23. Final Practice Exam
You're building out a single-region application in us-west-2. However, disaster recovery is a strong consideration, and you need to build the application so that if us-west-2 becomes unavailable, you can fail-over to us-west-1. Your application relies exclusively on pre-built AMI's. In order to share those AMI's with the region you're using as a backup, which process would you follow?
Copy the AMI from us-west-2, manually apply launch permissions, user-defined tags, and Amazon S3 bucket permission of the default AMI to the new instance, and launch the instance
Placement Groups can be created across 2 or more Availability Zones.
False
AWS help provide protection against some forms of traditional network attacks. Which of the following is not protected against by AWS?
Social Engineering
What blocksize does Redshift use when storing it's data in columnar storage?
1024KB
What is the maximum VisibilityTimeout of an SQS message in a FIFO queue?
12
You are designing a new VPC for a customer and you need to deploy your EC2 instances in to multiple availability zones. What is the minimum number of subnets that you require to achieve this objective?
2 Subnets with each subnet in an independent AZ.
By default how many VPCs can you have per region in your AWS account?
5
You work for a automotive company which is migrating their production environment in to AWS. The company has 4 separate segments, Dev, Test, UAT & Production. They require each segment to be logically isolated from each other. What VPC configuration should you recommend?
A separate VPC for each segment. Then create VPN tunnels from your HQ to each VPC so the appropriate teams can each speak to their dedicated VPC.
You are solutions architect working for a busy ecommerce store. Due to your organisations unique security requirements, you decide to utilize EC2 running a MySQL database, rather than using RDS. You need to architect this EC2 instance to maximise your disk IO. Which of the following would give you the best disk performance?
Add 2x additional PIOPS volumes and create a RAID 0. Install MySQL to this RAID 0 partition - This would give you the best IO performance as you are using provisioned IOPS (PIOPS) in a RAID 0, which will give you better performance than RAID 5 as you are now writing parity to your partition.
Which of the following is true when writing to S3?
All regions provide read-after-write consistency for PUTS of new objects in your Amazon S3 bucket and eventually consistency for overwrite PUTS and DELETES.
Your company has just purchased another company. As part of the merger, your team has been instructed to cross connect the corporate networks. You run all your confidential corporate services and Internal DNS in a VPC. The merged company has all their confidential corporate services and Internal DNS on-premises. After establishing a Direct-Connect service between your VPC and their on-premise network, and confirming all the routing, firewalls, and authentication, you find that while you can resolve names against their DNS, the other company services is unable to resolve names against your DNS servers. Why might this be?
By design, AWS DNS does not respond to requests originating from outside the VPC. Route53 has a security feature that prevents internal DNS from being read by external sources. The work around is to create a EC2 hosted DNS instance that does zone transfers from the internal DNS, and allows itself to be queried by external servers.
You are a solutions architect working for a large pharmaceutical company who are involved in high performance computing to develop new drugs to treat arthritis. You are helping them to design a new application which will need to keep network traffic the lowest latency possible while leveraging very high CPU performance. They would like to place this solution on to the AWS platform and are looking for your recommendations. Which of the following do you suggest?
CPU optimized EC2 instances deployed into placement groups
You are designing an image sharing website that will distribute images across the world. You need maximise performance so that your end users can download frequently accessed images as fast as possible. What AWS technology should you implement?
CloudFront
What service can you use to audit user access & API calls across your AWS environment?
CloudTrail
Under the shared responsibility model for S3 which of the following is NOT a responsibility of Amazons.
Configuration of individual bucket policies
You are an AWS architect and you require encryption at rest for additional volumes attached to your EC2 instance. What is the quickest and most efficient way to achieve this?
Configure encryption when creating the EBS volume
Amazon SWF is designed to help users to do which of the following?
Coordinate synchronous and asynchronous tasks
Following advice from your consultant, you have configured your VPC to use Dedicated hosting tenancy. A subsequent change to your application has rendered the performance gains from dedicated tenancy superfluous, and you would now like to recoup some of these greater costs. How do you revert to Default hosting tenancy?
Create AMI's of all your instances. Create a new VPC with Default as the hosting tenancy attribute, and use them to create new instances using Default tenancy
You are developing a web application, and you are maintaining separate sets of resources for your alpha, beta, and release environments. Each version runs on Amazon EC2 with an EBS volume. You use Elastic Load Balancing to manage traffic and Amazon Route 53 to manage your domain. What's the best way to check the health and status of all three groups of services simultaneously?
Create a resource group containing each set of resources and view all three environments form a single, group dashboard
You run a website which hosts videos and you have two types of members, premium fee paying members and free members. All videos uploaded by both your premium members and free members are processed by a fleet of EC2 instances which will poll SQS as videos are uploaded. However you need to ensure that your premium fee paying members videos have a higher priority than your free members. How should you design your application.
Create two SQS queues, one for premium members and one for free members. Program your EC2 fleet to poll the premium queue first and if empty, to then poll your free members SQS queue.
In regards to EC2 which of the following is not a customers responsibility under the shared responsibility model?
Decommissioning and destruction of storage media.
You have created a custom VPC with 3 subnets, 2 private, 1 public. You deploy 3 EC2 instances in to your public subnet and attach Elastic IP addresses to these instances. You then deploy an EC2 instance in to your private subnet and then attempt to apply security patches to this instance, however it has no internet connectivity. What can you do to give this instance internet access?
Deploy a NAT to the public subnet and then update the main route table to send traffic via the NAT to the private subnet
Which of the following services do you get OS level access to?
EC2 & Elastic Map Reduce (EMR)
You have a MySQl database running on an EC2 instance in a private subnet. You can connect via SSH, but you are unable to apply updates to the database server via the NAT instance. What might you do to remedy this problem?
Ensure that "Source/Destination Checks" is disabled on the NAT instance.
Amazon SQS keeps track of all tasks and events in an application.
False, With SQS, you must implement your own application-level tracking, especially if your application uses multiple queues.
Your company likes the idea of storing files on AWS. However, low-latency service of the last few days of files is important to customer service. Which Storage Gateway configuration would you use to achieve both of these ends?
Gateway-Cached
Your company provides an online image recognition service and uses SQS to decouple system components. Your EC2 instances poll the image queue as often as possible to keep end-to-end throughput as high as possible, but you realize that all this polling is resulting in both a large number of CPU cycles and skyrocketing costs. How can you reduce cost without compromising service?
Gateway-Cached volumes retain a copy of frequently accessed data subsets locally. Cached volumes offer a substantial cost savings on primary storage and minimize the need to scale your storage on-premises. :Enable long polling by setting the ReceiveMessageWait TimeSeconds to a number >0.
You are a solutions architect working for a busy media company with offices in Japan and the United States. Your production environment is hosted both in US-EAST-1 and AP-NORTHEAST-1. Your European users have been connecting to the production environment in Japan, and are seeing the site in Japanese rather than in English. You need to ensure that they view the English language version. Which of the routing policies below could help you achieve this?
Geolocation
You have uploaded a file to S3, what HTTP code would indicate that the upload was successful?
HTTP 200
Lecture 75
Introduction & Overview
A client who is using EC2 believes that someone other than approved administrators is trying to gain access to her Linux web app instances, and she asks what sort of network access logging can be added to the system. Which of the following might you recommend?
Make use of an OS level logging tools such as iptables and log events to CloudWatch or S3
You are designing a web application for a new social media start up and have recommended using DynamoDB for the database due to its superior performance. You need to ensure that your database has redundancy. What additional steps should you do?
Nothing, DynamoDB all data is automatically replicated across multiple availability zones.
Which of the following is not a responsibility of Amazon's under the shared responsibility model?
OS level patching for EC2
Under the shared responsibility model for DynamoDB which of the following is NOT a responsibility of Amazons.
Restricting access to DynamoDB so that only the customers web application in EC2 can write data to it.
You have an EC2 instance which needs to find out both its private IP address and its public IP address using a script. Which of the below should you include in the script to discover this information.
Retrieve the instance metadata from http://169.254.169.254/latest/meta-data/
You are designing a new application for a financial company that will utilize spot EC2 instances as and when they meet a certain price point. These EC2 instances will analyse data and the output their analysis to the root volume. You need to store this data in a persistent form of storage so that if the spot instances are terminated by Amazon, you will not lose your data. You need to choose the lowest cost service. Where should you store your data?
S3
You need to store some easily-replaceable objects on S3. With quick retrieval times and and cost effectiveness in mind, which S3 storage class should you consider.
S3 - RRS
You are designing an AWS solution for a new customer and they want to use their active directory credentials in order to sign in to the AWS management console. What kind of authentication response is required in order for users to authenticate with the AWS security token service (STS).
Security Assertion Markup Language 2.0 (SAML 2.0)
Your company is moving their 10TB data warehouse to the cloud. Taking into account your company's 100Mbps connection, which service would most quickly get your data into AWS?
Snowball
You have been engaged by a company to design and lead a migration to an AWS environment. The team is concerned about the capabilities of the new environment, especially when it comes to avoiding bottlenecks. The design calls for about 20 instances (C3.2xLarge) pulling jobs/messages from SQS. Network traffic per instance is estimated to be around 500 Mbps at the beginning and end of each job. Which network configuration should you plan on deploying?
Spread the instances over multiple AZs to minimize the traffic concentration and maximize the fault tolerance
When editing permissions (policies and ACLs), to whom does the concept of the "Owner" refer?
The "Owner" refers to the identity and email address used to create the account AWS account
How is the Public IP address managed in an instance session via the instance GUI/RDP or Terminal/SSH session?
The Public IP address is not managed on the instance, it is, instead an alias applied as a network address translation of the Private IP address
You have been monitoring a sensitive autoscaling group, and you expect it to scale-in as you enter a period of holiday downtime. The auto scaling group is distributed over three AZs ( AZ - A & -B have two instances each, and AZ -C has three instances). All instances have different CPU and Memory utilization, and all instances have been running for a different number of days. All instances come from different versions of a root AMI, and all instances have different numbers of sessions connected. Which instance will be the 1st to shut down?
The instance AZ-C that has the oldest launch configuration will terminate first?
You have three AWS accounts (A, B & C) which share data. In an attempt to maximize performance between the accounts, you deploy the instances owned by these three accounts in "eu-west-1b". During testing, you find inconsistent results in transfer latency between the instances. Transfer between accounts A and B is excellent, but transfers between accounts B and C, and C and A, are slower. What could be the problem ?
The names of the AZ's are randomly applied so eu-west-1b is not necessary the same physical location for all three accounts.
To save money, you quickly stored some data on the root volume of an EC2 instance and shut it down for the weekend. When you returned on Monday and restarted your instance, you discovered that your data was gone. Why might that be?
The root volume was ephemeral, block level storage. Data on an instance store volume is lost if an instance terminates.
You are a consultant planning to deploy DynamoDB across three AZs. Your lead DBA is concerned about data consistency. Which of the following do you advise the lead DBA to do?
To ask the development team to code for strongly consistent reads. As the consultant, you will advice the CTO of the increased cost
Auto Scaling is a tool used to create fault-tolerant and cost-effective architectures.
True
You are a Solutions Architect working for a major European oil company. You are designing a new web application which will need to access data stored in DynamoDB. You need to do this as securely as possible, without storing any credentials on a long term basis. How would you achieve this?
Use AWS Identity and Access Management roles for the EC2 instances that need to make API calls
You manage a Ruby on Rails application that lives on a cluster of EC2 instances. Your website occasionally experiences brief, strong, and entirely unpredictable spikes in traffic that overwhelm your EC2 instances' resources and freeze the application. As a result, you're losing recently submitted requests from end users. You use Auto Scaling to deploy additional resources to handle the load during spikes, but the new instances don't spin-up fast enough to prevent the existing application servers from freezing. Which of the following will provide the most cost-effective solution in preventing the loss of recently submitted requests?
Use Amazon SQS to decouple the application components and keep the requests in queue until the extra Auto-Scaling instances are available.
You work for a popular media outlet about to release a story that is expected to go viral. During load testing on the website, you discover that there is read contention on the database tier of your application. Your RDS instance consists of a MySQL database on an extra large instance. Which two of the following approaches would be best to further scale this instance to meet the anticipated increase in traffic your viral story will generate?
Use Elasticcache to cache the frequently read, static data
Although your application customarily runs at 30% usage, you have identified a recurring usage spike (>90%) between 8pm and midnight daily. What is the most cost effective way to scale your application to meet this increased need?
Use Proactive Cyclic Scaling to boost your capacity at a fixed interval
You are designing an application for a furniture retailer. A component of the application takes pictures of the furniture for sale and generates thumb nail images which then need to be stored persistently. The business can tolerate it if some images are lost as they can be regenerated. The thumbnails will need to be retrieved immediately when the application requests them. What is the cheapest option to do this?
Using S3 RRS
You successfully configure VPC Peering between VPC-A and VPC-B. You then establish an IGW and a Direct-Connect connection in VPC-B. Can instances in VPC-A connect to your corporate office via the Direct-Connect service, and connect to the Internet via the IGW?
VPC Peering does not support edge to edge routing
You are reviewing Change Control requests, and you note that there is a change designed to reduce wasted CPU cycles by increasing the value of VisibilityTimeout attribute. What does this mean?
When a consumer instance retrieves a message, that message will be hidden from other consumer instances for a fixed period.
Which of the following is not associated with Identity Access Management Service
Workspaces (Users, Roles and Groups ARE associated with IAM)
You are a solutions architect working for a large cell phone company in the US. Your CSO has engaged a third party security company to conduct a security audit of your company to make sure it is not liable to hacking. The third party security company would like to conduct a penetration test on your AWS estate. Would this be allowed by AWS?
Yes however you need to get permission from Amazon first by raising a ticket
You are creating a new VPC with 3 subnets in 3 separate availability zones. You require instances in each subnet to be able to communicate to each other by default. What additional steps should you take in order to achieve this objective.
You do not need to do anything, by default all subnets can communicate with each other using the main route table.
You are putting together a wordpress site for a local charity and you are using a combination of Route53, Elastic Load Balancers, EC2 & RDS. You launch your EC2 instance, download wordpress and setup the configuration files connection string so that it can communicate to RDS. When you browse to your URL however, nothing happens. Which of the following could NOT be the cause of this.
You have locked down 22 down to a specific IP address therefore users cannot access your site using HTTP/HTTPS
Your company has hired a young and enthusiastic accountant. After reviewing the AWS documentation and usage graphs, he announces that you are wasting vast amounts of money running servers for a full hour instead of spinning them up only when they are needed and down again as soon as they are idle for 1 minute. He cites the AWS claim that you only pay for what you use, and that as a senior engineer, you should be more conscious of wasting company money. How do you respond ?
You thank him for his concern, and advise him that he has misinterpreted the pricing document, Instances are billed by the full hour, and partial instances billed as such. Additionally, storage charges are incurred even if the Db instance sits idle. Taking into account productivity losses, stopping and restarting Db instances may actually result in additional costs. As such your solution is fine as it now stands.
Which URL format does S3 support in pointing to bucket "mynewbucket"?
http://mynewbucket.s3-aws-region.amazonaws.com
At the monthly product meeting, one of the Product Owners proposes an idea to address an immediate shortcoming of the product system
storing a copy of the customer price schedule in the customer record in the database. You know that you can store large text or binary objects in DynamoDB. You give a tentative OK to do a Minimal Viable Product test, but stipulate that it must comply with the size limitation on the Attribute Name & Value. Which is the correct limitation?: The combined Value and Name combined must not exceed 400KB