AWS Solutions Architect Harder Questions

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

You are a student currently learning about the different AWS services. Your employer asks you to tell him a bit about Amazon's Glacier service. Which of the following best describes the use cases for Glacier?

Infrequently accessed data & data archives

Amazon Elasticache can fulfil a number of roles. Choose the operations from the following list which can be implemented using Elasticache for Redis.

In-Memory Data Store Sorted Sets Pub/Sub

How many internet gateways can I attach to my custom VPC?

1

How long can a message be retained in an SQS Queue?

14 days

By default, all EC2 instances are monitored by CloudWatch. Using the default settings, how many minutes elapse between when metrics are sent to CloudWatch? Using the detailed option, how many minutes would elapse between metrics being sent to CloudWatch?

5 minutes, 1 minute

You have been asked to create VPC for your company. The VPC must support both Internet-facing web applications (ie they need to be publicly accessible) and internal private applications (i.e. they are not publicly accessible and can be accessed only over VPN). The internal private applications must be inside a private subnet. Both the internet-facing and private applications must be able to leverage at least three Availability Zones for high availability. At a minimum, how many subnets must you create within your VPC to achieve this?

6

Which of the following are resources you might use to help you master AWS services and prepare for your certification exams?

A Cloud Guru forum Amazon Kindle versions a of the AWS documentation. AWS documentation web site. The A Cloud Guru Blog. Session Videos from AWS re:Invent. AWS Blog by Jeff Barr.

Which native AWS service will act as a file system mounted on an S3 bucket?

AWS Storage Gateway

The risk with spot instances is that you are not guaranteed use of the resource for as long as you might want. Which of the following are scenarios under which AWS might execute a forced shutdown?

AWS sends a notification of termination but you do not receive it within the 120 seconds and the instance is shutdown. AWS sends a notification of termination and you receive it 120 seconds before the intended forced shutdown, but AWS do not action the shutdown. AWS sends a notification of termination and you receive it 120 seconds before the forced shutdown, but the normal lease expired before the forced shutdown. AWS sends a notification of termination and you receive it 120 seconds before the intended forced shutdown.

You need to restrict access to an S3 bucket. Which of the following methods can you use to do so?

Access Control Lists for S3 (Permissions) S3 Bucket policies

Your Security Manager has hired a security contractor to audit your firewall implementation. When the consultant asks for the login details for the firewall appliance, which of the following might you do?

Create an IAM User with a policy that can Read Security Group and nACL settings. Explain that AWS implements network security differently and that there is no such thing as a Firewall appliance. You might then suggest that the consultant take the 'A Cloud Guru' AWS CSA-A course in preparation for the audit.

To establish a successful site-to-site VPN connection from your on-premise network to an AWS Virtual Private Cloud, which of the following might be combined & configured?

An on-premise Customer Gateway A private subnet in your VPC A VPC with Hardware VPN Access A Virtual Private Gateway

You need to store some easily-replaceable objects on S3. With quick retrieval times and cost effectiveness in mind, which S3 storage class should you consider?

S3 - OneZone_IA

You have created a VPC which contains two EC2 instances in different availability zones. Both are running web servers, hosting the same content. These web servers will be accessible by the internet. Which of the following DNS configurations could you consider?

Assign each EC2 instance with an Elastic IP Address. Configure a Route53 "A" multi-value record with both EIP's and health checks. Setup an Application Load Balancer and place your instances behind this ELB. Configure a Route53 Alias record to point to the resource of the Application Load Balancer.

You have been asked to decouple an application by utilising SQS. The application dictates that messages on the queue can be delivered more than once, but must be delivered in the order that they have arrived, and also must allow for efficient, repeated polling of the queue. Which of the following options are most suitable?

Configure a FIFO SQS queue and enable long polling

​Your company has just purchased another company. As part of the merger, your team has been instructed to cross connect the corporate networks. You run all your confidential corporate services in a VPC and use R53 for your Internal DNS. The merged company has all their confidential corporate services and Internal DNS on-premises. After establishing a Direct-Connect service between your VPC and their on-premise network, and confirming all the routing, firewalls, and authentication, you find that while you can resolve names against their DNS, the services in the other company are unable to resolve names of your AWS services. Why might this be happening?​

By design, The AWS DNS service does not respond to requests originating from outside the VPC

To add an object to an S3 bucket, the PUT operation is used. As part of crafting a PUT, the programmer can add instructions called Request Headers. Which of the following are valid S3 Request Headers?

Content-Length Content-MD5 x-amz-meta- x-amz-storage-class

​You are developing a web application, and you are maintaining separate sets of resources for your alpha, beta, and release environments. Each version runs on Amazon EC2 with an EBS volume. You use Elastic Load Balancing to manage traffic and Amazon Route 53 to manage your domain. What's the best way to check the health and status of all three groups of services simultaneously?​

Create a resource group containing each set of resources and view all three environments from a single, group dashboard.

You are a solutions architect working for an oil and gas company. They are moving their production environment to AWS and need a custom VPC into which to put it. You have been asked to create a public subnet. You create the VPC with a subnet bearing the CIDR address range of 10.0.1.0/24. Which of the following steps should you take to make this subnet public? (Choose 2)

Create a route in the route table of the subnet allowing a route out of the Internet Gateway (IGW). Attach an Internet Gateway (IGW) to the VPC.

With EBS, I can ________.

Create an encrypted volume from a snapshot of another encrypted volume. Create an encrypted snapshot from an unencrypted snapshot by creating an encrypted copy of the unencrypted snapshot.

You work for a cosmetic company which has their production website on AWS. The site itself is in a two-tier configuration with web servers in the front end and database servers at the back end. The site is using Elastic Load Balancing and auto-scaling across 3 AZs. The databases maintain consistency by replicating changes to each other as and when they occur. This requires the databases to have extremely low latency. Your website needs to be highly redundant and must be designed so that if one availability zone goes offline and Auto Scaling cannot launch new instances in the remaining Availability Zones, the site will not go offline. How can the current architecture be enhanced to ensure this?

Deploy your site in three different AZ's within the same region. Configure the Auto Scaling minimum to handle 50 percent of the peak load per zone.

You need to add a route to your routing table that will allow connections to the internet from your subnet. Which of the following routes should you add?

Destination: 0.0.0.0/0 --> Target: your Internet gateway

You have launched a NAT instance in to a public subnet, and you have configured all relevant security groups, network ACLs, and routing policies to allow this NAT to function. However, EC2 instances in the private subnet still cannot communicate out to the internet. What troubleshooting steps should you take to resolve this issue?

Disable the Source/Destination Check on your NAT instance.

You've been commissioned to develop a high-availability application with a stateless web tier. Identify the most cost-effective means of reaching this end.

Use an Elastic Load Balancer, a multi-AZ deployment of an Auto-Scaling group of EC2 Spot instances (primary) running in tandem with an Auto-Scaling group of EC2 On-demand instances (secondary), DynamoDB.

You have a database-style application that frequently has multiple reads and writes across the data set. Which of the following AWS storage services are capable of hosting this application?

EBS Elastic File Service (EFS)

Which AWS services allow you to natively run Docker containers?

ECS Fargate Elastic Beanstalk

As the AWS platform is PCI DSS Level 1 Certified, I can immediately deploy a website to it that can take and store credit card details without getting a delta accreditation from a QSA.

False

You work for a busy real estate company, and you need protect your data stored on S3 from accidental deletion. Which of the following actions might you take to achieve this.

Enable versioning on the bucket. If a file is accidentally deleted, delete the delete marker. Enable protected access using Multi-Factor Authentication (MFA).

You have a MySQL database running on an EC2 instance in a private subnet. You can connect via SSH, but you are unable to apply updates to the database server via the NAT instance. What might you do to remedy this problem?

Ensure that "Source/Destination Checks" is disabled on the NAT instance.

Amazon Web Services offers 4 different levels of support. Which of the following are valid support levels?

Enterprise Business Developer

Amazon SQS keeps track of all tasks and events in an application.

False

Your company likes the idea of storing files on AWS. However, low-latency service of the last few days of files is important to customer service. Which Storage Gateway configuration would you use to achieve both of these ends?

File Gateways Gateway-Cached

Which of the following is not a feature of AWS Organizations?

Granular configuration of Security Groups within a VPC

You are a security architect working for a large antivirus company. The production environment has recently been moved to AWS and is in a public subnet. You are able to view the production environment over HTTP. However, when your customers try to update their virus definition files over a custom port, that port is blocked. You log in to the console and you allow traffic in over the custom port. How long will this take to take effect?

Immediately

What data formats are used to create CloudFormation templates?

JSON YAML

When copying an AMI, which of the following types of information must be manually copied to the new instance?

Launch permissions User-defined tags S3 bucket permissions

When coding a routine to upload to S3, you have the option of using either single part upload or multipart upload. Identify all the possible reasons below to use Multipart upload.

Multipart upload delivers the ability to begin an upload before you know the final object size. Multipart upload delivers the ability to pause and resume object uploads. Multipart upload delivers quick recovery from network issues. Multipart upload delivers improved throughput.

You are a solutions architect working for a cosmetics company. Your company has a busy Magento online store that consists of a two tier architecture. The webservers are behind an Auto Scaling Group and the database is on a Large MySQL instance. Your store is having a Black Friday sale at the end of the week, and having reviewed the performance for the last sale you expect the site to start running very slowly during the peak load. You investigate and you determine that the database was struggling to keep up with the number of reads that the store was generating. How can you successfully scale this environment out so as to increase the speed of the site?

Migrate the database from MySQL to Aurora for better performance, then update the connection string in Magneto. Place the RDS instances behind an ElastiCache instance, then update the connection string in Magneto.

With which AWS orchestration service can you implement Chef recipes?

Opsworks

Which of the following services should you implement in multiple availability zones in order to achieve high availability?

RDS EC2

You work for a famous bakery who are deploying a hybrid cloud approach. Their legacy IBM AS400 servers will remain on premise within their own datacenter. However, they will need to be able to communicate to the AWS environment over a site-to-site VPN connection. What do you need to do to establish the VPN connection?

Set an ASN for the Virtual Private Gateway.

You have been asked to identify a service on AWS that is a durable key value store. Which of the services below meets this definition?

Simple Storage Service (S3)

You have been engaged by a company to design and lead a migration to an AWS environment. The team is concerned about the capabilities of the new environment, especially when it comes to avoiding bottlenecks. The design calls for about 20 instances (C3.2xLarge) pulling jobs/messages from SQS. Network traffic per instance is estimated to be around 500 Mbps at the beginning and end of each job. Which network configuration should you plan on deploying?

Spread the Instances over multiple AZs to minimize the traffic concentration and maximize the fault tolerance.

Your AWS environment contains several on-demand EC2 instances dedicated to a project that has just been cancelled. Your supervisor does not want to incur charges for these on-demand instances, but also does not want to lose the data just yet because there is a chance the project may be revived in the next few days. What should you do to minimize charges for these instances in the meantime?

Stop the instances.

DynamoDB has many use cases. Which of the following are legitimate use cases for DynamoDB?

Storing the metadata of BLOB data stored in S3 Storing web session data Storing JSON

You have been engaged by a company to design and lead the migration to an AWS environment. An argument has broken out about how to meet future Backup & Archive requirements and how to transition. The Security Manager and CTO are concerned about backup continuity and the ability to continue to access old archives. The Senior engineer is adamant that there is no way to retain the old backup solution in the AWS environment, and that they will lose access to all the current archives. What information can you share that will satisfy both parties in a cost effective manner?

Suggest that during transition a 2nd AWS Storage Gateway VTL solution could be commissioned in the customer's new VPC and integrated with existing VTS. At the same time, the existing Enterprise Backup Solution could be used to perform tape-to-tape copies to migrate the Archives from tape to VTL/VTS virtual tape Meet with both parties and brief them on the AWS Storage Gateway VTL solution. Explain that it can initially be installed in the on-premises environment utilizing the existing enterprise backup product to start the transition without losing access to the existing backups and archives. Over the duration of the migration, most (if not all) the backup cycles will be replaced by the new VTL & VTS tapes.

You have been engaged by a company to design and lead the migration to an AWS environment. The CTO & Security Manager have called you into a confidential meeting. They are concerned that moving to AWS will undermine existing commercial obligations regarding Security compliance and reporting. You need to provide them with reliable information that they can use to prepare a response to their partners and customers. Which of the following is most accurate?

The company should be able to reduce their compliance costs as a result of the migration. AWS have certification for multiple standards on many of their services. Consequently, by being selective about the AWS services we use, we can avoid the cost of certification of those services and request a copy of the appropriate certifications from AWS. However, the company is still responsible for all the Controls, Instances, and Applications running on top of those services. The Migration team will make every effort to match or improve on the current setting; however, an audit before go-live would be advisable.

To save money, you quickly stored some data on the root volume of an EC2 instance and stopped it for the weekend. When you returned on Monday and restarted your instance, you discovered that your data was gone. Why might that be?

The root volume was ephemeral, block-level storage. Data on an Instance store volume is lost if an instance is stopped.

You receive a ProvisionedThroughputExceededException error. However, the DynamoDB metrics show that your table or Index has not been operating at maximum provisioned throughput. What could the error be caused by.

The throughput is not balanced across your partitions. One partition is being subjected to a disproportionate amount of the traffic and is therefore exceeding limits.

Following advice from your consultant, you have configured your VPC to use Dedicated hosting tenancy. A subsequent change to your application has rendered the performance gains from dedicated tenancy superfluous, and you would now like to recoup some of these greater costs. How do you revert to Default hosting tenancy?​

Use the AWS CLI to modify the Instance Placement attribute of each instance and the VPC tenancy attribute of the VPC

You manage a Ruby on Rails application that lives on a cluster of EC2 instances. Your website occasionally experiences brief, strong, and entirely unpredictable spikes in traffic that overwhelm your EC2 instances' resources and freeze the application. As a result, you're losing recently submitted requests from end users. You use Auto Scaling to deploy additional resources to handle the load during spikes, but the new instances don't spin-up fast enough to prevent the existing application servers from freezing. Which of the following will provide the most cost-effective solution in preventing the loss of recently submitted requests?

Use Amazon SQS to decouple the application components and keep the requests in queue until the extra Auto-Scaling instances are available.

Although your application customarily runs at 30% usage, you have identified a recurring usage spike (>90%) between 8pm and midnight daily. What is the most cost effective way to scale your application to meet this increased need?

Use Proactive Cyclic Scaling to boost your capacity at a fixed interval.

You run an automobile reselling company that has a popular online store on AWS. The application sits behind an Auto Scaling group and requires new instances of the Auto Scaling group to identify their public and private IP addresses. How can you achieve this?

Using a Curl or Get Command to get the latest meta-data from http://169.254.169.254/latest/meta-data/

You are reviewing Change Control requests, and you note that there is a change designed to reduce wasted CPU cycles by increasing the value of "VisibilityTimeout" attribute. What does this mean?

When a consumer instance retrieves a message, that message will be hidden from other consumer instances for a fixed period.

You are reviewing Change Control requests and you note that there is a proposed change designed to reduce errors due to S3 Eventual Consistency by updating the "DelaySeconds" attribute. What does this mean?

When a new message is added to the SQS queue, it will be hidden from consumer instances for a fixed period.

You are reviewing Change Control requests, and you note that there is a change designed to reduce costs by updating the "WaitTimeSeconds" attribute. What does this mean?

When the consumer instance polls for new work, the SQS service will allow it to wait a certain time for one or more messages to be available before closing the connection.

On which of the following does the AWS Trusted Adviser service offer advice?

Whether there is MFA configure on the Root Account Advice on security groups and what ports have unrestricted access

Your client has been experiencing problems with his aging in-house infrastructure, and is extremely concerned about managing the cost of maintaining his online presence. After deciding that the cost of developing a sound DR plan more than makes up for the negative impact of being off-line, the board has directed you to prepare a proposal that achieves an RTO of 20 hours, an RPO of 1 hour, and keeps the costs of meeting those target time-windows to a minimum. They have also mandated the use of the AWS Storage Gateway to mitigate the risk associated with a catastrophic NAS failure. Which of the following solutions best meet the requirements?

Work with the customer's engineers to identify the key servers and data. Help them setup an AWS account with IAM users, groups, and roles. Build templates of the critical web/app servers and save these as AMIs. Agree upon RDS specifications that meet the stated requirements. Set up the Storage Gateway and the Snapshot schedule to meet the RPO. Document, script, or automate the steps to initiate the RDS instance, the EC2 instances, the steps to restore the latest data from the Storage Gateway snapshots into RDS, plus any DNS changes. Test the process with each of the Operations team shifts.

You work for a construction company that has their production environment in AWS. The production environment consists of 3 identical web servers that are launched from a standard Amazon Linux AMI using Auto Scaling. The web servers are launched in to the same public subnet and belong to the same security group. They also sit behind the same ELB. You decide to do some testing: you launch a 4th EC2 instance into the same subnet and same security group. Annoyingly, your 4th instance does not appear to have internet connectivity. What could be the cause of this?

You have not assigned an elastic IP address to this instance.

You work in the genomics industry, and you process large amounts of genomic data using a nightly Elastic Map Reduce (EMR) job. This job processes a single 3 Tb file which is stored on S3. The EMR job runs on 3 on-demand core nodes and four on-demand task nodes. The EMR job is now taking longer than anticipated, and you have been asked to advise how to reduce the completion time. Which of the following would you suggest?

You should reduce the input split size in the MapReduce job configuration, then adjust the number of simultaneous mapper tasks so that more tasks can be processed at once.

You have been ask to deploy a clustered application on a small number of EC2 instances. The application must be placed across multiple Availability Zones, have high speed, low latency communication between each of the nodes, and should also minimise the chance of underlying hardware failure. Which of the following options would provide this solution?

deploy the EC2 servers in a Spread Placement Group

Which of the following URL formats does S3 support in pointing to bucket "mynewbucket"?

http://mynewbucket.s3-aws-region.amazonaws.com http://s3-aws-region.amazonaws.com/mynewbucket


Kaugnay na mga set ng pag-aaral

QUIZ: Chapter 14: Health and Illness

View Set

Chapter 1 Questions from study.com

View Set