AWS Certified Solutions Architect 851 Q from dathuminh
What is the durability of S3 RRS? A. 99.99% B. 99.95% C. 99.995% D. 99.999999999%
A. 99.99% https://aws.amazon.com/s3/reduced-redundancy/ Designed to provide 99.99% durability and 99.99% availability of objects over a given year. This durability level corresponds to an average annual expected loss of 0.01% of objects.
You receive a Spot Instance at a bid of $0.05/hr. After 30 minutes, the Spot Price increases to $0.06/hr and your Spot Instance is terminated by AWS. What was the total EC2 compute cost of running your Spot Instance? A. $0.00 B. $0.02 C. $0.03 D. $0.05 E. $0.06
A. $0.00
Using Amazon CloudWatch's Free Tier, what is the frequency of metric updates which you receive? A. 5 minutes B. 500 milliseconds. C. 30 seconds D. 1 minute
A. 5 minutes Basic Monitoring metrics (at five-minute frequency) for Amazon EC2 instances are free of charge, as are all metrics for Amazon EBS volumes, Elastic Load Balancers, and Amazon RDS DB instances. https://aws.amazon.com/cloudwatch/pricing/?nc1=h_ls
Amazon RDS DB snapshots and automated backups are stored in A. Amazon S3 B. Amazon ECS Volume C. Amazon RDS D. Amazon EMR
A. Amazon S3 https://aws.amazon.com/rds/faqs/ Q: Where are my automated backups and DB Snapshots stored and how do I manage their retention? Amazon RDS DB snapshots and automated backups are stored in S3. You can use the AWS Management Console, the ModifyDBInstance API, or the modify-db-instance command to manage the period of time your automated backups are retained by modifying the RetentionPeriod parameter. If you desire to turn off automated backups altogether, you can do so by setting the retention period to 0 (not recommended). You can manage your user-created DB Snapshots via the "Snapshots" section of the Amazon RDS Console. Alternatively, you can see a list of the user-created DB Snapshots for a given DB Instance using the DescribeDBSnapshots API or describe-db-snapshots command and delete snapshots with the DeleteDBSnapshot API or delete-db-snapshot command.
Which of the following is a durable key-value store? A. Amazon Simple Storage Service B. Amazon Simple Workflow Service C. Amazon Simple Queue Service D. Amazon Simple Notification Service
A. Amazon Simple Storage Service
EBS Snapshots occur _____ A. Asynchronously B. Synchronously C. Weekly
A. Asynchronously http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-creating-snapshot.html Snapshots occur asynchronously; the point-in-time snapshot is created immediately, but the status of the snapshot is pending until the snapshot is complete (when all of the modified blocks have been transferred to Amazon S3), which can take several hours for large initial snapshots or subsequent snapshots where many blocks have changed. While it is completing, an in-progress snapshot is not affected by ongoing reads and writes to the volume.
How can I change the security group membership for interfaces owned by other AWS, such as Elastic Load Balancing? A. By using the service specific console or API\CLI commands B. None of these C. Using Amazon EC2 API/CLI D. Using all these methods
A. By using the service specific console or API\CLI commands http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html To change security group membership for interfaces owned by other services, such as Elastic Load Balancing, use the console or command line interface for that service.
You are building a system to distribute confidential training videos to employees. Using CloudFront, what method could be used to serve content that is stored in S3, but not publicly accessible from S3 directly? A. Create an Origin Access Identity (OAI) for CloudFront and grant access to the objects in your S3 bucket to that OAI. B. Add the CloudFront account security group "amazon-cf/amazon-cf-sg" to the appropriate S3 bucket policy. C. Create an Identity and Access Management (IAM) User for CloudFront and grant access to the objects in your S3 bucket to that IAM User. D. Create a S3 bucket policy that lists the CloudFront distribution ID as the Principal and the target bucket as the Amazon Resource Name (ARN).
A. Create an Origin Access Identity (OAI) for CloudFront and grant access to the objects in your S3 bucket to that OAI.
By default, EBS volumes that are created and attached to an instance at launch are deleted when that instance is terminated. You can modify this behavior by changing the value of the flag _____ to false when you launch the instance. A. DeleteOnTermination B. RemoveOnDeletion C. RemoveOnTermination D. TerminateOnDeletion
A. DeleteOnTermination By default, Amazon EBS root device volumes are automatically deleted when the instance terminates. However, by default, any additional EBS volumes that you attach at launch, or any EBS volumes that you attach to an existing instance persist even after the instance terminates. This behavior is controlled by the volume's DeleteOnTermination attribute, which you can modify. http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html
Which route must be added to your routing table in order to allow connections to the Internet from your subnet? A. Destination: 0.0.0.0/0 --> Target: your Internet gateway B. Destination: 192.168.1.257/0 --> Target: your Internet gateway C. Destination: 0.0.0.0/33 --> Target: your virtual private gateway D. Destination: 0.0.0.0/0 --> Target: 0.0.0.0/24 E. Destination: 10.0.0.0/32 --> Target: your virtual private gateway
A. Destination: 0.0.0.0/0 --> Target: your Internet gateway
If I want an instance to have a public IP address, which IP address should I use? A. Elastic IP Address B. Class B IP Address C. Class A IP Address D. Dynamic IP Address
A. Elastic IP Address
What combination of the following options will protect S3 objects from both accidental deletion and accidental overwriting? A. Enable S3 versioning on the bucket. B. Access S3 data using only signed URLs. C. Disable S3 delete using an IAM bucket policy. D. Enable S3 Reduced Redundancy Storage. E. Enable multi-factor authentication (MFA) protected access.
A. Enable S3 versioning on the bucket. E. Enable multi-factor authentication (MFA) protected access.
A VPC public subnet is one that: A. Has at least one route in its associated routing table that uses an Internet Gateway (IGW). B. Includes a route in its associated routing table via a Network Address Translation (NAT) instance. C. Has a Network Access Control List (NACL) permitting outbound traffic to 0.0.0.0/0. D. Has the Public Subnet option selected in its configuration.
A. Has at least one route in its associated routing table that uses an Internet Gateway (IGW).
You have an EC2 security group with several running EC2 instances. You change the security group rules to allow inbound traffic on a new port and protocol, and launch several new instances in the same security group. The new rules apply: A. Immediately to all instances in the security group. B. Immediately to the new instances only. C. Immediately to the new instances, but old instances must be stopped and restarted before the new rules apply. D. To all instances, but it may take several minutes for old instances to see the changes.
A. Immediately to all instances in the security group. http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html#vpc-security-groups
Can an EBS volume be attached to more than one EC2 instance at the same time? A. No B. Yes. C. Only EC2-optimized EBS volumes. D. Only in read mode.
A. No
Amazon RDS automated backups and DB Snapshots are currently supported for only the ______ storage engine A. InnoDB B. MyISAM
A. InnoDB Amazon RDS automated backups and DB snapshots are currently supported for all DB engines. For the MySQL DB engine, only the InnoDB storage engine is supported; use of these features with other MySQL storage engines, including MyISAM, may lead to unreliable behavior while restoring from backups. Specifically, since storage engines like MyISAM do not support reliable crash recovery, your tables can be corrupted in the event of a crash. For this reason, we encourage you to use the InnoDB storage engine. http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.BackingUpAndRestoringAmazonRDSInstances.html
What does the AWS Storage Gateway provide? A. Integration of on-premises IT environments with Cloud Storage. B. A direct encrypted connection to Amazon S3. C. A backup solution that provides an on-premises Cloud storage. D. It provides an encrypted SSL endpoint for backups in the Cloud.
A. Integration of on-premises IT environments with Cloud Storage. http://docs.aws.amazon.com/storagegateway/latest/userguide/WhatIsStorageGateway.html AWS Storage Gateway connects an on-premises software appliance with cloud-based storage to provide seamless integration with data security features between your on-premises IT environment and the Amazon Web Services (AWS) storage infrastructure.
What is the Reduced Redundancy option in Amazon S3? A. Less redundancy for a lower cost. B. It doesn't exist in Amazon S3, but in Amazon EBS. C. It allows you to destroy any copy of your files outside a specific jurisdiction. D. It doesn't exist at all
A. Less redundancy for a lower cost. http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingRRS.html In order to reduce storage costs, you can use reduced redundancy storage for noncritical, reproducible data at lower levels of redundancy than Amazon S3 provides with standard storage. Reduced Redundancy Storage (RRS) is an Amazon 53 storage option that enables customers to reduce their costs by storing noncritical. reproducible data at lower levels of redundancy than Amazon 53's standard storage. It provides a cost-effective. highly available solution for distributing or sharing content that is durably stored elsewhere. or for storing thumbnails. transcoded media, or other processed data that can be easily reproduced.
Which of the following requires a custom CloudWatch metric to monitor? A. Memory use (Memory Utilization of an EC2 instance) B. CPU use (CPU Utilization of an EC2 instance) C. Disk read operations (Disk usage activity of an EC2 instance) D. Network in (Data transfer You are tasked with setting up a Linux bastion host for access to Amazon EC2of an EC2 instance) E. Estimated charges
A. Memory use However, there's one big missing feature in CloudWatch: it doesn't monitor your instance memory utilization http://arr.gr/blog/2013/08/monitoring-ec2-instance-memory-usage-with-cloudwatch/
Can a 'user' be associated with multiple AWS accounts? A. No B. Yes
A. No http://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html Each IAM user is associated with one and only one AWS account. Because users are defined within your AWS account, they don't need to have a payment method on file with AWS. Any AWS activity performed by users in your account is billed to your account.
How can software determine the public and private IP addresses of the EC2 instance that it is running on? A. Query the local instance metadata. B. Query the local instance userdata. C. Query the appropriate Amazon CloudWatch metric. D. Use an ipconfig or ifconfig command.
A. Query the local instance metadata.
How many relational database engines does RDS currently support? A. Six: Amazon Aurora, Oracle, Microsoft SQL Server, PostgreSQL, MySQL and MariaDB B. Just two: MySQL and Oracle. C. Five: MySQL, PostgreSQL, MongoDB, Cassandra and SQLite. D. Just one: MySQL.
A. Six: Amazon Aurora, Oracle, Microsoft SQL Server, PostgreSQL, MySQL and MariaDB https://aws.amazon.com/rds/?nc1=h_ls Outdated question, but A is CLOSE to the correct answer Amazon RDS provides you six familiar database engines to choose from, including Amazon Aurora, PostgreSQL, MySQL, MariaDB, Oracle, and Microsoft SQL Server. Amazon Relational Database Service (Amazon RDS) makes it easy to set up. operate. and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while managing time-consuming database administration tasks. freeing you up to focus on your applications and business. Amazon RDS provides you six familiar database engines to choose from. including Amazon Aurora. Oracle. Microsoft SQL Server. PostgreSQL. MySQL and MariaDB.
What does the command 'ec2-run-instances ami-e3a5408a -n 20 -g appserver' do? A. Start twenty instances as members of appserver group. B. Creates 20 rules in the security group named appserver C. Terminate twenty instances as members of appserver group. D. Start 20 security groups
A. Start twenty instances as members of appserver group.
When using IAM to control access to your RDS resources, the key names that can be used are case sensitive. For example, aws:CurrentTime is NOT equivalent to AWS:currenttime. A. TRUE B. FALSE
A. TRUE Explanation: The Question is Specific to RDS. There are two ways to specify conditions in an IAM policy for Amazon RDS: Using Condition Keys Using Custom Tags Note: Condition keys are case sensitive. Link : http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAM.Conditions.html
Automated backups are enabled by default for a new DB Instance. A. TRUE B. FALSE
A. TRUE http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.BackingUpAndRestoringAmazonRDSInstances.html Automated backup is an Amazon RDS feature that automatically creates a backup of your DB instance. Automated backups are enabled by default for a new DB instance.
Disabling automated backups disables the point-in-time recovery feature. A. True B. False
A. True
SQL Server stores logins and passwords in the master database. A. True B. False
A. True
You are deploying an application on EC2 that must call AWS APIs. What method of securely passing credentials to the application should you use? A. Use AWS Identity and Access Management roles for EC2 instances. B. Pass API credentials to the instance using instance userdata. C. Embed the API credentials into your JAR files. D. Store API credentials as an object in Amazon Simple Storage Service.
A. Use AWS Identity and Access Management roles for EC2 instances.
What does Amazon EC2 provide? A. Virtual servers in the Cloud. B. A platform to run code (Java, PHP, Python), paying on an hourly basis. C. Computer Clusters in the Cloud. D. Physical servers, remotely managed by the customer.
A. Virtual servers in the Cloud. Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) cloud. Using Amazon EC2 eliminates your need to invest in hardware up front, so you can develop and deploy applications faster. You can use Amazon EC2 to launch as many or as few virtual servers as you need, configure security and networking, and manage storage. Amazon EC2 enables you to scale up or down to handle changes in requirements or spikes in popularity, reducing your need to forecast traffic. http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/concepts.html
After creating a new AWS account, you use the API to request 40 on-demand EC2 instances in a single AZ. After 20 successful requests, subsequent requests failed. What could be a reason for this issue, and how would you resolve it? A. You encountered a soft limit of 20 instances per region. Submit the limit increase form and retry the failed requests once approved. B. AWS allows you to provision no more than 20 instances per Availability Zone. Select a different Availability Zone and retry the failed request. C. You need to use Amazon Virtual Private Cloud (VPC) in order to provision more than 20 instances in a single Availability Zone. Simply terminate the resources already provisioned and re-launch them all in a VPC. D. You encountered an API throttling situation and should try the failed requests using an exponential decay retry algorithm.
A. You encountered a soft limit of 20 instances per region. Submit the limit increase form and retry the failed requests once approved.
While performing volume status checks using volume status checks, if the status is insufficient-data, if the status is 'insufficient-data', what does it mean? A. checks may still be in progress on the volume B. check has passed C. check has failed D. there is no such status
A. checks may still be in progress on the volume
A/An _____ acts as a firewall that controls the traffic allowed to reach one or more instances. A. security group B. ACL C. IAM D. Private IP Addresses
A. security group http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. A security group acts as a virtual firewall that controls the traffic for one or more instances.
Disabling automated backups ______ disable the point-in-time recovery. A.if configured to can B.will never C.will
Answer is c: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html Disabling Automated Backups You may want to temporarily disable automated backups in certain situations; for example, while loading large amounts of data. Important We highly discourage disabling automated backups because it disables point-in-time recovery. If you disable and then re-enable automated backups, you are only able to restore starting from the time you re-enabled automated backups. In these examples, you disable automated backups for a DB instance by setting the backup retention parameter to 0. AWS Management Console To disable automated backups immediately Sign in to the AWS Management Console and open the Amazon RDS console at https://console.aws.amazon.com/rds/. In the navigation pane, click DB Instances, and then select the check box next to the DB instance you want to modify. Click the Modify button. The Modify DB Instance window appears. Select 0 in the Backup Retention Period drop-down list box. Check the Apply Immediately check box. Click the OK button.
Which of the following will occur when an EC2 instance in a VPC with an associated Elastic IP is stopped and started? (Choose 2 answers) A. The Elastic IP will be dissociated from the instance B. All data on instance-store devices will be lost C. All data on EBS (Elastic Block Store) devices will be lost D. The ENI (Elastic Network Interface) is detached E. The underlying host for the instance is changed
B. All data on instance-store devices will be lost E. The underlying host for the instance is changed
You are developing a highly available web application using stateless web servers. Which services are suitable for storing session state data? Choose 3 answers A. Amazon CloudWatch B. Amazon Relational Database Service (RDS) C. Elastic Load Balancing D. Amazon ElastiCache E. AWS Storage Gateway F. Amazon DynamoDB
B. Amazon Relational Database Service (RDS) D. Amazon ElastiCache F. Amazon DynamoDB
What does Amazon Elastic Beanstalk provide? A. A scalable storage appliance on top of Amazon Web Services. B. An application container on top of Amazon Web Services. C. A service by this name doesn't exist. D. A scalable cluster of EC2 instances.
B. An application container on top of Amazon Web Services. https://aws.amazon.com/elasticbeanstalk/faqs/ Q: What is AWS Elastic Beanstalk? AWS Elastic Beanstalk makes it even easier for developers to quickly deploy and manage applications in the AWS Cloud. Developers simply upload their application, and Elastic Beanstalk automatically handles the deployment details of capacity provisioning, load balancing, auto-scaling, and application health monitoring.
What are the two types of licensing options available for using Amazon RDS for Oracle? A. BYOL and Enterprise License B. BYOL and License Included C. Enterprise License and License Included D. Role based License and License Included
B. BYOL and License Included https://aws.amazon.com/rds/oracle/ You can run Amazon RDS for Oracle under two different licensing models - "License Included" and "Bring-Your-Own-License (BYOL)".
A customer's nightly EMR job processes a single 2-TB data file stored on Amazon Simple Storage Service (S3). The EMR job runs on two On-Demand core nodes and three On-Demand task nodes. Which of the following may help reduce the EMR job completion time? Choose 2 answers A. Use three Spot Instances rather than three On-Demand instances for the task nodes. B. Change the input split size in the MapReduce job configuration. C. Use a bootstrap action to present the S3 bucket as a local filesystem. D. Launch the core nodes and task nodes within an Amazon Virtual Cloud. E. Adjust the number of simultaneous mapper tasks. F. Enable termination protection for the job flow.
B. Change the input split size in the MapReduce job configuration. E. Adjust the number of simultaneous mapper tasks.
What are the Amazon EC2 API tools? A. They don't exist. The Amazon EC2 AMI tools, instead, are used to manage permissions. B. Command-line tools to the Amazon EC2 web service. C. They are a set of graphical tools to manage EC2 instances. D. They don't exist. The Amazon API tools are a client interface to Amazon Web Services.
B. Command-line tools to the Amazon EC2 web service. Amazon EC2 API Tools AWS Command Line https://aws.amazon.com/tools/ https://aws.amazon.com/developertools/351
What does the ec2-create-group command do with respect to the Amazon EC2 security groups? A. Groups the user created security groups in to a new group for easy access. B. Creates a new security group for use with your account. C. Creates a new group inside the security group. D. Creates a new rule inside the security group.
B. Creates a new security group for use with your account.
Which is an operational process performed by AWS for data security? A. AES-256 encryption of data stored on any shared storage device B. Decommissioning of storage devices using industry-standard practices C. Background virus scans of EBS volumes and EBS snapshots D. Replication of data across multiple AWS Regions E. Secure wiping of EBS data when an EBS volume is unmounted
B. Decommissioning of storage devices using industry-standard practices
Typically, you want your application to check whether a request generated an error before you spend any time processing results. The easiest way to find out if an error occurred is to look for an ______ node in the response from the Amazon RDS API. A. Incorrect B. Error C. FALSE
B. Error Typically, you want your application to check whether a request generated an error before you spend any time processing results. The easiest way to find out if an error occurred is to look for an Error node in the response from the Amazon RDS API. http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/APITroubleshooting.html
True or False: Manually created DB Snapshots are deleted after the DB Instance is deleted. A. TRUE B. FALSE
B. FALSE If you choose not to create a final DB snapshot, you will not be able to later restore the DB instance to its final state. When you delete a DB instance, all automated backups are deleted and cannot be recovered. Manual DB snapshots of the instance are not deleted. http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html
In Amazon CloudWatch, which metric should I be checking to ensure that your DB Instance has enough free storage space? A. FreeStorage B. FreeStorageSpace C. FreeStorageVolume D. FreeDBStorageSpace
B. FreeStorageSpace
Which of the following cannot be used in EC2 to control who has access to specific EC2 instances? A. Security Groups B. IAM System C. SSH keys D. Windows passwords
B. IAM System
Is Federated Storage Engine currently supported by Amazon RDS for MySQL? A. Only for Oracle RDS instances B. No C. Yes D. Only in VPC
B. No The Federated Storage Engine is currently not supported by Amazon RDS for MySQL. http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html
Select the most correct answer: The device name /dev/sda1 (within Amazon EC2 ) is _____ A. Possible for EBS volumes B. Reserved for the root device C. Recommended for EBS volumes D. Recommended for instance store volumes
B. Reserved for the root device The following table lists the available device names for Linux instances. The number of volumes that you can attach to your instance is determined by the operating system. For more information http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/device_naming.html#available-ec2-device-names http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/RootDeviceStorage.html The root device is typically /dev/sda1 (Linux) or xvda (Windows).
What does Amazon SWF stand for? A. Simple Web Flow B. Simple Work Flow C. Simple Wireless Forms D. Simple Web Form
B. Simple Work Flow Q: What is Amazon SWF? Amazon Simple Workflow Service (SWF) is a web service that makes it easy to coordinate work across distributed application components https://aws.amazon.com/swf/faqs/
Before I delete an EBS volume, what can I do if I want to recreate the volume later? A. Create a copy of the EBS volume (not a snapshot) B. Store a snapshot of the volume C. Download the content to an EC2 instance D. Back up the data in to a physical disk
B. Store a snapshot of the volume After you no longer need an Amazon EBS volume, you can delete it. After deletion, its data is gone and the volume can't be attached to any instance. However, before deletion, you can store a snapshot of the volume, which you can use to re-create the volume later. http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-deleting-volume.html
You are charged for the IOPS and storage whether or not you use them in a given month? A. FALSE B. TRUE
B. TRUE https://aws.amazon.com/ebs/pricing/ http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html Provisioned IOPS Storage Costs Because Provisioned IOPS storage reserves resources for your use, you are charged for the resources whether or not you use them in a given month. When you use Provisioned IOPS storage, you are not charged the monthly Amazon RDS I/O charge. If you prefer to pay only for I/O that you consume, a DB instance that uses magnetic storage may be a better choice. For Amazon RDS pricing information, see the Amazon RDS product page.
Will my standby RDS instance be in the same Region as my primary? A. Only for Oracle RDS types B. Yes C. Only if configured at launch D. No
B. Yes https://aws.amazon.com/rds/faqs/?nc1=h_ls Q: Will my standby be in the same Region as my primary? Yes. Your standby is automatically provisioned in a different Availability Zone of the same Region as your DB Instance primary.
True or False: When you perform a restore operation to a point in time or from a DB Snapshot, a new DB Instance is created with a new endpoint. A. FALSE B. TRUE
B. TRUE https://aws.amazon.com/rds/faqs/ Please note: When you perform a restore operation to a point in time or from a DB Snapshot, a new DB Instance is created with a new endpoint (the old DB Instance can be deleted if so desired). This is done to enable you to create multiple DB Instances from a specific DB Snapshot or point in time.
If I modify a DB Instance or the DB parameter group associated with the instance, should I reboot the instance for the changes to take effect? A. No B. Yes
B. Yes http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.DBInstance.Modifying.html Most modifications to a DB instance can be applied immediately or applied during the next maintenance window. Some modifications, such as parameter group changes, require that you manually reboot your DB instance for the change to take effect. Some modifications result in an outage because Amazon RDS must reboot your DB instance for the change to take effect.
A startup company hired you to help them build a mobile application, that will ultimately store billions of images and videos in S3. The company is lean on funding, and wants to minimize operational costs, however, they have an aggressive marketing plan, and expect to double their current installation base every six months. Due to the nature of their business, they are expecting sudden and large increases in traffic to and from S3, and need to ensure that it can handle the performance needs of their application. What other information must you gather from this customer in order to determine whether S3 is the right option? A. You must know how many customers the company has today, because this is critical in understanding what their customer base will be in two years. B. You must find out the total number of requests per second at peak usage. C. You must know the size of the individual objects being written to S3, in order to properly design the key namespace. D. In order to build the key namespace correctly, you must understand the total amount of storage needs for each S3 bucket.
B. You must find out the total number of requests per second at peak usage.
Security Groups can't _____. A. be nested more than 3 levels B. be nested at all C. be nested more than 4 levels D. be nested more than 2 levels
B. be nested at all http://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html Groups can't be nested; they can contain only users, not other groups.
Amazon Glacier is designed for: (Choose 2 answers) A. active database storage. B. infrequently accessed data. C. data archives. D. frequently accessed data. E. cached session data.
B. infrequently accessed data. C. data archives.
Which is the default region in AWS? A. eu-west-1 B. us-east-1 C. us-east-2 D. ap-southeast-1
B. us-east-1 All the main AWS services (except Route 53 & CloudFront) allow you to select which region you would like to use. The US East (N. Virginia) is the default region. You can change the region by using the dropdown menu in the top right of the management console.
What is the maximum groups an IAM user be a member of? A. 20 B. 5 C. 10 D. 15
C. 10
What does a "Domain" refer to in Amazon SWF? A. A security group in which only tasks inside can communicate with each other B. A special type of worker C. A collection of related Workflows D. The DNS record for the Amazon SWF service
C. A collection of related Workflows Domains provide a way of scoping Amazon SWF resources within your AWS account. All the components of a workflow, such as the workflow type and activity types, must be specified to be in a domain. It is possible to have more than one workflow in a domain; however, workflows in different domains cannot interact with each other. http://docs.aws.amazon.com/amazonswf/latest/developerguide/swf-dev-domain.html
What is Amazon Glacier? A. There is no such thing B. A security tool that allows "freezing" an EBS volume to perform computer forensics on it. C. A low-cost storage service that provides secure and durable storage for data archiving and backup. D. A security tool that allows "freezing" an EC2 instance to perform computer forensics on it.
C. A low-cost storage service that provides secure and durable storage for data archiving and backup. https://aws.amazon.com/glacier/ Amazon Glacier is a secure, durable, and extremely low-cost cloud storage service for data archiving and long-term backup.
What are the initial settings of an user created security group? A. Allow all inbound traffic and Allow no outbound traffic B. Allow no inbound traffic and Allow no outbound traffic C. Allow no inbound traffic and Allow all outbound traffic D. Allow all inbound traffic and Allow all outbound traffic
C. Allow no inbound traffic and Allow all outbound traffic See http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html#creating-your-own-security-groups The following are the default rules for a security group that you create: • Allows no inbound traffic • Allows all outbound traffic
Fill in the blanks: Resources that are created in AWS are identified by a unique identifier called an _____. A. Amazon Resource Number B. Amazon Resource Name tag C. Amazon Resource Name D. Amazon Reesource Namespace
C. Amazon Resource Name http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) uniquely identify AWS resources. We require an ARN when you need to specify a resource unambiguously across all of AWS, such as in IAM policies, Amazon Relational Database Service (Amazon RDS) tags, and API calls.
What action is required to establish a VPC VPN connection between an on-premises data center and an Amazon VPC virtual private gateway? A. Modify the main route table to allow traffic to a network address translation instance. B. Use a dedicated network address translation instance in the public subnet. C. Assign a static Internet-routable IP address to an Amazon VPC customer gateway. D. Establish a dedicated networking connection using AWS Direct Connect.
C. Assign a static Internet-routable IP address to an Amazon VPC customer gateway.
You have an VPC with a public subnet. Three EC2 instances currently running inside the subnet can successfully communicate with other hosts on the internet. You launch a fourth instance in the same subnet, using the same AMI and security group configuration you used for the others, but find that this instance cannot be accessed from the Internet. What should you do to enable Internet access? A. Deploy a NAT instance into the public subnet. B. Modify the routing table for the public subnet. C. Assign an elastic IP address to the fourth instance. D. Configure a publicly routable IP address in the host OS of the fourth instance.
C. Assign an elastic IP address to the fourth instance.
Amazon Glacier is designed for: Choose 2 answers A. Frequently accessed data B. Active database storage C. Data archives D. Infrequently accessed data E. Cached session data
C. Data archives D. Infrequently accessed data
You have a business-critical two-tier web app currently deployed in two AZs in a single region, using Elastic Load Balancing and Auto Scaling. The app depends on synchronous replication (very low latency connectivity) at the database layer. The application needs to remain fully available even if one application AZ goes off-line, and Auto Scaling cannot launch new instances in the remaining Availability Zones. How can the current architecture be enhanced to ensure this? A. Deploy in two regions using Weighted Round Robin (WRR), with Auto Scaling minimums set for 50 percent peak load per Region. B. Deploy in two regions using Weighted Round Robin (WRR), with Auto Scaling minimums set for 100 percent peak load per region. C. Deploy in three Availability Zones, with Auto Scaling minimum set to handle 50 percent peak load per zone. D. Deploy in three Availability Zones, with Auto Scaling minimum set to handle 33 percent peak load per zone.
C. Deploy in three Availability Zones, with Auto Scaling minimum set to handle 50 percent peak load per zone.
What is the maximum write throughput I can provision per table for a single DynamoDB table? A. 5,000 us east, 1,000 all other regions B. 100,000 us east, 10, 000 all other regions C. Designed to scale without limits, but if you go beyond 40,000 us east/10,000 all other regions you have to contact AWS first. D. There is no limit
C. Designed to scale without limits, but if you go beyond 40,000 us east/10,000 all other regions you have to contact AWS first.
By default, when an EBS volume is attached to a Windows instance, it may show up as any drive letter on the instance. You can change the settings of the _____ Service to set the drive letters of the EBS volumes per your specifications. A. EBSConfig Service B. AMIConfig Service C. Ec2Config Service D. Ec2-AMIConfig Service
C. Ec2Config Service http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/UsingConfig_WinAMI.html Mount all Amazon EBS volumes and instance store volumes, and map volume names to drive letters. http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/device_naming.html By default, when an EBS volume is attached to a Windows instance, it can show up as any drive letter on the instance. You can change the settings of the Ec2Config service to set the drive letters of the EBS volumes per your specifications.
In the Launch Db Instance Wizard, where can I select the backup and maintenance options? A. DB Instance Details B. Review C. Management Options D. Engine Selection
C. Management Options page 9 http://awsdocs.s3.amazonaws.com/RDS/latest/rds-gsg.pdf On the Management Options page, you can specify backup and maintenance options for your DB Instance. For this example, accept the default values, and then click Continue. Note that setting the Backup Retention Period to zero disables automatic backups.
In reviewing the Auto Scaling events for your application you notice that your application is scaling up and down multiple times in the same hour. What design choice could you make to optimize for cost while preserving elasticity? Choose 2 answers A. Modify the Auto Scaling policy to use scheduled scaling actions B. Modify the Auto Scaling group termination policy to terminate the oldest instance first. C. Modify the Auto Scaling group cool-down timers. D. Modify the Amazon CloudWatch alarm period that triggers your Auto Scaling scale down policy. E. Modify the Auto Scaling group termination policy to terminate the newest instance first.
C. Modify the Auto Scaling group cool-down timers. D. Modify the Amazon CloudWatch alarm period that triggers your Auto Scaling scale down policy.
All Amazon EC2 instances are assigned two IP addresses at launch. Which one can only be reached from within the Amazon EC2 network? A. Multiple IP address B. Public IP address C. Private IP address D. Elastic IP Address
C. Private IP address The question state 'within' the EC2 network. This would not include the public Internet.
Out of the striping options available for the EBS volumes, which one has the following disadvantage : 'Doubles the amount of I/O required from the instance to EBS compared to RAID 0, because you're mirroring all writes to a pair of volumes, limiting how much you can stripe.' ? A. Raid 5 B. Raid 6 C. Raid 1 D. Raid 2
C. Raid 1
What does the ec2-revoke command do with respect to the Amazon EC2 security groups? A. Removes one or more security groups from a rule. B. Removes one or more security groups from an Amazon EC2 instance. C. Removes one or more rules from a security group. D. Removes a security group from an account.
C. Removes one or more rules from a security group.
Can Amazon S3 uploads resume on failure or do they need to restart? A. Restart from beginning B. You can resume them, if you flag the "resume on failure" option before uploading. C. Resume on failure D. Depends on the file size
C. Resume on failure When an error occurs during the multipart upload process, a MultipartUploadException is thrown. This exception provides access to the UploadState object, which contains information about the multipart upload's progress. The UploadState can be used to resume an upload that failed to complete. https://docs.aws.amazon.com/aws-sdk-php/v3/guide/service/s3-multipart-upload.html
You have been tasked with creating a VPC network topology for your company. The VPC network must support both Internet-facing applications and internally-facing applications accessed only over VPN. Both Internet-facing and internally-facing applications must be able to leverage at least three AZs for high availability. At a minimum, how many subnets must you create within your VPC to accommodate these requirements? A. 2 B. 3 C. 4 D. 6
D. 6
Your web application front end consists of multiple EC2 instances behind an Elastic Load Balancer. You configured ELB to perform health checks on these EC2 instances. If an instance fails to pass health checks, which statement will be true? A. The instance is replaced automatically by the ELB. B. The instance gets terminated automatically by the ELB. C. The ELB stops sending traffic to the instance that failed its health check. D. The instance gets quarantined by the ELB for root cause analysis.
C. The ELB stops sending traffic to the instance that failed its health check.
Can I control if and when MySQL based RDS Instance is upgraded to new supported versions? A. No B. Only in VPC C. Yes
C. Yes https://aws.amazon.com/blogs/aws/amazon-rds-mysql-upgrade-and-version-management/ With DB Engine Version Management, Amazon RDS gives you additional (yet optional) control over the version of relational database software (i.e. MySQL) powering your DB Instance. The goal of this functionality is to provide you the flexibility to maintain compatibility with specific MySQL versions, test new versions with your application before deploying in production, and perform version upgrades on your own terms and timelines. Automatic Upgrade Schedule
While creating the snapshots using the the command line tools, which command should I be using? A. ec2-deploy-snapshot B. ec2-fresh-snapshot C. ec2-create-snapshot D. ec2-new-snapshot
C. ec2-create-snapshot
Changes to the backup window take effect ______. A. from the next billing cycle B. after 30 minutes C. immediately D. after 24 hours
C. immediately Changes to the backup window take effect immediately. The backup window cannot overlap with the weekly maintenance window for the DB instance. http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.BackingUpAndRestoringAmazonRDSInstances.html
Every user you create in the IAM system starts with ______. A. partial permissions B. full permissions C. no permissions
C. no permissions Permissions let you specify who has access to AWS resources, and what actions they can perform on those resources. Every IAM user starts with no permissions. In other words, by default, users can do nothing, not even view their own access keys. To give a user permission to do something, you can add the permission to the user (that is, attach a policy to the user) or add the user to a group that has the desired permission. http://docs.aws.amazon.com/IAM/latest/UserGuide/access_permissions.html
Fill in the blanks : _____ let you categorize your EC2 resources in different ways, for example, by purpose, owner, or environment. A. wildcards B. pointers C. tags D. special filters
C. tags Tags enable you to categorize your AWS resources in different ways, for example, by purpose, owner, or environment http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html
You must assign each server to at least _____ security group A. 3 B. 2 C. 4 D. 1
D. 1 http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html#default-security-group Your AWS account automatically has a default security group per VPC and per region for EC2-Classic. If you don't specify a security group when you launch an instance, the instance is automatically associated with the default security group.
You must increase storage size in increments of at least _____ % A. 40 B. 20 C. 50 D. 10
D. 10 http://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBInstance.html AllocatedStorage The new storage capacity of the RDS instance. Changing this setting does not result in an outage and the change is applied during the next maintenance window unless ApplyImmediately is set to true for this request. Constraints: Value supplied must be at least 10% greater than the current value. Values that are not at least 10% greater than the existing value are rounded up so that they are 10% greater than the current value.
What is the maximum key length of a tag? A. 512 Unicode characters B. 64 Unicode characters C. 256 Unicode characters D. 128 Unicode characters
D. 128 Unicode characters http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html Maximum key length: 128 Unicode characters
While launching an RDS DB instance, on which page I can select the Availability Zone? A. Review B. DB Instance Details C. Management Options D. Additional Configuration
D. Additional Configuration In the document 2013,user can select AZ in additinal configuration page http://awsdocs.s3.amazonaws.com/RDS/latest/rds-gsg.pdf
IAM provides several policy templates you can use to automatically assign permissions to the groups you create. The _____ policy template gives the Admins group permission to access all account resources, except your AWS account information. A. Read Only Access B. Power User Access C. AWS CloudFormation Read Only Access D. Administrator Access
D. Administrator Access To clarify the confusion: AWS account information is about account's contact information, payment currency etc. You don't need your AWS administrator to access that. But you need them to have all other access, including IAM - ability to create users etc.
Will my standby RDS instance be in the same Availability Zone as my primary? A. Only for Oracle RDS types B. Yes C. Only if configured at launch D. No
D. No https://aws.amazon.com/rds/details/multi-az/?nc1=h_ls When you provision a Multi-AZ DB Instance, Amazon RDS automatically creates a primary DB Instance and synchronously replicates the data to a standby instance in a different Availability Zone (AZ).
Amazon SWF is designed to help users do what? A. Design graphical user interface interactions B. Manage user identification and authorization C. Store Web content D. Coordinate synchronous and asynchronous tasks which are distributed and fault tolerant.
D. Coordinate synchronous and asynchronous tasks which are distributed and fault tolerant. https://aws.amazon.com/swf/faqs/ Q: What is Amazon SWF? Amazon Simple Workflow Service (SWF) is a web service that makes it easy to coordinate work across distributed application components. Amazon SWF enables applications for a range of use cases, including media processing, web application back-ends, business process workflows, and analytics pipelines, to be designed as a coordination of tasks. Tasks represent invocations of various processing steps in an application which can be performed by executable code, web service calls, human actions, and scripts. The coordination of tasks involves managing execution dependencies, scheduling, and concurrency in accordance with the logical flow of the application. With Amazon SWF, developers get full control over implementing processing steps and coordinating the tasks that drive them, without worrying about underlying complexities such as tracking their progress and keeping their state. Amazon SWF also provides the AWS Flow Framework to help developers use asynchronous programming in the development of their applications. By using Amazon SWF, developers benefit from ease of programming and have the ability to improve their applications' resource usage, latencies, and throughputs.
Is creating a Read Replica of another Read Replica supported? A. Only in certain regions B. Only with MSSQL based RDS C. Only for Oracle RDS types D. No
D. No https://aws.amazon.com/rds/faqs/ Q: Can I create a Read Replica of another Read Replica? Amazon RDS for MySQL and MariaDB: You can create a second-tier Read Replica from an existing first-tier Read Replica. By creating a second-tier Read Replica, you may be able to move some of the replication load from the master database instance to a first-tier Read Replica. Please note that a second-tier Read Replica may lag further behind the master because of additional replication latency introduced as transactions are replicated from the master to the first tier replica and then to the second-tier replica. Amazon RDS for PostgreSQL: Read Replicas of Read Replicas are not currently supported.
What does specifying the mapping /dev/sdc=none do when launching an EC2 instance? A. Prevents /dev/sdc from creating the instance. B. Prevents /dev/sdc from deleting the instance. C. Set the value of /dev/sdc to 'zero'. D. Prevents /dev/sdc from attaching to the instance.
D. Prevents /dev/sdc from attaching to the instance. http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/ApiReference-cmd-RegisterImage.html
What does RRS stand for when talking about S3? A. Redundancy Removal System B. Relational Rights Storage C. Regional Rights Standard D. Reduced Redundancy Storage
D. Reduced Redundancy Storage https://aws.amazon.com/s3/reduced-redundancy/?nc1=h_ls
While creating an Amazon RDS DB, your first task is to set up a DB ______ that controls what IP addresses or EC2 instances have access to your DB Instance. A. Security Pool B. Secure Zone C. Security Token Pool D. Security Group
D. Security Group http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SettingUp.html#CHAP_SettingUp.SecurityGroup Your DB instance will most likely be created in a VPC. Security groups provide access to the DB instance in the VPC. They act as a firewall for the associated DB instance, controlling both inbound and outbound traffic at the instance level. DB instances are created by default with a firewall and a default security group that prevents access to the DB instance. You must therefore add rules to a security group that enable you to connect to your DB instance. Use the network and configuration information you determined in the previous step to create rules to allow access to your DB instance.
What does Amazon S3 stand for? A. Simple Storage Solution. B. Storage Storage Storage (triple redundancy Storage). C. Storage Server Solution. D. Simple Storage Service.
D. Simple Storage Service.
When you view the block device mapping for your instance, you can see only the EBS volumes, not the instance store volumes. A. Depends on the instance type B. FALSE C. Depends on whether you use API call D. TRUE
D. TRUE http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html#bdm-instance-metadata When you view the block device mapping for your instance, you can see only the EBS volumes, not the instance store volumes. You can use instance metadata to query the complete block device mapping. The base URI for all requests for instance metadata is http://169.254.169.254/latest/.
You have an application running in us-west-2 that requires six EC2 instances running at all times. With three AZs available in that region (us-west-2a, us-west-2b, and us-west-2c), which of the following deployments provides 100 percent fault tolerance if any single AZ in us-west-2 becomes unavailable? Choose 2 answers A. Us-west-2a with two EC2 instances, us-west-2b with two EC2 instances, and us-west-2c with two EC2 instances B. Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with no EC2 instances C. Us-west-2a with four EC2 instances, us-west-2b with two EC2 instances, and us-west-2c with two EC2 instances D. Us-west-2a with six EC2 instances, us-west-2b with six EC2 instances, and us-west-2c with no EC2 instances E. Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with three EC2 instances
D. Us-west-2a with six EC2 instances, us-west-2b with six EC2 instances, and us-west-2c with no EC2 instances E. Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with three EC2 instances
What are the two permission types used by AWS? A. Resource-based and Product-based B. Product-based and Service-based C. Service-based D. User-based and Resource-based
D. User-based and Resource-based http://docs.aws.amazon.com/IAM/latest/UserGuide/access_permissions.html Permissions can be assigned in two ways: as identity-based or as resource-based. Identity-based, or IAM permissions are attached to an IAM user, group, or role and let you specify what that user, group, or role can do. For example, you can assign permissions to the IAM user named Bob, stating that he has permission to use the Amazon Elastic Compute Cloud (Amazon EC2) RunInstances action and that he has permission to get items from an Amazon DynamoDB table named MyCompany. The user Bob might also be granted access to manage his own IAM security credentials. Identity-based permissions can be managed or inline.
Fill in the blanks: The base URI for all requests for instance metadata is _____ A. http://254.169.169.254/latest/ B. http://169.169.254.254/latest/ C. http://127.0.0.1/latest/ D. http://169.254.169.254/latest/
D. http://169.254.169.254/latest/ http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html To view all categories of instance metadata from within a running instance, use the following URI: http://169.254.169.254/latest/meta-data/
In the basic monitoring package for EC2, Amazon CloudWatch provides the following metrics: A. web server visible metrics such as number failed transaction requests B. operating system visible metrics such as memory utilization C. database visible metrics such as number of connections D. hypervisor visible metrics such as CPU utilization
D. hypervisor visible metrics such as CPU utilization, disk I/O, network I/O
What will be the status of the snapshot until the snapshot is complete. A. running B. working C. progressing D. pending
D. pending Snapshots occur asynchronously; the point-in-time snapshot is created immediately, but the status of the snapshot is pending until the snapshot is complete (when all of the modified blocks have been transferred to Amazon S3), which can take several hours for large initial snapshots or subsequent snapshots where many blocks have changed. While it is completing, an in-progress snapshot is not affected by ongoing reads and writes to the volume. http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-creating-snapshot.html
When you run a DB Instance as a Multi-AZ deployment, the _____ serves database writes and reads A. secondary B. backup C. stand by D. primary
D. primary https://aws.amazon.com/rds/faqs/ Q: What do "primary" and "standby" mean in the context of a Multi-AZ deployment? When you run a DB Instance as a Multi-AZ deployment, the "primary" serves database writes and reads. In addition, Amazon RDS provisions and maintains a "standby" behind the scenes, which is an up-to-date replica of the primary. The standby is "promoted" in failover scenarios. After failover, the standby becomes the primary and accepts your database operations. You do not interact directly with the standby (e.g. for read operations) at any point prior to promotion. If you are interested in scaling read traffic beyond the capacity constraints of a single DB Instance, please see the FAQs on Read Replicas.