Overview of Amazon Web Services
Which of the following statements are TRUE when it comes to elasticity:
-Diverting traffic to instances based on the demand -Diverting traffic to instances with the least load
Which of the following services uses AWS Edge Locations?
Amazon CloudFront -Amazon CloudFront is a web services that speeds up distribution of your static and dynamic web content such as .html, .css, .js and image files, to your users. CloudFront delivers your content through a worldwide network of data centers called edge location
Which of the below can be used to import data into Amazon Glacier?
-AWS Glacier API -AWS Glacier SDK -AWS S3 Lifecycle Polices -AWS Console cannot be used to upload data onto Glacier. The console can only be used to create a Glacier vault which can be used to upload the data
To access AWS
-AWS Management Console -AWS Command Line Interface (CLI) - (Control multiple AWS services from the command line/automate through scripts) -Software Development Kits (SDKs) - (Application Program Interface (API) tailored to your programming language or platform)
Security & Compliance
-AWS manages security of the cloud, company maintains security in the cloud -Keep data safe: All data is stored in highly secure data centers -Compliance Requirements: Manages dozens of compliance programs in its infrastructure -Save Money: Maintain highest standards w/o managing the facility Scale Quickly: Scales with data usage
Global Infrastructure
-AZs (Availability Zones) - (One or more discrete data center w/ redundant power, networking and connectivity, housed in separate facilities) -Regions (physical location in the world where there are multiple AZs) - 42 AZs in 16 Regions -Bottom line: To lower latency, increase fault tolerance, safeguard
Elastic Load Balancing (ELB)
-Automatically distributes incoming application traffic across multiple EC2 instances. -Enables fault tolerance by distributing application traffic with appropriate load balancing capacity -Classic Load Balancer: Routes traffic based on either application or network level information -Application Load Balancer: Routes traffic based on advanced application-level information that includes the content of the request. -Classic Load Balancer is for simple load balancing of traffic across multiple instances -Application Load Balancer is ideal for apps needing advanced routing capabilities, microservices, and container-based architectures. Offer the ability to route traffic to multiple services or load balance across multiple ports on the same EC2 instance.
Which of the following support plans give access to all the checks in the Trusted Advisor service.
-Business -Enterprise Both have access to full set of Trusted Advisor checks (Basic & Developer plans give access to 6 core Trusted Advisor checks)
you plan to deploy an application on the AWS. This application needs to be PCI Compliant. Which of the below steps are needed to ensure the compliance?
-Choose AWS services which are PCI Compliant -Ensure the right steps are taken during application development for PCI Compliance -Amazon Web Servies (AWS) is a Cloud Service Provider (CSP) that does not directly, store, transmit or process any customer cardholder data (CHD). However, AWS customers may create their own card data environment (CDE) that can store, transmit or process cardholder data using AWS products -The covered AWS services that are already PCI DSS compliant can be found with in the AWS Services in Scope of Compliance Program.
Cloud Computing Deployment Models
-Cloud (Fully developed and ran in the cloud) -Hybrid (Connect infrastructure and apps between cloud-based resources and existing physical resources) -On-Premise (doesn't provide many cloud based benefits, but is sought for its ability to provide dedicated resources)
Which of the following helps in DDos protection
-CloudFront -AWS Shield -One of the first techniques to mitigate DDoS attacks is to minimize the surface area that can be attacked thereby limiting the options for attacker and allowing you to build protection in a single place. We want to ensure that we do not expose our application or resources to ports, protocols or applications from where they do not expect any communication. Thus, minimizing the possible points of attack and letting us concentrate our mitigation efforts. In some cases, you can do this by placing your computation resources behind Content Distribution Networks (CDNs) or Load Balancers and restricting direct internet traffic to certain parts of your infrastructure like your database servers. In other cases you can use firewalls or Access Control Lists to control what traffic reaches your application.
Secure Benefit of Amazon EC2
-Compute instances located in VPC with user specified IP address, decide what instances are private/exposed to internet -Security groups and network access control lists (ACLs) allow for control of inbound and outbound network access to and from instances -Connect existing IT infrastructure to resources in VPC using IPsec VPN connections -Provision resources as "Dedicated Instances" (EC2 instances that run on hardware dedicated to a single customer for additional isolation) -Provision resources on "Dedicated Hosts" (Physical servers with EC2 instance capacity fully dedicated to you, helps address compliance requirements and use existing server-bound software licenses)
Which of the following are 2 ways that AWS allows to link accounts
-Consolidated Billing -AWS Organizations -You can used the consolidated billing feature in AWS Organization to consolidate payment for multiple AWS accounts or multiple AISPL accounts. With consolidated billing, you can see a combined view of AWS charges incurred by all of your accounts. You also can get a cost report for each member account that is associated with your mast account. Consolidated billing is offered at no additional charge.
Compute
-Elastic Compute Cloud (EC2): (obtain and configure capacity with minimal friction, reduce time required to obtain and boot new server instances, build failure resilient apps and isolates themselves from common failure scenarios)
Benefits of Amazon EC2
-Elastic Web-Scale Computing: (increase/decrease capacity, commission as many server instances as needed, automatically scale with APIs) -Completely Controlled: (root access to each instance, can stop instances while retaining data on boot partition, instances can be rebooted using APIs) -Flexible Cloud Hosting Services: (Choose multiple instance types, OS's, Software packages. Select memory configuration, CPU, instance storage, and boot partition size.) -Integrated: (With most AWS services i.e. S3, RDS, VPC, to provide complete secure solutions) -Reliable: (EC2 Service Level Agreement (SLA) commitment is 99.95% availability for each Region)
Amazon Relational Database Service (Amazon RDS)
-Fast and Easy to Administer: Use AWS Management Console, AWS RDS Command Line interface, or API calls to access the capabilities of a production ready relational database -Highly Scalable: Amazon RDS engine types allow you to launch one or more Read Replicas to offload read traffic from primary database instance -Available and Durable: When a multi-AZ DB instance is provisioned, RDS replicates the data to a standby instance in a different AZ. Automated backups, database snapshots and automatic host replacement -Secure: Run DB instances in VPC, allows isolation of DB instances and to connect to existing IT infrastructure through IPsec VPN. Offers encryption at rest and in transit -Inexpensive: On-Demand or Reserved Instance pricing
When creating security groups, which of the following is a responsibility of the customer.
-Giving a name and description for the security group -Defining the rules as per the customer requirements -When you define security rules for EC2 instances, you give a name, description, and write the rules for the security group
Which of the following are advantages of having infrastructure hosted on the AWS Cloud?
-Having the pay as you go model -No upfront costs -The physical infrastructure is a responsibility of AWS and not with the customer. Hence it is not an advantage of moving to the AWS Cloud -AWS provides security mechanisms but even the responsibility of security lies with the customer
Amazon Elastic Block Store (Amazon EBS)
-High Performance Volumes: Choose between SSD and HDD backed volumes -Encryption: Provides support for data-at-rest and data-in-transit between EC2 instances and EBS volumes -Access Management: Specify who can access which EBS volumes ensuring secure access to data -Snapshots: Protect data with point-in-time snapshots of EBS volumes which are backed up to S3 for durability
Amazon Aurora
-High Performance: Provides 5 times the throughput of standard MySQL or twice the throughput of standard PostgreSQL running on the same hardware -Highly Secure: Network isolation using VPC, encryption at rest using keys that are user created and control through AWS Key Management Service (KMS) and encryption for data in transfer using SSL. Underlying storage, automated backups, snapshots and replicas in the same cluster are encrypted. -MySQL and PostgreSQL Compatible: Code, applications, drivers, and tools already used with MySQL DBs can be used with Aurora. Allows for migration of existing MySQL DBs using standard import/export tools using binlog replication. -Highly Scalable: Range from 2 vCPUs and 4 GiB of memory to 32 vCPUs and 244 GiB of memory. Add up to 15 low latency replicas across 3 AZs. Grows storage from 10GB to 64 TB -Highly Available & Durable: Instance failover requires less than 30 seconds. 6 copies of data are replicated across 3 AZs continuously -Fully Managed: No worry about hardware provisioning, software patching, setup, configuration, monitoring, or backups.
Which of the following are responsibilities of AWS?
-Management of Physical Servers -Maintenance of Edge Locations Customer Responsibilities: -Customer Data -Platform, applications, identity & access management -Operating system, network & firewall configuration -Client side data encryption & data integrity authentication -Serve-side encryption -Network traffic protection AWS Responsibilities: -Compute -Storage -Database -Networking -Regions -AZs -Edge Locations
Amazon Simple Storage Service (Amazon S3)
-Object storage with a simple web service interface to store and retrieve any amount of data from the web -Used as a primary storage for cloud-native apps; as a bulk repository or data lake for analytics; as a target for backup and recovery; and with serverless computing -Simple to move large volumes of data into/out of S3 with cloud data migration options. Longer term cloud storage w/ S3 Standard - Infrequent Access & Amazon Glacier for achieving
Inexpensive Benefit of Amazon EC2
-On-Demand Instances: Only pay the specified hourly rate for the instances you use. Remove need to buy "safety net" capacity for periodic traffic spikes -Reserved Instances: Significant discount of up to 75%, best used for steady-state usage that isn't volatile. -Spot-Instances: Allows you to bid on spare Amazon EC2 computing capacity at a discount rate
Which of the following security requirements are managed by the AWS customer?
-Password Policies -User permissions
AWS Lambda
-Run code w/o provisioning or managing servers -Run code for virtually any type of application or backend service with no admin -Set up code to automatically trigger from other AWS Services, or call directly from web or mobile app
Amazon S3 Features
-Simple: To use with web-based management console and mobile app. Also provides full REST APIs and SDKs for integration with third-party tech -Durable: Data is redundantly stored across multiple facilities and multiple devices in each facility -Scalable: Store as much data as necessary, increases business agility -Secure: Supports data transfer over SSL and auto encryption once its uploaded. Configure bucket policies to manage object permissions and ocntrol access to data through IAM -Available: Backed up by Amazon S3 SLA, can choose an AWS Region to optimize latency, minimize costs, or address regulatory requirements -Low Cost: Use lifecycle policies to migrate data to S3 Standard Infrequent Access and Glacier to reduce costs as data ages -Simple Data Transfer: Chosse from network-optimized, physical disk-based, or third-party connector methods for import/export -Integrated: With a bunch of other AWS services -Easy to Manage: Data driven approach to storage optimization, security and management efficiency. Gives you data about your data
Cloud Computing Models
-Software as a Service (SaaS) Least hands on (3rd party) -Platform as a Service (PaaS) -Infrastructure as a Service (IaaS) Most hands on (typical IT infrastructure)
The firm you work for is considering migrating to AWS. They are concerned about cost and the initial investment needed. Which of the following features of AWS pricing helps lower the initial investment amount needed?
-The ability to pay as you go -No upfront costs
Six Advantages of Cloud Computing
-Trade capital expense for variable expense -Massive Economies of Scale -Capacity -Speed and Agility -Stop spending money running & maintaining data centers -Global reach
Which of the following can be used to secure EC2 instances hosted in AWS?
-Usage of Security Groups -Usage of Network Access Control Lists -A security group acts as a virtual firewall for your instance to control inbound and outbound traffic -A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets
Where can a customer find information about prohibited actions on AWS Infrastructure?
AWS Acceptable Use Policy -The Acceptable Use Policy describes prohibited uses of the web services offered by Amazon Web Services, Inc. and its affiliates
Who has control of the data security in an AWS account?
AWS Account Owner -The responsibility of data security within an AWS account is with the Account Owner -Customer is responsible for the data on the cloud
A company needs to know which user was responsible for terminating several critical Amazon Elastic Compute Cloud (EC2) Instances. Where can the customer find this information?
AWS Cloud Trail logs -Using CloudTrail, one can monitor all the API activity conducted on all AWS services.
Which service can identify the user that made the API call when the Amazon Elastic Compute Cloud (EC2) instance is terminated?
AWS CloudTrail -Amazon CloudWatch is used to monitor performance -AWS X-Ray is a tracing system for distributed applications -Amazon IAM is an identity and access management service
There is an external audit being carried out on your company. The IT auditor needs to have a log of all access to the AWS resources in the company's account. Which of the below services can assist in providing these details?
AWS CloudTrail -Using CloudTrail, one can monitor all the API activity conducted on all AWS services.
If you wanted to monitor all events in your AWS account, which of the below services would you use?
AWS CloudTrial -AWS CloudTrail is a service that enable governance, compliance, operational auditing and risk auditing of your AWS account. With CloudTrail, you can log , continuously monitor and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through teh AWS Management Console, AWS SDKs, command line tools and other AWS services. This event history simplifies security analysis, resources change tracking and troubleshooting
Your firm has several AWS accounts, linked AWS accounts. What is the best way to manage monthly payment invoices from AWS?
AWS Consolidated Billing -You can use the consolidated billing feature in AWS Organization to consolidate payment for multiple AWS account or multiple AISPL accounts. With consolidated billing, you can see a combined view of AWS charges incurred by all of your accounts. You also can get a cost report for each member account that is associated with your master account. Consolidated billing is offered at no additional charge. AWS and AISPL account can't be consolidated together.
Which tool can you use to forecast your AWS spending?
AWS Cost Explorer -You can use Cost Explorer to see patterns in how much you spend on AWS resources over time, identify areas that need further inquiry, and see trends that you can use to understand your costs. You also can specify time ranges for the data, and view time data by day or by month
Where can a customer go to get more detail about Amazon Elastic Compute Cloud (Amazon EC2) billing activity that took place 3 months ago?
AWS Cost and Usage Reports -Cost Explorer is a free tool that you can use to view your costs. You can view data up to 13 months, forecast how much you are likely to spend for the next three months, and get recommendations for what Reserved Instances to purchase
Which of the following is a fully managed NoSQL database service available with AWS?
AWS DynamoDB -RDS, RedShift and MongoDB services require installation and/or management by the Customer
Which of the following below mentioned services can be used to host virtual servers on AWS?
AWS EC2
Which of the following services allows you to distribute load across multiple EC2 instances?
AWS Elastic Load Balancer -Elastic Load Balancing automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses. It can handle the varying load of your application traffic in a single AZ or across multiple AZs. Elastic Load Balancing offers three types of load balancers that all feature the high availability, automatic scaling and robust security necessary to make your application fault tolerant -Autoscaling does not distribue compute capacity across EC2. It automatically adjusted capacity by provisioning new EC2 instances
You have an application developed in .NET. This application works with the S3 buckets in a particular region. The application is hosted on an EC2 Instance. Which of the following should ideally be used to ensure that the EC2 Instance has the appropriate access to the S3 buckets?
AWS IAM Roles -You can use roles to delegate access to users, applications or services that don't normally have access to your AWS resources -Groups are collections of Users which will nto be appropriate for the EC2 Instance -The creation of a new policy cannot ensure appropriate access. They must be attached to a User, Group or Role
Which service allows an admin to create and modify AWS user permissions?
AWS Identity and Access Management (IAM) -AWS Identity and Access Management is a web service that helps you securely contorl access to AWS resources. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources
Which AWS Cloud service is used to turn on Multi-Factor Authentication (MFA)?
AWS Identity and Access Management (IAM) -You can use IAM in the AWS Management Console to enable a virtual MFA device for an IAM user in your account
What AWS feature enables a user to manage services through a web-based user interface?
AWS Management Console -The AWS Managment Console allows you to access and manage Amazon Web Services through a simple and intuitive web-based user interface -The API and SDK allow for programmatic management of AWS Services
Which of the following in AWS maps to a separate geographic location?
AWS Region -Amazon cloud computing resources are hosted in multiple locations world-wide. These locations are composed of AWS Regions and Availability Zones. Each AWS Region is a separate geographic area
A Disaster Recovery Strategy on AWS should be based on launching resources in a separate:
AWS Region -Businesses are using the AWS cloud to enable faster disaster recovery of their critical IT systems without incurring the infrastructure expense of a second physical site. The AWS cloud supports many popular disaster recovery (DR) architectures from "pilot light" environments that may be suitable for small customer workload data center failures to "hot standby" environments that enable rapid failover at scale. With data centers in Regions all over the world. AWS provides a set of cloud-based disaster-recovery services that enable rapid recovery of your IT infrastructure and data
Which of the following can be used to call AWS service from programming languages?
AWS SDK -AWS SDK can be plugged in for various programming languages. Using the SDK you can then call the required AWS service
Which of the following is used to derive the costs for moving artifacts from on-premise to AWS
AWS TCO Calculator -Use this calculator to compare the cost of running your apps in an on-premise or colocation environment to AWS. Describe your on-premise or colocation configuration to produce a detailed cost comparison with AWS
Which AWS service provides infrastructure security optimization recommendations?
AWS Trusted Advisor
Your company has started using AWS. Your IT Security team is concerned with the security of hosting resources in the Cloud. Which AWS services provides security optimization recommendations that could help the IT Security team secure resources using AWS?
AWS Trusted Advisor -An online resource to help you reduce cost, increase performance and improve security by optimizing your AWS environment, Trust Advisor provides real time guidance to help you provision your resources following AWS best practices
Which of the following services can be used as a web application firewall in AWS?
AWS WAF -A web application firewall that lets yo monitor the HTTP and HTTPS requests that are forwarded to Amazon CloudFront or an Application Load Balancer. AWS WAF also lets you control access to your content
Which AWS service is used as a global content delivery network (CDN) service in AWS?
Amazon CloudFront
Which AWS Service can be used as a global content delivery network (CDN) service?
Amazon CloudFront -Amazon CloudFront is a web service that gives businesses and web application developers an easy and cost effective way to distribute content with low latency and high data transfer speeds. Like other AWS services, Amazon CloudFront is a self-service, pay-per-use offering, requiring no long term commitments or minimum fees. With CloudFront, files are delivered to end-users using a global network of edge locations
Which service allows for the collection and tracking of performance metrics for AWS services?
Amazon CloudWatch -Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. You can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in your AWS resources
You are hosting a number of EC2 instances on AWS. you are looking to monitor CPU Utilization on the Instance. Which service would you use to collect and track performance metrics with AWS services?
Amazon CloudWatch -Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. You can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, set alarms and automatically react to changes in your AWS resources.
Which of the following services is a fully managed AWS database service
Amazon DynamoDB -AmazonDynamoDB is a fast and flexible NoSQL database service for all applications that need consistent, single-digit millisecond latency at any scale. It is a fully managed cloud db and supports both document and key-value store models -With RDS MySQL db instances we can have EC2 with a MySQL db instance installed by the user and can be managed by the user alone. However with DynamoDB, there is no such customer installation is possible. Hence that seems to be a more correct answer for this question -Amazon RDS and Amazon MySQL can be installed and managed by the customer. NOT FULLY MANGED BY AWS
You need a storage solution that can be used to store a large quantity of archive documents. Which of the following storage solutions in AWS is best suited for this need?
Amazon Glacier -Amazon Glacier is a secure, durable and extremely low-cost cloud stroage service for data archiving and long-term backup. it is designed to deliver almost 100% durability, and provides comprehensive security and compliance capabilities that can help meet even the most stringent regulatory requirements
A company wants to store files that are not frequently accessed. What is the most cost efficient solution that should be considered?
Amazon Glacier -EBS is block based storage, not file-based
You work for a company that plans to use AWS EC2 service. Currently, the company creates golden images of their production Operating System. Which of the following corresponds to a golden image in AWS?
Amazon Machine Images -Amazon Machine Images (AMI) provides the information required to launch an instance, which is a virtual server in the cloud. You specify an AMI when you launch an instance, and you can launch as many instances from the AMI as you need. You can also launch instances from as many different AMIs as you need. -EBS Volumes, EBS Snapshots, EC2 Copies are related to block storage and the instance, not the operating system
Which AWS service automates infrastructure provisioning and administrative tasks for an analytical data warehouse?
Amazon RedShift -Amazon Redshift is a fully managed, petabyte-scale data warehouse service in the cloud. You can start with just a few hundred gigabytes of data and scale to a petabyte or more. This enables you use to use your data to acquire new insights for your business and customers -RedShift is a data warehousing web service
Which service should an admin use to register a new domain name with AWS?
Amazon Route 53 -Route 53 allow for registration of new domain names in AWS. It is a highly available and scalable cloud Domain Name System (DNS) web service. It is designed to give developers and businesses an extremely reliable and cost effective way to route end users to internet applications by translating names like www.example.com into the numeric IP addresses like 192.0.2.1 that computers use to connect to each other. Amazon Route 53 is a fully compliant with IPv6 as well
A company is deploying a three-tier, highly available web app to AWS. Which service provides durable storage for static content while utilizing lower Overall CPU resources for the Business layer?
Amazon S3 -Amazon S3 is the default storage servcie that should be considered for companies. It provides durable storage for all static content -EBS volumes, EC2 Instance store and RDS Instances are Client Tier
Which of the following services allows for object level storage on AWS?
Amazon S3 -EBS is block level storage, not object level storage
There is a requirement to store objects. The objects are downloaded via a URL. Which storage option would you choose?
Amazon S3 -S3 is the perfect storage option. It also provides the facility of assigning a URL to each object which can be used to download the object.
Which service would you use to send alerts based on Amazon CloudWatch alarms?
Amazon SNS -You can create a CloudWatch alarm that watches a single metric. The alarm performs one or more actions based on the value of the metric relative to a threshold over a number of time periods. The action can be an Amazon EC2 action, an Autoscaling action, or a notification sent to Amazon SNS topic
Which AWS services can be used to store files?
Amazon Simple Storage Servcie (Amazon S3) Amazon Elastic Block Store (Amazon EBS) -Amazon S3 is object storage built to store and retrieve any amount of data from anywhere - web sites and mobile apps, corporate applications, and data from IoT sensors or devices. It is designed to deliver almost 100% durability, and stores data for millions of applications used by market leaders in every industry -Amazon EBS provides persistent block storage volumes for use with Amazon EC2 instances in the AWS Cloud. Each Amazon EBS volume is automatically replicated within its AZ to protect you from component failure, offering high availability and durability
How can you protect your AWS account against unauthorized access?
Apply Multi-Factor Authentication (MFA) -AWS Multi-Factor Authentication (MFA) is a simple best practice that adds an extra layer of protection on top of your user name and password -The AWS account can still be compromised by the API and the SDK even if the Console access is disabled
Which of the following is a compatible MySQL database which also the ability to grow in storage size on its own?
Aurora -Amazon Aurora is a fully-managed, MySQL and PostgreSQL compatible, relational database engine. It combines the speed and reliability of high-end commercial databases with the simplicity and cost effectiveness of open-source databases. It delivers up to five times the throughput of MySQL and up to three times the throughput of PostgreSQL without requiring changes to most of your existing application
According to AWS, the benefit of Elasticity is:
Create systems that scale to the required capacity based on changes in demand -The concept of Elasticity is the means of an application having the ability to scale up and down based on demand. An example of such a service is the Autoscaling service -Elasticity will not have positive effects on storage, cost or design agility
Which of the following is the responsibility of the customer when ensuring that data on EBS volumes is left safe?
Creating EBS snapshots -Creating snapshots of EBS Volumes can help ensure that you have a backup of your EBS volume in place
Which of the following features of RDS allows for data redundancy across regions?
Creating Read Replica's -One can use the Read Replica feature of teh database to ensure the data is replicated to another regions
Which of the following examples supports AWS's Architecting for the Cloud best practice principle: "Design for failure and nothing will fail"?
Deploying an application in multiple AZs -Each AZ is a set of one or more data centers. By deploying your AWS resources to multiple AZs, you are designing with failure in mind. So if one AZ were to go down, the other AZs would still be up and running and hence your application would be more fault tolerant
Which of the following is NOT a feature of an Edge Location?
Distribute load across multiple resources -The Edge Location does not do the job of distributing load. It is used in conjunction with the CloudFront service to cache the objects and deliver content
A company is planning to use AWS to host critical applications. Most of their systems are business critical and need to have response times less than 15 minutes. Which support plan should you consider?
Enterprise is the only plan that supports this requirement
Which of the following in the AWS support plans gives access to a Support Concierge?
Enterprise is the only plan that supports this requirement
A company wants to host a self-managed database in AWS. How would you ideally implement this solution?
Hosting a database on an EC2 Instance -If you want a self-managed database, that means you want complete control over the database engine and the underlying infrastructure. In such a case you need to host the database on an EC2 instance
Which of the following is the secure way of using AWS API to call AWS services from EC2 Instances
IAM Roles -An IAM role is similar to a user, in that it is an AWS Identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it. Also, a role does not have standard long-term credentials (password or access keys) associated with it. If a user assumes a role, temporary security credentials are credted dynamically and provided to the user
Your company has a set of EC2 Instances hosted in AWS. There is a requirement to create snapshots from the EBS volumes attached to these EC2 Instances in another geographical location. As per this requirement, where would you create the snapshots
In another region -Regions correspond to different geographic locations in AWS
What is the value of having AWS Cloud services accessible through an Application Programmable Interface (API)?
It allows developers to work with AWS resources programmatically -The AWS API does not reduce cost -API allows the customer's developers to work with resources, not AWS -The AWS APIonly allows the customer to manage AWS resources, not on-premise
Which of the following is a benefit of running an application across two AZs
It increases the availability of an application compared to running in a single AZ -Each AZ is a set of one or more data centers. By deploying your AWS resources to multiple AZs, you are designing with failure in mind.
As per the AWS Acceptable Use Policy, penetration testing of EC2 instances:
May be performed by the customer on their own instances with prior authorization from AWS
Your development team is planning to host a development environment on the cloud. This consists of EC2 and RDS instances. This environment will probably only be required 2 months. Which types of instances would you use for this purpose?
On-Demand -Spot instances may be terminated at any time with the fluctuation of market prices. Therefore, unless the question indicates this use case, we cannot assume the development team would not expect high availability -Reserved instances require a 1 year commitment at least -Dedicated hosts are typically used when the underlying hardware cannot be shared across customers. This is the most expensive options and typically would not be ideal for development purposes.
There is a requirement for a development and test environment for 3 months. Which should you use?
On-Demand Instances
There is a requirement to host a database server for a minimum period of one year. Which of the following would result in the least cost?
Partial Upfront Costs Reserved -If the database is going to be used for a minimum of one year at least, then it is better to get Reserved Instances. You can save on costs, and if you use a partial upfront options, you can get a better discount. -No upfront payment is required but its a costlier option than partial/all upfront payments
Which of the following is a benefit of Amazon Elastic Compute Cloud (Amazon EC2) over on-premise physical servers?
Paying only for what you use -One of the advantages of eC2 instances is the per second billing concept. With per-second billing you pay for only what you use. It takes cost of unused minutes and seconds in an hour off of the bill, so you can focus on improving applications instead of maximizing usage to the hour. Especially, if you manage instances running for irregular periods of time, such as dev/testing, data processing, analytics, batch processing, and gaming applications -Automated backup, ability to choose hardware vendor and root/administrator access can be accomplished on-premise
The Trusted Advisor service provides insight regarding which four categories of an AWS account?
Performance, Cost Optimization, Security, Fault Tolerance and Service Limits
The main benefit of decoupling an application is to:
Reduce inter-dependencies so failures do not impact other components -The entire concept of decoupling components is to ensure that the different components of an application can be managed and maintained separately. If all components are tightly couples then when one component goes down, the entire application would go down. Hence, it is always a better design practice to decouple application components. -Decoupling is the inverse of creating tight integration
You are currently hosting an infrastructure and most of teh EC2 instances are near 90 - 100% capacity and you expect this to continue for at least a year. What type of EC2 instances would you utilize to ensure costs are minimized?
Reserved Instances -When you have instances that will be used continuously and throughout the year, the best option is to buy reserved instances. By buying reserved instances, you are actually allocated an instance for the entire year or the duration you specify with a reduced cost
Which of the following can be used to secure EC2 Instances?
Security Groups -A security group acts as a virtual firewall for you instance to control inbound and outbound traffic. When you launch an instance in a VPC, you can assign up to five security groups to the instance. Security groups act at the instance level, not the subnet level, Therefore, each instance in a subnet in you rVPC could be assigned to a different set of security groups. If you don't specify a particular group at launch time, the instance is automatically assigned to the default security group for the VPC
You have requirement to host an application on an EC2 instance that will be used for a minimum of a year. Which of the following would be the most cost-effective option?
Standard Reserved Instances -Standard Reserved Instances offer significant discount at 1 year or 3 year commitment terms compared to On-Demand pricing and provide a capacity reservation when used in specific AZs. The only difference is that you need to make an upfront commitment to the purchasing of an Instance.
Which of the following is a factor when calculating Total Cost of Ownership (TCO) for the AWS Cloud
The number of servers migrated to AWS
Which of the following is the concept of the Elastic Load Balancer?
To distribute traffic to multiple EC2 instances -AWS Auto Scaling monitors your applications and automatically adjusts capacity to maintain steady, predictable performance at the lowest possible cost. Using AWS Auto Scaling, it's easy to setup application scaling for multiple resources across multiple services in minutes
Which of the following is the concept of Autoscaling
To scale up resources based on demand
What is the AWS feature that enables fast, easy and secure transfers of files over long distances between your client and your Amazon S3 bucket?
Transfer Acceleration -Amazon S3 Transfer Acceleration enables fast, easy and secure transfers of files over long distances between your client and an S3 bucket. Transfer Acceleration takes advantage of Amazon CloudFront's globally distributed edge locations. As the data arrives at an edge location, data is routed to Amazon S3 over an optimized network path -HTTP & File transfers deal with transferring data but not between clients and the S3 bucket
What best describes the "Principle of Least Privilege"?
Users should be granted permission to access only to resources they need to do their assigned job -The principle means giving a user account only those privileges which are essential to perform its intended function. For example, a user account for the sole purpose of creating backups does not need to install software: Hence, it has rights only to run backup and backup-related applications
Which of the following disaster recovery deployment mechanisms has the lowest downtime
Warm Standby
Amazon Elastic Compute Cloud (EC2) Spot Instances would be most appropriate for which of the following scenarios:
Workloads where the availability of the Amazon EC2 instances can be flexible -Spot instances are a cost-effective choice if you can be flexible about when your applications run and if your applications can be interrupted. For example, Spot Instances are well-suited for data analysis, batch jobs, background processing and optional tasks