Whizlabs Practice Test #1

A Solutions Architect is developing a document sharing application and needs a storage layer. The storage should provide automatic support for versioning so that users can easily roll back to a previous version or recover a deleted account. Which AWS service will meet the above requirements? Please select : A. Amazon S3 B. Amazon EBS C. Amazon EFS D. Amazon Storage Gateway VTL

Amazon S3 is the perfect storage layer for storing documents and other types of objects. Option B is incorrect. EBS provides persistent block storage volumes for use with EC2. Option C is incorrect. EFS is an elastic and scalable file storage. Option D is incorrect. AWS Storage Gateway VTL helps to integrate your on premise IT infrastructure with AWS storage.

A company has an infrastructure that consists of machines which keep sending log information every 5 minutes. The number of these machines can run into thousands and it is required to ensure that the data can be analyzed at a later stage. Which of the following would help in ful lling this requirement? A. Use Kinesis Firehose with S3 to take the logs and store them in S3 for further processing. B. Launch an Elastic Beanstalk application to take the processing job of the logs. C. Launch an EC2 instance with enough EBS volumes to consume the logs which can be used for further processing. D. Use CloudTrail to store all the logs which can be analyzed at a later stage.

Answer - A Amazon Kinesis Data Firehose is the easiest way to load streaming data into data stores and analytics tools. It can capture, transform, and load streaming data into Amazon S3, Amazon Redshift, Amazon Elasticsearch Service, and Splunk, enabling near real-time analytics with existing business intelligence tools and dashboards you're already using today. For more information on Amazon Kinesis Firehose, please visit the following URL: https://aws.amazon.com/kinesis/data-firehose/ The correct answer is: Use Kinesis Firehose with S3 to take the logs and store them in S3 for further processing.

A company needs to store images that are uploaded by users via a mobile application. There is also a need to ensure that a security measure is in place to avoid the data loss. What step should be taken for protection against unintended user actions? A. Store data in an EBS volume and create snapshots once a week. B. Store data in an S3 bucket and enable versioning. C. Store data in two S3 buckets in different AWS regions. D. Store data on EC2 instance storage.

Answer - B Amazon S3 has an option for versioning as shown below. Versioning is on the bucket level and can be used to recover prior versions of an object. Option A is invalid as it does not offer protection against accidental deletion of files. Option C is invalid as S3 buckets are global. Option D is ephemeral. The correct answer is: Store data in an S3 bucket and enable versioning

There is a requirement for EC2 Instances in a private subnet to access an S3 bucket. It is required that the traffic does not traverse to the Internet. Which of the following can be used to fulfill this requirement? A. VPC Endpoint B. NAT Instance C. NAT Gateway D. Internet Gateway

Answer - A A VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network. For more information on AWS VPC endpoints, please visit the following URL: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-endpoints.html The correct answer is: VPC Endpoint

A company is generating large datasets with millions of rows to be summarized column-wise. Existing business intelligence tools will be used to build daily reports from these datasets. Which storage service meets these requirements? A. Amazon Redshift B. Amazon RDS C. ElastiCache D. DynamoDB

Answer - A AWS Documentation mentions the following: Amazon Redshift is a fully managed, petabyte-scale data warehouse service in the cloud. You can start with just a few hundred gigabytes of data and scale to a petabyte or more. This enables you to use your data to acquire new insights for your business and customers. For more information on AWS Redshift, please visit the following URL: https://docs.aws.amazon.com/redshift/latest/mgmt/welcome.html Columnar storage for database tables is an important factor in optimizing analytic query performance because it drastically reduces the overall disk I/O requirements and reduces the amount of data you need to load from disk. Amazon Redshift uses a block size of 1 MB, which is more efficient and further reduces the number of I/O requests needed to perform any database loading or other operations that are part of query execution. More information on how redshift manages the columnar storage is available here: https://docs.aws.amazon.com/redshift/latest/dg/c_columnar_storage_disk_mem_mgmnt .html The correct answer is: Amazon Redshift

There is a requirement for Block-level storage to store 500GB of data. Data Encryption is also required. Which of the following can be used in such a case? A. AWS EBS Volumes B. AWS S3 C. AWS Glacier D. AWS EFS

Answer - A AWS EBS is a Block-level storage service. Options B and C are incorrect since they are Object-level storage services. Option D is incorrect since this is a File-level storage service. For more information on EBS Volumes, please visit the following URL: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumes.html The correct answer is: AWS EBS Volumes

There is a requirement to host a database on an EC2 Instance. It is also required that the EBS volume should support 12,000 IOPS. Which Amazon EBS volume type meets the performance requirements of this database? A. EBS Provisioned IOPS SSD B. EBS Throughput Optimized HDD C. EBS General Purpose SSD D. EBS Cold HDD

Answer - A For high performance and high IOPS requirements as in this case, the ideal choice would be to opt for EBS Provisioned IOPS SSD. The below snapshot from the AWS Documentation shows the usage of Provisioned IOPS for better IOPS performance in database based applications. For more information on AWS EBS Volume types, please visit the following URL: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html The correct answer is: EBS Provisioned IOPS SSD

A company has a requirement for a managed database in AWS. It is also required that joins need to be performed on the underlying queries. Which of the following can be used as the underlying database? A. AWS Aurora B. AWS DynamoDB C. AWS S3 D. AWS Redshift

Answer - A In this case, AWS Aurora would be the perfect choice. Option B is incorrect because joins are not supported in DynamoDB. Option C is incorrect because this is more of an option for object storage. Option D is incorrect because this option is better for data warehousing solutions. For more information on AWS Aurora please visit the following URL: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Aurora.Overview.html The correct answer is: AWS Aurora

There is a requirement for 500 messages to be sent and processed in order. Which service can be used in this regard? A. AWS SQS FIFO B. AWS SNS C. AWS Config D. AWS ELB

Answer - A One can use SQS FIFO queues for this purpose. The AWS Documentation mentions the following on SQS FIFO Queues: Amazon SQS is a reliable and highly-scalable managed message queue service for storing messages in transit between application components. FIFO queues complement the existing Amazon SQS standard queues, which offer high throughput, best-effort ordering, and at-least-once delivery. FIFO queues have essentially the same features as standard queues, but provide the added benefits of supporting ordering and exactly-once processing. FIFO queues provide additional features that help prevent unintentional duplicates from being sent by message producers or from being received by message consumers. Additionally, message groups allow multiple separate ordered message streams within the same queue. For more information on SQS FIFO Queues, please visit the following URL: https://aws.amazon.com/about-aws/whats-new/2016/11/amazon-sqs-introduces- fo-queues-with-exactly-onceprocessing- and-lower-prices-for-standard-queues/ Note: Yes, SNS is used to send out the messages. SNS is a web service that coordinates and manages the delivery or sending of messages to subscribing endpoints or clients. In Amazon SNS, there are two types of clients—publishers and subscribers—also referred to as producers and consumers. Publishers communicate asynchronously with subscribers by producing and sending a message to a topic, which is a logical access point and communication channel. Subscribers (i.e., web servers, email addresses, Amazon SQS queues, AWS Lambda functions) consume or receive the message or noti cation over one of the supported protocols (i.e., Amazon SQS, HTTP/S, email, SMS, Lambda) when they are subscribed to the topic. There is no such thing like maintain the messages order in SNS. In the question, it mentioned that There is a requirement for 500 messages to be sent and processed in order. By SNS all messages will send at the same time to all the subscribers. Please refer following the link to get more information. https://docs.aws.amazon.com/sns/latest/dg/welcome.html The correct answer is: AWS SQS FIFO

The security policy of an organization requires an application to encrypt data before writing to the disk. Which solution should the organization use to meet this requirement? A. AWS KMS API B. AWS Certificate Manager C. API Gateway with STS D. IAM Access Key

Answer - A Option B is incorrect - The AWS Certificate Manager can be used to generate SSL certificates to encrypt traffic in transit, but not at rest. Option C is incorrect - It is used for issuing tokens while using the API gateway for traffic in transit. Option D is used for secure access to EC2 Instances. AWS Documentation mentions the following on AWS KMS: AWS Key Management Service (AWS KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data. AWS KMS is integrated with other AWS services including Amazon Elastic Block Store (Amazon EBS), Amazon Simple Storage Service (Amazon S3), Amazon Redshift, Amazon Elastic Transcoder, Amazon WorkMail, Amazon Relational Database Service (Amazon RDS), and others to make it simple to encrypt your data with encryption keys that you manage. For more information on AWS KMS, please visit the following URL: https://docs.aws.amazon.com/kms/latest/developerguide/overview.html The correct answer is: AWS KMS API

An application currently stores all its data on Amazon EBS Volumes. All EBS volumes must be backed up durably across multiple Availability Zones. What is the MOST resilient way to backup the volumes? A. Take regular EBS snapshots. B. Enable EBS volume encryption. C. Create a script to copy data to an EC2 Instance store. D. Mirror data across 2 EBS volumes.

Answer - A Option B is incorrect, because it does not help the durability of EBS Volumes. Option C is incorrect, since EC2 Instance stores are not durable. Option D is incorrect, since mirroring data across EBS volumes is inefficient in comparison with the existing option for EBS snapshots. AWS Documentation mentions the following on AWS EBS Snapshots: You can back up the data on your Amazon EBS volumes to Amazon S3 by taking point-in-time snapshots. Snapshots are incremental backups, which means that only the blocks on the device that have changed after your most recent snapshot are saved. This minimizes the time required to create the snapshot and saves on storage costs by not duplicating data. When you delete a snapshot, only the data unique to that snapshot is removed. Each snapshot contains all of the information needed to restore your data (from the moment when the snapshot was taken) to a new EBS volume. For more information on AWS EBS Snapshots, please visit the following URL: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.html The correct answer is: Take regular EBS snapshots.

There is a requirement to host a database application having a lot of resource-intensive reads and writes. Which of the below option is most suitable? A. EBS Provisioned IOPS B. EBS SSD C. EBS Throughput Optimized D. EBS Cold Storage

Answer - A Since there is a requirement for high performance with high IOPS, one needs to opt for EBS Provisioned IOPS SSD. The below snapshot from the AWS Documentation mentions the need for using Provisioned IOPS for better IOPS performance in database-based applications. For more information on AWS EBS Volume types, please visit the following URL: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html The correct answer is: EBS Provisioned IOPS

A Solutions Architect is designing a shared service for hosting containers from several customers on Amazon ECS. These containers will use several AWS services. A container from one customer should not be able access data from another customer. Which of the below solutions should the architect use to meet these requirements? A. IAM roles for tasks B. IAM roles for EC2 Instances C. IAM Instance profile for EC2 Instances D. Security Group rules

Answer - A The AWS Documentation mentions the following: With IAM roles for Amazon ECS tasks, you can specify an IAM role to be used by the containers in a task. Applications are required to sign their AWS API requests with AWS credentials, and this feature provides a strategy to manage credentials for your application's use. This is similar to how Amazon EC2 instance profiles provide credentials to EC2 instances. For more information on configuring IAM Roles for tasks in ECS, please visit the following URL: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html The correct answer is: IAM roles for tasks

There is an application which consists of EC2 Instances behind a classic ELB. An EC2 proxy is used for content management to backend instances. The application might not be able to scale properly. Which of the following can be used to scale the proxy and backend instances appropriately? Choose 2 answers from the options given below. A. Use Auto Scaling for the proxy servers. B. Use Auto Scaling for the backend instances. C. Replace the Classic ELB with Application ELB. D. Use Application ELB for both the front end and backend instances.

Answer - A and B When you see a requirement for scaling, consider the Auto Scaling service provided by AWS. This can be used to scale both proxy servers and backend instances. For more information on Auto Scaling, please visit the following URL: https://docs.aws.amazon.com/autoscaling/plans/userguide/what-is-aws-auto-scaling.html The correct answers are: Use Auto Scaling for the proxy servers., Use Auto Scaling for the backend instances.

A company has an application hosted in AWS. This application consists of EC2 Instances which sit behind an ELB with EC2 Instances. The following are requirements from an administrative perspective: a) Ensure notifications are sent when the read requests go beyond 1000 requests per minute b) Ensure notifications are sent when the latency goes beyond 10 seconds c) Any API activity which calls for sensitive data should be monitored Which of the following can be used to satisfy these requirements? Choose 2 answers from the options given below. A. Use CloudTrail to monitor the API Activity. B. Use CloudWatch logs to monitor the API Activity. C. Use CloudWatch metrics for the metrics that needs to be monitored as per the requirement and set up an alarm activity to send out notificatIons when the metric reaches the set threshold limit. D. Use a custom log software to monitor the latency and read requests to the ELB.

Answer - A and C AWS CloudTrail can be used to monitor the API calls. For more information on CloudTrail, please visit the following URL: https://aws.amazon.com/cloudtrail/ When you use CloudWatch metrics for an ELB, you can get the amount of read requests and latency out of the box. For more information on using Cloudwatch with the ELB, please visit the following URL: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-cloudwatch-metrics.html Option A is correct. CloudTrail is a web service that records AWS API calls for your AWS account and delivers log files to an Amazon S3 bucket. The recorded information includes the identity of the user, the start time of the AWS API call, the source IP address, the request parameters, and the response elements returned by the service. https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/Welcome.html Option C is correct. Use Cloudwatch metrics for the metrics that needs to be monitored as per the requirement and set up an alarm activity to send out noti catons when the metric reaches the set threshold limit.. The correct answers are: Use CloudTrail to monitor the API Activity., Use CloudWatch metrics for the metrics that needs to be monitored as per the requirement and set up an alarm activity to send out noti catIons when the metric reaches the set threshold limit.

For which of the following workloads should a Solutions Architect consider using Elastic Beanstalk? Choose 2 answers from the options given below. A. A Web application using Amazon RDS B. An Enterprise Data Warehouse C. A long running worker process D. A static website E. A management task run once on nightly basis

Answer - A and C AWS Documentation clearly mentions that the Elastic Beanstalk component can be used to create Web Server environments and Worker environments. D. A static website, while it could be done with Beanstalk, doesn't have workloads B. Need Redshift E. May be able to do this but not better than A and C. Also, this is not stated as a workload but rather a task.

A Redshift cluster currently contains 60TB of data. There is a requirement that a disaster recovery site is put in place in a region located 600km away. Which of the following solutions would help ensure that this requirement is fulfilled? A. Take a copy of the underlying EBS volumes to S3, and then do Cross-Region Replication. B. Enable Cross-Region snapshots for the Redshift Cluster. C. Create a CloudFormation template to restore the Cluster in another region. D. Enable Cross Availability Zone snapshots for the Redshift Cluster.

Answer - B For more information on managing Redshift snapshots, please visit the following URL: https://docs.aws.amazon.com/redshift/latest/mgmt/managing-snapshots-console.html The correct answer is: Enable Cross-Region snapshots for the Redshift Cluster.

A retailer exports data daily from its transactional databases into an S3 bucket in the Sydney region. The retailer's Data Warehousing team wants to import this data into an existing Amazon Redshift cluster in their VPC at Sydney. Corporate security policy mandates that data can only be transported within a VPC. What combination of the following steps will satisfy the security policy? Choose 2 answers from the options given below. Please select : A. Enable Amazon Redshift Enhanced VPC Routing. B. Create a Cluster Security Group to allow the Amazon Redshift cluster to access Amazon S3. C. Create a NAT gateway in a public subnet to allow the Amazon Redshift cluster to access Amazon S3. D. Create and configure an Amazon S3 VPC endpoint.

Answer - A and D Amazon Redshift Enhanced VPC Routing provides VPC resources, the access to Redshift. Redshift will not be able to access the S3 VPC endpoints without enabling Enhanced VPC routing, so one option is not going to support the scenario if another is not selected. NAT instance (the proposed answer) cannot be reached by Redshift without enabling Enhanced VPC Routing. https://aws.amazon.com/about-aws/whats-new/2016/09/amazon-redshift-now-supports-enhanced-vpc-routing/ The correct answers are: Enable Amazon Redshift Enhanced VPC Routing., Create and configure an Amazon S3 VPC endpoint.

What options can be used to host an application that uses NGINX and is scalable at any point in time? Choose 2 correct answers. A. AWS EC2 B. AWS Elastic Beanstalk C. AWS SQS D. AWS ELB

Answer - A, B NGINX is an open source software for web serving, reverse proxying, caching, load balancing etc. It complements the load balancing capabilities of Amazon ELB and ALB by adding support for multiple HTTP, HTTP/2, and SSL/TLS services, content-based routing rules, caching, Auto Scaling support, and traffic management policies. NGINX can be hosted on an EC2 instance through a series of clear steps- Launch an EC2 instance through the console. SSH into the instance and use the command yum install -y nginx to install nginx. Also, make sure that it is configured to restart automatically after a reboot. It can also be installed with an Elastic Beanstalk service. To enable the NGINX proxy server with your Tomcat application, you must add a configuration file to .ebextensions in the application source bundle that you upload to Elastic Beanstalk. More information is available at: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/java-tomcat-platform.html#java-tomcat-proxy The below snippet from the AWS Documentation shows the server available for Web server environments that can be created via Elastic Beanstalk. The server shows that NGINX servers can be provisioned via the Elastic Beanstalk service. For more information on the supported platforms for AWS Elastic Beanstalk, please visit the following URL: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/concepts.platforms.html NGINX is available as AMI for EC2. The correct answers are: AWS EC2, AWS Elastic Beanstalk.

A consulting firm repeatedly builds large architectures for their customers using AWS resources from several AWS services including IAM, Amazon EC2, Amazon RDS, DynamoDB and Amazon VPC. The consultants have architecture diagrams for each of their architectures, and are frustrated that they cannot use them to automatically create their resources. Which service should provide immediate benefits to the organization? A. AWS Beanstalk B. AWS CloudFormation C. AWS CodeBuild D. AWS CodeDeploy

Answer - B AWS CloudFormation: This supplements the requirement in the question and enables consultants to use their architecture diagrams to construct CloudFormation templates. AWS Documentation mentions the following on AWS CloudFormation: AWS CloudFormation is a service that helps you model and set up your Amazon Web Service resources so that you can spend less time managing those resources and more time focusing on your applications that run in AWS. You create a template that describes all the AWS resources that you want (like Amazon EC2 instances or Amazon RDS DB instances), and AWS CloudFormation takes care of provisioning and configuring those resources for you. For more information on AWS Cloudformation, please visit the following URL: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html The correct answer is: AWS CloudFormation

Development teams in your organization use S3 buckets to store log files for various applications hosted in AWS development environments. The developers intend to keep the logs for a month for troubleshooting purposes, and subsequently purge the logs. What feature will enable this requirement? A. Adding a bucket policy on the S3 bucket. B. Configuring lifecycle configuration rules on the S3 bucket. C. Creating an IAM policy for the S3 bucket. D. Enabling CORS on the S3 bucket.

Answer - B AWS Documentation mentions the following on Lifecycle policies: Lifecycle configuration enables you to specify the Lifecycle management of objects in a bucket. The configuration is a set of one or more rules, where each rule defines an action for Amazon S3 to apply to a group of objects. These actions can be classified as follows: Transition actions - In which you define when objects transition to another storage class. For example, you may choose to transition objects to the STANDARD_IA (IA, for infrequent access) storage class 30 days after creation, or archive objects to the GLACIER storage class one year after creation. Expiration actions - In which you specify when the objects expire. Then, Amazon S3 deletes the expired objects on your behalf. For more information on AWS S3 Lifecycle policies, please visit the following URL: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html Option D is for Sharing resources between regions. The correct answer is: Configuring lifecycle con guration rules on the S3 bucket.

A website runs on EC2 Instances behind an ELB Application Load Balancer. The instances run in an Auto Scaling Group across multiple Availability Zones and deliver several large files that are stored on a shared Amazon EFS file system. The company needs to avoid serving the files from EC2 Instances every time a user requests these digital assets. What should the company do to improve the user experience of the web site? Please select : A. Move the digital assets to Amazon Glacier. B. Cache static content using CloudFront. C. Resize the images so that they are smaller. D. Use reserved EC2 Instances.

Answer - B AWS Documentation mentions the following on the benefits of using CloudFront: Amazon CloudFront is a web service that speeds up distribution of your static and dynamic web content, such as .html, .css, .js, and image files to your users. CloudFront delivers your content through a worldwide network of data centers called edge locations. When a user requests content that you're serving with CloudFront, the user is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance. If the content is already in the edge location with the lowest latency, CloudFront delivers it immediately. For more information on AWS Cloudfront, please visit the following URL: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Introduction.html Glacier is not used for frequent retrievals. So Option A is not a good solution. Option C & D scenarios will also not help in this situation. The correct answer is: Cache static content using CloudFront.

Currently a company makes use of EBS snapshots to back up their EBS Volumes. As a part of the business continuity requirement, these snapshots need to be made available in another region. How can this be achieved? A. Directly create the snapshot in the other region. B. Create Snapshot and copy the snapshot to new region. C. Copy the snapshot to an S3 bucket and then enable Cross-Region Replication for the bucket. D. Copy the EBS Snapshot to an EC2 instance in another region.

Answer - B AWS Documentation mentions the following: A snapshot is constrained to the region where it was created. After you create a snapshot of an EBS volume, you can use it to create new volumes in the same region. For more information, follow the link on Restoring an Amazon EBS Volume from a Snapshot below. You can also copy snapshots across regions, making it possible to use multiple regions for geographical expansion, data center migration, and disaster recovery. For more information on EBS Snapshots, please visit the following URL: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.html For more information on Restoring an Amazon EBS Volume from a Snapshot, please visit the following URL: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-restoring-volume.html Option C is incorrect. Because, the snapshots which we are taking from the EBS are stored in AWS managed S3. We don't have the option to see the snapshot in S3. Hence, option C can't be the correct answer. The correct answer is: Create Snapshot and copy the snapshot to new region.

A Solutions Architect designing a solution to store and archive corporate documents, has determined Amazon Glacier as the right choice of solution. An important requirement is that the data must be delivered within 10 minutes of a retrieval request. Which feature in Amazon Glacier can help meet this requirement? A. Vault Lock B. Expedited retrieval C. Bulk retrieval D. Standard retrieval

Answer - B AWS Documentation mentions the following: Expedited retrievals to access data in 1 - 5 minutes for a at rate of $0.03 per GB retrieved. Expedited retrievals allow you to quickly access your data when occasional urgent requests for a subset of archives are required. For more information on AWS Glacier Retrieval, please visit the following URL: https://docs.aws.amazon.com/amazonglacier/latest/dev/downloading-an-archive-two-steps.html The other two are standard (3-5 hours retrieval time) and Bulk retrievals which is the cheapest option.(5-12 hours retrieval time). The correct answer is: Expedited retrieval

A company has resources hosted in their AWS Account. There is a requirement to monitor API activity for all regions and the audit needs to be applied for future regions as well. Which of the following can be used to fulfill this requirement? Please select : A. Ensure CloudTrail for each region, then enable for each future region. B. Ensure one CloudTrail trail is enabled for all regions. C. Create a CloudTrail for each region. Use CloudFormation to enable the trail for all future regions. D. Create a CloudTrail for each region. Use AWS Config to enable the trail for all future regions.

Answer - B AWS Documentation mentions the following: You can now turn on a trail across all regions for your AWS account. CloudTrail will deliver log files from all regions to the Amazon S3 bucket and an optional CloudWatch Logs log group you specified. Additionally, when AWS launches a new region, CloudTrail will create the same trail in the new region. As a result, you will receive log les containing API activity for the new region without taking any action. For more information on this feature, please visit the following URL: https://aws.amazon.com/about-aws/whats-new/2015/12/turn-on-cloudtrail-across-all-regions-and-support-formultiple- trails/ The correct answer is: Ensure one CloudTrail trail is enabled for all regions.

A company is using a Redshift cluster to store their data warehouse. There is a requirement from the Internal IT Security team to encrypt data for the Redshift database. How can this be achieved? A. Encrypt the EBS volumes of the underlying EC2 Instances. B. Use AWS KMS Customer Default master key. C. Use SSL/TLS for encrypting the data. D. Use S3 Encryption.

Answer - B AWS documentation mentions the following: Amazon Redshift uses a hierarchy of encryption keys to encrypt the database. You can use either AWS Key Management Service (AWS KMS) or a hardware security module (HSM) to manage the top-level encryption keys in this hierarchy. The process that Amazon Redshift uses for encryption differs depending on how you manage keys. For more information on Redshift encryption, please visit the following URL: https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-db-encryption.html The correct answer is: Use AWS KMS Customer Default master key.

An administrator runs a highly available application in AWS. A file storage layer is needed that can share between instances and scale the platform more easily. Which AWS service can perform this action? A. Amazon EBS B. Amazon EFS C. Amazon S3 D. Amazon EC2 Instance store

Answer - B Amazon EFS provides scalable file storage for use with Amazon EC2. You can create an EFS file system and configure your instances to mount the file system. The EFS file system can be used as a common data source for workloads and applications running on multiple instances. Option C S3 could be used but given that the requirement is about file storage, EFS is a better choice. Option A is incorrect. EBS is block based storage. Option D is incorrect. Instance stores are ephemeral. EFS is the file storage which is scalar and elastic and can be used as a common storage for many instances. The correct answer is: Amazon EFS.

A company is to run a service on AWS to provide offsite backups for images on laptops and phones. The solution must support millions of customers with thousands of images per customer. Though the images will be retrieved infrequently, they must be available for retrieval immediately. Which is the MOST cost efficient storage option that meets these requirements? A. Amazon Glacier with Expedited retrievals B. Amazon S3 Standard Infrequent Access C. Amazon EFS D. Amazon S3 Standard

Answer - B Amazon S3 Infrequent Access is perfect if you want to store data that need not be frequently accessed. It is must more cost effective than Amazon S3 Standard (Option D). And if you choose Amazon Glacier with expedited retrievals, then you defeat the whole purpose of the requirement, because you would have an increased cost with this option. For more information on AWS Storage classes, please visit the following URL: https://aws.amazon.com/s3/storage-classes/ The correct answer is: Amazon S3 Standard Infrequent Access.

An application requires an EC2 Instance for continuous batch processing activities requiring a maximum data throughput of 500MiB/s. Which of the following is the best storage option for this? A. EBS IOPS B. EBS SSD C. EBS Throughput Optimized D. EBS Cold Storage

Answer - C For storage volume types for batch processing activities with large throughput, consider using EBS Throughput Optimized Volume type. AWS Documentation also mentions this: For more information on EBS Volume types, please visit the following URL: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html The correct answer is: EBS Throughput Optimized.

An application hosted on EC2 Instances has its promotional campaign due to start in 2 weeks. There is a mandate from the management to ensure that no performance problems are encountered due to traffic growth during this time. Which of the following must be done to the Auto Scaling Group to ensure this requirement can be fulfilled? A. Configure Step scaling for the Auto Scaling Group. B. Configure Dynamic Scaling and use Target tracking scaling Policy C. Configure Scheduled scaling for the Auto Scaling Group D. Configure Static scaling for the Auto Scaling Group

Answer - B If you are scaling is based on a metric, which is an utilization metric that increases or decreases proportionally to the number of instances in the Auto Scaling group, we recommend that you use a target tracking scaling policy instead. In Target tracking scaling policies you select a predefined metric or configure a customized metric, and set a target value. EC2 Auto Scaling creates and manages the CloudWatch alarms that trigger the scaling policy and calculates the scaling adjustment based on the metric and the target value. The scaling policy adds or removes capacity as required to keep the metric at, or close to, the specified target value. Scheduled scaling works better when you can predict the load changes and also when you know how long you need to run. Here in our scenario we just know that there will be a heavy traffic during the campaign period (period is not specified) but not sure about the actual traffic. Don't have any history to predict it either. For more information on Auto Scaling Scheduled Scaling, please visit the following URL: https://docs.aws.amazon.com/autoscaling/ec2/userguide/schedule_time.html https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-scaling-simple-step.html https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-scaling-target-tracking.html The correct answer is: Configure Dynamic Scaling and use Target tracking scaling Policy

A Solutions Architect is designing a highly scalable system to track records. These records must remain available for immediate download for up to three months and then must be deleted. What is the most appropriate decision for this use case? A. Store the files in Amazon EBS and create a Lifecycle Policy to remove files after 3 months. B. Store the files in Amazon S3 and create a Lifecycle Policy to remove files after 3 months. C. Store the files in Amazon Glacier and create a Lifecycle Policy to remove files after 3 months. D. Store the files in Amazon EFS and create a Lifecycle Policy to remove files after 3 months.

Answer - B Option A is invalid, since the records need to be stored in a highly scalable system. Option C is invalid, since the records must be available for immediate download. Option D is invalid, because it does not have the concept of a Lifecycle Policy. AWS Documentation mentions the following on Lifecycle Policies: Lifecycle configuration enables you to specify the Lifecycle Management of objects in a bucket. The configuration is a set of one or more rules, where each rule defines an action for Amazon S3 to apply to a group of objects. These actions can be classified as follows: Transition actions - In which you define when the objects transition to another storage class. For example, you may choose to transition objects to the STANDARD_IA (IA, for infrequent access) storage class 30 days after creation, or archive objects to the GLACIER storage class one year after creation. Expiration actions - In which you specify when the objects expire. Then Amazon S3 deletes the expired objects on your behalf. For more information on AWS S3 Lifecycle Policies, please visit the following URL: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html The correct answer is: Store the files in Amazon S3 and create a Lifecycle Policy to remove files after 3 months.

An application hosted in AWS allows users to upload videos to an S3 bucket. A user is required to be given access to upload some videos for a week based on the profile. How can be this be accomplished in the best way possible? A. Create an IAM bucket policy to provide access for a week's duration. B. Create a pre-signed URL for each profile which will last for a week's duration. C. Create an S3 bucket policy to provide access for a week's duration. D. Create an IAM role to provide access for a week's duration.

Answer - B Pre-signed URL's are the perfect solution when you want to give temporary access to users for S3 buckets. So, whenever a new profile is created, you can create a pre-signed URL to ensure that the URL lasts for a week and allows users to upload the required objects. For more information on pre-signed URL's, please visit the following URL: https://docs.aws.amazon.com/AmazonS3/latest/dev/PresignedUrlUploadObject.html The correct answer is: Create a pre-signed URL for each pro le which will last for a week's duration

An organization hosts a multi-language website on AWS, which is served using CloudFront. Language is specified in the HTTP request as shown below: http://d11111f8.cloudfront.net/main.html?language=de http://d11111f8.cloudfront.net/main.html?language=en http://d11111f8.cloudfront.net/main.html?language=es How should AWS CloudFront be configured to delivered cache data in the correct language? Please select : A. Forward cookies to the origin B. Based on query string parameters C. Cache objects at the origin D. Serve dynamic content

Answer - B Since language is specified in the query string parameters, CloudFront should be configured for the same. See https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/QueryStringParameters.html

A company owns an API which currently gets 1000 requests per second. The company wants to host this in a cost effective manner using AWS. Which one of the following solution is best suited for this? A. Use API Gateway with the backend services as it is. B. Use the API Gateway along with AWS Lambda C. Use CloudFront along with the API backend service as it is. D. Use ElastiCache along with the API backend service as it is.

Answer - B Since the company has full ownership of the API, the best solution would be to convert the code for the API and use it in a Lambda function. This can help save on cost, since in the case of Lambda, you only pay for the time the function runs, and not for the infrastructure. Then, you can use the API Gateway along with the AWS Lambda function to scale accordingly. For more information on using API Gateway with AWS Lambda, please visit the following URL: https://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started-with-lambda-integration.html Note: With Lambda you do not have to provision your own instances Lambda performs all the operational and administrative activities on your behalf, including capacity provisioning, monitoring fleet health, applying security patches to the underlying compute resources, deploying your code, running a web service front end, and monitoring and logging your code. AWS Lambda provides easy scaling and high availability to your code without additional effort on your part. The correct answer is: Use the API Gateway along with AWS Lambda

You have a requirement to host a static website for a domain called mycompany.com in AWS. It is required to ensure that the traffic is scaled properly. How can this be achieved? Choose 2 answers from the options given below. A. Host the static site on an EC2 Instance. B. Use Route53 with static web site in S3. C. Enter the NS records from Route53 in the domain registrar. D. Place the EC2 instance behind the ELB.

Answer - B and C You can host a static website in S3. You need to ensure that the nameserver records for the Route53 hosted zone are entered in your domain registrar. For more information on website hosting in S3, please visit the following URL: https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html The correct answers are: Use Route53 with static web site in S3., Enter the NS records from Route53 in the domain registrar.

You require the ability to analyze a customer's clickstream data on a website so they can do behavioral analysis. Your customer needs to know what sequence of pages and ads their customer clicked on. This data will be used in real time to modify the page layouts as customers click through the site to increase stickiness and advertising click-through. Which option meets the requirements for captioning and analyzing this data? A. Log clicks in weblogs by URL store to Amazon S3, and then analyze with Elastic MapReduce. B. Push web clicks by session to Amazon Kinesis and analyze behavior using Kinesis workers. C. Write click events directly to Amazon Redshift and then analyze with SQL. D. Publish web clicks by session to an Amazon SQS queue. Then send the events to AWS RDs for further processing.

Answer - B The AWS Documentation mentions the following Amazon Kinesis Data Streams enables you to build custom applications that process or analyze streaming data for specialized needs. Kinesis Data Streams can continuously capture and store terabytes of data per hour from hundreds of thousands of sources such as website clickstreams, financial transactions, social media feeds, IT logs, and location-tracking events. For more information on Amazon Kinesis, please visit the following URL: https://aws.amazon.com/kinesis/data-streams/ The correct answer is: Push web clicks by session to Amazon Kinesis and analyze behavior using Kinesis workers.

There is a requirement to get the IP addresses for resources accessed in a private subnet. Which of the following can be used to fulfill this purpose? A. Trusted Advisor B. VPC Flow Logs C. Use CloudWatch metrics D. Use CloudTrail

Answer - B The AWS Documentation mentions the following: VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data is stored using Amazon CloudWatch Logs. After you've created a flow log, you can view and retrieve its data in Amazon CloudWatch Logs. For more information on VPC Flow Logs, please visit the following URL: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html Incorrect answers: AWS Trusted Advisor is your customized cloud expert! It helps you to observe best practices for the use of AWS by inspecting your AWS environment with an eye toward saving money, improving system performance and reliability, and closing security gaps. AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. Cloud watch Metric is mainly for used for performance metrics. The correct answer is: VPC Flow Logs

A company wants to host a web application and a database layer in AWS. This will be done with the use of subnets in a VPC. Which of the following is a proper architectural design for supporting the required tiers of the application? A. Use a public subnet for the web tier and a public subnet for the database layer. B. Use a public subnet for the web tier and a private subnet for the database layer. C. Use a private subnet for the web tier and a private subnet for the database layer. D. Use a private subnet for the web tier and a public subnet for the database layer.

Answer - B The ideal setup is to ensure that the web server is hosted in the public subnet so that it can be accessed by users on the internet. The database server can be hosted in the private subnet. For more information on public and private subnets in AWS, please visit the following URL: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html The correct answer is: Use a public subnet for the web tier and a private subnet for the database layer. For more information on public and private subnets in AWS, please visit the following URL: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html The correct answer is: Use a public subnet for the web tier and a private subnet for the database layer.

A million images are required to be uploaded to S3. What option ensures optimal performance in this case? A. Use a sequential ID for the prefix. B. Use a hexadecimal hash for the prefix. C. Use a hexadecimal hash for the suffix. D. Use a sequential ID for the suffix.

Answer - B This recommendation for increasing performance in case of a high request rate in S3 is given in the AWS documentation. For more information on S3 performance considerations, please visit the following URL: https://docs.aws.amazon.com/AmazonS3/latest/dev/request-rate-perf-considerations.html Note: Amazon S3 maintains an index of object key names in each AWS Region. Object keys are stored in UTF-8 binary ordering across multiple partitions in the index. The key name determines which partition the key is stored in. Using a sequential prefix, such as a timestamp or an alphabetical sequence, increases the likelihood that Amazon S3 will target a specific partition for a large number of your keys, which can overwhelm the I/O capacity of the partition. If your workload is a mix of request types, introduce some randomness to key names by adding a hash string as a prefix to the key name. By introducing randomness to your key names, the I/O load is distributed across multiple index partitions. For example, you can compute an MD5 hash of the character sequence that you plan to assign as the key, and add three or four characters from the hash as a prefix to the key name. The correct answer is: Use a hexadecimal hash for the prefix.

A company hosts a popular web application that connects to an Amazon RDS MySQL DB instance running in a private VPC subnet created with default ACL settings. The web servers must be accessible only to customers on an SSL connection and the database must only be accessible to web servers in a public subnet. Which solution meets these requirements without impacting other running applications? Select 2 answers from the options given below. A. Create a network ACL on the Web Server's subnets, allow HTTPS port 443 inbound and specify the source as 0.0.0.0/0 B. Create a Web Server security group that allows HTTPS port 443 inbound traffic from anywhere (0.0.0.0/0) and apply it to the Web Servers. C. Create a DB Server security group that allows MySQL port 3306 inbound and specify the source as the Web Server security group. D. Create a network ACL on the DB subnet, allow MySQL port 3306 inbound for Web Servers and deny all outbound traffic. E. Create a DB Server security groups that allows HTTPS port 443 inbound and specify the source as a Web Server security group.

Answer - B and C This sort of setup is explained in the AWS documentation. 1) To ensure that traffic can follow into your web server from anywhere on secure traffic, you need to allow inbound security at 443. 2) And then, you need to ensure that traffic can follow from the database server to the web server via the database security group. The below snapshot from the AWS Documentation shows rule tables for security groups that relate to the same requirements as in the question. Option A and D are invalid answers. The default ACL rules for the VPC will allow all traffic so there is no need to create a new ACL. Option E is also invalid because to communicate with the MySQL servers we need to allow traffic to follow through port 3306. The correct answers are: Create a Web Server security group that allows HTTPS port 443 inbound traffic from anywhere (0.0.0.0/0) and apply it to the Web Servers., Create a DB Server security group that allows MySQL port 3306 inbound and specify the source as the Web Server security group.

A company is developing a web application to be hosted in AWS. This application needs a data store for session data. As an AWS Solution Architect, which of the following would you recommend as an ideal option to store session data? Choose 2 answers from the options given below. Please select : A. CloudWatch B. DynamoDB C. Elastic Load Balancing D. ElastiCache E. Storage Gateway

Answer - B and D DynamoDB and ElastiCache are perfect options for storing session data. AWS Documentation mentions the following on these services: Amazon DynamoDB is a fast and flexible NoSQL database service for all applications that need consistent, single-digit millisecond latency at any scale. It is a fully managed cloud database and supports both document and key-value store models. Its flexible data model, reliable performance, and automatic scaling of throughput capacity, makes it a great fit for mobile, web, gaming, ad tech, IoT, and many other applications. For more information on AWS DynamoDB, please visit the following URL: https://aws.amazon.com/dynamodb/ ElastiCache is a web service that makes it easy to set up, manage, and scale a distributed in-memory data store or cache environment in the cloud. It provides a high-performance, scalable, and cost-effective caching solution, while removing the complexity associated with deploying and managing a distributed cache environment. For more information on AWS Elasticache, please visit the following URL: https://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/WhatIs.html Incorrect answers: AWS CloudWatch offers cloud monitoring services for customers of AWS resources. AWS Storage Gateway is a hybrid storage service that enables your on-premises applications to seamlessly use AWS cloud storage. AWS Elastic Load Balancing automatically distributes incoming application traffic across multiple targets.

A team is building an application that must persist and index JSON data in a highly available data store. Latency of data access must remain consistent despite very high application traffic. What service should the team choose for the above requirement? A. Amazon EFS B. Amazon Redshift C. DynamoDB D. AWS CloudFormation

Answer - C AWS Documentation mentions the following on DynamoDB: Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. The data in DynamoDB is stored in JSON format, and hence is the perfect data store for the requirement in question. For more information on AWS DynamoDB, please visit the following URL: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Introduction.html The correct answer is: DynamoDB

There is a requirement for an iSCSI device and the legacy application needs local storage. Which of the following can be used to meet the demands of the application? A. Configure the Simple Storage Service. B. Configure Storage Gateway Cached volume. C. Configure Storage Gateway Stored volume. D. Configure Amazon Glacier.

Answer - C AWS Documentation mentions the following: If you need low-latency access to your entire dataset, rst con gure your on-premises gateway to store all your data locally. Then, asynchronously back up point-in-time snapshots of this data to Amazon S3. This con guration provides durable and inexpensive offsite backups that you can recover to your local data center or Amazon EC2. For example, if you need replacement capacity for disaster recovery, you can recover the backups to Amazon EC2. For more information on the Storage gateway, please visit the following URL: https://docs.aws.amazon.com/storagegateway/latest/userguide/WhatIsStorageGateway.html S3 and Glacier are not used for this purpose. Volume gateway provides an iSCSI target, which enables you to create volumes and mount them as iSCSI devices from your on-premises or EC2 application servers. The volume gateway runs in either a cached or stored mode. In the cached mode, your primary data is written to S3, while retaining your frequently accessed data locally in a cache for low-latency access. In the stored mode, your primary data is stored locally and your entire dataset is available for low-latency access while asynchronously backed up to AWS. The correct answer is: Configure Storage Gateway Stored volume.

A company has a requirement for archival of 6TB of data. There is an agreement with the stakeholders for an 8-hour agreed retrieval time. Which of the following can be used as the MOST cost-effective storage option? A. AWS S3 Standard B. AWS S3 Infrequent Access C. AWS Glacier D. AWS EBS Volumes

Answer - C Amazon Glacier is the perfect solution for this. Since the agreed time frame for retrieval is met at 8 hours, this will be the most cost effective option. For more information on AWS Glacier, please visit the following URL: https://aws.amazon.com/documentation/glacier/ The correct answer is: AWS Glacier

An application needs to have a Data store hosted in AWS. The following requirements are in place for the Data store: a) An initial storage capacity of 8 TB b) The ability to accommodate a database growth of 8GB per day c) The ability to have 4 Read Replicas Which of the following Data stores would you choose for this requirement? A. DynamoDB B. Amazon S3 C. Amazon Aurora D. SQL Server

Answer - C Aurora can have a storage limit of 64TB and can easily accommodate the initial 8TB plus a database growth of 8GB/day for nearly a period of 20+ years. It can have up to 15 Aurora Replicas that can be distributed across the Availability Zones that a DB cluster spans within an AWS Region. Aurora Replicas work well for read scaling because they are fully dedicated to read operations on your cluster volume. Write operations are managed by the primary instance. Because the cluster volume is shared among all DB instances in your DB cluster, no additional work is required to replicate a copy of the data for each Aurora Replica. For more information on AWS Aurora, please visit the following URL: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Aurora.Replication.html Note: Our db choice need to ful ll 3 criteria's. 1. Initial Storage capacity 8 TB 2. Daily db growth of 8GB/day 3. Need 4 Read replicas DynamoDB, along side DynamoDB Accelerator(DAX) can support up to 9 read replicas in its primary cluster. However we have to choose the best suitable one from the options listed in the question. We have Aurora also listed under the option which is fully dedicated for read operations in the cluster. The correct answer is: Amazon Aurora

A database hosted using the AWS RDS service is getting a lot of database queries and has now become a bottleneck for the associating application. What action will ensure that the database is not a performance bottleneck? A. Setup a CloudFront distribution in front of the database. B. Setup an ELB in front of the database. C. Setup ElastiCache in front of the database. D. Setup SNS in front of the database.

Answer - C ElastiCache is an in-memory solution which can be used in front of a database to cache the common queries issued against the database. This can reduce the overall load on the database. Option A is incorrect because this is normally used for content distribution. Option B is partially correct, but you need to have one more database as an internal load balancing solution. Option D is incorrect because SNS is a simple notification service. For more information on ElastiCache, please visit the following URL: https://aws.amazon.com/elasticache/ The correct answer is: Setup ElastiCache in front of the database.

An application reads and writes objects to an S3 bucket. When the application is fully deployed, the read/write traffic is very high. How should the architect maximize the Amazon S3 performance? A. Use as many S3 prefixes as you need in parallel to achieve the required throughput. B. Use the STANDARD_IA storage class. C. Prefix each object name with a hex hash key along with the current data. D. Enable versioning on the S3 bucket.

Answer - C NOTE: Based on the S3 new performance announcement, S3 request rate performance increase removes any previous guidance to randomize object prefixes to achieve faster performance. But Amazon exam questions and answers not yet updated. So Option C is correct answer as per AWS exam. This recommendation for increasing performance in case of a high request rate in s3 is given in the documentation. This recommendation for increasing performance in case of a high request rate in s3 is given in the documentation. The correct answer is: Prefix each object name with a hex hash key along with the current data.

An application currently using a NAT Instance is required to use a NAT Gateway. Which of the following can be used to accomplish this? A. Use NAT Instances along with the NAT Gateway. B. Host the NAT Instance in the private subnet. C. Migrate from a NAT Instance to a NAT Gateway and host the NAT Gateway in the public subnet. D. Convert the NAT Instance to a NAT Gateway.

Answer - C One can simply start and stop using the NAT Gateway service using the deployed NAT instances. But you need to ensure that the NAT Gateway is deployed in the public subnet. For more information on migrating to a NAT Gateway, please visit the following URL: https://aws.amazon.com/premiumsupport/knowledge-center/migrate-nat-instance-gateway/ The correct answer is: Migrate from a NAT Instance to a NAT Gateway and host the NAT Gateway in the public subnet.

A database is being hosted using the AWS RDS service. This database is to be made into a production database and is required to have high availability. Which of the following can be used to achieve this requirement? A. Use Multi-AZ for the RDS instance to ensure that a secondary database is created in another region. B. Use the Read Replica feature to create another instance of the DB in another region. C. Use Multi-AZ for the RDS instance to ensure that a secondary database is created in another Availability Zone. D. Use the Read Replica feature to create another instance of the DB in another Availability Zone.

Answer - C Option A is incorrect because the Multi-AZ feature allows for high availability across Availability Zones and not regions. Options B and D are incorrect because Read Replicas can be used to offoad database reads. But if you want high availability then opt for the Multi-AZ feature. AWS Documentation mentions the following: Amazon RDS Multi-AZ deployments provide enhanced availability and durability for Database (DB) Instances, making them a natural fit for production database workloads. When you provision a Multi-AZ DB Instance, Amazon RDS automatically creates a primary DB Instance and synchronously replicates the data to a standby instance in a different Availability Zone (AZ). For more information on AWS RDS Multi-AZ, please visit the following URL: https://aws.amazon.com/rds/details/multi-az/ The correct answer is: Use Multi-AZ for the RDS instance to ensure that a secondary database is created in another Availability Zone.

An application with a 150 GB relational database runs on an EC2 Instance. While the application is used infrequently with small peaks in the morning and evening, what is the MOST cost effective storage type among the options below? A. Amazon EBS provisioned IOPS SSD B. Amazon EBS Throughput Optimized HDD C. Amazon EBS General Purpose SSD D. Amazon EFS

Answer - C Since the database is used infrequently and not throughout the day, and the question mentions the MOST cost effective storage type, the preferred choice would be EBS General Purpose SSD over EBS provisioned IOPS SSD. The minimum volume of Throughput Optimized HDD is 500 GB. As per our scenario, we need 150 GB only. With current pricing it would cost $22.50/month for st1 and only $15/month for gp2 Hence, option C: Amazon EBS General Purpose SSD, would be the best choice for cost-effective. For more information on AWS EBS Volumes, please visit the following URL: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumes.html SSD-backed volumes are optimized for transactional workloads involving frequent read/write operations with small I/O size, where the dominant performance attribute is IOPS. The question is focusing on a relational DB where we will give importance to Input/output operations per second. Hence gp2 seems to be a good option in this case. Since the question does not mention on any mission-critical low-latency requirement PIOPS is not required. HDD-backed volumes are optimized for large streaming workloads where throughput (measured in MiB/s) is a better performance measure than IOPS.

An application consists of the following architecture: a. EC2 Instances in multiple AZ's behind an ELB b. The EC2 Instances are launched via an Auto Scaling Group. c. There is a NAT instance which is used so that instances can download updates from the Internet. Which of the following is a bottleneck in the architecture? A. The EC2 Instances B. The ELB C. The NAT Instance D. The Auto Scaling Group

Answer - C Since there is only one NAT instance, this is a bottleneck for the architecture. For high availability, launch NAT instances in multiple Availability Zones and make it as part of an Auto Scaling Group. For more information on NAT Instances, please visit the following URL: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html The correct answer is: The NAT Instance

You are deploying an application on Amazon EC2, which must call AWS APIs. What method should you use to securely pass credentials to the application? A. Pass API credentials to the instance using Instance userdata. B. Store API credentials as an object in Amazon S3. C. Embed the API credentials into your application. D. Assign IAM roles to the EC2 Instances.

Answer - D AWS Documentation mentions the following: You can use roles to delegate access to users, applications, or services that don't normally have access to your AWS resources. It is not a good practice to use IAM credentials for a production based application. A good practice however, is to use IAM Roles. For more information on IAM Roles, please visit the following URL: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html The correct answer is: Assign IAM roles to the EC2 Instances.

A company hosts 5 web servers in AWS. They want to ensure that Route53 can be used to route user traffic to random web servers when they request for the underlying web application. Which routing policy should be used to fulfill this requirement? A. Simple B. Weighted C. Multivalue Answer D. Latency

Answer - C The AWS Documentation mentions the following to support this: If you want to route traffic approximately randomly to multiple resources such as web servers, you can create one multivalue answer record for each resource and, optionally, associate an Amazon Route 53 health check with each record. For example, suppose you manage an HTTP web service with a dozen web servers that each have their own IP address, no one web server could handle all of the traffic, but if you create a dozen multivalue answer records, Amazon Route 53 responds to DNS queries with up to eight healthy records in response to each DNS query. Amazon Route 53 gives different answers to different DNS resolvers. If a web server becomes unavailable after a resolver caches a response, client software can try another IP address in the response. For more information on this option, please visit the following URL: https://aws.amazon.com/about-aws/whats-new/2017/06/amazon-route-53-announces-support-for-multivalueanswers- in-response-to-dns-queries/ Simple routing policy - Use for a single resource that performs a given function for your domain, for example, a web server that serves content for the example.com website. Latency routing policy - Use when you have resources in multiple locations and you want to route traffic to the resource that provides the best latency. Weighted routing policy - Use to route traffic to multiple resources in proportions that you specify. Multivalue answer routing policy - Use when you want Route 53 to respond to DNS queries with up to eight healthy records selected at random. The correct answer is: Multivalue Answer

A data processing application in AWS must pull data from an Internet service. A Solutions Architect is to design a highly available solution to access this data without placing bandwidth constraints on the application traffic. Which solution meets these requirements? A. Launch a NAT gateway and add routes for 0.0.0.0/0 B. Attach a VPC endpoint and add routes for 0.0.0.0/0 C. Attach an Internet gateway and add routes for 0.0.0.0/0 D. Deploy NAT instances in a public subnet and add routes for 0.0.0.0/0

Answer - C The AWS Documentation mentions the following: An Internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the Internet. It therefore imposes no availability risks or bandwidth constraints on your network traffic. For more information on the Internet gateway, please visit the following URL: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Internet_Gateway.html Note: NAT gateway is also a highly available architecture and is used to enable instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a connection with those instances. It can only scale up to 45 Gbps. NAT instances's bandwidth capability depends up on the instance type. VPC Endpoints are used to enable private connectivity to services hosted in AWS, from within your VPC without using an Internet Gateway, VPN, Network Address Translation (NAT) devices, or firewall proxies. So it cannot be used to connect to internet. An Internet gateway is horizontally-scaled, redundant, and highly available. It imposes no bandwidth constraints. The correct answer is: Attach an Internet gateway and add routes for 0.0.0.0/0.

An application sends images to S3. The metadata for these images needs to be saved in persistent storage and is required to be indexed. Which of the following can be used for the underlying metadata storage? A. AWS Aurora B. AWS S3 C. AWS DynamoDB D. AWS RDS

Answer - C The most efficient storage mechanism for just storing metadata is DynamoDB. DynamoDB is normally used in conjunction with the Simple Storage service. So, after storing the images in S3, you can store their metadata in DynamoDB. You can also create secondary indexes for DynamoDB Tables. For more information on managing indexes in DynamoDB, please visit the following URL: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/SQLtoNoSQL.Indexes.html The correct answer is: AWS DynamoDB

While reviewing the Auto Scaling events for your application, you notice that your application is scaling up and down multiple times in the same hour. What design choice could you make to optimize costs while preserving elasticity? Choose 2 answers from the options given below. A. Modify the Auto Scaling group termination policy to terminate the older instance first. B. Modify the Auto Scaling group termination policy to terminate the newest instance first. C. Modify the Auto Scaling group cool down timers. D. Modify the Auto Scaling group to use Scheduled Scaling actions. E. Modify the CloudWatch alarm period that triggers your Auto Scaling scale down policy.

Answer - C and E Here, not enough time is being given for the scaling activity to take effect and for the entire infrastructure to stabilize after the scaling activity. This can be taken care of by increasing the Auto Scaling group CoolDown timers. For more information on Auto Scaling CoolDown, please visit the following URL: https://docs.aws.amazon.com/autoscaling/ec2/userguide/Cooldown.html You will also have to define the right threshold for the CloudWatch alarm for triggering the scale down policy. For more information on Auto Scaling Dynamic Scaling, please visit the following URL: https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-scale-based-on-demand.html The correct answers are: Modify the Auto Scaling group cool down timers., Modify the CloudWatch alarm period that triggers your Auto Scaling scale down policy.

A company is migrating an on-premises 10TB MySQL database to AWS. With a business requirement that the replica lag be under 100 milliseconds, the company expects this database to quadruple in size. Which Amazon RDS engine meets the above requirements? A. MySQL B. Microsoft SQL Server C. Oracle D. Amazon Aurora

Answer - D AWS Documentation clarifies that the above requirements are supported by AWS Aurora. Amazon Aurora (Aurora) is a fully managed, MySQL- and PostgreSQL-compatible, relational database engine. It combines the speed and reliability of high-end commercial databases with the simplicity and cost-effectiveness of open-source databases. It delivers up to five times the throughput of MySQL and up to three times the throughput of PostgreSQL without requiring changes to most of your existing applications. All Aurora Replicas return the same data for query results with minimal replica lag—usually much less than 100 milliseconds after the primary instance has written an update. For more information on AWS Aurora, please visit the following URL: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Aurora.Overview.html The company expects the database to quadruple in size and the business requirement is that replica lag must be kept under 100 milliseconds. Aurora Cluster can grow up to 64 TB in size and replica lag—is less than 100 milliseconds after the primary instance has written an update. The correct answer is: Amazon Aurora

A database is required for a Two-Tier application. The data would go through multiple schema changes. The database needs to be durable, and changes to the database should not result in database downtime. Which of the following is the best option for data storage? A. AWS S3 B. AWS Redshift C. AWS DynamoDB D. AWS Aurora

Answer - D As per the AWS documentation Aurora does support Schema changes. Amazon Aurora is a MySQL-compatible database that combines the speed and availability of high-end commercial databases with the simplicity and cost-effectiveness of open-source databases. Amazon Aurora has taken a common data definition language (DDL) statement that typically requires hours to complete in MySQL and made it near instantaneous. i.e.0.15 sec for a 100BG table on r3.8xlarge instance. Note: Amazon DynamoDB is schema-less, in that the data items in a table need not have the same attributes or even the same number of attributes. Hence it is not a solution. In Aurora, when a user issues a DDL statement: The database updates the INFORMATION_SCHEMA system table with the new schema. In addition, the database timestamps the operation, records the old schema into a new system table (Schema Version Table), and propagates this change to read replicas. For more information, please check below AWS Docs: https://aws.amazon.com/blogs/database/amazon-aurora-under-the-hood-fast-ddl/ The correct answer is: AWS Aurora

There is a website hosted in AWS that might get a lot of traffic over the next couple of weeks. If the application experiences a natural disaster in the future, which of the following can be used to reduce potential disruption to users? A. Use an ELB to divert traffic to an Infrastructure hosted in another region. B. Use an ELB to divert traffic to an Infrastructure hosted in another AZ. C. Use CloudFormation to create backup resources in another AZ. D. Use Route53 to route to static web site.

Answer - D In a disaster recovery scenario, the best choice out of all given options is to divert the traffic to a static web site. Option A is wrong because ELB can only balance traffic in one region and not across multiple regions. Options B and C are incorrect because using backups across AZ's is not enough for disaster recovery purposes. For more information on disaster recovery in AWS, please visit the following URL: https://aws.amazon.com/premiumsupport/knowledge-center/fail-over-s3-r53/ https://aws.amazon.com/disaster-recovery/ The wordings to reduce the potential disruption in case of issues is pointing to a disaster recovery situation. There is more than 1 way to manage this situation. However we need to choose the best option from the list given here. Out of this the most suitable one is Option D. Note: Usually when we discuss about a disaster recovery scenario we assume that the entire region is affected due to some disaster. So we need the service to be provided from yet another region. So in that case setting up a solution in another AZ will not work as it is in the same region. Option A is incorrect though it mentions yet another region because ELB's cannot span across regions. So out of the options provided Option D is the suitable solution. The correct answer is: Use Route53 to route to static web site.

An application needs to access data in another AWS account in the same region. Which of the following can be used to ensure that the data can be accessed as required? A. Establish a NAT instance between both accounts. B. Use a VPN between both accounts. C. Use a NAT Gateway between both accounts. D. Use VPC Peering between both accounts.

Answer - D Options A and C are incorrect because these are used when private resources are required to access the Internet. Option B is incorrect because it's used to create a connection between the On-premises and AWS resources. AWS Documentation mentions the following about VPC Peering: A VPC Peering connection is a networking connection between two VPCs that enables you to route traffic between them privately. Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC Peering connection between your own VPCs, with a VPC in another AWS account, or with a VPC in a different AWS Region. For more information on VPC Peering, please visit the following URL: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-peering.html The correct answer is: Use VPC Peering between both accounts.

A legacy application needs a proprietary file system. Which of the following can be used to store data accessible by an EC2 instance? A. AWS CloudFront B. AWS S3 C. AWS Glacier D. AWS EFS

Answer - D The AWS Documentation mentions the following: Amazon Elastic File System (Amazon EFS) provides simple, scalable file storage for use with Amazon EC2 instances in the AWS Cloud. Amazon EFS is easy to use and offers a simple interface that allows you to create and configure file systems quickly and easily. With Amazon EFS, storage capacity is elastic, growing and shrinking automatically as you add and remove files, so your applications have the storage they need, when they need it. When mounted on Amazon EC2 instances, an Amazon EFS file system provides a standard file system interface and file system access semantics, allowing you to seamlessly integrate Amazon EFS with your existing applications and tools. Multiple Amazon EC2 instances can access an Amazon EFS file system at the same time, allowing Amazon EFS to provide a common data source for workloads and applications running on more than one Amazon EC2 instance. For more information on AWS EFS, please visit the following URL: https://aws.amazon.com/efs/ Amazon EFS provides scalable file storage for use with Amazon EC2. You can create an EFS file system and configure your instances to mount the file system. You can use an EFS file system as a common data source for workloads and applications running on multiple instances. With Amazon EFS, storage capacity is elastic, growing and shrinking automatically as you add and remove files, so your applications have the storage they need, when they need it. Files and directories in an Amazon EFS file system support standard Unix-style read/write/execute permissions based on the user ID and group ID asserted by the mounting NFSv4.1 client. When a user attempts to access files and directories, Amazon EFS checks their user ID and group IDs to verify the user has permission to access the objects. Amazon EFS also uses these IDs as the owner and group owner for new files and directories the user creates. Amazon EFS is not supported on Windows instances. More information is available at: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEFS.html https://docs.aws.amazon.com/efs/latest/ug/accessing-fs-nfs-permissions.html Option A is a web service that speeds up distribution of your static and dynamic web content Option B is Object based Storage. Option C is Object based and is m ainly used for archiving purpose. The correct answer is: AWS EFS

A Solutions Architect is designing a web page for event registrations. He needs a managed service to send a text message to users every time someone signs up for an event. Which AWS Service should the Architect use to achieve this? A. Amazon STS B. Amazon SQS C. AWS Lambda D. Amazon SNS

Answer - D The AWS Documentation mentions the following: You can use Amazon SNS to send text messages or SMS messages, to SMS-enabled devices. A message can be sent directly to a phone number, or to multiple phone numbers at once by subscribing those phone numbers to a topic and sending your message to the topic. For more information on configuring SNS and SMS messages, please visit the following URL: https://docs.aws.amazon.com/sns/latest/dg/SMSMessages.html The correct answer is: Amazon SNS.

A company is planning to use Docker containers and necessary container orchestration tools for their batch processing requirements. There is a requirement for batch processing for both critical and non-critical data. Which of the following is the best implementation step for this requirement, to ensure that cost is effectively managed? A. Use Kubernetes for container orchestration and Reserved instances for all underlying instances. B. Use ECS orchestration and Reserved Instances for all underlying instances. C. Use Docker for container orchestration and a combination of Spot and Reserved Instances for the underlying instances. D. Use ECS for container orchestration and a combination of Spot and Reserved Instances for the underlying instances.

Answer - D The Elastic Container service from AWS can be used for container orchestration. Since there are both critical and noncritical loads, one can use Spot instances for the non-critical workloads for ensuring cost is kept at a minimum. For more information on AWS ECS, please visit the following URL: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/Welcome.html The correct answer is: Use ECS for container orchestration and a combination of Spot and Reserved Instances for the underlying instances.

You have an application running in us-west-2 requiring 6 EC2 Instances running at all times. With 3 Availability Zones in the region viz. us-west-2a, us-west-2b, and us-west-2c, which of the following deployments provides fault tolerance if an Availability Zone in us-west-2 becomes unavailable? Choose 2 answers from the options given below: A. 2 EC2 Instances in us-west-2a, 2 EC2 Instances in us-west-2b, and 2 EC2 Instances in us-west-2c B. 3 EC2 Instances in us-west-2a, 3 EC2 Instances in us-west-2b, and no EC2 Instances in us-west-2c C. 4 EC2 Instances in us-west-2a, 2 EC2 Instances in us-west-2b, and 2 EC2 Instances in us-west-2c D. 6 EC2 Instances in us-west-2a, 6 EC2 Instances in us-west-2b, and no EC2 Instances in us-west-2c E. 3 EC2 Instances in us-west-2a, 3 EC2 Instances in us-west-2b, and 3 EC2 Instances in us-west-2c

Answer - D and E Option A is incorrect because, even if one AZ becomes unavailable, you would only have 4 instances available. This does not meet the speci ed requirements. Option B is incorrect because, in the case of either us-west-2a or us-west-2b becoming unavailable, you would only have 3 instances available. Even this does not meet the speci ed requirements. Option C is incorrect because, if us-west-2a becomes unavailable, you would only have 4 instances available. This also does not meet the requirements. For more information on AWS Regions and Availability Zones, please visit the following URL: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html Note: In this scenario we need to have 6 instances running all the time even when 1 AZ is down. Option D- US West 2a-6 , US West 2b - 6, US West 2c-0 If US West 2a goes down we will still have 6 instances running in US West 2b If US West 2b goes down we will still have 6 instances running in US West 2a If US West 2c goes down we will still have 6 instances running in US West 2a, 6 instances running in US West 2b Option E- US West 2a-3 , US West 2b - 3, US West 2c-3 If US West 2a goes down we will still have 3 instances running in US West 2b, 3 instances running in US West 2c If US West 2b goes down we will still have 3 instances running in US West 2a, 3 instances running in US West 2c If US West 2c goes down we will still have 3 instances running in US West 2a, 3 instances running in US West 2b The correct answers are: 6 EC2 Instances in us-west-2a, 6 EC2 Instances in us-west-2b, and no EC2 Instances in us-west-2c, 3 EC2 Instances in us-west-2a, 3 EC2 Instances in us-west-2b, and 3 EC2 Instances in us-west-2c

An application allows a manufacturing site to upload files. Each uploaded 3 GB file is processed to extract metadata, and this process takes a few seconds per file. The frequency at which the uploads happen is unpredictable. For instance, there may be no updates for hours, followed by several files being uploaded concurrently. What architecture addresses this workload in the most cost efficient manner? A. Use a Kinesis Data Delivery Stream to store the file. Use Lambda for processing. B. Use an SQS queue to store the file, to be accessed by a fleet of EC2 Instances. C. Store the file in an EBS volume, which can then be accessed by another EC2 Instance for processing. D. Store the file in an S3 bucket. Use Amazon S3 event notification to invoke a Lambda function for file

Answer - D. Store the file in an S3 bucket. Use Amazon S3 event notification to invoke a Lambda function for file processing. You can first create a Lambda function with the code to process the file. You can then use an Event Notification from the S3 bucket to invoke the Lambda function whenever a file is uploaded. For more information on Amazon S3 event notification, please visit the following URL: https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html Option A is incorrect. *Kinesis is used to collect, process and analyze real time data.* Option B is not a solution. The *frequency of updates are quite unpredictable. By default SQS uses short polling*. In this case, it will lead to the *cost factor going up since we are getting messages in an unpredictable manner and many a times it will be returning empty responses.*