Q1.Company C is currently hosting their corporate site in an Amazon S3 bucket with Static Website Hosting
enabled. Currently, when visitors go to http://www.companyc.com the index.html page is returned. Company C
now would like a new page welcome.html to be returned when a visitor enters http://www.companyc.com in the
Which of the following steps will allow Company C to meet this requirement? (Choose two.)
- A: Upload an html page named welcome.html to their S3 bucket
- B: Create a welcome subfolder in their S3 bucket
- C: Set the Index Document property to welcome.html
- D: Move the index.html page to a welcome subfolder
- E: Set the Error Document property to welcome.html
solution: A, C
Q2.What type of block cipher does Amazon S3 offer for server side encryption?
- A: Triple DES
- B: Advanced Encryption Standard
- C: Blowfish
- D: RC5
Q3.If an application is storing hourly log files from thousands of instances from a high traffic web site, which
naming scheme would give optimal performance on S3?
- A: Sequential
- B: instanceID_log-HH-DD-MM-YYYY
- C: instanceID_log-YYYY-MM-DD-HH
- D: HH-DD-MM-YYYY-log_instanceID
- E: YYYY-MM-DD-HH-log_instanceID
Q4.Which of the following statements about SQS is true?
- A: Messages will be delivered exactly once and messages will be delivered in First in, First out order
- B: Messages will be delivered exactly once and message delivery order is indeterminate
- C: Messages will be delivered one or more times and messages will be delivered in First in, First out order
- D: Messages will be delivered one or more times and message delivery order is indeterminate
Q5.A corporate web application is deployed within an Amazon VPC, and is connected to the corporate data center
via IPSec VPN. The application must authenticate against the on-premise LDAP server. Once authenticated,
logged-in users can only access an S3 keyspace specific to the user.
Which two approaches can satisfy the objectives? (Choose two.)
- A: The application authenticates against LDAP. The application then calls the IAM Security Service to login to
IAM using the LDAP credentials. The application can use the IAM temporary credentials to access the
appropriate S3 bucket.
- B: The application authenticates against LDAP, and retrieves the name of an IAM role associated with the
user. The application then calls the IAM Security Token Service to assume that IAM Role. The application
can use the temporary credentials to access the appropriate S3 bucket.
- C: The application authenticates against IAM Security Token Service using the LDAP credentials. The
application uses those temporary AWS security credentials to access the appropriate S3 bucket.
- D: Develop an identity broker which authenticates against LDAP, and then calls IAM Security Token Service to
get IAM federated user credentials. The application calls the identity broker to get IAM federated user
credentials with access to the appropriate S3 bucket.
- E: Develop an identity broker which authenticates against IAM Security Token Service to assume an IAM Role
to get temporary AWS security credentials. The application calls the identity broker to get AWS temporary
security credentials with access to the appropriate S3 bucket.
solution: B, D
Q6.Company B provides an online image recognition service and utilizes SQS to decouple system components for
scalability The SQS consumers poll the imaging queue as often as possible to keep end-to-end throughput as
high as possible. However, Company B is realizing that polling in tight loops is burning CPU cycles and
increasing costs with empty responses.
How can Company B reduce the number of empty responses?
- A: Set the imaging queue visibility Timeout attribute to 20 seconds
- B: Set the Imaging queue ReceiveMessageWaitTimeSeconds attribute to 20 seconds
- C: Set the imaging queue MessageRetentionPeriod attribute to 20 seconds
- D: Set the DelaySeconds parameter of a message to 20 seconds
Q7.An Amazon S3 bucket, "myawsbucket"? is configured with website hosting in Tokyo region, what is the region-
specific website endpoint?
- A: www.myawsbucket.ap-northeast-1.amazonaws.com
- B: myawsbucket.s3-website-ap-northeast-1.amazonawscom
- C: myawsbucket.amazonaws.com
- D: myawsbucket.tokyo.amazonaws.com
Q8.You are inserting 1000 new items every second in a DynamoDB table. Once an hour these items are analyzed
and then are no longer needed. You need to minimize provisioned throughput, storage, and API calls.
Given these requirements, what is the most efficient way to manage these Items after the analysis?
- A: Retain the items in a single table
- B: Delete items individually over a 24 hour period
- C: Delete the table and create a new table per hour
- D: Create a new table per hour
Q9.You have written an application that uses the Elastic Load Balancing service to spread traffic to several web
servers. Your users complain that they are sometimes forced to login again in the middle of using your
application, after they have already logged in. This is not behavior you have designed.
What is a possible solution to prevent this happening?
- A: Use instance memory to save session state.
- B: Use instance storage to save session state.
- C: Use EBS to save session state
- D: Use ElastiCache to save session state.
- E: Use Glacier to save session slate.
Q10.You run an ad-supported photo sharing website using S3 to serve photos to visitors of your site. At some point
you find out that other sites have been linking to the photos on your site, causing loss to your business.
What is an effective method to mitigate this?
- A: Store photos on an EBS volume of the web server
- B: Remove public read access and use signed URLs with expiry dates.
- C: Use CloudFront distributions for static content.
- D: Block the IPs of the offending websites in Security Groups.