AWS Vocabulary

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

What three attributes are used to define a launch configuration template for an Auto-Scaling group?

instance type; security group ; AMI

Multi-AZ deployment ___________ supported for Microsoft SQL Server DB Instances.

is not currently

How do you launch an EC2 instance after it is terminated? (Select two)

launch a new instance using the same AMI; launch a new instance from a Snapshot

In the context of MySQL, version numbers are organized as MySQL version = X.Y.Z. What does X denote here?

major version

What class of EC2 instance type is recommended for database servers?

memory optimized

What is the command line instruction for running the remote desktop client in Windows?

mstsc

Refer to the network drawing. How are packets routed from private subnet to public subnet for the following web-based application with a database tier?

nat-instance-id

Security groups act like a firewall at the instance level, whereas ____________ are an additional layer of security that act at the subnet level.

network ACLs

The one-time payment for Reserved Instances is __________ refundable if the reservation is cancelled.

never

Every user you create in the IAM system starts with ___________.

no permissions

What will cause AWS to terminate an EC2 instance on launch? (Select two)

number of EC2 instances on AWS account exceeded; EBS volume limits exceeded

How is an Amazon Elastic Load Balancer (ELB) assigned?

per EC2 instance

Please select the Amazon EC2 resource which can be tagged.

placement groups

A __________ is a document that provides a formal statement of one or more permissions.

policy

In the 'Detailed' monitoring data available for your Amazon EBS volumes, Provisioned IOPS volumes automatically send _____ minute metrics to Amazon CloudWatch. (3)

1

What is the default maximum number of MFA devices in use per AWS account (at the root account level)?

1

You must assign each server to at least _____ security group

1

Amazon Elasticsearch Service

An open-source search and analytics engine for use cases such as log analytics, real-time application monitoring, and click-stream analytics

How many Elastic IP by default in Amazon Account?

0 Elastic IP

In the 'Detailed' monitoring data available for your Amazon EBS volumes, Provisioned IOPS volumes automatically send _____ minute metrics to Amazon CloudWatch.

1

Amazon SWF is designed to help users...

Coordinate synchronous and asynchronous tasks which are distributed and fault tolerant.

What is the maximum response time for a Business level Premium Support case?

1 hour

What is the maximum response time for a Business level Premium Support case? (3)

1 hour

What is the maximum response time for a Business level Premium Support case? (3-7)

1 hour

If you are using Amazon RDS Provisioned IOPS storage with MySQL and Oracle database engines, you can scale the throughput of your database Instance by specifying the IOPS rate from __________ .

1,000 to 10,000

Amazon Management Services - Trusted Advisors (plain english)

Find out where you're paying too much in your AWS setup (unused EC2 instances, etc.).

Which procedure for backing up a relational database on EC2 that is using a set of RAlDed EBS volumes for storage minimizes the time during which the database cannot be written to and results in a consistent backup?

1. Detach EBS volumes, 2. Start EBS snapshot of volumes, 3. Re-attach EBS volumes

If you're unable to connect via SSH to your EC2 instance, which of the following should you check and possibly correct to restore connectivity?

Adjust the instance's Security Group to permit ingress traffic over port 22 from your IP.

A Provisioned IOPS volume must be at least __________ GB in size

10

You must increase storage size in increments of at least _____ %

10

In the Amazon RDS which uses the SQL Server engine, what is the maximum size for a Microsoft SQL Server DB Instance with SQL Server Express edition?

10 GB per DB

What is the maximum key length of a tag?

128 Unicode characters

For each DB Instance class, what is the maximum size of associated storage capacity?

1TB

A company wants to implement their website in a virtual private cloud (VPC). The web tier will use an Auto Scaling group across multiple Availability Zones (AZs). The database will use Multi-AZ RDS MySQL and should not be publicly accessible. What is the minimum number of subnets that need to be configured in the VPC?

2

How many types of block devices does Amazon EC2 support?

2

MySQL installations default to port _____.

3306

You can modify the backup retention period; valid values are 0 (for no backup retention) to a maximum of ___________ days.

35

What is the default maximum number of Elastic IP addresses assignable per Amazon AWS region?

5

Using Amazon CloudWatch's Free Tier, what is the frequency of metric updates which you receive?

5 minutes

What is the durability of S3 RRS?

99.99%

EC2 Pricing Models (Dedicated Hosts)

A Dedicated Host is a physical EC2 server with instance capacity fully dedicated for clients' use. Dedicated Hosts can help reduce costs by allowing clients to use their existing server-bound software licenses, including Windows Server, SQL Server, and SUSE Linux Enterprise Server (subject to license terms), and can also help meet compliance requirements. Dedicated Hosts can be purchased On-Demand (hourly). Reservations can provide up to a 70% discount compared to the On-Demand price.

When you put objects in Amazon S3, what is the indication that an object was successfully stored?

A HTTP 200 result code and MD5 checksum, taken together, indicate that the operation was successful

Dynamo DB

A NoSQL database service offered by Amazon that allows guaranteed throughput and low latency, making it suitable for users interested in gaming, ad tech, mobile and other applications.

What does a "Domain" refer to in Amazon SWF?

A collection of related Workflows

Within the IAM service a GROUP is regarded as a:

A collection of users.

A customer wants to leverage Amazon Simple Storage Service (S3) and Amazon Glacier as part of their backup and archive infrastructure. The customer plans to use third-party software to support this integration. Which approach will limit the access of the third party software to only the Amazon S3 bucket named "company-backup"?

A custom IAM user policy limited to the Amazon S3 API in "company-backup".

Amazon Redshift

A database service that provides petabyte-scale data warehousing with column-based storage and multi-node compute. Users can use this service to more efficiently analyze their data using existing business intelligence tools.

Virtual Private Cloud (VPC)

A feature offered by AWS that allows users to provision a logically isolated section of the Cloud where they can launch AWS resources in a user-defined virtual network. This feature allows users to have complete control over their virtual networking environment including selection of IP address ranges, subnet creation, and configuration of route tables and network gateways.

What is a placement group?

A feature that enables EC2 instances to interact with each other via high bandwidth, low latency connections

What is a Security Group?

A firewall for inbound traffic, built-in around every Amazon EC2 instance.

What is Oracle SQL Developer?

A graphical Java tool distributed without cost by Oracle.

What is Amazon Glacier?

A low-cost storage service that provides secure and durable storage for data archiving and backup.

What does Amazon ElastiCache provide?

A managed In-memory cache service.

Amazon Machine Learning

A managed service for building machine learning (ML) models and generating predictions, enabling the development of robust, scalable smart applications. Amazon Machine Learning enables you to use powerful machine learning technology without requiring an extensive background in machine learning algorithms and techniques.

Network ACLs

A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets.

Amazon Kinesis

A platform for streaming data on AWS, offering powerful services to make it easy to load and analyze streaming data, and also providing the ability to build custom streaming data applications for specialized needs.

Public IP

A public IP address is reachable from the Internet. You can use public IP addresses for communication between your instances and the Internet. Amazon provides instances with IP addresses and DNS hostnames. These can vary depending on whether the instance was launched in the EC2-Classic platform or in a virtual private cloud (VPC).

EC2 Pricing Models (Reserve Instance)

A purchase option which allows users to minimize cost by purchasing instances in bulk ahead of time. Users can buy these instances on a monthly basis ranging from 1 month to 36 months. Users can also choose the amount of money they put upfront. No upfront 1 year: Receive discounting by reserving an instance without any upfront commitments Partial Upfront: Receive increased discounting by making a partial upfront payment on EC2 fees. There are 2 available terms - 1 year and 3 year. All Upfront: Receive the maximum available discount by making an all upfront payment on EC2 fees. There are 2 available terms - 1 year and 3 year.

Amazon Aurora

A relational database engine that combines the speed and reliability of high-end commercial databases with the simplicity and cost-effectiveness of open source databases. Deliver up to 5x the throughput of standard MySQL running on the same hardware.

What does Amazon Route53 provide?

A scalable Domain Name System.

Glacier

A secure, durable, and extremely low-cost cloud storage service for data archiving and long-term backup. Amazon Glacier is optimized for infrequently accessed data where a retrieval time of several hours is suitable.

You are building an automated transcription service in which Amazon EC2 worker instances process an uploaded audio file and generate a text file. You must store both of these files in the same durable storage until the text file is retrieved. You do not know what the storage capacity requirements are. Which storage option is both cost-efficient and scalable?

A single Amazon S3 bucket

Which of the following are valid statements about Amazon S3?

A successful response to a PUT request only occurs when a complete object is saved. , S3 provides eventual consistency for overwrite PUTS and DELETES.

What does Amazon CloudFormation provide?

A templated resource creation for Amazon Web Services.

What does Amazon CloudFormation provide?(3)

A templated resource creation for Amazon Web Services.

You are using an m1.small EC2 Instance with one 300 GB EBS volume to host a relational database. You determined that write throughput to the database needs to be increased. Which of the following approaches can help achieve this?

Add an EBS volume and place into RAID 5. , Increase the size of the EC2 Instance.

AWS Web Application Firewall (WAF)

A web application firewall that helps protect web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources.

RDS (Relational Database Service)

A web service that allows users to set up, operate and scale a relational database in the cloud. Using this feature, users can resize their capacity and manage database administration tasks which can save them time and cost.

Your company runs a customer facing event registration site This site is built with a 3-tier architecture with web and application tier servers and a MySQL database The application requires 6 web tier servers and 6 application tier servers for normal operation, but can run on a minimum of 65% server capacity and a single MySQL database. When deploying this application in a region with three availability zones (AZs) which architecture provides high availability?

A web tier deployed across 3 AZs with 2 EC2 (Elastic Compute Cloud) instances in each AZ Inside an Auto Scaling Group behind an ELB (elastic load balancer). And an application tier deployed across 3 AZs with 2 EC2 instances In each AZ inside an Auto Scaling Group behind an ELB. And a Multi-AZ RDS (Relational Database services) deployment.

You've been hired to enhance the overall security posture for a very large e-commerce site They have a well architected multi-tier application running in a VPC that uses ELBs in front of both the web and the app tier with static assets served directly from S3 They are using a combination of RDS and DynamoOB for their dynamic data and then archiving nightly into S3 for further processing with EMR They are concerned because they found questionable log entries and suspect someone is attempting to gain unauthorized access. Which approach provides a cost effective scalable mitigation to this kind of attack?

Add a WAF tier by creating a new ELB and an AutoScalmg group of EC2 Instances running a host-based WAF They would redirect Route 53 to resolve to the new WAF tier ELB The WAF tier would thier pass the traffic to the current web tier The web tier Security Groups would be updated to only allow traffic from the WAF tier Security Group

A customer has established an AWS Direct Connect connection to AWS. The link is up and routes are being advertised from the customer's end, however the customer is unable to connect from EC2 instances inside its VPC to servers residing in its datacenter. Which of the following options provide a viable solution to remedy this situation?

Add a route to the route table with an iPsec VPN connection as the target., Enable route propagation to the customer gateway (CGW).

While launching an RDS DB instance, on which page I can select the Availability Zone?

ADDITIONAL CONFIGURATION

You are building a solution for a customer to extend their on-premises data center to AWS. The customer requires a 50-Mbps dedicated and private connection to their VPC. Which AWS product or feature satisfies this requirement?

AWS Direct Connect

A company is preparing to give AWS Management Console access to developers Company policy mandates identity federation and role-based access control. Roles are currently assigned using groups in the corporate Active Directory. What combination of the following will give developers access to the AWS console?

AWS Directory Service AD Connector, AWS identity and Access Management roles

A company needs to deploy virtual desktops to its customers in a virtual private cloud, leveraging existing security controls. Which set of AWS services and features will meet the company's requirements?

AWS Directory Service, Amazon Workspaces, and AWS Identity and Access Management

The _____ service is targeted at organizations with multiple users or systems that use AWS products such as Amazon EC2, Amazon SimpleDB, and the AWS Management Console.

AWS Identity and Access Management

Which service enables AWS customers to manage users and permissions in AWS?

AWS Identity and Access Management (IAM)

You are working with a customer who has 10 TB of archival data that they want to migrate to Amazon Glacier. The customer has a 1-Mbps connection to the Internet. Which service or feature provides the fastest method of getting the data into Amazon Glacier?

AWS Import/Export

Through which of the following interfaces is AWS Identity and Access Management available?

AWS Management Console, Command line interface (CLI), IAM Query API, and Existing Libraries

You are working with a customer who is using Chef configuration management in their data center. Which service is designed to let the customer leverage existing Chef recipes in AWS?

AWS OpsWorks

What can I access by visiting the URL: http://status.aws.amazon.com/?

AWS Service Health Dashboard

Which of the following services natively encrypts data at rest within an AWS region?

AWS Storage Gateway, Amazon Glacier

A __________ is the concept of allowing (or disallowing) an entity such as a user, group, or role some type of access to one or more resources.

AWS account

HTTP Query-based requests are HTTP requests that use the HTTP verb GET or POST and a Query parameter named_____________.

Action

IAM provides several policy templates you can use to automatically assign permissions to the groups you create. The _____ policy template gives the Admins group permission to access all account resources, except your AWS account information

Administrator Access

What are the initial settings of an user created security group?

Allow no inbound traffic and Allow all outbound traffic

Select the correct set of options. These are the initial settings for the default security group:

Allow no inbound traffic, Allow all outbound traffic and Allow instances associated with this security group to talk to each other

Elastic Map Reduce (EMR)

Allows any AWS user to process large amounts of data using a fully managed Hadoop framework. This feature runs on the EC2 and S3 infrastructure. Can run popular frameworks such as Apache Spark, Apache Tez, and Presto.

Amazon API Gateway

Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale

A company needs to monitor the read and write IOPs metrics for their AWS MySQL RDS instance and send real-time alerts to their operations team. Which AWS services can accomplish this?

Amazon CloudWatch, Amazon Simple Notification Service

A company is deploying a new two-tier web application in AWS. The company has limited staff and requires high availability, and the application requires complex queries and table joins. Which configuration provides the solution for the company's requirements?

Amazon Dynamo DB

Fill in the blanks: _____ is a durable, block-level storage volume that you can attach to a single, running Amazon EC2 instance.

Amazon EBS

If I want to run a database in an Amazon instance, which is the most recommended Amazon storage option?

Amazon EBS

Which Amazon Storage behaves like raw, unformatted, external block devices that you can attach to your instances?

Amazon EBS

Which Amazon storage do you think is the best for my database-style applications that frequently encounter many random reads and writes across the dataset?

Amazon EBS

Elastic Block Storage (EBS)

Amazon EBS provides the following volume types, which differ in performance characteristics and price, so that you can tailor your storage performance and cost to the needs of your applications.

What is one key difference between an Amazon EBS-backed and an instance-store backed instance?

Amazon EBS-backed instances can be stopped and restarted.

A client application requires operating system privileges on a relational database server. What is an appropriate configuration for a highly available database architecture?

Amazon EC2 instances in a replication configuration utilizing two different Availability Zones

Regions

Amazon EC2 is hosted in multiple locations world-wide. These locations are composed of regions and Availability Zones. Each Region is a separate geographic area. Each region has multiple, isolated locations known as Availability Zones. Amazon EC2 provides you the ability to place resources, such as instances, and data in multiple locations. Resources aren't replicated across regions unless you do so specifically.

You nave multiple Amazon EC2 instances running in a cluster across multiple Availability Zones within the same region. What combination of the following should be used to ensure the highest network performance (packets per second), lowest latency, and lowest jitter?

Amazon EC2 placement groups , Enhanced networking , Amazon Linux

When using the following AWS services, which should be implemented in multiple Availability Zones for high availability solutions?

Amazon Elastic Compute Cloud (EC2), Amazon Elastic Load Balancing

Which services allow the customer to retain full administrative privileges of the underlying EC2 instances? Choose 2 answers

Amazon Elastic Map Reduce, AWS Elastic Beanstalk

Without _____, you must either create multiple AWS accounts-each with its own billing and subscriptions to AWS products-or your employees must share the security credentials of a single AWS account.

Amazon IAM

You are deploying an application to collect votes for a very popular television show. Millions of users will submit votes using mobile devices. The votes must be collected into a durable, scalable, and highly available data store for real-time public tabulation. Which service should you use?

Amazon Kinesis

You are deploying an application to track GPS coordinates of delivery trucks in the United States. Coordinates are transmitted from each delivery truck once every three seconds. You need to design an architecture that will enable real-time processing of these coordinates from multiple consumers. Which service should you use to implement data ingestion?

Amazon Kinesis

Your company plans to host a large donation website on Amazon Web Services (AWS). You anticipate a large and undetermined amount of traffic that will create many database writes. To be certain that you do not drop any writes to a database hosted on AWS. Which service should you use?

Amazon RDS with provisioned IOPS up to the anticipated peak write throughput.

Fill in the blanks: Resources that are created in AWS are identified by a unique identifier called an __________

Amazon Resource Name

A company is deploying a two-tier, highly available web application to AWS. Which service provides durable storage for static content while utilizing lower Overall CPU resources for the web tier?

Amazon S3

Amazon RDS DB snapshots and automated backups are stored in

Amazon S3

You are configuring your company's application to use Auto Scaling and need to move user state information. Which of the following AWS services provides a shared data store with durability and low latency?

Amazon Simple Storage Service

Which Amazon service can I use to define a virtual network that closely resembles a traditional data center?

Amazon VPC

What happens when you create a topic on Amazon SNS?

An ARN (Amazon Resource Name) is created.

Which of the following statements are true about Amazon Route 53 resource records?

An Alias record can map one DNS name to another Amazon Route 53 DNS name., An Amazon Route 53 CNAME record can point to any DNS record hosted anywhere.

A t2.medium EC2 instance type must be launched with what type of Amazon Machine Image (AMI)?

An Amazon EBS-backed Hardware Virtual Machine AMI

What does Amazon Elastic Beanstalk provide?

An application container on top of Amazon Web Services.

What does Amazon Elastic Beanstalk provide? (exam)

An application container on top of Amazon Web Services.

Select the incorrect statement (3)

In Amazon VPC, an instance does NOT retain its private IP addresses when the instance is stopped.

When you resize the Amazon RDS DB instance, Amazon RDS will perform the upgrade during the next maintenance window. If you want the upgrade to be performed now, rather than waiting for the maintenance window, specify the _____ option.

ApplyImmediately

You have an environment that consists of a public subnet using Amazon VPC and 3 instances that are running in this subnet. These three instances can successfully communicate with other hosts on the Internet. You launch a fourth instance in the same subnet, using the same AMI and security group configuration you used for the others, but find that this instance cannot be accessed from the internet. What should you do to enable Internet access?

Assign an Elastic IP address to the fourth instance.

You are designing a multi-platform web application for AWS The application will run on EC2 instances and will be accessed from PCs. tablets and smart phones Supported accessing platforms are Windows. MACOS. IOS and Android Separate sticky session and SSL certificate setups are required for different platform types which of the following describes the most cost effective and performance efficient architecture setup?

Assign multiple ELBS to an EC2 instance or group of EC2 instances running the common components of the web application, one ELB for each platform type Session stickiness and SSL termination are done at the ELBs.

A company needs to deploy services to an AWS region which they have not previously used. The company currently has an AWS identity and Access Management (IAM) role for the Amazon EC2 instances, which permits the instance to have access to Amazon DynamoDB. The company wants their EC2 instances in the new region to have the same privileges. How should the company achieve this?

Assign the existing IAM role to the Amazon EC2 instances in the new region

EBS Snapshots occur _____

Asynchronously

Regarding the attaching of ENI to an instance, what does 'warm attach' refer to?

Attaching an ENI to an instance when it is stopped.

You have decided to change the instance type for instances running in your application tier that is using Auto Scaling. In which area below would you change the instance type definition?

Auto Scaling launch configuration

Availability Zones

Availability zone is an isolated location designated by Amazon to host clients' EC2 usage. Amazon EC2 is hosted in multiple regions across the world and Availability Zones are a geographic subset under each region. Amazon encourages clients to host their instances in two or more Availability Zones to ensure high availability.

Can I detach the primary (eth0) network interface when the instance is running or stopped?

No. You cannot.

What is the name of licensing model in which I can use your existing Oracle Database licenses to run Oracle deployments on Amazon RDS?

Bring Your Own License

Amazon SWF (plain english)

Build a service of "deciders" and "workers" on top of EC2 to accomplish a set task. Unlike SQS - logic is set up inside the service to determine how and what should happen.

Amazon Route 53 (plain english)

Buy a new domain and set up the DNS records for that domain.

Which AWS instance address has the following characteristics? :"If you stop an instance, its Elastic IP address is unmapped, and you must remap it when you restart the instance."

Both A and B

D2

D2 instances feature up to 48 TB of HDD-based local storage, deliver high disk throughput, and offer the lowest price per disk throughput performance on Amazon EC2.

What are the two types of licensing options available for using Amazon RDS for Oracle?

BYOL and License Included

What is the type of monitoring data (for Amazon EBS volumes) which is available automatically in 5-minute periods at no charge called?

Basic

What are the four levels of AWS Premium Support?

Basic, Developer, Business, Enterprise

Amazon ElastiCache (plain english)

Be your app's Memcached or Redis.

Amazon RDS (plain english)

Be your app's Mysql, Postgres, and Oracle database.

Amazon DynamoDB (plain english)

Be your app's massively scalable key valueish store.

Amazon WAF (plain english)

Block bad requests to Cloudfront protected sites (aka stop people trying 10,000 passwords against /wp-admin)

What is an isolated database environment running in the cloud (Amazon RDS) called?

DB Instance

How can the domain's zone apex, for example, "myzoneapexdomain.com", be pointed towards an Elastic Load Balancer?

By using an Amazon Route 53 Alias record

How can I change the security group membership for interfaces owned by other AWS, such as Elastic Load Balancing?

By using the service specific console or API\CLI commands

What DNS attributes are configured when Default VPC option is selected?

DNS resolution: yes / DNS hostnames: yes

When an EC2 EBS-backed (EBS root) instance is stopped, what happens to the data on any ephemeral store volumes?

Data will be deleted and will no longer be accessible.

Which of the following are true regarding AWS CloudTrail?

CloudTrail is enabled on a per-region basis, Logs can be delivered to a single Amazon S3 bucket for aggregation., CloudTrail is enabled for all available services within a region.

What service can automate EBS snapshots (backups) for restoring EBS volumes?

CloudWatch event

Amazon Elastic Transcoder (plain english)

Deal with video weirdness (change formats, compress, etc.).

What are the Amazon EC2 API tools?

Command-line tools to the Amazon EC2 web service.

C3

Compute-Optimized instances used for high performance front-end fleets, web-servers, batch processing, distributed analytics, high performance science and engineering applications, ad serving, MMO gaming, and video-encoding.

Which of the following instance types are available as Amazon EBS-backed only?

Compute-optimized C3 , Storage-optimized 12

C4

C4 instances are the latest generation of Compute-Optimized instances, featuring the highest performing processors and the lowest price/compute performance in EC2.

If you have chosen Multi-AZ deployment, in the event of a planned or unplanned outage of your primary DB Instance, Amazon RDS automatically switches to the standby replica. The automatic failover mechanism simply changes the ______ record of the main DB Instance to point to the standby DB Instance.

CNAME

When creation of an EBS snapshot is initiated, but not completed, the EBS volume:

Can be used while the snapshot is in progress.

Your customer is willing to consolidate their log streams (access logs application logs security logs etc.) in one single system. Once consolidated, the customer wants to analyze these logs in real time based on heuristics. From time to time, the customer needs to validate heuristics, which requires going back to data samples extracted from the last 12 hours? What is the best approach to meet your customer's requirements?

Configure Amazon Cloud Trail to receive custom logs, use EMR to apply heuristics the logs

You are designing an SSUTLS solution that requires HTTPS clients to be authenticated by the Web server using client certificate authentication. The solution must be resilient. Which of the following options would you consider for configuring the web server infrastructure?

Configure ELB with TCP listeners on TCP/4d3. And place the Web servers behind it. Configure your Web servers with EIPS Place the Web servers in a Route53 Record Set and configure health checks against all Web servers.

To serve Web traffic for a popular product your chief financial officer and IT director have purchased 10 ml large heavy utilization Reserved Instances (RIs) evenly spread across two availability zones: Route 53 is used to deliver the traffic to an Elastic Load Balancer (ELB). After several months, the product grows even more popular and you need additional capacity. As a result, your company purchases two C3.2xlarge medium utilization Ris You register the two c3 2xlarge instances with your ELB and quickly find that the ml large instances are at 100% of capacity and the c3 2xlarge instances have significant capacity that's unused. Which option is the most cost effective and uses EC2 capacity most effectively?

Configure ELB with two c3 2xlarge Instances and use on-demand Autoscailng group for up to two additional c3 2xlarge instances Shut on mi large instances.

You are designing Internet connectivity for your VPC. The Web servers must be available on the Internet. The application must have a highly available architecture. Which alternatives should you consider?

Configure a CloudFront distribution and configure the origin to point to the private IP addresses of your Web servers Configure a Route53 CNAME record to your CloudFront distribution., Place all your web servers behind EL8 Configure a Route53 CNMIE to point to the ELB DNS name.

You are designing the network infrastructure for an application server in Amazon VPC Users will access all the application instances from the Internet as well as from an on-premises network The on-premises network is connected to your VPC over an AWS Direct Connect link. How would you design routing to meet the above requirements?

Configure a single routing Table with a default route via the Internet gateway Propagate a default route via BGP on the AWS Direct Connect customer router Associate the routing table with all VPC subnets.

You are designing a data leak prevention solution for your VPC environment. You want your VPC Instances to be able to access software depots and distributions on the Internet for product updates. The depots and distributions are accessible via third party CONs by their URLs. You want to explicitly deny any other outbound connections from your VPC instances to hosts on the internet. Which of the following options would you consider?

Configure a web proxy server in your VPC and enforce URL-based rules for outbound access Remove default routes.

A web company is looking to implement an intrusion detection and prevention system into their deployed VPC. This platform should have the ability to scale to thousands of instances running inside of the VPC. How should they architect their solution to achieve these goals?

Configure servers running in the VPC using the host-based 'route' commands to send all traffic through the platform to a scalable virtualized IDS/IPS.

You are running a successful multitier web application on AWS and your marketing department has asked you to add a reporting tier to the application. The reporting tier will aggregate and publish status reports every 30 minutes from user-generated information that is being stored in your web application s database. You are currently running a Multi-AZ RDS MySQL instance for the database tier. You also have implemented Elasticache as a database caching layer between the application tier and database tier. Please select the answer that will allow you to successfully implement the reporting tier with as little impact as possible to your database.

Continually send transaction logs from your master database to an S3 bucket and generate the reports off the S3 bucket using S3 byte range requests.

You are looking to migrate your Development (Dev) and Test environments to AWS. You have decided to use separate AWS accounts to host each environment. You plan to link each accounts bill to a Master AWS account using Consolidated Billing. To make sure you Keep within budget you would like to implement a way for administrators in the Master account to have access to stop, delete and/or terminate resources in both the Dev and Test accounts. Identify which option will allow you to achieve this goal.

Create IAM users in the Master account with full Admin permissions. Create cross-account roles in the Dev and Test accounts that grant the Master account access to the resources in the account by inheriting permissions from the Master account.

A customer is hosting their company website on a cluster of web servers that are behind a public-facing load balancer. The customer also uses Amazon Route 53 to manage their public DNS. How should the customer configure the DNS zone apex record to point to the load balancer?

Create a CNAME record aliased to the load balancer DNS name.

An AWS customer runs a public blogging website. The site users upload two million blog entries a month The average blog entry size is 200 KB. The access rate to blog entries drops to negligible 6 months after publication and users rarely access a blog entry 1 year after publication. Additionally, blog entries have a high update rate during the first 3 months following publication, this drops to no updates after 6 months. The customer wants to use CloudFront to improve his user's load times. Which of the following recommendations would you make to the customer?

Create a CloudFront distribution with S3 access restricted only to the CloudFront identity and partition the blog entry's location in S3 according to the month it was uploaded to be used with CloudFront behaviors.

You have a content management system running on an Amazon EC2 instance that is approaching 100% CPU utilization. Which option will reduce load on the Amazon EC2 instance?

Create a CloudFront distribution, and configure the Amazon EC2 instance as the origin

You have an application running on an EC2 Instance which will allow users to download flies from a private S3 bucket using a pre-assigned URL. Before generating the URL the application should verify the existence of the file in S3. How should the application use AWS credentials to access the S3 bucket securely?

Create a IAM user for the application with permissions that allow list access to the S3 bucket launch the instance as the IAM user and retrieve the IAM user's credentials from the EC2 instance user data.

You currently operate a web application In the AWS US-East region The application runs on an auto-scaled layer of EC2 instances and an RDS Multi-AZ database Your IT security compliance officer has tasked you to develop a reliable and durable logging solution to track changes made to your EC2.IAM And RDS resources. The solution must ensure the integrity and confidentiality of your log data. Which of these solutions would you recommend?

Create a new CloudTrail trail with one new S3 bucket to store the logs and with the global services option selected Use IAM roles S3 bucket policies and Multi Factor Authentication (MFA) Delete on the S3 bucket that stores your logs.

A company has an AWS account that contains three VPCs (Dev, Test, and Prod) in the same region. Test is peered to both Prod and Dev. All VPCs have non-overlapping CIDR blocks. The company wants to push minor code releases from Dev to Prod to speed up time to market. Which of the following options helps the company accomplish this?

Create a new peering connection Between Prod and Dev along with appropriate routes.

You are implementing AWS Direct Connect. You intend to use AWS public service end points such as Amazon S3, across the AWS Direct Connect link. You want other Internet traffic to use your existing link to an Internet Service Provider. What is the correct way to configure AWS Direct connect for access to services such as Amazon S3?

Create a public interface on your AWS Direct Connect link Redistribute BGP routes into your existing routing infrastructure advertise specific routes for your network to AWS.

After creating a new IAM user which of the following must be done before they can successfully make API calls?

Create a set of Access Keys for the user.

How can an EBS volume that is currently attached to an EC2 instance be migrated from one Availability Zone to another?

Create a snapshot of the volume, and create a new volume from the snapshot in the other AZ.

Which of the following items are required to allow an application deployed on an EC2 instance to write data to a DynamoDB table? Assume that no security keys are allowed to be stored on the EC2 instance.

Create an IAM Role that allows write access to the DynamoDB table., Launch an EC2 Instance with the IAM Role included in the launch configuration.

Your system recently experienced down time during the troubleshooting process. You found that a new administrator mistakenly terminated several production EC2 instances. Which of the following strategies will help prevent a similar situation in the future? The administrator still must be able to: - launch, start stop, and terminate development resources. - launch and start production instances.

Create an IAM user and apply an IAM role which prevents users from terminating production EC2 instances.

An administrator is using Amazon CloudFormation to deploy a three tier web application that consists of a web tier and application tier that will utilize Amazon DynamoDB for storage when creating the CloudFormation template which of the following would allow the application instance access to the DynamoDB tables without exposing API credentials?

Create an Identity and Access Management Role that has the required permissions to read and write from the required DynamoDB table and reference the Role in the instance profile property of the application instance.

A company is running a batch analysis every hour on their main transactional DB. running on an RDS MySQL instance to populate their central Data Warehouse running on Redshift. During the execution of the batch their transactional applications are very slow When the batch completes they need to update the top management dashboard with the new data. The dashboard is produced by another system running on-premises that is currently started when a manually-sent email notifies that an update is required The on-premises system cannot be modified because is managed by another team. How would you optimize this scenario to solve performance issues and automate the process as much as possible?

Create an RDS Read Replica for the batch analysis and SQS to send a message to the on-premises system to update the dashboard.

A web design company currently runs several FTP servers that their 250 customers use to upload and download large graphic files They wish to move this system to AWS to make it more scalable, but they wish to maintain customer privacy and Keep costs to a minimum. What AWS architecture would you recommend?

Create an auto-scaling group of FTP servers with a scaling policy to automatically scale- in when minimum network traffic on the auto-scaling group is below a given threshold. Load a central list of ftp users from S3 as part of the user Data startup script on each Instance.

You launch an Amazon EC2 instance without an assigned AVVS identity and Access Management (IAM) role. Later, you decide that the instance should be running with an IAM role. Which action must you take in order to have a running Amazon EC2 instance with an IAM role assigned to it?

Create an image of the instance, and use this image to launch a new instance with the desired IAM role assigned.

Your team has a tomcat-based Java application you need to deploy into development, test and production environments. After some research, you opt to use Elastic Beanstalk due to its tight integration with your developer tools and RDS due to its ease of management. Your QA team lead points out that you need to roll a sanitized set of production data into your environment on a nightly basis. Similarly, other software teams in your org want access to that same restored data via their EC2 instances in your VPC .The optimal setup for persistence and security that meets the above requirements would be the following

Create your RDS instance as part of your Elastic Beanstalk definition and alter its security group to allow access to it from hosts in your application subnets.

While creating the snapshots using the API, which Action should I be using?

CreateSnapshot

What does the following command do with respect to the Amazon EC2 security groups? ec2-create-group CreateSecurityGroup

Creates a new security group for use with your account.

What happens to the data on an instance if the instance reboots (intentionally or unintentionally)?

Data Persists

You are designing a connectivity solution between on-premises infrastructure and Amazon VPC .Your server's on-premises will be communicating with your VPC instances. You will be establishing IPSec tunnels over the internet. You will be using VPN gateways and terminating the IPsec tunnels on AWS-supported customer gateways. Which of the following objectives would you achieve by implementing an IPSec tunnel as outlined above?

Data encryption across the Internet. Protection of data in transit over the Internet. Peer identity authentication between VPN gateway and customer gateway. Data integrity protection across the Internet.

When an EC2 instance that is backed by an S3-based AMI is terminated, what happens to the data on the root volume?

Data is automatically deleted.

By default, EBS volumes that are created and attached to an instance at launch are deleted when that instance is terminated. You can modify this behavior by changing the value of the flag _____ to false when you launch the instance

DeleteOnTermination

IAM's Policy Evaluation Logic always starts with a default ____________ for every request, except for those that use the AWS account's root security credentials

Deny

Does AWS Direct Connect allow you access to all Availabilities Zones within a Region?

Depends on the type of connection

You have a web application running on six Amazon EC2 instances, consuming about 45% of resources on each instance. You are using auto-scaling to make sure that six instances are running at all times. The number of requests this application processes is consistent and does not experience spikes. The application is critical to your business and you want high availability at all times. You want the load to be distributed evenly between all instances. You also want to use the same Amazon Machine Image (AMI) for all instances. Which of the following architectural choices should you make?

Deploy 3 EC2 instances in one availability zone and 3 in another availability zone and use Amazon Elastic Load Balancer.

Your company is getting ready to do a major public announcement of a social media site on AWS. The website is running on EC2 instances deployed across multiple Availability Zones with a Multi-AZ RDS MySQL Extra Large DB Instance. The site performs a high number of small reads and writes per second and relies on an eventual consistency model. After comprehensive tests you discover that there is read contention on RDS MySQL. Which are the best approaches to meet these requirements?

Deploy ElasticCache in-memory cache running in each availability zone , Increase the RDS MySQL Instance size and Implement provisioned IOPS

A customer is running a multi-tier web application farm in a virtual private cloud (VPC) that is not connected to their corporate network. They are connecting to the VPC over the Internet to manage all of their Amazon EC2 instances running in both the public and private subnets. They have only authorized the bastion-security-group with Microsoft Remote Desktop Protocol (RDP) access to the application instance security groups, but the company wants to further limit administrative access to all of the instances in the VPC. Which of the following Bastion deployment scenarios will meet this requirement?

Deploy a Windows Bastion host with an auto-assigned Public IP address in the public subnet, and allow RDP access to the bastion from only the corporate public IP addresses.

When automatic failover occurs, Amazon RDS will emit a DB Instance event to inform you that automatic failover occurred. You can use the _____ to return information about events related to your DB Instance

DescribeEvents

A corporate web application is deployed within an Amazon Virtual Private Cloud (VPC) and is connected to the corporate data center via an iPsec VPN. The application must authenticate against the on-premises LDAP server. After authentication, each logged-in user can only access an Amazon Simple Storage Space (S3) keyspace specific to that user. Which two approaches can satisfy these objectives?

Develop an identity broker that authenticates against IAM security Token service to assume a IAM role in order to get temporary AWS security credentials The application calls the identity broker to get AWS temporary security credentials with access to the appropriate S3 bucket. The application authenticates against IAM Security Token Service using the LDAP credentials the application uses those temporary AWS security credentials to access the appropriate S3 bucket.

You manually launch a NAT AMI in a public subnet. The network is properly configured. Security groups and network access control lists are property configured. Instances in a private subnet can access the NAT. The NAT can access the Internet. However, private instances cannot access the Internet. What additional step is required to allow access from the private instances?

Disable Source/Destination Check on the NAT instance.

After launching an instance that you intend to serve as a NAT (Network Address Translation) device in a public subnet you modify your route tables to have the NAT device be the target of internet bound traffic of your private subnet. When you try and make an outbound connection to the internet from an instance in the private subnet, you are not successful. Which of the following steps could resolve the issue?

Disabling the Source/Destination Check attribute on the NAT instance

What is the maximum write throughput I can provision for a single Dynamic DB table?

Dynamic DB is designed to scale without limits, but if you go beyond 10,000 you have to contact AWS first.

What storage type enable permanent attachment of volumes to EC2 instances?

EBS

EBS Magnetic (Previous Generation)

EBS Magnetic volumes hard disk drives (HDDs) and can be used for workloads with smaller datasets where data is accessed infrequently or when performance consistency isn't of primary importance. EBS Magnetic volumes provide approximately 100 IOPS on average, with an ability to burst to hundreds of IOPS, and support volumes from 1GB to 1TB in size.

What is the default behavior for an EC2 instance when terminated? (Select two)

EBS data volumes that you attach at launch persist ; EBS root device volume is automatically deleted when instance terminates

What two features are supported with EBS volume Snapshot feature?

EBS replication across regions, EBS multi-zone replication

What feature is supported when attaching or detaching an EBS volume from an EC2 instance?

EBS volume can only be attached and detached to an EC2 instance in the same Availability Zone

What Amazon AWS sources are available for creating an EBS-Backed Linux AMI? (select two)

EC2 instance, EBS snapshot

What is the management responsibility of tenants and not Amazon AWS?

EC2 instances ; NAT instance

What three services enable Single-AZ as a default?

EC2, ELB, Auto-Scaling

You have developed a web-based application for file sharing that will allow customers to access files. There are a variety of sizes that include larger .pdf and video files. What two solution stacks could tenants use for an online file sharing service? (Select two)

EC2, ELB, Auto-Scaling, S3; CloudFront

You need to pass a custom script to new Amazon Linux instances created in your Auto Scaling group. Which feature allows you to accomplish this?

EC2Config service

Which of the following are characteristics of Amazon VPC subnets?

Each subnet maps to a single Availability Zone., Instances in a private subnet can communicate with the Internet only if they have an Elastic IP.

By default, when an EBS volume is attached to a Windows instance, it may show up as any drive letter on the instance. You can change the settings of the _____ Service to set the drive letters of the EBS volumes per your specifications.

Ec2Config Service

What does Amazon EBS stand for?

Elastic Block Store

What's an ECU?

Elastic Compute Unit.

If I want an instance to have a public IP address, which IP address should I use?

Elastic IP Address

Please select the Amazon EC2 resource which cannot be tagged.

Elastic IP addresses

What AWS service automatically publishes access logs every five minutes?

Elastic Load Balancer

What does Amazon ELB stand for?

Elastic Load Balancing

Which of the following features ensures even distribution of traffic to Amazon EC2 instances in multiple Availability Zones registered with a load balancer?

Elastic Load Balancing request routing

A company is building a two-tier web application to serve dynamic transaction-based content. The data tier is leveraging an Online Transactional Processing (OLTP) database. What services should you leverage to enable an elastic and scalable web tier?

Elastic Load Balancing, Amazon EC2, and Auto Scaling

Your website is serving on-demand training videos to your workforce. Videos are uploaded monthly in high resolution MP4 format. Your workforce is distributed globally often on the move and using company-provided tablets that require the HTTP Live Streaming (HLS) protocol to watch a video. Your company has no video transcoding expertise and it required you may need to pay for a consultant. How do you implement the most cost-efficient architecture without compromising high availability and quality of video delivery'?

Elastic Transcoder to transcode original high-resolution MP4 videos to HLS S3 to host videos with Utecycle Management to archive original flies to Glacier after a few days CloudFront to serve HLS transcoded videos from S3

Which of the following notification endpoints or clients are supported by Amazon Simple Notification Service?

Email, Short Message Service

A customer needs to capture all client connection information from their load balancer every five minutes. The company wants to use this data for analyzing traffic patterns and troubleshooting their applications. Which of the following options meets the customer requirements?

Enable AWS CloudTrail for the load balancer.

Network ACLs are NOT stateless. True or False?

False: they are stateless

A customer wants to track access to their Amazon Simple Storage Service (S3) buckets and also use this information for their internal security and access audits. Which of the following will meet the Customer requirement?

Enable AWS CloudTrail to audit all Amazon S3 bucket access.

A company is building software on AWS that requires access to various AWS services. Which configuration should be used to ensure mat AWS credentials (i.e., Access Key ID/Secret Access Key combination) are not compromised?

Enable Multi-Factor Authentication for your AWS root account.

Typically, you want your application to check whether a request generated an error before you spend any time processing results. The easiest way to find out if an error occurred is to look for an __________ node in the response from the Amazon RDS API.

Error

A company has configured and peered two VPCs: VPC-1 and VPC-2. VPC-1 contains only private subnets, and VPC-2 contains only public subnets. The company uses a single AWS Direct Connect connection and private virtual interface to connect their on-premises network with VPC-1. Which two methods increases the fault tolerance of the connection to VPC-1?

Establish a hardware VPN over the internet between VPC-1 and the on-premises network., Establish a new AWS Direct Connect connection and private virtual interface in the same region as VPC-2.

Amazon Data Pipeline (plain english)

Extract, Transform and Load data from elsewhere in AWS. Schedule when it happens and get alerts when they fail.

REST or Query requests are HTTP or HTTPS requests that use an HTTP verb (such as GET or POST) and a parameter named Action or Operation that specifies the API you are calling.

FALSE

True or False: Common points of failures like generators and cooling equipment are shared across Availability Zones.

FALSE

True or False: When you add a rule to a DB security group, you do not need to specify port number or protocol.

FALSE

Your company has an on-premises multi-tier PHP web application, which recently experienced downtime due to a large burst In web traffic due to a company announcement Over the coming days, you are expecting similar announcements to drive similar unpredictable bursts, and are looking to find ways to quickly improve your infrastructures ability to handle unexpected increases in traffic. The application currently consists of 2 tiers a web tier which consists of a load balancer and several Linux Apache web servers as well as a database tier which hosts a Linux server hosting a MySQL database. Which scenario below will provide full site functionality, while helping to improve the ability of your application in the short timeframe required?

Failover environment: Create an S3 bucket and configure it tor website hosting Migrate your DNS to Route53 using zone (lie import and leverage Route53 DNS failover to failover to the S3 hosted website.

In the Amazon cloudwatch, which metric should I be checking to ensure that your DB Instance has enough free storage space?

FreeStorageSpace

A customer has a single 3-TB volume on-premises that is used to hold a large repository of images and print layout files. This repository is growing at 500 GB a year and must be presented as a single logical volume. The customer is becoming increasingly constrained with their local storage capacity and wants an off-site backup of this data, while maintaining low-latency access to their frequently accessed data. Which AWS Storage Gateway configuration meets the customer requirements?

Gateway-Virtual Tape Library with snapshots to Amazon Glacier

EBS - General Purpose SSD

General Purpose SSD volume that balances price performance for a wide variety of transactional workloads. Used for Boot volumes, low-latency interactive apps, dev & test

Amazon Snowball (plain english)

Get a bunch of hard drives you can attach to your network to make getting large amounts (Terabytes of Data) into and out of AWS

Amazon Management Services - CloudWatch (plain english)

Get alerts about AWS services messing up or disconnecting.

Amazon Code Deploy (plain english)

Get your code from your CodeCommit repo (or Github) onto a bunch of EC2 instances in a sane way.

Amazon Cognito (plain english)

Give end users - (non AWS) - the ability to log in with Google, Facebook, etc.

Amazon WorkMail (plain english)

Give everyone in your company the same email system and calendar.

Amazon Service Catalog (plain english)

Give other AWS users in your group access to preset apps

Amazon WorkSpaces (plain english)

Gives you a standard windows desktop that you're remotely controlling.

Amazon RDS supports SOAP only through __________.

HTTPS

While signing in REST/ Query requests, for additional security, you should transmit your requests using Secure Sockets Layer (SSL) by using _________

HTTPS

Select two difference between HVM and PV virtualization types?

HVM supports all current generation instance types ; HVM is similar to bare metal hypervisor architecture

Amazon Management Services - OpsWorks (plain english)

Handle running your application with things like auto-scaling.

EBS - Provisioned IOPS SSD

Highest performance SSD volume designed for latency-sensitive transactional workloads. Used for I/O-intensive NoSQL and relational databases.

Hybrid Cloud

Hybrid cloud computing refers to policy-based and coordinated service provisioning, use and management across a mixture of internal and external cloud services. AWS offers integrated networking, security and access controls, data integration and life-cycle management, and resource and deployment management capabilities to enable hybrid architectures.

What happens to the I/O operations while you take a database snapshot?

I/O operations to the database are suspended for a few minutes while the backup is in progress.

What happens to the I/O operations while you take a database snapshot? (3)

I/O operations to the database are suspended for a few minutes while the backup is in progress.

Which of the following cannot be used in Amazon EC2 to control who has access to specific Amazon EC2 instances?

IAM System

When should I choose Provisioned IOPS over Standard RDS storage?

If you use production online transaction processing (OLTP) workloads.

When should I choose Provisioned IOPS over Standard RDS storage? (3)

If you use production online transaction processing (OLTP) workloads.

Changes to the backup window take effect ______.

Immediately

You have an EC2 Security Group with several running EC2 instances. You change the Security Group rules to allow inbound traffic on a new port and protocol, and launch several new instances in the same Security Group. The new rules apply:

Immediately to all instances in the security group.

How are the EBS snapshots saved on Amazon S3?

Incrementally

Amazon Kinesis (plain english)

Ingest lots of data very quickly (for things like analytics or people retweeting Kanye) that you then later use other AWS services to analyze.

Amazon RDS automated backups and DB Snapshots are currently supported for only the ______ storage engine

InnoDB

Amazon RDS automated backups and DB Snapshots are currently supported for only the __________ storage engine

InnoDB

Read Replicas require a transactional storage engine and are only supported for the _________ storage engine

InnoDB

Which Amazon Elastic Compute Cloud feature can you query from within the instance to access instance properties?

Instance metadata

You have been asked to design the storage layer for an application. The application requires disk performance of at least 100,000 IOPS in addition, the storage layer must be able to survive the loss of an individual disk. EC2 instance, or Availability Zone without any data loss. The volume you provide must have a capacity of at least 3 TB. Which of the following designs will meet these objectives'?

Instantiate a c3 8xlarge instance in us-east-i provision 4x1TB EBS volumes, attach them to the instance, and configure them as a single RAID 5 volume Ensure that EBS snapshots are performed every 15 minutes.

Which DNS name can only be resolved within Amazon EC2?

Internal DNS name

What VPC component provides Network Address Translation?

Internet gateway

What are the minimum components required to enable a web-based application with public web servers and a private database tier? (select three)

Internet gateway; Assign database instances to private subnet and private IP addressing ; Assign EIP and private IP addressing to web servers on public subnet

What does the AWS Storage Gateway provide?

It allows to integrate on-premises IT environments with Cloud Storage.

Which of the following are characteristics of a reserved instance?

It can be applied to instances launched by Auto Scaling, It is specific to an instance Type, It can be used to lower Total Cost of Ownership (TCO) of a system

What does the "Server Side Encryption" option on Amazon S3 provide?

It provides an encrypted virtual disk in the Cloud.

Elastic Map Reduce (plain english)

Iterate over massive text files of raw data that you're keeping in S3.

Amazon Management Services - Config (plain english)

Keep from going insane if you have a large AWS setup and changes are happening that you want to track.

If you want to launch Amazon Elastic Compute Cloud (EC2) instances and assign each instance a predetermined private IP address you should:

Launch the instances in the Amazon Virtual Private Cloud (VPC).

What is the Reduced Redundancy option in Amazon S3?

Less redundancy for a lower cost.

Amazon Management Services - CloudTrail (plain english)

Log who is doing what in your AWS stack (API calls).

EBS - Throughput Optimized HDD

Low cost HDD volume designed for frequently accessed, throughput intensive workloads. Used for Big data, data warehouses, log processing.

You are running a news website in the eu-west-1 region that updates every 15 minutes. The website has a world-wide audience it uses an Auto Scaling group behind an Elastic Load Balancer and an Amazon RDS database Static content resides on Amazon S3, and is distributed through Amazon CloudFront. Your Auto Scaling group is set to trigger a scale up event at 60% CPU utilization, you use an Amazon RDS extra large DB instance with 10.000 Provisioned IOPS its CPU utilization is around 80%. While freeable memory is in the 2 GB range. Web analytics reports show that the average load time of your web pages is around 1 5 to 2 seconds, but your SEO consultant wants to bring down the average load time to under 0.5 seconds. How would you improve page load times for your users?

Lower the scale up trigger of your Auto Scaling group to 30% so it scales more aggressively. Add an Amazon ElastiCache caching layer to your application for storing sessions and frequent DB queries. Switch Amazon RDS database to the high memory extra large Instance type.

EBS - Cold HDD

Lowest cost HDD volume designed for less frequently accessed workloads. Used for Colder data requiring fewer scans per day.

M4

M4 family is the latest generation of General Purpose Instances. This family provides a balance of compute, memory, and network resources.

Which of the following approaches provides the lowest cost for Amazon Elastic Block Store snapshots while giving you the ability to fully restore data?

Maintain a single snapshot the latest snapshot is both Incremental and complete.

Amazon Glacier (plain english)

Make backups of your backups that you keep on S3. Also, beware the cost of getting data back out in a hurry. For long term archiving.

Amazon CloudFront (plain english)

Make your websites load faster by spreading out static file delivery to be closer to where your users are.

Per the AWS Acceptable Use Policy, penetration testing of EC2 instances:

May be performed by the customer on their own instances with prior authorization from AWS.

Which of the following requires a custom CloudWatch metric to monitor?

Memory Utilization of an EC2 instance

A newspaper organization has a on-premises application which allows the public to search its back catalogue and retrieve individual newspaper pages via a website written in Java They have scanned the old newspapers into JPEGs (approx 17TB) and used Optical Character Recognition (OCR) to populate a commercial search product. The hosting platform and software are now end of life and the organization wants to migrate Its archive to AWS and produce a cost efficient architecture and still be designed for availability and durability Which is the most appropriate?

Model the environment using CloudFormation use an EC2 instance running Apache webserver and an open source search application, stripe multiple standard EBS volumes together to store the JPEGs and search index.

Amazon Elastic Beanstalk (plain english)

Move your app hosted on Heroku to AWS when it gets too expensive.

A customer is leveraging Amazon Simple Storage Service in eu-west-1 to store static content for a web-based property. The customer is storing objects using the Standard Storage class. Where are the customers objects replicated?

Multiple facilities in eu-west-1

What are the advantages of NAT gateway over NAT instance? (Select two)

NAT gateway is scalable; NAT gateways is a managed service

Does Amazon RDS for SQL Server currently support importing data into the msdb database?

NO

Will my standby RDS instance be in the same Availability Zone as my primary?

NO

Can I move a Reserved Instance from one Region to another?

No

Can a 'user' be associated with multiple AWS accounts?

No

Can the string value of 'Key' be prefixed with :aws:"?

No

Can the string value of 'Key' be prefixed with laws?

No

Can we attach an EBS volume to more than one EC2 instance at the same time?

No

Can we attach an EBS volume to more than one EC2 instance at the same time? (4)

No

Does Amazon RDS allow direct host access via Telnet, Secure Shell (SSH), or Windows Remote Desktop Connection?

No

If an Amazon EBS volume is the root device of an instance, can I detach it without stopping the instance?

No

Is Federated Storage Engine currently supported by Amazon RDS for MySQL?

No

Is creating a Read Replica of another Read Replica supported?

No

Is creating a Read Replica of another Read Replica supported? (4)

No

Is decreasing the storage size of a DB Instance permitted?

No

Is there a method in the IAM system to allow or deny access to a specific instance?

No

When running my DB Instance as a Multi-AZ deployment, can I use the standby for read or write operations?

No

What is the charge for the data transfer incurred in replicating data between your primary and standby?

No charge. It is free

What is the minimum charge for the data transferred between Amazon RDS and Amazon EC2 Instances in the same Availability Zone?

No charge. It is free.

Every user you create in the IAM system starts with _________.

No permissions

Your application is using an ELB in front of an Auto Scaling group of web/application servers deployed across two AZs and a Multi-AZ RDS Instance for data persistence. The database CPU is often above 80% usage and 90% of I/O operations on the database are reads. To improve performance you recently added a single-node Memcached ElastiCache Cluster to cache frequent DB query results. In the next weeks the overall workload is expected to grow by 30%. Do you need to change anything in the architecture to maintain the high availability or the application with the anticipated additional load'* Why?

No. if the cache node fails the automated ElastiCache node recovery feature will prevent any availability impact.

Which set of Amazon S3 features helps to prevent and recover from accidental data loss?

Object versioning and Multi-factor authentication

If I scale the storage capacity provisioned to my DB Instance by mid of a billing month, how will I be charged?

On a probation basis

EC2 Pricing Models (On Demand)

On-Demand instances allows for payment of compute capacity by the hour with no long-term commitments or upfront payments. Clients can increase or decrease compute capacity depending on the demands of the application and only pay the specified hourly rate for the instances they use.

What is the minimum time Interval for the data that Amazon CloudWatch receives and aggregates?

One minute

After an Amazon VPC instance is launched, can I change the VPC security groups it belongs to? (3)

Only if you are the root user

Can I initiate a "forced failover" for my MySQL Multi-AZ DB Instance deployment?

Only in certain regions

In the Amazon RDS Oracle DB engine, the Database Diagnostic Pack and the Database Tuning Pack are only available with ______________

Oracle Enterprise Edition

VPC (plain english)

Overcome objections that "all our stuff is on the internet!" by adding an additional layer of security. Makes it appear as if all of your AWS services are on the same little network instead of being small pieces in a much bigger network.

Amazon Direct Connect (plain english)

Pay your Telco + AWS to get a dedicated leased line from your data center or network to AWS. Cheaper than Internet out for Data.

When using consolidated billing there are two account types. What are they?

Paying account and Linked account

What will be the status of the snapshot until the snapshot is complete.

Pending

The Trusted Advisor service provides insight regarding which four categories of an AWS account?

Performance, cost optimization, security, and fault tolerance

In order to optimize performance for a compute cluster that requires low inter-node latency, which of the following feature should you use?

Placement Groups

Amazon Machine Learning (plain english)

Predict future behavior from existing data for problems like fraud detection or "people that bought x also bought y."

What does specifying the mapping /dev/sdc=none when launching an instance do?

Prevents /dev/sdc from attaching to the instance.

All Amazon EC2 instances are assigned two IP addresses at launch, out of which one can only be reached from within the Amazon EC2 network?

Private IP address

Burstable Performance Instances

Provide a baseline level of CPU performance with the ability to burst above the baseline.

Amazon API Gateway (plain english)

Proxy your apps API through this so you can throttle bad client traffic, test new versions, and present methods more cleanly.

Amazon CloudSearch (plain english)

Pull in data on S3 or in RDS and then search it for every instance of 'Jimmy.'

You require the ability to analyze a customer's clickstream data on a website so they can do behavioral analysis. Your customer needs to know what sequence of pages and ads their customer clicked on. This data will be used in real time to modify the page layouts as customers click through the site to increase stickiness and advertising click-through. Which option meets the requirements for captioning and analyzing this data?

Push web clicks by session to Amazon Kinesis and analyze behavior using Kinesis workers

Amazon EC2 Container Service (plain english)

Put a Dockerfile into an EC2 instance so you can run a website.

Amazon AppStream (plain english)

Put a copy of a Windows application on a Windows machine that people get remote access to.

R3

R3 instances are optimized for memory-intensive applications and have the lowest cost per GiB of RAM among Amazon EC2 instance types. These memory-optimized instances are recommended for high performance databases, distributed memory caches, in-memory analytics, genome assembly and analysis, larger deployments of SAP, Microsoft SharePoint, and other enterprise applications.

Out of the stripping options available for the EBS volumes, which one has the following disadvantage : 'Doubles the amount of I/O required from the instance to EBS compared to RAID 0, because you're mirroring all writes to a pair of volumes, limiting how much you can stripe.' ?

RAID 1+0 (RAID 10)

You are designing a photo sharing mobile app the application will store all pictures in a single Amazon S3 bucket. Users will upload pictures from their mobile device directly to Amazon S3 and will be able to view and download their own pictures directly from Amazon S3. You want to configure security to handle potentially millions of users in the most secure manner possible. What should your server-side application do when a new user registers on the photo-sharing mobile application?

Record the user's Information in Amazon RDS and create a role in IAM with appropriate permissions. When the user uses their mobile app create temporary credentials using the AWS Security Token Service 'AssumeRole' function Store these credentials in the mobile app's memory and use them to access Amazon S3 Generate new credentials the next time the user runs the mobile app.

What does RRS stand for when talking about S3?

Reduced Redundancy Storage

What does Amazon RDS stand for?

Relational Database Service.

You run an ad-supported photo sharing website using S3 to serve photos to visitors of your site. At some point you find out that other sites have been linking to the photos on your site, causing loss to your business. What is an effective method to mitigate this?

Remove public read access and use signed URLs with expiry dates.

What does the following command do with respect to the Amazon EC2 security groups? ec2-revoke RevokeSecurityGroupIngress

Removes one or more rules from a security group.

It is advised that you watch the Amazon CloudWatch "_____" metric (available via the AWS Management Console or Amazon Cloud Watch APIs) carefully and recreate the Read Replica should it fall behind due to replication errors.

Replica Lag

Select the most correct answer: The device name /dev/sda1 (within Amazon EC2) is _____

Reserved for the root device

Can Amazon S3 uploads resume on failure or do they need to restart?

Resume on failure

You would like to create a mirror image of your production environment in another region for disaster recovery purposes. Which of the following AWS resources do not need to be recreated in the second region?

Route 53 Record Sets, Elastic IP Addresses (EIP)

Amazon CodePipeline (plain english)

Run automated tests on your code and then do stuff with it depending on if it passes those tests.

Amazon Lambda (plain english)

Run little self contained snippets of JS, Java or Python to do discrete tasks. Sort of a combination of a queue and execution in one. Used for storing and then executing changes to your AWS setup or responding to events in S3 or DynamoDB.

What are characteristics of Amazon S3?

S3 allows you to store unlimited amounts of data., S3 should be used to host a relational database.

What two options are available to alert tenants when an EC2 instance is terminated?

SNS, Lambda function

The Amazon EC2 web service can be accessed using the _____ web services messaging protocol. This interface is described by a Web Services Description Language (WSDL) document.

SOAP

Because of the extensibility limitations of striped storage attached to Windows Server, Amazon RDS does not currently support increasing storage on a _____ DB Instance.

SQL Server

Because of the extensibility limitations of striped storage attached to Windows Server, Amazon RDS does not currently support increasing storage on a _____ DB Instance. (3)

SQL Server

A company has a workflow that sends video files from their on-premise system to AWS for transcoding. They use EC2 worker instances that pull transcoding jobs from SQS. Why is SQS an appropriate service for this scenario?

SQS helps to facilitate horizontal scaling of encoding tasks.

What is the charge for the data transfer incurred in replicating data between your primary and standby?

Same as the standard data transfer charge

Amazon Management Services - Inspector (plain english)

Scans your AWS setup to determine if you've setup it up in an insecure way

While creating an Amazon RDS DB, your first task is to set up a DB ______ that controls what IP addresses or EC2 instances have access to your DB Instance.

Security Group

You are tasked with setting up a Linux bastion host for access to Amazon EC2 instances running in your VPC. Only clients connecting from the corporate external public IP address 72.34.51.100 should have SSH access to the host. Which option will meet the customer requirement?

Security Group Inbound Rule: Protocol - TCP. Port Range - 22, Source 72.34.51.100/32

In AWS, which security aspects are the customer's responsibility?

Security Group and ACL (Access Control List) settings, Patch management on the EC2 instance's operating system, Life-cycle management of IAM credentials, Encryption of EBS (Elastic Block Storage) volumes

Select the correct set of steps for exposing the snapshot only to specific AWS accounts

SelectPublic, enter the IDs of those AWS accounts, and clickSave.

An Auto-Scaling group spans 3 AZs and currently has 4 running EC2 instances. When Auto Scaling needs to terminate an EC2 instance by default, AutoScaling will:

Send an SNS notification, if configured to do so., Randomly select one of the 3 AZs, and then terminate an instance in that AZ.

Amazon SNS (Simple Notification Service) - plain english

Send mobile notifications, emails and/or SMS messages

Amazon SES (Simple Email Service) - plain english

Send one-off emails like password resets, notifications, etc. You could use it to send a newsletter if you wrote all the code, but that's not a great idea.

Your company hosts a social media site supporting users in multiple countries. You have been asked to provide a highly available design tor the application that leverages multiple regions tor the most recently accessed content and latency sensitive portions of the wet) site. The most latency sensitive component of the application involves reading user preferences to support web site personalization and ad selection. In addition to running your application in multiple regions, which option will support this application's requirements?

Serve user content from S3. CloudFront and use Route53 latency-based routing between ELBs in each region Retrieve user preferences from a local DynamoDB table in each region and leverage SQS to capture changes to user preferences with SOS workers for propagating updates to each table.

Which features can be used to restrict access to data in S3?

Set an S3 bucket policy. Enable IAM Identity Federation

You need to configure an Amazon S3 bucket to serve static assets for your public-facing web application. Which methods ensure that all objects uploaded to the bucket are set to public read? Choose 2 answers

Set permissions on the object to public read during upload., Configure the bucket policy to set all objects to public read.

Amazon Management Services - CloudFormation (plain english)

Set up a bunch of connected AWS services in one go.

IAM

Set up additional users, set up new AWS Keys and policies.

Your fortune 500 company has undertaken a TCO analysis evaluating the use of Amazon S3 versus acquiring more hardware. The outcome was that all employees would be granted access to use Amazon S3 for storage of their personal documents. Which of the following will you need to consider so you can set up a solution that incorporates single sign-on from your corporate AD or LDAP directory and restricts access for each user to a designated user folder in a bucket?

Setting up a federation proxy or identity provider. Using AWS Security Token Service to generate temporary tokens. Tagging each folder in the bucket.

You are developing a new mobile application and are considering storing user preferences in AWS.2w This would provide a more uniform cross-device experience to users using multiple mobile devices to access the application. The preference data for each user is estimated to be 50KB in size Additionally 5 million customers are expected to use the application on a regular basis. The solution needs to be cost-effective, highly available, scalable and secure, how would you design a solution to meet the above requirements?

Setup a DynamoDB table with an item for each user having the necessary attributes to hold the user preferences. The mobile application will query the user preferences directly from the DynamoDB table. Utilize STS. Web Identity Federation, and DynamoDB Fine Grained Access Control to authenticate and authorize access.

____________ embodies the "share-nothing" architecture and essentially involves breaking a large database into several smaller databases. Common ways to split a database include 1) splitting tables that are not joined in the same query onto different hosts or 2) duplicating a table across multiple hosts and then using a hashing algorithm to determine which host receives a given update.

Sharding

Amazon WorkDocs (plain english)

Share Word Docs with your colleagues.

What does Amazon SES stand for?

Simple Email Service

S3

Simple Storage Service

Object Storage

Simple Storage Service (S3): A storage web service that provide storage through web services interfaces such as REST, SOAP and BitTorrent. Amazon intends to allow users to reduce storage cost by maximizing the benefits of economies of scale.

What does Amazon S3 stand for?

Simple Storage Service.

What does Amazon SWF stand for?

Simple Work Flow

Amazon Cognito

Single user identity and data synchronization service Helps manage and synch app data for users across their mobile devices Create unique identities for users through public login providers (Facebook, google, amazon) and support unathenticated guests Save any kind of data in the AWS cloud without writing any backend code or managing infrastructure.

An existing application stores sensitive information on a non-boot Amazon EBS data volume attached to an Amazon Elastic Compute Cloud instance. Which of the following approaches would protect the sensitive data on an Amazon EBS volume?

Snapshot the current Amazon EBS volume. Restore the snapshot to a new, encrypted Amazon EBS volume. Mount the Amazon EBS volume

You have a distributed application that periodically processes large volumes of data across multiple Amazon EC2 Instances. The application is designed to recover gracefully from Amazon EC2 instance failures. You are required to accomplish this task in the most cost- effective way. Which of the following will meet your requirements?

Spot Instances

You have a video transcoding application running on Amazon EC2. Each instance polls a queue to find out which video should be transcoded, and then runs a transcoding process. If this process is interrupted, the video will be transcoded by another instance based on the queuing system. You have a large backlog of videos which need to be transcoded and would like to reduce this backlog by adding more instances. You will need these instances only until the backlog is reduced. Which type of Amazon EC2 instances should you use to reduce the backlog in the most cost efficient way?

Spot Instances

EC2 Pricing Models (Spot Instances)

Spot instances provide the ability for customers to purchase compute capacity with no upfront commitment and at hourly rates usually lower than the On-Demand rate. Spot instances allow clients to specify the maximum hourly price that they are willing to pay to run a particular instance type. Amazon EC2 sets a Spot Price for each instance type in each Availability Zone, which is the price all customers will pay to run a Spot instance for that given period. The Spot Price fluctuates based on supply and demand for instances, but customers will never pay more than the maximum price they have specified. If the Spot Price moves higher than a customer's maximum price, the customer's instance will be shut down by Amazon EC2. Other than those differences, Spot instances perform exactly the same as On-Demand or Reserved Instances.

If I write the below command, what does it do? ec2-run ami-e3a5408a -n 20 -g appserver

Start twenty instances as members of appserver group.

Amazon Storage Gateway (plain english)

Stop buying more storage to keep Word Docs on. Make automating getting files into S3 from your corporate network easier.

Before I delete an EBS volume, what can I do if I want to recreate the volume later?

Store a snapshot of the volume

Amazon Redshift (plain english)

Store a whole bunch of analytics data, do some processing, and dump it out.

Amazon SQS (plain english)

Store data for future processing in a queue. The lingo for this is storing "messages" but it doesn't have anything to do with email or SMS. SQS doesn't have any logic, it's just a place to put things and take things out.

Which of the following are use cases for Amazon DynamoDB?

Storing JSON documents., Running relational joins and complex updates., Storing large amounts of infrequently accessed data.

Which of the following are true regarding encrypted Amazon Elastic Block Store (EBS) volumes?

Supported on all Amazon EBS volume types , Snapshots are automatically encrypted

T2

T2 instances are Burstable Performance Instances that provide a baseline level of CPU performance with the ability to burst above the baseline. The baseline performance and ability to burst are governed by CPU Credits. Each T2 instance receives CPU Credits continuously at a set rate depending on the instance size. T2 instances accrue CPU Credits when they are idle, and use CPU credits when they are active. T2 instances are a good choice for workloads that don't use the full CPU often or consistently, but occasionally need to burst (e.g. web servers, developer environments and small databases).

Amazon EC2 has no Amazon Resource Names (ARNs) because you can't specify a particular Amazon EC2 resource in an IAM policy.

TRUE

Provisioned IOPS Costs: you are charged for the IOPS and storage whether or not you use them in a given month.

TRUE

The new DB Instance that is created when you promote a Read Replica retains the backup window period.

TRUE

True or False: Automated backups are enabled by default for a new DB Instance.

TRUE

True or False: If you add a tag that has the same key as an existing tag on a DB Instance, the new value overwrites the old value.

TRUE

True or False: Manually created DB Snapshots are deleted after the DB Instance is deleted.

TRUE

True or False: When using IAM to control access to your RDS resources, the key names that can be used are case sensitive. For example, aws:CurrentTime is NOT equivalent to AWS:currenttime.

TRUE

True or False: When you perform a restore operation to a point in time or from a DB Snapshot, a new DB Instance is created with a new endpoint.

TRUE

True or False: Without IAM, you cannot control the tasks a particular user or system can do and what AWS resources they might use.

TRUE

When you use the AWS Management Console to delete an IAM user, IAM also deletes any signing certificates and any access keys belonging to the user.

TRUE

When you view the block device mapping for your instance, you can see only the EBS volumes, not the instance store volumes.

TRUE

Fill in the blanks: _________ let you categorize your EC2 resources in different ways, for example, by purpose, owner, or environment.

Tags

An ERP application is deployed across multiple AZs in a single region. In the event of failure, the Recovery Time Objective (RTO) must be less than 3 hours, and the Recovery Point Objective (RPO) must be 15 minutes the customer realizes that data corruption occurred roughly 1.5 hours ago. What DR strategy could be used to achieve this RTO and RPO in the event of this kind of failure?

Take hourly DB backups to EC2 Instance store volumes with transaction logs stored In S3 every 5 minutes.

By default what are ENIs that are automatically created and attached to instances using the EC2 console set to do when the attached instance terminates?

Terminate

Amazon Device Farm

Test your app on a bunch of different IOS and Android devices simultaneously.

DNS

The Domain Name System (DNS) is a hierarchical decentralized naming system for computers, services, or any resource connected to the Internet or a private network. AWS provides a service called Route 53 - A scalable DNS that helps businesses and developers to effectively route their end users in Internet applications by translating website addresses to the IP addresses.

Your web application front end consists of multiple EC2 instances behind an Elastic Load Balancer. You configured ELB to perform health checks on these EC2 instances, if an instance fails to pass health checks, which statement will be true?

The ELB stops sending traffic to the instance that failed its health check.

Please select the most correct answer regarding the persistence of the Amazon Instance Store

The data on an instance store volume is lost when the security group rule of the associated instance is changed.

You have launched an Amazon Elastic Compute Cloud (EC2) instance into a public subnet with a primary private IP address assigned, an internet gateway is attached to the VPC, and the public route table is configured to send all Internet-based traffic to the Internet gateway. The instance security group is set to allow all outbound traffic but cannot access the internet. Why is the Internet unreachable from this instance?

The instance does not have a public IP address.

You have a load balancer configured for VPC, and all back-end Amazon EC2 instances are in service. However, your web browser times out when connecting to the load balancer's DNS name. Which options are probable causes of this behavior?

The load balancer was not configured to use a public subnet with an Internet gateway configured, The security groups or network ACLs are not property configured for web traffic.

A large real-estate brokerage is exploring the option o( adding a cost-effective location based alert to their existing mobile application The application backend infrastructure currently runs on AWS Users who opt in to this service will receive alerts on their mobile device regarding real-estate otters in proximity to their location. For the alerts to be relevant delivery time needs to be in the low minute count the existing mobile app has 5 million users across the us Which one of the following architectural suggestions would you make to the customer?

The mobile application will submit its location to a web service endpoint utilizing Elastic Load Balancing and EC2 instances: DynamoDB will be used to store and retrieve relevant otters EC2 instances will communicate with mobile earners/device providers to push alerts back to mobile application.

An instance is launched into a VPC subnet with the network ACL configured to allow all inbound traffic and deny all outbound traffic. The instance's security group is configured to allow SSH from any IP address and deny all outbound traffic. What changes need to be made to allow SSH access to the instance?

The outbound network ACL needs to be modified to allow outbound traffic.

If I have multiple Read Replicas for my master DB Instance and I promote one of them, what happens to the rest of the Read Replicas?

The remaining Read Replicas will still replicate from the older master DB Instance

You have launched an EC2 instance with four (4) 500 GB EBS Provisioned IOPS volumes attached The EC2 Instance Is EBS-Optimized and supports 500 Mbps throughput between EC2 and EBS The two EBS volumes are configured as a single RAID o device, and each Provisioned IOPS volume is provisioned with 4.000 IOPS (4 000 16KB reads or writes) for a total of 16.000 random IOPS on the instance The EC2 Instance initially delivers the expected 16 000 IOPS random read and write performance Sometime later in order to increase the total random I/O performance of the instance, you add an additional two 500 GB EBS Provisioned IOPS volumes to the RAID Each volume Is provisioned to 4.000 IOPs like the original four for a total of 24.000 IOPS on the EC2 instance Monitoring shows that the EC2 instance CPU utilization increased from 50% to 70%. but the total random IOPS measured at the instance level does not increase at all. What is the problem and a valid solution?

The standard EBS instance root volume limits the total IOPS rate, change the instant root volume to also be a 500GB 4.000 Provisioned IOPS volume.

Amazon EC2 provides a repository of public data sets that can be seamlessly integrated into AWS cloud-based applications.What is the monthly charge for using the public data sets?

There is no charge for using the public data sets

Amazon S3 Access Control Lists (ACLs)

These enable you to manage access to buckets and objects. Each bucket and object has an ACL attached to it as a subresource. It defines which AWS accounts or groups are granted access and the type of access. When a request is received against a resource, Amazon S3 checks the corresponding ACL to verify the requester has the necessary access permissions.

G2

This family includes G2 instances intended for graphics and general purpose GPU compute applications.

I2

This family includes the High Storage Instances that provide very fast SSD-backed instance storage optimized for very high random I/O performance, and provide high IOPS at a low cost.

M3

This family includes the M3 instance types and provides a balance of compute, memory, and network resources.

Fill in the blanks: The base URI for all requests for instance metadata is ___________

http://169.254.169.254/latest/

How many relational database engines does RDS currently support?

Three: MySQL, Oracle and Microsoft SQL Server.

Amazon Directory Service

Tie together other apps that need a Microsoft Active Directory to control them.

Amazon Mobile Analytics (plain english)

Track what people are doing inside of your app.

In the Launch Db Instance Wizard, where can I select the backup and maintenance options?

Under MANAGEMENT OPTIONS

A customer needs corporate IT governance and cost oversight of all AWS resources consumed by its divisions. The divisions want to maintain administrative control of the discrete AWS resources they consume and keep those resources separate from the resources of other divisions. Which of the following options, when used together will support the autonomy/control of divisions while enabling corporate IT to maintain governance and cost oversight?

Use AWS Consolidated Billing to link the divisions' accounts to a parent corporate account. Write all child AWS CloudTrail and Amazon CloudWatch logs to each child account's Amazon S3 'Log' bucket.

A US-based company is expanding their web presence into Europe. The company wants to extend their AWS infrastructure from Northern Virginia (us-east-1) into the Dublin (eu-west- 1) region. Which of the following options would enable an equivalent experience for users on both continents?

Use Amazon Route 53, and apply a weighted routing policy to distribute traffic across both regions.

You have an application running on an Amazon Elastic Compute Cloud instance, that uploads 5 GB video objects to Amazon Simple Storage Service (S3). Video uploads are taking longer than expected, resulting in poor application performance. Which method will help improve performance of your application?

Use Amazon S3 multipart upload

A company is storing data on Amazon Simple Storage Service (S3). The company's security policy mandates that data is encrypted at rest. Which of the following methods can achieve this?

Use Amazon S3 server-side encryption with AWS Key Management Service managed keys. ,Use Amazon S3 server-side encryption with customer-provided keys. , Encrypt the data on the client-side before ingesting to Amazon S3 using their own master key.

You deployed your company website using Elastic Beanstalk and you enabled log file rotation to S3. An Elastic Map Reduce job is periodically analyzing the logs on S3 to build a usage dashboard that you share with your CIO. You recently improved overall performance of the website using Cloud Front for dynamic content delivery and your website as the origin. After this architectural change, the usage dashboard shows that the traffic on your website dropped by an order of magnitude. How do you fix your usage dashboard'?

Use Elastic Beanstalk "Rebuild Environment" option to update log delivery to the Elastic Map Reduce job.

You need a persistent and durable storage to trace call activity of an IVR (Interactive Voice Response) system. Call duration is mostly in the 2-3 minutes timeframe. Each traced call can be either active or terminated. An external application needs to know each minute the list of currently active calls, which are usually a few calls/second. Put once per month there is a periodic peak up to 1000 calls/second for a few hours. The system is open 24/7 and any downtime should be avoided. Historical data is periodically archived to files. Cost saving is a priority for this project. What database implementation would better fit this scenario, keeping costs as low as possible?

Use RDS Multi-AZ with two tables, one for -Active calls" and one for -Terminated calls". In this way the "Active calls_ table is always small and effective to access.

Which technique can be used to integrate AWS IAM (Identity and Access Management) with an on-premise LDAP (Lightweight Directory Access Protocol) directory service?

Use SAML (Security Assertion Markup Language) to enable single sign-on between AWS and LDAP.

Your firm has uploaded a large amount of aerial image data to S3 In the past, in your on- premises environment, you used a dedicated group of servers to oaten process this data and used Rabbit MQ - An open source messaging system to get job information to the servers. Once processed the data would go to tape and be shipped offsite. Your manager told you to stay with the current design, and leverage AWS archival storage and messaging services to minimize cost. Which is correct?

Use SNS to pass job messages use Cloud Watch alarms to terminate spot worker instances when they become idle. Once data is processed, change the storage class of the S3 object to Glacier.

Your startup wants to implement an order fulfillment process for selling a personalized gadget that needs an average of 3-4 days to produce with some orders taking up to 6 months you expect 10 orders per day on your first day. 1000 orders per day after 6 months and 10,000 orders after 12 months. Orders coming in are checked for consistency men dispatched to your manufacturing plant for production quality control packaging shipment and payment processing If the product does not meet the quality standards at any stage of the process employees may force the process to repeat a step Customers are notified via email about order status and any critical issues with their orders such as payment failure. Your case architecture includes AWS Elastic Beanstalk for your website with an RDS MySQL instance for customer data and orders. How can you implement the order fulfillment process while making sure that the emails are delivered reliably?

Use SWF with an Auto Scaling group of activity workers and a decider instance in another Auto Scaling group with min/max=1 use SES to send emails to customers.

A customer implemented AWS Storage Gateway with a gateway-cached volume at their main office. An event takes the link between the main and branch office offline. Which methods will enable the branch office to access their data?

Use a HTTPS GET to the Amazon S3 bucket where the files are located., Launch a new AWS Storage Gateway instance AMI in Amazon EC2, and restore from a gateway snapshot., Launch an AWS Storage Gateway virtual iSCSI device at the branch office, and restore from a gateway snapshot.

A customer has a 10 GB AWS Direct Connect connection to an AWS region where they have a web application hosted on Amazon Elastic Computer Cloud (EC2). The application has dependencies on an on-premises mainframe database that uses a BASE (Basic Available. Sort stale Eventual consistency) rather than an ACID (Atomicity. Consistency isolation. Durability) consistency model. The application is exhibiting undesirable behavior because the database is not able to handle the volume of writes. How can you reduce the load on your on-premises database resources in the most cost-effective way?

Use an Amazon Elastic Map Reduce (EMR) S3DistCp as a synchronization mechanism between the on-premises database and a Hadoop cluster on AWS.

Company B is launching a new game app for mobile devices. Users will log into the game using their existing social media account to streamline data capture. Company B would like to directly save player data and scoring information from the mobile app to a DynamoDS table named Score Data When a user saves their game the progress data will be stored to the Game state S3 bucket. What is the best approach for storing data to DynamoDB and S3?

Use an EC2 Instance that is launched with an EC2 role providing access to the Score Data DynamoDB table and the GameState S3 bucket that communicates with the mobile app via web services.

How can you secure data at rest on an EBS volume?

Use an encrypted file system on top of the EBS volume.

You are designing a social media site and are considering how to mitigate distributed denial-of-service (DDoS) attacks. Which of the below are viable mitigation techniques?

Use dedicated instances to ensure that each instance has the maximum performance possible., Use an Elastic Load Balancer with auto scaling groups at the web. App and Amazon Relational Database Service (RDS) tiers, Create processes and capabilities to quickly add and remove rules to the instance OS firewall.

You are designing a web application that stores static assets in an Amazon Simple Storage Service (S3) bucket. You expect this bucket to immediately receive over 150 PUT requests per second. What should you do to ensure optimal performance?

Use multi-part upload.

Your department creates regular analytics reports from your company's log files All log data is collected in Amazon S3 and processed by daily Amazon Elastic MapReduce (EMR) jobs that generate daily PDF reports and aggregated tables in CSV format for an Amazon Redshift data warehouse. Your CFO requests that you optimize the cost structure for this system. Which of the following alternatives will lower costs without compromising average performance of the system or data integrity for the raw data?

Use reduced redundancy storage (RRS) for all data in S3. Use a combination of Spot instances and Reserved Instances for Amazon EMR jobs use Reserved instances for Amazon Redshift.

You require the ability to analyze a large amount of data, which is stored on Amazon S3 using Amazon Elastic Map Reduce. You are using the cc2 8x large Instance type, whose CPUs are mostly idle during processing. Which of the below would be the most cost efficient way to reduce the runtime of the job?

Use smaller instances that have higher aggregate I/O performance.

You are responsible for a legacy web application whose server environment is approaching end of life You would like to migrate this application to AWS as quickly as possible, since the application environment currently has the following limitations: ✑ The VM's single 10GB VMDK is almost full ✑ Me virtual network interface still uses the 10Mbps driver, which leaves your 100Mbps WAN connection completely underutilized ✑ It is currently running on a highly customized. Windows VM within a VMware environment: ✑ You do not have me installation media This is a mission critical application with an RTO (Recovery Time Objective) of 8 hours. RPO (Recovery Point Objective) of 1 hour. How could you best migrate this application to AWS while meeting your business continuity requirements?

Use the EC2 VM Import Connector for vCenter to import the VM into EC2.

Your application provides data transformation services. Files containing data to be transformed are first uploaded to Amazon S3 and then transformed by a fleet of spot EC2 instances. Files submitted by your premium customers must be transformed with the highest priority. How should you implement such a system?

Use two SQS queues, one for high priority messages, the other for default priority. Transformation instances first poll the high priority queue; if there is no message, they poll the default priority queue.

Your company has recently extended its datacenter into a VPC on AVVS to add burst computing capacity as needed Members of your Network Operations Center need to be able to go to the AWS Management Console and administer Amazon EC2 instances as necessary You don't want to create new IAM users for each NOC member and make those users sign in again to the AWS Management Console Which option below will meet the needs for your NOC members?

Use your on-premises SAML2.0-compliam identity provider (IDP) to retrieve temporary security credentials to enable NOC members to sign in to the AWS Management Console.

What are the two permission types used by AWS?

User-based and Resource-based

For which of the following use cases are Simple Workflow Service (SWF) and Amazon EC2 an appropriate solution?

Using as an endpoint to collect thousands of data points per hour from a distributed fleet of sensors, Managing a multi-step and multi-decision checkout process of an e-commerce website

A web company is looking to implement an external payment service into their highly available application deployed in a VPC Their application EC2 instances are behind a public lacing ELB Auto-scaling is used to add additional instances as traffic increases under normal load the application runs 2 instances in the Auto Scaling group but at peak, it can scale 3x in size. The application instances need to communicate with the payment service over the Internet which requires whitelisting of all public IP addresses used to communicate with it. A maximum of 4 whitelisting IP addresses are allowed at a time and can be added through an API. How should they architect their solution?

Whitelist the VPC Internet Gateway Public IP and route payment requests through the Internet Gateway.

Your company is in the process of developing a next generation pet collar that collects biometric information to assist families with promoting healthy lifestyles for their pets Each collar will push 30kb of biometric data In JSON format every 2 seconds to a collection platform that will process and analyze the data providing health trending information back to the pet owners and veterinarians via a web portal Management has tasked you to architect the collection platform ensuring the following requirements are met. Provide the ability for real-time analytics of the inbound biometric data Ensure processing of the biometric data is highly durable. Elastic and parallel The results of the analytic processing should be persisted for data mining. Which architecture outlined below win meet the initial requirements for the collection platform?

Utilize Amazon Kinesis to collect the inbound sensor data, analyze the data with Kinesis clients and save the results to a Redshift cluster using EMR.

What configuration settings are required from the remote VPC in order to create cross-account peering? (Select three)

VPC ID; account ID; VPC CIDR block

What two resource tags are supported for an EC2 instance?

VPC endpoint, Flow log

What three characteristics or limitations differentiate EC2 instance types?

VPC only; EBS volume only ;virtualization type

You try to connect via SSH to a newly created Amazon EC2 instance and get one of the following error messages: "Network error: Connection timed out" or "Error connecting to [instance], reason: -> Connection timed out: connect," You have confirmed that the network and security group rules are configured correctly and the instance is passing status checks. What steps should you take to identify the source of the behavior?

Verify that the private key file corresponds to the Amazon EC2 key pair assigned at launch. , Verify that you are connecting with the appropriate user name for your AMI.

Amazon CodeCommit (plain english)

Version control your code - hosted Git.

What two features provide an encrypted (VPN) connection from VPC to an enterprise data center?

Virtual private gateway ; CSR 1000V router

What does Amazon EC2 provide?

Virtual servers in the Cloud.

To view information about an Amazon EBS volume, open the Amazon EC2 console at https://console.aws.amazon.com/ec2/, click __________ in the Navigation pane.

Volumes

A photo-sharing service stores pictures in Amazon Simple Storage Service (S3) and allows application sign-in using an OpenID Connect-compatible identity provider. Which AWS Security Token Service approach to temporary access should you use for the Amazon S3 operations?

Web Identity Federation

A 3-tier e-commerce web application is current deployed on-premises and will be migrated to AWS for greater scalability and elasticity. The web server currently shares read-only data using a network distributed file system. The app server tier uses a clustering mechanism for discovery and shared session state that depends on IP multicast. The database tier uses shared-storage clustering to provide database fall over capability, and uses several read slaves for scaling Data on all servers and the distributed file system directory is backed up weekly to off-site tapes. Which AWS storage and database architecture meets the requirements of the application?

Web servers store -read-only data in S3, and copy from S3 to root volume at boot time App servers share state using a combination of DynamoDB and IP unicast Database, use RDS with multi-AZ deployment and one or more read replicas Backup web servers app servers, and database backed up weekly to Glacier using snapshots.

When will you incur costs with an Elastic IP address (EIP)?

When an EIP is allocated.

X1

X1 instances family feature up to 2 TB of memory, a full order of magnitude larger than the current generation of high-memory instances. These instances are designed for demanding enterprise workloads including production installations of SAP HANA, Microsoft SQL Server, Apache Spark, and Presto. Recently, x1.32xlarge was announced that has 128 vCPUs and 2 TBs of RAM.

Can I encrypt connections between my application and my DB Instance using SSL?

YES

If I modify a DB Instance or the DB parameter group associated with the instance, should I reboot the instance for the changes to take effect?

YES

If I modify a DB Instance or the DB parameter group associated with the instance, should I reboot the instance for the changes to take effect?

YES

Is the encryption of connections between my application and my DB Instance using SSL for the MySQL server engines available?

YES

Will I be alerted when automatic failover occurs?

YES

Can I control if and when MySQL based RDS Instance is upgraded to new supported versions?

Yes

Can I delete a snapshot of the root device of an EBS volume used by a registered AMI?

Yes

Can I initiate a "forced failover" for my Oracle Multi-AZ DB Instance deployment?

Yes

Can I test my DB Instance against a new version before upgrading?

Yes

Do the Amazon EBS volumes persist independently from the running life of an Amazon EC2 instance?

Yes

Does Dynamic DB support in-place atomic updates?

Yes

Does Route 53 support MX Records?

Yes

Is the SQL Server Audit feature supported in the Amazon RDS SQL Server engine?

Yes

Making your snapshot public shares all snapshot data with everyone. Can the snapshots with AWS Marketplace product codes be made public?

Yes

Will I be charged if the DB instance is idle?

Yes

Will my standby RDS instance be in the same Region as my primary?

Yes

Using Amazon IAM, can I give permission based on organizational groups?

Yes Always

A group can contain many users. Can a user belong to multiple groups?

Yes always

Can I attach more than one policy to a particular entity?

Yes always

Do the system resources on the Micro instance meet the recommended configuration for Oracle?

Yes but only for certain situations

Can I use Provisioned IOPS with VPC?

Yes for all RDS instances

Are Reserved Instances available for Multi-AZ Deployments?

Yes for all instance types

Is there a limit to how many groups a user can be in?

Yes for all users

Is there a limit to the number of groups you can have?

Yes for all users

How is capacity (compute, storage and network speed) managed and assigned to EC2 instances?

instance type

Can you create IAM security credentials for existing users?

Yes, existing users can have security credentials associated with their account.

Does Amazon Route 53 support NS Records?

Yes, it supports Name Server records.

Is there any way to own a direct connection to Amazon Web Services?

Yes, it's called Direct Connect.

Is it possible to access your EBS snapshots?

Yes, through the Amazon EC2 APIs.

Are you able to integrate a multi-factor token service with the AWS Platform?

Yes, using the AWS multi-factor token devices to authenticate users on the AWS platform.

Are you able to integrate a multi-factor token service with the AWS Platform? (3)

Yes, using the AWS multi-factor token devices to authenticate users on the AWS platform.

After an Amazon VPC instance is launched, can I change the VPC security groups it belongs to?

Yes. You can.

Select the correct statement (c) :

You can't terminate, stop, or delete a resource based solely on its tags

You have deployed a web application targeting a global audience across multiple AWS Regions under the domain name.example.com. You decide to use Route53 Latency-Based Routing to serve web requests to users from the region closest to the user. To provide business continuity in the event of server downtime you configure weighted record sets associated with two web servers in separate Availability Zones per region. Dunning a DR test you notice that when you disable all web servers in one of the regions Route53 does not automatically direct all users to the other region. What could be happening?

You did not setup an http health check tor one or more of the weighted resource record sets associated with me disabled web servers., One of the two working web servers in the other region did not pass its HTTP health check.

My Read Replica appears "stuck" after a Multi-AZ failover and is unable to obtain or apply updates from the source DB Instance. What do I do?

You will need to delete the Read Replica and create a new one to replace it.

Amazon S3 doesn't automatically give a user who creates _____ permission to perform other actions on that bucket or object.

a bucket or object

What two statements correctly describe how to add or modify IAM roles to a running EC2 instance?

attach an IAM role to an existing EC2 instance from the EC2 console ; replace an IAM role attached to an existing EC2 instance from the EC2 console

What is an EBS Snapshot?

backup of an EBS root volume and instance data

Location of Instances are ____________

based on Availability Zone

Groups can't _____.

be nested at all

What two features are available with AWS Direct Connect service?

bidirectional forwarding detection (BFD); public and private AWS services

A_____ is a storage device that moves data in sequences of bytes or bits (blocks). Hint: These devices support random access and generally use buffered I/O.

block device

The SQL Server _____ feature is an efficient means of copying data from a source database to your DB Instance. It writes the data that you specify to a data file, such as an ASCII file.

bulk copy

What statements are correct concerning DisableApiTermination attribute? (Select two)

cannot enable termination protection for Spot instances ; termination protection is disabled by default for an EC2 instance

What class of EC2 instance type is recommended for running data analytics?

compute optimized

What are the primary advantages of VPC endpoints? (Select two)

cost; security

What steps are required from AWS console to copy an EBS-backed AMI for a database instance cross-region?

create Snapshot of EBS-backed AMI, select Copy Snapshot option, select destination region

You have been asked to migrate a 10 GB unencrypted EBS volume to an encrypted volume for security purposes. What are three key steps required as part of the migration?

create a new encrypted volume of the same size and availability zone, start converter instance, shutdown and detach the unencrypted instance

If I want my instance to run on a single-tenant hardware, which value do I have to set the instance's tenancy attribute to?

dedicated

You recently made some configuration changes to an EC2 instance. You then launched a new EC2 instance from the same AMI however none of the settings were saved. What is the cause of this error?

did not create new AMI

SQL Server __________ store logins and passwords in the master database.

does

What are the DHCP option attributes used to assign private DNS servers to your VPC?

domain-name-servers and domain-name

While creating the snapshots using the command line tools, which command should I be using?

ec2-create-snapshot

When is Direct Connect a preferred solution over VPN IPsec?

fast and reliable connection

What method detects when to replace an EC2 instance that is assigned to an Auto-Scaling group?

health check

What two statements correctly describe Auto-Scaling groups?

horizontal scaling of capacity; EC2 instances are assigned to a group

What is EC2 instance protection?

prevents Auto Scaling from selecting specific EC2 instance for termination when scaling in

When you run a DB Instance as a Multi-AZ deployment, the "_____" serves database writes and reads

primary

You have been asked to setup a VPC endpoint connection between VPC and S3 buckets for storing backups and snapshots. What AWS components are currently required when configuring a VPC endpoint?

private IP address

Amazon RDS creates an SSL certificate and installs the certificate on the DB Instance when Amazon RDS provisions the instance. These certificates are signed by a certificate authority. The _____ is stored at https://rds.amazonaws.com/doc/rds-ssl-ca-cert.pem.

private key

What two attributes distinguish each pricing model?

reliability, discount

What two attributes are supported when configuring an Amazon Virtual private gateway (VPG)?

route propagation; DHCP

Fill in the blanks: "To ensure failover capabilities, consider using a _____ for incoming traffic on a network interface".

secondary private IP

A/An _____ acts as a firewall that controls the traffic allowed to reach one or more instances.

security group

You can use _____ and _____ to help secure the instances in your VPC.

security groups and network ACLs

What is the recommended method for migrating (copying) an EC2 instance to a different region?

select AMI associated with EC2 instance and use Copy AMI option

Amazon Mobile Analytics

service that lets you collect, visualize, and understand app usage data at scale within 60 minutes of receiving data built to scale with your app collect billions of events per day from millions of users

What is required to copy an encrypted EBS snapshot cross-account? (Select two)

share the custom key for the snapshot with the target account ; share the encrypted EBS snapshot with the target account

How is an EBS root volume created when launching an EC2 instance from a new EBS-backed AMI?

snapshot

What are three standard AWS pricing models?

spot, reserved, demand

How are snapshots for an EBS volume created when it is the root device for an instance?

stop instance, unmount volume and snapshot

What is required to prevent an instance from being launched and incurring costs?

stop, deregister AMI and terminate instance

What infrastructure services are provided to EC2 instances? (Select three)

storage ;compute ;transport

If your DB instance runs out of storage space or file system resources, its status will change to_____ and your DB Instance will no longer be available.

storage-full

To help you manage your Amazon EC2 instances, images, and other Amazon EC2 resources, you can assign your own metadata to each resource in the form of____________

tags

While performing the volume status checks, if the status is insufficient-data, what does it mean?

the checks may still be in progress on the volume

Which is the default region in AWS?

us-east-1

A____________ is an individual, system, or application that interacts with AWS programmatically.

user

In regards to IAM you can edit user properties later, but you cannot use the console to change the ___________.

user name

What are two attributes that define an EC2 instance type?

vCPU ; EBS volume storage

What cloud compute components are configured by tenants and not Amazon AWS support engineers? (Select three)

virtual appliances ; guest operating system ; applications and databases

What three attributes are selectable when creating an EBS volume for an EC2 instance?

volume type, IOPS, CMK

Where are ELB and Auto-Scaling groups deployed as a unified solution for horizontal scaling?

web server instances

Disabling automated backups ______ disable the point-in-time recovery.

will


Ensembles d'études connexes

NPTE Scorebuilders OA Practice Exam 1

View Set

Ch 46, Brunners CH 46 Gastric and Duodenal Disorders, Chapter 45: Caring for Clients with Disorders of the Upper Gastrointestinal Tract, GI Pharm Practice Questions, Med Surg Chapter 23: Nursing Management: Patients With Gastric and Duodenal Disorder...

View Set

Lesson 18 In-Class Quiz & Self-Assessment

View Set

Accounting 1 - Quiz over Purchases and Sales JE

View Set