Stephane Maarek Exam 1
The solo founder at a tech startup has just created a brand new AWS account. The founder has provisioned an EC2 instance 1A which is running in region A. Later, he takes a snapshot of the instance 1A and then creates a new AMI in region A from this snapshot. This AMI is then copied into another region B. The founder provisions an instance 1B in region B using this new AMI in region B. At this point in time, what entities exist in region B?
1 EC2, 1 AMI and 1 snapshot exit in region B
The DevOps team at an e-commerce company has deployed a fleet of EC2 instances under an Auto Scaling group (ASG). The instances under the ASG span two Availability Zones (AZ) within the us-east-1 region. All the incoming requests are handled by an Application Load Balancer (ALB) that routes the requests to the EC2 instances under the ASG. As part of a test run, two instances (instance 1 and 2, belonging to AZ A) were manually terminated by the DevOps team causing the Availability Zones to become unbalanced. Later that day, another instance (belonging to AZ B) was detected as unhealthy by the Application Load Balancer's health check. Can you identify the correct outcomes for these events? (Select two)
1) ASG creates a new scaling activity for terminating the unhealthy instance and then terminates it. Later another scaling activity launches a new EC2 to replace the terminated instance 2) AS the AZ got unbalanced, ASG will compensate by re-balancing the AZ. When re-balancing, ASG launches new EC2 before terminating the old ones, so that re-balancing does not compromise the performance or availability of your application.
A DevOps engineer at an IT company was recently added to the admin group of the company's AWS account. The AdministratorAccess managed policy is attached to this group. Can you identify the AWS tasks that the DevOps engineer CANNOT perform even though he has full Administrator privileges (Select two)?
1) Close the company's AWS Account 2) Configure an S3 bucket to enable MFA delete
An IT consultant is helping the owner of a medium-sized business set up an AWS account. What are the security recommendations he must follow while creating the AWS account root user? (Select two)
1) Enable MFA for AWS root account 2) Create aa strong password for the AWS root account
A new DevOps engineer has joined a large financial services company recently. As part of his onboarding, the IT department is conducting a review of the checklist for tasks related to AWS Identity and Access Management. As a solutions architect, which best practices would you recommend (Select two)?
1) Enable MFA for privileged users 2) Turn on AWS CloudTrail
An IT Company wants to move all the compute components of its AWS Cloud infrastructure into serverless architecture. Their development stack comprises a mix of backend programming languages and the company would like to explore the support offered by the AWS Lambda runtime for their programming languages stack. Can you identify the programming languages supported by the Lambda runtime? (Select two)
1) GO 2) C#/.NET
A video analytics organization has been acquired by a leading media company. The analytics organization has 10 independent applications with an on-premises data footprint of about 70TB for each application. The media company has its IT infrastructure on the AWS Cloud. The terms of the acquisition mandate that the on-premises data should be migrated into AWS Cloud and the two organizations establish connectivity so that collaborative development efforts can be pursued. The CTO of the media company has set a timeline of one month to carry out this transition. Which of the following are the MOST cost-effective options for completing the data transfer and then establishing connectivity? (Select two)
1) Order 10 Snowball Edge devices to complete the one-time data transfer 2) Setup Site-to-Site VPN to establish connectivity between office and AWS
The engineering team at an in-home fitness company is evaluating multiple in-memory data stores with the ability to power its on-demand, live leaderboard. The company's leaderboard requires high availability, low latency, and real-time processing to deliver customizable user data for the community of users working out together virtually from the comfort of their home. As a solutions architect, which of the following solutions would you recommend? (Select two)
1) Power the on-demand, live leaderboard using ElastiCache Redis as it meets the in-memory, high availability, low latency requirements 2) Power the on--demand, live leaderbaord using DynamoDB with DynamoDB Accelerator (DAX) as it meets the in-memory, high availability, low latency requirements.
The IT department at a consulting firm is conducting a training workshop for new developers. As part of an evaluation exercise on Amazon S3, the new developers were asked to identify the invalid storage class lifecycle transitions for objects stored on S3. Can you spot the INVALID lifecycle transitions from the options below? (Select two)
1) S3 one Zone-IA => S3 Standard-IA 2) S3 Intelligent Tierring => S3 Standard
A software engineering intern at an e-commerce company is documenting the process flow to provision EC2 instances via the Amazon EC2 API. These instances are to be used for an internal application that processes HR payroll data. He wants to highlight those volume types that cannot be used as a boot volume. Can you help the intern by identifying those storage volume types that CANNOT be used as boot volumes while creating the instances? (Select two)
1) Throughput optimized HDD (EBS ST1) 2) Cold HDD (EBS SC1) 3) Instance Store
A digital media streaming company wants to use AWS Cloudfront to distribute its content only to its service subscribers. As a solutions architect, which of the following solutions would you suggest in order to deliver restricted content to the bona fide end users? (Select two)
1) Use CloudFront signed Cookies 2) Use CloudFront signed URLs
The engineering team at an e-commerce company wants to set up a custom domain for internal usage such as internaldomainexample.com. The team wants to use the private hosted zones feature of Route 53 to accomplish this. Which of the following settings of the VPC need to be enabled? (Select two)
1) enableDnsSupport 2) enableDnsHostnames
A silicon valley based startup wants to be the global collaboration platform for API development. The product team is looking to build features to simplify each step of building an API and streamline collaboration so you can create better APIs. As part of its research, the product team has figured out a market need to support both stateful and stateless client-server communications via the APIs developed using its platform. You have been hired by the startup as an AWS solutions architect to build a Proof-of-Concept to fulfill this market need using AWS API Gateway. Which of the following would you recommend to the startup?
API Gateway creates RESTful APIs that enable stateless client-server communication and API Gateway also creates WebSocket APIs that adhere to the WebSocket protocol, which enables stateful, full-duplex communication between client and server.
A social photo-sharing company uses Amazon S3 to store the images uploaded by the users. These images are kept encrypted in S3 by using AWS-KMS and the company manages its own Customer Master Key (CMK) for encryption. A member of the DevOps team accidentally deleted the CMK a day ago, thereby rendering the user's photo data unrecoverable. You have been contacted by the company to consult them on possible solutions to this crisis. As a solutions architect, which of the following steps would you recommend to solve this issue?
AS the CMK was deleted a day ago, it must be in the 'pending deletion' status and hence you can just cancel the CMK deletion and recover the key
A social media analytics company uses a fleet of EC2 servers to manage its analytics workflow. These EC2 servers operate under an Auto Scaling group. The engineers at the company want to be able to download log files whenever an instance terminates because of a scale-in event from an auto-scaling policy. Which of the following features can be used to enable this custom action?
ASG lifecycle hook
The engineering team at an online fashion retailer uses AWS Cloud to manage its technology infrastructure. The EC2 server fleet is behind an Application Load Balancer and the fleet strength is managed by an Auto Scaling group. Based on the historical data, the team is anticipating a huge traffic spike during the upcoming Thanksgiving sale. As an AWS solutions architect, what feature of the Auto Scaling group would you leverage so that the potential surge in traffic can be preemptively addressed?
ASG scheduled Action
The DevOps team at a major financial services company uses Multi-Availability Zone (Multi-AZ) deployment for its MySQL RDS database in order to automate its database replication and augment data durability. The DevOps team has scheduled a maintenance window for a database engine level upgrade for the coming weekend. Which of the following is the correct outcome during the maintenance window?
Any database engine level upgrade for an RDS DR instance with Multi-AZ deployment triggers both the primary and standby DB instances to be upgraded at the same time. This causes downtime until the upgrade is complete.
Which of the following is true regarding cross-zone load balancing as seen in Application Load Balancer versus Network Load Balancer?
By default, cross-zone load balancing is enabled for Application Load Balancer and disabled for Network Load Balancer
CloudFront signed cookies
CloudFront signed cookies allow you to control who can access your content when you don't want to change your current URLs or when you want to provide access to multiple restricted files, for example, all of the files in the subscribers' area of a website.
An organization wants to delegate access to a set of users from the development environment so that they can access some resources in the production environment which is managed under another AWS account. As a solutions architect, which of the following steps would you recommend?
Create a new IAM role with the required permission to access the resources in the production environment. The users can then assume this IAM role while accessing the resources from the production environment.
The CTO of an online home rental marketplace wants to re-engineer the caching layer of the current architecture for its relational database. He wants the caching layer to have replication and archival support built into the architecture. Which of the following AWS service offers the capabilities required for the re-engineering of the caching layer?
ElastiCache for Redis
A leading carmaker wants to use AWS for its connected car application that would collect sensor data from its electric car fleet to give drivers dynamically updated map information. The carmaker would like to build its new car-as-a-sensor service by leveraging fully serverless components that are provisioned and managed automatically by AWS. The development team at the carmaker does not want an option that requires the capacity to be manually provisioned, as it does not want to respond manually to changing volumes of sensor data. Given these constraints, which of the following solutions is the BEST fit to develop this car-as-a-sensor service?
Ingest the sensor data in an SQS standard queue, which is pollled by a Lmabda function in batches and the daata is written into an Auto-scaled DynamoDB table for downstream processing
CloudFront signed URLs
Many companies that distribute content over the internet want to restrict access to documents, business data, media streams, or content that is intended for selected users, for example, users who have paid a fee. To securely serve this private content by using CloudFront, you can do the following: Require that your users access your private content by using special CloudFront signed URLs or signed cookies. A signed URL includes additional information, for example, expiration date and time, that gives you more control over access to your content.
A junior scientist working with the Deep Space Research Laboratory at NASA is trying to upload a high-resolution image of a nebula into Amazon S3. The image size is approximately 3GB. The junior scientist is using S3 Transfer Acceleration (S3TA) for faster image upload. It turns out that S3TA did not result in an accelerated transfer. Given this scenario, which of the following is correct regarding the charges for this image transfer?
No need to pay any transfer charges for the image upload
The traffic monitoring authorities at a city want to monitor the traffic at busy intersections and take corrective action at the earliest. An ML solutions company has developed a Proof-of-Concept for processing this video data and now it wants to cover all city intersections. What is the recommended solution stack with the LEAST amount of development effort and ongoing maintenance?
Process the incoming video streams using Kinesis Video Streams and feed the video streams to a downstream application for real time analysis
The audit department at one of the leading consultancy firms generates the audit reports only during the last month of a financial year. The department uses AWS Step Functions to orchestrate the report creating process with failover and retry scenarios built into the solution and the data should be available with millisecond latency. The underlying data to create these audit reports is stored on S3 and runs into hundreds of Terabytes. As a solutions architect, which is the MOST cost-effective storage class that you would recommend to be used for this use-case?
S3 Standard Infrequent Access
A leading video streaming service delivers billions of hours of content from Amazon S3 to customers around the world. Amazon S3 also serves as the data lake for its big data analytics solution. The data lake has a staging zone where intermediary query results are kept only for 24 hours. These results are also heavily referenced by other parts of the analytics pipeline. Which of the following is the MOST cost-effective strategy for storing this intermediary query data?
Store the intermediary query results in S3 Standard
The spreadsheet is saved on an EFS file system created in us-east-1 region. The sourcing team counterparts from other AWS regions such as Asia Pacific and Europe also want to collaborate on this spreadsheet. What is your recommendation to enable this collaboration with the LEAST amount of operational overhead?
The spreadsheet on the EFS file system can be accessed from EC2 instances running in other AWS regions by using an inter-region VPC peering connection.
A gaming company uses Amazon Aurora as its primary database service. Amazon Aurora's fast failover capabilities and storage durability have minimized technical obstacles for its online gaming service. After launching their flagship game, which achieved more than 10M downloads in the first 3 weeks, Aurora's high durability allowed them to provide stable service operation without any maintenance emergencies. The company has now deployed 5 multi-AZ read replicas to increase the read throughput and for use as failover target. The replicas have been assigned the following failover priority tiers and corresponding sizes are given in parentheses: tier-1 (16TB), tier-1 (32TB), tier-10 (16TB), tier-15 (16TB), tier-15 (32TB). In the event of a failover, Amazon RDS will promote which of the following read replicas?
Tier-1 (32TB)
A media company wants to get out of the business of owning and maintaining its own IT infrastructure so it can redeploy resources toward innovation in artificial intelligence and other areas to create a better customer experience. As part of this digital transformation, the media company wants to archive about 5PB of data in its on-premises data center to durable long term storage. As a solutions architect, what is your recommendation to migrate this data in the MOST cost-optimal way?
Transfer the on-premises data into multiple snowball edge storage optimized devices. Copy the Snowball edge data into Amazon S3 and create a life-cycle policy to transition the data into AWS Glacier
A cyber forensics company uses a fleet of EC2 servers to manage its flagship Software as a Service (SaaS) application workflow. These EC2 servers are behind an Application Load Balancer and they operate under an Auto Scaling group. The engineers at the company want to be able to install proprietary forensic tools on each instance and perform a pre-activation status check of these tools whenever an instance is provisioned because of a scale-out event from an auto-scaling policy. Which of the following options can be used to enable this custom action?
Use ASG life-cycle hook to put the EC2 in a wait state and launch a custom script that installs the proprietary forensic tools and performs a pre-activation status check.
A major bank is modernizing its retail message queuing by migrating from self-managed message-oriented middleware systems to Amazon SQS. The bank is using SQS to migrate several core banking applications to the cloud to ensure high availability and cost efficiency while simplifying administrative complexity and overhead. The development team at the bank expects a peak rate of about 1000 messages per second to be processed via SQS. It is important that the messages are processed in the order. Which of the following options can be used to implement this system?
Use Amazon SQS FIFO queue in batch mode of 4 messages per operation to process the messages at the peak rate
A research group at an ivy-league university needs a fleet of EC2 instances operating in a fault-tolerant architecture for a specialized task that must deliver high random I/O performance. Each instance in the fleet would have access to a dataset that is replicated across the instances. Because of the resilient architecture, the specialized task would continue to be processed even if any of the instances goes down. Which of the following options is the MOST cost-optimal and resource-efficient solution to build this fleet of EC2 instances?
Use Instance Store based EC2 instances
An IT company wants to review its security best-practices after an incident was reported where a new developer on the team was assigned full access to DynamoDB. The developer accidentally deleted a couple of tables from the production environment while building out a new feature. Which is the MOST effective way to address this issue so that such incidents do not recur?
Use Permissions boundary to control the maximum permissions employees can grant to the IAM principals.
A US-based healthcare startup is building an interactive diagnostic tool for COVID-19 related assessments. The users would be required to capture their personal health records via this tool. As this is sensitive health information, the backup of the user data must be kept encrypted in S3. The startup does not want to provide its own encryption keys but still wants to maintain an audit trail of when an encryption key was used and by whom. Which of the following is the BEST solution for this use-case?
Use SSE-KMS to encrypt the user data on S3