Missed Questions
Which command line commands list all current stacks in your CloudFormation service? Choose the 2 correct answers from the options below
AWS cloudformation list-stacks AWS cloudformation describe-stacks
Which of the following is a default limit in S3?
Accounts can have a maximum of 100 buckets.
You have an environment that consists of a public subnet using Amazon VPC and 3 instances that are running in this subnet. These three instances can successfully communicate with other hosts on the Internet. You launch a fourth instance in the same subnet, using the same AMI and security group configuration you used for the others, but find that this instance cannot be accessed from the Internet. What should you do to enable internet access? Choose an answer from the options below
Assign an Elastic IP address to the fourth instance. An Elastic IP address is a static IPv4 address designed for dynamic cloud computing. An Elastic IP address is associated with your AWS account. With an Elastic IP address, you can mask the failure of an instance or software by rapidly remapping the address to another instance in your account. An Elastic IP address is a public IPv4 address, which is reachable from the Internet. If your instance does not have a public IPv4 address, you can associate an Elastic IP address with your instance to enable communication with the Internet; for example, to connect to your instance from your local computer.
Which API call would you use to attach an EBS volume to an EC2 instance? Choose a correct answer from the options below
AttachVolume
Which API call is used to Bundle an Amazon instance store-backed Windows instance? Choose the correct answer from the options below
BundleInstance
How is the coordination between worker processes done in SWF? Choose the correct answer from the options below.
By writing a program called the decider
What is the maximum limit of data that can be retrieved by a scan operation in DynamoDB? Choose the correct answer from the options below.
1 MB
How many secondary indexes are allowed per table? Choose the correct answer from the options below.
10
A transport company uses a mobile GPS application to track the location of each of their 60 vehicles. The application records each vehicle's location to a DynamoDB table every 6 seconds. Each transmission is just under 1KB, and throughput is spread evenly within that minute. How many units of write capacity should you specify for this table?
10 Writing to the database every six seconds, there are 10 writes/minute/vehicle. There are sixty vehicles in the fleet, so there are 600 writes/minute overall. 600/60 seconds = 10 writes/second.
What is maximum limit for the size of an item collection in DynamoDB? Choose an answer from the options below
10 GB
What is the size limit for volumes in instances that are based on Amazon Instance Store backed AMI's. Choose an answer from the options below?
10 GiB
What is the maximum number of SWF workflows/activity types allowed in each SWF domain? Choose the correct answer from the options below.
10,000
Each AWS account can own a maximum of how many buckets?
100
What is the maximum number of items you can retrieve with the BatchGetItem operation?
100
You have an application that needs to read 750 evenly distributed items of 13KB in size every 30 seconds. Your application uses strongly consistent reads. At what level should you provision your read throughput?
100 750 reads every thirty seconds = 25 reads/second. 13KB rounds up to 16KB. 16/4=4; 4*25=100 read capacity units.
AWS recommends that you use Multipart Upload for files larger than _____.
100MB
In DynamoDB, what is the maximum length of a sort key value?
1024 bytes
How long can a message be retained in an SQS Queue?
14 days
If your table item's size is 3KB and you want to have 30 eventually consistent reads per second, how many read capacity units will you need to provision on the table?
15 3 rounds up to 4. 4/4=1. 1*30=30. 30*1/2=15
In DynamoDB, what is the maximum length of a partition key value?
2048 bytes
What is the maximum length of a topic name in SNS? Choose the correct answer from the options below
256 characters
When a subscriber subscribes to a topic in SNS, what is the time period available for confirmation? Choose one answer from the options below
3 Days
By default, how many Elastic IP addresses are you limited to per region?
5
If you have an item that is 4KB in size and you want to provision read capacity units for 100 requests per second, how many read capacity units do you need to provision?
50
S3 Multipart upload is required for files larger than ____?
5GB
What is the maximum size of an S3 object?
5TB
In which of the following increments are SQS messages billed to your AWS account?
64KB
Your app requires 300 eventually consistent reads of 11KB per minute. How many read capacity units should you provision?
8 300 reads per minute = 5 reads/second. 11KB rounds-up to 12. 12KB/4=3 read capacity units. 3 read capacity units * 5 reads/second = 15 strongly consistent reads. For an eventually consistent read: 15/2 = 7.5, which rounds up to 8.
Which of the following best describes the messages SNS sends to endpoints:
A JSON document with parameters like Message, Signature, Subject, Type.
What is the primary difference between a global secondary index and a local secondary index? Choose the correct answer from the options below.
A local secondary index has the same partition key as the primary key and the global secondary index has a different partition and sort key
Which of the following will not result in a CloudFormation rollback?
A template that contains invalid JSON syntax
You are providing AWS consulting services for a company developing a new mobile application that will be leveraging Amazon SNS Mobile Push for push notifications. In order to send direct notification messages to individual devices each device registration identifier or token needs to be registered with SNS; however the developers are not sure of the best way to do this. You advise them to
Call the CreatePlatformEndPoint API function to register multiple device tokens. The CreatePlatformEndPoint API creates an endpoint for a device and mobile app on one of the supported push notification services, such as GCM and APNS. CreatePlatformEndpoint requires the PlatformApplicationArn that is returned from CreatePlatformApplication. The EndpointArn that is returned when using CreatePlatformEndpointcan then be used by the Publish action to send a message to a mobile app or by the Subscribe action for subscription to a topic.
EC2 instances are launched from Amazon Machine Images (AMIs). A given public AMI:
Can only be used to launch EC2 instances in the same AWS region as the AMI is stored.
You decide to configure a bucket for static website hosting. As per the AWS documentation, you create a bucket named 'mybucket.com' and then you enable website hosting with an index document of 'index.html' and you leave the error document as blank. You then upload a file named 'index.html' to the bucket. After clicking on the endpoint of mybucket.com.s3-website-us-east-1.amazonAWS.com you receive 403 Forbidden error. You then change the CORS configuration on the bucket so that everyone has access, however you still receive the 403 Forbidden error. What additional step do you need to do so that the endpoint is accessible to everyone? Choose the correct answer from the options below
Change the permissions on the index.html file also, so that everyone has access.
To change the visibility timeout of an SQS message, you should use which of the following actions?
ChangeMessageVisibility
Which of the following AWS services can be used to record logs of API calls
CloudTrail
Your distributed, decoupled application needs to store messages in SQS. However, the messages your application generates exceed the maximum allowable size for an SQS message. How might you overcome this restriction?
Configure your application to to send an SQS message that refers to a message payload stored in DynamoDB.
What are some of the owner operations possible in SNS?Choose 3 correct answers from the options below
CreateTopic DeleteTopic AddPermission SNS provides a set of simple APIs to enable event notifications for topic owners, subscribers and publishers.Owner operations: CreateTopic - Create a new topic. DeleteTopic - Delete a previously created topic. ListTopics - List of topics owned by a particular user (AWS ID). ListSubscriptionsByTopic - List of subscriptions for a particular topic SetTopicAttributes - Set/modify topic attributes, including setting and modifying publisher/subscriber permissions, transports supported, etc. GetTopicAttributes - Get/view existing attributes of a topic AddPermission - Grant access to selected users for the specified actions RemovePermission - Remove permissions for selected users for the specified actions
Your application is trying to upload a 6TB file to S3 and you receive an error message telling you that your proposed upload exceeds the maximum allowed object size. What is the best way to accomplish this file upload?
You cannot fix this, as the maximum size of an S3 object is 5TB.
After having created a new Linux instance on Amazon EC2, and downloaded the .pem file (called LAfile.pem) you try and SSH into your IP address (52.2.222.22) using the following command.ssh -i LAfile.pem [email protected] you receive the following error.WARNING: UNPROTECTED PRIVATE KEY FILE!What is the most probable reason for this and how can you fix it?
Your key file must not be publicly viewable for SSH to work. You need to modify your pem file as follows "chmod 400 LAfile.pem"
What result would you expect from the Fn::split function in the following line in a CloudFormation template? Choose an answer from the options below{ "Fn::Split" : [ "|" , "a|b|c" ] }
["a", "b", "c"]
Which of the following is not a valid S3 bucket name?
my-S3bucket mys3_bucket
Which of the following is not a common S3 response header?
x-amz-set-delete-marker
Which of the following statements about amazon SWF is true?
Decision tasks occur when the state of the workflow changes. A server living outside AWS can perform a worker task. Amazon EC2 instances can perform a worker task.
You are inserting 1000 new items every second in a DynamoDB table. Once an hour these items are analyzed and then are no longer needed. You need to minimize provisioned throughput, storage, and API calls. Given these requirements, what is the most efficient way to manage these Items after the analysis? Choose an answer from the options below
Delete the table and create a new table per hour
Which of the following DynamoDB API calls does not consume capacity units?
DeleteItem
Which API call would best be used to describe an Amazon Machine Image? Choose the correct answer from the options below
DescribeImages
A corporate web application is deployed within an Amazon VPC, and is connected to the corporate data center via IPSec VPN. The application must authenticate against the on-premise LDAP server. Once authenticated, logged-in users can only access an S3 keyspace specific to the user. Choose 2 answer from the options below
Develop an identity broker which authenticates against LDAP, and then calls IAM Security Token Service to get IAM federated user credentials. The application calls the identity broker to get IAM federated user credentials. The application authenticates against LDAP, and retrieves the name of an IAM role associated with the user. The application then calls the IAM Security Token Service to assume that IAM Role. The application can use the temporary credentials to access the app.
After launching an instance that you intend to serve as a NAT (Network Address Translation) device in a public subnet you modify your route tables to have the NAT device be the target of internet bound traffic of your private subnet. When you try and make an outbound connection to the Internet from an instance in the private subnet, you are not successful. Which of the following steps could resolve the issue? Choose an answer from the options below
Disabling the Source/Destination Check attribute on the NAT instance You can use a network address translation (NAT) instance in a public subnet in your VPC to enable instances in the private subnet to initiate outbound IPv4 traffic to the Internet or other AWS services, but prevent the instances from receiving inbound traffic initiated by someone on the Internet. Each EC2 instance performs source/destination checks by default. This means that the instance must be the source or destination of any traffic it sends or receives. However, a NAT instance must be able to send and receive traffic when the source or destination is not itself. Therefore, you must disable source/destination checks on the NAT instance.
You can define up to 5 local secondary indexes and 5 global secondary indexes per table. How can you increase your DynamoDB secondary indexes limit in a region?
DynamoDB does not allow secondary index limit increase
Which of the following statements about DynamoDB is true?
DynamoDB uses optimistic concurrency control.
Server-side encryption is about data encryption at rest. That is, Amazon S3 encrypts your data at the object level as it writes it to disk in its data centers and decrypts it for you when you go to access it. There are a few different options depending on how you choose to manage the encryption keys. One of the options is called 'Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)'. Which of the following best describes how this encryption method works? Choose the correct answer from the options below
Each object is encrypted with a unique key employing strong encryption. As an additional safeguard, it encrypts the key itself with a master key that it regularly rotates.
What can be used in DynamoDB as part of the Query API call to filter results based on the values of primary keys? Choose an answer from the options below
Expressions
True or False: 10.4.120.24 is a valid S3 bucket name.
FALSE
True or False: All reads of a DynamoDB table are eventually consistent.
FALSE
True or False: S3 bucket names are transferrable.
FALSE
A single DynamoDB table partition can support a maximum of 5,000 read capacity units or 1,000 write capacity units.
FALSE A single DynamoDB table partition can support a maximum of 3,000 read capacity units or 1,000 write capacity units. When you create a new table, the initial number of partitions can be expressed as follows:(readCapacityUnits / 3,000 ) + ( writeCapacityUnits / 1,000 ) = initialPartitions (rounded up)
True or False: An account may have an absolute maximum of 100 S3 buckerts.
FALSE While an account has a maximum of 100 buckets by default, this limit may be increased by contatcting AWS and requestin a limit increase.
Which of the below functions is used in Cloudformation to return the value corresponding to keys in a two-level map that is declared in the Mappings section? Choose an answer from the options below
Fn::FindInMap
Which of these CloudFormation snippets of code will return an address that can be used to access our application from our browser if we're using a resource type of AWS::ElasticLoadBalancing::LoadBalancer with Logical ID "ElasticLoadBalancer"?
Fn::Join" : [ "", [ "http://", { "Fn::GetAtt" : [ "ElasticLoadBalancer", "DNSName" ]}]]
You have created an Elastic Load Balancer with Duration-Based sticky sessions enabled in front of your six EC2 web application instances in US-West-2. For High Availability, there are three web application instances in Availability Zone 1 and three web application instances in Availability Zone 2. To load test, you set up a software-based load tester in Availability Zone 2 to send traffic to the Elastic Load Balancer, as well as letting several hundred users browse to the ELB's hostname. After a while, you notice that the users' sessions are spread evenly across the EC2 instances in both AZ's, but the software-based load tester's traffic is hitting only the instances in Availability Zone 2. What steps can you take to resolve this problem? Choose the 2 correct answer from the options below
Force the software-based load tester to re-resolve DNS before every request Use a third party load-testing service to send requests from globally distributed clients
The following code snippet is the resources section of a CloudFormation template that you have written."Resources" : { "EC2Instance" : { "Type" : "AWS::EC2::Instance", "Properties" : { "InstanceType" : { "Ref" : "InstanceType" }, "SecurityGroups" : [ { "Ref" : "InstanceSecurityGroup" } ], "KeyName" : { "Ref" : "KeyName" }, "ImageId" : { "Fn::FindInMap" : [ "AWSRegionArch2AMI", { "Ref" : "AWS::Region" }, { "Fn::FindInMap" : [ "AWSInstanceType2Arch", { "Ref" : "InstanceType" }, "Arch" ] } ] } }},You have used the reference function to define your instance type as follows."InstanceType" : { "Ref" : "InstanceType" },The referencing function is referencing the instance type. Where is this value most likely coming from?
From the parameters section of your CloudFormation template.
You have just set up a push notification service to send a message to an app installed on a device with the Apple Push Notification Service. It seems to work fine. You now want to send a message to an app installed on devices for multiple platforms, those being the Apple Push Notification Service(APNS) and Google Cloud Messaging for Android (GCM). What do you need to do first for this to be successful? Choose the correct answer from the options below
Get a set of credentials in order to be able to connect to the push notification service you are trying to setup.
Which API call would you use to query an item by its primary key?
GetItem
Your supervisor is upset about the fact that SNS topics that he subscribed to are now cluttering up his email inbox. How can he stop receiving email from SNS without disrupting other usersäó» ability to receive email from SNS? (Choose two.)
He can use the unsubscribe information provided in the emails. You can delete the subscription from the SNS topic responsible for the emails.
Which of the following statements about amazon SWF is not true?
Humans can perform a decision task.
While working with the S3 API, you receive an error: 400 Bad Request. Which of the following error codes Can explain this error?
IncompleteBody InvalidBucketName InvalidDigest
While working with the DynamoDB API, you receive an HTTP Status Code 400. Which of the following errors can explain this result?
IncompleteSignature InvalidParameterValue
What is the main difference between an EBS-backed instance and an instance store-backed instance?
Instance-store backed instances can be stopped and restarted.
Which of the following can be used when authoring a CloudFormation template?
Intrinsic Functions Regular Expressions Parameters YAML
Which of the following is true about S3 server-side encryption?
It uses AES-256 encryption.
Which API call can tell you which Amazon Machine Images are available in your current region?
ListImages
Which API call is used to list all resources that belong to a CloudFormation Stack? Choose an answer from the options below
ListStackResources
While working with the SQS API, your application returns HTTP status code 400. Which of the following errors might explain this result?
MissingAction Missing Parameter
You need to attach an EBS volume to an EC2 instance. Which API call should you use?
MountEBSVolume
In S3 what can be used to delete a large number of objects
Multi-Object Delete
Amazon Simple Notification Service (Amazon SNS) provides support for delivery of message attributes to Amazon SQS endpoints and each message attribute consists of the following items: Name, Type and Value. Which of the following is TRUE, regarding message attributes? Choose the correct answer from the options below
Name, type, and value must not be empty or null and the message body shouldn't be empty or null either.
You are writing an AWS CloudFormation Template to create a static S3 website configuration. The resources section of this template will be used for access control of the bucket and is defined in the 5th line of the below code snippet. What should the value of "AccessControl" be so that the owner of the bucket gets full control and all users get READ access only."Resources" : { "S3Bucket" : { "Type" : "AWS::S3::Bucket", "Properties" : { "AccessControl" : "ANSWER TO THE QUESTION", "BucketName": { "Ref" : "BucketName" }, "WebsiteConfiguration" : { "IndexDocument" : "index.html", "ErrorDocument" : "error.html" } } }
PublicRead
Which of the following DynamoDB write operations allow conditional writes?
PutItem UpdateItem DeleteItem
Which of the following is not a common S3 API call?
ReadObject
Which of the following attributes are always supported by the GetQueueAttributes action?
ReceiveMessageWaitTimeSeconds DelaySeconds VisibilityTimeout
Which API call occurs in the final process of creating an AMI? Choose the correct answer from the options below
RegisterImage
You run an ad-supported photo sharing website using S3 to serve photos to visitors of your site. At some point you find out that other sites have been linking to the photos on your site, causing loss to your business. What is an effective method to mitigate this? Choose the correct answer from the options below
Remove public read access and use signed URLs with expiry dates.
What is the default behavior of a CloudFormation stack if creation fails? Choose the correct answers from the options below
Rollback
Which of the following cannot be used inside a CloudFormation template:
Ruby statements
Which of the following statements are true?
S3-Standard provides 11-nines durability. S3-RRS provides 99.99% durability S3-Standard provides 99.99% availability.
Which of the following would you not expect to see in an SNS message body? Choose the correct answer from the options below
SNSID
Someone on your team configured a Virtual Private Cloud with two public subnets in two separate AZs and two private subnets in two separate AZs. Each public subnet AZ has a matching private subnet AZ. The VPC and its subnets are properly configured. You also notice that there are multiple webserver instances in the private subnet, and you've been charged with setting up a public-facing Elastic Load Balancer which will accept requests from clients and distribute those requests to the webserver instances. How can you set this up? Choose the correct answer from the options below
Select both of the public subnets when configuring the ELB.
You need to announce an emergency downtime for a production AWS web application. This downtime notification requires different sets of instructions for different devices. All of the application users signed up to receive SNS notifications from the äóědowntimeäóť topic when they began using the application and they are currently subscribed to this topic. What are appropriate ways for you to provide timely, device-specific instructions to end users when announcing this downtime?
Send a single message, but customize the text in the SNS message field so that each device gets only the information that is appropriate for them.
You receive a call from a potential client who explains that one of the many services they offer is a website running on a t2.micro EC2 instance where users can submit requests for customized e-cards to be sent to their friends and family. The e-card website administrator was on a cruise and was shocked when he returned to the office in mid-January to find hundreds of angry emails complaining that customers' loved ones had not received their Christmas cards. He also had several emails from CloudWatch alerting him that the SQS queue for the e-card application had grown to over 500 messages on December 25th. You investigate and find that the problem was caused by a crashed EC2 instance which serves as an application server. What do you advise your client to do first? Choose the correct answer from the options below
Send an apology to the customers notifying them that their cards will not be delivered. The maximum retention period for SQS messages is 14 days, hence all the messages would have been lost by the mid of Jan.
When using a large Scan operation in DynamoDB, what technique can be used to minimize the impact of a scan on a table's provisioned throughput? Choose an answer from the options below
Set a smaller page size for the scan
You are a system administrator and you need to take a consistent snapshot of your EC2 instance. Your application holds large amounts of data in cache that is not written to disk automatically. What would be the best approach to taking an application consistent snapshot?
Shutdown the EC2 instance and detach the EBS volume, then take the snapshot.
In DynamoDB you get the following error "ItemCollectionSizeLimitExceededException". What could be the possible cause for this error. Choose an answer from the options below
Size of a group of items with the same partition key value has exceeded 10GB.
Which of the following would you not expect to see in an SNS message body?
SubjectId
Describe the process of registering a mobile device with SNS push notification service using GCM. Choose the correct answer from the options below
Submit GCM notification credentials to Amazon SNS, then receive the Registration ID for each mobile device. After that, pass the device token to SNS, and SNS then creates a mobile subscription endpoint for each device and communicates with the GCM service on your behalf
True or False: A global secondary index is an index with a primary key that differs from that of the table.
TRUE
True or False: Classic ELB's support IPv6 as well as IPv4.
TRUE
True or false: A global secondary index is characterized by an index key value that differs from that of the table's primary key.
TRUE
True or false: A multi-part upload can be executed while the file is still being created.
TRUE
Your AWS environment contains several reserved EC2 instances dedicated to a project that has just been cancelled. You need to recoup the cost of these reserved instances, and you need to preserve the data for future use. What can you do to minimize charges for these instances?
Take snapshots of the EBS volumes and terminate the instances. Sell the unused instances on the AWS Reserved Instance Marketplace.
Called in a loop, what does the BatchWriteItem operation do?
The BatchWriteItem operation puts or deletes multiple items in one or more tables. BatchWriteItem checks for unprocessed items and submits a new BatchWriteItem request with those unprocessed items until all items have been processed.
Your new web app is deployed within an Amazon VPC, and is connected to your corporate data center via IPSec VPN. The application must authenticate against the on-premise LDAP server to give authenticated, logged-in users access to an S3 keyspace specific to the user. Which two of the following methods will give your users the access they need?
The application authenticates against LDAP, and retrieves the name of an IAM role associated with the user. The application then calls the IAM Security Token Service to assume that IAM Role. The application can use the temporary credentials to access the S3 keyspace. Develop an identity broker which authenticates against LDAP, and then calls IAM Security Token Service to get IAM federated user credentials. The application calls the identity broker to get IAM federated user credentials with access to the appropriate keyspace.
If you're executing .Net code against AWS on an EC2 instance that is assigned an IAM role, which of the following is a true statement? Choose the correct answer from the options below
The code will assume the same permissions as the IAM role
What is one difference between an Amazon EBS-backed and an instance-store backed instance? Choose the correct answer from the options below
The instance type and kernel for an EBS backed AMI can easily be changed as compared to an Instance store-backed AMI.
When using the Ref function in CloudFormation, what do we get back if we pass in the logical ID of an AWS::EC2::Instance object?
The object's InstanceId.
You decide to create a bucket on AWS S3 called 'bucketever' and then perform the following actions in the order that they are listed here. - You upload a file to the bucket called 'file1' - You enable versioning on the bucket - You upload a file called 'file2' - You upload a file called 'file3' - You upload another file called 'file2' Which of the following is true for your bucket 'bucketever'?
The version ID for file1 will be null, there will be 2 version IDs for file2 and 1 version ID for file3
You created three S3 buckets - "mydomain.com", "downloads.mydomain.com", and "www.mydomain.com". You uploaded your files, enabled static website hosting, specified both of the default documents under the "enable static website hosting" header, and set the "Make Public" permission for the objects in each of the three buckets. All that's left for you to do is to create the Route 53 Aliases for the three buckets.You are going to have your end users test your websites by browsing to http://mydomain.com/error.html, http://downloads.mydomain.com/index.html, and http://www.mydomain.com.What problems will your testers encounter? Choose an answer from the options below
There will be no problems, all three sites should work.
The default visibility timeout for an item in an SQS queue is?
Thirty Seconds
Which of the following would you expect to see in the body of an SNS notification? Choose the correct answer from the options below
UnsubscribeURL
Which DynamoDB API call does not consume capacity units? Choose the correct answer from the options below
UpdateTable
What is the best method for maintaining application session state when using an Elastic Load Balancer? Choose the correct answer from the options below
Use ElastiCache
You are having trouble maintaining session states on some of your applications that are using an Elastic Load Balancer(ELB). As well as that there does not seem to be an even distribution of sessions across your ELB. To overcome this problem which of the following is the recommended method by AWS to try and rectify the issues that you are having?Choose the correct answer from the options below
Use ElastiCache, which is a web service that makes it easy to set up, manage, and scale a distributed in-memory cache environment in the cloud.
You have multiple instances behind private and public subnets. None of the instances have an EIP assigned to them. How can you connect them to the internet to download system updates? Choose the correct answer from the options below
Use both a NAT instance and a VPN
You run an ad-supported photo sharing website using S3 to serve photos to visitors of your site. At some point, you find out that other sites have been linking to the photos on your site, causing financial loss to your business. What is an effective method to mitigate this?
Use security groups to block the IP addresses of the offending websites.
Which of the following services are offered at not cost? (Choose two answers.)
VPC, AutoScaling