Architect Exam Flashcards

1
Q

You are a Solutions Architect working with a company that uses Chef Configuration management in their datacenter. Which service is designed to let the customer leverage existing Chef recipes in AWS?

a) Amazon Simple Workflow Service
b) AWS Elastic Beanstalk
c) AWS CloudFormation
d) AWS OpsWorks

A

d) AWS OpsWorks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

You work for a leading university as an AWS Infrastructure Engineer and also as a professor to aspiring AWS architects. As a way to familiarize your students with AWS, you gave them a project to host their applications to an EC2 instance. One of your students created an instance to host their online enrollment system project but is having a hard time connecting to their newly created EC2 instance. Your students have explored all of the troubleshooting guides by AWS and narrowed it down to login issues.

Which of the following can you use to log into an EC2 instance?

a) Custom EC2 password
b) EC2 Connection Strings
c) Key Pairs
d) Access Keys

A

c) Key Pairs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A company is planning to launch an application which requires a data warehouse that will be used for their infrequently accessed data. You need to use an EBS Volume that can handle large, sequential I/O operations.
Which of the following is the most cost-effective storage type that you should use to meet the requirement?

a) EBS General Purpose SSD (gp2)
b) Provisioned IOPS SSD (io1)
c) Throughput Optimized HDD (st1)
d) Cold HDD (sc1)

A

d) Cold HDD (sc1)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You are building a transcription service for a company in which a fleet of EC2 worker instances processes an uploaded audio file and generates a text file as an output. You must store both of these frequently accessed files in the same durable storage until the text file is retrieved by the uploader. Due to an expected surge in demand, you have to ensure that the storage is scalable and can be retrieved within minutes.

Which storage option in AWS can you use in this situation, which is both cost-efficient and scalable?

a) Multiple Amazon EBS volume with snapshots
b) Amazon Glacier Deep Archive
c) A single Amazon S3 bucket
d) Multiple instance stores

A

c) A single Amazon S3 bucket

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

As an AWS Cloud Consultant working for a record company, you are building an application that will store both key-value store and document models like band ID, album ID, song ID and composer ID.

Which AWS service will suit your needs for your application?

a) AWS RDS
b) DynamoDB
c) Oracle RDS
d) Elastic Map Reduce

A

b) DynamoDB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The operations team of your company asked you for a way to monitor the health of your production EC2 instances in AWS. You told them to use the CloudWatch service.

Which of the following metrics is not available by default in CloudWatch?

a) CPU Usage
b) Memory Usage
c) Disk Read operations
d) Network In and Out

A

b) Memory Usage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A startup company has a serverless architecture that uses AWS Lambda, API Gateway, and DynamoDB. They received an urgent feature request from their client last month and now, it is ready to be pushed to production. The company is using AWS CodeDeploy as their deployment service.
Which of the following configuration types will allow you to specify the percentage of traffic shifted to your updated Lambda function version before the remaining traffic is shifted in the second increment?

a) Canary
b) Linear
c) All-at-once
d) Blue/Green deployment

A

a) Canary

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A media company has two VPCs: VPC-1 and VPC-2 with peering connection between each other. VPC-1 only contains private subnets while VPC-2 only contains public subnets. The company uses a single AWS Direct Connect connection and a virtual interface to connect their on-premises network with VPC-1.

Which of the following options increase the fault tolerance of the connection to VPC-1? (Select all that applies.)

1) Use the AWS VPN CloudHub to create a new AWS Direct Connect connection and private virtual interface in the same region as VPC-2.
2) Establish a hardware VPN over the Internet between VPC-1 and the on-premises network.
3) Establish a hardware VPN over the Internet between VPC-2 and the on-premises network.
4) Establish a new AWS Direct Connect connection and private virtual interface in the same region as VPC-2.
5) Establish another AWS Direct Connect connection and private virtual interface in the same AWS region as VPC-1.

a) 1 and 2
b) 3 and 4
c) 2 and 5
d) 3 and 5
e) all of the above

A

c) 2 and 5
2) Establish a hardware VPN over the Internet between VPC-1 and the on-premises network.
5) Establish another AWS Direct Connect connection and private virtual interface in the same AWS region as VPC-1.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

An online events registration system is hosted in AWS and uses ECS to host its front-end tier and a Multi-AZ RDS for its database tier, which also has a standby replica. What are the events that will make Amazon RDS automatically perform a failover to the standby replica? (Choose 2)

a) Loss of availability in primary Availability Zone
b) Storage failure on primary
c) Storage failure on secondary DB instance
d) In the event of Read Replica failure
e) Compute unit failure on secondary DB instance

A

a) Loss of availability in primary Availability Zone

b) Storage failure on primary

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

One of your EC2 instances is reporting an unhealthy system status check. The operations team is looking for an easier way to monitor and repair these instances instead of fixing them manually.

How will you automate the monitoring and repair of the system status check failure in an AWS environment?

a) Create CloudWatch alarms that stop and start the instance based on status check alarms.
b) Write a python script that queries the EC2 API for each instance status check
c) Write a shell script that periodically shuts down and starts instances based on certain stats.
d) Buy and implement a third party monitoring tool.

A

a) Create CloudWatch alarms that stop and start the instance based on status check alarms.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

As a Network Architect developing a food ordering application, you need to retrieve the instance ID, public keys, and public IP address of the EC2 server you made for tagging and grouping the attributes into your internal application running on-premises.

Which EC2 feature will help you achieve your requirements?

a) Instance user data
b) Resource tags
c) Instance metadata
d) Amazon Machine Image

A

c) Instance metadata

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

You are working for a central bank as the Principal AWS Solutions Architect. Due to compliance requirements and security concerns, you are tasked to implement strict access to the central bank’s AWS resources using the AWS Identity and Access Management service.
Which of the following can you manage in the IAM dashboard? (Choose 2)

a) Groups
b) Identity providers
c) Cost Allocation Reports
d) Security Groups
e) Network Access Control List

A

a) Groups

b) Identity providers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
Your fellow AWS Engineer has created a new Standard-class S3 bucket to store financial reports that are not frequently accessed but should be immediately available when an auditor requests for it. To save costs, you changed the storage class of the S3 bucket from Standard to Infrequent Access storage class.   
In Amazon S3 Standard - Infrequent Access storage class, which of the following statements are true? (Choose 2)

a) It is designed for data that is accessed less frequently.
b) It is the best storage option to store noncritical and reproducible data
c) It is designed for data that requires rapid access when needed.
d) It provides high latency and low throughput performance
e) Ideal to use for data archiving.

A

a) It is designed for data that is accessed less frequently.

c) It is designed for data that requires rapid access when needed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

You are instructed by your manager to set up a bastion host in your Amazon VPC and it should only be accessed from the corporate data center via SSH. What is the best way for you to achieve this?

a) Create a large EC2 instance with a security group which only allows access on port 22 using your own pre-configured password.
b) Create a large EC2 instance with a security group which only allows access on port 22 via the IP address of the corporate data center. Use a private key (.pem) file to connect to the bastion host.
c) Create a small EC2 instance with a security group which only allows access on port 22 using your own pre-configured password.
d) Create a small EC2 instance and a security group which only allows access on port 22 via the IP address of the corporate data center. Use a private key (.pem) file to connect to the bastion host.

A

d) Create a small EC2 instance and a security group which only allows access on port 22 via the IP address of the corporate data center. Use a private key (.pem) file to connect to the bastion host.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

You are building a cloud infrastructure where you have EC2 instances that require access to various AWS services such as S3 and Redshift. You will also need to provision access to system administrators so they can deploy and test their changes.
Which configuration should be used to ensure that the access to your resources are secured and not compromised? (Choose 2)

a) Enable Multi-Factor Authentication.
b) Assign an IAM role to the Amazon EC2 instance.
c) Store the AWS Access Keys in the EC2 instance.
d) Assign an IAM user for each Amazon EC2 Instance.
e) Store the AWS Access Keys in ACM.
f) Assign an IAM role to the Amazon EC2 instance

A

a) Enable Multi-Factor Authentication.

b) Assign an IAM role to the Amazon EC2 instance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

You want to establish an SSH connection to a Linux instance hosted in your VPC via the Internet. Which of the following is not required in order for this to work?

a) Secondary Private IP Address
b) Public IP Address or Elastic IP
c) Internet Gateway
d) Network access control and security group rules which allow the relevant traffic to flow to and from your EC2 instance.

A

a) Secondary Private IP Address

17
Q

You are working as a Cloud Consultant for a government agency with a mandate of improving traffic planning, maintenance of roadways and preventing accidents. There is a need to manage traffic infrastructure in real time, alert traffic engineers and emergency response teams when problems are detected, and automatically change traffic signals to get emergency personnel to accident scenes faster by using sensors and smart devices.
Which AWS service will allow the developers of the agency to connect the said devices to your cloud-based applications?

a) CloudFormation
b) Elastic Beanstalk
c) AWS IoT Core
d) Container service

A

c) AWS IoT Core

18
Q

You need to back up your mySQL database hosted on a Reserved EC2 instance. It is using EBS volumes that are configured in a RAID array.
What steps will you take to minimize the time during which the database cannot be written to and to ensure a consistent backup?

a) 1. Detach EBS volumes from the EC2 instance.
2. Start EBS snapshot of volumes.
3. Re-attach the EBS volumes.

b) 1. Stop all applications from writing to the RAID array.
2. Flush all caches to the disk.
3. Confirm that the associated EC2 instance is no longer writing to the RAID array by taking actions such as freezing the file system, unmounting the RAID array, or even shutting down the EC2 instance.
4. After taking steps to halt all disk-related activity to the RAID array, take a snapshot of each EBS volume in the array.

c) 1. Stop all I/O activity in the volumes.
2. Create an image of the EC2 Instance.
3. Resume all I/O activity in the volume.

d) 1. Stop all I/O activity in the volumes.
2. Start EBS snapshot of volumes.
3. While the snapshot is in progress, resume all I/O activity.

A

b) 1. Stop all applications from writing to the RAID array.
2. Flush all caches to the disk.
3. Confirm that the associated EC2 instance is no longer writing to the RAID array by taking actions such as freezing the file system, unmounting the RAID array, or even shutting down the EC2 instance.
4. After taking steps to halt all disk-related activity to the RAID array, take a snapshot of each EBS volume in the array.