two)

A. new subnet is associated with the main route table

B. new subnet is associated with the custom route table

C. new subnet is associated with any selected route table

D. new subnet is assigned to the default subnet

E. new subnet is assigned from the VPC CIDR block

Answer (A,E)

Question 26:

You have enabled Amazon RDS database services in VPC1 for an application

that has public web servers in VPC2. How do you connect the web servers to

the RDS database instance so they can communicate considering the VPC’s

are in the same region?

A. VPC endpoints

B. VPN gateway

C. path-based routing

D. VPC peering

E. AWS Network Load Balancer

Answer (D)

Question 27:

What AWS services now support VPC endpoints feature for optimizing

security? (Select three)

A. Kinesis

B. DNS Route 53

C. S3

D. DynamoDB

E. RDS

Answer (A,C,D)

Question 28:

What are three characteristics of an Amazon Virtual Private Cloud?

A. public and private IP addressing

B. broadcasts

C. multiple private IP addresses per network interface

D. dedicated single tenant hardware only

E. persistent public IP addresses

F. HSRP

Answer (A,C,E)

Question 29:

What is the difference between VPC main route table and custom route table?

A. VPC only creates a main route table when started

B. custom route table is the default

C. custom route table is created for public subnets

D. custom route table is created for private subnets

E. main route table is created for public and private subnets

Answer (C)

Question 30:

What is the purpose of the native VPC router?

A. route packets across the internet

B. route packets between private cloud instances

C. route packets between subnets

D. route packets from instances to S3 storage volumes

E. route packets across VPN

Answer (C)

Question 31:

How are private DNS servers assigned to an Amazon VPC?

A. not supported

B. select nondefault VPC

C. select default VPC

D. select EC-2 classic

Answer (B)

Question 32:

What are two characteristics of an Amazon security group?

A. instance level packet filtering

B. deny rules only

C. permit rules only

D. subnet level packet filtering

E. inbound only

Answer (A,C)

Question 33:

What statement is true of Network Access Control Lists

(ACL) operation within an Amazon VPC?

A. instance and subnet level packet filtering

B. subnet level packet filtering

C. inbound only

D. only one ACL allowed per VPC

E. outbound only

Answer (B)

Question 34:

How are packets forwarded between public and private subnets within VPC?

A. EIP

B. NAT

C. main route table

D. VPN

Answer (B)

Question 35:

What two statements accurately describe Amazon VPC architecture?

A. Elastic Load Balancer (ELB) cannot span multiple availability zones

B. VPC does not support DMVPN connection

C. VPC subnet cannot span multiple availability zones

D. VPC cannot span multiple regions

E. Flow logs are not supported within a VPC

Answer (C,D)

Question 36:

What is a requirement for attaching EC2 instances to on-premises clients and

applications?

A. Amazon Virtual Private Gateway (VPN)

B. Amazon Internet Gateway

C. VPN Connection

D. Elastic Load Balancer (ELB)

E. NAT

Answer (B)

Question 37:

What two statements correctly describe Amazon virtual private gateway?

A. assign to private subnets only

B. assign to public subnets only

C. single virtual private gateway per VPC

D. multiple virtual private gateways per VPC

E. single virtual private gateway per region

Answer (A,C)

Question 38:

What is the maximum access port speed available with Amazon Direct

Connect service?

A. 1 Gbps

B. 10 Gbps

C. 500 Mbps

D. 100 Gbps

E. 100 Mbps

Answer (B)

Question 39:

Refer to the drawing. Your company has asked you to configure a peering link

between two VPCs that are currently not connected or exchanging any

packets. What destination and target is configured in the routing table of

VPC1 to enable packet forwarding to VPC2?

A. destination = 172.16.0.0/16

target = pcx-vpc2vpc1

B. destination = 10.0.0.0/16

target = pcx-vpc2

C. destination = 172.16.0.0/16

target = 10.0.0.0/16

D. destination = 172.16.0.0/16

target = pcx-vpc1vpc2

E. default route only

Answer (D)

Question 40:

How is routing enabled by default within a VPC for an EC2 instance?

A. add a default route

B. main route table

C. custom route table

D. must be configured explicitly

Answer (B)

Question 41:

What three features are not supported with VPC peering?

A. overlapping CIDR blocks

B. IPv6 addressing

C. Gateways

D. transitive routing

E. RedShift

F. ElastiCache

Answer (A,C,D)

Question 42:

What route is used in a VPC routing table for packet forwarding to a

Gateway?

A. static route

B. 10.0.0.0/16

C. tenant configured

D. 0.0.0.0/0

E. 0.0.0.0/16

Answer (D)

Question 43:

You are asked to deploy a web application comprised of multiple public web

servers with only private addressing assigned. What Amazon AWS solutions

enables multiple servers on a private subnet with only a single EIP required

and Availability Zone redundancy?

A. NAT instance

B. Internet gateway

C. virtual private gateway

D. NAT gateway

E. Elastic Network Interface (ENI)

Answer (D)

Question 44:

What is the IP addressing schema assigned to a default VPC?

A. 172.31.0.0/16 CIDR block subnetted with 172.31.0.0/20

B. 172.16.0.0/16 CIDR block subnetted with 172.16.0.0/24

C. 10.0.0.0/16 CIDR block subnetted with 10.0.0.0/24

D. 172.16.0.0/24 CIDR block subnetted with 172.31.0.0/18

Answer (A)

Question 45:

What default configuration and components are added by AWS when Default

VPC type is selected? (Select three)

A. Internet gateway

B. virtual private gateway

C. NAT instance

D. security group

E. DNS

Answer (A,D,E)

Question 46:

What feature requires tenants to disable source/destination check?

A. Elastic IP (EIP)

B. data replication

C. VPC peering

D. NAT

E. Internet gateway

Answer (D)