Verified AWS-Certified-Big-Data-Specialty Dumps | AWS-Certified-Big-Data-Specialty PDF Question & Answers

Question No 1 

You are currently hosting multiple applications in a VPC and have logged numerous port scans coming in from a specific IP address block. Your security team has requested that all access from the offending IP address block be denied for the next 24 hours. Which of the following is the best method to quickly and temporarily deny access from the specified IP address block?

A. Create an AD policy to modify Windows Firewall settings on all hosts in the VPC to deny access from the IP address block
B. Modify the Network ACLs associated with all public subnets in the VPC to deny access from the IP address block
C. Add a rule to all of the VPC 5 Security Groups to deny access from the IP address block D. Modify the Windows Firewall settings on all Amazon Machine Images (AMIs) that your organization uses in that VPC to deny access from the IP address block

Answer: B 


Question No 2 

A company needs to deploy virtual desktops to its customers in a virtual private cloud, leveraging existing security controls. Which set of AWS services and features will meet the company’s requirements?

A. Virtual private network connection, AWS Directory services, and ClassicLink
B. Virtual private network connection, AWS Directory services, and Amazon WorkSpaces
C. AWS Directory service, Amazon WorkSpaces, and AWS Identity and Access Management
D. Amazon Elastic Compute Cloud, and AWS identity and access management

Answer: B 


Question No 3

You have launched an Amazon Elastic Compute Cloud (EC2) instance into a public subnet with a primary private IP address assigned, an internet gateway is attached to the VPC, and the public route table is configured to send all internet-based internet. Why is the internet unreachable from this instance?

A. The Internet gateway security group must allow all outbound traffic
B. The instance does not have a public IP address
C. The instance “Source/Destination check” property must be enabled
D. The instance security group must allow all inbound traffic

Answer: B 


Question No 4 

You have identified network throughput as a bottleneck on your m1.small EC2 instance when uploading data Into Amazon S3 In the same region. How do you remedy this situation?

A. Add an additional ENI
B. Change to a larger Instance
C. Use DirectConnect between EC2 and S3
D. Use EBS PIOPS on the local volume

Answer: B 


Question No 5

A photo-sharing service stores pictures in Amazon Simple Storage Service (S3) and allows application sign-in using an opened connect-compatible identity provider. Which AWS Security Token Service approach to temporary access should you use for the Amazon S3 operations?

A. Cross-Account Access
B. AWS identity and Access Management roles
C. SAML-based Identity Federation
D. Web identity Federation

Answer: C 


Question No 6 

In AWS, which security aspects are the customer’s responsibility? Choose 4 answers

A. Life-Cycle management of IAM credentials
B. Security Group and ACL settings
C. Controlling physical access to compute resources
D. Path management on the EC2 instance’s operating system
E. Encryption of EBS volumes
F. Decommissioning storage devices

Answer: A, B, D, E 


Question No 7 

You have started a new job and are reviewing your company's infrastructure on AWS You notice one web application where they have an Elastic Load Balancer (&B) in front of web instances in an Auto Scaling Group When you check the metrics for the ELB in CloudWatch you see four healthy instances in Availability Zone (AZ) A and zero in AZ B There are zero unhealthy instances. What do you need to fix to balance the instances across AZs?

A. Set the ELB to only be attached to another AZ
B. Make sure Auto Scaling is configured to launch in both AZs
C. Make sure your AMI is available in both AZs
D. Make sure the maximum size of the Auto Scaling Group is greater than 4

Answer: B 


Question No 8 

You need to configure an Amazon S3 bucket to serve static assets for your public-facing web application. Which methods ensure that all objects uploaded to the bucket are set to public read? Choose 2 answers

A. Set permissions on the object to public read during upload
B. Configure the bucket ACL to sell all objects to public read
C. Configure the bucket policy to set all objects to public read
D. Use AWS identity and access Management roles to set the bucket to public read
E. Amazon S3 objects default to public read, so no action is needed

Answer: B, C 


Question No 9 

A user has provisioned 2000 IOPS to the EBS volume. The application hosted on that EBS is experiencing less IOPS than provisioned. Which of the below mentioned options does not affect the IOPS of the volume?

A. The application does not have enough IO for the volume
B. The instance is EBS optimized
C. The EC2 instance has 10 Gigabit Network connectivity
D. The volume size is too large

Answer: D 


Question No 10 

You are working with customer who has 10 TB of archival data that they want to migrate to Amazon Glacier. The customer has a 1Mbps connection to the Internet. Which service or feature provide the fastest method of getting the data into Amazon Glacier?

A. Amazon Glacier multipart upload
B. AWS Storage Gateway
C. VM Import/Export
D. AWS Import/Export

Answer: D