Tingnan ang lahat ng mga set ng pag-aaral

AWS ASA

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

ap-northeast-1a is a...

Availability Zone (Anything that ends with a letter is an AZ)

EC2 instance type where the application needs good CPU [compute / data-bases]

EBS Volume. Low cost HDD volume designed for frequently accessed, throughput intensive workloads

STI ( HDD)

EC2 Instance type where the application needs a GPU [ video rendering / machine learning]

EBS volume. General purpose SSD volume that balances price + performance for a wide variety of workloads

GP2 (SSD)

EC2 instance type where the application needs good local I/O (instance storage) [databases]

EBS Volume. Highest-performance SSD volume for mission-critical low-latency or high throughput workloads

IOI (SSD)

Pattern for ElastiCache where all the read data is cached, data can become stale in cache

Lazy Loading

EC2 instance type were the application is balanced (think "medium") [general / web app]

EC2 Instance Type where the applicaion needs a lot of RAM [ in-memory caches]

(For increased performance) - Combining 2+ volumes and getting the total disk space and I/O. - If one disk fails, all data fails

RAID 0

(ElastiCache Cluster Engine) - Multi-AZ failover - read replicas to scale reads and have high availability data durability using AOF Persistence - Backup + restore features

REDIS

Ec2 instance type with burstable instances (up to a capacity)

T2/T3

EC2 instance type with unlimited bursts

T2/T3 Unlimited

An IAM user can belong to multiple groups (T/F)

True

Pattern for ElastiCache that adds or updates data in the cache when written to a database (no stale data)

Write Through

High Resolution Custom Metrics can have a minimum resolution of a. 1 second b. 10 seconds c. 30 seconds d. 1 minute

a. 1 second

We have to provision the instance type for our DynamoDB database true / false

False DynamoDB is a serverless service and as such we don't provision an instance type for our database. We just say how much RCU and WCU we require for our table (or auto scaling)

IAM Users are defined on a per-region basis (T/F)

False IAM is a global service (encompasses all regions)

Patterns for ElastiCache that stores temporary session data in cache

Session Store

Which of the following is a Serverless data analysis service allowing you to query data in S3? a. S3 Analytics b. Athena c. Redshift d. RDS

b. Athena

You want to ensure your Redis cluster will always be available a. Enable Read Replicas b. Enable Multi AZ

b. Enable Multi AZ Multi AZ ensures high availability

You'd like to send a message to 3 different applications all using SQS. You should a. Use SQS Replication Feature b. Use SNS + SQS Fan Out pattern c. Send messages individually to 3 SQS queues

b. Use SNS + SQS Fan Out pattern This is a common pattern as only one message is sent to SNS and then "fan out" to multiple SQS queues

How can you automate the transition of S3 objects between their different tiers? a. Use AWS Lambda b. Use CloudWatch Events c. Use S3 Lifecycle Rules

c. Use S3 Lifecycle Rules

We would like to audit the values of an encryption value over time a. We should use AWS KMS versioning feature b. We should use S3 c. We should use SSM Parameter Store

c. We should use SSM Parameter Store SSM Parameter Store has versioning and audit of values built-in directly

Security groups can reference all of the following except: a. IP address b. CIDR block c. Security Group d. DNS name

d. DNS name

Which of the following will NOT help make our application tier stateless? a. Offload data in RDS b. Store the session data in ElastiCache c. Send the session data through the client cookies d. Storing shared data on EBS volumes

d. Storing shared data on EBS volumes EBS volumes are created for a specific AZ and can only be attached to one EC2 instance at a time. This will not help make our application stateles

Application Load Balancers handle all these protocols except a. HTTP b. HTTPS c. Websocket d. TCP

d. TCP Use a NLB (Network Load Balancer) support TCP instead

You want to expose a virtually infinite storage for your tape backups. You want to keep the same software as today and want a iSCSI compatible interface. What do you use? a. Snowball b. File Gateway c. Volume Gateway d. Tape Gateway

d. Tape Gateway

You've added files in your bucket and then enabled versioning. The files you've already added will have which version? a. 1 b. 0 c. -1 d. null

d. null

You should share your IAM credentials with colleagues if they quickly need access to help you (T/F)

False Never share your IAM credentials. If your colleagues need access to AWS they'll need their own account

You are getting started with AWS and your manager wants things to remain simple yet secure. He wants the management of engineers to be easy, and not re-invent the wheel every time someone joins your company. What will you do?

I'll create multiple IAM users and groups, assign policies to the groups. New users will be added to the groups.

(ElastiCache Cluster Engine) - Multi-node for partitioning of data (sharding) - Non persistent - No backup + restore - Multi threaded architecture

Memcached

(for increased fault tolerance) - Mirroring a volume to another - if one disk fails, our logical volume is still working - have to send the data to two EBS volumes at the same time (2x network)

RAID 1

EBS Volume. lowest cost HDD volume designed for less frequently accessed workloads.

SCI (HDD)

What does this CIDR correspond to? 10.0.4.0/28 a. 10.0.4.0 to 10.0.4.15 b. 10.0.4.0 to 10.0.32.0 c. 10.0.4.0 to 10.0.4.28 d. 10.0.0.0 to 10.0.16.0

a. 10.0.4.0 to 10.0.4.15 /28 means 16 IPs (=2^(32-28) = 2^4), means only the last digit can change.

As a solutions architect, you have been tasked to implement a fully Serverless REST API. Which technology choices do you recommend? a. API Gateway + AWS Lambda b. Application Load Balancer + EC2 c. ECS + EBS d. CloudFront + S3

a. API Gateway + AWS Lambda

Your user-facing website is a high risk target for DDoS attack and you would like to get 24/7 support in case they happen, as well as AWS bill reimbursement for the incurred costs during the attacks. What service should you use? a. AWS Shield Advanced b. AWS WAF c. AWS Shield d. AWS DDoS OpsTeam

a. AWS Shield Advanced

Which of the following strategies has a potentially high RPO and RTO? a. Backup and Restore b. Pilot Light c. Warm Standby d. Multi Site

a. Backup and Restore

You have purchased "mycoolcompany.com" on the AWS registrar and would like for it to point to lb1-1234.us-east-2.elb.amazonaws.com . What sort of Route 53 record is NOT POSSIBLE to set up for this? a. CNAME b. Alias

a. CNAME The DNS protocol does not allow you to create a CNAME record for the top node of a DNS namespace (mycoolcompany.com), also known as the zone apex

You need an encryption service that supports asymmetric encryption schemes, and you want to manage the security keys yourself. Which service could you use? a. CloudHSM b. KMS c. Parameter Store

a. CloudHSM

You have made a configuration change and would like to evaluate the impact of it on the performance of your application. Which service do you use? a. CloudWatch b. CloudTrail

a. CloudWatch CloudWatch is used to monitor the applications performance / metrics

Which service allows to federate mobile users and generate temporary credentials so that they can access their own S3 bucket sub-folder? a. Cognito b. IAM c. SSO d. CloudFront

a. Cognito in combination with STS

You have hosted a DynamoDB table in ap-northeast-1 and would like to make it available in eu-west-1. What must be enabled first to create a DynamoDB Global Table? a. DynamoDB Streams b. DynamoDB DAX c. DynamoDB Versioning d. DynamoDB Backups

a. DynamoDB Streams Streams enable DynamoDB to get a changelog and use that changelog to replicate data across regions

I have an on-premise personal server that I'd like to use to perform AWS API calls a. I should run `aws configure` and put my credentials there. Invalidate them when I'm done b. I should attach an EC2 IAM Role to my personal server

a. I should run `aws configure` and put my credentials there. Invalidate them when I'm done Even better would be to create a user specifically for that one on-premise server

You would like messages to be processed by SQS consumers only after 5 minutes of being published to SQS. What should you do? a. Increase the DelaySeconds parameters b. Change the Visibility Timeout c. Enable Long Polling d. Use the extended SQS client

a. Increase the DelaySeconds parameters Delay queues let you postpone the delivery of new messages to a queue for a number of seconds. If you create a delay queue, any messages that you send to the queue remain invisible to consumers for the duration of the delay period. The default (minimum) delay for a queue is 0 seconds. The maximum is 15 minutes

You have provisioned an 8TB gp2 EBS volume and you are running out of IOPS. What is NOT a way to increase performance? a. Increase the EBS volume size b. Mount EBS volumes in RAID 0 c. Change to an io1 volume type

a. Increase the EBS volume size EBS IOPS peaks at 16,000 IOPS. or equivalent 5334 GB.

You would like to have a high-performance cache for your application that mustn't be shared. You don't mind losing the cache upon termination of your instance. Which storage mechanism do you recommend as a Solution Architect? a. Instance Store b. EBS c. EFS

a. Instance Store Instance Store provide the best disk performance

Which of the following is NOT a Glacier retrieval mode? a. Instant (10 seconds) b. Expedited (1 to 5 minutes) c. Standard (3 to 5 hours) d. Bulk (5 to 12 hours)

a. Instant (10 seconds)

You would like to deliver big data streams in real time to multiple consuming applications, with replay features. Which technology do you recommend? a. Kinesis Data Streams b. Kinesis Firehose c. SQS d. Amazon MQ

a. Kinesis Data Streams

You would like to have the same data being accessible as an NFS drive cross AZ on all your EC2 instances. What do you recommend? a. Mount an EFS b. Mount an EBS c. Mount an Instance Store

a. Mount an EFS EFS is a network file system (NFS) and allows to mount the same file system on EC2 instances that are in different AZ

You are running at desired capacity of 3 and the maximum capacity of 3. You have alarms set at 60% CPU to scale out your application. Your application is now running at 80% capacity. What will happen? a. Nothing b. The desired capacity will go up to 4 and the maximum will stay at 3 c. The desired capacity will go up to 4 and the maximum will stay at 4

a. Nothing The capacity of your ASG cannot go over the maximum capacity you have allocated during scale out events

Which RDS database technology does NOT support IAM authentication? a. Oracle b. PostgreSQL c. MySQL

a. Oracle

You'd like to have a dynamic DB_URL variable loaded in your Lambda code a. Place it in the environment variables b. Place it in the code zip file c. Place it in the code itself

a. Place it in the environment variables Environment variables allow for your Lambda to have dynamic variables from within

You have a requirement to use TDE (Transparent Data Encryption) on top of KMS. Which database technology does NOT support TDE on RDS? a. PostgreSQL b. Oracle c. MS SQL Server

a. PostgreSQL

You would like to leverage EBS volumes in parallel to linearly increase performance, while accepting greater failure risks. Which RAID mode helps you in achieving that? a. RAID 0 b. RAID 1 c. RAID 5 d. RAID 6

a. RAID 0 See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/raid-config.html

A DynamoDB table has been provisioned with 10 RCU and 10 WCU. You would like to increase the RCU to sustain more read traffic. What is true about RCU and WCU? a. RCU and WCU are decoupled, so WCU can stay the same b. You will also have to increase WCU to match the RCU value

a. RCU and WCU are decoupled, so WCU can stay the same

Under the shared responsibility model, what are you responsible for in RDS? a. Security Group Rules b. OS patching c. Database Patching d. Underlying Hardware Security

a. Security Group Rules

One analytics application is currently performing its queries against your main production database. These queries slow down the database which impacts the main user experience. What should you do to improve the situation? a. Setup a Read Replica b. Setup Multi AZ c. Run the analytics queries at night d. Increase the RDS instance size

a. Setup a Read Replica Read Replicas will help as our analytics application can now perform queries against it, and these queries won't impact the main production database.

I am creating an application and would like for it to be running with minimal cost in a development environment with Elastic Beanstalk. I should run it in a. Single Instance Mode b. High Availability Mode

a. Single Instance Mode This will create one EC2 instance and one Elastic IP

In server side encryption, only the encryption happens on the server. Where does the decryption happen? a. The Server c. The Client

a. The Server In server side encryption, the decryption also happens on the server (in AWS, we wouldn't be able to decrypt the data ourselves as we can't have access to the corresponding encryption key)

You would like to get AWS recommendations on actual potential cost savings, performance, service limits improvements amongst other things. Which service do you recommend? a. Trusted Advisor b. CloudTrail c. IAM d. CloudFormation

a. Trusted Advisor

You are creating an application that is going to expose an HTTP REST API. There is a need to provide request routing rules at the HTTP level. Due to security requirements, your application can only be exposed through the use of two static IPs. How can you create a solution that validates these requirements? a. Use Global Accelerator and an Application Load Balancer b. Use a Network Load Balancer and attach Elastic IPs to it c. Use an Application Load Balancer and attach Elastic IPs to it d. Use CloudFront with Elastic IP and an Application Load Balancer

a. Use Global Accelerator and an Application Load Balancer Global Accelerator will provide us with the two static IP, and the ALB will provide use with the HTTP routing rules

How can you enhance the security of your Redis cache to force users to enter a password? a. Use Redis Auth b. Use IAM Auth c. Use Security Groups

a. Use Redis Auth

Your application load balancer is hosting 3 target groups with hostnames being users.example.com, api.external.example.com and checkout.example.com. You would like to expose HTTPS traffic for each of these hostnames. How do you configure your ALB SSL certificates to make this work? a. Use SNI b. Use a wildcard SSL certificate c. Use an HTTP to HTTPS redirect rule d. Use a security group SSL certificate

a. Use SNI SNI (Server Name Indication) is a feature allowing you to expose multiple SSL certs if the client supports it. Read more here: https://aws.amazon.com/blogs/aws/new-application-load-balancer-sni/

As a solution architect managing a complex ERP software suite, you are orchestrating a migration to the AWS cloud. The software traditionally takes well over an hour to setup on a Linux machine, and you would like to make sure your application does leverage the ASG feature of auto scaling based on the demand. How do you recommend you speed up the installation process? a. Use a Golden AMI b. Bootstrap using User Data c. Store the application in RDS d. Retrieve the application setup files from EFS

a. Use a Golden AMI Golden AMI are a standard in making sure you snapshot a state after an application installation so that future instances can boot up from that AMI quickly.

You would like to make sure your EC2 instances have the highest performance while talking to each other as you're performing big data analysis. Which placement group should you choose? a. cluster b. spread

a. cluster Cluster placement groups places your instances next to each other giving you high performance computing and networking

You pay for an EC2 instance compute component. a. only when its in "running" state b. if its "running" or "stopped" state

a. only when its in "running" state

You are getting a network timeout when trying to SSH into your EC2 instance a. your security groups are misconfigured b. your key is missing permissions c. the Linux instance is misconfigured

a. your security groups are misconfigured Any timeout errors (not just in SSH but also HTTP for example) means a misconfiguration of your security groups

You have a Kinesis stream usually receiving 5MB/s of data and sending out 8 MB/s of data. You have provisioned 6 shards. Some days, your traffic spikes up to 2 times and you get a throughput exception. You should a. Enable Kinesis replication b. Add more shards c. Use SQS as a buffer to Kinesis

b. Add more shards Each shard allows for 1MB/s incoming and 2MB/s outgoing of data

You have a Jenkins CI build server hosted on premise and you would like to de-commission it and replace it by a managed service on AWS. Which service do you recommend? a. AWS Jenkins b. CodeBuild c. CloudFormation d. ECS

b. CodeBuild CodeBuild is an alternative to Jenkins

You would like to orchestrate your CICD pipeline to deliver all the way to Elastic Beanstalk. Which service do you recommend? a. CodeBuild b. CodePipeline c. CloudFormation d. SWF

b. CodePipeline CodePipeline is a CICD orchestration service, and has an integration with Elastic Beanstalk

You would like to create a disaster recovery strategy for your RDS PostgreSQL database so that in case of a regional outage, a database can be quickly made available for Read and Write workload in another region. The DR database must be highly available. What do you recommend? a. Create a Read Replica in the same region and enable multi-AZ on the main database b. Create a Read Replica in a different region and enable multi-AZ on the main database c. Create a Read Replica in the same region and enable multi-AZ on the read replica d. Enable Multi-Region on the main database

b. Create a Read Replica in a different region and enable multi-AZ on the main database

You have strong regulatory requirements to only allow fully internally audited AWS Services in production. You still want to allow your teams to experiment in development environments while services are being audited. How can you best set this up? a. Provide the Dev team with a completely independent AWS account b. Create an AWS Organization and create two Prod and Dev OU. Apply a SCP on Prod c. Apply a Global IAM Policy on your production account d. Create an AWS Config Rule

b. Create an AWS Organization and create two Prod and Dev OU. Apply a SCP on Prod

You are running an application in 3 AZ, with an Auto Scaling Group and a Classic Load Balancer. It seems that the traffic is not evenly distributed among all the backend EC2 instances, with some AZ being overloaded. Which feature should help distribute the traffic across all the available EC2 instances? a. Stickiness b. Cross Zone Load Balancing c. Target Group Routing Rules d. HTTPS termination

b. Cross Zone Load Balancing

You are looking for a service to store docker images in AWS. Which one do you recommend? a. ECS b. ECR c. S3 d. CodeCommit

b. ECR Amazon Elastic Container Registry (ECR) is a fully-managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker containers

You work for a consulting company which has recently decided to create video training content for their clients. They would like to view the videos on different devices such as iPhone, iPad, Web browsers. Which service do you recommend to convert the videos? a. ElasticVideo b. ElasticTranscoder c. ECS d. Lambda

b. ElasticTranscoder

You quickly created an ELB and it turns out your users are complaining about the fact that sometimes, the servers just don't work. You realize that indeed, your servers do crash from time to time. How to protect your users from seeing these crashes? a. Enable Stickiness b. Enable Health Checks c. Enable SSL Termination

b. Enable Health Checks Health checks ensure your ELB won't send traffic to unhealthy (crashed) instances

You would like to provide internet access to your instances in private subnets with IPv4, while making sure this solution requires the least amount of administration and scales seamlessly. What should you use? a. NAT Instances with Source / Destination Check flag off b. NAT Gateway c. Egress Only Internet Gateway

b. NAT Gateway

Although EBS is already a replicated solution, your company SysOps advised you to use a RAID mode that will mirror data and will allow your instance to not be affected if an EBS volume entirely fails. Which RAID mode did he recommend to you? a. RAID 0 b. RAID 1

b. RAID 1 See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/raid-config.html

You would like to store big objects of 100 MB into a reliable and durable Key Value store. What do you recommend? a. Athena b. S3 c. DynamoDB d. ElastiCache

b. S3 S3 is indeed a key value store! (where the key is the full path of the object in the bucket)

Your company wants data to be encrypted in S3, and maintain control of the rotation policy for the encryption keys, but not know the encryption keys values. You recommend a. SSE-S3 b. SSE-KMS c. SSE-C d. Client Side Encryption

b. SSE-KMS With SSE-KMS you let AWS manage the encryption keys but you have full control of the key rotation policy

A Lambda function is triggered by a DynamoDB stream and is meant to insert data into SQS for further long processing jobs. The Lambda function does seem able to read from the DynamoDB stream but isn't able to store messages in SQS. What's the problem? a. The flow DynamoDB => Lambda => SQS isn't authorized b. The Lambda IAM role is missing permissions c. The Lambda security group must allow outbound access to SQS d. The SQS security group must be edited to allow Lambda

b. The Lambda IAM role is missing permissions

You are running a website with a load balancer and 10 EC2 instances. Your users are complaining about the fact that your website always asks them to re-authenticate when they switch pages. You are puzzled, because it's working just fine on your machine and in the dev environment with 1 server. What could be the reason? a. The application must have a bug b. The Load Balancer does not have stickiness enabled c. The EC2 instances log out users because they don't see their true IPs

b. The Load Balancer does not have stickiness enabled Stickiness ensures traffic is sent to the same backend instance for a client. This helps maintaining session data

You have set-up a direct connection between your Corporate Data Center and your VPC A. You need to access VPC B in another region from your Corporate Data Center as well. What should you do? a. Enable VPC Peering b. Use a Direct Connect Gateway c. Use a Direct Connect d. Setup a NAT Gateway

b. Use a Direct Connect Gateway This is the main use case of Direct Connect Gateways

To enable encryption in flight, we need to have a. an HTTP endpoint with a SSL certificate b. an HTTPS endpoint with a SSL certificate c. a TCP endpoint

b. an HTTPS endpoint with a SSL certificate encryption in flight = HTTPS, and HTTPs cannot be enabled without an SSL certificate

All of these are IAM components except... a. users b. organizations c. roles d. policies e. groups

b. organizations

You are getting a permission error exception when trying to SSH into your Linux Instance a. The security group is misconfigured b. the key is missing permissions chmod 0400 c. the Linux instance is misconfigured

b. the key is missing permissions chmod 0400

Which features allows us to distribute paid content from S3 securely, globally, if the S3 bucket is secured to only exchange data with CloudFront? a. Origin Access Identity b. S3 Pre-Signed URL c. CloudFront Signed URL d. CloudFront Distribution Invalidations

c. CloudFront Signed URL CloudFront Signed URL are commonly used to distribute paid content through dynamic CloudFront Signed URL generation.

I need my colleagues help to debug my code. When he runs the application on his machine, it's working fine, whereas I get API authorization exceptions. What should I do? a. Send him my AWS access key and secret key so he can replicate the issue on his machine b. Ask him to send me his credentials so I can start working c. Compare his IAM policy and my IAM policy in the policy simulator to understand the differences d. Ask him to create an EC2 server and puts his credentials there so I can run the application from the EC2 Instance

c. Compare his IAM policy and my IAM policy in the policy simulator to understand the differences

You are looking to build an index of your files in S3, using Amazon RDS PostgreSQL. To build this index, it is necessary to read the first 250 bytes of each object in S3, which contains some metadata about the content of the file itself. There is over 100,000 files in your S3 bucket, amounting to 50TB of data. how can you build this index efficiently? a. Use the RDS Import feature to load the data from S3 to PostgreSQL, and run a SQL query to build the index b. Create an application that will traverse the S3 bucket, read all the files one by one, extract the first 250 bytes, and store that information in RDS. c. Create an application that will traverse the S3 bucket, issue a Byte Range Fetch for the first 250 bytes, and store that information in RDS. d. Create an application that will traverse the S3 bucket, use S3 select to get the first 250 bytes, and store that information in RDS.

c. Create an application that will traverse the S3 bucket, issue a Byte Range Fetch for the first 250 bytes, and store that information in RDS.

Your consumers poll 10 messages at a time and finish processing them in 1 minute. You notice that your messages are processed twice, as other consumers also receive the messages. What should you do? a. Enable Long Polling b. Add delay to the messages when being produced c. Increase the VisibilityTimeout d. Decrease the Visibility Timeout

c. Increase the VisibilityTimeout Immediately after a message is received, it remains in the queue. To prevent other consumers from processing the message again, Amazon SQS sets a visibility timeout, a period of time during which Amazon SQS prevents other consumers from receiving and processing the message. Increasing the timeout gives more time to the consumer to process that message and will prevent duplicate readings of the message

As a solution architect, you plan on creating a social media website where users can be friends with each other, and like each other's posts. You plan on performing some complicated queries such as "What are the number of likes on the posts that have been posted by the friends of Mike?". What database do you suggest? a. RDS b. Redshift c. Neptune d. ElasticSearch

c. Neptune

A web application hosted in EC2 is managed by an ASG. You are exposing this application through an Application Load Balancer. The ALB is deployed on the VPC with the following CIDR: 192.168.0.0/18. How do you configure the EC2 instance security group to ensure only the ALB can access the port 80? a. Open up the EC2 security group on port 80 to 0.0.0.0/0 b. Open up the EC2 security group on port 80 to 192.168.0.0/18 c. Open up the EC2 security on port 80 to the ALB's security group c. Load an SSL client certificate on the ALB

c. Open up the EC2 security on port 80 to the ALB's security group This is the most secure way of ensuring only the ALB can access the EC2 instances. Referencing by security groups in rules is an extremely powerful rule and many questions at the exam rely on it. Make sure you fully master the concepts behind it!

As part of your disaster recovery strategy, you would like to make sure your entire infrastructure is code, so that you can easily re-deploy it in any region. Which service do you recommend? a. CodePipeline b. Elastic Beanstalk c. CodeDeploy d. CloudFormation

d. CloudFormation CloudFormation is the de-facto service in AWS for infrastructure as code.

You are preparing for the biggest day of sale of the year, where your traffic will increase by 100x. You have already setup SQS standard queue. What should you do? a. Open a support ticket to pre-warm the SQS queue b. Enable auto scaling in the SQS queue c. Increase the capacity of the SQS queue d. Do nothing, SQS scales automatically

d. Do nothing, SQS scales automatically

You'd like your messages to be processed exactly once and in order. Which do you need? a. SQS Standard Queue b. SQS Dead Letter Queue c. SQS Delay Queue d. SQS FIFO Queue

d. SQS FIFO Queue FIFO (First-In-First-Out) queues are designed to enhance messaging between applications when the order of operations and events is critical, or where duplicates can't be tolerated. FIFO queues also provide exactly-once processing but have a limited number of transactions per second (TPS).

You need to move hundreds of Terabytes into the cloud in S3, and after that pre-process it using many EC2 instances in order to clean the data. You have a 1 Gbit/s broadband and would like to optimize the process of moving the data and pre-processing it, in order to save time. What do you recommend? a. Use the network b. Use Snowball c. Use AWS Data Migration d. Use Snowball Edge

d. Use Snowball Edge Snowball Edge is the right answer as it comes with computing capabilities and allows use to pre-process the data while it's being moved in Snowball, so we save time on the pre-processing side as well.

Server side encryption means that the data is sent encrypted to the server first true / false

false Server side encryptions means the server will encrypt the data for us. We don't need to encrypt it beforehand

In client side encryption, the server must know our encryption scheme to accept the data true / false

false With client side encryption, the server does not need to know any information about the encryption being used, as the server won't perform any encryption or decryption tasks

We need to create User Keys in KMS before using the encryption features for EBS, S3, etc... true / false

false we can use the AWS Managed Service Keys in KMS, therefore we don't need to create our own keys

Availability Zones are...

in isolated data centers. (this helps guarantee that multi AZ won't all fail at once (due to a meteorological disaster for example).)

You are launching an EC2 instance in us-east-1 using this Python script snippet: ec2.create_instances(ImageId='ami-b23a5e7', MinCount=1, MaxCount=1) It works well, so you decide to deploy your script in us-west-1 as well. There, the script does not work and fails with "ami not found" error. What's the problem? a. AMI is region locked and the same ID cannot be used across regions b. The AMI needs to first be shared to another region. The same ID can then be used

a. AMI is region locked and the same ID cannot be used across regions

An Alarm on a High Resolution Metric can be triggered as often as a. 1 second b. 10 seconds c. 30 seconds d. 1 minute

b. 10 seconds

You have a corporate network of size 10.0.0.0/8 and a satellite office of size 192.168.0.0/16. Which CIDR is acceptable for your AWS VPC if you plan on connecting your networks later on? a. 172.16.0.0/12 b. 172.16.0.0/16 c. 10.0.16.0/16 d. 192.168.4.0/18

b. 172.16.0.0/16 CIDR not should overlap, and the max CIDR size in AWS is /16

Which are the only two services that have a Gateway Endpoint instead of an Interface Endpoint as a VPC endpoint? a. Amazon S3 & Amazon SQS b. Amazon S3 & DynamoDB c. Amazon SQS & DynamoDB

b. Amazon S3 & DynamoDB these two services have a Gateway endpoint (remember it), all the other ones have an interface endpoint (powered by Private Link - means a private IP)

You built and published an AMI in the ap-southeast-2 region, and your colleague in us-east-1 region cannot see it a. Their IAM permissions are wrong. b. An AMI created for a region can only be seen in that region c. You need to share the AMI with them explicitly

b. An AMI created for a region can only be seen in that region

I tried creating an S3 bucket named "dev" but it didn't work. This is a new AWS Account and I have no buckets at all. What is the cause? a. I'm missing IAM permissions to create a bucket b. Bucket names must be globally unique and "dev" is already taken

b. Bucket names must be globally unique and "dev" is already taken

VPC Peering has been enabled between VPC A and VPC B, and the route tables have been updated for VPC A. Still, your instances cannot communicate. What is the likely issue? a. Check the NACL b. Check the route tables in VPC B c. Check the instance security groups d. Check if DNS Resolution is enabled

b. Check the route tables in VPC B Route tables must be updated in both VPC that are peered

You would like to distribute your static content which currently lives in Amazon S3 to multiple regions around the world, such as the US, France and Australia. What do you recommend? a. S3 Cross Region Replication b. CloudFront c. Route 53 d. API Gateway

b. CloudFront

You would like to provide your users access to hundreds of private files in your CloudFront distribution, which is fronting an HTTP web server behind an application load balancer. What should you use? a. CloudFront Signed URL b. CloudFront Signed Cookies c. CloudFront Origin Access Identity d. CloudFront HTTPS encryption

b. CloudFront Signed Cookies Allows you to access many files

You would like to distribute paid software installation files globally for your customers that have indeed purchased the content. The software may be purchased by different users, and you want to protect the download URL with security including IP restriction. Which solution do you recommend? a. S3 pre-signed URLs b. CloudFront Signed URL c. EFS d. S3 Public Bucket

b. CloudFront Signed URL This will have security including IP restriction

You would like to find a managed-service in AWS alternative to GitLab, in order to version control your code entirely in AWS. Which technology do you recommend? a. CodeBuild b. CodeCommit c. S3 d. CodePipeline

b. CodeCommit CodeCommit is used to store and version control your code and as such, it's an alternative to GitLab and GitHub

You are a photo hosting service and publish every month a master pack of beautiful mountains images, that are over 50 GB in size and downloaded from all around the world. The content is currently hosted on EFS and distributed by ELB and EC2 instances. You are experiencing high load each month and very high network costs. What can you recommend that won't force an application refactor and reduce network costs and EC2 load dramatically? a. Hosts the master pack into S3 b. Create a CloudFront distribution c. Upgrade the EC2 instances d. Enable ELB caching

b. Create a CloudFront distribution CloudFront can be used in front of an ELB

You are about to enter the Christmas sale and you know a few items in your website are very popular and will be read often. Last year you had a ProvisionedThroughputExceededException. What should you do this year? a. Increase the RCU to a very, very high value b. Create a DAX cluster c. Migrate the database away from DynamoDB for the time of the sale

b. Create a DAX cluster A DynamoDB Accelerator (DAX) cluster is a cache that fronts your DynamoDB tables and caches the most frequently read values. They help offload the heavy reads on hot keys off of DynamoDB itself, hence preventing the ProvisionedThroughputExceededException

You are launching an application on EC2 and the whole process of installing the application takes about 30 minutes. You would like to minimize the total time for your instance to boot up and be operational to serve traffic. What do you recommend? a. Install the application using EC2 User Data b. Create an AMI after installing the application and launch from the AMI c. Use the EC2 Cluster Placement Group d. Provision an R4.xlarge instance type

b. Create an AMI after installing the application and launch from the AMI Creating an AMI after installing the applications allows you to start more EC2 instances directly from that AMI, hence bypassing the need to install the application (as it's already installed)

You are deploying your application on an ECS cluster made of EC2 instances. The cluster is hosting one application that has been issuing API calls to DynamoDB successfully. Upon adding a second application, which issues API calls to S3, you are getting authorization issues. What should you do to resolve the problem and ensure proper security? a. Edit the EC2 instance role to add permissions to S3 b. Create an IAM task role for the new application c. Enable the Fargate mode d. Edit the S3 bucket policy to allow the ECS task

b. Create an IAM task role for the new application

You would like to deploy a database technology and the vendor license bills you based on the physical cores and underlying network socket visibility. Which EC2 launch modes allow you to get visibility into them? a. Spot Instances b. Dedicated Hosts c. On-Demand d. Reserved Instances

b. Dedicated Hosts

You want to provide startup instructions to your EC2 instances, you should be using a. EC2 Meta Data b. EC2 User Data c. EC2 Startup Data

b. EC2 User Data

Your instances are deployed in an EC2 placement group of type cluster in order to perform HPC. You would like to maximize network performance between your instances. What should you use? a. Elastic Network Interface b. Elastic Fabric Adapter c. Elastic Network Adapter d. FSx for Lustre

b. Elastic Fabric Adapter

Your gaming website is currently running on top of DynamoDB. Users have been asking for a search feature to find other gamers by name, with partial matches if possible. Which technology do you recommend to implement that feature? a. DynamoDB b. ElasticSearch c. Neptune d. Redshift

b. ElasticSearch Anytime you see "search", think ElasticSearch

You would like all your files in S3 to be encrypted by default. What is the optimal way of achieving this? a. Use a Bucket Policy that forces HTTPS connections b. Enable "Default Encryption" on S3 c. Enable versioning

b. Enable "Default Encryption" on S3

You would like to automate sending welcome emails to the users who subscribe to the Users table in DynamoDB. How can you achieve that? a. Create a Lambda function to scan the table every minute looking for new users. b. Enable DynamoDB Streams and have the Lambda function receive the events in real-time c. Enable the SNS and DynamoDB integration

b. Enable DynamoDB Streams and have the Lambda function receive the events in real-time

Your SQS costs are extremely high. Upon closer look, you notice that your consumers are polling SQS too often and getting empty data as a result. What should you do? a. Decrease the number of consumers b. Enable Long Polling c. Increase the Visibility Timeout

b. Enable Long Polling Long polling helps reduce the cost of using Amazon SQS by eliminating the number of empty responses (when there are no messages available for a ReceiveMessage request) and false empty responses (when messages are available but aren't included in a response)

You have enabled versioning and want to be extra careful when it comes to deleting files on S3. What should you enable to prevent accidental permanent deletions? a. Use a bucket policy b. Enable MFA Delete c. Encrypt the files d. Disable versioning

b. Enable MFA Delete MFA Delete forces users to use MFA tokens before deleting objects. It's an extra level of security to prevent accidental deletes

You suspect some of your employees to try to access files in S3 that they don't have access to. How can you verify this is indeed the case without them noticing? a. Restrict their IAM policies and look at CloudTrail logs b. Enable S3 Access Logs and analyze them using Athena c. Use a bucket policy

b. Enable S3 Access Logs and analyze them using Athena S3 Access Logs log all the requests made to buckets, and Athena can then be used to run serverless analytics on top of the logs files

You would like to have a distributed POSIX compliant file system that will allow you to maximize the IOPS in order to perform some HPC and genomics computational research. That file system will have to scale easily to millions of IOPS. What do you recommend? a. EFS with Max IO enabled b. FSx for Lustre c. Amazon S3 mounted on the instances d. EC2 Instance Stores

b. FSx for Lustre

Your EC2 Windows Servers need to share some data by having a Network File System mounted, that respect the Windows security mechanisms and has integration with Active Directory. What do you recommend putting in place as an NFS? a. EFS b. FSx for Windows c. FSx for Lustre d. Amazon S3 with File Gateway

b. FSx for Windows

Running an application on an auto scaling group that scales the number of instances in and out is called a. Vertical Scalability b. Horizontal Scalability

b. Horizontal Scalability

My EC2 Instance does not have the permissions to perform an API call PutObject on S3. What should I do? a. I should run `aws configure` and insert my personal credentials, because I have access to PutObject on S3 b. I should ask an administrator to attach a Policy to the IAM Role on my EC2 Instance that authorises it to do the API call c. I should export the environment variables with my credentials on the EC2 Instance d. I should use the EC2 Metadata API call

b. I should ask an administrator to attach a Policy to the IAM Role on my EC2 Instance that authorizes it to do the API call IAM roles are the right way to provide credentials and permissions to an EC2 instance

Which technology does not have an out of the box caching feature? a. API Gateway b. Lambda c. DynamoDB

b. Lambda Lambda does not have an out of the box caching feature (it's often paired with API gateway for that)

Your application is using an Application Load Balancer. It turns out your application only sees traffic coming from private IP which are in fact your load balancer's. What should you do to find the true IP of the clients connected to your website? a. Modify the front-end of the website so that the users send their IP in the requests b. Look into the X-Forwarded-For header in the backend c. Look into the X-Forwarded-Proto header in the backend

b. Look into the X-Forwarded-For header in the backend This header is created by your load balancer and passed on to your backend application

Which RDS Classic (not Aurora) feature does not require us to change our SQL connection string? a. Read Replicas b. Multi AZ

b. Multi AZ Multi AZ keeps the same connection string regardless of which database is up. Read Replicas imply we need to reference them individually in our application as each read replica will have its own DNS name

You would like to expose a fixed static IP to your end-users for compliance purposes, so they can write firewall rules that will be stable and approved by regulators. Which Load Balancer should you use? a. Application Load Balancer with Elastic IP attached to it b. Network Load Balancer c. Classic Load Balancer

b. Network Load Balancer Network Load Balancers expose a public static IP, whereas an Application or Classic Load Balancer exposes a static DNS (URL)

What does this S3 bucket policy do? { "Version":"2012-10-17", "Id":"Mystery policy", "Statement":[ { "Sid":"What could it be?", "Effect":"Allow", "Principal":{"CanonicalUser":"CloudFront Origin Identity Canonical User ID"}, "Action":"s3:GetObject", "Resource":"arn:aws:s3:::examplebucket/*" } ] } a. Forces GetObject request to be encrypted if coming from CloudFront b. Only allows the S3 bucket content to be accessed from your CloudFront distribution origin identity c. Only allows GetObject type of request on the S3 bucket from anybody

b. Only allows the S3 bucket content to be accessed from your CloudFront distribution origin identity

As part of your disaster recovery strategy, you would like to have only the critical systems up and running in AWS. You don't mind a longer RTO. Which DR strategy do you recommend? a. Backup and Restore b. Pilot Light c. Warm Standby d. Multi Site

b. Pilot Light

Your production application is leveraging DynamoDB as its backend and is experiencing smooth sustained usage. There is a need to make the application run in development as well, where it will experience unpredictable, sometimes high, sometimes low volume of requests. You would like to make sure you optimize for cost. What do you recommend? a. Provision WCU & RCU and enable auto-scaling for both development and production b. Provision WCU & RCU and enable auto-scaling for production and use on-demand capacity for development c. Provision WCU & RCU and enable auto-scaling for development and use on-demand capacity for production d. Use on-demand capacity for both development and production

b. Provision WCU & RCU and enable auto-scaling for production and use on-demand capacity for development

Which database helps you store data in a relational format, with SQL language compatibility and capability of processing transactions? a. Redshift b. RDS c. DynamoDB d. ElastiCache

b. RDS

We have setup read replicas on our RDS database, but our users are complaining that upon updating their social media posts, they do not see the update right away a. There must be a bug in our application b. Read Replicas have asynchronous replication and therefore it's likely our users will only observe eventual consistency c. We should have setup multi-az instead

b. Read Replicas have asynchronous replication and therefore it's likely our users will only observe eventual consistency

You have an ASG that scales on demand based on the traffic going to your new website: TriangleSunglasses.Com. You would like to optimize for cost, so you have selected an ASG that scales based on demand going through your ELB. Still, you want your solution to be highly available so you have selected the minimum instances to 2. How can you further optimize the cost while respecting the requirements? a. Remove the ELB and use Elastic IP instead b. Reserve two EC2 instances c. Reduce the minimum number of instances to 1. d. Reduce the minimum number of instances to 0.

b. Reserve two EC2 instances

You plan on running an open-source MongoDB database year-round on EC2. Which instance launch mode should you choose? a. On-Demand b. Reserved Instances c. Spot Instances

b. Reserved Instances

You are hosting highly dynamic content in Amazon S3 in us-east-1. Recently, there has been a need to make that data available with low latency in Singapore. What do you recommend using? a. CloudFront b. S3 Cross Region Replication c. S3 Pre-Signed URLs

b. S3 Cross Region Replication S3 CRR allows you to replicate the data from one bucket in a region to another bucket in another region

You are looking for your entire S3 bucket to be available fully in a different region so you can perform data analysis optimally at the lowest possible cost. Which feature should you use? a. CloudFront distributions b. S3 Cross Region Replication c. S3 versioning d. S3 Websites

b. S3 Cross Region Replication S3 CRR is used to replicate data from an S3 bucket to another one in a different region

You are looking to provide temporary URLs to a growing list of federated users in order to allow them to perform a file upload on S3 to a specific location. What should you use? a. S3 CORS b. S3 Pre-Signed URL c. S3 Bucket Policies d. IAM Users

b. S3 Pre-Signed URL Pre-Signed URL are temporary and grant time-limited access to some actions in your S3 bucket.

You want to send email notifications to your users. You should use a. SQS with Lambda b. SNS c. Kinesis

b. SNS Has that feature by default

You would like to create a micro service whose sole purpose is to encode video files with your specific algorithm from S3 back into S3. You would like to make that micro-service reliable and retry upon failure. Processing a video may take over 25 minutes. The service is asynchronous and it should be possible for the service to be stopped for a day and resume the next day from the videos that haven't been encoded yet. Which of the following service would you recommend to implement this service? a. S3 + Lambda b. SQS + EC2 c. SNS + EC2 d. SQS + Lambda

b. SQS + EC2 SQS allows you to retain messages for days and process them later, while we take down our EC2 instances

Your Application Load Balancer (ALB) currently is routing to two target groups, each of them is routed to based on hostname rules. You have been tasked with enabling HTTPS traffic for each hostname and have loaded the certificates onto the ALB. Which ALB feature will help it choose the right certificate for your clients? a. TLS Termination b. Server Name Indication (SNI) c. SSL Security Policies d. Host Header

b. Server Name Indication (SNI)

You have an on-premise active directory setup and would like to provide access for your on-premise users to the multiple accounts you have in AWS. The solution should scale to adding accounts in the future. What do you recommend? a. Setup the SAML 2.0 integration between each AWS account and your on-premise AD. b. Setup AWS Single Sign-On c. Setup Web Identity Federation through Cognito d. Create a Lambda function that automatically creates a corresponding IAM user in every AWS account for each user in your AD.

b. Setup AWS Single Sign-On

You are looking to store shared software updates data across 100s of EC2 instances. The software updates should be dynamically loaded on the EC2 instances and shouldn't require heavy operations. What do you suggest? a. Store the software updates on EBS and sync them using data replication software from one master in each AZ b. Store the software updates on EFS and mount EFS as a network drive c. Package the software updates as an EBS snapshot and create EBS volumes for each new software updates. d. Store the software updates on an Amazon RDS instance

b. Store the software updates on EFS and mount EFS as a network drive EFS is a network file system (NFS) and allows to mount the same file system to 100s of EC2 instances. Publishing software updates their allow each EC2 instance to access them.

The bucket policy allows our users to read/write files in the bucket, yet we were not able to perform a PutObject API call. a. The bucket policy must be wrong b. The IAM user must have an explicit DENY in the attached IAM policy c. You need to contact AWS Support to lift this limit

b. The IAM user must have an explicit DENY in the attached IAM policy Explicit DENY in an IAM policy will take precedence over a bucket policy permission

Your CloudWatch alarm is triggered and controls an ASG. The alarm should trigger 1 instance being deleted from your ASG, but your ASG has already 2 instances running and the minimum capacity is 2. What will happen? a. One instance will be deleted and the ASG capacity and minimum will go to 1 b. The alarm will remain in "ALARM" state but never decrease the number of instances in my ASG c. The alarm will be detached from my ASG d. The alarm will go in OK state

b. The alarm will remain in "ALARM" state but never decrease the number of instances in my ASG The number of instances in an ASG cannot go below the minimum, even if the alarm would in theory trigger an instance termination

You have set up an internet gateway in your VPC, but your EC2 instances still don't have access to the internet. What is NOT a possible issue? a. Route Tables are missing entries b. The security group does not allow network in c. The NACL does not allow network traffic out

b. The security group does not allow network in security groups are stateful and if traffic can go out, then it can go back in

You have a mobile application and would like to give your users access to their own personal space in Amazon S3. How do you achieve that? a. Generate IAM user credentials for each of your application's users b. Use Cognito Identity Federation c. Use SAML Identity Federation d. Use a Bucket Policy to make your bucket public

b. Use Cognito Identity Federation Cognito is made to federate mobile user accounts and provide them with their own IAM policy. As such, they should be able thanks to that policy to access their own personal space in Amazon S3.

Scaling an instance from an r4.large to an r4.4xlarge is called a. Horizontal Scalability b. Vertical Scalability

b. Vertical Scalability

You have created an architecture including CloudFront with WAF, Shield, an ALB, and EC2 instances. You would like to block an IP, where should you do it? a. CloudFront b. WAF c. Shield d. ALB Security Group e. EC2 Security Group f. NACL

b. WAF

You have deployed a new Elastic Beanstalk environment and would like to direct 5% of your production traffic to this new environment, in order to monitor for CloudWatch metrics and ensuring no bugs exist. What type of Route 53 records allows you to do so? a. Simple b. Weighted c. Latency d. Failover

b. Weighted Weighted allows you to redirect a part of the traffic based on a weight (hence a percentage). It's common to use to send a part of a traffic to a new application you're deploying

Your boss wants to scale your ASG based on the number of requests per minute your application makes to your database. a. You politely tell him it's impossible b. You create a CloudWatch custom metric and build an alarm on this to scale your ASG c. You enable detailed monitoring and use that to scale your ASG

b. You create a CloudWatch custom metric and build an alarm on this to scale your ASG The metric "requests per minute" is not an AWS metric, hence it needs to be a custom metric

You are sending a clickstream for your users navigating your website, all the way to Kinesis. It seems that the users data is not ordered in Kinesis, and the data for one individual user is spread across many shards. How to fix that problem? a. There are too many shards, you should only use 1 shard b. You should use a partition key that represents the identity of the user c. You shouldn't use multiple consumers, only one and it should re-order data

b. You should use a partition key that represents the identity of the user By providing a partition key we ensure the data is ordered for our users

Load Balancers provide a a. static IPv4 we can use in our application b. static DNS name we can use in our application c. static IPv6 we can use in our application

b. static DNS name we can use in our application The reason being that AWS wants your load balancer to be accessible using a static endpoint, even if the underlying infrastructure that AWS manages changes

You plan on creating a subnet and want it to have at least capacity for 28 EC2 instances. What's the minimum size you need to have for your subnet? a. /28 b. /27 c. /26 d. /25

c. /26 perfect size (64 IP)

Which AWS Directory Service allows you to proxy requests to your on-premise active directory? a. AD on EC2 b. Managed Microsoft AD c. AD Connector d. Simple AD

c. AD Connector

Your developers are creating a mobile application and would like to have a managed GraphQL backend. Which service do you recommend? a. API Gateway b. AWS Lambda c. AppSync d. ECS

c. AppSync AppSync is a managed GraphQL service in AWS

Your log data is currently stored in S3 and you would like to perform a quick analysis if possible serverless to filter the logs and find a user which may have completed an unauthorized action. Which technology do you recommend? a. DynamoDB b. Redshift c. Athena d. Glacier

c. Athena

You are looking to perform OLTP, and would like to have the underlying storage with the maximum amount of replication and auto-scaling capability. What do you recommend? a. ElastiCache b. Redshift c. Aurora d. RDS

c. Aurora

You have a website that loads files from another S3 bucket. When you try the URL of the files directly in your Chrome browser it works, but when the website you're visiting tries to load these files it doesn't. What's the problem? a. The Bucket policy is wrong b. The IAM policy is wrong c. CORS is wrong d. Encryption is wrong

c. CORS is wrong Cross-origin resource sharing (CORS) defines a way for client web applications that are loaded in one domain to interact with resources in a different domain. To learn more about CORS, go here: https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html

You need to deploy your code to a fleet of EC2 instances with a specific strategy. Which technology do you recommend? a. CodeBuild b. CodePipeline c. CodeDeploy d. CodeCommit

c. CodeDeploy When deploying code directly onto EC2 instances or On Premise servers, CodeDeploy is the service to use. You can define the strategy (how fast the rollout of the new code should be)

You would like to provide a Facebook login before your users call your API hosted by API Gateway. You need seamlessly authentication integration, you will use a. Cognito Sync b. DynamoDB user tables with Lambda Authorizer c. Cognito User Pools

c. Cognito User Pools Cognito User Pools directly integration with Facebook Logins

You would like to evaluate the compliance of your resource's configurations over time. Which technology do you choose? a. CloudWatch b. CloudTrail c. Config

c. Config

My deployments on Elastic Beanstalk have been painfully slow, and after looking at the logs, I realize this is due to the fact that my dependencies are resolved on each EC2 machine at deployment time. How can I speed up my deployment with the minimal impact? a. Remove some dependencies in your code b. Place the dependencies in Amazon EFS c. Create a Golden AMI that contains the dependencies and launch the EC2 instances from that.

c. Create a Golden AMI that contains the dependencies and launch the EC2 instances from that. Golden AMI are a standard in making sure save the state after the installation or pulling dependencies so that future instances can boot up from that AMI quickly.

Your company has created a REST API that it will sell to hundreds of customers as a SaaS. Your customers are on AWS and are using their own VPC. You would like to allow your customers to access your SaaS without going through the public internet while ensuring your infrastructure is not left exposed to network attacks. What do you recommend? a. Create a VPC Endpoint b. Create a VPC peering connection c. Create a PrivateLink d. Create a ClassicLink

c. Create a PrivateLink

When a security group is created, what is the default behavior? a. Allow all traffic inbound and allow all traffic outbound b. Allow all traffic inbound and deny all traffic outbound c. Deny all traffic inbound and allow all traffic outbound d. Deny all traffic inbound and deny all traffic outbound

c. Deny all traffic inbound and allow all traffic outbound

Your instance in us-east-1a just got terminated, and the attached EBS volume is now available. Your colleague tells you he can't seem to attach it to your instance in us-east-1b. a. He's missing IAM permissions b. EBS volumes are region locked c. EBS volumes are AZ locked

c. EBS volumes are AZ locked EBS Volumes are created for a specific AZ. It is possible to migrate them between different AZ through backup and restore

You need to manage a fleet of Docker containers in the cloud, which service do you recommend? a. EC2 b. ECR c. ECS d. Lambda

c. ECS ECS is a container orchestrator service and the correct service to manage a fleet of Docker containers in the cloud

You are looking to create an Hadoop cluster to perform Big Data Analysis. Which service do you recommend on using? a. Redshift b. Athena c. EMR d. Glue

c. EMR EMR is the AWS way of creating an Hadoop cluster with the tools of your choosing.

The application load balancer can route to different target groups based on all these except... a. Hostname b. Request Path c. Geography d. Source IP

c. Geography

You have a legal requirement that people in any country but France should not be able to access your website. Which Route 53 record helps you in achieving this? a. Latency b. Simple c. Geolocation d. Multi Value

c. Geolocation

You are looking to move data all around your AWS databases using a managed ETL service that has a metadata catalog feature. Which one do you recommend? a. EMR b. Redshift c. Glue d. Athena

c. Glue Glue is an ETL service

We'd like our Lambda function to have access to a database password. We should a. Embed it in the code b. Have it as a plaintext environment variable c. Have it as an encrypted environment variable and decrypt it at runtime

c. Have it as an encrypted environment variable and decrypt it at runtime

We'd like to perform real time analytics on streams of data. The most appropriate product will be a. SQS b. SNS c. Kinesis

c. Kinesis Kinesis Analytics is the product to use, with Kinesis Streams as the underlying source of data

We'd like for our big data to be loaded near real time to S3 or Redshift. We'd like to convert the data along the way. What should we use? a. SQS + Lambda b. SNS + HTTP Endpoint c. Kinesis Streams + Kinesis Firehose

c. Kinesis Streams + Kinesis Firehose This is a perfect combo of technology for loading data near real-time in S3 and Redshift

To make a serverless API, I should integrate API Gateway with a. EC2 b. ELB c. Lambda

c. Lambda Lambda is a serverless technology

Your Lambda function is processing events coming through S3 events and distributed through an SNS topic. You have decided to ensure that events that can not be processed are sent to a DLQ. In which service should you set up the DLQ? a. S3 Events b. SNS topic c. Lambda function

c. Lambda function the invocation is asynchronous (coming from the SNS topic) so the DLQ has to be set on the Lambda side

You want your users to get the best possible user experience and that means minimizing the response time from your servers to your users. Which routing policy will help? a. Multi Value b. Weighted c. Latency d. Geo location

c. Latency Latency will evaluate the latency results and help your users get a DNS response that will minimize their latency (e.g. response time)

My company would like to have a MySQL database internally that is going to be available even in case of a disaster in the AWS Cloud. I should setup a. Read Replicas b. Encryption c. Multi AZ

c. Multi AZ In this question, we consider a disaster to be an entire Availability Zone going down. In which case Multi-AZ will help. If we want to plan against an entire region going down, backups and replication across regions would help.

You would like to get the DR strategy with the lowest RTO and RPO, regardless of the cost, which one do you recommend? a. Backup and Restore b. Pilot Light c. Warm Standby c. Multi Site

c. Multi Site

You are designing a high performance application that will require millions of connections to be handled, as well as low latency. The best Load Balancer for this is a. Application Load Balancer b. Classic Load Balancer c. Network Load Balancer

c. Network Load Balancer NLB provide the highest performance if your application needs it

Your company is already using Chef recipes to manage its infrastructure. You would like to move to the AWS cloud and keep on using Chef. What service do you recommend? a. CloudFormation b. SSM c. OpsWorks d. EC2

c. OpsWorks

Your organization would like to create various accounts to physically separate their dev, test and production environments. Your IT lead would still like to manage these environments centrally from a billing purposes, in order for management to be simple. Which service do you recommend? a. IAM b. STS c. Organizations d. Workspaces

c. Organizations AWS Organizations allow you to create multiple AWS accounts and centralize them around a single organization for simplified and unified billing.

To get the instance id of my EC2 machine from the EC2 machine, the best thing is to... a. Create an IAM role and attach it to my EC2 instance so I can perform a "describe" API call b. Query the user data at http://169.254.169.254/latest/user-data c. Query the meta data at http://169.254.169.254/latest/meta-data d. Query the meta data at http://254.169.254.169/latest/meta-data

c. Query the meta data at http://169.254.169.254/latest/meta-data

Our RDS database struggles to keep up with the demand of the users from our website. Our million users mostly read news, and we don't post news very often. Which solution is NOT adapted to this problem? a. An ElastiCache cluster b. RDS Read Replicas c. RDS Multi AZ

c. RDS Multi AZ Be very careful with the way you read questions at the exam. Here, the question is asking which solution is NOT adapted to this problem. ElastiCache and RDS Read Replicas do indeed help with scaling reads.

You would like to have a database which is efficient at performing analytical queries on large sets of columnar data. You would like to connect that Data Warehouse to a reporting and dashboard tool such as Amazon Quicksight. Which technology do you recommend? a. RDS b. S3 c. Redshift d. Neptune

c. Redshift

You have a Lambda function that will process data for 25 minutes before successfully completing. The code is working fine in your machine, but in AWS Lambda it just fails with a "timeout" issue after 3 seconds. What should you do? a. Set the timeout to 25 minutes b. Set the memory to 3GB c. Run your code somewhere else than Lambda - the maximum timeout is 15 minutes

c. Run your code somewhere else than Lambda - the maximum timeout is 15 minutes

Your client wants to make sure the encryption is happening in S3, but wants to fully manage the encryption keys and never store them in AWS. You recommend a. SSE-S3 b. SSE-KMS c. SSE-C d. Client Side Encryption

c. SSE-C Here you have full control over the encryption keys, and let AWS do the encryption

You would like to ensure that over time, none of your EC2 instances expose the port 84 as it is known to have vulnerabilities with the OS you are using. What can you do to monitor this? a. Setup CloudWatch Metrics b. Setup CloudTrail trails c. Setup Config Rules d. Create an AWS Lambda cron job

c. Setup Config Rules

You need to orchestrate a series of AWS Lambda function into a workflow. Which service do you recommend? a. SWF b. CodePipeline c. Step Functions d. OpsWorks

c. Step Functions

Your application functions on an ASG behind an ALB. Users have to constantly log back in and you'd rather not enable stickiness on your ALB as you fear it will overload some servers. What should you do? a. Create your own Load Balancer and deploy that on EC2 instances b. Store session data in RDS c. Store session data in ElastiCache d. Store session data in a shared EBS volume

c. Store session data in ElastiCache Storing Session Data in ElastiCache is a common pattern to ensuring different instances can retrieve your user's state if needed.

An application is deployed with an Application Load Balancer and an Auto Scaling Group. Currently, the scaling of the Auto Scaling Group is done manually and you would like to define a scaling policy that will ensure the average number of connections to your EC2 instances is averaging at around 1000. Which scaling policy should you use? a. Simple Scaling Policy b. Step Scaling Policy c. Target Tracking d. Scheduled Scaling

c. Target Tracking

I have an ASG and an ALB, and I setup my ASG to get health status of instances thanks to my ALB. One instance has just been reported unhealthy. What will happen? a. The ASG will keep the instance running and re-start the application b. The ASG will detach the EC2 instance from the group, and leave it running c. The ASG will terminate the EC2 Instance

c. The ASG will terminate the EC2 Instance Because the ASG has been configured to leverage the ALB health checks, unhealthy instances will be terminated

An ASG spawns across 2 availability zones. AZ-A has 3 EC2 instances and AZ-B has 4 EC2 instances. The ASG is about to go into a scale-in event. What will happen? a. The AZ-A will terminate an instance randomly b. The AZ-A will terminate the instance with the oldest launch configuration c. The AZ-B will terminate the instance with the oldest launch configuration d. The AZ-B will terminate an instance randomly e. The AZ-A will create an EC2 instance.

c. The AZ-B will terminate the instance with the oldest launch configuration Make sure you remember the Default Termination Policy for ASG. It tries to balance across AZ first, and then delete based on the age of the launch configuration.

An application is running in production, using an Aurora database as its backend. Your development team would like to run a version of the application in a scaled-down application, but still, be able to perform some heavy workload on a need-basis. Most of the time, the application will be unused. Your CIO has tasked you with helping the team while minimizing costs. What do you suggest? a. Use an Aurora Global Database b. Use an RDS database instead c. Use Aurora Serverless d. Run Aurora on EC2, and write a script to shut down the EC2 instance at night

c. Use Aurora Serverless

How can you ensure that only users who access our website through Canada are authorized in CloudFront? a. Set up a security group and attach it to CloudFront b. Use a Route 53 Latency record and attach it to CloudFront c. Use CloudFront Geo Restriction

c. Use CloudFront Geo Restriction

You are managing a PostgreSQL database and for security reasons, you would like to ensure users are authenticated using short-lived credentials. What do you suggest doing? a. Install PostgreSQL on EC2 and install the pg_iam module. Authenticate using IAM username and password b. Use PostgreSQL for RDS and install the pg_iam module. Authenticate using IAM username and password c. Use PostgreSQL for RDS and authenticate using a token obtained through the RDS service. d. Use PostgreSQL for RDS and force SSL connections. Authenticate using SSL certificates that you regularly rotate

c. Use PostgreSQL for RDS and authenticate using a token obtained through the RDS service. In this case, IAM is leveraged to obtain the RDS service token, so this is the IAM authentication use case

You are running a high-performance database that requires an IOPS of 210,000 for its underlying filesystem. What do you recommend? a. Use an EBS gp2 drive b. Use an EBS io1 drive c. Use an EC2 Instance Store c. Use EFS

c. Use an EC2 Instance Store

Your company has several on-premise sites across the USA. These sites are currently linked using a private connection, but your private connection provider has been recently quite unstable, making your IT architecture partially offline. You would like to create a backup connection that will use the public internet to link your on-premise sites, that you can failover in case of issues with your provider. What do you recommend? a. Site-to-Site VPN b. Direct Connect c. VPN CloudHub d. PrivateLink

c. VPN CloudHub

We need to gain access to a Role in another AWS account. How is it done? a. We should ask for them to create a user for us b. We should ask for them to send us access keys c. We should use the STS service to gain temporary credentials

c. We should use the STS service to gain temporary credentials STS will allow us to get cross account access through the creation of a role in our account authorized to access a role in another account. See more here: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html

You have a VDI (Virtual Desktop Infrastructure) on premise and as a solution architect, you would like to optimize maintenance and management cost by switching to virtual desktops on the AWS Cloud. Which service do you recommend? a. AppSync b. Organizations c. Workspaces d. ECR

c. Workspaces Amazon WorkSpaces is a managed, secure cloud desktop service. You can use Amazon WorkSpaces to provision either Windows or Linux desktops

You're trying to upload a 25 GB file on S3 and it's not working a. The file size limit on S3 is 5GB b. The S3 service must be down c. You should use Multi Part upload when your file is bigger than 5GB

c. You should use Multi Part upload when your file is bigger than 5GB Multi Part Upload is also recommended as soon as the file is over 100MB

After updating a Route 53 record to point "myapp.mydomain.com" from an old Load Balancer to a new load balancer, it looks like the users are still not redirected to your new load balancer. You are wondering why... a. it's because of the alias record! b. it's because of the CNAME record! c. it's because of the TTL d. it's because of the health checks

c. it's because of the TTL DNS records have a TTL (Time to Live) in order for clients to know for how long to caches these values and not overload the DNS with DNS requests. TTL should be set to strike a balance between how long the value should be cached vs how much pressure should go on the DNS.

You have many microservices running on-premise and they currently communicate using a message broker that supports the MQTT protocol. You would like to migrate these applications and the message broker to the cloud without changing the application logic. Which technology allows you to get a managed message broker that supports the MQTT protocol? a. SQS b. SNS c. Kinesis d. Amazon MQ

d. Amazon MQ Supports JMS, NMS, AMQP, STOMP, MQTT, and WebSocket

You would like to ensure you have a database available in another region if a disaster happens to your main region. Which database do you recommend? a. RDS Read Replicas b. RDS Multi AZ c. Aurora Read Replicas d. Aurora Global Database

d. Aurora Global Database Global Databases allow you to have cross region replication

Your company does not trust S3 for encryption and wants it to happen on the application. You recommend a. SSE-S3 b. SSE-KMS c. SSE-C d. Client Side Encryption

d. Client Side Encryption With Client Side Encryption you perform the encryption yourself and send the encrypted data to AWS directly. AWS does not know your encryption keys and cannot decrypt your data.

Your company has a production Node.js application that is using RDS MySQL 5.6 as its data backend. A new application programmed in Java will perform some heavy analytics workload to create a dashboard, on a regular hourly basis. You want the final solution to minimize costs and have minimal disruption on the production application, what should you do? a. Enable Multi-AZ for the RDS database and run the analytics workload on the standby database b. Create a Read Replica in a different AZ and run the analytics workload on the replica database c. Create a Read Replica in a different AZ and run the analytics workload on the source database d. Create a Read Replica in the same AZ and run the analytics workload on the replica database

d. Create a Read Replica in the same AZ and run the analytics workload on the replica database this will minimize cost because the data won't have to move across AZ

You have purchased a domain on Godaddy and would like to use it with Route 53. What do you need to change to make this work? a. Request for a domain transfer b. Create a private hosted zone and update the 3rd party registrar NS records c. Create a public hosted zone and update the Route 53 NS records d. Create a public hosted zone and update the 3rd party registrar NS records

d. Create a public hosted zone and update the 3rd party registrar NS records Private hosted zones are meant to be used for internal network queries and are not publicly accessible. Public Hosted Zones are meant to be used for people requesting your website through the public internet. Finally, NS records must be updated on the 3rd party registrar.

Which database do you suggest to have caching capability with a Redis compatible API? a. RDS b.DynamoDB c. ElasticSearch d. ElastiCache

d. ElastiCache ElastiCache can create a Redis cache or a Memcached cache

We'd like to have CloudWatch Metrics for EC2 at a 1 minute rate. What should we do? a. Enable Custom Metrics b. Enable High Resolution c. Enable Basic Monitoring d. Enable Detailed Monitoring

d. Enable Detailed Monitoring This is a paid offering and gives you EC2 metrics at a 1 minute rate

Someone has terminated an EC2 instance in your account last week, which was hosting a critical database. You would like to understand who did it and when, how can you achieve that? a. Look at the CloudWatch Metrics b. Look at the CloudWatch Alarms c. Look at the CloudWatch Events d. Look at CloudTrail

d. Look at CloudTrail CloudTrail helps audit the API calls made within your account, so the database deletion API call will appear here (regardless if made from the console, the CLI, or an SDK)

The Application Load Balancers target groups can be all of these EXCEPT... a. EC2 Instances b. IP Addresses c. Lambda Functions d. Network Load Balancer

d. Network Load Balancer

You are running a critical workload of three hours per week, on Monday. As a solutions architect, which EC2 Instance Launch Type should you choose to maximize the cost savings while ensuring the application stability? a. On-Demand Instances b. Reserved Instances c. Spot Instances d. Scheduled Reserved Instances

AWS ASA

Kaugnay na mga set ng pag-aaral

ECON Test 2 Study Notes

Organismal plant quiz

ASTR 152

Wireless Networking

Depressive disorder Questions (Unit IV)

Chapter 6 Quiz questions

CH. 1-2 HWST

SOCW 601 Ch 13

Cog Chap Assessment 2

Adaptive Immunity

Psych Stats 241 Exam #1

Kitchen Equipment

COM 212 Chapter 12

Exam 1

Tax Acct Chp. 4

ECN 111 Chapter 7 Practice Problems

Econ Ch 12 Quiz

Chapter 14 MC

Chemistry Chapter 13

מערכת קרדיו - סרחיו