Amazon AWS Certified Solutions Architect - Associate Dumps AWS Certified Solutions Architect - Associate Exam Questions AWS Certified Solutions Architect - Associate New Questions AWS Certified Solutions Architect - Associate PDF AWS Certified Solutions Architect - Associate VCE

[Lead2pass New] AWS Certified Solutions Architect – Associate New Questions Free Download In Lead2pass (651-675)

2017 October Amazon Official New Released AWS Certified Solutions Architect – Associate Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

Our dumps have been reviewed and approved by industry experts and individuals who have taken and passed AWS Certified Solutions Architect – Associate exam. Lead2pass will have you prepared to take AWS Certified Solutions Architect – Associate test with high confidence and pass easily. Whether you are looking for AWS Certified Solutions Architect – Associate study guide, AWS Certified Solutions Architect – Associate exam questions, AWS Certified Solutions Architect – Associate exam dump or AWS Certified Solutions Architect – Associate test, Lead2pass.com has you covered.

Following questions and answers are all new published by Amazon Official Exam Center: https://www.lead2pass.com/aws-certified-solutions-architect-associate.html

QUESTION 651
Can you encrypt EBS volumes?

A.    Yes, you can enable encryption when you create a new EBS volume using the AWS Management Console, API, or CLI.
B.    No, you should use a third-party software to perform raw block-level encryption of an EBS volume.
C.    Yes, but you must use a third-party API for encrypting data before it’s loaded on EBS.
D.    Yes, you can encrypt with the special “ebs_encrypt” command through Amazon APIs.

Answer: A
Explanation:
With Amazon EBS encryption, you can now create an encrypted EBS volume and attach it to a supported instance type. Data on the volume, disk I/O, and snapshots created from the volume are then all encrypted. The encryption occurs on the servers that host the EC2 instances, providing encryption of data as it moves between EC2 instances and EBS storage. EBS encryption is based on the industry standard AES-256 cryptographic algorithm.
To get started, simply enable encryption when you create a new EBS volume using the AWS Management Console, API, or CLI. Amazon EBS encryption is available for all the latest EC2 instances in all commercially available AWS regions.
Reference: https://aws.amazon.com/about-aws/whats-new/2014/05/21/Amazon-EBS-encryption-now-available/

QUESTION 652
In Amazon EC2, you are billed instance-hours when _____.

A.    your EC2 instance is in a running state
B.    the instance exits from Amazon S3 console
C.    your instance still exits the EC2 console
D.    EC2 instances stop

Answer: A
Explanation:
You are billed instance-hours as long as your EC2 instance is in a running state.
Reference: http://aws.amazon.com/ec2/faqs/

QUESTION 653
A user has created an ELB with Auto Scaling. Which of the below mentioned offerings from ELB helps the user to stop sending new requests traffic from the load balancer to the EC2 instance when the instance is being deregistered while continuing in-flight requests?

A.    ELB sticky session
B.    ELB deregistration check
C.    ELB auto registration Off
D.    ELB connection draining

Answer: D
Explanation:
The Elastic Load Balancer connection draining feature causes the load balancer to stop sending new requests to the back-end instances when the instances are deregistering or become unhealthy, while ensuring that in-flight requests continue to be served.
Reference: http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/config-conn-drain.html

QUESTION 654
While controlling access to Amazon EC2 resources, which of the following acts as a firewall that controls the traffic allowed to reach one or more instances?

A.    A security group
B.    An instance type
C.    A storage cluster
D.    An object

Answer: A
Explanation:
A security group acts as a firewall that controls the traffic allowed to reach one or more instances. When you launch an instance, you assign it one or more security groups.
Reference: http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/UsingIAM.html

QUESTION 655
A user is running a webserver on EC2. The user wants to receive the SMS when the EC2 instance utilization is above the threshold limit. Which AWS services should the user configure in this case?

A.    AWS CloudWatch + AWS SQS.
B.    AWS CloudWatch + AWS SNS.
C.    AWS CloudWatch + AWS SES.
D.    AWS EC2 + AWS Cloudwatch.

Answer: B
Explanation:
Amazon SNS makes it simple and cost-effective to push to mobile devices, such as iPhone, iPad, Android, Kindle Fire, and internet connected smart devices, as well as pushing to other distributed services. In this case, the user can configure that Cloudwatch sends an alarm on when the threshold is crossed to SNS which will trigger an SMS.
Reference: http://aws.amazon.com/sns/

QUESTION 656
Just when you thought you knew every possible storage option on AWS you hear someone mention Reduced Redundancy Storage (RRS) within Amazon S3. What is the ideal scenario to use Reduced Redundancy Storage (RRS)?

A.    Huge volumes of data
B.    Sensitve data
C.    Non-critical or reproducible data
D.    Critical data

Answer: C
Explanation:
Reduced Redundancy Storage (RRS) is a new storage option within Amazon S3 that enables customers to reduce their costs by storing non-critical, reproducible data at lower levels of redundancy than Amazon S3’s standard storage. RRS provides a lower cost, less durable, highly available storage option that is designed to sustain the loss of data in a single facility.
RRS is ideal for non-critical or reproducible data.
For example, RRS is a cost-effective solution for sharing media content that is durably stored elsewhere. RRS also makes sense if you are storing thumbnails and other resized images that can be easily reproduced from an original image.
Reference: https://aws.amazon.com/s3/faqs/

QUESTION 657
A user is making a scalable web application with compartmentalization. The user wants the log module to be able to be accessed by all the application functionalities in an asynchronous way. Each module of the application sends data to the log module, and based on the resource availability it will process the logs.
Which AWS service helps this functionality?

A.    AWS Simple Queue Service.
B.    AWS Simple Notification Service.
C.    AWS Simple Workflow Service.
D.    AWS Simple Email Service.

Answer: A
Explanation:
Amazon Simple Queue Service (SQS) is a highly reliable distributed messaging system for storing messages as they travel between computers. By using Amazon SQS, developers can simply move data between distributed application components. It is used to achieve compartmentalization or loose coupling. In this case all the modules will send a message to the logger queue and the data will be processed by queue as per the resource availability.
Reference: http://media.amazonwebservices.com/AWS_Building_Fault_Tolerant_Applications.pdf

QUESTION 658
You have some very sensitive data stored on AWS S3 and want to try every possible alternative to keeping it secure in regards to access control. What are the mechanisms available for access control on AWS S3?

A.    (IAM) policies, Access Control Lists (ACLs), bucket policies, and query string authentication.
B.    (IAM) policies, Access Control Lists (ACLs) and bucket policies.
C.    Access Control Lists (ACLs), bucket policies, and query string authentication
D.    (IAM) policies, Access Control Lists (ACLs), bucket policies, query string authentication and encryption.

Answer: A
Explanation:
Amazon S3 supports several mechanisms that give you flexibility to control who can access your data as well as how, when, and where they can access it.
Amazon S3 provides four different access control mechanisms:
AWS Identity and Access Management (IAM) policies, Access Control Lists (ACLs), bucket policies, and query string authentication.
IAM enables organizations to create and manage multiple users under a single AWS account. With IAM policies, you can grant IAM users fine-grained control to your Amazon S3 bucket or objects. You can use ACLs to selectively add (grant) certain permissions on individual objects. Amazon S3 bucket policies can be used to add or deny permissions across some or all of the objects within a single bucket.
With Query string authentication, you have the ability to share Amazon S3 objects through URLs that are valid for a specified period of time.

QUESTION 659
Your manager has come to you saying that he is very confused about the bills he is receiving from AWS as he is getting different bills for every user and needs you to look into making it more understandable. Which of the following would be the best solution to meet his request?

A.    AWS Billing Aggregation
B.    Consolidated Billing
C.    Deferred Billing
D.    Aggregated Billing

Answer: B
Explanation:
Consolidated Billing enables you to consolidate payment for multiple AWS accounts within your company by designating a single paying account. Consolidated Billing enables you to see a combined view of AWS costs incurred by all accounts, as well as obtain a detailed cost report for each of the individual AWS accounts associated with your “Paying Account”. Consolidated Billing is offered at no additional charge.
Reference: https://aws.amazon.com/billing/faqs/

QUESTION 660
A user is planning to host a mobile game on EC2 which sends notifications to active users on either high score or the addition of new features. The user should get this notification when he is online on his mobile device. Which of the below mentioned AWS services can help achieve this functionality?

A.    AWS Simple Notification Service.
B.    AWS Simple Email Service.
C.    AWS Mobile Communication Service.
D.    AWS Simple Queue Service.

Answer: A
Explanation:
Amazon Simple Notification Service (Amazon SNS) is a fast, flexible, and fully managed push messaging service. Amazon SNS makes it simple and cost-effective to push to mobile devices, such as iPhone, iPad, Android, Kindle Fire, and internet connected smart devices, as well as pushing to other distributed services.
Reference: http://aws.amazon.com/sns

QUESTION 661
Which one of the following can’t be used as an origin server with Amazon CloudFront?

A.    A web server running in your infrastructure
B.    Amazon S3
C.    Amazon Glacier
D.    A web server running on Amazon EC2 instances

Answer: C
Explanation:
Amazon CloudFront is designed to work with Amazon S3 as your origin server, customers can also use Amazon CloudFront with origin servers running on Amazon EC2 instances or with any other custom origin.
Reference: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web.html

QUESTION 662
You have written a CloudFormation template that creates 1 Elastic Load Balancer fronting 2 EC2 Instances. Which section of the template should you edit so that the DNS of the load balancer is returned upon creation of the stack?

A.    Resources
B.    Outputs
C.    Parameters
D.    Mappings

Answer: B
Explanation:
You can use AWS CloudFormation’s sample templates or create your own templates to describe the AWS resources, and any associated dependencies or runtime parameters, required to run your application.
Reference: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/outputs-section-structure.html

QUESTION 663
You have been asked to set up a database in AWS that will require frequent and granular updates. You know that you will require a reasonable amount of storage space but are not sure of the best option. What is the recommended storage option when you run a database on an instance with the above criteria?

A.    Amazon S3
B.    Amazon EBS
C.    AWS Storage Gateway
D.    Amazon Glacier

Answer: B
Explanation:
Amazon EBS provides durable, block-level storage volumes that you can attach to a running Amazon EC2 instance. You can use Amazon EBS as a primary storage device for data that requires frequent and granular updates. For example, Amazon EBS is the recommended storage option when you run a database on an instance.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Storage.html

QUESTION 664
You have been asked to set up monitoring of your network and you have decided that Cloudwatch would be the best service to use. Amazon CloudWatch monitors your Amazon Web Services (AWS) resources and the applications you run on AWS in real-time. You can use CloudWatch to collect and track metrics, which are the variables you want to measure for your resources and applications. Which of the following items listed can AWS Cloudwatch monitor?

A.    Log files your applications generate.
B.    All of the items listed on this page.
C.    System-wide visibility into resource utilization, application performance, and operational health.
D.    Custom metrics generated by your applications and services .

Answer: B
Explanation:
Amazon CloudWatch can monitor AWS resources such as Amazon EC2 instances, Amazon DynamoDB tables, and Amazon RDS DB instances, as well as custom metrics generated by your applications and services, and any log files your applications generate. You can use Amazon CloudWatch to gain system-wide visibility into resource utilization, application performance, and operational health. You can use these insights to react and keep your application running smoothly.
Reference: http://aws.amazon.com/cloudwatch/

QUESTION 665
A user has hosted an application on EC2 instances. The EC2 instances are configured with ELB and Auto Scaling. The application server session time out is 2 hours. The user wants to configure connection draining to ensure that all in-flight requests are supported by ELB even though the instance is being deregistered. What time out period should the user specify for connection draining?

A.    1 hour
B.    30 minutes
C.    5 minutes
D.    2 hours

Answer: A
Explanation:
The Elastic Load Balancer connection draining feature causes the load balancer to stop sending new requests to the back-end instances when the instances are deregistering or become unhealthy, while ensuring that in-flight requests continue to be served. The user can specify a maximum time of 3600 seconds (1 hour) for the load balancer to keep the connections alive before reporting the instance as deregistered. If the user does not specify the maximum timeout period, by default, the load balancer will close the connections to the deregistering instance after 300 seconds.
Reference: http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/config-conn-drain.html

QUESTION 666
How can you apply more than 100 rules to an Amazon EC2-Classic?

A.    By adding more security groups
B.    You need to create a default security group specifying your required rules if you need to use more than 100 rules per security group.
C.    By default the Amazon EC2 security groups support 500 rules.
D.    You can’t add more than 100 rules to security groups for an Amazon EC2 instance.

Answer: D
Explanation:
In EC2-Classic, you can associate an instance with up to 500 security groups and add up to 100 rules to a security group.
Reference: http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/using-network-security.html

QUESTION 667
You need to quickly set up an email-sending service because a client needs to start using it in the next hour. Amazon Simple Email Service (Amazon SES) seems to be the logical choice but there are several options available to set it up. Which of the following options to set up SES would best meet the needs of the client?

A.    Amazon SES console
B.    AWS CloudFormation
C.    SMTP Interface
D.    AWS Elastic Beanstalk

Answer: A
Explanation:
Amazon SES is an outbound-only email-sending service that provides an easy, cost-effective way for you to send email.
There are several ways that you can send an email by using Amazon SES. You can use the Amazon SES console, the Simple Mail Transfer Protocol (SMTP) interface, or you can call the Amazon SES API. Amazon SES console–This method is the quickest way to set up your system
Reference: http://docs.aws.amazon.com/ses/latest/DeveloperGuide/Welcome.html

QUESTION 668
Identify a true statement about the On-Demand instances purchasing option provided by Amazon EC2.

A.    Pay for the instances that you use by the hour, with no long-term commitments or up-front payments.
B.    Make a low, one-time, up-front payment for an instance, reserve it for a one- or three-year term, and pay a significantly lower hourly rate for these instances.
C.    Pay for the instances that you use by the hour, with long-term commitments or up-front payments.
D.    Make a high, one-time, all-front payment for an instance, reserve it for a one- or three-year term, and pay a significantly higher hourly rate for these instances.

Answer: A
Explanation:
On-Demand instances allow you to pay for the instances that you use by the hour, with no long-term commitments or up-front payments.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/reserved-instances-offerings.html

QUESTION 669
Which of the following statements is NOT true about using Elastic IP Address (EIP) in EC2-Classic and EC2-VPC platforms?

A.    In the EC2-VPC platform, the Elastic IP Address (EIP) does not remain associated with the instance when you stop it.
B.    In the EC2-Classic platform, stopping the instance disassociates the Elastic IP Address (EIP) from it.
C.    In the EC2-VPC platform, if you have attached a second network interface to an instance, when you disassociate the Elastic IP Address (EIP) from that instance, a new public IP address is not assigned to the instance automatically; you’ll have to associate an EIP with it manually.
D.    In the EC2-Classic platform, if you disassociate an Elastic IP Address (EIP) from the instance, the instance is automatically assigned a new public IP address within a few minutes.

Answer: A
Explanation:
In the EC2-Classic platform, when you associate an Elastic IP Address (EIP) with an instance, the instance’s current public IP address is released to the EC2-Classic public IP address pool. If you disassociate an EIP from the instance, the instance is automatically assigned a new public IP address within a few minutes. In addition, stopping the instance also disassociates the EIP from it. But in the EC2-VPC platform, when you associate an EIP with an instance in a default Virtual Private Cloud (VPC), or an instance in which you assigned a public IP to the eth0 network interface during launch, its current public IP address is released to the EC2-VPC public IP address pool. If you disassociate an EIP from the instance, the instance is automatically assigned a new public IP address within a few minutes. However, if you have attached a second network interface to the instance, the instance is not automatically assigned a new public IP address; you’ll have to associate an EIP with it manually. The EIP remains associated with the instance when you stop it.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html

QUESTION 670
You have a Business support plan with AWS. One of your EC2 instances is running Microsoft Windows Server 2008 R2 and you are having problems with the software. Can you receive support from AWS for this software?

A.    Yes
B.    No, AWS does not support any third-party software.
C.    No, Microsoft Windows Server 2008 R2 is not supported.
D.    No, you need to be on the enterprise support plan.

Answer: A
Explanation:
Third-party software support is available only to AWS Support customers enrolled for Business or Enterprise Support. Third-party support applies only to software running on Amazon EC2 and does not extend to assisting with on-premises software. An exception to this is a VPN tunnel configuration running supported devices for Amazon VPC.
Reference: https://aws.amazon.com/premiumsupport/features/

QUESTION 671
In Amazon EC2, how many Elastic IP addresses can you have by default?

A.    10
B.    2
C.    5
D.    20

Answer: C
Explanation:
The number of Elastic IP addresses you can have in EC2 is 5.
Reference: http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_ec2

QUESTION 672
After deciding that EMR will be useful in analysing vast amounts of data for a gaming website that you are architecting you have just deployed an Amazon EMR Cluster and wish to monitor the cluster performance. Which of the following tools cannot be used to monitor the cluster performance?

A.    Kinesis
B.    Ganglia
C.    CloudWatch Metrics
D.    Hadoop Web Interfaces

Answer: A
Explanation:
Amazon EMR provides several tools to monitor the performance of your cluster.
Hadoop Web Interfaces
Every cluster publishes a set of web interfaces on the master node that contain information about the cluster. You can access these web pages by using an SSH tunnel to connect them on the master node. For more information, see View Web Interfaces Hosted on Amazon EMR Clusters.
CloudWatch Metrics
Every cluster reports metrics to CloudWatch. CloudWatch is a web service that tracks metrics, and which you can use to set alarms on those metrics. For more information, see Monitor Metrics with CloudWatch.
Ganglia
Ganglia is a cluster monitoring tool. To have this available, you have to install Ganglia on the cluster when you launch it. After you’ve done so, you can monitor the cluster as it runs by using an SSH tunnel to connect to the Ganglia UI running on the master node. For more information, see Monitor Performance with Ganglia.
Reference: http://docs.aws.amazon.com/ElasticMapReduce/latest/DeveloperGuide/emr-troubleshoot-tools.html

QUESTION 673
A user has launched one EC2 instance in the US West region. The user wants to access the RDS instance launched in the US East region from that EC2 instance. How can the user configure the access for that EC2 instance?

A.    Configure the IP range of the US West region instance as the ingress security rule of RDS
B.    It is not possible to access RDS of the US East region from the US West region
C.    Open the security group of the US West region in the RDS security group’s ingress rule
D.    Create an IAM role which has access to RDS and launch an instance in the US West region with it

Answer: A
Explanation:
The user cannot authorize an Amazon EC2 security group if it is in a different AWS Region than the RDS DB instance. The user can authorize an IP range or specify an Amazon EC2 security group in the same region that refers to an IP address in another region.
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithSecurityGroups.html

QUESTION 674
You need to create a load balancer in a VPC network that you are building. You can make your load balancer internal (private) or internet-facing (public). When you make your load balancer internal, a DNS name will be created, and it will contain the private IP address of the load balancer. An internal load balancer is not exposed to the internet. When you make your load balancer internet-facing, a DNS name will be created with the public IP address. If you want the Internet-facing load balancer to be connected to the Internet, where must this load balancer reside?

A.    The load balancer must reside in a subnet that is connected to the internet using the internet gateway.
B.    The load balancer must reside in a subnet that is not connected to the internet.
C.    The load balancer must not reside in a subnet that is connected to the internet.
D.    The load balancer must be completely outside of your VPC.

Answer: A
Explanation:
When you create an internal Elastic Load Balancer in a VPC, you need to select private subnets that are in the same Availability Zone as your instances. If the VPC Elastic Load Balancer is to be public facing, you need to create the Elastic Load Balancer in a public subnet. A subnet is a public subnet if it is attached to an Internet Gateway (IGW) with a defined route to that gateway. Selecting more than one public subnet increases the availability of your Elastic Load Balancer.
NB – Elastic Load Balancers in EC2-Classic are always Internet-facing load balancers.
Reference: http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-internet-facing-load-balancers.html

QUESTION 675
Can you move a Reserved Instance from one Availability Zone to another?

A.    Yes, but each Reserved Instance is associated with a specific Region that cannot be changed.
B.    Yes, only in US-West-2.
C.    Yes, only in US-East-1.
D.    No

Answer: A
Explanation:
Each Reserved Instance is associated with a specific Region, which is fixed for the lifetime of the reservation and cannot be changed. Each reservation can, however, be used in any of the available AZs within the associated Region.
Reference: https://aws.amazon.com/rds/faqs/

At Lead2pass we verify that 100% of the AWS Certified Solutions Architect – Associate exam questions in exam test prep package are real questions from a recent version of the AWS Certified Solutions Architect – Associate test you are about to take. We have a wide library of AWS Certified Solutions Architect – Associate exam dumps.

More AWS Certified Solutions Architect – Associate new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDVm1nMUwwQ1pkRE0

2017 Amazon AWS Certified Solutions Architect – Associate exam dumps (All 796 Q&As) from Lead2pass:

https://www.lead2pass.com/aws-certified-solutions-architect-associate.html [100% Exam Pass Guaranteed]