Architect Exam Flashcards
You are a Solutions Architect working with a company that uses Chef Configuration management in their datacenter. Which service is designed to let the customer leverage existing Chef recipes in AWS?
a) Amazon Simple Workflow Service
b) AWS Elastic Beanstalk
c) AWS CloudFormation
d) AWS OpsWorks
d) AWS OpsWorks
You work for a leading university as an AWS Infrastructure Engineer and also as a professor to aspiring AWS architects. As a way to familiarize your students with AWS, you gave them a project to host their applications to an EC2 instance. One of your students created an instance to host their online enrollment system project but is having a hard time connecting to their newly created EC2 instance. Your students have explored all of the troubleshooting guides by AWS and narrowed it down to login issues.
Which of the following can you use to log into an EC2 instance?
a) Custom EC2 password
b) EC2 Connection Strings
c) Key Pairs
d) Access Keys
c) Key Pairs
A company is planning to launch an application which requires a data warehouse that will be used for their infrequently accessed data. You need to use an EBS Volume that can handle large, sequential I/O operations.
Which of the following is the most cost-effective storage type that you should use to meet the requirement?
a) EBS General Purpose SSD (gp2)
b) Provisioned IOPS SSD (io1)
c) Throughput Optimized HDD (st1)
d) Cold HDD (sc1)
d) Cold HDD (sc1)
You are building a transcription service for a company in which a fleet of EC2 worker instances processes an uploaded audio file and generates a text file as an output. You must store both of these frequently accessed files in the same durable storage until the text file is retrieved by the uploader. Due to an expected surge in demand, you have to ensure that the storage is scalable and can be retrieved within minutes.
Which storage option in AWS can you use in this situation, which is both cost-efficient and scalable?
a) Multiple Amazon EBS volume with snapshots
b) Amazon Glacier Deep Archive
c) A single Amazon S3 bucket
d) Multiple instance stores
c) A single Amazon S3 bucket
As an AWS Cloud Consultant working for a record company, you are building an application that will store both key-value store and document models like band ID, album ID, song ID and composer ID.
Which AWS service will suit your needs for your application?
a) AWS RDS
b) DynamoDB
c) Oracle RDS
d) Elastic Map Reduce
b) DynamoDB
The operations team of your company asked you for a way to monitor the health of your production EC2 instances in AWS. You told them to use the CloudWatch service.
Which of the following metrics is not available by default in CloudWatch?
a) CPU Usage
b) Memory Usage
c) Disk Read operations
d) Network In and Out
b) Memory Usage
A startup company has a serverless architecture that uses AWS Lambda, API Gateway, and DynamoDB. They received an urgent feature request from their client last month and now, it is ready to be pushed to production. The company is using AWS CodeDeploy as their deployment service.
Which of the following configuration types will allow you to specify the percentage of traffic shifted to your updated Lambda function version before the remaining traffic is shifted in the second increment?
a) Canary
b) Linear
c) All-at-once
d) Blue/Green deployment
a) Canary
A media company has two VPCs: VPC-1 and VPC-2 with peering connection between each other. VPC-1 only contains private subnets while VPC-2 only contains public subnets. The company uses a single AWS Direct Connect connection and a virtual interface to connect their on-premises network with VPC-1.
Which of the following options increase the fault tolerance of the connection to VPC-1? (Select all that applies.)
1) Use the AWS VPN CloudHub to create a new AWS Direct Connect connection and private virtual interface in the same region as VPC-2.
2) Establish a hardware VPN over the Internet between VPC-1 and the on-premises network.
3) Establish a hardware VPN over the Internet between VPC-2 and the on-premises network.
4) Establish a new AWS Direct Connect connection and private virtual interface in the same region as VPC-2.
5) Establish another AWS Direct Connect connection and private virtual interface in the same AWS region as VPC-1.
a) 1 and 2
b) 3 and 4
c) 2 and 5
d) 3 and 5
e) all of the above
c) 2 and 5
2) Establish a hardware VPN over the Internet between VPC-1 and the on-premises network.
5) Establish another AWS Direct Connect connection and private virtual interface in the same AWS region as VPC-1.
An online events registration system is hosted in AWS and uses ECS to host its front-end tier and a Multi-AZ RDS for its database tier, which also has a standby replica. What are the events that will make Amazon RDS automatically perform a failover to the standby replica? (Choose 2)
a) Loss of availability in primary Availability Zone
b) Storage failure on primary
c) Storage failure on secondary DB instance
d) In the event of Read Replica failure
e) Compute unit failure on secondary DB instance
a) Loss of availability in primary Availability Zone
b) Storage failure on primary
One of your EC2 instances is reporting an unhealthy system status check. The operations team is looking for an easier way to monitor and repair these instances instead of fixing them manually.
How will you automate the monitoring and repair of the system status check failure in an AWS environment?
a) Create CloudWatch alarms that stop and start the instance based on status check alarms.
b) Write a python script that queries the EC2 API for each instance status check
c) Write a shell script that periodically shuts down and starts instances based on certain stats.
d) Buy and implement a third party monitoring tool.
a) Create CloudWatch alarms that stop and start the instance based on status check alarms.
As a Network Architect developing a food ordering application, you need to retrieve the instance ID, public keys, and public IP address of the EC2 server you made for tagging and grouping the attributes into your internal application running on-premises.
Which EC2 feature will help you achieve your requirements?
a) Instance user data
b) Resource tags
c) Instance metadata
d) Amazon Machine Image
c) Instance metadata
You are working for a central bank as the Principal AWS Solutions Architect. Due to compliance requirements and security concerns, you are tasked to implement strict access to the central bank’s AWS resources using the AWS Identity and Access Management service.
Which of the following can you manage in the IAM dashboard? (Choose 2)
a) Groups
b) Identity providers
c) Cost Allocation Reports
d) Security Groups
e) Network Access Control List
a) Groups
b) Identity providers
Your fellow AWS Engineer has created a new Standard-class S3 bucket to store financial reports that are not frequently accessed but should be immediately available when an auditor requests for it. To save costs, you changed the storage class of the S3 bucket from Standard to Infrequent Access storage class. In Amazon S3 Standard - Infrequent Access storage class, which of the following statements are true? (Choose 2)
a) It is designed for data that is accessed less frequently.
b) It is the best storage option to store noncritical and reproducible data
c) It is designed for data that requires rapid access when needed.
d) It provides high latency and low throughput performance
e) Ideal to use for data archiving.
a) It is designed for data that is accessed less frequently.
c) It is designed for data that requires rapid access when needed.
You are instructed by your manager to set up a bastion host in your Amazon VPC and it should only be accessed from the corporate data center via SSH. What is the best way for you to achieve this?
a) Create a large EC2 instance with a security group which only allows access on port 22 using your own pre-configured password.
b) Create a large EC2 instance with a security group which only allows access on port 22 via the IP address of the corporate data center. Use a private key (.pem) file to connect to the bastion host.
c) Create a small EC2 instance with a security group which only allows access on port 22 using your own pre-configured password.
d) Create a small EC2 instance and a security group which only allows access on port 22 via the IP address of the corporate data center. Use a private key (.pem) file to connect to the bastion host.
d) Create a small EC2 instance and a security group which only allows access on port 22 via the IP address of the corporate data center. Use a private key (.pem) file to connect to the bastion host.
You are building a cloud infrastructure where you have EC2 instances that require access to various AWS services such as S3 and Redshift. You will also need to provision access to system administrators so they can deploy and test their changes.
Which configuration should be used to ensure that the access to your resources are secured and not compromised? (Choose 2)
a) Enable Multi-Factor Authentication.
b) Assign an IAM role to the Amazon EC2 instance.
c) Store the AWS Access Keys in the EC2 instance.
d) Assign an IAM user for each Amazon EC2 Instance.
e) Store the AWS Access Keys in ACM.
f) Assign an IAM role to the Amazon EC2 instance
a) Enable Multi-Factor Authentication.
b) Assign an IAM role to the Amazon EC2 instance.