2. EC2

Question 1

Question

Answer 1

Answer

Question 2

What is EC2?

Answer 2

EC2 is a web service that provides resizable compute capacity in the cloud.

Question 3

What are the EC2 instance types?

Answer 3

The EC2 instance types are:- On Demand- Reserved Instances- Spot Instances- Dedicated Host

Question 4

When would you use on-demand EC2 instances?

Answer 4

On-demand EC2 instances are for users that want low cost and flexibility without any up-front payment or long term commitment. It is used for applications with short term workloads that cannot be interrupted. It is useful for applications being developed or tested on EC2 for the first time.

Question 5

What are reserved instances useful for?

Answer 5

Reserved instances are useful for applications with stable load and predictable usage and so require reserved capacity. Users are able to make upfront payment to reduce costs even further.

Question 6

What are the types of reserved instance?

Answer 6

The types of reserved instance are:- Standard reserved- Convertible reserved- Scheduled reserved

Question 7

What are EC2 spot instances?

Answer 7

Spot instances are instances that are deployed when the cost is between pre-set parameters. Spot instances are useful for applications that can have flexible start and end times and applications that are only feasible at low compute prices.

Question 8

What are EC2 Dedicated Hosts?

Answer 8

Dedicated hosts give you a fully dedicated physical server for your use, with complete control of Hardware and Software. Suitable for software with a complicated licensing model or strong regulatory/compliance needs.

Question 9

What root volumes types are available for EC2 instances?

Answer 9

EC2 root volumes can only be SSD or magnetic standard. Other options such as HDD are only available when adding additional volumes.

Question 10

What is a security group?

Answer 10

A ‚ÄØsecurity group‚ÄØ acts as a virtual firewall to control inbound and outbound traffic for your instance.They can be attached to many instances. An instance can also have many Security Groups.

Question 11

How long does it take for security group changes to take effect?

Answer 11

Any security group changes take effect immediately.

Question 12

Are security groups stateful or stateless?

Answer 12

Security groups are stateful — if you send a request from your instance, the response traffic for that request is allowed to flow in regardless of inbound security group rules. Responses to allowed inbound traffic are allowed to flow out, regardless of outbound rules.

Question 13

Are Network Access Control Lists stateful or stateless?

Answer 13

Network Access Control Lists are stateless.

Question 14

What is the difference between a Security Group and a Network access control list?

Answer 14

Security groups are tied to an instance whereas Network ACLs are tied to the subnet.

Question 15

What would you use to block or blacklist certain ip addresses?

Answer 15

NACLS should be used to block or blacklist ip addresses

Question 16

How are keys used to access EC2 instances?

Answer 16

You will set a public key that gets attached to the EC2 instance and use your private key to actually access. (public key = a padlock that you can put anywhere, private key = key to the padlock)

Question 17

What is Termination Protection?

Answer 17

Termination Protection is ensuring that the root volume is not lost when the EC2 is deleted.Termination Protection is turned off by default.

Question 18

What is ENI?

Answer 18

ENI is an Elastic Network Interface - essentially a virtual network card for your EC2 instance. An ENI is automatically attached when you create an EC2 instance.

Question 19

What is an EN?

Answer 19

EN is Enhanced Networking.EN uses SR-IOV for high performance networking capabilities.

Question 20

What is EFA (Elastic Fabric Adapter)?

Answer 20

Elastic Fabric Adapter is a network device that can be attached to an EC2 instance to accelerate HPC (High Performance Computing) and machine learning applications.

Question 21

When would you use ENI?

Answer 21

You would use ENI for basic networking at low cost.All instance types have an ENI

Question 22

When would you use ENA (Enhanced Network Adapter)?

Answer 22

You would use ENA when you need higher I/O performance and lower CPU utilisation than standard ENI adapters. ENA gives speeds between 10Gbps and 100Gbps - reliable, high throughput

Question 23

When would you use EFA (Elastic Fabric Adapter) ?

Answer 23

You would use EFA when you need to accelerate HPC (High Performance Computing) and machine learning applications.

Question 24

What is a Spot Block?

Answer 24

A Spot Block can be used to stop your Spot Instances from being terminated even if the price exceeds your maximum spot price. Spot blocks can be set for between one to six hours.

Question 25

What are some specific examples of what Spot Instances useful for?

Answer 25

Spot Instances are useful for:- Big Data and Analytics- Containerised workloads- CI/CD testing- Web services- HPC- Image Rendering

Question 26

What are Spot Instances not useful for?

Answer 26

Spot Instances are not useful for:- Persistent workloads- Critical workloads- Databases

Question 27

Can you be charged for a partial hour of usage for a Spot Instance?

Answer 27

If the Spot instance is terminated by EC2 you will not be charged for a partial hour of usage.If you terminate the instance yourself then you will be charged for partial hours of usage.

Question 28

What are the two types of Spot Instances?

Answer 28

The two types of Spot Instance are:- one-time- persistent

Question 29

What are Spot Fleets?

Answer 29

A Spot Fleet is a collection of Spot Instances and, optionally, on-demand instances.So inside your Spot Fleet you can have on-demand instances as well as Spot Instances

Question 30

What do Spot Fleets do?

Answer 30

A Spot Fleet attempts to launch the number of Spot Instances and On-Demand instances to meet the target capacity specified in the Spot Fleet request.

Question 31

What do you use in order to enact your Spot Fleet strategies?

Answer 31

The definition of launch pools should be used to enact your Spot Fleet strategies of:- Capacity Optimised- Diversified- Lowest Price- Instance Pools To Use Count

Question 32

To what in AWS can you access using access keys and secret access keys?

Answer 32

Access keys and secret access keys are used to access AWS via the command line or via API, but not via the console.

Question 33

What does a credential report provide?

Answer 33

A credential report provides a download of all users in your account.It gives details such as the last use of passwords, when they need changing, whether it has an access key on the account, whether MFA has been enabled etc.

Question 34

What are EC2 Placement Groups?

Answer 34

Placement groups are ways of grouping your EC2 instances together

Question 35

What are the 3 types of Placement Groups?

Answer 35

The 3 types of Placement Groups are:- Clustered Placement Group- Spread Placement Group- Partitioned Placement Group

Question 36

What is a spread placement group?

Answer 36

A spread placement group is a group of instances that are each placed on distinct racks, with each rack having its own network and power source.It is used to minimise the risk of failure, as they are all in different hardware. It is used in critical applications that need high availability.

Question 37

What is a partition placement group?

Answer 37

A partition placement group divides each group of instances into logical partitions. Each partition is then put on to a separate rack for resilience.Between partitions, instances can fail simultaneously but would not fail in other partitions, as each rack has its network and power source. This strategy is typically used by large distributed and replicated workloads, such as Hadoop, Cassandra, and Kafka

Question 38

What is the difference between spread placement groups and partition placement groups?

Answer 38

In Spread placement groups you have single EC2 instances on individual racks, but with partition placement groups you have multiple EC2 instances on individual racks.

Question 39

What are the underlying hypervisors for EC2?

Answer 39

Xen and Nitro are the underlying hypervisors for EC2

Question 40

The use of a cluster placement group is ideal ___

Answer 40

A Cluster placement group is ideal if your fleet of EC2 instances requires high network throughput and low latency within a single availability zone.

Question 41

What type of storage is Amazon’s S3 based on?

Answer 41

Object-based

Question 42

Which service would you use to run a general Windows File Server with minimal overhead?

Answer 42

Amazon FSx for Windows File Server provides a fully managed native Microsoft Windows file system so you can easily move your Windows-based applications that require shared file storage to AWS.

Question 43

What IP Address will give you instance metadata or user data?

Answer 43

http://169.254.169.254 This IP Address is specific to AWS, where you can use it on any instance to acquire information about that instance.

Question 44

When can you attach/replace an IAM role on an EC2 instance?

Answer 44

IAM Roles can be attached to instances in the stopped or running state, or replaced for instances in the running state.

Question 45

What is a scenario for when you should choose ENI over EN and EFA?

Answer 45

You should choose ENI if you need basic networking at low cost for your instance.

Question 46

What is a scenario for when you should choose EN over ENI and EFA?

Answer 46

You should chose EN when you need speeds between 10Gbps and 100Gbps and need reliable and high throughput

Question 47

What is a scenario for when you should choose EFA over ENI and EN?

Answer 47

You should choose EFA when you are working with HPC (High Performance Computing) or Machine Learning systems.

Question 48

What are the types of Spot Instance requests?

Answer 48

Persistent and One-time are the types of Spot Instance requests available. If you choose persistent then the spot-instance will reload if the price goes below the maximum price set again

Question 49

Can you move an existing instance into a placement group?

Answer 49

You can move an existing instance into a placement group but the instance must be in the stopped state.

Question 50

Why would you select a Standard Reserved instance?

Answer 50

You would select a Standard Reserved instance to get a better price. It does mean however that you cannot upgrade the instance capacity.

Question 51

Why would you select a Convertible Reserved instance?

Answer 51

You would select a Convertible Reserved instance to give you the flexibility to upgrade the capacity if needed.

Question 52

Why would you select a Scheduled Reserved instance?

Answer 52

You would select a Scheduled Reserved instance is we knew we needed compute resource for scheduled times per week for example.

Question 53

What are Dedicated Instances?

Answer 53

Dedicated Instances are instances running on hardware dedicated to a single customer. Dedicated Instances may share hardware with other instances from the same AWS account.

Question 54

What is EC2 User Data used for?

Answer 54

EC2 User Data is used for automating the boot tasks such as:- Installing updates or software- Installing files from the internet- Whatever you want to do in the boot process.

Question 55

What are the ways to connect to a running EC2 instance?

Answer 55

Once we have created the instance, there are different ways to access it:- SSH (command line for Linux and Mac)- Putty (command line for Windows)- RDP for Windows- EC2 Instance Connect

Question 56

What is EC2 Instance Connect?

Answer 56

EC2 Instance Connect allows you to establish a connection to the EC2 through the browser without worrying about the key or anything. Instance Connect does not work if you block the SSH port in the EC2 instance.

Question 57

If a Security Group blocks traffic, is this logged?

Answer 57

Security Groups are outside EC2, so if you block traffic, this traffic will not be logged in EC2

Question 58

What is the issue likely to be if you get a Connection Timeout Error when attempting to connect to EC2?

Answer 58

If you get a Connection Timeout Error while accessing the instance, it will probably be an error with the Security Group

Question 59

How do you specify what traffic can enter and leave an instance?

Answer 59

You specify what traffic can enter and leave an instance using port numbers in the security group assigned.

Question 60

What is the relationship between security groups and instances?

Answer 60

Security Groups can be attached to many instances and an instance can also have many Security Groups.

Question 61

Do Security Groups or NACLs let you specify allow rules but not deny rules?

Answer 61

Security Groups allow you to specify allow but not deny rules.

Question 62

With regards to placement groups, what is a cluster?

Answer 62

A cluster is a logical grouping of instances within a single Availability Zone.Using a cluster gives low latency and so is useful for Big Data jobs that we must complete quickly, High-Performance Computing Applications, etc. This co-location does mean that if there is a hardware failure, all the instances will fail simultaneously.

Question 63

What is an Elastic IP used for?

Answer 63

When an EC2 instance re-starts it is assigned a new public IP. For that reason, Elastic IPs exist, which gives the instance a fixed public IP so that it does not change. The private IP is going to remain the same.

Question 64

What are Public and Private IPs used for?

Answer 64

A Public IP is used to identify a machine on the internet. It’s unique; two computers cannot have the same one.A Private IP is used to identify a machine on a private network. Unique IP in the private network.

Question 65

Which Amazon EC2 billing option gives you low cost, maximum flexibility, no upfront costs or commitment, and you only pay for what you use?

Answer 65

With On-Demand instances, you pay for hours used with no commitment. There are no upfront costs.

Question 66

Amazon EC2 instances run between 10 am and 6 pm Monday-Thursday in a development environment. Production instances run 24/7. Which pricing models should be used?

Answer 66

Use scheduled reserved instances for the development environment. Use Reserved instances for the production environment.Scheduled Instances are a good choice for workloads that do not run continuously but run on a regular schedule, so this is ideal for the development environment.Reserved instances are a good choice for workloads that run continuously. This is a good option for the production environment to save money compared to on-demand instances.

Question 67

You are planning to deploy several EC2 instances in your VPC. You will deploy the EC2 instances across several subnets and multiple AZs. What AWS feature can act as an instance-level firewall to control traffic between your EC2 instances?

Answer 67

Security groups act at the instance level, not the subnet level, controlling inbound and outbound traffic.

Question 68

A solutions architect is designing a web application that consists of a public-facing web tier hosted on Amazon EC2 in public subnets. The database tier consists of Microsoft SQL Server running on Amazon EC2 in a private subnet. Security is a high priority for the company. How should security groups be configured?

Answer 68

Configure the security group for the web tier to allow inbound traffic on port 443 from 0.0.0.0/0.Configure the security group for the database tier to allow inbound traffic on port 1433 from the security group for the web tier.An inbound rule is required to allow traffic from any internet client to the web front end, which you should set to 0.0.0.0/0. We should open port 443 to enable HTTPS.To secure the connection from the web frontend to the database tier, you should create an outbound rule from the public EC2 security group with a destination of the private EC2 security group, the port 1433 for MySQL, allowing only inbound traffic from the public EC2 security group. If a user tries to connect directly to the DB from the Internet without going through the EC2 instance, the Security Group will block access. We can see the diagram in the following image:

Question 69

How can a systems administrator specify a script run on an EC2 instance during launch?

Answer 69

User Data - When you launch an instance, you can pass user data to the instance that can be used to perform common automated configuration tasks and even run scripts after the instance starts.

Question 70

A High-Performance Computing (HPC) application which requires low network latency and high throughput between nodes, will be deployed in a single AZ. How should the application be deployed for the best inter-node performance?

Answer 70

A cluster placement group provides low latency and high throughput for instances deployed in a single AZ. Load Balancer Placement group doesn’t exist.

Question 71

If we have to ensure that the Amazon EC2 instances from an application can be launched in another AWS Region in the event of a disaster, what steps should be taken?

Answer 71

Create AMIs of the instances and copy them to another Region.Launch instances in the second Region from the AMIs.You can create AMIs of EC2 instances and then copy them across regions. Once they are in the second Region, you can launch the EC2 instances from the AMIs.

Question 72

What is the total number of EC2 instances you can have within a security group?

Answer 72

You can have any number of EC2 instances within a security group.

Question 73

How many security groups can you attach to an EC2 instance?

Answer 73

You can have multiple security groups attached to an EC2 instance.

Question 74

What are bootstrap scripts?

Answer 74

A bootstrap script is a script that runs when the instance first runs. aka user data

Question 75

What is Outposts?

Answer 75

Outposts brings the AWS data center directly to your on-premise location allowing you to have a variety of AWS services in your data center.

Question 76

What are the benefits of Outposts?

Answer 76

Outputs benefits include:- a hybrid Cloud model- fully managed infrastructure (by AWS)- consistency (on-premise and Cloud can be managed using the console)

Question 77

What are the types of Outposts?

Answer 77

The two types of Outposts are:- Outposts Rack- Outposts Servers

Question 78

What is the difference between Outposts Rack and Server?

Answer 78

Rack is for deployment in data centres and areas with large rack space. Servers is for small space requirements such as retail stores and branch offices.Rack is for large deployments, Server is for smaller deployments.

Question 79

What are the differences between Outposts Rack and Server in terms of services?

Answer 79

Rack provides compute, storage, database and other services locally. Server provides local compute and network services.

Question 80

What would you use to extend your private VMware Cloud to AWS?

Answer 80

You can use vCenter on the Cloud using VMware.

Question 81

Do placement groups span AZs?

Answer 81

Cluster placement groups can’t span AZs but spread and placement groups can

Question 82

What type of instances can be launched in a placement group?

Answer 82

The following can be launched in a placement group:- compute optimised- GPU- memory optimised- storage optimised

Question 83

Can you merge placement groups?

Answer 83

No placement groups cannot be merged

Question 84

Can you move existing instances into a placement group?

Answer 84

Yes you can move instances into placement groups but the instance needs to be in a state of ‘stopped’.

Question 85

How can you move instances into placement groups?

Answer 85

Currently you can only move instances into placement groups using the CLI or SDK only