AWS Quiz Questions
What is the max size for a Microsoft SQL Server DB with SQL Server Express edition
10 GB for DB DB instance server storage is 300 GB
Amazon's RedShift uses which block size for its columnar storage?
1024 KB/ 1 MB
How many regions does AWS have?
16
How long can an AWS lambda function execute?
300 seconds
MySQL Installation Default Port Number is ?
3306
What is RDS max retention period for backups?
35 days -- basically 35 days worth of backups
How many Read Replicas can you create per DB instance?
5 per instance
When would you use provisioned IOPS over standard storage when creating an RDS instance?
High number of reads, if you use online transaction processing in your prod environment
What is the difference between horizontal and vertical scaling?
Horizontal scaling -- adding more instances Vertical Scaling -- increasing size of instances
Can you modify the EBS volume size? If so, what state does the instance have to be in?
If your Amazon EBS volume is attached to a current generation EC2 instance type, you can increase its size, change its volume type, or (for an io1 volume) adjust its IOPS performance, all without detaching it. You can apply these changes to detached volumes as well.
RDS changes to the back up window, take effect, when?
Immediately
What is the main similarities and differences between KMS and CloudHSM?
KMS - is a Key Management Service - helps you create and control encryption keys - sufficient for basic needs for managing keys for security CloudHSM - gives higher requirement on key management service - helps you meet corporate, contractual, and regulatory compliance requirements for data security
You work for a toy company that has a busy online store. As you are approaching Christmas, you find that your store is getting more and more traffic. You ensure that the web tier of your store is behind an Auto Scaling group. However, you notice that the web tier is frequently scaling, sometimes multiple times in an hour, only to scale back after peak usage. You need to keep Auto Scaling from scaling up and down so rapidly. Which of the following options would help you to achieve this?
Modify the Auto Scaling group cool-down timers & modify the Amazon CloudWatch alarm period that triggers your Auto Scaling scale down policy.
What feature can you use to delete large numbers of objects in S3?
Multi-Object Delete
Can you move a reserved instance from one region to another
No
Can you SSH or RDP into an RDS instance?
No you cannot
Using CloudFront, which method would be used to serve content that is stored in S3, but not publicly accessible from S3 directly?
Origin Access Identity
What is the term often used to describe a DR scenario in which a minimal version of an environment is always running in the cloud?
Pilot Light
A Customer Gateway on the on-premise network needs what property set up in order to connect to the Virtual Private Gateway on the VPC side?
Public IP
What are the 2 types of interfaces when working with a DirectConnect connection?
Public Virtual Interface - to connect to AWS public endpoints with dedicated network performance, use a public virtual interface Private Virtual Interface -- To connect to private services such as an VPC with dedicated network performance, use a private virtual interface
You've been tasked with building a new application with a stateless web tier for a company that produces reuseable rocket parts. Which three services could you use to achieve this?
RDS, DynamoDB, Elasticache
Which DB types can create Read Replicas, vs the DB types that can configure Multi-AZs?
Read Replicas: - MySQL - PostgreSQL - MariaDB - AURORA Multi-AZ - MySQL - PostgreSQL - MariaDB - ORACLE
If you need to know both the private and public IP address of your EC2 instance. You should ---?
Retrieve the metadata from http://169.254.169.254/latest/meta-data/
What is the durability, availability, and fault tolerance on S3-Standard, S3-IA, S3-RRS?
S3-Standard Durability = 99.999999999% Availability = 99.99% Facility Fault Tolerance = 2 S3-IA Durability = 99.999999999% Availability = 99.99% Facility Fault Tolerance = 2 S3-RRS Durability = 99.99% Availability = 99.99% Facility Fault Tolerance = 1
RDS doesn't support increasing storage on active, what?
SQL Server DB instances
S3 can send events to what 3 AWS notification resources?
SQS SNS Lambda Function
What is long polling vs short polling? And what AWS resource is it attached to? What is the max wait time seconds for long polling vs short polling?
SQS has long polling and short polling. Long polling -- helps reduce number of empty responses = reduce cost of SQS by allowing a component to wait until a message is available in the queue before sending a response -- queries all of the servers to see if there are messages ReceiveMessageWaitTimeSeconds > 0 For a max of 20 seconds Short polling -- SQS default -- queries only a subset of the servers to see if there are any messages ReceiveMessageWaitTimeSeconds = 0
What is the port that needs to be opened for SSH? (Secure Shell) What about RDP? (Remote Desktop)
SSH = port 22 RDP = 3389
What two AWS resources can you use to leverage on-premise servers and EC2 instances?
SWF and SQS
What is STS?
Security Token Service -- provides trusted users with temporary security credentials that can control access to your AWS resources.
If you want cost-effectiveness for EC2 instances, which instances do you need to think of?
Spot or Reserved Usually for a regular job that can handle failures, choose Spot Instances
What are the instance types that are EBS backed only?
T2, C4
For SSH access into an EC2 instance, what protocol is the only one we can use?
TCP
How much data can you download from Glacier for free?
10 GB
You need to add a route to your routing table that will allow connections to the internet from your subnet. What destination and target do you need in your routing table?
Destination: 0.0.0.0/0 --> Target: your Internet gateway
What is AWS's noSQL product?
DynamoDB
Name some use cases where DynamoDB would be useful, and when it would not be useful
DynamoDB is useful when: - Storing Json documents - Managing web sessions - Storing metadata for S3 objects - smaller object - frequently accessed data DynamoDB is not useful for: - Storing infrequently accessed data - Large objects
If running a database on EC2 instance, the recommended storage option is
EBS Volumes
Which EC2 instance scaling and latency options allow you to attach an existing EC2 instance to it? - ELB - AutoScaling - Placement Group
ELB's and AutoScaling allow you to attach pre-existing EC2 instances to it Placement Groups do not allow you to attach pre-existing EC2 instances to it. It must be launched when the placement group is created
Policies consist of what 3 elements?
Effect Action Resource
What is enhanced networking?
Enhanced networking uses single root I/O virtualization (SR-IOV) to provide high-performance networking capabilities on supported instance types. SR-IOV is a method of device virtualization that provides higher I/O performance and lower CPU utilization when compared to traditional virtualized network interfaces. Enhanced networking provides higher bandwidth, higher packet per second (PPS) performance, and consistently lower inter-instance latencies. There is no additional charge for using enhanced networking.
You have uploaded a file to S3. Which HTTP code would indicate that the upload was successful?
HTTP 200
To retrieve instance metadata or userdata you will need to use the following IP Address
http://169.254.169.254
When creating an RDS instance, you can select the Availability Zone into which you deploy it. True or False?
true
What is an ENI warm attach? hot attach?
warm attach - attaching an ENI to a stopped instance hot attach - attaching an ENI to a running instance cold attach - attaching an ENI when launching an instance
What is the min and max size of an S3 object?
0 bytes to 5 TB
What is the max response time for buisness level premium support case?
1 hours
What are the CloudWatch metrics retentions periods for 1 min data points? 5 min data points? 1 hour data points?
1 min datapoint = 15 days 5 min datapoint = 63 days 1 hour datapoint = 455 days
What are some properties of RRS (Reduced Redundancy Storage) for S3?
1. 99.99% availability 2. 99.99% durability 3. If there is a requirement to store data that is easily reproducible or durably stored elsewhere, then RRS is the ideal option
What are the 9 properties of a CloudFormation Template, and what does each mean?
1. AWSTemplateFormatVersion 2. Description 3. Metadata 4. Parameters 5. Mappings 6. Conditions 7. Transforms (for serverless applications) 8. Resources (Only one that is Required -- specifies source resources and their properties) 9. Outputs (specifies values returned whenever you view your stack properties)
What 7 AWS resources and properties don't support tagging?
1. EIP 2. VPC enpoint 3. VPC flowlog 4. Placement Group 5. NAT Gateway 6. Key Pair 7. Dedicated Host
What are the features of Amazon Glacier, other than it is an archive?
1. Immutable 2. Synchronously uploads archive 3. Supports archive operations: Upload, Download, Delete 4. Encrypted at rest 5. Archives can be as large as 40 TB
What metrics does AWS Lambda keep track of?
1. Latency 2. Error Rates 3. Total Requests
What EC2 instances use SSD? There are 6
1. M3 2. C3 3. G2 4. X1 5. R3 6. F1
What are the 7 lifecycle stages of an EC2 instance?
1. Pending 2. Running 3. Rebooting 4. Stopping 5. Stopped 6. Shutting Down 7. Terminated
What are some requirements for a VPC, if it is to host an RDS DB instance?
1. VPC must have at least one subnet in at least 2 AZs 2. If you want your DB instance to be publicly accessible, you must enable the VPC attributes DNS hostnames and DNS resolution
How do you know if a PUT request to S3 was successful?
A HTTP 200 result code and MD5 checksum, taken together, indicate that the operation was successful
In the default VPC, all EC2 instances are assigned what 2 things?
A private and public IP address
What exactly is an AutoScaling policy made of?
A set of CloudWatch metric thresholds that dictat when to add or remove instances from the Auto Scaling Group
What are the default settings for a new custom Security Group?
All inbound traffic is blocked All outbound traffic is allowed
What resources allow users to retain full administrative/OS privileges of their underlying EC2 instances and which don't allow it?
Allow admin privileges: - EC2 - BeanStalk - EMR Don't allow admin privileges: - RDS - DynamoDB -ElasticCache
Resources that are created in AWS are identified in a unique identifier which is known as what option?
Amazon Resource Name
Can an auto-scaling group span multiple AZ's? Or Regions? Or neither?
An Auto Scaling group can contain EC2 instances from multiple Availability Zones within the same region. However, an Auto Scaling group can't contain EC2 instances from multiple regions.
You work for a famous bakery who are deploying a hybrid cloud approach. Their legacy IBM AS400 servers will remain on premise within their own datacenter. However, they will need to be able to communicate to the AWS environment over a site-to-site VPN connection. What do you need to do to establish the VPN connection?
Assign a public IP address to your Amazon VPC Gateway.
What are the 4 levels of AWS premium support?
Basic, Developer, Business, Enterprise
Bastion host Instances must be created where? And how can they be accessed? And what are they for?
Bastion host lives on the public subnet and can be accessed through SSH or RDP. From there, users can manage other hosts on private subnets
For EBS Volumes, the root volume default is set to what, when an instance terminates? What makes it a root volume? Other EBS Volumes (not root volumes) are by default set to what when an instance terminates?
By default, root volume is set to delete when an instance terminates. This can be changed. By default, the regular EBS volume is set to remain when an instance terminates. A root volume is a root volume because it holds the OS in it.
Which EC2 Instance Types (DIRTMCG) are available as SSD backed storage?
C3, M3
What 3 following ways can you managed lambda functions?
CLI Console SDK
Perfect Forward secrecy is used to offer SSL/TLS cipher suites to which two AWS resources?
CloudFront and ELBs
In order to enable encryption at rest using EC2 and Elastic Block Store, you must -----?
Configure encryption when creating the EBS volume
What does prewarming an ELB mean? What situation would you use it in?
Contacting the AWS IT people and have them pre-configure the ELB to expect a certain load of traffic Use prewarming when you expect traffic to surge in a large percentage very suddenly. Since ELB's are originally designed to handle slow increase in traffic (instead of sudden increase of traffic)
Your company has deployed their production environment on AWS and now need to access their EC2 instances via a bastion host using Windows Remote Desktop protocol. What do you recommend they do to achieve this?
Create a bastion host in a public subnet and open the RDP port up to the bastion security group. Restrict RDP access so that only users with IP address ranges from within your office network can RDP into this bastion host
Per AWS Acceptable Use Policy, penetration testing of EC2 instances a. may be performed by AWS, and will be performed by AWS upon customer request b. may be performed by AWS and is periodically performed by AWS c. Are expressly prohibited under all circumstances d. may be performed by the customer on their own instances with prior authorization from AWS e. may be performed by the customer on own instances, only if performed from EC2 instances
D
For each EC2 instance type, what are each used for? What situations?
D - Dense Storage -- File servers, data warehousing, Hadoop I - IOPS - Low Latency, High performance IOPS R - RAM (Memory) -- memory intensive apps T - General Purpose -- webservers, small DBs M - Main Choice -- General, application servers C - Compute -- CPU intensive apps G - Graphics -- graphics, accelerated, 3D
What does the IP CIDR block with the ending of /0 mean?
The entire network on that CIDR block
When you are using Route53 for a web site hosted in S3, what are one of the rules that must be adhered to in relation to the S3 bucket?
The s3 bucket must be the same as the domain name
What is Recovery Time Objective?
The time is takes after a disruption to restore operations back to its regular service level
What is the cost for transferring data from EC2 to S3 if they are in the same region? *IMPORTANT TO KNOW*
There is no cost when data is transferred from EC2 to S3 if they are in the same region
ELB's purpose is to do what?
To evenly distribute traffic among multiple EC2 instances located in a single or multiple AZs
By default, new subnets in a custom VPC can communicate with each other across AZs. True or False?
True
It is possible to transfer a reserved instance from one Availability Zone to another. True or False
True
RDS Reserved Instances are available for Multi-AZ deployments True or False
True
You can add multiple volumes to an EC2 instance and then create your own RAID5/RAID 10/RAID 0 configurations using those volumes. True or False?
True
How can you configure a DNS zone apex record to point to an ELB?
Use an A record and alias it to the DNS name of the ELB
What section of the EC2 configuration can you write commands that will install programs, software, etc?
Userdata
What is AWS Workspaces?
Virtual Desktops Windows
What is WAF?
Web Application Firewall
Can you perform actions on an EBS Snapshot? If so, how?
Yes, via AWS APIs, CLI and AWS console
Can we continue to use the EBS volume while it is creating a snapshot from it?
Yes, we can still use the EBS volume as normal, but remember any cached data may not make it into the snapshot. In order to get the cached data, we would need to detach the volume, or stop the the instance, or freeze the file system
If you want to stop being charged for reserved instances, what 2 things should you do? Why would stopping them not help in saving money?
You can terminate the instances and sell them on the AWS reserved Instance Marketplace You wouldn't stop them to save money, because unlike on-demand instances, there is no cost difference or savings if you stop the instance
How can you secure data at rest on an EBS volume?
You either have to encrypt the volume when it is being created, or encrypt the data after the volume is created by using an encrypted file system ontop of the EBS volume the EBS volume cannot be encrypted after it is already created
You work for a construction company that has their production environment in AWS. The production environment consists of 3 identical web servers that are launched from a standard Amazon linux AMI using Auto Scaling. The web servers are launched in to the same public subnet and belong to the same security group. They also sit behind the same ELB. You decide to do some testing: you launch a 4th EC2 instance into the same subnet and same security group. Annoyingly, your 4th instance does not appear to have internet connectivity. What could be the cause of this?
You have not assigned an elastic IP address to this instance.
When you put an EC2 instance in a public subnet, it is not internet accessible. How can you make it internet accessible?
You need to apply EIP or ELB to instance
A customer needs to capture all client connection information from their load balancer every 5 mins. The company want to use this data for analyzing traffic patterns and troubleshooting their applications. Which of the following options meets the customer requirements? a. enable CloudTrail for the load balancer b. enable access logs on the load balancer c. Install the Amazon CloudWatch logs agent on the load balancer d. enable Cloudwatch metrics on the load balancer
b. enable access logs on the load balancer
When are you charged with an EIP? a. when an EIP is allocated b. when it is allocated and associated with a running instance c. when it is allocated and associated with a stopped instance d. costs are incurred regardless of whether the EIP is associated with a running instance
c. When it is allocated and associated with a stopped instance.