Amazon Web Services (AWS) - Set #17
Powered by Techhyme.com
You have a total of 130 minutes to finish the practice test of AWS Certified SysOps Administrator to test your knowledge.
1. You’ve configured VPC flow logging for a VPC that has intermittent bursts of heavy traffic. The logs are stored in an S3 bucket. An hour later, you view the logs and notice that although there are several flow records containing a 5-tuple, some records appear without the 5-tuple and have “NODATA” at the end. What can you conclude from this?
- A. VPC flow logging is configured correctly.
- B. Some VPC traffic is not getting logged.
- C. There’s too much traffic to log.
- D. Some traffic is getting blocked.
Answer - A
Explanation - NODATA is written to the end of a flow log record when there’s no traffic to log during a 10-minute capture window. If there were too much traffic to log, SKIPDATA would appear instead. There’s no reason to conclude that any traffic is not getting logged or is getting blocked.
2. You want to use VPC flow logging to identify any traffic that’s blocked by a security group. How can you accomplish this in the most cost-effective way?
- A. Enable VPC flow logging to log only rejected traffic to CloudWatch Logs.
- B. Enable VPC flow logging to log only rejected traffic to an S3 bucket.
- C. Enable VPC flow logging to log all traffic to an S3 bucket, and search the logs for the word REJECT.
- D. Enable VPC flow logging to log all traffic to CloudWatch Logs, and use a filter to view only rejected traffic.
Answer - B
Explanation - The most cost-effective option is to enable VPC flow logging for rejected traffic and save the logs in an S3 bucket.
3. When trying to add an alternative domain name to a CloudFront distribution, you get an “InvalidViewerCertificateException” error. Which of the following could be the reason?
- A. The certificate specifies an invalid cipher.
- B. The domain name is in all lowercase.
- C. The custom certificate you’ve provided isn’t signed by a trusted certificate authority (CA).
- D. The attached certificate contains too many domain names.
Answer - C
Explanation - To add an alternative domain name to a distribution you must specify a valid TLS certificate issued by a trusted CA, and the certificate must contain the alternative domain name. Some CAs may limit the number of domain names per certificate. The alternative domain name must be in all lowercase.
4. You have a CloudFront distribution for the alternate domain name www.example.com. You try to add another alternate domain name for www1.example.com and receive an “InvalidViewerCertificateException” error. How can you enable the CloudFront distribution for both domains?
- A. Verify your ownership of the www1.example.com domain name.
- B. Supply a new certificate for the domain names www.example.com and www1.example.com.
- C. Use the default CloudFront certificate.
- D. Supply a new certificate for the domain name www1.example.com.
Answer - B
Explanation - The distribution requires a certificate that is valid for both domain names. The default CloudFront certificate is only good for the domain name *.cloudfront.net. There’s no need to verify your ownership of the www1.example.com domain name to add it to the distribution, but you may need to verify your ownership of the domain name to obtain a certificate from a certificate authority.
5. You’re currently running a web application on a set of EC2 instances behind an elastic load balancer (ELB). You’re storing static web assets for the application in an S3 bucket. Which of the following is the most scalable approach for serving these web assets using a CloudFront distribution?
- A. Create a streaming distribution.
- B. Add the ELB as an origin.
- C. Add the EC2 instances as origins.
- D. Add the S3 bucket as an origin.
Answer - D
Explanation - Adding the S3 bucket as an origin is the most scalable approach. You can use an ELB or instance as an origin, but in this case the assets are stored in an S3 bucket, not on the instances. A streaming distribution is for streaming media, not static web assets.
6. You’ve placed video and media player files in an S3 bucket and created a streaming RTMP CloudFront distribution using the bucket as the origin. Users are unable to play the videos. How can you resolve this?
- A. Move the media player files into a different bucket.
- B. Serve the media player files from an HTTP CloudFront distribution.
- C. Ensure the bucket has public access.
- D. Enable HTTPS on the distribution.
Answer - B
Explanation - The media player files must be served via a regular HTTP distribution. Only the video files should be served via an RTMP distribution.
7. You’ve created an RTMP distribution for streaming video. Most users are able to watch the videos, but users at one location aren’t. Which of the following could be the problem?
- A. UDP port 1935 is blocked.
- B. The video files aren’t served from an HTTP distribution.
- C. The media player files are served from the RTMP distribution.
- D. TCP port 1935 is blocked.
Answer - D
Explanation - RTMP uses TCP port 1935 by default. CloudFront RTMP distributions don’t support RTMFP, which uses UDP port 1935. The fact that some users can view the videos indicates that the distributions for the media player and video files are configured correctly.
8. Some users are unable to access an RTMP streaming distribution due to TCP port 1935 being blocked. Only TCP ports 80 and 443 are allowed. Which of the following must occur in order for the users to access the distribution?
- A. Convert the RTMP distribution to HTTP.
- B. Switch to RTMPT.
- C. Convert the RTMP distribution to HTTPS.
- D. Add an inbound security group rule to permit access to TCP port 1935.
Answer - B
Explanation - RTMPT tunnels RTMP over TCP port 80. RTMP distributions can’t be converted to HTTP/HTTPS distributions. CloudFront doesn’t use security groups.
9. Which of the following is a valid URL for an RTMP distribution?
- A. rtmp://s5c39gqb8ow64r.cloudfront.net
- B. rtmp://d111111abcdef8.cloudfront.net
- C. https://s5c39gqb8ow64r.cloudfront.net
- D. https://d111111abcdef8.cloudfront.net
Answer - A
Explanation - RTMP distribution URLs begin with rtmp:// and the domain name begins with s (for streaming). HTTP distribution URLs begin with http:// or https:// and the domain name begins with d (for distribution).
10. When does a CloudFront edge location first fetch a file from an origin?
- A. When the file is added to the origin
- B. When the distribution is created
- C. When the edge location receives a request for the file
- D. When the distribution enters a “deployed” state
Answer - C
Explanation - A CloudFront edge location doesn’t fetch a file from an origin until it receives a request for that file. It doesn’t preemptively fetch files from an origin.
11. You’ve created a CloudFront distribution using an alternate domain name example.com. In the Route 53 hosted zone for example.com, you’ve created a CNAME record for example.com that points to the distribution’s domain name as an alias. You discover that you’re being charged for queries of this record. How can you reduce your costs while continuing to use the example.com domain name for the distribution?
- A. Replace the CNAME record with an A record that points to the distribution as an alias target.
- B. Modify the CNAME record to point to the distribution as an alias target.
- C. Purchase a Route 53 zone reservation.
- D. Decrease the time-to-live (TTL) of the record.
Answer - A
Explanation - Route 53 doesn’t charge to resolve records that point to an alias target, such as a CloudFront distribution. The record type must be an A or AAAA record, not a CNAME record. Decreasing the TTL would result in more queries and higher cost. There is no such thing as a zone reservation.
12. You’ve created a CloudFront distribution with the alternate domain name example.com You’ve created an A record pointing to the distribution as an alias target. IPv4 users are able to access the distribution using the alternate domain name, but IPv6 users aren’t. They can, however, access it using the distribution domain name. How can you resolve this?
- A. Convert the record to a non-alias record.
- B. Change the alternate name to www.example.com and update the A record accordingly.
- C. Change the A record to a CNAME record.
- D. Create an AAAA record.
Answer - D
Explanation - You must create an AAAA record in order to provide IPv6 resolution.
13. Which of the following is not a valid alternate domain name for a CloudFront distribution?
- A. *.example.com
- B. example.example.com
- C. *.www.example.com
- D. www.*.example.com
Answer - D
Explanation - Alternate domain names that contain a wildcard must begin with *.
14. You’re storing an object named production/index.html in a bucket named myawsbucket. You want to make this object accessible via a CloudFront distribution using just the alternate domain name example.com/index.html. Which of the following steps is required to accomplish this?
- A. Restrict access to the bucket.
- B. Set the origin path to /production.
- C. Set the origin path to /myawsbucket/production.
- D. Create a CNAME record for example.com.
Answer - B
Explanation - You can accomplish this by setting the origin path to /production. You don’t need to specify the bucket name .in the origin path. There’s no need to restrict access to the bucket. You can’t create a CNAME record for the apex of a zone.
15. Which of the following is a network protocol that CloudFront supports?
- A. RSA
- B. WebSocket
- C. UDP
- D. RTSP
Answer - B
Explanation - CloudFront supports HTTP, HTTPS, and WebSocket. It doesn’t support UDP-based protocols or Real Time Streaming Protocol (RTSP). RSA is a cipher, not a network protocol.
16. How can you enable Internet users to access a CloudFront distribution without allowing public access to its origin S3 bucket?
- A. Use an origin access identity.
- B. Create a bucket policy that grants read permissions to the * principal.
- C. Create a bucket ACL to grant the CloudFront service access to the bucket.
- D. Put a password on the bucket.
Answer - A
Explanation - An origin access identity allows CloudFront to access a bucket while restricting public access to it. A bucket policy that grants read permissions to the * principal would make the bucket public. You can’t grant CloudFront access to a bucket using an ACL except by making it public. You can’t put a password on a bucket.
17. You’re hosting audio files and a custom player on a set of EC2 instances behind an elastic load balancer (ELB) in a public subnet. You want to use a CloudFront distribution to host this content while preventing users from accessing the audio files or player from the EC2 instances directly. How can you accomplish this with the least effort? (Choose two.)
- A. Create a custom distribution with the EC2 instances as custom origins.
- B. Move the audio files to a non-public S3 bucket and create a streaming distribution with the bucket as the origin.
- C. Move the audio player to an non-public S3 bucket and create a distribution with the bucket as the origin.
- D. Place the instances in a private subnet.
Answer - B, D
Explanation - The simplest solution is to move the audio files to an S3 bucket and create a streaming distribution. The custom player files can remain on the instances, and you can prevent direct access to the instances by placing them in a private subnet.
18. Which of the following can be a custom CloudFront origin??
- A. None of these
- B. A non-public S3 bucket
- C. A private web server on a company intranet
- D. A public web server open to the Internet
Answer - D
Explanation - A public web server that’s open to the Internet can be a custom CloudFront origin. This includes a public S3 bucket configured for static website hosting.
19. You’ve created a target group that you plan to use with a network load balancer (NLB). The target group contains several EC2 instances, all in the same subnet, and all of the instances are configured to listen for HTTPS traffic on TCP port 443. One of the EC2 instance targets isn’t entering the InService state. You check and find that the instance is failing its health check. All targets are configured with the same health check settings. From other instances in the same subnet you’re able to access TCP port 443 on the problem instance. Which of the following could be the reason the instance is failing its health check?
- A. The instance’s TLS certificate isn’t valid.
- B. The instance’s security group isn’t allowing traffic from the NLB.
- C. The subnet NACL isn’t allowing traffic from the NLB.
- D. The instance is stopped.
Answer - B
Explanation - The instance’s security group is blocking traffic from the NLB, but not from other instances in the subnet. If the NACL were the problem, all instances in the subnet would be failing the health check. NLB health checks only check for TCP connectivity, not for TLS certificate validity.
20. You’ve created a network load balancer (NLB) and have added instances to a target group. Some of the instances are in the same VPC as the NLB, while others are in a peered VPC. Requests aren’t getting routed to instances in the peered VPC. Why?
- A. The instances are getting overwhelmed with health checks.
- B. The target group doesn’t reference the instances by instance ID.
- C. The target group doesn’t reference the instances by IP address.
- D. NLB doesn’t support VPC peering.
Answer - C
Explanation - You must reference instances in a peered VPC by IP address.
21. Which of the following IP addresses can you not specify in a network load balancer target group?
- A. 10.0.0.15
- B. 100.64.0.7
- C. 100.127.7.7
- D. 65.156.1.101
Answer - D
Explanation - You can specify any RFC 1918 or RFC 6598 addresses in a target group. You can’t specify a publicly routable IP address.
22. Which of the following elastic load balancers supports the Lambda target type?
- A. Network load balancer
- B. Application load balancer
- C. Classic load balancer
- D. Lambda load balancer
Answer - B
Explanation - Only application load balancers support the Lambda target type. There is no such thing as a Lambda load balancer.
23. You are running a web application on a set of EC2 instances. The application requires that each incoming TCP connection has the source IP address of the client. Which type of load balancing should you use?
- A. Network load balancer
- B. Application load balancer
- C. Classic load balancer
- D. Route 53 weighted resource records
Answer - A
Explanation - The network load balancer preserves the client’s source IP address. The application load balancer doesn’t preserve the client’s source address but provides it in the X-Forwarded-For HTTP header. Route 53 weighted resource records only resolve domain names to addresses.
24. When browsing to the public URL of an application load balancer, users receive a “Bad Gateway” error. The target group contains only EC2 instances. What could this indicate?
- A. The users are unable to connect to the application load balancer.
- B. A web application firewall (WAF) rule blocked the request.
- C. The target instance closed the connection from the load balancer.
- D. The target instance didn’t accept the connection from the load balancer.
Answer - C
Explanation - The error usually indicates that the load balancer received an unexpected response from the target, such as a TCP reset or TCP FIN. The “Bad Gateway” error is generated by the application load balancer, so receiving the error indicates users are able to connect to it.
25. When browsing to the public URL of an application load balancer, users receive a “Gateway Timeout” error. The target group contains only EC2 instances. What could this indicate?
- A. The users are unable to connect to the application load balancer.
- B. The target instance didn’t accept the connection from the load balancer.
- C. The target instance closed the connection from the load balancer.
- D. A web application firewall (WAF) rule blocked the request.
Answer - B
Explanation - The “Gateway Timeout” error occurs when the target doesn’t respond.
26. Which of the following CloudFront metrics tracks the number of server errors generated by an application load balancer?
- A. HTTPCode_ELB_2XX_Count
- B. HTTPCode_ELB_4XX_Count
- C. HTTPCode_ELB_5XX_Count
- D. None of these
Answer - C
Explanation - The HTTPCode_ELB_5XX_Count metric tracks the number of server errors generated by an application load balancer, such as “502 Bad Gateway” and “504 Gateway Timeout.” HTTPCode_ELB_4XX_Count tracks the number of client errors such as “404 Not Found.”
27. Where can an application load balancer store logs containing client IP address, latencies, and server responses?
- A. Web application firewall
- B. S3 bucket
- C. CloudWatch Logs
- D. CloudTrail logs
Answer - B
Explanation - You can configure an application load balancer to store logs in an S3 bucket.
28. Which of the following does a CloudWatch metric always contain?
- A. Timestamp
- B. Dimension
- C. Unit of measure
- D. Namespace
Answer - A
Explanation - A metric contains a timestamp and a value. It may also contain a unit of measure and dimension. A metric exists within a namespace, which acts as a container for metrics.
29. How frequently does EC2 collect CPU utilization metrics?
- A. Every minute
- B. Every 90 seconds
- C. Every 5 minutes
- D. Every 10 minutes
Answer - A
Explanation - EC2 collects CPU utilization metrics every minute.
30. Which monitoring type sends metrics to CloudWatch every minute?
- A. Basic
- B. Detailed
- C. Regular
- D. High-resolution
Answer - B
Explanation - Detailed monitoring sends metrics to CloudWatch every minute. Basic monitoring sends metrics every 5 minutes. There is no regular or high-resolution monitoring, but metrics can be stored at regular or high resolution.
31. You send custom metrics to CloudWatch every 30 seconds. How should you store these metrics in CloudWatch to ensure no metric values are overwritten?
- A. Average the metric values over a minute and send the average every minute
- B. As regular-resolution metrics
- C. As high-resolution metrics
- D. Timestamp each metric 1 minute in the past
Answer - C
Explanation - High-resolution metrics can be stored with up to 1- second resolution. Regular resolution metrics are stored at no less than 1-minute resolution. Averaging the metric values over a minute and storing the data would imply not storing the individual data points. Timestamping each metric 1 minute in the past is allowed, but you’d still need to do so at high-resolution to avoid losing a data point.
32. Which of the following is not a statistic in CloudWatch Metrics?
- A. Sum
- B. Minimum
- C. Percentage
- D. Sample Count
Answer - C
Explanation - The available statistics in CloudWatch include Sum, Minimum, Maximum, Average, Sample Count, and Percentile.
33. How long does CloudWatch retain metric data points stored at 1-hour resolution?
- A. 1 month
- B. 63 days
- C. 6 months
- D. 15 months
Answer - D
Explanation - Data points stored at 1-hour resolution are deleted after 15 months.
34. Which of the following CloudWatch statistics would be most appropriate for graphing the number of web requests in a 24-hour period?
- A. Maximum
- B. Average
- C. Sum
- D. Sample count
Answer - C
Explanation - The Sum statistic adds the metric values in a given period, so it would be the most appropriate.
35. Which of the following distinguishes two CloudWatch metrics that are in the same namespace and have the same name?
- A. Timestamp
- B. Data point
- C. Dimension
- D. Region
Answer - C
Explanation - CloudWatch uses dimensions to identify metrics that have the same name and are within the same namespace. Metrics being in the same namespace entails that they’re in the same region.
36. You update a CloudWatch metric with a timestamp of 10:00:30 and a value of 98. You then update the same metric with a timestamp of 10:00:59 and a timestamp of 97. Assuming the metric is a regular-resolution metric, what will CloudWatch do?
- A. Record the first value and ignore the second value.
- B. Record the second value and overwrite the first value.
- C. Record both values.
- D. Store the average of the two values.
Answer - B
Explanation - CloudWatch can store regular-resolution metrics at no less than 1-minute resolution. Therefore, updating a metric at 10:00:30 and then again at 10:00:59 will result in CloudWatch storing only the second value.
37. You need to graph the individual values stored in a CloudWatch metric. The metric is stored at 1-minute resolution. Which statistic and period should you use?
- A. The Sample Count statistic with a 1-minute period
- B. The Average statistic with a 5-minute period
- C. The Sum statistic with a 5-minute period
- D. The Sum statistic with a 1-minute period
Answer - D
Explanation - To graph the exact data points, specify the Sum statistic and set the period equal to the metric’s resolution, which is 1 minute.
38. A week ago, you created a CloudWatch alarm to monitor the CPUUtilization metric on an EC2 instance. Yesterday, the alarm briefly entered an INSUFFICIENT_DATA state and then went back to an OK state. What is a possible reason for this?
- A. The alarm was paused.
- B. The instance was terminated.
- C. The CPU utilization went above the alarm threshold.
- D. The instance was stopped and restarted.
Answer - D
Explanation - The instance being stopped and restarted would explain the momentary lack of CPU utilization data. If the instance was terminated, then the alarm would not have been able to reenter the OK state because the metric is tied to the instance. If the CPU utilization went above the alarm threshold, then the status would have been ALARM, not OK or INSUFFICIENT_DATA. An alarm can’t be paused.
39. Which of the following services should you monitor to ensure you don’t exceed your allocated capacity?
- A. Lambda
- B. EBS
- C. S3
- D. EFS
Answer - B
Explanation - You have to specify the size for an EBS volume, and expanding it is a manual task. It’s therefore wise to monitor your EBS volume utilization to ensure you don’t run out of space. Lambda, S3, and EFS are all elastic services that automatically provision additional capacity as needed.
40. Which of the following can automatically scale EC2 instances in or out in response to a metric?
- A. Auto Scaling launch configuration
- B. Auto Scaling group
- C. EC2 launch template
- D. Elastic load balancer
Answer - B
Explanation - An Auto Scaling group can automatically scale EC2 instances horizontally based on a metric. Launch configurations and launch templates are used to define the characteristics of the EC2 instance launched. An elastic load balancer doesn’t launch or terminate EC2 instances.
41. You’re running a dynamic web application on two EC2 instances in the same region. You’re load balancing traffic to the application using Route 53 weighted resource records. The web application uses HTTPS to provide encryption in transit. The CPU utilization on these instances intermittently spikes to nearly 100% and users report a slowdown during this time. Which of the following will offer the most performance improvement? (Choose two.)
- A. Implement an Auto Scaling group.
- B. Implement a network load balancer.
- C. Implement an application load balancer.
- D. Use Route 53 latency records instead of weighted records.
Answer - A, C
Explanation - In addition to providing elastic scaling and integration with an Auto Scaling group, you can terminate the HTTPS connection on an application load balancer instead of on the instances, potentially freeing up CPU resources on each instance. You can’t terminate an HTTPS connection on a network load balancer. Using latency records won’t provide any advantage because they only route users to the region with the lowest latency. In this case, both instances are in the same region.
42. You’re storing several large files in an S3 bucket and making them available for public download. The files are in the Standard storage class. Over time, transfer and storage costs for the bucket has increased, resulting in an ever-growing AWS bill. Which of the following can help you reduce these costs without impacting availability or durability?
- A. Move the files to the Standard-Infrequent Access (IA) storage class.
- B. Enable versioning.
- C. Move the files to Glacier.
- D. Delete unneeded files from the bucket.
Answer - D
Explanation - Using the Standard storage class for frequently accessed files is ideal. Standard-IA has a slightly lower availability and a higher cost for GET requests. Moving the files to Glacier would also negatively impact availability. Enabling versioning wouldn’t reduce costs but might increase costs. There’s not much else you can do to reduce costs except to delete unneeded files from the bucket.
43. Which of the following can you use to proactively alert you to possible excess resource utilization in your AWS account?
- A. CloudTrail
- B. AWS Budgets
- C. CloudWatch Events
- D. Cost Explorer
- E. AWS Config
Answer - B
Explanation - AWS Budgets can alert you via email if your bill exceeds a specified amount—a good indicator of excessive resource utilization. CloudTrail records events, and CloudWatch Events can be used to alert you to specific events, but neither will give you a good indication of resource utilization. AWS Config is good for monitoring changes but likewise isn’t good for tracking resource utilization. Cost Explorer can’t send notifications.
44. You need to implement a MySQL database in AWS. It must be backed up every 5 minutes, but recovery in the case of a database instance failure must not be automatic. Which of the following Relational Database Service (RDS) options should you choose?
- A. Automated snapshots
- B. Multi-AZ
- C. Amazon Aurora
- D. Read replica
Answer - A
Explanation - Enabling automated snapshots will enable point-intime recovery, which archives database logs to S3 every 5 minutes. Multi-AZ synchronously replicates data from the primary instance to a standby instance, but failover to the standby instance is automatic if the primary fails. Amazon Aurora doesn’t use MySQL but does have a MySQL-compatible option. A read replica is for scaling reads, but because replication is asynchronous, it’s not ideal as a backup.
45. You’re running a relational database on an EC2 instance backed by an EBS gp2 volume. Recently, as the frequency of writes to the database has increased, database performance has suffered. CPU and memory utilization remain at less than 50%, even during peak usage. Which of the following should you look at to determine where the bottleneck is?
- A. Volume queue length
- B. Network utilization
- C. The number of EBS snapshots being stored
- D. Provisioned IOPS
Answer - A
Explanation - The volume queue length metric measures the total number of read and write operation requests waiting for completion. If this has increased and remains high, it’s a good indication that the volume isn’t able to sustain enough IOPS. Because it’s a gp2 volume, the number of IOPS depends on the size allocated for the volume. You can’t provision IOPS explicitly using gp2 storage, but you can with io1 storage. The number of EBS snapshots has no impact on EBS performance, because snapshots are stored in S3.
46. Users in your organization have been uploading files to an S3 bucket for temporary storage and driving up the organization’s AWS bill. You deleted the S3 bucket but want to know as soon as anyone attempts to create another one. Which of the following services will assist you in this? (Choose two.)
- A. S3 server logs
- B. CloudTrail
- C. CloudWatch Events
- D. AWS Config
Answer - C, D
Explanation - AWS Config and CloudWatch Events can monitor S3 for new buckets and alert you when they’re created or deleted. CloudTrail can log the API events but won’t do any alerting. S3 server logging won’t log bucket creation events.
47. You’ve been using a custom automation solution to take EBS snapshots every 6 hours. Every month someone manually goes in and cleans up snapshots older than 30 days. You want to automate this process using a solution blessed by AWS. Which of the following fits the bill?
- A. Lambda
- B. S3 lifecycle configuration rules
- C. EBS data lifecycle manager
- D. AWS Systems Manager
Answer - C
Explanation - EBS data lifecycle manager automatically takes snapshots at a specified interval and retains only the latest. It’s configurable; for example, you could have it take a snapshot every 6 hours and retain only the latest 120 snapshots.
48. Which of the following Relational Database Service (RDS) instance classes offers dedicated bandwidth for storage volumes?
- A. Burst-capable
- B. Memory-optimized
- C. Standard
- D. Network-optimized
Answer - B
Explanation - Memory-optimized instances have dedicated bandwidth for EBS storage. Standard instances are not EBS optimized. Burst-capable instances are for test workloads and don’t have dedicated bandwidth. There is no network-optimized instance class.
49. If you enable automatic snapshots, how many days will RDS retain them by default?
- A. 1
- B. 7
- C. 28
- D. 35
Answer - B
Explanation - RDS will retain automatic snapshots for 7 days by default. You can choose a retention period between 1 day and 35 days.
50. How many days will RDS retain manual snapshots by default?
- A. 7 days
- B. 28 days
- C. 35 days
- D. Indefinitely
Answer - D
Explanation - Unlike automatic snapshots, RDS will retain manual snapshots indefinitely.