Browse SAP Questions
Study all 100 questions at your own pace with detailed explanations
Total: 100 questionsPage: 6 of 10
Question 51 of 100
Your multi-national customer wants to rewrite a website portal to "take advantage of AWS best practices". Other of information that you have for this large Enterprise customer is as follows : Part of the portal is an employee-only section, and authentication must be against the corporate Active Directory. You used a web analytics website to discover that on average there were 140,000 visitors per month over the past year, a peak of 187,000 unique visitors last month, and a minimum of 109,000 unique visitors two months ago. You have no information about what percentage of these visitors represents employees who signed into the portal. The web analytics website also revealed that traffic breakdown is 40 percent South America, 50 percent North America, and 10 percent other. The customer's primary data center is located in Sao Paulo Brazil. Their chief technology officer believes that response time for logging in to the employee portal is a primary metric, because employees complain that the current website is too slow in this regard.When you present your proposed application architecture to the customer, which of the following should you propose as part of the architecture? Choose 3 answers
ADo not use Amazon CloudFront, because the employees who log in to the portal have unique (private) session data that should not be cached in a content delivery network.
BEstablish the AWS presence in the us-east region, with a dedicated pipe to the corporate datacenter.
CUse Amazon CloudFront to cache pages for users at the nearest edge location.
DA three-subnet VPC, with an AD controller in the AWS region. The AWS AD controller will be part of the primary AD controller's forest, and will synchronize with the corporate controller over a dedicated pipe to the corporate data center.
EEstablish the AWS presence in multiple regions: SA-EAST, and also US-EAST, with a dedicated pipe from both SA-EAST and US-EAST to the corporate data center - and also a dedicated connection between regions. Replicate data as needed between the regions. Use a geo load balancer to determine which region is primary for a given user.
FA three-subnet VPC, with all AD calls traversing a dedicated pipe to the corporate data center.
💡 Try to answer first, then click "Show Answer" to see the correct answer and explanation
Question 52 of 100
You are designing a data leak prevention solution for your VPC environment. You want your VPC Instances to be able to access software depots and distributions on the Internet for product updates. The depots and distributions are accessible via third party CDNs by their URLs. You want to explicitly deny any other outbound connections from your VPC instances to hosts on the Internet. Which of the following options would you consider?
AConfigure a web proxy server in your VPC and enforce URL-based rules for outbound access Remove default routes.
BImplement security groups and configure outbound rules to only permit traffic to software depots.
CMove all your instances into private VPC subnets remove default routes from all routing tables and add specific routes to the software depots and distributions only.
DImplement network access control lists to all specific destinations, with an Implicit deny as a rule.
💡 Try to answer first, then click "Show Answer" to see the correct answer and explanation
Question 53 of 100
You want to set up a public website on AWS. The things that you require are as follows: You want the database and the application server running on AWS VPC. You want the database to be able to connect to the Internet, specifically for any patch upgrades. You do not want to receive any incoming requests from the Internet to the database. Which of the following solutions would be the best to satisfy all the above requirements for your planned public website on AWS? Choose the correct answer:
ASet up the database in a public subnet with a security group which only allows inbound traffic.
BSet up the public website on a public subnet and set up the database in a private subnet which connects to the Internet via a NAT instance.
CSet up the database in a local data center and use a private gateway to connect the application to the database.
DSet up the database in a private subnet with a security group which only allows outbound traffic.
💡 Try to answer first, then click "Show Answer" to see the correct answer and explanation
Question 54 of 100
To serve Web traffic for a popular product your chief financial officer and IT director have purchased 10 ml large heavy utilization Reserved Instances (RIs) evenly spread across two availability zones: Route 53 is used to deliver the traffic to an Elastic Load Balancer (ELB). After several months, the product grows even more popular and you need additional capacity. As a result, your company purchases two c3.2xlarge medium utilization RIs. You register the two c3.2xlarge instances with your ELB and quickly find that the m1.large instances are at 100% of capacity and the c3.2xlarge instances have significant capacity that’s unused. Which option is the most cost effective and uses EC2 capacity most effectively?
AUse a separate ELB for each instance type and distribute load to ELBs with Route 53 weighted round robin
BConfigure Autoscaling group and Launch Configuration with ELB to add up to 10 more on-demand m1.large instances when triggered by CloudWatch shut off c3.2xlarge instances
CRoute traffic to EC2 m1.large and c3.2xlarge instances directly using Route 53 latency based routing and health checks shut off ELB
DConfigure ELB with two c3.2xlarge Instances and use on-demand Autoscaling group for up to two additional c3.2xlarge instances. Shut on m1.large instances.
💡 Try to answer first, then click "Show Answer" to see the correct answer and explanation
Question 55 of 100
A company has configured and peered two VPCs: VPC-1 and VPC-2. VPC-1 contains only private subnets, and VPC-2 contains only public subnets. The company uses a single AWS Direct Connect connection and private virtual interface to connect their on-premises network with VPC-1. Which two methods increase the fault tolerance of the connection to VPC-1? Choose 2 answers
AEstablish a hardware VPN over the internet between VPC-2 and the on-premises network.
BEstablish a hardware VPN over the internet between VPC-1 and the on-premises network
CEstablish a new AWS Direct Connect connection and private virtual interface in the same region as VPC-2
DEstablish a new AWS Direct Connect connection and private virtual interface in a different AWS region than VPC-1.
EEstablish a new AWS Direct Connect connection and private virtual interface in the same AWS region as VPC-1
💡 Try to answer first, then click "Show Answer" to see the correct answer and explanation
Question 56 of 100
You are designing a personal document-archiving solution for your global enterprise with thousands of employee. Each employee has potentially gigabytes of data to be backed up in this archiving solution. The solution will be exposed to he employees as an application, where they can just drag and drop their files to the archiving system. Employees can retrieve their archives through a web interface. The corporate network has high bandwidth AWS DirectConnect connectivity to AWS. You have regulatory requirements that all data needs to be encrypted before being uploaded to the cloud. How do you implement this in a highly available and cost efficient way?
AManage encryption keys on-premise in an encrypted relational database. Set up an on-premises server with sufficient storage to temporarily store files and then upload them to Amazon S3, providing a client-side master key.
BManage encryption keys in a Hardware Security Module (HSM) appliance on-premise server with sufficient storage to temporarily store, encrypt, and upload files directly into amazon Glacier.
CManage encryption keys in amazon Key Management Service (KMS), upload to amazon simple storage service (s3) with client-side encryption using a KMS customer master key ID and configure Amazon S3 lifecycle policies to store each object using the amazon glacier storage tier.
DManage encryption keys in an AWS CloudHSM appliance. Encrypt files prior to uploading on the employee desktop and then upload directly into amazon glacier
💡 Try to answer first, then click "Show Answer" to see the correct answer and explanation
Question 57 of 100
Your security team have approached you and asked that you restrict the ability of an EC2 instance to access a certain remote DNS API endpoint. The remote endpoint may change IP's over time and its imperative it can NEVER access this endpoint. What solution will work as expected?
AConfigure the NACL of the instance subnet to block any outbound traffic to the FQDN of the API endpoint or its return traffic
BConfigure the SG of the instance to block any outbound traffic to the FQDN of the API endpoint or its return traffic
CConfigure Layer-7 filtering on the NAT Gateway in the VPC and add a DNS blacklist entry
DUse an 'on instance' proxy and configure this to perform DNS resolution and only allow traffic which doesn't breach security restrictions.
💡 Try to answer first, then click "Show Answer" to see the correct answer and explanation
Question 58 of 100
You have a periodic Image analysis application that gets some files as input, analyzes them and for each file writes some data in output to a temp file. The number of files in input per day is high and concentrated in a few hours of the day. Currently you have a server on EC2 with a large EBS volume that hosts the input data and the results it takes almost 20 hours per day to complete the process. What services could be used to reduce the elaboration time and improve the availability of the solution?
AS3 to store I/O files. SQS to distribute elaboration commands to a group of hosts working in parallel. Auto scaling to dynamically size the group of hosts depending on the length of the SQS queue
BEBS with Provisioned IOPS (PIOPS) to store I/O files. SNS to distribute elaboration commands to a group of hosts working in parallel Auto Scaling to dynamically size the group of hosts depending on the number of SNS notifications
CS3 to store I/O files, SNS to distribute elaboration commands to a group of hosts working in parallel. Auto scaling to dynamically size the group of hosts depending on the number of SNS notifications
DEBS with Provisioned IOPS (PIOPS) to store I/O files SQS to distribute elaboration commands to a group of hosts working in parallel Auto Scaling to dynamically size the group to hosts depending on the length of the SQS queue.
💡 Try to answer first, then click "Show Answer" to see the correct answer and explanation
Question 59 of 100
Your customer is implementing a video on-demand streaming platform on AWS. The requirements are; support for multiple devices such as is, Android, and PC as client devices, using a standard client player, using streaming technology (not download) and scalable architecture with cost effectiveness.
AStore the video contents to Amazon Simple Storage Service (S3) as an origin server, Configure the Amazon CloudFront distribution with a streaming option to stream the video contents
BStore the video contents to Amazon S3 as an origin server. Configure the Amazon CloudFront distribution with a download option to stream the video contents
CLaunch a streaming server on Amazon Elastic Compute Cloud (EC2) (for example, Adobe Media Server), and store the video contents as an origin server. Configure the Amazon CloudFront distribution with a download option to stream the video contents
DLaunch a streaming server on Amazon Elastic Compute Cloud (EC2) (for example, Adobe Media Server), and store the video contents as an origin server. Launch and configure the required amount of streaming servers on Amazon EC2 as an edge server to stream the video contents
💡 Try to answer first, then click "Show Answer" to see the correct answer and explanation
Question 60 of 100
A news company runs their current application entirely all on-premise. However, they are expecting a big boost in traffic and need to figure out a way to decrease the load to handle the scale. Unfortunately, they cannot migrate their application to AWS in the period required. What could they do with their current on-premise application to help offload some of the traffic and scale to meet the demand expected in 24 hours?
ADeploy OpsWorks on-premise to manage the instance in order to configure on-premise auto scaling to meet the demand.
BUpload all static files to Amazon S3 and create a CloudFront distribution serving those static files.
CDuplicate half your web infrastructure on AWS, offload the DNS to Route 53 and configure weighted based DNS routing to send half the traffic to AWS.
DCreate a CloudFront CDN, enable query string forwarding and configure suitable TTL. Offload the DNS to AWS to handle CloudFront CDN traffic but use on-premise load balancers as the origin.
💡 Try to answer first, then click "Show Answer" to see the correct answer and explanation