Solutions Architect Simple Questions 2
What does the common term 'Serverless' mean according to AWS (Choose 2) a)A native Cloud Architecture that allows customers to shift more operational responsibility to AWS. b)A marketing term for HaaS (Hosting as a Service). c)The ability to run applications and services without thinking about servers or capacity provisioning. d)The use of Quantum computing to eliminate the need for physical servers. e)A pricing model based on high level commodity measures such as on compute duration and storage capacity.
a)A native Cloud Architecture that allows customers to shift more operational responsibility to AWS. c)The ability to run applications and services without thinking about servers or capacity provisioning. 'Serverless' computing is not about eliminating servers, but shifting most of the responsibility for infrastructure and operation of the infrastructure to a vendor so that you can focus more on the business services, not how to manage the infrastructure that they run on. Billing does tend to be based on simple units, but the choice of services, intended usage pattern (RIs), and amount of capacity needed also influences the pricing.
Which of the following services can invoke Lambda function directly? (Choose 3) a)API-Gateway b)Elastic Load Balancer c)S3 d)DynamoDb e)IAM f)EC2
a)API-Gateway c)S3 d)DynamoDb
As a DevOps engineer you are told to prepare complete solution to run a piece of code that required multi-threaded processing, The code has been running on an old custom built server based around a 4 core Intel Xeon processor. Which of these best describe the AWS compute services that could be used ? a)EC2, ECS, & Lambda. b)none of the above. c)only a EC2 'Bare Steel' server. d)ECS, and EC2.
a)EC2, ECS, & Lambda. The exact ratio of cores to memory has varied over time for Lambda instances, however Lambda like EC2 and ECS supports hyper-threading on one or more virtual CPUs (if your code supports hyper-threading).
True or False: A subnet can span multiple Availability Zones. a)False b)True
a)False Each subnet must reside entirely within one Availability Zone and cannot span zones.
Amazon SWF restricts me to the use of specific programming languages. a)False b)True
a)False While there are a limited range of SDKs available for SWF, AWS provides an HTTP based API which allows you to interact using any language as long as you phrase the interactions in HTTP requests.
Select the incorrect statement. a)In Amazon VPC, an instance does not retain its private IP. b)You may have only 1 internet gateway per VPC. c)In Amazon VPC, an instance retains its private IP. d)It is possible to have private subnets in a VPC.
a)In Amazon VPC, an instance does not retain its private IP.
To save administration headaches, a consultant advises that you leave all security groups in web facing subnets open on port 22 to 0.0.0.0/0 CIDR. That way, you can connect wherever you are in the world. Is this a good security design? a)No b)Yes
a)No 0.0.0.0/0 would allow ANYONE from ANYWHERE to connect to your instances. This is generally a bad plan. The phrase 'Web facing subnets..' does not mean just web servers. It would include any instances in that subnet some of which you may not strangers attacking. You would only allow 0.0.0.0/0 on port 80 or 443 to to connect to your public facing Web Servers, or preferably only to an ELB. Good security starts by limiting public access to only what the customer needs. Please see the AWS Security white paper for complete details.
When you create a custom VPC, which of the following are created automatically? (Choose 3) a)Security Group b)Subnets c)NAT Gateway d)Access Control List e)Internet Gateway f)Route Table
a)Security Group d)Access Control List f)Route Table When you create a custom VPC, a default Security Group, Access control List, and Route Table are created automatically. You must create your own subnets, Internet Gateway, and NAT Gateway (if you need one.)
Which of the following is true? a)Security Groups are stateful and Network Access Control Lists are stateless. b)Both Security Groups and Network Access Control Lists are stateful. c)Security Groups are stateless and Network Access Control Lists are stateful. d)Both Security Groups and Network Access Control Lists are stateless.
a)Security Groups are stateful and Network Access Control Lists are stateless.
Which of the following offers the largest range of internal IP addresses? a)/20 b)/24 c)/16 d)/28
c)/16 The /16 offers 65,536 possible addresses.
In SWF, what does a "domain" refer to? a)A specialized security group configuration b)The DNS record for the Amazon SWF service c)A collection of related workflows d)A special type of worker instance
c)A collection of related workflows
Which of the following are true for Security Groups? (Choose 3) a)Security Groups operate at the instance level. b)Security Groups support both "allow" and "deny" rules. c)Security Groups operate at the subnet level. d)Security Groups support "allow" rules only. e)Security Groups process rules in number order when deciding whether to allow traffic. f)Security Groups evaluate all rules before deciding whether to allow traffic.
a)Security Groups operate at the instance level. d)Security Groups support "allow" rules only. f)Security Groups evaluate all rules before deciding whether to allow traffic.
True or False: An Application Load Balancer must be deployed into at least two subnets. a)True b)False
a)True
By default, instances in new subnets in a custom VPC can communicate with each other across Availability Zones. a)True b)False
a)True In a custom VPC with new subnets in each AZ, there is a Route that supports communication across all subnets/AZs. Plus a Default SG with an allow rule 'All traffic, All protocols, All ports, from anything using this Default SG'.
Amazon SWF ensures that a task is assigned only once and is never duplicated. a)True b)False
a)True One time only completion is a key feature of SWF. At one time this was a key distinction from SQS, however with SQS FiFo queues, this is no longer a distinguishing feature.
At which of the following levels can VPC Flow Logs be created? (Choose 3) a)VPC Level b)Subnet Level c)Instance Level d)Network Interface Level e)Network Access Control List Level f)Security Group Level
a)VPC Level b)Subnet Level e)Network Access Control List Level VPC Flow Logs can be created at the VPC, subnet, and network interface levels.
VPC stands for a)Virtual Private Cloud b)Very Private Cloud c)Virtual Public Cloud d)Very Public Cloud
a)Virtual Private Cloud
How many internet gateways can I attach to my custom VPC a)2 b)1 c)3 d)One per Availability Zone.
b)1
What AWS service can be used to help resolve an issue with a Lambda function? a)DynamoDB b)AWS X-Ray c)Cloudtrail d)API-Gateway
b)AWS X-Ray AWS X-Ray helps developers analyze and debug production, distributed applications, such as those built using a microservices & serverless architectures
Which of the following allows you to SSH or RDP into an EC2 instance located in a private subnet? a)NAT Gateway b)Bastion Host c)NAT Instance d)Internet Gateway
b)Bastion Host A Bastion host allows you to securely administer (via SSH or RDP) an EC2 instance located in a private subnet. Don't confuse Bastions and NATs, which allow outside traffic to reach an instance in a private subnet.
Are you permitted to conduct your own vulnerability scans on your own VPC without alerting AWS first? a)No. You must always alert AWS before performing any type of vulnerability scan b)Depends on the type of scan and the service being scanned. Some can be performed without alerting AWS, some require you to alert. c)Yes. You can perform any scan without alerting AWS first.
b)Depends on the type of scan and the service being scanned. Some can be performed without alerting AWS, some require you to alert. Until recently customers were not permitted to conduct Penetration Testing without AWS engagement. However that has changed. There are still conditions however.
By default, EC2 instances pull SQS messages from a standard SQS queue on a FIFO (First In First out) basis. a)True b)False
b)False
True or False: You can accelerate your application by adding a second Internet Gateway to your VPC. a)True b)False
b)False You may have only one Internet Gateway per VPC.
When peering VPCs, you may peer your VPC only with another VPC in your same AWS account. a)True b)False
b)False You may peer a VPC to another VPC that's in your same account, or to any VPC in any other account.
What is the purpose of an Egress-Only Internet Gateway? (Choose 2) a)Allows instances communicating over IPv4 or IPv6 to access the Internet b)Prevents IPv6 based Internet resources initiating a connection into a VPC c)Allows VPC based IPv6 traffic to communicate to the Internet d)Prevents IPv6 traffic accessing the Internet by utilising Security Groups
b)Prevents IPv6 based Internet resources initiating a connection into a VPC c)Allows VPC based IPv6 traffic to communicate to the Internet The purpose of an "Egress-Only Internet Gateway" is to allow IPv6 based traffic within a VPC to access the Internet, whilst denying any Internet based resources the possibility of initiating a connection back into the VPC.
Amazon's SQS service guarantees a message will be delivered at least once. a)False b)True
b)True
When I create a new security group, all outbound traffic is allowed by default. a)False b)True
b)True
A VPN connection consists of which of the following components? (Choose 2) a)Direct Connect Gateway b)Virtual Private Gateway c)Customer Gateway d)Cross Connect
b)Virtual Private Gateway c)Customer Gateway The correct answers are "Customer Gateway" and "Virtual Private Gateway". When connecting a VPN between AWS and a third party site, the Customer Gateway is created within AWS, but it contains information about the third party site e.g. the external IP address and type of routing. The Virtual Private Gateway has the information regarding the AWS side of the VPN and connects a specified VPC to the VPN. "Direct Connect Gateway" and "Cross Connect" are both Direct Connect related terminology and have nothing to do with VPNs.
On Friday morning your marketing manager calls an urgent meeting to celebrate that they have secured a deal to run a coordinated national promotion on TV, radio, and social media over the next 10 days. They anticipate a 500x increase on site visits and trial registrations. After the meeting you throw some ideas around with your team about how to ensure that your current 1 server web site will survive. Which of these best embody the AWS design strategy for this situation. (Choose 2) a)Recreate your 5 most popular new customer web pages and sign up web pages on Lightsail and take advantage of AWS auto scaling to pick up the load. b)Work with your web design team to create some web pages with embedded java scripts to emulate your 5 most popular information web pages and sign up web pages. c)Upgrade your existing server from a 1xlarge to a 32xlarge for the duration of the campaign. d)Work with your web design team to create some web pages in PHP to run on a 32xlarge EC2 instance to emulate your 5 most popular information web pages and sign up web pages. e)Create a duplicate sign up page that stores registration details in DynamoDB for asynchronous processing using SQS & Lambda. f)Create a stand by sign up server to use in case the primary fails due to load.
b)Work with your web design team to create some web pages with embedded java scripts to emulate your 5 most popular information web pages and sign up web pages. e)Create a duplicate sign up page that stores registration details in DynamoDB for asynchronous processing using SQS & Lambda. A 500x increase is beyond the scope of a well designed single server system to absorb unless it is already hugely overspecialised to accommodate this sort of burst load. An AWS solution for this situation might include S3 static web pages with client side scripting to meet high demand of information pages. Plus use of a noSQL database to collect customer registration for asynchronous processing, and SQS backed by scalable compute to keep up with the requests. Lightsail does provide a scalable provisioned service solutions, but these still need to be designed an planned by you and so offer no significant advantage in this situation. A standby server is a good idea, but will not help with the anticipated 500x load increase.
You have created a simple serverless website using S3, Lambda, API Gateway and DynamoDB. Your website will process the contact details of your customers, predict an expected delivery date of their order and store their order in DynamoDB. You test the website before deploying it in to production and you notice that although the page executes, and the lambda function is triggered, it is unable to write to DynamoDB. What could be the cause of this issue? a)You have written your function in python which is not supported as a run time environment for Lambda. b)Your lambda function does not have the sufficient Identity Access Management (IAM) permissions to write to DynamoDB. c)The availability zone that DynamoDB is hosted in is down. d)The availability zone that Lambda is hosted in is down.
b)Your lambda function does not have the sufficient Identity Access Management (IAM) permissions to write to DynamoDB. Like any services in AWS, Lambda needs to have a Role associated with it that provide credentials with rights to other services. This is exactly the same as needing a Role on an EC2 instance to access S3 or DDB.
What happens when you create a topic on Amazon SNS? a)The topic will terminate your EC2 instances that aren't identified by tags. b)Nothing, as topics are specific to Amazon SQS. c)An Amazon Resource Name is created. d)You cannot create a topic on SNS.
c)An Amazon Resource Name is created.
Amazon SWF is designed to help users ________. a)Secure their VPCs b)Manage user identification and authorization c)Coordinate synchronous and asynchronous tasks d)Store file based objects
c)Coordinate synchronous and asynchronous tasks Similar to SQS SWF manages queues of work, however unlike SQS it can have out-of-band parallel and sequential task to be completed by humans and non AWS services
Lambda pricing is based on which of these measurements ? (Choose 2) a)The amount of CPU assigned. b)Whether you choose and AMD or Intel processor. c)Duration of execution billed in factions of seconds. d)The amount of memory assigned.
c)Duration of execution billed in factions of seconds. d)The amount of memory assigned. Lambda billing is based on both The MB of RAM reserved and the execution duration in 100ms units.
What application service allows you to decouple your infrastructure using messaged based queues? a)SWF b)SES c)SQS d)SNS
c)SQS In IT the term 'message' can be used in the common sense, or to describe a piece of data of Task in an asynchronous queueing system such as MQseries, RabbitMQ or SQS.
What does Amazon SES stand for? a)Software Email Solution b)Simple Elastic Server c)Simple Email Service d)Software Enabled Server
c)Simple Email Service
You have five VPCs in a 'hub and spoke' configuration, with VPC 'A' in the center and individually paired with VPCs 'B', 'C', 'D', and 'E', which make up the 'spokes'. There are no other VPC connections. Which of the following VPCs can VPC 'B' communicate with directly? a)VPCs 'A' and 'E' b)VPCs 'C', 'D', and 'E' c)VPC 'A' d)VPCs 'A' and 'C'
c)VPC 'A' As transitive peering is not allowed, VPC 'B' can communicate directly only with VPC 'A'.
By default, how many VPCs am I allowed in each AWS Region? a)2 b)1 c)6 d)5
d)5
In a default VPC, all Amazon EC2 instances are assigned 2 IP addresses at launch. What are they? a)An IPv6 Address and Elastic IP Address b)A Public IP Address & Secret IP Address c)An Elastic IP Address & Public IP Address d)A Private IP Address & Public IP Address
d)A Private IP Address & Public IP Address
Having just created a new VPC and launching an instance into its Public Subnet, you realize that you have forgotten to assign a Public IP to the instance during creation. What is the simplest way to make your instance reachable from the outside world? a)Nothing - by default all instances deployed into any Public Subnet will automatically receive a Public IP. b)Create an Elastic IP and new Network Interface. Associate the Elastic IP to the new Network Interface, and the new Network Interface to your instance. c)Associate the Private IP of your instance to the Public IP of the Internet Gateway d)Create an Elastic IP address and associate it with your instance
d)Create an Elastic IP address and associate it with your instance Although creating a new NIC & associating an EIP also results in your instance being accessible from the internet, it leaves your instance with 2 NICs & 2 private IPs as well as the Public Address and is therefore not the simplest solution. By default, any user-created VPC subnet WILL NOT automatically assign Public IPv4 Addresses to instances - the only subnet that does this is the "Default" VPC subnets automatically created by AWS in your account.
You have created a serverless application to add metadata to images that are uploaded to a specific S3 bucket. To do this, your lambda function is configured to trigger whenever a new image is created in the bucket. What will happen when multiple users upload multiple different images at the same time? a)A single lambda function will be triggered, that will process all images that have finished uploading one at a time b)Multiple lambda function will trigger, one after the other, until all images are processed c)A single lambda function will be triggered, which will process all images at the same time d)Multiple instances of the lambda function will be triggered, one for each image
d)Multiple instances of the lambda function will be triggered, one for each image Each time a Lambda function is triggered, an isolated instance of that function is invoked. Multiple triggers result in multiple concurrent invocations, one for each time it is triggered
Security groups act like a firewall at the instance level, whereas _________ are an additional layer of security that act at the subnet level a)DB Security Groups b)Route Tables c)VPC Security Groups d)Network ACLs
d)Network ACLs
In which direction(s) does Lambda scale automatically? a)Up and Out b)Up c)None - Lambda does not scale automatically d)Out
d)Out Lambda scales out automatically - each time your function is triggered, a new, separate instance of that function is started. There are limits, but these can be adjusted on request.
What is the difference between SNS and SQS? a)SQS and SNS are basically the same service. b)SQS sends messages to people on topics, whereas SNS manages tasks. c)SNS pulls (polls), whereas SQS is push based message service. d)SNS is a push notification service, whereas SQS is message system that requires worker nodes to poll a queue.
d)SNS is a push notification service, whereas SQS is message system that requires worker nodes to poll a queue. SNS is a Notification service for sending text based communication of different types to different destinations. SQS is a Queue system for asynchronously manages tasks (called messages)
What does Amazon SWF stand for? a)Simple Web Flow b)Simple Web Form c)Simple Wireless Forms d)Simple Work Flow
d)Simple Work Flow
Which of the following is a chief advantage of using VPC endpoints to connect your VPC to services such as S3? a)VPC endpoints are dedicated hardware devices that cannot be accessed without the correct IAM credentials. b)VPC Endpoints offer a faster path through the public internet than you can realize with a NAT instance. c)VPC Endpoints require public IP addresses, offering rapid connectivity from the public internet. d)Traffic between your VPC and the other service does not leave the Amazon network.
d)Traffic between your VPC and the other service does not leave the Amazon network. In contrast to a NAT gateway, traffic between your VPC and the other service does not leave the Amazon network when using VPC endpoints.