AWS Certified Solutions Architect (Associate)

What are acceptable file sizes within S3?

0 bytes to 5TB

Durability level for S3?

11-9's

A favored client needs you to quickly deploy a database that is a relational database service with minimal administration as he wants to spend the least amount of time administering it. Which database would be the best option? A. Amazon RDS B. Amazon SimpleDB C. Your choice of relational AMIs on Amazon EC2 and EBS. D. Amazon Redshift

A. Amazon RDS Amazon Relational Database Service (Amazon RDS) is a web service that makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while managing time-consuming database administration tasks, freeing you up to focus on your applications and business. Amazon RDS gives you access to the capabilities of a familiar MySQL, Oracle, SQL Server, or PostgreSQL database engine. This means that the code, applications, and tools you already use today with your existing databases can be used with Amazon RDS. Amazon RDS automatically patches the database software and backs up your database, storing the backups for a user-defined retention period and enabling point-in-time recovery.

You need to quickly set up an email-sending service because a client needs to start using it in the next hour. Amazon Simple Email Service (Amazon SES) seems to be the logical choice but there are several options available to set it up. Which of the following options to set up SES would best meet the needs of the client? A. Amazon SES console B. Amazon SES API C. AWS Elastic Beanstalk D. SMTP Interface

A. Amazon SES console Amazon SES is an outbound-only email-sending service that provides an easy, cost-effective way for you to send email. There are several ways that you can send an email by using Amazon SES. You can use the Amazon SES console, the Simple Mail Transfer Protocol (SMTP) interface, or you can call the Amazon SES API. Amazon SES console—This method is the quickest way to set up your system

You have a number of image files to encode. In an Amazon SQS worker queue, you create an Amazon SQS message for each file specifying the command (jpeg-encode) and the location of the file in Amazon S3. Which of the following statements best describes the functionality of Amazon SQS? A. Amazon SQS is a distributed queuing system that is optimized for horizontal scalability, not for single-threaded sending or receiving speeds. B. Amazon SQS is a distributed queuing system that is optimized for vertical scalability and for single-threaded sending or receiving speeds. C. Amazon SQS is for single-threaded sending or receiving speeds. D. Amazon SQS is a non-distributed queuing system.

A. Amazon SQS is a distributed queuing system that is optimized for horizontal scalability, not for single-threaded sending or receiving speeds. Amazon SQS is a distributed queuing system that is optimized for horizontal scalability, not for single-threaded sending or receiving speeds. A single client can send or receive Amazon SQS messages at a rate of about 5 to 50 messages per second. Higher receive performance can be achieved by requesting multiple messages (up to 10) in a single call. It may take several seconds before a message that has been to a queue is available to be received.

You are signed in as root user on your account but there is an Amazon S3 bucket under your account that you cannot access. What is a possible reason for this? A. An IAM user assigned a bucket policy to an Amazon S3 bucket and didn't specify the root user as a principal B. You are in the wrong availability zone C. The S3 bucket is full. D. The S3 bucket has reached the maximum number of objects allowed.

A. An IAM user assigned a bucket policy to an Amazon S3 bucket and didn't specify the root user as a principal With IAM, you can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users can access. In some cases, you might have an IAM user with full access to IAM and Amazon S3. If the IAM user assigns a bucket policy to an Amazon S3 bucket and doesn't specify the root user as a principal, the root user is denied access to that bucket. However, as the root user, you can still access the bucket by modifying the bucket policy to allow root user access.

You have been given a scope to deploy some AWS infrastructure for a large organisation. The requirements are that you will have a lot of EC2 instances but may need to add more when the average utilization of your Amazon EC2 fleet is high and conversely remove them when CPU utilization is low. Which AWS services would be best to use to accomplish this? A. Auto Scaling, Amazon CloudWatch and Elastic Load Balancing. B. Auto Scaling, Amazon CloudWatch and AWS CloudTrail. C. Auto Scaling, Amazon CloudWatch and AWS Elastic Beanstalk D. AWS Elastic Beanstalk , Amazon CloudWatch and Elastic Load Balancing.

A. Auto Scaling, Amazon CloudWatch and Elastic Load Balancing. Auto Scaling enables you to follow the demand curve for your applications closely, reducing the need to manually provision Amazon EC2 capacity in advance. For example, you can set a condition to add new Amazon EC2 instances in increments to the Auto Scaling group when the average utilization of your Amazon EC2 fleet is high; and similarly, you can set a condition to remove instances in the same increments when CPU utilization is low. If you have predictable load changes, you can set a schedule through Auto Scaling to plan your scaling activities. You can use Amazon CloudWatch to send alarms to trigger scaling activities and Elastic Load Balancing to help distribute traffic to your instances within Auto Scaling groups. Auto Scaling enables you to run your Amazon EC2 fleet at optimal utilization.

Your organization is in the business of architecting complex transactional databases. For a variety of reasons, this has been done on EBS. What is AWS's recommendation for customers who have architected databases using EBS for backups? A. Backups to Amazon S3 be performed through the database management system. B. If you take regular snapshots no further backups are required. C. Backups to AWS Storage Gateway be performed through the database management system. D. Backups to Amazon Glacier be performed through the database management system.

A. Backups to Amazon S3 be performed through the database management system. Data stored in Amazon EBS volumes is redundantly stored in multiple physical locations as part of normal operation of those services and at no additional charge. However, Amazon EBS replication is stored within the same availability zone, not across multiple zones; therefore, it is highly recommended that you conduct regular snapshots to Amazon S3 for long-term data durability. For customers who have architected complex transactional databases using EBS, it is recommended that backups to Amazon S3 be performed through the database management system so that distributed transactions and logs can be checkpointed. AWS does not perform backups of data that are maintained on virtual disks attached to running instances on Amazon EC2.

In the context of AWS support, why must an EC2 instance be unreachable for 20 minutes rather than allowing customers to open tickets immediately? A. Because most reachability issues are resolved by automated processes in less than 20 minutes B. Because all EC2 instances are unreachable for 20 minutes every day when AWS does routine maintenance C. Because all EC2 instances are unreachable for 20 minutes when first launched D. Because of all the reasons listed here

A. Because most reachability issues are resolved by automated processes in less than 20 minutes An EC2 instance must be unreachable for 20 minutes before opening a ticket, because most reachability issues are resolved by automated processes in less than 20 minutes and will not require any action on the part of the customer. If the instance is still unreachable after this time frame has passed, then you should open a case with support.

You're trying to delete an SSL certificate from the IAM certificate store, and you're getting the message "Certificate: <certificate-id> is being used by CloudFront." Which of the following statements is probably the reason why you are getting this error? A. Before you can delete an SSL certificate, you need to either rotate SSL certificates or revert from using a custom SSL certificate to using the default CloudFront certificate. B. Before you can delete an SSL certificate you need to set up https on your server. C. Before you can delete an SSL certificate, you need to set up the appropriate access level in IAM D. You can't delete SSL certificates . You need to request it from AWS.

A. Before you can delete an SSL certificate, you need to either rotate SSL certificates or revert from using a custom SSL certificate to using the default CloudFront certificate. CloudFront is a web service that speeds up distribution of your static and dynamic web content, for example, .html, .css, .php, and image files, to end users. Every CloudFront web distribution must be associated either with the default CloudFront certificate or with a custom SSL certificate. Before you can delete an SSL certificate, you need to either rotate SSL certificates (replace the current custom SSL certificate with another custom SSL certificate) or revert from using a custom SSL certificate to using the default CloudFront certificate.

After a major security breach your manager has requested a report of all users and their credentials in AWS. You discover that in IAM you can generate and download a credential report that lists all users in your account and the status of their various credentials, including passwords, access keys, MFA devices, and signing certificates. Which following statement is incorrect in regards to the use of credential reports? A. Credential reports are downloaded XML files. B. You can generate a credential report as often as once every four hours. C. You can get a credential report using the AWS Management Console, the AWS CLI, or the IAM API. D. You can grant permissions to an auditor so that he or she can download the report directly.

A. Credential reports are downloaded XML files. To access your AWS account resources, users must have credentials. You can generate and download a credential report that lists all users in your account and the status of their various credentials, including passwords, access keys, MFA devices, and signing certificates. You can get a credential report using the AWS Management Console, the AWS CLI, or the IAM API. You can use credential reports to assist in your auditing and compliance efforts. You can use the report to audit the effects of credential lifecycle requirements, such as password rotation. You can provide the report to an external auditor, or grant permissions to an auditor so that he or she can download the report directly. You can generate a credential report as often as once every four hours. When you request a report, IAM first checks whether a report for the account has been generated within the past four hours. If so, the most recent report is downloaded. If the most recent report for the account is more than four hours old, or if there are no previous reports for the account, IAM generates and downloads a new report. Credential reports are downloaded as comma-separated values (CSV) files. You can open CSV files with common spreadsheet software to perform analysis, or you can build an application that consumes the CSV files programmatically and performs custom analysis.

An organization has a statutory requirement to protect the data at rest for the S3 objects. Which of the below mentioned options need not be enabled by the organization to achieve data security? A. Data replication B. Bucket versioning C. MFA delete for S3 objects D. Client side encryption

A. Data replication AWS S3 provides multiple options to achieve the protection of data at REST. The options include Permission (Policy), Encryption (Client and Server Side), Bucket Versioning and MFA based delete. The user can enable any of these options to achieve data protection. Data replication is an internal facility by AWS where S3 replicates each object across all the Availability Zones and the organization need not enable it in this case.

A user is running a batch process which runs for 1 hour every day. Which of the below mentioned options is the right instance type and costing model in this case if the user performs the same task for the whole year? A. EBS backed instance with on-demand instance pricing. B. EBS backed instance with heavy utilized reserved instance pricing. C. Instance store backed instance with spot instance pricing. D. EBS backed instance with low utilized reserved instance pricing.

A. EBS backed instance with on-demand instance pricing. For Amazon Web Services, the reserved instance helps the user save money if the user is going to run the same instance for a longer period. Generally if the user uses the instances around 30-40% annually it is recommended to use RI. Here as the instance runs only for 1 hour daily it is not recommended to have RI as it will be costlier. The user should use on-demand with EBS in this case.

Your EBS volumes do not seem to be performing as expected and your team leader has requested you look into improving their performance. Which of the following is not a true statement relating to the performance of your EBS volumes? A. Frequent snapshots provide a higher level of data durability and they will not degrade the performance of your application while the snapshot is in progress. B. There is a relationship between the maximum performance of your EBS volumes, the amount of I/O you are driving to them, and the amount of time it takes for each transaction to complete. C. You can benchmark your storage and compute configuration to make sure you achieve the level of performance you expect to see before taking your application live. D. Amazon Web Services provides performance metrics for EBS that you can analyze and view with Amazon CloudWatch.

A. Frequent snapshots provide a higher level of data durability and they will not degrade the performance of your application while the snapshot is in progress. Several factors can affect the performance of Amazon EBS volumes, such as instance configuration, I/O characteristics, workload demand, and storage configuration. **Frequent snapshots provide a higher level of data durability, but they may slightly degrade the performance of your application while the snapshot is in progress. This trade off becomes critical when you have data that changes rapidly. Whenever possible, plan for snapshots to occur during off-peak times in order to minimize workload impact.

You've created your first load balancer and have registered your EC2 instances with the load balancer. Elastic Load Balancing routinely performs health checks on all the registered EC2 instances and automatically distributes all incoming requests to the DNS name of your load balancer across your registered, healthy EC2 instances. By default, the load balancer uses the ___ protocol for checking the health of your instances. A. HTTP B. TCP C. SSL D. ICMP

A. HTTP In Elastic Load Balancing a health configuration uses information such as protocol, ping port, ping path (URL), response timeout period, and health check interval to determine the health state of the instances registered with the load balancer. Currently, HTTP on port 80 is the default health check.

A client of yours has a huge amount of data stored on Amazon S3, but is concerned about someone stealing it while it is in transit. You know that all data is encrypted in transit on AWS, but which of the following is wrong when describing server-side encryption on AWS? A. In server-side encryption, you manage encryption/decryption of your data, the encryption keys, and related tools. B. Amazon S3 encrypts each object with a unique key. C. Server-side encryption is about data encryption at rest—that is, Amazon S3 encrypts your data as it writes it to disks. D. Amazon S3 server-side encryption employs strong multi-factor encryption.

A. In server-side encryption, you manage encryption/decryption of your data, the encryption keys, and related tools. Amazon S3 encrypts your object before saving it on disks in its data centers and decrypts it when you download the objects. You have two options depending on how you choose to manage the encryption keys: Server-side encryption and client-side encryption. Server-side encryption is about data encryption at rest—that is, Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts it for you when you access it. As long as you authenticate your request and you have access permissions, there is no difference in the way you access encrypted or unencrypted objects. Amazon S3 manages encryption and decryption for you. For example, if you share your objects using a pre-signed URL, that URL works the same way for both encrypted and unencrypted objects. In client-side encryption, you manage encryption/decryption of your data, the encryption keys, and related tools. Server-side encryption is an alternative to client-side encryption in which Amazon S3 manages the encryption of your data, freeing you from the tasks of managing encryption and encryption keys. Amazon S3 server-side encryption employs strong multi-factor encryption. Amazon S3 encrypts each object with a unique key. As an additional safeguard, it encrypts the key itself with a master key that it regularly rotates. Amazon S3 server-side encryption uses one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256), to encrypt your data.

A user has defined an AutoScaling termination policy to first delete the instance with the nearest billing hour. AutoScaling has launched 3 instances in the US-East-1A region and 2 instances in the US-East-1B region. One of the instances in the US-East-1B region is running nearest to the billing hour. Which instance will AutoScaling terminate first while executing the termination action? A. Instance with the nearest billing hour in US-East-1A B. Instance with the nearest billing hour in US-East-1B C. Random Instance from US-East-1A D. Random instance from US-East-1B

A. Instance with the nearest billing hour in US-East-1A Even though the user has configured the termination policy, before AutoScaling selects an instance to terminate, it first identifies the Availability Zone that has more instances than the other Availability Zones used by the group. Within the selected Availability Zone, it identifies the instance that matches the specified termination policy.

Which DNS name can only be resolved within Amazon EC2? A. Internal DNS name B. Global DNS name C. Public DNS name D. Private DNS name

A. Internal DNS name Only Internal DNS name can be resolved within Amazon EC2.

Can resource record sets in a hosted zone have a different domain suffix (for example, www.blog. acme.com and www.acme.ca)? A. No B. Yes C. Yes, it can have depending on the TLD. D. Yes, it can have for a maximum of three different TLDs.

A. No The resource record sets contained in a hosted zone must share the same suffix. For example, the example.com hosted zone can contain resource record sets for www.example.com and www.aws.example.com subdomains, but it cannot contain resource record sets for a www.example.ca subdomain.

Just when you thought you knew every possible storage option on AWS you hear someone mention Reduced Redundancy Storage (RRS) within Amazon S3. What is the ideal scenario to use Reduced Redundancy Storage (RRS)? A. Non-critical or reproducible data B. Huge volumes of data C. Critical data D. Sensitve data

A. Non-critical or reproducible data Reduced Redundancy Storage (RRS) is a new storage option within Amazon S3 that enables customers to reduce their costs by storing non-critical, reproducible data at lower levels of redundancy than Amazon S3's standard storage. RRS provides a lower cost, less durable, highly available storage option that is designed to sustain the loss of data in a single facility. RRS is ideal for non-critical or reproducible data. For example, RRS is a cost-effective solution for sharing media content that is durably stored elsewhere. RRS also makes sense if you are storing thumbnails and other resized images that can be easily reproduced from an original image.

A user is currently building a website which will require a large number of instances in six months, when a demonstration of the new site will be given upon launch. Which of the below mentioned options allows the user to procure the resources beforehand so that they need not worry about infrastructure availability during the demonstration? A. Procure all the instances as reserved instances beforehand. B. Ask AWS now to procure the dedicated instances in 6 months. C. Launch all the instances as part of the cluster group to ensure resource availability. D. Pre-warm all the instances one month prior to ensure resource availability.

A. Procure all the instances as reserved instances beforehand. Amazon Web Services has massive hardware resources at its data centers, but they are finite. The best way for users to maximize their access to these resources is by reserving a portion of the computing capacity that they require. This can be done through reserved instances. With reserved instances, the user literally reserves the computing capacity in the Amazon Web Services cloud.

You are setting up some IAM user policies and have also become aware that some services support resource-based permissions, which let you attach policies to the service's resources instead of to IAM users or groups. Which of the below statements is true in regards to resource-level permissions? A. Some services support resource-level permissions only for some actions. B. All services support resource-level permissions for all actions. C. Resource-level permissions are supported by Amazon CloudFront D. All services support resource-level permissions only for some actions.

A. Some services support resource-level permissions only for some actions. AWS Identity and Access Management is a web service that enables Amazon Web Services (AWS) customers to manage users and user permissions in AWS. The service is targeted at organizations with multiple users or systems that use AWS products such as Amazon EC2, Amazon RDS, and the AWS Management Console. With IAM, you can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users can access. In addition to supporting IAM user policies, some services support resource-based permissions, which let you attach policies to the service's resources instead of to IAM users or groups. Resource-based permissions are supported by Amazon S3, Amazon SNS, and Amazon SQS. The resource-level permissions service supports IAM policies in which you can specify individual resources using Amazon Resource Names (ARNs) in the policy's Resource element. Some services support resource-level permissions only for some actions.

A user wants to increase the durability and availability of the EBS volume. Which of the below mentioned actions should he perform? A. Take regular snapshots. B. Access EBS regularly. C. Create an AMI. D. Create EBS with higher capacity.

A. Take regular snapshots. In Amazon Web Services, Amazon EBS volumes that operate with 20 GB or less of modified data since their most recent snapshot can expect an annual failure rate (AFR) between 0.1% and 0.5%. For this reason, to maximize both durability and availability of their Amazon EBS data, the user should frequently create snapshots of the Amazon EBS volumes.

A user has set up the CloudWatch alarm on the CPU utilization metric at 50%, with a time interval of 5 minutes and 10 periods to monitor. What will be the state of the alarm at the end of 90 minutes, if the CPU utilization is constant at 80%? INSUFFICIENT_DATA ALARM ALERT OK

ALARM In this case the alarm watches a metric every 5 minutes for 10 intervals. Thus, it needs at least 50 minutes to come to the "OK" state. Till then it will be in the INSUFFUCIENT_DATA state. Since 90 minutes have passed and CPU utilization is at 80% constant, the state of alarm will be "ALARM".

What is the time period with which metric data is sent to CloudWatch when detailed monitoring is enabled on an Amazon EC2 instance? A. 5 minutes B. 1 minute C. 30 seconds D. 45 seconds

B. 1 minute By default, Amazon EC2 metric data is automatically sent to CloudWatch in 5-minute periods. However, you can, enable detailed monitoring on an Amazon EC2 instance, which sends data to CloudWatch in 1-minute periods

How long does an AWS free usage tier EC2 last for? A. Forever B. 12 Months upon signup C. 6 Months upon signup D. 1 Month upon signup

B. 12 Months upon signup The AWS free usage tier will expire 12 months from the date you sign up. When your free usage expires or if your application use exceeds the free usage tiers, you simply pay the standard, pay-as-you-go service rates.

You are configuring a new VPC for one of your clients for a cloud migration project, and only a public VPN will be in place. After you created your VPC, you created a new subnet, a new internet gateway, and attached your internet gateway to your VPC. When you launched your first instance into your VPC, you realized that you aren't able to connect to the instance, even if it is configured with an elastic IP. What should be done to access the instance? A. A NAT instance should be created and all traffic should be forwarded to NAT instance. B. A route should be created as 0.0.0.0/0 and your internet gateway as target. C. Attach another ENI to the instance and connect via new ENI. D. A NACL should be created that allows all outbound traffic.

B. A route should be created as 0.0.0.0/0 and your internet gateway as target. All traffic should be routed via Internet Gateway. So, a route should be created with 0.0.0.0/0 as a source, and your Internet Gateway as your target.

Any person or application that interacts with AWS requires security credentials. AWS uses these credentials to identify who is making the call and whether to allow the requested access. You have just set up a VPC network for a client and you are now thinking about the best way to secure this network. You set up a security group called vpcsecuritygroup . Which following statement is true in respect to the initial settings that will be applied to this security group if you choose to use the default settings for this group? A. Allow all inbound traffic and allow no outbound traffic. B. Allow no inbound traffic and allow all outbound traffic. C. Allow all inbound traffic and allow all outbound traffic. D. Allow no inbound traffic and allow no outbound traffic.

B. Allow no inbound traffic and allow all outbound traffic. Amazon VPC provides advanced security features such as security groups and network access control lists to enable inbound and outbound filtering at the instance level and subnet level. AWS assigns each security group a unique ID in the form sg-xxxxxxxx. The following are the initial settings for a security group that you create: Allow no inbound traffic Allow all outbound traffic

____________ is a fast, flexible, fully managed push messaging service. A. Amazon SQS B. Amazon SNS C. Amazon FPS D. Amazon SES

B. Amazon SNS Amazon Simple Notification Service (Amazon SNS) is a fast, flexible, fully managed push messaging service. Amazon SNS makes it simple and cost-effective to push to mobile devices such as iPhone, iPad, Android, Kindle Fire, and internet connected smart devices, as well as pushing to other distributed services.

An organization has three separate AWS accounts, one each for development, testing, and production. The organization wants the testing team to have access to certain AWS resources in the production account. How can the organization achieve this? A. Create the IAM users with cross account access. B. Create the IAM roles with cross account access. C. Create the IAM user in a test account, and allow it access to the production environment with the IAM policy. D. It is not possible to access resources of one account with another account.

B. Create the IAM roles with cross account access. An organization has multiple AWS accounts to isolate a development environment from a testing or production environment. At times the users from one account need to access resources in the other account, such as promoting an update from the development environment to the production environment. In this case the IAM role with cross account access will provide a solution. Cross account access lets one account share access to their resources with users in the other AWS accounts.

Doug has created a VPC with CIDR 10.201.0.0/16 in his AWS account. In this VPC he has created a public subnet with CIDR block 10.201.31.0/24. While launching a new EC2 from the console, he is not able to assign the private IP address 10.201.31.6 to this instance. Which is the most likely reason for this issue? A. Private IP address 10.201.31.6 is blocked via ACLs in Amazon infrastructure as a part of platform security. B. Private address IP 10.201.31.6 is currently assigned to another interface. C. Private IP address 10.201.31.6 is not part of the associated subnet's IP address range. D. Private IP address 10.201.31.6 is reserved by Amazon for IP networking purposes.

B. Private address IP 10.201.31.6 is currently assigned to another interface. In Amazon VPC, you can assign any Private IP address to your instance as long as it is: Part of the associated subnet's IP address range Not reserved by Amazon for IP networking purposes Not currently assigned to another interface

George has launched three EC2 instances inside the US-East-1a zone with his AWS account. Ray has launched two EC2 instances in the US-East-1a zone with his AWS account. Which of the below mentioned statements will help George and Ray understand the availability zone (AZ) concept better? A. The instances of George and Ray will be running in the same data centre B. The US-East-1a region of George and Ray can be different availability zones C. All the instances of George and Ray can communicate over a private IP with a minimal cost D. All the instances of George and Ray can communicate over a private IP without any cost

B. The US-East-1a region of George and Ray can be different availability zones Each AWS region has multiple, isolated locations known as Availability Zones. To ensure that the AWS resources are distributed across the Availability Zones for a region, AWS independently maps the Availability Zones to identifiers for each account. In this case the Availability Zone US-East-1a where George's EC2 instances are running might not be the same location as the US-East-1a zone of Ray's EC2 instances. There is no way for the user to coordinate the Availability Zones between accounts.

After setting up an EC2 security group with a cluster of 20 EC2 instances, you find an error in the security group settings. You quickly make changes to the security group settings. When will the changes to the settings be effective? A. The settings will be effective only for the new instances added to the security group. B. The settings will be effective immediately for all the instances in the security group. C. The settings will be effective for all the instances only after 30 minutes. D. The settings will be effective only when all the instances are restarted.

B. The settings will be effective immediately for all the instances in the security group. Amazon Redshift applies changes to a cluster security group immediately. So if you have associated the cluster security group with a cluster, inbound cluster access rules in the updated cluster security group apply immediately.

A user has launched an EC2 instance. The instance got terminated as soon as it was launched. Which of the below mentioned options is not a possible reason for this? A. The snapshot is corrupt B. The user account has reached the maximum EC2 instance limit C. The AMI is missing. It is the required part D. The user account has reached the maximum volume limit

B. The user account has reached the maximum EC2 instance limit When the user account has reached the maximum number of EC2 instances, it will not be allowed to launch an instance. AWS will throw an 'InstanceLimitExceeded' error. For all other reasons, such as "AMI is missing part", "Corrupt Snapshot" or "Volume limit has reached" it will launch an EC2 instance and then terminate it.

Regarding Amazon Route 53, if your application is running on Amazon EC2 instances in two or more Amazon EC2 regions and if you have more than one Amazon EC2 instance in one or more regions, you can use _______ to route traffic to the correct region and then use ________to route traffic to instances within the region, based on probabilities that you specify. A. weighted-based routing; weighted resource record sets B. latency-based routing; weighted resource record sets C. latency-based routing; alias resource record sets D. weighted-based routing; alias resource record sets

B. latency-based routing; weighted resource record sets Regarding Amazon Route 53, if your application is running on Amazon EC2 instances in two or more Amazon EC2 regions, and if you have more than one Amazon EC2 instance in one or more regions, you can use latency-based routing to route traffic to the correct region and then use weighted resource record sets to route traffic to instances within the region based on weights that you specify.

Amazon EBS provides the ability to create backups of any Amazon EC2 volume into what is known as _____. A. instance copies B. snapshots C. images D. mirrors

B. snapshots Amazon allows you to make backups of the data stored in your EBS volumes through snapshots that can later be used to create a new EBS volume.

In Amazon CloudFront, if you use Amazon EC2 instances and other custom origins with CloudFront, it is recommended to_____. A. enable access key rotation for CloudWatch metrics B. specify the URL of the load balancer for the domain name of your origin server C. restrict Internet communication to private instances while allowing outgoing traffic D. not use Elastic Load Balancing

B. specify the URL of the load balancer for the domain name of your origin server In Amazon CloudFront, you should use an Elastic Load Balancing load balancer to handle traffic across multiple Amazon EC2 instances and to isolate your application from changes to Amazon EC2 instances. When you create your CloudFront distribution, specify the URL of the load balancer for the domain name of your origin server.

What is the availability for S3 and what does SLA guarantee?

Built for 99.99% availability AWS guarantee 99.9% availiablity (AWS SLA)

A user is planning to make a mobile game which can be played online or offline and will be hosted on EC2. The user wants to ensure that if someone breaks the highest score or they achieve some milestone they can inform all their colleagues through email. Which of the below mentioned AWS services helps achieve this goal? A. Amazon Cognito B. AWS Simple Queue Service. C. AWS Simple Email Service. D. AWS Simple Workflow Service.

C. AWS Simple Email Service. Amazon Simple Email Service (Amazon SES) is a highly scalable and cost-effective email-sending service for businesses and developers. It integrates with other AWS services, making it easy to send emails from applications that are hosted on AWS.

A user is planning to host a mobile game on EC2 which sends notifications to active users on either high score or the addition of new features. The user should get this notification when he is online on his mobile device. Which of the below mentioned AWS services can help achieve this functionality? A. AWS Simple Email Service. B. AWS Mobile Communication Service. C. AWS Simple Notification Service. D. AWS Simple Queue Service.

C. AWS Simple Notification Service. Amazon Simple Notification Service (Amazon SNS) is a fast, flexible, and fully managed push messaging service. Amazon SNS makes it simple and cost-effective to push to mobile devices, such as iPhone, iPad, Android, Kindle Fire, and internet connected smart devices, as well as pushing to other distributed services.

A major customer has asked you to set up his AWS infrastructure so that it will be easy to recover in the case of a disaster of some sort. Which of the following is important when thinking about being able to quickly launch resources in AWS to ensure business continuity in case of a disaster? A. Create and maintain AMIs of key servers where fast recovery is required. B. Regularly run your servers, test them, and apply any software updates and configuration changes. C. All items listed here are important when thinking about disaster recovery. D. Ensure that you have all supporting custom software packages available in AWS.

C. All items listed here are important when thinking about disaster recovery. In the event of a disaster to your AWS infrastructure you should be able to quickly launch resources in Amazon Web Services (AWS) to ensure business continuity. The following are some key steps you should have in place for preparation: 1. Set up Amazon EC2 instances to replicate or mirror data. 2. Ensure that you have all supporting custom software packages available in AWS. 3. Create and maintain AMIs of key servers where fast recovery is required. 4. Regularly run these servers, test them, and apply any software updates and configuration changes. 5. Consider automating the provisioning of AWS resources.

Which one of the following can't be used as an origin server with Amazon CloudFront? A. A web server running on Amazon EC2 instances B. Amazon S3 C. Amazon Glacier D. A web server running in your infrastructure

C. Amazon Glacier Amazon CloudFront is designed to work with Amazon S3 as your origin server, customers can also use Amazon CloudFront with origin servers running on Amazon EC2 instances or with any other custom origin.

Name the disk storage supported by Amazon Elastic Compute Cloud (EC2). A. Amazon SNS store B. Amazon AppStream store C. Amazon Instance Store D. None of these

C. Amazon Instance Store Amazon EC2 supports the following storage options: Amazon Elastic Block Store (Amazon EBS) Amazon EC2 Instance Store Amazon Simple Storage Service (Amazon S3)

A client needs you to import some existing infrastructure from a dedicated hosting provider to AWS to try and save on the cost of running his current website. He also needs an automated process that manages backups, software patching, automatic failure detection, and recovery. You are aware that his existing set up currently uses an Oracle database. Which of the following AWS databases would be best for accomplishing this task? A. Amazon ElastiCache B. Amazon Redshift C. Amazon RDS D. Amazon SimpleDB

C. Amazon RDS Amazon RDS gives you access to the capabilities of a familiar MySQL, Oracle, SQL Server, or PostgreSQL database engine. This means that the code, applications, and tools you already use today with your existing databases can be used with Amazon RDS. Amazon RDS automatically patches the database software and backs up your database, storing the backups for a user-defined retention period and enabling point-in-time recovery.

An edge location refers to which Amazon Web Service? A. An edge location is a Zone within an AWS Region B. An edge location is an AWS Region C. An edge location is the location of the data center used for Amazon CloudFront. D. An edge location is refered to the network configured within a Zone or Region

C. An edge location is the location of the data center used for Amazon CloudFront. Amazon CloudFront is a content distribution network. A content delivery network or content distribution network (CDN) is a large distributed system of servers deployed in multiple data centers across the world. The location of the data center used for CDN is called edge location. Amazon CloudFront can cache static content at each edge location. This means that your popular static content (e.g., your site's logo, navigational images, cascading style sheets, JavaScript code, etc.) will be available at a nearby edge location for the browsers to download with low latency and improved performance for viewers. Caching popular static content with Amazon CloudFront also helps you offload requests for such files from your origin sever - CloudFront serves the cached copy when available and only makes a request to your origin server if the edge location receiving the browser's request does not have a copy of the file.

A user has attached 1 EBS volume to a VPC instance. The user wants to achieve the best fault tolerance of data possible. Which of the below mentioned options can help achieve fault tolerance? A. Connect multiple volumes and stripe them with RAID 6 configuration. B. Attach one more volume with RAID 0 configuration. C. Attach one more volume with RAID 1 configuration. D. Use the EBS volume as a root device.

C. Attach one more volume with RAID 1 configuration. The user can join multiple provisioned IOPS volumes together in a RAID 1 configuration to achieve better fault tolerance. RAID 1 does not provide a write performance improvement; it requires more bandwidth than non-RAID configurations since the data is written simultaneously to multiple volumes.

You want to establish a dedicated network connection from your premises to AWS in order to save money by transferring data directly to AWS rather than through your internet service provider. You are sure there must be some other benefits beyond cost savings. Which of the following would not be considered a benefit if you were to establish such a connection? A. Reduced bandwidth costs. B. Private connectivity to your Amazon VPC. C. Everything listed is a benefit. D. Simplicity

C. Everything listed is a benefit. AWS Direct Connect makes it easy to establish a dedicated network connection from your premises to AWS. Using AWS Direct Connect, you can establish private connectivity between AWS and your datacenter, office, or colocation environment, which in many cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than internet-based connections. You could expect the following benefits if you use AWS Direct Connect. Reduced bandwidth costs Consistent network performance Compatibility with all AWS services Private connectivity to your Amazon VPC Elasticity Simplicity

You are architecting an auto-scalable batch processing system using video processing pipelines and Amazon Simple Queue Service (Amazon SQS) for a customer. You are unsure of the limitations of SQS and need to find out. What do you think is a correct statement about the limitations of Amazon SQS? A. It supports a limited number of queues but an unlimited number of messages per queue for each user and automatically deletes messages that have been in the queue for more than 4 days. B. It supports an unlimited number of queues but a limited number of messages per queue for each user but automatically deletes messages that have been in the queue for more than 4 weeks. C. It supports an unlimited number of queues and unlimited number of messages per queue for each user but automatically deletes messages that have been in the queue for more than 4 days. D. It supports an unlimited number of queues and unlimited number of messages per queue for each user but automatically deletes messages that have been in the queue for more than 4 weeks.

C. It supports an unlimited number of queues and unlimited number of messages per queue for each user but automatically deletes messages that have been in the queue for more than 4 days. Amazon Simple Queue Service (Amazon SQS) is a messaging queue service that handles message or workflows between other components in a system. Amazon SQS supports an unlimited number of queues and unlimited number of messages per queue for each user. Please be aware that Amazon SQS automatically deletes messages that have been in the queue for more than 4 days.

Can I change the EC2 security groups after an instance is launched in EC2-Classic? A. Yes, you can only when you remove rules from a security group. B. Yes, you can only when you add rules to a security group. C. No, you cannot change security groups after you launch an instance in EC2-Classic. D. Yes, you can change security groups after you launch an instance in EC2-Classic.

C. No, you cannot change security groups after you launch an instance in EC2-Classic. After you launch an instance in EC2-Classic, you can't change its security groups. However, you can add rules to or remove rules from a security group, and those changes are automatically applied to all instances that are associated with the security group.

You have created a Route 53 latency record set from your domain to a machine in Northern Virginia and a similar record to a machine in Sydney. When a user located in U S visits your domain he will be routed to: A. Sydney B. Depends on the Weighted Resource Record Sets C. Northern Virginia D. Both, Northern Virginia and Sydney

C. Northern Virginia If your application is running on Amazon EC2 instances in two or more Amazon EC2 regions, and if you have more than one Amazon EC2 instance in one or more regions, you can use latency-based routing to route traffic to the correct region and then use weighted resource record sets to route traffic to instances within the region based on weights that you specify. For example, suppose you have three Amazon EC2 instances with Elastic IP addresses in the US East (Virginia) region and you want to distribute requests across all three IPs evenly for users for whom US East (Virginia) is the appropriate region. Just one Amazon EC2 instance is sufficient in the other regions, although you can apply the same technique to many regions at once.

Identify a true statement about the On-Demand instances purchasing option provided by Amazon EC2. A. Pay for the instances that you use by the hour, with long-term commitments or up-front payments. B. Specify the minimum hourly price that you are willing to pay to run a particular instance type. C. Pay for the instances that you use by the hour, with no long-term commitments or up-front payments. D. Make a high, one-time, all-front payment for an instance, reserve it for a one- or three-year term, and pay a significantly higher hourly rate for these instances.

C. Pay for the instances that you use by the hour, with no long-term commitments or up-front payments. On-Demand instances allow you to pay for the instances that you use by the hour, with no long-term commitments or up-front payments.

A user is sending bulk emails using AWS SES. The emails are not reaching some of the targeted audience because they are not authorized by the ISPs. How can the user ensure that the emails are all delivered? A. Open a ticket with AWS support to get it authorized with the ISP. B. Send an email using SMTP with SES. C. Send an email using DKIM with SES. D. Authorize the ISP by sending emails from the development account.

C. Send an email using DKIM with SES. DomainKeys Identified Mail (DKIM) is a standard that allows senders to sign their email messages and ISPs, and use those signatures to verify that those messages are legitimate and have not been modified by a third party in transit.

A user has created an ELB with the availability zone US-East-1A. The user wants to add more zones to ELB to achieve High Availability. How can the user add more zones to the existing ELB? A. The user should stop the ELB and add zones and instances as required B. It is not possible to add more zones to the existing ELB C. The user can add zones on the fly from the AWS console D. The only option is to launch instances in different zones and add to ELB

C. The user can add zones on the fly from the AWS console The user has created an Elastic Load Balancer with the availability zone and wants to add more zones to the existing ELB. The user can do so in two ways: 1. From the console or CLI, add new zones to ELB; 2. Launch instances in a separate AZ and add instances to the existing ELB.

A user is observing the EC2 CPU utilization metric on CloudWatch. The user has observed some interesting patterns while filtering over the 1 week period for a particular hour. The user wants to zoom that data point to a more granular period. How can the user do that easily with CloudWatch? A. The user can zoom a particular period by double clicking on that period with the mouse B. The user can zoom a particular period by specifying the aggregation data for that period C. The user can zoom a particular period by selecting that period with the mouse and then releasing the mouse D. The user can zoom a particular period by specifying the period in the Time Range

C. The user can zoom a particular period by selecting that period with the mouse and then releasing the mouse Amazon CloudWatch provides the functionality to graph the metric data generated either by the AWS services or the custom metric to make it easier for the user to analyse. The AWS CloudWatch console provides the option to change the granularity of a graph and zoom in to see data over a shorter time period. To zoom, the user has to click in the graph details pane, drag on the graph area for selection, and then release the mouse button.

A user has created an application which will be hosted on EC2. The application makes calls to DynamoDB to fetch certain data. The application is using the DynamoDB SDK to connect with from the EC2 instance. Which of the below mentioned statements is true with respect to the best practice for security in this scenario? A. The user should create an IAM role, which has EC2 access so that it will allow deploying the application B. The user should create an IAM user with DynamoDB access and use its credentials within the application to connect with DynamoDB C. The user should attach an IAM role with DynamoDB access to the EC2 instance D. The user should create an IAM user with DynamoDB and EC2 access. Attach the user with the application so that it does not use the root account credentials

C. The user should attach an IAM role with DynamoDB access to the EC2 instance With AWS IAM a user is creating an application which runs on an EC2 instance and makes requests to AWS, such as DynamoDB or S3 calls. Here it is recommended that the user should not create an IAM user and pass the user's credentials to the application or embed those credentials inside the application. Instead, the user should use roles for EC2 and give that role access to DynamoDB /S3. When the roles are attached to EC2, it will give temporary security credentials to the application hosted on that EC2, to connect with DynamoDB / S3.

To specify a resource in a policy statement, in Amazon EC2, can you use its Amazon Resource Name (ARN)? A. Yes, you can but only for the resources that are not affected by the action. B. No, you can't because EC2 is not related to ARN. C. Yes, you can. D. No, you can't because you can't specify a particular Amazon EC2 resource in an IAM policy.

C. Yes, you can. Some Amazon EC2 API actions allow you to include specific resources in your policy that can be created or modified by the action. To specify a resource in the statement, you need to use its Amazon Resource Name (ARN).

You are running PostgreSQL on Amazon RDS and it seems to be all running smoothly deployed in one availability zone. A database administrator asks you if DB instances running PostgreSQL support Multi-AZ deployments. What would be a correct response to this question? A. No. B. Yes but you need to request the service from AWS. C. Yes. D. Yes but only for small db instances.

C. Yes. Amazon RDS supports DB instances running several versions of PostgreSQL. Currently we support PostgreSQL versions 9.3.1, 9.3.2, and 9.3.3. You can create DB instances and DB snapshots, point-in-time restores and backups. DB instances running PostgreSQL support Multi-AZ deployments, Provisioned IOPS, and can be created inside a VPC. You can also use SSL to connect to a DB instance running PostgreSQL. You can use any standard SQL client application to run commands for the instance from your client computer. Such applications include pgAdmin, a popular Open Source administration and development tool for PostgreSQL, or psql, a command line utility that is part of a PostgreSQL installation. In order to deliver a managed service experience, Amazon RDS does not provide host access to DB instances, and it restricts access to certain system procedures and tables that require advanced privileges. Amazon RDS supports access to databases on a DB instance using any standard SQL client application. Amazon RDS does not allow direct host access to a DB instance via Telnet or Secure Shell (SSH).

A friend tells you he is being charged $100 a month to host his WordPress website, and you tell him you can move it to AWS for him and he will only pay a fraction of that, which makes him very happy. He then tells you he is being charged $50 a month for the domain, which is registered with the same people that set it up, and he asks if it's possible to move that to AWS as well. You tell him you aren't sure, but will look into it. Which of the following statements is true in regards to transferring domain names to AWS? A. You can't transfer existing domains to AWS but you can if you make a special request to AWS support to allow it. B. You can transfer existing domains via AWS Direct Connect. C. You can transfer existing domains into Amazon Route 53's management. D. You can't transfer existing domains to AWS.

C. You can transfer existing domains into Amazon Route 53's management. With Amazon Route 53, you can create and manage your public DNS records with the AWS Management Console or with an easy-to-use API. If you need a domain name, you can find an available name and register it using Amazon Route 53. You can also transfer existing domains into Amazon Route 53's management.

In relation to AWS CloudHSM, High-availability (HA) recovery is hands-off resumption by failed HA group members. Prior to the introduction of this function, the HA feature provided redundancy and performance, but required that a failed/lost group member be ___________ reinstated. A. automatically B. periodically C. manually D. continuosly

C. manually In relation to AWS CloudHSM, High-availability (HA) recovery is hands-off resumption by failed HA group members. Prior to the introduction of this function, the HA feature provided redundancy and performance, but required that a failed/lost group member be manually reinstated.

Select the correct statement: Within Amazon EC2, when using Linux instances, the device name /dev/sda1 is _____. A. reserved for EBS volumes B. recommended for instance store volumes C. reserved for the root device D. recommended for EBS volumes

C. reserved for the root device Within Amazon EC2, when using a Linux instance, the device name /dev/sda1 is reserved for the root device.

In Amazon EC2, you are billed instance-hours when _____. A. EC2 instances stop B. your instance still exits the EC2 console C. your EC2 instance is in a running state D. the instance exits from Amazon S3 console

C. your EC2 instance is in a running state You are billed instance-hours as long as your EC2 instance is in a running state.

All Amazon EC2 instances are assigned two IP addresses at launch. Which are those? A. A public IP address and an Elastic IP address B. 2 private IP addresses C. 2 Elastic IP addresses D. A private IP address and a public IP address

D. A private IP address and a public IP address In Amazon EC2-Classic every instance is given two IP Addresses: a private IP address and a public IP address

After you recommend Amazon Redshift to a client as an alternative solution to paying data warehouses to analyze his data, your client asks you to explain why you are recommending Redshift. Which of the following would be a reasonable response to his request? A. It uses primary keys to access data and doesn't need complex query capabilities like transactions or joins. B. It has high performance at scale as data and query complexity grows. C. You don't have the administrative burden of running your own data warehouse and dealing with setup, durability, monitoring, scaling, and patching. D. All answers listed are a reasonable response to his question

D. All answers listed are a reasonable response to his question Amazon Redshift delivers fast query performance by using columnar storage technology to improve I/O efficiency and parallelizing queries across multiple nodes. Redshift uses standard PostgreSQL JDBC and ODBC drivers, allowing you to use a wide range of familiar SQL clients. Data load speed scales linearly with cluster size, with integrations to Amazon S3, Amazon DynamoDB, Amazon Elastic MapReduce, Amazon Kinesis or any SSH-enabled host. AWS recommends Amazon Redshift for customers who have a combination of needs, such as: High performance at scale as data and query complexity grows Desire to prevent reporting and analytic processing from interfering with the performance of OLTP workloads Large volumes of structured data to persist and query using standard SQL and existing BI tools Desire to the administrative burden of running one's own data warehouse and dealing with setup, durability, monitoring, scaling and patching

An application hosted at the EC2 instance receives an HTTP request from ELB. The same request has an X-Forwarded-For header, which has three IP addresses. Which system's IP will be a part of this header? A. Previous Request IP address. B. Client IP address. C. Load Balancer IP address. D. All of the answers listed here.

D. All of the answers listed here. When a user sends a request to ELB over HTTP/HTTPS, the request header log at the instance will only receive the IP of ELB. This is because ELB is the interceptor between the EC2 instance and the client request. To get the client IP, use the header X-Forwarded-For in header. The client IP address in the X-Forwarded-For request header is followed by the IP addresses of each successive proxy that passes along the request. The last IP address is the IP address that connects to the back-end application instance. e.g. if the HTTP request already has a header when it reaches the Load Balancer, the IP address from which the request came is appended at the end of the header followed by the IP address of the Load Balancer. In such cases, the X-Forwarded-For request header takes the following form: X-Forwarded-For: clientIPAddress, previousRequestIPAddress, LoadBalancerIPAddress.

An online gaming site asked you if you can deploy a database that is a fast, highly scalable NoSQL database service in AWS for a new site that he wants to build. Which database should you recommend? A. Amazon Redshift B. Your choice of relational AMIs on Amazon EC2 and EBS C. Amazon SimpleDB D. Amazon DynamoDB

D. Amazon DynamoDB Amazon DynamoDB is ideal for database applications that require very low latency and predictable performance at any scale but don't need complex querying capabilities like joins or transactions. Amazon DynamoDB is a fully-managed NoSQL database service that offers high performance, predictable throughput and low cost. It is easy to set up, operate, and scale. With Amazon DynamoDB, you can start small, specify the throughput and storage you need, and easily scale your capacity requirements on the fly. Amazon DynamoDB automatically partitions data over a number of servers to meet your request capacity. In addition, DynamoDB automatically replicates your data synchronously across multiple Availability Zones within an AWS Region to ensure high-availability and data durability.

You are checking the workload on some of your General Purpose (SSD) and Provisioned IOPS (SSD) volumes and it seems that the I/O latency is higher than you require. You should probably check the _____________ to make sure that your application is not trying to drive more IOPS than you have provisioned. A. Acknowledgement from the storage subsystem B. Amount of IOPS that are available C. Volume sizes D. Average queue length

D. Average queue length In EBS workload demand plays an important role in getting the most out of your General Purpose (SSD) and Provisioned IOPS (SSD) volumes. In order for your volumes to deliver the amount of IOPS that are available, they need to have enough I/O requests sent to them. There is a relationship between the demand on the volumes, the amount of IOPS that are available to them, and the latency of the request (the amount of time it takes for the I/O operation to complete). Latency is the true end-to-end client time of an I/O operation; in other words, when the client sends a IO, how long does it take to get an acknowledgement from the storage subsystem that the IO read or write is complete. If your I/O latency is higher than you require, check your average queue length to make sure that your application is not trying to drive more IOPS than you have provisioned. You can maintain high IOPS while keeping latency down by maintaining a low average queue length (which is achieved by provisioning more IOPS for your volume).

You are planning and configuring some EBS volumes for an application. In order to get the most performance out of your EBS volumes, you should attach them to an instance with enough ________ to support your volumes. A. Storage B. Redundancy C. Memory D. Bandwidth

D. Bandwidth When you plan and configure EBS volumes for your application, it is important to consider the configuration of the instances that you will attach the volumes to. In order to get the most performance out of your EBS volumes, you should attach them to an instance with enough bandwidth to support your volumes, such as an EBS-optimized instance or an instance with 10 Gigabit network connectivity. This is especially important when you use General Purpose (SSD) or Provisioned IOPS (SSD) volumes, or when you stripe multiple volumes together in a RAID configuration.

Mike is appointed as Cloud Consultant in Netcrak Inc. Netcrak has the following VPCs set-up in the US East Region: A VPC with CIDR block 10.10.0.0/16, a subnet in that VPC with CIDR block 10.10.1.0/24 A VPC with CIDR block 10.40.0.0/16, a subnet in that VPC with CIDR block 10.40.1.0/24 Netcrak Inc is trying to establish network connection between two subnets, a subnet with CIDR block 10.10.1.0/24 and another subnet with CIDR block 10.40.1.0/24. Which one of the following solutions should Mike recommend to Netcrak Inc? A. Create one EC2 instance in each subnet, assign Elastic IPs to both instances, and configure a set up Site-to-Site VPN connection between both EC2 instances. B. Create 2 Virtual Private Gateways and configure one with each VPC. C. Create 2 Internet Gateways, and attach one to each VPC. D. Create a VPC Peering connection between both VPCs.

D. Create a VPC Peering connection between both VPCs. A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IP addresses. EC2 instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account within a single region. AWS uses the existing infrastructure of a VPC to create a VPC peering connection; it is neither a gateway nor a VPN connection, and does not rely on a separate piece of physical hardware.

You need to set up a high level of security for an Amazon Relational Database Service (RDS) you have just built in order to protect the confidential information stored in it. What are all the possible security groups that RDS uses? A. EC2 security groups only. B. DB security groups, and EC2 security groups. C. DB security groups only. D. DB security groups, VPC security groups, and EC2 security groups.

D. DB security groups, VPC security groups, and EC2 security groups. A security group controls the access to a DB instance. It does so by allowing access to IP address ranges or Amazon EC2 instances that you specify. Amazon RDS uses DB security groups, VPC security groups, and EC2 security groups. In simple terms, a DB security group controls access to a DB instance that is not in a VPC, a VPC security group controls access to a DB instance inside a VPC, and an Amazon EC2 security group controls access to an EC2 instance and can be used with a DB instance.

Which of the following strategies can be used to control access to your Amazon EC2 instances? A. IAM policies B. DB security groups C. None of these D. EC2 security groups

D. EC2 security groups IAM policies allow you to specify what actions your IAM users are allowed to perform against your EC2 Instances. However, when it comes to access control, security groups are what you need in order to define and control the way you want your instances to be accessed, and whether or not certain kind of communications are allowed or not.

Which of the below mentioned options is not available when an instance is launched by Auto Scaling with EC2 Classic? A. Public IP B. Private IP C. Private DNS D. Elastic IP

D. Elastic IP Auto Scaling supports both EC2 classic and EC2-VPC. When an instance is launched as a part of EC2 classic, it will have the public IP and DNS as well as the private IP and DNS.

You are using Amazon SES as an email solution but are unsure of what its limitations are. Which statement below is correct in regards to that? A. New Amazon SES users who have received production access can send up to 1,000 emails per 24-hour period, at a maximum rate of 10 emails per second. B. Sending limits are based on messages rather than on recipients C. Every Amazon SES sender has a the same set of sending limits D. Every Amazon SES sender has a unique set of sending limits

D. Every Amazon SES sender has a unique set of sending limits Amazon Simple Email Service (Amazon SES) is a highly scalable and cost-effective email-sending service for businesses and developers. Amazon SES eliminates the complexity and expense of building an in-house email solution or licensing, installing, and operating a third-party email service for this type of email communication. Every Amazon SES sender has a unique set of sending limits, which are calculated by Amazon SES on an ongoing basis: Sending quota — the maximum number of emails you can send in a 24-hour period. Maximum send rate — the maximum number of emails you can send per second. New Amazon SES users who have received production access can send up to 10,000 emails per 24-hour period, at a maximum rate of 5 emails per second. Amazon SES automatically adjusts these limits upward, as long as you send high-quality email. If your existing quota is not adequate for your needs and the system has not automatically increased your quota, you can submit an SES Sending Quota Increase case at any time. Sending limits are based on recipients rather than on messages. You can check your sending limits at any time by using the Amazon SES console. Note that if your email is detected to be of poor or questionable quality (e.g., high complaint rates, high bounce rates, spam, or abusive content), Amazon SES might temporarily or permanently reduce your permitted send volume, or take other action as AWS deems appropriate.

Which IAM role do you use to grant AWS Lambda permission to access a DynamoDB Stream? A. Default role B. Dynamic role C. Event Source role D. Execution role

D. Execution role You grant AWS Lambda permission to access a DynamoDB Stream using an IAM role known as the "execution role".

In Amazon EC2, if your EBS volume stays in the detaching state, you can force the detachment by clicking _____. A. AttachInstance B. AttachVolume C. Detach Instance D. Force Detach

D. Force Detach If your volume stays in the detaching state, you can force the detachment by clicking Force Detach.

You are setting up your first Amazon Virtual Private Cloud (Amazon VPC) so you decide to use the VPC wizard in the AWS console to help make it easier for you. Which of the following statements is correct regarding instances that you launch into a default subnet via the VPC wizard? A. Instances that you launch into a default subnet receive only a public IP address. B. Instances that you launch into a default subnet receive a public IP address and 10 private IP addresses. C. Instances that you launch into a default subnet receive only a private IP address. D. Instances that you launch into a default subnet receive both a public IP address and a private IP address.

D. Instances that you launch into a default subnet receive both a public IP address and a private IP address. Instances that you launch into a default subnet receive both a public IP address and a private IP address. Instances in a default subnet also receive both public and private DNS hostnames. Instances that you launch into a nondefault subnet in a default VPC don't receive a public IP address or a DNS hostname. You can change your subnet's default public IP addressing behavior.

AWS CloudFormation is a service that helps you model and set up your Amazon Web Services resources so that you can spend less time managing those resources and more time focusing on your applications that run in AWS. You create a template that describes all the AWS resources that you want (like Amazon EC2 instances or Amazon RDS DB instances), and AWS CloudFormation takes care of provisioning and configuring those resources for you. What formatting is required for this template? A. HTML5-formatted document B. XML-formatted document C. HTML-formatted document D. JSON-formatted document

D. JSON-formatted document You can write an AWS CloudFormation template (a JSON-formatted document) in a text editor or pick an existing template. The template describes the resources you want and their settings.

An accountant asks you to design a small VPC network for him and, due to the nature of his business, just needs something where the workload on the network will be low, and dynamic data will be accessed infrequently. Being an accountant, low cost is also a major factor. Which EBS volume type would best suit his requirements? A. Any, as they all perform the same and cost the same. B. Magnetic or Provisioned IOPS (SSD) C. General Purpose (SSD) D. Magnetic

D. Magnetic You can choose between three EBS volume types to best meet the needs of their workloads: General Purpose (SSD), Provisioned IOPS (SSD), and Magnetic. General Purpose (SSD) is the new, SSD-backed, general purpose EBS volume type that we recommend as the default choice for customers. General Purpose (SSD) volumes are suitable for a broad range of workloads, including small to medium sized databases, development and test environments, and boot volumes. Provisioned IOPS (SSD) volumes offer storage with consistent and low-latency performance, and are designed for I/O intensive applications such as large relational or NoSQL databases. Magnetic volumes provide the lowest cost per gigabyte of all EBS volume types. Magnetic volumes are ideal for workloads where data is accessed infrequently, and applications where the lowest storage cost is important.

You are architecting a highly-scalable and reliable web application which will have a huge amount of content .You have decided to use Cloudfront as you know it will speed up distribution of your static and dynamic web content and know that Amazon CloudFront integrates with Amazon CloudWatch metrics so that you can monitor your web application. Because you live in Sydney you have chosen the the Asia Pacific (Sydney) region in the AWS console. However you have set up this up but no CloudFront metrics seem to be appearing in the CloudWatch console. What is the most likely reason from the possible choices below for this? A. Metrics for CloudWatch are not available for the Asia Pacific region as yet. B. Metrics for CloudWatch are available only when you choose the same region as the application you are monitoring. C. You need to pay for CloudWatch for it to become active. D. Metrics for CloudWatch are available only when you choose the US East (N. Virginia)

D. Metrics for CloudWatch are available only when you choose the US East (N. Virginia) CloudFront is a global service, and metrics are available only when you choose the US East (N. Virginia) region in the AWS console. If you choose another region, no CloudFront metrics will appear in the CloudWatch console.

Can you specify the security group that you created for a VPC when you launch an instance in EC2-Classic? A. No, you can specify the security group created for EC2-Classic to a non-VPC based instance only. B. Yes C. No, you can specify the security group created for EC2-Classic when you launch a VPC instance. D. No

D. No If you're using EC2-Classic, you must use security groups created specifically for EC2-Classic. When you launch an instance in EC2-Classic, you must specify a security group in the same region as the instance. You can't specify a security group that you created for a VPC when you launch an instance in EC2-Classic.

In Amazon EC2 Container Service, are other container types supported? A. Yes, EC2 Container Service supports Microsoft container service and Openstack. B. Yes, EC2 Container Service also supports Microsoft container service. C. Yes, EC2 Container Service supports any container service you need. D. No, Docker is the only container platform supported by EC2 Container Service presently.

D. No, Docker is the only container platform supported by EC2 Container Service presently. In Amazon EC2 Container Service, Docker is the only container platform supported by EC2 Container Service presently.

Amazon EC2 provides a ____. It is an HTTP or HTTPS request that uses the HTTP verbs GET or POST. A. .net framework B. C library C. Command Line Interface D. Query API

D. Query API Amazon EC2 provides a Query API. These requests are HTTP or HTTPS requests that use the HTTP verbs GET or POST and a Query parameter named Action.

A user is hosting a website in the US West-1 region. The website has the highest client base from the Asia-Pacific (Singapore / Japan) region. The application is accessing data from S3 before serving it to client. Which of the below mentioned regions gives a better performance for S3 objects? A. US East B. Singapore C. Japan D. US West-1

D. US West-1 Access to Amazon S3 from within Amazon EC2 in the same region is fast. In this aspect, though the client base is Singapore, the application is being hosted in the US West-1 region. Thus, it is recommended that S3 objects be stored in the US-West-1 region.

An organization has developed a mobile application which allows end users to capture a photo on their mobile device, and store it inside an application. The application internally uploads the data to AWS S3. The organization wants each user to be able to directly upload data to S3 using their Google ID. How will the mobile app allow this? A. It is not possible to connect to AWS S3 with a Google ID. B. Create a bucket policy with a condition which allows everyone to upload if the login ID has a Google part to it. C. Create an IAM user every time a user registers with their Google ID and use IAM to upload files to S3. D. Use the AWS Web identity federation for mobile applications, and use it to generate temporary security credentials for each user.

D. Use the AWS Web identity federation for mobile applications, and use it to generate temporary security credentials for each user. For Amazon Web Services, the Web identity federation allows you to create cloud-backed mobile apps that use public identity providers, such as login with Facebook, Google, or Amazon. It will create temporary security credentials for each user, which will be authenticated by the AWS services, such as S3.

Do you need to shutdown your EC2 instance when you create a snapshot of EBS volumes that serve as root devices? A. No, you only need to shutdown an instance before deleting it. B. No C. No, the snapshot would turn off your instance automatically. D. Yes

D. Yes Yes, to create a snapshot for Amazon EBS volumes that serve as root devices, you should stop the instance before taking the snapshot.

Does AWS CloudFormation support Amazon EC2 tagging? A. It depends if the Amazon EC2 tagging has been defined in the template. B. No, CloudFormation doesn't support any tagging C. No, it doesn't support Amazon EC2 tagging. D. Yes, AWS CloudFormation supports Amazon EC2 tagging

D. Yes, AWS CloudFormation supports Amazon EC2 tagging In AWS CloudFormation, Amazon EC2 resources that support the tagging feature can also be tagged in an AWS template. The tag values can refer to template parameters, other resource names, resource attribute values (e.g. addresses), or values computed by simple functions (e.g., a concatenated list of strings).

Do Amazon EBS volumes persist independently from the running life of an Amazon EC2 instance? A. No, you cannot attach EBS volumes to an instance. B. No, they are dependent. C. Yes, they do but only if they are detached from the instance. D. Yes, they do.

D. Yes, they do. An Amazon EBS volume behaves like a raw, unformatted, external block device that you can attach to a single instance. The volume persists independently from the running life of an Amazon EC2 instance.

Which of the following is true of Amazon EC2 security group? A. You can modify the outbound rules for EC2-Classic. B. You can modify the rules for a security group only when a new instance is created. C. You can modify the rules for a security group only if the security group controls the traffic for just one instance. D. You can modify the rules for a security group at any time.

D. You can modify the rules for a security group at any time. A security group acts as a virtual firewall that controls the traffic for one or more instances. When you launch an instance, you associate one or more security groups with the instance. You add rules to each security group that allow traffic to or from its associated instances. You can modify the rules for a security group at any time; the new rules are automatically applied to all instances that are associated with the security group.

While creating a network in the VPC, which of the following is true of a NAT device? A. You have to administer the NAT Gateway Service provided by AWS. B. You are recommended to use AWS NAT instances over NAT gateways, as the instances provide better availability and bandwidth. C. You can choose to use any of the three kinds of NAT devices offered by AWS for special purposes. D. You can use a NAT device to enable instances in a private subnet to connect to the Internet.

D. You can use a NAT device to enable instances in a private subnet to connect to the Internet. You can use a NAT device to enable instances in a private subnet to connect to the Internet (for example, for software updates) or other AWS services, but prevent the Internet from initiating connections with the instances. AWS offers two kinds of NAT devices ù a NAT gateway or a NAT instance. We recommend NAT gateways, as they provide better availability and bandwidth over NAT instances. The NAT Gateway service is also a managed service that does not require your administration efforts. A NAT instance is launched from a NAT AMI. You can choose to use a NAT instance for special purposes.

Which of the following statements is true of Amazon EC2 security groups? A. None of the statements are correct. B. You can change the outbound rules for EC2-Classic. Also, you can add and remove rules to a group at any time. C. You can modify an existing rule in a group. However, you can't add and remove rules to a group. D. You can't change the outbound rules for EC2-Classic. However, you can add and remove rules to a group at any time.

D. You can't change the outbound rules for EC2-Classic. However, you can add and remove rules to a group at any time. When dealing with security groups, bear in mind that you can freely add and remove rules from a group, but you can't change the outbound rules for EC2-Classic. If you're using the Amazon EC2 console, you can modify existing rules, and you can copy the rules from an existing security group to a new security group.

You need to change some settings on Amazon Relational Database Service but you do not want the database to reboot immediately which you know might happen depending on the setting that you change. Which of the following will cause an immediate DB instance reboot to occur? A. You change the DB instance class, and Apply Immediately is set to false. B. You change a static parameter in a DB parameter group. C. You change the backup retention period for a DB instance from 0 to a nonzero value or from a nonzero value to 0, and Apply Immediately is set to false. D. You change storage type from standard to PIOPS, and Apply Immediately is set to true.

D. You change storage type from standard to PIOPS, and Apply Immediately is set to true. A DB instance outage can occur when a DB instance is rebooted, when the DB instance is put into a state that prevents access to it, and when the database is restarted. A reboot can occur when you manually reboot your DB instance or when you change a DB instance setting that requires a reboot before it can take effect. A DB instance reboot occurs immediately when one of the following occurs: You change the backup retention period for a DB instance from 0 to a nonzero value or from a nonzero value to 0 and set Apply Immediately to true. You change the DB instance class, and Apply Immediately is set to true. You change storage type from standard to PIOPS, and Apply Immediately is set to true. A DB instance reboot occurs during the maintenance window when one of the following occurs: You change the backup retention period for a DB instance from 0 to a nonzero value or from a nonzero value to 0, and Apply Immediately is set to false. You change the DB instance class, and Apply Immediately is set to false.

You have set up an S3 bucket with a number of images in it and you have decided that you want anybody to be able to access these images, even anonymous users. To accomplish this you create a bucket policy. You will need to use an Amazon S3 bucket policy that specifies a __________ in the principal element, which means anyone can access the bucket. A. S3 user B. hash tag (#) C. anonymous user D. wildcard (*)

D. wildcard (*) You can use the AWS Policy Generator to create a bucket policy for your Amazon S3 bucket. You can then use the generated document to set your bucket policy by using the Amazon S3 console, by a number of third-party tools, or via your application. You use an Amazon S3 bucket policy that specifies a wildcard (*) in the principal element, which means anyone can access the bucket. With anonymous access, anyone (including users without an AWS account) will be able to access the bucket.

What is the Data Consistency model for overwrite PUTS and DELETES for objects in S3?

Eventual consistency (can take some time to propagate)

What code will you get when your upload is successful to S3?

HTTP 200

An S3 object consists of what 5 elements?

Key (name of the object) Value (data, sequence of bytes) Version ID (important for versioning) Metadata (data about the data you are storing) Subresources -Access control lists -Torrent

Can you disable S3 versioning?

No, once enable, you cannot disable S3 versioning, you can only suspend it.

What is the Data Consistency model for PUTS of new objects in S3?

Read after Write consistency

Different storage tiers / classes in S3?

S3 - Standard - designed to sustain the loss of two facilities concurrently. S3-IA - for data that is accessed less frequently, but requires rapid access when needed. Lower fee than s2, but you are charged a retrieval fee. RRS - same availability but lowered durability (99.99%) (for data you can re-generate) Glacier - data archival. 3-5 hours to restore from Glacier

What are you charged for in S3 (5 things)?

Storage Requests Storage Management Pricing (tagging, etc) Data Transfer Pricing (data going OUT of S3) Transfer Acceleration (leveraging Cloudfront to move data across optimized network path)

Updates to S3 are atomic. What does this mean?

You'll either get the new version or the old version, you won't get incomplete or corrupted data.

What is the s3 URL format?

http://[REGION]/amazonaws.com/BUCKETNAME http://s3-eu-west-1.amazonaws.com/BUCKETNAME