AWS Linkedin
What type of data solution should you use for data coming from nonrelational and relational data from IoT devices, websites, mobile apps, etc.?
AWS Lake Formation
In the S3 console, underneath the Access column, what does the public badge next to the bucket name indicate?
All objects within this bucket are assigned public access and could be readable or writable by anyone on the internet. Ensure no sensitive data is being publicly shared within this bucket.
If a set of servers are located within a private subnet of your VPC, how can you connect those servers to on-premise servers?
All of these options can establish a connection to a private subnet.
What service can host your Docker containers?
All of these services can host a Docker container.
Application Load Balancer can route traffic to several different target groups based upon several conditions. Which of these use cases is not supported by Application Load Balancer?
An Http POST query string of ? action=createuser can be routed to a target group for an ECS service.
How do you assign an Elastic IP to several EC2 instances?
An elastic IP cannot be assigned to multiple EC2 instances. It can only be assosciated to a single EC2 instance.
You have enabled Multi-Factor Authentication (MFA) for your AWS root account and you lost your MFA device. What do you need to do to recover access to your account?
An email will be sent to the email address on file to verify ownership of the account. You will then need to provide the phone number on the account.
Which Elastic Load Balancing option supports Lambda as a target?
Application Load Balancer
You have an analytics suite that produces reports about the usage patterns of your web application. After completing your migration to AWS and using Application Load Balancer to balance the load across your web application, your marketing department noticed that location-based reports on the web traffic only show traffic originating from a single location. What is the problem?
Application Load Balancer does not preserve the original source IP address. The analytics software needs to be configured to look at the 'X-Forwarded-For' HTTP request header for the correct source IP address.
Which AWS service can be used to help generate the documentation required by various compliance standards, such as Payment Card Industry Data Security Standard (PCI DSS) Level 1 for the handling of credit card data?
Artifact
How do you connect via SSH to a Linux EC2 instance with an EBS volume if you lost your key pair?
Attach the EBS volume to a temporary instance launched with a new key pair, and overwrite ~/.ssh/authorized_keys using the same file from the new instance.
You are going to host an application that uses a MySQL database. Which database should you select if you don't want to manage scaling or database administration tasks?
Aurora
What is the best EC2 instance class for a server that continuously has a heavy CPU load?
C5
A principle of DevOps is to view infrastructure as code. Which AWS service allows you to script your AWS infrastructure?
CloudFormation
To comply with auditing requirements of some compliance standards, which AWS tool can be enabled to maintain an audit log of access and changes to your AWS infrastructure?
CloudTrail
Your application is sending 50,000 emails through SES each day. Since you must maintain a low bounce rate to avoid being put on probation, what simple system do you architect to automatically process hard bounces?
Configure SES to send all bounce events to an SNS topic. Create a Lambda function that processes each hard bounce event and automatically flags that account as a bounce in your application to prevent further sending attempts.
What is the best practice for creating a highly available PostgreSQL database in RDS that can sustain the loss of a single AWS region?
Create Read Replicas in other AWS regions. Ensure read operations against the database occur on an available Read Replica, and send write operations to another region if you need to promote a Read Replica to a standalone database if the master is down.
A new developer has been added to the team and you have been asked to provide access to the organization's AWS account. What is the best practice for granting access?
Create a IAM user for the new developer. Assign the new developer the a developer group you already created for the other developers.
You have an application that generates long-running reports, stores them in an S3 bucket, and then emails the user who requested the report with a link to download it. What is the best practice for storing the report data in S3?
Create a private S3 bucket. The link in the email should take the user to your application, where you can verify the active user session or force the user to log in. After verifying the user has rights to access this file, have the application retrieve the object from S3 and return it in the HTTP response. Delete the file from the S3 bucket after the request is completed.
Your on-premise data center (172.16.128.0/24) is already connected to your AWS VPC (10.0.0.0/16) by a customer gateway. You wish to connect another data center for a company you just acquired (172.16.130.0/24) to your VPC as shown in the image. What is the best way to create this link?
Create a second virtual private gateway (VPG) and attach it to the VPC. Create a customer gateway for the new virtual private gateway and use your VPN client at your second data center to establish a connection to the VPG.
For your AWS root account, you have generated a random password of the maximum allowed length and included special characters. Which additional steps should you take to secure your AWS root account?
Create an IAM role for the account administrator with the highest privileges and do not use the root account in day-today operations. Enable two-factor authentication on the root account
You want to make your public API quickly accessible from all regions. What is the best way to do this?
Create edge-optimized API gateway endpoints and deploy them to a CloudFront network.
A form in web application is sending sign-up data to "http://example.com/signup/new?source=web" and this data needs to be handled by an ECS service behind Application Load Balancer (ALB). Which ALB rule will route this request?
D ...Only one with Get
What privilege is specific to the AWS root account, and cannot be granted to another IAM user on the account?
Delete the AWS account.
You have a VPC that has a public and private subnet. There is a NAT gateway in the public subnet that allows instances in the private subnet to access the internet without having public exposure outside of the VPC. What should the routing tables be for the private subnet?
Destination 1: 10.0.0.0/16, Target 1: local; Destination 2: 0.0.0.0/0, Target 2: nat-09b4832
What data store provides a simple and quick way of storing basic user attributes in an object-based format?
DynamoDB
Which database is a NoSQL database type that can quickly store and retrieve key-value pairs?
DynamoDB
You need a schemaless database. Which Amazon database service provides that solution?
DynamoDB
What does it cost to launch an EC2 instance from the AWS Marketplace?
Each image has its own pricing that could either be free, or include charges for software licensing costs. You will also pay for the instance the image runs on
Which AWS service can host the web application server for a WordPress site?
Elastic BeanStalk
What in-memory caching server is not supported by ElastiCache?
Elasticsearch
You have four front-end web servers behind a load balancer, which use NFS to access another EC2 instance that resizes and stores images for the front-end application. What security group policies should be assigned to these servers?
Front-end web servers should allow HTTPS. Assign another group to all of the instances that allows all traffic to pass between instances using that group.
An EC2 instance running a WordPress site keeps getting hacked, even though you have restored the server several times and have patched WordPress. What AWS service can help you detect and prevent further attacks?
GuardDuty
You have a Linux EC2 instance that is not responding to requests and you can not connect to it via SSH. Using the EC2 console, you issued a command to stop the instance, but for the past 10 minutes the instance has been in the "stopping" state. What is the next step you should take?
Issue another stop action via the EC2 console, and choose the option to forcefully stop the instance.
What does this small section of a CloudFormation template do?
It writes the VPC network flow logs to the CloudWatch FlowLogsGroup log group. You could use this to inspect the network connections of your VPC.
When designing a serverless web application using Lambda, what key concept must you factor into your design?
Lambda is stateless, so it won't remember who a user is in between requests.
A nontechnical client wants to migrate a WordPress site to AWS from a private server managed by a third-party hosting company. Which AWS service should you recommend to migrate the site to?
Lightsail
You have 14 on-premise web servers, 4 database servers, 6 servers using GIS software, 3 file servers, and 4 development servers. What considerations should you take into account when migrating these servers into AWS?
New AWS accounts are limited to 20 on-demand EC2 instances. Submit a request to increase your rate limits before starting a migration.
As your web application grows and your application monitoring needs become more complex, which additional log monitoring service should you NOT consider?
PRTG
Which big data store will let you store large streams of user activity data coming from both web and mobile applications?
Redshift
When using an ECS cluster with EC2 instances, what maintenance tasks should you perform on the EC2s?
Refresh the cluster with instances built from the latest ECS AMI.
You have a Linux EC2 web server that suddenly is timing out on all HTTP requests and your SSH connection attempts are timing out. You notice that it is failing the system status check in the EC2 console. What action should you take?
Restore the instance from the last AMI image. System status checks indicate that the filesystem on the instance is corrupted.
You are migrating an on-premise RabbitMQ cluster into AWS. Which migration path should you choose for ease of both maintenance and deployment?
Rewrite the parts of your application that use RabbitMQ to use Amazon MQ.
You have a large amount of files on your network-attached storage array that must be archived and maintained for a period of 10 years due to industry regulations. This data will be infrequently accessed but must be kept What is the best AWS service for storing this data?
S3 Glacier
Your company has on-premise servers with an existing onsite backup solution that also replicates backups to another campus on the other side of the country with its own on-site backup solution. You have been asked to create a third level of redundancy by also storing these backups in the cloud. In the event of a primary and secondary backup failure, your boss wants to know that the cloud backups can be accessible as fast as possible to reduce downtime during the recovery. What S3 storage class do you recommend for cost and performance?
S3 One Zone-Infrequent Access
Your database is an RDS instance running SQL Server with Multi-AZ replication and you have several older .NET console utilities that perform database operations every 15 seconds. When the cluster has to switch the primary database server to the secondary AZ, the .NET utilities start to report connection failures to the database although other applications are able to access the database. How do you correct this problem?
The NET utilities need to change the SQL Server endpoint in the connection strings to read from the secondary database server using a try/catch
What happens to a SQL Server RDS instance if the databases increase in size and go over the allocated space?
The database instance will report a STORAGE_FULL status and become inaccessible if the instance does not have enough remaining storage to operate. Allocate more space to the instance.
What is wrong with the third incoming security group rule, which allows all traffic from sg-269afc5e to go to an Ubuntu EC2 instance configured as a web server?
The instance was launched with the default security group, but there is no way for an administrator to SSH into the instance. Add another rule that allows for SSH access from a secured source, such as a single IP or a range of managed IP addresses.
You are running Docker containers on ECS. What is the most important metric to monitor?
The memory consumption of each EC2 instance in your cluster from within CloudWatch.
The outbound rules of a security group only allow traffic going to 0.0.0.0/0 on TCP Port 22 (SSH) and TCP port 3306 (MySQL). Review the inbound rules listed in the image below. What is the most important issue to fix with this security group configuration, for an Ubuntu EC2 instance acting as a web server?
The outbound rules do not allow for HTTP traffic to leave the instance, so inbound HTTP requests will fail because the clients will never get HTTP responses.
You are creating a DynamoDB table to store all movies that have been released since 1938. Your application will allow users to search by movie title and see the details of that film. Given the sample below showing the movie data that you will be importing, what is the best set of keys to apply to this table?
The primary key should be created as a completely unique value, such a sequential numerical list of movie IDs. The partition key should be title field for fast lookup.
You are hosting an application configured to stream media to its clients on TCP ports 3380-3384, 3386-3388, and 3390. The Inbound tab below shows three incoming security group policies attached to this instance. Which policy should you use?
The rule that exposes TCP ports 3380-3390 would also publicly expose port 3389 (RDP) to the entire internet. Write separate rules to only expose the needed ports.
You created a VPC that has a public subnet and a private subnet. A web server was placed in the public subnet and a database server was placed in the private subnet. The web server is able to connect to the database server; however, the database server at 10.0.1.2 is unable to get software updates. What is the cause of this issue?
There is no NAT gateway for the private subnet, so the database server has no routes that give it public internet access to download software updates.
You have a T2 EC2 instance that is critical to your infrastructure. How would you monitor the most important metric for this instance?
Turn on CloudWatch Auto Recovery and put monitors on the System Status and Instance Status checks for the instance to notify you when either is in alarm.
What is the best practice for maintaining Windows EC2 instances and applying updates?
Use AWS Systems Manager Patch Manager to find an patch instances that require updates during a set maintenance window.
You have recently launched your new web product and are expecting 1,000 new users each month. However, you have just received word from the CEO that your product will be featured at an upcoming conference covered by several media outlets, and this could lead to 20,000 new users over the next week. How do you plan for a sudden increase in traffic?
Use Auto Scaling groups to create more front-end servers when the CloudWatch metrics for CPU usage on a single instance rise above 80% for five minutes.
You are migrating a 200 GB database from an on-premise SQL Server to RDS for SQL Server. The database needs to have minimal downtime during the migration. What is the best practice for migrating this database?
Use Database Migration Service to replicate the database to RDS and keep it in sync during the migration. Repoint your applications to use the new RDS endpoint.
How do you architect a solution for an SQL Server database to be replicated across AWS regions in an active-active architecture?
Use RDS for SQL Server 2016 or 2017 Enterprise Edition. Enable Multi-AZ support and select the Mirroring/Always On option. Select another region for the mirroring option.
You have a fleet of IoT devices that send telemetry to a server-side application provided by your IoT vendor for decoding a proprietary messaging format. The devices are provisioned to send telemetry reports to your server via UDP on port 6339. What is the best way scale this server as more Iot devices are added to your fleet?
Use Route 53 with HTTP health checks. Create an application on the server to report the readiness status of the vendor-provided server software to Route 53 via HTTP.
You have replicated the infrastructure that serves the backend API for your web application across regions to better serve your customers in the US and the EU. What is the best way to direct your web application at the nearest data center?
Use Route 53 with geolocation lookups to direct traffic between the two regions.
You have several on-premise servers and would like to store your offsite backups on AWS. What fully managed backup service can you use to ship your backups to AWS?
Use Storage Gateway.
What's the best practice for horizontally scaling a legacy ASP.NET web application that relies on Active Directory and is currently deployed to a single Windows EC2 instance?
Use Sysprep to shut down the instance during a maintenance window. Create an AMI image and place both servers behind Application Load Balancer with sticky sessions.
Your web application is getting a suspicious amount of bad requests from foreign IP addresses. Your business is operating in only a few countries and you would like to block any other traffic. What is the best practice for limiting access to your web application by country?
Use Web Application Firewall and create a geo match condition to drop all requests from countries that aren't on your allow list.
When launching an EC2 instance with an instance type that supports instance storage, what use case is best for instance storage?
Use the instance storage to serve temporary files that require low I/O latency.
When using AWS for research and development ahead of a planned migration, how do you prevent unexpected increases or spikes in the billing?
Using the root AWS account enable Billing Alerts in the user preferences. Then use CloudWatch to create a billing alarm and set a threshold to a specific dollar amount for your estimated monthly charges.
In addition to CloudFormation, you can use other orchestration tools to automate server formation and maintenance. Which tool is not an efficient choice for the orchestration of a large infrastructure?
Vagrant
You created a Windows EC2 instance with a public IP address and installed SQL Server. When attempting to connect to SQL Server from SQL Server Enterprise Manager on your local computer, the Windows EC2 instance is unable to establish a connection to the server. What is the first thing you should check?
Verify that the assigned security groups allow TCP port 1433 traffic from your current IP address.
You created a new Linux EC2 instance and installed PostgreSQL but you are not able to establish a connection to the server from your local computer. What steps do you take to resolve this issue?
Verify that the assigned security groups allow traffic from your IP address to port 5432. Verify that PostgreSQL is configured to listen to external traffic and is bound to the public interface.
Can you lose the public IP address associated with your EC2 instance?
Yes, you can lose it if you stop and start the instance.
Which of these is a valid restriction on the properties of a VPC?
You cannot create a CIDR block with a netmask larger than /16
What AWS services can help you automate your development pipeline for continuous integration and continuous deployment?
all of these answers
Which AWS service complies with the standards outlined in Payment Card Industry Data Security Standard (PCI DSS) Level 1 for the handling and transmission of credit card data?
all of these answers
Which feature can be used to respond to a sudden increase in web traffic?
all of these answers
You have an application using a 100 GB MySQL database that you are migrating into AWS. What should you consider when deciding between whether to host the database on RDS for MySQL or Aurora?
all of these answers
After installing AWS Amplify's CLI, what command allows the user to connect an AWS account with the local install?
amplify configure
Where is the best place to store database backups on an EC2 instance that is configured as a database server?
an S3 bucket, synced with the database backups via a script that calls the AWS CLI
Which communication channel does SNS not support natively?
automated phone call
You have a UDP load balancer that is created by an instance that is running an NGINX proxy. Your application performance management (APM) solution can detect failures in your load balancer instance and transfer the Elastic IP to a passive standby instance. Using the AWS CLI, which script do you program into your APM to move the Elastic IP?
aws ec2 disassociate-address --association-id eipassoc-2bebb712 aws ec2 associate-address --instance-id i-8b953 --allocation-id eipalloc-02d021a
Your application performance management (APM) system can read the status of your CloudWatch monitors and perform scripted actions. When the CloudWatch metric StatusCheckFailed enters a failed state (a value of 1), you would like your APM to automatically repair the instance. Which script do you use?
aws ec2 stop-instances --instance-ids i-0b263919b6498b123 aws ec2 start-instances --instance-ids i-0b263919b6498b123
What does the statement body of this S3 bucket policy do?
bucketpolicy1 allows any user coming from the IP range of 68.249.108.0 to 68.249.108.255 to access objects in the userreports bucket-except anyone coming from the IP of 68.249.108.128.
Benefit of using S3 Glacier?
cost
What does a VPC do?
creates a cloud-based network to interconnect a set of virtual servers and appliances
When creating a new RDS instance, what does the Multi-AZ option do?
creates a second passive database instance within the same region that will become the primary database during a failover
What does the following AWS CLI create-service command for ECS do?
launches two containers onto Fargate into the existing production cluster using the rest-api task definition
What option is best for Auto Scaling your EC2 instances for predictable traffic patterns?
scale based on a schedule
What is not a default user of a common Linux instance launched from an AMI?
system-user
When sending a large volume of email through SES, what is the most important set of metrics to monitor?
your complaint and bounce rates
