SET 4
A. You should also verify that your private key (.pem) file has been correctly converted to the format recognized by PuTTY (.ppk). C. Verify that you are connecting with the appropriate user name for your AMI.
"You try to connect to a newly created Amazon EC2 instance via SSH using PuTTY and get one of the following error messages Error: Server refused our key (or) Error: No supported authentication methods available What steps should you take to identify the source of the behavior? Choose 2 answers"
The S3 bucket name must be the same as the domain name
When you are using Route53 for a web site hosted in S3 , what are the one of the rules that must be adhered to?
Assign a static internet-routable IP Address to an Amazon VPC customer gateway. When defining a VPN connection between the on-premise network and the VPC, you need to have a customer gateway defined. Since this is accessed over the internet, it needs to have a static internet-routable IP Address.
What action is required to establish an VPC VPN connection between an on- premise data center and an VPC virtual private gateway?
VPC with Public and Private Subnets VPC with Public and Private Subnets and Hardware VPN Access
What are the different options available when creating a VPC using the VPC wizard? Please choose all options that apply.
Has at least one route in its associated routing table that uses an Internet gateway
A VPC public subnet is one that:
Amazon EC2 instances in a replication configuration utilizing two different Availability Zones You cannot access OS of RDS Databases, as RDS is fully managed service by AWS. In case a customer wants to have access to OS for their Database for more granular control or other compliance reason, then they can install their Database engine in EC2 instance. In choice D , DB needs to be installed in EC2 for OS access with replication to support failover.
A client application requires operating system privileges on a relational database server. What is an appropriate configuration for a highly available database architecture?
DynamoDB is a fully managed NoSQL offering provided by AWS. It is now available in most regions for users to consume. AWS RDS database is not fully managed database, it is partially managed.
A company does not want to manage their databases. Which of the following services are fully managed databases provided by AWS?
Lock down of NACL for the set to IP address.
A company has a solution hosted in AWS. This solution consists of a set of EC2 instances. They have been recently getting attacks as their IT security departments identified that attacks are from a set of IP addresses. Which of the following methods can be adopted to help in this situation.
Answer: C The default time interval is one minute. Note: Answer can also be B. S3 Standard - IA (Infrequently Accessed). However since other details are mentioned in question. we can say C. Glacier is most effective way of cost saving in this case.
A company has the requirement to store data using AWS storage services. The data is not frequently accessed. If data recovery time not an issue, which of the below is the best and cost efficient solution to fulfil this requirement? A. S3 Standard B. S3 Standard - IA (Infrequently Accessed) C. Glacier D. Reduced Redundancy Storage
A. Enable Multi-Factor Authentication for your AWS root account. B. Assign an IAM role to the Amazon EC2 instance. It is the best practice to always create IAM roles which can be assigned to EC2 instances and enable MFA for the root account. This will help to not compromise the Access Key ID/Secret Access Key combination.
A company is building software on AWS that require access to various AWS services. Which configuration should be used to ensure that AWS Credentials like Access Keys and Secret access keys are not compromised? (Choose Two Options)
Virtual Private Network connection. AWS Directory Services, and Amazon Workspaces
A company needs to deploy virtual desktops to its customers in a virtual private cloud, leveraging existing security controls. Which set of AWS services and features will meet the company's requirements?
Amazon DynamoDB Amazon Dynamo DB is used for storing small amounts of data such as user state information. And this service offer's durability and low latency.
A company's application is intending to use Auto Scaling and has the requirement to store user state information. Which of the following AWS services provides a shared data store with durability and low latency?
User data When you configure an instance during creation, you can add custom scripts to the User data section. So in Step 3 of creating an instance, in the Advanced Details section, we can enter custom scripts in the User Data section. The below script installs Perl during the instance creation of the EC2 instance.
A custom script needs to be passed to a new Amazon Linux instances created in your Auto Scaling group. Which feature allows you to accomplish this?
You must find out the total number of requests per second at peak usage.
A startup company hired you to help them build a mobile application that will ultimately store billions of images and videos on S3. The company is lean on funding and wants to minimize operational costs however they have an aggressive marketing plan, and expect to double their current installation base every six months. Due to the nature of their business they are expecting a sudden and large increases in traffic to and from S3 and need to ensure that it can handle the performance needs of their application. What other information must you gather from this customer in order to determine whether S3 is the right option?
A durable system that can operate for long periods of time without failure.
AWS thrives on the concept of high availability. Which of the below follows the concept of high availability.
Copy the AMI from the Singapore region to the Asia region. Modify the Auto Scaling groups in the backup region to use the new AMI ID in the backup region
An application in AWS is currently running in the Singapore region. You have been asked to implement disaster recovery. So if the application goes down in the Singapore region, it has to be started in the Asia region. You application relies on pre-built AMIs. As part of your disaster recovery strategy, which of the below points should you consider.
AWS Elastic Beanstalk The Elastic Beanstalk is an easy-to-use service for deploying and scaling web applications and services We can simply upload code and Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitering. Meanwhile we can retain full control over the AWS resources used in the application and can access the underlying resources at any time. Launch LAMP stack with Elastic Beanstalk: https://aws.amazon.com/getting-started/projects/launch-lamp-web- app/. We can do it on AWS CloudFormation as well in a harder way and it will be less Native: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/deploying.ap
An organization is planning to use AWS for their production roll out. The organization wants to implement automation for deployment such that it will automatically create a LAMP stack, download the latest PHP installable from S3 and setup the ELB. Which of the below mentioned AWS services meets the requirement for making an orderly deployment of the software?
NAT Gateway You can use a Network Address Translation (NAT) gateway to enable instances in a private subnet to connect to the Internet or other AWS services, but prevent the Internet from initiating a connection with those instances.
What can be used for EC2 instances in a private subnet to connect to the internet?
True
Bucket names must be unique across all S3. True/false
Amazon EBS-backed instances can be stopped and restarted. Amazon EBS-backed instances can be stopped and restarted. So we can say Instance-store backed instances cannot be restarted.
What is one key difference between an Amazon EBS-backed and an instance- store backed instance?
Immediately to all instances in the security group.
Currently you have a VPC with EC2 Security Group and several running EC2 instances. You change the Security Group rules to allow inbound traffic on a new port and protocol, and launch several new instances in the same Security Group. When will the Security Group changes be applied to the EC2 instances?
Transfer Acceleration
What is the ability provided by AWS to enable fast, easy, and secure transfers of files over long distances between your client and your Amazon S3 bucket.
300 seconds
What is the maximum execution time for a Lambda function?
16TiB
What is the maximum size of an EBS Provisioned IOPS SSD volume?
0Bytes
What is the minimum size of an object that can be uploaded to Amazon S3?
1 Remember that when a subnet is created, it is always mapped to one availability
How many availability zones are mapped to a subnet?
Multi-part upload
If need to upload a file to S3 that is 600MB in size, which of the following is the best option to use? Choose an answer from the options below.
Non-Alias with a type "A" record set B. Alias with a type "AAAA" record set C. Alias with a type "CNAME" record set D. Alias with a type "A" record set
If you want to point a domain name to an AWS VPC elastic load balancer in Route 53, how would you need to configure the record set? Choose the correct answer from the options below
Paying account and Linked account
In consolidated billing what are the 2 different types of accounts.
Answer: A, B, C As RDS Instance is completely managed by AWS and user doesn't have access Operating System metrics,
In the basic monitoring package for RDS, Amazon CloudWatch provides the following metrics. Choose three correct options. A. Database visible metrics such as number of connections B. Disk OPS metrics C. Database memory usage
Answer: A, B, C
In which of the following ways can you manage lambda functions. Choose all 3 correct answers. A. Console B. CLI C. SDK D. EC2 Instances
Pilot Light
What is the term often used to describe a DR scenario in which a minimal version of an environment is always running in the cloud.
Amazon Resource Name
Resources that are created in AWS are identified by a unique identifier which is known as what option given below
Visibility Timeout
SQS provides a timeout which is a period of time during which Amazon SQS prevents other consuming components from receiving and processing. What is this time period called?
Can be used while the snapshot is in progress.
Someone has initiated the snapshot creation of an EBS volume. One of the application still needs to use the same EBS volume. Which of the following scenarios are possible when it comes to usage of an EBS volume while the snapshot is initiated and not completed?
Modify the Network ACLs associated with all public subnets in the VPC to deny access from the IP Address block.
There are currently multiple applications hosted in a VPC. During monitoring it has been noticed that multiple port scans are coming in from a specific IP Address block. The internal security team has requested that all offending IP Addresses be denied for the next 24 hours. Which of the following is the best method to quickly and temporarily deny access from the specified IP Address's.
Store a snapshot of the volume Snapshots occur asynchronously; the point-in-time snapshot is created immediately, but the status of the snapshot is pending until the snapshot is complete (when all of the modified blocks have been transferred to Amazon S3), which can take several hours for large initial snapshots or subsequent snapshots where many blocks have changed. While it is completing, an in-progress snapshot is not affected by ongoing reads and writes to the volume. You can easily create a snapshot from a volume while the instance is running and the volume is in use. You can do this from the EC2 dashboard
What step from the below options can be carried out to ensure that after an EBS volume is deleted, a similar volume with the same data can be created at a later stage. .
Data will be deleted and will no longer be accessible "ephemeral is temporary storage that is always deleted when an instance is restarted in aws. When you stop or terminate an instance, every block of storage in the instance store is reset. Therefore, your data cannot be accessed through the instance store of another instance.
When an EC2 EBS-backed (EBS root) instance is stopped, what happens to the data on any ephemeral store volumes?
When it is allocated and associated with a stopped instance. AWS doesn't want you waste the static public IP's . You will be charged for elastic IP 1 - If EIP is created but not allocated to any instance. 2 - If EIP is attached to a stop instance. Reference
When will you incur costs with an Elastic IP address (EIP)? .
Default subnet in each Availability Zone An Internet Gateway attached to the default VPC
When you create a default VPC, what are the services you get by default in the VPC?
Amazon Cloudtrail
Which aws service is used to monitor all API calls to AWS
Answer: A, B, C
Which of the AWS Services following can be used to build an application based on a serverless architecture. Choose 3 answers from the options given below A. AWS API Gateway B. AWS Lambda C. AWS DynamoDB D. AWS EC2
To evenly distribute traffic among multiple EC2 instances located in single or different Availability Zones.
Which of the following best describes the purpose of an Elastic Load Balancer.
Answer: B, D
Which of the following instance types are available as SSD backed storage? Choose 2 answers from the options below A. General purpose T2 B. General purpose M3 C. Compute-optimized C4 D. Compute-optimized C3
Answer: B Only FIFO queues can preserve the order of messages and not standard queues. For more information on standard queues
Which of the following statement is false with regards to the AWS Simple Queue Service? A. Standard queues provide at-least-once delivery, which means that each message is delivered at least once B. Both FIFO queues and Standard queues preserve the order of messages C. Amazon SQS can help you build a distributed application with decoupled components D. FIFO queues provide exactly-once processing
Answer: A, C
Which of the following statements are true when it comes to EBS volumes and snapshots. Choose all that apply. A. You can change the size of an EBS volume. B. If you have an unencrypted volume, you can still create an encrypted snapshot from it. C. The volume change size can also happen when it is attached to an instance. D. The volume change size can only happen if the volume is detached from an instance.
Run Command from EC2 console
Which of the following tools for EC2 can be used to administer instances without the need to SSH or RDP into the instance.
CloudWatch Logs Agent
Which of the following tools is available to send log data from EC2 Instances.
Amazon Elastic Map Reduce
Which services allow the customer to retain full administrative privileges of the underlying EC2 instances?
Protect against IP spoofing or packet sniffing As per the shared responsibility shown below, the users are required to control the EC2 security via security groups and network access control layers. For more information on the Shared Responsibility model, please refer the below URL: https://aws.amazon.com/compliance/shared-responsibility-model/
You are running a web-application on AWS consisting of the following components an Elastic Load Balancer (ELB) an Auto-Scaling Group of EC2 instances running Linux/PHP/Apache, and Relational DataBase Service (RDS) MySQL. Which security measures fall into AWS's responsibility?
Deploy in 3 AZ with Autoscaling minimum set to handle 50 percent peak load per zone. Since the requirement is that the application should never go down even if an AZ is not available, we need to maintain 100% availability. Option A and D are incorrect because region deployment is not possible for ELB. ELB's can manage traffic within a region and not between regions. Option B is incorrect because even if one AZ goes down, we would be operating at only 66% and not the required 100%. For more information on Autoscaling please visit the below URL: https://aws.amazon.com/autoscaling/
You have a business-critical two tier web app currently deployed in 2 availability zones in a single region, using Elastic Load Balancing (ELB) and Auto-Scaling. The app depends on synchronous replication at the database layer. The application needs to remain fully available even if one application AZ goes off-line and AutoScaling cannot launch new instances in the remaining AZ. How can the current architecture be enhanced to ensure this requirement?
There is no cost for transferring data from EC2 to S3 if they are in the same region.
You have an EC2 instance that is transferring data from S3 in the same region. The project sponsor is worried about the cost of the infrastructure. What can you do to convince him that you have a cost effective solution.?
You already have 20 on-demand instances running. The Auto Scaling group's MAX size is set at five.
You have an application currently running on five EC2 instances as part of an Auto Scaling group. For the past 30 minutes all five instances have been running at 100 CPU Utilization; however, the Auto Scaling group has not added any more instances to the group. What is the most likely cause?
HTTPS SSL
You have configuring a solution which uses EC2 Instances and an Elastic Load Balancer. Which of the following protocols can be used to ensure that traffic is secure from the client machine to the Elastic Load Balancer.
The cache expiration time is set to a low value You can control how long your objects stay in a CloudFront cache before CloudFront forwards another request to your origin. Reducing the duration allows you to serve dynamic content. Increasing the duration means your users get better performance because your objects are more likely to be served directly from the edge cache. A longer duration also reduces the load on your origin. For more information on changing the volume encryption, please visit the link http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiratio
You have set up a CloudFront distribution but find that instead of each edge location serving up objects that should be cached, your application's origins are being hit for each request. What could be a possible cause of this behavior? Choose the correct answer from the options below
A network ACL that allows communication between the two subnets. Security groups are set to allow the application host to talk to the database on the right port/protocol.
You have two Elastic Compute Cloud (EC2) instances inside a Virtual Private Cloud (VPC) in the same Availability Zone (AZ) but in different subnets. One instance is running a database and the other instance an application that will interface with the database. You want to confirm that they can talk to each other for your application to work properly. Which two things do we need to confirm in the VPC settings so that these EC2 instances can communicate inside the VPC?
Create pre-built AMI's with the desired configuration as the organization templates.
Your company currently uses templates to deploy servers in their on-premise infrastructure. They want to have the same template configurations applied when deploying EC2 Instances. Which of the following can be done to ensure that EC2 Instances can be deployed as per the template standards defined by the organization.
AWS Elastic Beanstalk
Your team has an application hosted on Docker containers. You want to port that application in the easiest way possible onto AWS for your development community. Which of the following service can be used to fulfil this requirement