All section bad answer review

Question 1

When you launch an EC2 instance and you get this error InstanceLimitExceeded, then you have reached your limit of a maximum number of vCPUs per AWS Region. Either launch the EC2 instance in a different AWS Region or contact AWS Support to increase your limit of the AWS Region.

Answer 1

Launch the EC2 instance in a different AWS Region because it’s a vCPU limit on a per-region level

Question 2

You are getting an error InsufficientInstanceCapacity while trying to launch an EC2 instance. What’s the problem?

Answer 2

AWS does not have enough on-demand capacity regarding the particular AZ

Question 3

You’re trying to SSH into your EC2 instance and you are facing the following error Connection timed out. Which of the following is NOT a reason for this error?

Answer 3

You .pem file on your Linux machine doesn’t have 400 permissions

Question 4

Your t2.small EC2 instance constantly runs out of CPU credits and therefore the performance is degraded. What is NOT a solution for this problem?

Answer 4

Purchase CPU credits for your EC2 instances

Question 5

You are launching an EC2 instance in us-east-1 using AWS Lambda in us-east-1 using this Python script snippet:

ec2.create_instances(ImageId=’ami-0dc2d3e4c0f9ebd18’, MinCount=1, MaxCount=1)

It works well, so you decide to deploy your AWS Lambda function in us-west-1 as well. There, the function does not work and fails with InvalidAMIID.NotFound error. What’s the problem?

Answer 5

AMI is region locked and the same AMI ID can not be used across regions

Question 6

Your company has a critical application that’s hosted on 100s of EC2 instances. The security team has created an AMI that’s updated and has all the security patches installed. The DevOps team must create the EC2 instances from the AMI approved by the security team, but there’s no IAM policy to prevent them from using another AMI. What AWS service would you use to ensure that all the EC2 instances are launched using the approved AMI?

Answer 6

AWS Config

Question 7

You have a fleet of EC2 instances and you want to apply a patch to all of them without SSH into each EC2 instance. What’s the easiest way to patch this fleet of EC2 instances?

Answer 7

SSM Run Command

Question 8

You would like to expose a fixed static IP to your end-users for compliance purposes, so they can write firewall rules that will be stable and approved by regulators. Which Load Balancer should you use?

Answer 8

Network Load Balancer

Question 9

You want toYou want to create a custom application-based cookie in your Application Load Balancer. Which of the following you can use as a cookie name?

Answer 9

AAPUSERC

Question 10

You have an application that is RAM intensive that increases the RAM usage based on the number of clients requests it receives. This application is behind an Elastic Load Balancer and managed by an ASG. How do you handle scaling for this application?

Answer 10

Scale based on Number of Request Per Instance CloudWatch metric

Question 11

You would like to link the success of your CloudFormation template to the success of installing and properly configuring launched EC2 instances. How can you achieve this?

Answer 11

Use WaitCondition and cfn-signal to let CloudFormation know of the success status

Question 12

What CloudFormation feature helps you analyze the upcoming changes on a CloudFormation stack update without actually executing them?

Answer 12

ChangeSets

Question 13

A SysOps Administrator created an AWS CloudFormation template for the first time. The stack failed with a status of ROLLBACK_COMPLETE. The Administrator identified and resolved the template issue that caused the failure. How should the Administrator continue with the stack deployment?

Answer 13

Delete the failed stack and create a new stack

Question 14

Which of the following are NOT valid CloudFormation Pseudo Parameters?

Answer 14

AWS:AccountName

Question 15

You have created a CloudFormation stack that has a lot of resources (ASG, ALB, EC2, RDS DB, S3 buckets, …). One of your teammates doesn’t know that the ALB has been created as part of the CloudFormation stack, so he deleted the ALB and created a new ALB. Later on, you attempted to update the stack, the update failed and the stack can’t be rolled back with the following error UPDATE_ROLLBACK_FAILED. What would you do to resolve this issue?

Answer 15

You can fix the errors manually (re-create the deleted ALB with the same configuration) or you can skip the ALB while updating the stack

Question 16

You have enabled a Dead Letter Queue (DLQ) for your Lambda function and configured it to send failed messages to SNS. While testing, you don’t see any events there even though you can tell from CloudWatch metrics that you have failures. What is most likely the reason for this?

Answer 16

You Lambda function’s execution role is missing permissions

Question 17

You have enabled and configured Event Notifications in your S3 bucket to invoke a Lambda function every time an object is uploaded to your S3 bucket. You have noticed that there’s duplicate logging into CloudWatch Logs with the same request ID. What do you think is the reason for this?

Answer 17

The Lambda function has failed and retries have happened

Question 18

You want to give another AWS account access to invoke a Lambda function in your AWS account. Which of the following can NOT be used to do so?

Answer 18

Lambda Execution Role

Question 19

Which of the following can NOT be used to secure access to files/data stored on an EFS file system?

Answer 19

Amazon Cognito

Question 20

Which of the following is NOT a Glacier Flexible retrieval mode?

Answer 20

Instant (10 seconds)

Question 21

You are looking to get recommendations for S3 Lifecycle Rules. How can you analyze the optimal number of days to move objects between different storage tiers?

Answer 21

S3 Analytics

Question 22

You have an S3 bucket with 1000s of objects stored in it. You want to perform an update to each object in the bucket. What’s the most effective approach to do?

Answer 22

Use S3 Batch Operations

Question 23

You have an S3 bucket that has S3 Versioning enabled. This S3 bucket has a lot of objects, and you would like to remove old object versions to reduce costs. What’s the best approach to automate the deletion of these old object versions?

Answer 23

Use S3 Lifecycle Rules - Expiration Actions

Question 24

You suspect that some of your employees try to access files in an S3 bucket that they don’t have access to. How can you verify this is indeed the case without them noticing?

Answer 24

Enable S3 Access Logs and analyze them using Athena

Question 25

You have a large dataset stored in S3 that you want to access from on-premises servers using the NFS or SMB protocol. Also, you want to authenticate access to these files through on-premise Microsoft AD. What would you use?

Answer 25

AWS Storage Gateway - File Gateway

Question 26

Amazon CloudFront generates a set of reports about your CloudFront Distribution activity. Which of the following is NOT a valid report?

Answer 26

Access Logs Report

Question 27

You have a React Single Page Application hosted on an S3 Bucket and served through CloudFront Distribution. You have made an update to your React application and pushed it to S3, but the old version is still cached at CloudFront, and clients still see the old version. You want the new update to be propagated immediately. What would you do?

Answer 27

Use CloudFront Invalidation

Question 28

When creating a new CloudFront Distribution, what provides the most caching efficiency while making sure users get Cache Behavior based on the “color” attribute in a cookie?

Answer 28

Cookies

Question 29

You manage many RDS DB instances and you want to be notified of when there’s a change in DB instance state, DB Parameter Groups, DB Security Groups, DB Snapshots, etc. What should you use?

Answer 29

RDS Events & Event subscriptions

Question 30

You have an un-encrypted RDS DB instance and you want to create Read Replicas. Can you configure the RDS Read Replicas to be encrypted?

Answer 30

No

Question 31

Sometimes, your RDS database experiences failures and you would like to automatically recover it in case these failures happen. What should you use?

Answer 31

Enable Multi-AZ

Question 32

Your RDS backups are impacting your production database when they run. What can you do to improve the performance of your production database when backups are taken?

Answer 32

Enable Multi-AZ

Question 33

What option of the Performance Insights dashboard should you use to figure out which SQL queries are affecting the most to the performance of your database?

Answer 33

SQL Statements

Question 34

You have a production Aurora DB Cluster. You want to create a test environment that uses the same data in this prod DB Cluster. What is the most cost-effective way to do this?

Answer 34

Use Aurora Database Cloning to create a new DB Cluster (clone) of the production DB Cluster

Question 35

How would you monitor your EC2 instance memory usage in CloudWatch?

Answer 35

Use Unified CloudWatch Agent to push memory usage as a custom metric to CloudWatch

Question 36

Someone changed the configuration of a resource and made it non-compliant. Which AWS service can you use to find out who made the change?

Answer 36

AWS CloudTrail

Question 37

You’re using AWS Service Catalog to make it easy for your users to provision AWS resources. You have created a portfolio and a set of products. How should you standardize tags across provisioned products?

Answer 37

AWS Service Catalog - TagOptions Library

Question 38

What can you use to standardize tags across resources in all AWS Accounts inside your AWS Organization?

Answer 38

AWS Organization - Tag Policies

Question 39

You manage a set of AWS Accounts using AWS Organization which has Consolidated Billing feature enabled and Reserved Instance Discount Sharing turned on. You have an AWS Account that purchased a set of reserved EC2 instances that the owner doesn’t want to share with the AWS Organization. What should you do?

Answer 39

Disable Reserved Instance Discount Sharing at the AWS account level

Question 40

AWS EC2 experiences an outage and you would like to get a list of all your resources that are affected. What should you use?

Answer 40

AWS Personal Health Dashboard

Question 41

For accounting reasons, you need to separate costs into categories in AWS, such as Environment. How do you achieve this?

Answer 41

Use Cost Allocation Tags

Question 42

What should you use to control access to your KMS CMKs?

Answer 42

KMS Key Policies

Question 43

AWS GuardDuty scans the following data, EXCEPT:

Answer 43

CloudWatch Logs

Question 44

You have a website hosted on a fleet of EC2 instances fronted by an Application Load Balancer. What you should use to protect your website from common web application attacks (e.g., SQL Injection)?

Answer 44

AWS WAF

Question 45

AWS Certificate Manager helps you easily provision, manage, and deploy SSL/TLS certificates. It’s integrated with the following AWS services EXCEPT:

Answer 45

EC2

Question 46

You have purchased “mycoolcompany.com” on Route 53 Registrar and would like for it to point to “lb1-1234.us-east-2.elb.amazonaws.com”. Which Route 53 record type is IMPOSSIBLE to set up for this?

Answer 46

CNAME

Question 47

You have a corporate network of size 10.0.0.0/8 and a satellite office of size 192.168.0.0/16. Which CIDR is acceptable for your AWS VPC if you plan on connecting your networks later on?

Answer 47

172.16.0.0/16

Question 48

You plan on creating a subnet and want it to have at least capacity for 28 EC2 instances. What’s the minimum size you need to have for your subnet?

Answer 48

/26

Question 49

You have attached an Internet Gateway to your VPC, but your EC2 instances still don’t have access to the Internet. What is NOT a possible issue?

Answer 49

The Security Group doesn’t allow network in

Question 50

You have established a Direct Connect connection between your Corporate Data Center and VPC A in your AWS Account. You need to access VPC B in another AWS Region from your Corporate Data Center as well. What should you do?

Answer 50

Use a Direct Connect Gateway

Question 51

You have created a new VPC with 4 subnets in it. You begin to launch a set of EC2 instances inside these subnets but you noticed that these EC2 instances don’t get assigned public hostnames and DNS resolution isn’t working. What should you do to resolve this issue?

Answer 51

Enable DNS Resolution and DNS Hostnames in your VPC

Question 52

You have 3 VPCs A, B, and C. You want to establish a VPC Peering connection between all the 3 VPCs. what should you do?

Answer 52

Establish 3 VPC Peering connections (A-B, A-C, and B-C)

Question 53

If you want a 500 Mbps Direct Connect connection from your corporate data center to AWS. You would create a …………… connection.

Answer 53

Hosted

Question 54

You have an internal web application hosted in a private subnet in your VPC that you want to be used by other customers. You don’t want to expose the application to the Internet or open your whole VPC to other customers. What should you do?

Answer 54

Use VPC Endpoint Services

Question 55

How can you restrict access to your Amazon ElasticSearch domain to your company’s CIDR block?

Answer 55

Using IP-Based Policies

Question 56

Which of the following are NOT a supported Kibana Authentication type in your Amazon ElasticSearch domain?

Answer 56

IAM Users and Roles