AWS SysOp - Diagnostic Test
A user is planning to use AWS Cloudformation. Which functionality does not help him to correctly understand Cloudformation? A. Cloudformation follows the DevOps model for the creation of Dev & Test B. AWS Cloudfromation does not charge the user for its service but only charges for the AWS resources created with it C. Cloudformation works with a wide variety of AWS services, such as EC2, EBS, VPC, IAM, S3, RDS, ELB, etc D. CloudFormation provides a set of application bootstrapping scripts which enables the user to install Software
A
A user is trying to aggregate all the CloudWatch metric data of the last 1 week. Which of the below mentioned statistics is not available for the user as a part of data aggregation? A. Aggregate B. Sum C. Data Samples D. Average
A
A user has created numerous EBS snapshots. What is the general limit for each AWS account for the maximum number of EBS snapshots that can be created by default? Please select : A. 10000 B. 5000 C. 100 D. 1000
A As per the AWS documentation, by default, the EBS Snapshots limit is 10000.
You have been asked to automate many routine systems administrator backup and recovery activities. Your current plan is to leverage AWS-managed solutions as much as possible and automate the rest with AWS CLI scripts. Which task would be best accomplished with a script? A. Creating daily EBS snapshots with a monthly rotation of snapshots B. Creating RDS snapshots with a monthly rotation of snapshots C. Automatically detect and stop unused or underutilized EC3 instances D. Automatically add Auto Scaled EC2 instances to an Amazon Elastic Load Balancer
A EBS snapshots are the ones that can be managed via the CLI. You can easily create a snapshot from a volume while the instance is running and the volume is in use. You can do this from the EC2 dashboard.
When do you get billed for EC2 instances? Please choose one answer from the options given below. A. Running state B. Terminated state C. Stopped state D. All of the above
A Remember that you get charged for EC2 instances only when the instances are in a running state. This is also specified as per the documentation in AWS as shown in the snapshot below.
An organization is planning to use AWS for their production roll out. The organization wants to implement automation for deployment such that it will automatically create a LAMP stack, download the latest PHP installable from S3 and setup the ELB. Which of the below mentioned AWS services meets the requirement for making an orderly deployment of the software? A. AWS Elastic Beanstalk B. AWS Cloudfront C. AWS Cloudformation D. AWS DevOps
A The Elastic Beanstalk is an easy-to-use service for deploying and scaling web applications and services. We can simply upload code and Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring. Meanwhile we can retain full control over the AWS resources used in the application and can access the underlying resources at any time.
A user is trying to configure the CloudWatch billing alarm. Which of the below mentioned steps should be performed by the user for the first time alarm creation in the AWS Account Management section? Please select : A. Enable Receiving Billing Reports B. Enable Receiving Billing Alerts C. Enable AWS billing utility D. Enable CloudWatch Billing Threshold
A The pre-requite is to ensure to go to Preferences in AWS and ensure that "Receive Billing Alerts" is enabled. Only then will you be able to define Clodwatch alarms on billing.
A system admin is maintaining an application on AWS. The application is installed on EC2 and user has configured ELB and Auto Scaling. Considering future load increase, the user is planning to launch new servers proactively so that they get registered with ELB. How can the user add these instances with Auto Scaling? Please select : A. Increase the desired capacity of the Auto Scaling group B. Increase the maximum limit of the Auto Scaling group C. Launch an instance manually and register it with ELB on the fly D. Decrease the minimum limit of the Auto Scaling group
A To increases instances proactively you need to increase the desired limit.
You are creating an Auto Scaling group whose Instances need to insert a custom metric into CloudWatch. Which method would be the best way to authenticate your CloudWatch PUT request? Please select : A. Create an IAM role with the Put MetricData permission and modify the Auto Scaling launch configuration to launch instances in that role B. Create an IAM user with the PutMetricData permission and modify the Auto Scaling launch configuration to inject the userscredentials into the instance User Data C. Modify the appropriate Cloud Watch metric policies to allow the Put MetricData permission to instances from the Auto Scaling group D. Create an IAM user with the PutMetricData permission and put the credentials in a private repository and have applications on the server pull the credentials as needed
A When providing permission to any AWS service from an EC2 instance, you need to always use IAM roles. So here you would create an IAM Role with permissions to add Cloudwatch metrics. To specify a role, follow the below steps
A user is planning to setup notifications on the RDS DB for a snapshot. Which of the below mentioned event categories is not supported by RDS for this snapshot source type? Please select : A. Backup B. Creation C. Deletion D. Restoration
A When you go to the Event Subscriptions section for an RDS and choose the source as snapshot, you can see the below options. Backup is not available as an option and hence A is the right option.
An organization, which has the AWS account ID as 999988887777, has created 50 IAM users. All the users are added to the same group demo. If the organization has enabled that each IAM user can login with the AWS console, which AWS login URL will the IAM users use? Please select : A. https:// 999988887777.signin.aws.amazon.com/console/ B. https:// signin.aws.amazon.com/demo/ C. https:// demo.signin.aws.amazon.com/999988887777/console/ D. https:// 999988887777.aws.amazon.com/demo/
A When you go to the IAM dashboard, you can see the sign-in link which can be used. The sign in line is always prefixed by the account number. And the last keyword is console.
Which feature in S3 allows one to analyze the identify access patterns whilst using the storage in S3? A. S3 Analytics B. S3 lifecycle policy C. S3 IA D. This is not possible
A As per the AWS documentation, you can use the S3 storage analytics to see storage patterns.
An organization has created 50 IAM users. The organization has introduced a new policy which will change the access of an IAM user. How can the organization implement this effectively so that there is no need to apply the policy at the individual user level? A. Use the IAM groups and add users as per their role to different groups and apply policy to the group B. The user can create a policy and apply it to multiple users in a single go with the AWS CLI C. Add each user to the IAM role as per their organization role to achieve effective policy setup D. Use the IAM role and implement access at the role level
A For applying access across multiple users, you need to have IAM groups. This is the best practice from AWS for user management. Groups let you specify permissions for multiple users, which can make it easier to manage the permissions for those users. For example, you could have a group called Administrators and give that group the types of permissions that administrators typically need. Any user in that group automatically has the permissions that are assigned to the group.
Amazon S3 is storage for the internet. It's a simple storage service that offers software developers a highly scalable, reliable and low latency data storage infrastructure at very low costs. From the below options which are true with regards to AWS S3. Choose 2 answers from the options given below: A. Objects are directly accessible via a URL B. S3 should be used to host a relational database C. S3 allows you to store objects of virtually unlimited size D. S3 allows you to store virtually unlimited amounts of data E. S3 offers Provisioned IOPS
A and D
You have two Elastic Compute Cloud (EC2) instances inside a Virtual Private Cloud (VPC) in the same Availability Zone (AZ) but in different subnets. One instance is running a database and the other instance an application that will interface with the database. You want to confirm that they can talk to each other for your application to work properly. Which two things do we need to confirm in the VPC settings so that these EC2 instances can communicate inside of the VPC? Choose two answers: A. A network ACL that allows communication between two subnets B. Both instances are the same instance class using the same Key-pair C. That the default route is set to a NAT instance or internet Gateway (IGW) for them to communicate D. Security groups are set to allow the application host to talk to the database on the right port/protocol
A and D When you design a web server and database server, the security groups must be defined so that the web server can talk to the database server.
What is true about IAM groups? Please choose 3 answers from the options given below Please select : A. We can add users to or remove them from a group. B. A user can belong to multiple groups. C. Groups can belong to other groups. D. Groups can be granted permissions using access control policies
A, B, and D
When preparing for a compliance assessment of your system built inside of AWS. What are the 3 best practises for you to prepare for an audit? Choose 3 answers from the options given below. A. Gather evidence of your IT Operational controls. B. Request and obtain third party audited AWS compliance reports and certifications. C. Request and obtain a compliance and security tour of an AWS data center for a pre-assessment security review. D. Request and obtain approval from AWS to perform relevant network scans and in-depth penetration testing of the user system's instances and endpoints. E. Schedule meetings with AWS third-party auditors to provide evidence of AWS compliance that maps to your control objectives.
A, B, and D The first major requirement is for an organization to evaluate all the controls they have put in place for their AWS environment. So like who has access to what elements in AWS, how is data secured at rest etc. One can also request AWS to perform network tests and penetration tests to ensure their environment is secure. And finally there are third party's available for carrying out relevant audits.
When assessing an organization's use of AWS API access credentials which of the following three credentials should be evaluated? Choose 3 answers from the options given below Please select : A. Key pairs B. Console passwords C. Access keys D. Signing certificates E. Security Group memberships
A, C, and D You use different types of security credentials depending on how you interact with AWS. For example, you use a user name and password to sign in to the AWS Management Console. You use access keys to make programmatic calls to AWS API actions. Key pairs consist of a public key and a private key. You use the private key to create a digital signature, and then AWS uses the corresponding public key to validate the signature. You can create Amazon EC2 key pairs from the Amazon EC2 console, CLI, or API. Access keys consist of an access key ID and a secret access key. You use access keys to sign programmatic requests that you make to AWS if you use the AWS SDKs, REST, or Query APIs. One can use the IAM API to upload a certificate, via the UploadServerCertificate request.
A customer is using AWS for Dev and Test. The customer wants to setup the Dev environment with Cloudformation. Which of the below mentioned steps are not required while using Cloudformation? Please select : A. Create a stack B. Configure a service C. Create and upload the template D. Provide the parameters configured as part of the template
B
A user is trying to save some cost on the AWS services. Which of the below mentioned options will not help him save cost? A. Delete the unutilized EBS volumes once the instance is terminated B. Delete the AutoScaling launch configuration after the instances are terminated C. Release the elastic IP if not required once the instance is terminated D. Delete the AWS ELB after the instances are terminated
B
An organization is using AWS since a few months. The finance team wants to visualize the pattern of AWS spending. Which of the below AWS tool will help for this requirement? Please select : A. AWS Cost Manager B. AWS Cost Explorer C. AWS CloudWatch D. AWS Consolidated Billing
B
An organization has configured the custom metric upload with CloudWatch. The organization has given permission to its employees to upload data using CLI as well SDK. How can the user track the calls made to CloudWatch? Please select : A. The user can enable logging with CloudWatch which logs all the activities B. Use CloudTrail to monitor the API calls C. Create an IAM user and allow each user to log the data using the S3 bucket D. Enable detailed monitoring with CloudWatch
B AWS Cloudtrail is the defacto service provided by AWS for monitoring all API calls to AWS and is used for logging and monitoring purposes for compliance purposes. Amazon cloudtrail detects every call made to AWS and creates a log which can then be further used for analysis.
A user has created a web application with Auto Scaling. The user is regularly monitoring the application and he observed that the traffic is highest on Thursday and Friday between 8 AM to 6 PM. What is the best solution to handle scaling in this case? A. Add a new instance manually by 8 AM Thursday and terminate the same by 6 PM Friday B. Schedule Auto Scaling to scale up by 8 AM Thursday and scale down after 6 PM on Friday C. Schedule a policy which may scale up every day at 8 AM and scales down by 6 PM D. Configure a batch process to add a instance by 8 AM and remove it by Friday 6 PM
B To configure your Auto Scaling group to scale based on a schedule, you create a scheduled action, which tells Auto Scaling to perform a scaling action at specified times. To create a scheduled scaling action, you specify the start time when you want the scaling action to take effect, and the new minimum, maximum, and desired sizes for the scaling action. At the specified time, Auto Scaling updates the group with the values for minimum, maximum, and desired size specified by the scaling action.
You are managing a legacy application Inside VPC with hard coded IP addresses in its configuration. Which two mechanisms will allow the application to failover to new instances without the need for reconfiguration? Choose 2 answers: A. Create an ELB to reroute traffic to a failover instance B. Create a secondary ENI that can be moved to a failover instance C. Use Route 53 health checks to fail traffic over to a failover instance D. Assign a secondary private IP address to the primary ENI that can be moved to a failover instance
B and D Here you can choose either the option of creating a secondary network interface which can be moved to the failover instance or have a secondary IP address which can be moved to the failover instance or have a secondary IP address which can be moved to the failover instance. For both cases, you can do this at the time of defining the EC2 instance
There are currently multiple applications hosted in a VPC. During monitoring it has been noticed that multiple port scans are coming in from a specific IP Address block. The internal security team has requested that all offending IP Addresses be denied for the next 24 hours. Which of the following is the best method to quickly and temporarily deny access from the specified IP Address's. A. Create an AD policy to modify the Windows Firewall settings on all hosts in the VPC to deny access from the IP Address block. B. Modify the Network ACLs associated with all public subnets in the VPC to deny access from the IP Address block. C. Add a rule to all of the VPC Security Groups to deny access from the IP Address block. D. Modify the Windows Firewall settings on all AMI's that your organization uses in that VPC to deny access from the IP address block.
B. A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets.
A user has setup a CloudWatch alarm on an EC2 action when the CPU utilization is above 75%. The alarm sends a notification to SNS on the alarm state. If the user wants to simulate the alarm action how can he achieve this? A. Run activities on the CPU such that its utilization reaches above 75% B. From the AWS console change the state to 'Alarm' C. The user can set the alarm state to 'Alarm' using CLI D. Run the SNS action manually
C The easiest way to set the ALARM in Cloudwatch is to trigger the alarm itself and that can be done via the CLI. To change the state of the alarm via the CLI with the set-alarm-state function. Below is an example of the CLI command which sets the state of the alarm. AWS cloudwatch set-alarm-state --alarm-name "Testalarm" --state-value ALARM --state-reason "Demo purposes"
A system admin has created a shopping cart application and hosted it on EC2. The EC2 instances are running behind ELB. The admin wants to ensure that the end user request will always go to the EC2 instance where the user session has been created. How can the admin configure this? Please select : A. Enable ELB cross zone load balancing B. Enable ELB cookie setup C. Enable ELB sticky session D. Enable ELB connection draining
C To ensure that each end user request goes to the same EC2 instance as the session created, you need to enable stickiness at the ELB level To enable stickiness go to the ELB and in the port configuration section you can enable the stickiness.
A user wants to disable connection draining on an existing ELB. Which of the below mentioned statements helps the user disable connection draining on the ELB? Please select : A. The user can only disable connection draining from CLI B. It is not possible to disable the connection draining feature once enabled C. The user can disable the connection draining feature from EC2 -> ELB console or from CLI D. The user needs to stop all instances before disabling connection draining
C When you have an ELB , you can go to the Console, go to the Instances tab and edit the Connection draining time for instances. You can also modify from the CLI via the below command. The below command will set the timeout to 100 seconds for the loadbalancer named my-loadbalancer. AWS elb modify-load-balancer-attributes --load-balancer-name my-loadbalancer --load-balancer-attributes "{\"ConnectionDraining\":{\"Enabled\":true,\"Timeout\":100}}"
A user has setup connection draining with ELB to allow in-flight requests to continue while the instance is being deregistered through Auto Scaling. If the user has not specified the draining time, how long will ELB allow inflight requests traffic to continue? Please select : A. 600 seconds B. 3600 seconds C. 300 seconds D. 0 seconds
C When you have an ELB, you can go to the Console, go to the Instances tab and edit the Connection draining time for instances. BY default the Connection draining time limit is set to 300.
A user has created an S3 bucket which is not publicly accessible. The bucket is having thirty objects which are also private. If the user wants to make the objects public, how can he configure this with minimal efforts? Please select : A. The user should select all objects from the console and apply a single policy to mark them public B. The user can write a program which programmatically makes all objects public using S3 SDK C. Set the AWS bucket policy which marks all objects as public D. Make the bucket ACL as public so it will also mark all objects as public
C You can set AWS bucket policy to make everything public.
A user has developed an application which is required to send the data to a NoSQL database. The user wants to decouple the data sending such that the application keeps processing and sending data but does not wait for an acknowledgement of DB. Which of the below mentioned applications helps in this scenario? A. AWS Simple Notification Service B. AWS Simple Workflow C. AWS Simple Queue Service D. AWS Simple Query Service
C SQS is the basic decoupling service provided by AWS. Amazon Simple Queue Service (SQS) is a fast, reliable, scalable, fully managed message queuing service. Amazon SQS makes it simple and cost-effective to decouple the components of a cloud application. You can use Amazon SQS to transmit any volume of data, without losing messages or requiring other services to be always available. Amazon SQS includes standard queues with high throughput and at-least-once processing, and FIFO queues that provide FIFO (first-in, first-out) delivery and exactly-once processing.
You are designing a system that has a Bastion host. This component needs to be highly available without human intervention. Which of the following approaches would you select? A. Run the bastion on two instances one in each AZ B. Run the bastion on an active instance in one AZ and have an AMI ready to boot up in the event of failure C. Configure the bastion instance in an Auto Scaling group Specify the Auto Scaling group to include multiple AZs but have a min-size of 1 and max-size of 1 D. Configure an ELB in front of the bastion instance
C You can have a bastion host running in multiple AZ, but the recommendation is to have one running in each AZ. Hence you need to make sure that the Auto scaling group is set to a max-size of one. A bastion host is a special purpose computer on a network specifically designed and configured to withstand attacks. The computer generally hosts a single application, for example a proxy server, and all other services are removed or limited to reduce the threat to the computer. In AWS, a bastion host is kept on a public subnet. Users log on to the bastion host via SSH or RDP and then use that session to manage other hosts in the private subnets. This is a security practice adopted by many organizations to secure the assets in their private subnets.
What would happen to an RDS (Relational Database Service) multi-Availability Zone deployment of the primary DB instance fails? A. The IP of the primary DB instance is switched to the standby DB instance B. The RDS (Relational Database Service) DB instance reboots C. A new DB instance is created in the standby availability zone D. The canonical name record (CNAME) is changed from primary to standby
D Amazon RDS Multi-AZ deployments provide enhanced availability and durability for Database (DB) Instances, making them a natural fit for production database workloads. When you provision a Multi-AZ DB Instance, Amazon RDS automatically creates a primary DB Instance and synchronously replicates the data to a standby instance in a different Availability Zone (AZ). Each AZ runs on its own physically distinct, independent infrastructure, and is engineered to be highly reliable. In case of an infrastructure failure (for example, instance hardware failure, storage failure, or network disruption), Amazon RDS performs an automatic failover to the standby, so that you can resume database operations as soon as the failover is complete. And as per the AWS documentation, the cname is changed to the standby DB when the primary one fails.
A user is accessing RDS from an application. The user has enabled the Multi AZ feature with the MS SQL RDS DB. During a planned outage how will AWS ensure that a switch from DB to a standby replica will not affect access to the application? Please select : A. RDS will have an internal IP which will redirect all requests to the new DB B. RDS uses DNS to switch over to stand by replica for seamless transition C. The switch over changes Hardware so RDS does not need to worry about access D. RDS will have both the DBs running independently and the user has to manually switch over
B Amazon RDS Multi-AZ deployments provide enhanced availability and durability for Database (DB) Instances, making them a natural fit for production database workloads. When you provision a Multi-AZ DB Instance, Amazon RDS automatically creates a primary DB Instance and synchronously replicates the data to a standby instance in a different Availability Zone (AZ). Each AZ runs on its own physically distinct, independent infrastructure, and is engineered to be highly reliable. In case of an infrastructure failure (for example, instance hardware failure, storage failure, or network disruption), Amazon RDS performs an automatic failover to the standby, so that you can resume database operations as soon as the failover is complete. And as per the AWS documentation, the cname is changed to the standby DB when the primary one fails.
You are running a web-application on AWS consisting of the following components an Elastic Load Balancer (ELB) an Auto-Scaling Group of EC2 instances running Linux/PHP/Apache, and Relational DataBase Service (RDS) MySQL. Which security measures fall into AWS's responsibility? A. Protect the EC2 instances against unsolicited access by enforcing the principle of least privilege access B. Protect against IP spoofing or packet sniffing C. Assure all communication between EC2 instances and ELB is encrypted D. Install latest security patches on ELB, RDS, and EC2 instances
B As per the shared responsibility shown below, the users are required to control the EC2 security via security groups and network access control layers. Also it is the user's responsibility model, AWS takes care of the physical components and the infrastructure to provide Virtualization.
You are building an online store on AWS that uses SQS to process your customer orders. Your backend system needs those messages in the same sequence the customer orders have been put in. How can you achieve that? Please select : A. It is not possible to do this with SQS B. You can use sequencing information on each message C. You can do this with SQS but you also need to use SWF D. Messages will arrive in the same order by default
B If you look at the AWS documentation, it is very clear that SQS messages does not guarantee the order of messages. So in order to do this, you need to add the sequencing information in each message itself.
A user has launched a large EBS backed EC2 instance in the US-East-1a region. The user wants to achieve Disaster Recovery (DR. for that instance by creating another small instance in Europe. How can the user achieve DR? Please select : A. Copy the running instance using the "Instance Copy" command to the EU region B. Create an AMI of the instance and copy the AMI to the EU region. Then launch the instance from the EU AMI C. Copy the instance from the US East region to the EU region D. Use the "Launch more like this" option to copy the instance from one region to another
B If you need an AMI across multiple regions, then you have to copy the AMI across regions. Note that by default AMI's that you have created will not be available across all regions.
A user has configured Elastic Load Balancing by enabling a Secure Socket Layer - SSL. negotiation Configuration known as a Security Policy. Which of the below mentioned options is not part of this secure policy while negotiating the SSL connection between the user and the client? Please select : A. SSL Protocols B. Client Order Preference C. SSL Ciphers D. Server Order Preference
B If you see the AWS documentation for all possible SSL options in the below link you will see that SSL Protocols, SSL Ciphers and Server Order Preference are all part of the pre-defined policies. Only Client Order Preference is not present.
A root AWS account owner is trying to understand various options to set the permission to AWS S3. Which of the below mentioned options is not the right option to grant permission for S3? Please select : A. User Access Policy B. S3 Object Access Policy C. S3 Bucket Access Policy D. S3 ACL
B In S3 when you go to the permissions section you can add the Grantee which is at the ACL level and then you can also add bucket permissions. And then you can also create IAM policies at the user level to manage access to S3.
A user is checking the CloudWatch metrics from the AWS console. The user notices that the CloudWatch data is coming in UTC. The user wants to convert the data to a local time zone. How can the user perform this? Please select : A. In the CloudWatch dashboard the user should set the local timezone so that CloudWatch shows the data only in the local time zone B. In the CloudWatch console select the local timezone under the Time Range tab to view the data as per the local timezone C. The CloudWatch data is always in UTC; the user has to manually convert the data D. The user should have send the local timezone while uploading the data so that CloudWatch will show the data only in the local timezone
B In cloudwatch, when you go to any metric. You can click on the Custom option and change the timezone from UTC to Local Timezone , hence Option B is the right answer.
A user has created a queue named "demoqueue" with SQS. There are four messages published to queue which are not received by the consumer yet. If the user tries to delete the queue, what will happen? Please select : A. A user can never delete a queue manually. AWS deletes it after 30 days of inactivity on queue B. It will delete the queue C. It will initiate the delete but wait for four days before deleting until all messages are deleted automatically. D. It will ask user to delete the messages first
B This is a straightforward answer is that the queue will be deleted.
You have an Auto Scaling group associated with an Elastic Load Balancer (ELB). You have noticed that instances launched via the Auto Scaling group are being marked unhealthy due to an ELB health check, but these unhealthy instances are not being terminated. What do you need to do to ensure trial instances marked unhealthy by the ELB will be terminated and replaced? Please select : A. Change the thresholds set on the Auto Scaling group health check B. Add an Elastic Load Balancing health check to your Auto Scaling group C. Increase the value for the Health check interval set on the Elastic Load Balancer D. Change the health check set on the Elastic Load Balancer to use TCP rather than HTTP checks
B To discover the availability of your EC2 instances, a load balancer periodically sends pings, attempts connections, or sends requests to test the EC2 instances. These tests are called health checks. The status of the instances that are healthy at the time of the health check is InService. The status of any instances that are unhealthy at the time of the health check is OutOfService The load balancer checks the health of the registered instances using either the default health check configuration provided by Elastic Load Balancing or a health check configuration that you configure. When configuring the Autoscaling group, you can choose either the option of EC2 or ELB health checks. Since Ec2 instances are being marked as unhealthy by ELB but not being terminated by Autoscaling it means that the check from the Autoscaling side is wrongly configured.
A media company produces new video files on-premises every day with a total size of around 100GB after compression All files have a size of 1 -2 GB and need to be uploaded to Amazon S3 every night in a fixed time window between 3am and 5am Current upload takes almost 3 hours, although less than half of the available bandwidth is used. What step(s) would ensure that the file uploads are able to complete in the allotted time window? A. Increase your network bandwidth to provide faster throughput to S3 B. Upload the files in parallel to S3 C. Pack all files into a single archive, upload it to S3, and then extract the files in AWS D. Use AWS Import/Export to transfer the video files
B When uploading large videos it's always better to make use of AWS multi part file upload. So if you are using the Multi Upload option for S3, then you can resume on failure. Below are the advantage of Multi Part upload •Improved throughput—you can upload parts in parallel to improve throughput. •Quick recovery from any network issues—smaller part size minimizes the impact of restarting a failed upload due to a network error. •Pause and resume object uploads—you can upload object parts over time. Once you initiate a multipart upload there is no expiry; you must explicitly complete or abort the multipart upload. •Begin an upload before you know the final object size—you can upload an object as you are creating it.
A user has created a subnet with VPC and launched an EC2 instance in that subnet with only default settings. Which of the below mentioned options is ready to use on the EC2 instance as soon as it is launched? A. Elastic IP B. Private IP C. Public IP D. Internet gateway
B When you create a subnet with the default settings, only the Private IP gets populated for EC2 instances. For Public IP, this is not possible because the Auto-assign Public IP will be 'no' by default. Also the Elastic IP and Internet gateway have to manually configured.
Which service allows one to issue temporary credentials in AWS? Choose one answer from the options below. Please select : A. AWS SQS B. AWS STS C. AWS SES D. None of the above. You need to use a third party software to achieve this.
B You can use the AWS Security Token Service (AWS STS) to create and provide trusted users with temporary security credentials that can control access to your AWS resources. Temporary security credentials work almost identically to the long-term access key credentials that your IAM users can use.
It is possible to have a rollback window for objects in S3. if yes, then which of the below methods can help achieve this: A. Data Encryption in S3 B. Using the lifecycle policy with Versioning C. Using S3 static site D. This is not possible
B As per the AWS documentation, you can use the Lifecycle versioning policy in S3 to achieve the rollback window
An organisation wants to move their databases to Cloud. They are planning to use AWS Database Migration Service and is looking for a secure encrypted database storage option. Which of the following option will be suitable for their requirement? Please select : A. AWS MFA with EBS B. AWS EBS encryption C. Multi-tier encryption with Redshift D. AWS S3 server side storage
C AWS Database Migration Service (DMS) offers free use for 6 months per instance if you're migrating to Amazon Aurora, Amazon Redshift or Amazon DynamoDB.
If you want to launch Amazon Elastic Compute Cloud (EC2) Instances and assign each Instance a Predetermined private IP address you should: A. Assign a group or sequential Elastic IP address to the instances B. Launch the instances in a Placement Group C. Launch the instances in the Amazon virtual private Cloud (VPC D. Use standard EC2 instances since each instance gets a private Domain Name Service (DNS) already E. Launch the instance from a private Amazon Machine image
C Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the Amazon Web Services (AWS) cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and applications.
An organization is setting up programmatic billing access for their AWS account. Which of the below mentioned services is not required or enabled when the organization wants to use programmatic access? A. Programmatic access B. AWS bucket to hold the billing report C. AWS billing alerts D. Monthly Billing report
C Since the question is looking for service which is "not" required or enabled when the organization wants to use programmatic access , the correct answer is Option C. AWS Billing Alerts. AWS gives an option to provide programmatic access to billing. Programmatic Billing Access takes the existing Amazon S3 APIs. So, the user will be able to build applications that reference the billing data from a CSV file which is stored in an Amazon S3 bucket. In order to enable programmatic access, the user has to first enable the monthly billing report. Then he needs to provide an AWS bucket name in which the billing CSV will be uploaded. He must also enable the Programmatic access option.
An organization has created 5 IAM users. The organization wants to give them the same login ID but different passwords. How can the organization achieve this? A. The organization should create a separate login ID but give the IAM users the same alias so that each one can login with their alias B. The organization should create each user in a separate region so that they can have their own URL to login C. It is not possible to have the same login ID for multiple IAM users of the same account D. The organization should create various groups and add each user with the same login ID to different groups. The user can login with their own group ID
C AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources for your users. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. IAM is a feature of your AWS account offered at no additional charge. You will be charged only for use of other AWS services by your users. It is not possible in any way to have the same ID and multiple passwords for different IAM users.
A user has setup a billing alarm using CloudWatch for $200. The usage of AWS exceeded $200 after some days. The user wants to increase the limit from $200 to $400? What should the user do? A. Create a new alarm of $400 and link it with the first alarm B. It is not possible to modify the alarm once it has crossed the usage limit C. Update the alarm to set the limit at $400 instead of $200 D. Create a new alarm for the additional $200 amount
C Let's assume that an alarm has been created as shown below for any amounts exceeding 200 USD. To increase the limit, all you have to do is to click on the Modify option and you can change the value of the alarm in the next screen.
You have been asked to leverage Amazon VPC ,EC2 and SQS to implement an application that submits and receives millions of messages per second to a message queue. You want to ensure your application has sufficient bandwidth between your EC2 instances and SQS. Which option will provide the most scalable solution for communicating between the application and SQS? Please select : A. Ensure the application instances are properly configured with an Elastic Load Balancer B. Ensure the application instances are launched in private subnets with the EBS-optimized option enabled C. Ensure the application instances are launched in public subnets with the associate-public-IP-address=true option enabled D. Launch application instances in private subnets with an Auto Scaling group and Auto Scaling triggers configured to watch the SQS queue size
D When you have an SQS configured with EC2 instances, the documented option is to scale up EC2 instances in an AutoScaling group based on length of the message queue.
A user is planning to evaluate AWS for their internal use. The user does not want to incur any charge on his account during the evaluation. Which of the below mentioned AWS services would incur a charge if used? A. AWS S3 with 1 GB of storage B. AWS micro instance running 24 hours daily C. AWS ELB running 24 hours a day D. AWS Provisioned IOPS volume of 10 GB size
D
A user is trying to understand AWS SNS. To which of the below mentioned end points is SNS unable to send a notification? Please select : A. Email JSON B. HTTP C. AWS SQS D. AWS SES
D
A user has launched an ELB which has 5 instances registered with it. The user deletes the ELB by mistake. What will happen to the instances? Please select : A. ELB will ask the user whether to delete the instances or not B. Instances will be terminated C. ELB cannot be deleted if it has running instances registered with it D. Instances will keep running
D A user has launched an ELB which has 5 instances registered with it. The user deletes the ELB by mistake. What will happen to the instances? Please select : A. ELB will ask the user whether to delete the instances or not B. Instances will be terminated C. ELB cannot be deleted if it has running instances registered with it D. Instances will keep running
Your team is excited about the use of AWS because now they have access to "programmable Infrastructure". You have been asked to manage your AWS infrastructure In a manner similar to the way you might manage application code You want to be able to deploy exact copies of different versions of your infrastructure, stage changes into different environments, revert back to previous versions, and identify what versions are running at any particular time (development test QA . production). Which approach addresses this requirement? A. Use cost allocation reports and AWS Opsworks to deploy and manage your infrastructure B. Use AWS Cloudwatch metrics and alerts along with resource tagging to deploy and manage your infrastructure C. Use AWS Beanstalk and a version control system like GIT to deploy and manage your infrastructure D. Use AWS cloud formation and a version control system like GIT to deploy and manage your infrastructure
D AWS CloudFormation gives developers and systems administrators an easy way to create and manage a collection of related AWS resources, provisioning and updating them in an orderly and predictable fashion. You can use AWS Cloud Formation's sample templates or create your own templates to describe the AWS resources, and any associated dependencies or runtime parameters, required to run your application. You don't need to figure out the order for provisioning AWS services or the subtleties of making those dependencies work. CloudFormation takes care of this for you. After the AWS resources are deployed, you can modify and update them in a controlled and predictable way, in effect applying version control to your AWS infrastructure the same way you do with your software. You can also visualize your templates as diagrams and edit them using a drag-and-drop interface with the AWS CloudFormation Designer.
An organization is generating digital policy files which are required by the admins for verification. Once the files are verified they may not be required in the future unless there is some compliance issue. If the organization wants to save them in a cost effective way, which is the best possible solution? Please select : A. AWS RRS B. AWS S3 C. AWS RDS D. AWS Glacier
D If you look at the documentation for AWS Glacier it clearly mentions that glacier can be used for offline administrative storage and is low cost. Amazon Glacier is an extremely low-cost storage service that provides secure, durable, and flexible storage for data backup and archival. With Amazon Glacier, customers can reliably store their data for as little as $0.004 per gigabyte per month. Amazon Glacier enables customers to offload the administrative burdens of operating and scaling storage to AWS, so that they don't have to worry about capacity planning, hardware provisioning, data replication, hardware failure detection and repair, or time-consuming hardware migrations.
You receive a frantic call from a new DBA who accidently dropped a table containing all your customers. Which Amazon RDS feature will allow you to reliably restore your database to within 5 minutes of when the mistake was made? A. Multi-AZ RDS B. RDS snapshots C. RDS read replicas D. RDS automated backups
D The Question is referring to an AWS RDS feature which will allow us to restore our db to a specified time which is just 5 minutes prior to the deletion of the table. As per AWS documentation, The Amazon RDS automated backup feature automatically creates a storage volume snapshot of your DB instance, backing up the entire DB instance and not just individual databases. This backup occurs during a daily user-configurable 30 minute period known as the backup window. Automated backups are kept for a configurable number of days (called the backup retention period). You can restore your DB instance to any specific time during this retention period, creating a new DB instance. To determine the latest restorable time for a DB instance, use the AWS CLI describe-db-instances command and look at the value returned in the LatestRestorableTimefield for the DB instance. The latest restorable time for a DB instance is typically within 5 minutes of the current time.
A user is planning to use AWS Cloud formation for his automatic deployment requirements. Which of the below mentioned components are required as a part of the template? A. Parameters B. Outputs C. Template version D. Resources
D The resources section is required by the CloudFormation template. The other components are optional. An example cloudformation template is shown below. This template creates an EC2 instance based on the Image ID - ami-d6f32ab5 { "Resources" : { "MyEC2Instance" : { "Type" : "AWS::EC2::Instance", "Properties" : {"ImageId" : "ami-d6f32ab5"} } } }
A user has setup Auto Scaling with ELB on the EC2 instances. The user wants to configure that whenever the CPU utilization is below 10%, Auto Scaling should remove one instance. How can the user configure this? Please select : A. The user can get an email using SNS when the CPU utilization is less than 10%. The user can use the desired capacity of Auto Scaling to remove the instance B. Use CloudWatch to monitor the data and Auto Scaling to remove the instances using scheduled actions C. Configure CloudWatch to send a notification to Auto Scaling Launch configuration when the CPU utilization is less than 10% and configure the Auto Scaling policy to remove the instance D. Configure CloudWatch to send a notification to the Auto Scaling group when the CPU Utilization is less than 10% and configure the Auto Scaling policy to remove the instance
D This is the basic feature of Autoscaling. Auto Scaling helps you maintain application availability and allows you to scale your Amazon EC2 capacity up or down automatically according to conditions you define. You can use Auto Scaling to help ensure that you are running your desired number of Amazon EC2 instances. Auto Scaling can also automatically increase the number of Amazon EC2 instances during demand spikes to maintain performance and decrease capacity during lulls to reduce costs.
