AWS Cert SA Patrice exam 2

Question 1

Which of the following are true about Amazon S3-RRS?

Answer 1

S3-RRS = 99.9 availability, 99.99 durability & used for reproducible objects

Reduced Redundancy Storage (RRS) enables customers to reduce their costs by storing non-critical, reproducible data at lower levels of redundancy than Amazon S3’s standard storage.

Question 2

The customer service organization at your company just told you that a client’s purchase from your website was processed twice. Your order process involves EC2 instances processing messages from an SQS queue. What changes might you make to ensure this does not happen again?

Answer 2

An SWF work flow ensure that actions are executed only once.

Question 3

True or False: By default, Amazon RDS enables automated backups of your DB instance with a 1-day retention period.

Answer 3

True
By default and at no additional charge, Amazon RDS enables automated backups of your DB Instance with a 1 day retention period.

Question 4

It is best practice to use Access Keys whenever possible, rather than IAM Roles.

Answer 4

False
It is always better to assign roles. Following the “least privilege” model, IAM Roles grant each user a unique set of security credentials.

Question 5

True or False: Availability Zones in a given Region are connected by low-latency links, facilitating the development of fault-tolerant, high-availability applications.

Answer 5

True
Availability Zones offer you the ability to operate production applications and databases which are more highly available, fault-tolerant and scalable than would be possible from a single data centre.

Question 6

You have a custom VPC for your organization. You discover that one of your developers has created an RDS instance in the default VPC and this is in violation of company policy. You need to create this RDS instance inside your custom VPC with as little effort as possible. What should you do?

Answer 6

The easiest way would be to take a snapshot of your DB Instance outside VPC and restore it to VPC by specifying the DB Subnet Group you want to use.

Question 7

You are working for a real estate company and you need to be able to record configuration changes to Amazon RDS DB Instances, DB Subnet Groups, DB Snapshots, DB Security Groups, and Event Subscriptions. What AWS service should you use to achieve this?

Answer 7

You can use AWS Config to continuously record configurations changes to Amazon RDS DB Instances, DB Subnet Groups, DB Snapshots, DB Security Groups, and Event Subscriptions and receive notification of changes through Amazon Simple Notification Service (SNS).

Question 8

Which AWS service should you use to host MySQL, MariaDB, Oracle, SQL Server, or PostgreSQL database where you do not need to manage the underlying operating system?

Answer 8

RDS

Question 9

You have an RDS database that has moderate I/O requirements. Which storage medium would be best to accommodate these requirements?

Answer 9

Amazon RDS General Purpose (SSD) Storage would be the most suitable

Question 10

The large manufacturing company you work for is interested in moving their production estate to AWS. They run a Joomla store which utilizes MySQL on the back end. Currently, they also use clustered MySQL databases in an active/passive configuration at a single site. By moving to AWS they want an active/passive configuration across 2 geographically distinct locations, with automatic failover between the two. As their solutions architect, which of the following RDS options should you recommend?

Answer 10

To automatically failover from one geographic location to another you should use Multi-AZ for RDS.

Question 11

You have a production application that is on the largest RDS instance possible, and you are still approaching CPU utilization bottlenecks. You have implemented read replicas, ElastiCache and even CloudFront and S3 to cache static assets, but you are still bottlenecking. What should be your next step?

Answer 11

You should implement database partitioning and spread your data across multiple DB Instances.

Question 12

The insurance company you work for is implementing new IT security policies for all RDS instances. In the future, you will need to perform both security analyses and operational troubleshooting on your RDS estate. As such, you will need a history of all RDS API calls made on your account. What AWS service should you use to achieve this?

Answer 12

AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The AWS API call history produced by CloudTrail enables security analysis, resource change tracking, and compliance auditing.

Question 13

What are the two different ways of automating your RDS backups?

Answer 13

Amazon RDS provides two different methods for backing up and restoring your DB Instance(s): automated backups and database snapshots.

Question 14

What type of replication is supported by read replica instances?

Answer 14

Updates are applied to your Read Replica(s) after they occur on the source DB Instance using “asynchronous” replication.

Question 15

Which three of the following statements are not true?

Answer 15

The only true statement is, “EBS Volumes cannot be attached to an EC2 instance in another AZ.” The rest are false.

Question 16

You need to configure a new subnet in your VPC for a database cluster you are building. The subnet will never need more than six IP addresses. Which of the following is the best choice for this subnet?

Answer 16

Databases generally do not require public access from the Internet, so a private subnet is the better choice from a security perspective. /28 is the smallest possible subnet in an AWS VPC.

Question 17

An Availability Zone comprises multiple Regions

Answer 17

False Just the opposite: A Region comprises at least two Availability Zones.

Question 18

Which three of the following events would cause Amazon RDS to initiate a failover to the standby replica?

Answer 18

The events would cause Amazon RDS to initiate a failover to the standby replica would be; Loss of availability in primary Availability Zone, Loss of network connectivity to primary, Compute unit failure on primary, Storage failure on primary

Question 19

What is the minimum size of an SSD EBS Volume?

Answer 19

SSD volumes must be between 1 GiB - 16 TiB.

Question 20

True or False: An application designed for fault tolerance and high availability should almost always be built across multiple Availability Zones

Answer 20

True - Architects who care about the availability and performance of their applications should deploy across multiple Availability Zones in the same region for fault tolerance and low latency.

Question 21

You are auditing your company’s RDS estate, and you discover a database that is in a single Availability Zone – a violation of company policy. You decide to convert this to a multi-AZ deployment. Which three of the following things will happen?

Answer 21

For the RDS MySQL, MariaDB, PostgreSQL and Oracle database engines, when you elect to convert your RDS instance from Single-AZ to Multi-AZ, the following happens: A snapshot of your primary instance is taken, A new standby instance is created in a different Availability Zone, from the snapshot, synchronous replication is configured between primary and standby instances.

Question 22

True or False: In addition to hosting domains, Route 53 serves as a domain registrar.

Answer 22

True - You can register domains with Amazon Route 53. You can also transfer the registration for existing domains from other registrars to Amazon Route 53 or transfer the registration for domains that you register with Amazon Route 53 to another registrar.

Question 23

Your SQL server requires a specific type of collation and some unique third party tools installed on it. You will need access to the underlying operating system for management and monitoring of these third party tools. However, you’d like to keep the overall amount of management to a minimum. Which AWS service would best suit your needs?

Answer 23

As you need access to the underlying host operating system, your best option would be to deploy SQL Server on EC2 backed by EBS.

Question 24

True or False: It’s possible to have a Multi-AZ copy of your read replica?

Answer 24

False

At this time, you cannot have a multi-AZ copy of your read replica.

Question 25

Your data warehousing company has a number of different RDS instances. You have a medium size instance with automated backups switched on and a retention period of 1 week. One of your staff carelessly deletes this database. Which two of the following apply.

Answer 25

Under normal circumstances, all automatic backups of an RDS instance are deleted upon termination. However, it is possible to can create a final DB Snapshot upon deletion.If you do, you can use this DB Snapshot to restore the deleted DB Instance at a later date. Amazon RDS retains this final user-created DB Snapshot along with all other manually created DB Snapshots after the DB Instance is deleted.

Question 26

True or False: A Region is another name for an Edge Location.

Answer 26

Regions and Availability Zones are not the same thing: An AWS Region is a geographic area, comprising two or more Availability Zones (data centers.) An Edge Location is simply a content delivery network endpoint.

Question 27

You are attempting to move data from one EBS volume to a duplicate volume in a separate region. Which of the following methods will do this best?

Answer 27

After you’ve created a snapshot and it has finished copying to Amazon S3, you can copy it from one AWS region to another, or within the same region.

Question 28

You have suggested moving your company’s web servers to AWS, but your supervisor is concerned about cost. Which of the following deployments will give you the most scalable and cost-effective solution?

Answer 28

An Auto-Scaling group of EC2 instances will exactly match the demand placed on your servers, allowing you to pay only for the compute capacity you actually need.

Question 29

You have an IO intensive database in your production environment that requires regular backups. You need to configure them in such a way so that when an automated backup is taken, it does not impact your production environment. What RDS option should you choose to help you accomplish this?

Answer 29

With Multi-AZ RDS instances and automated backups, I/O activity is no longer suspended on your primary during your preferred backup window, since backups are taken from the standby.

Question 30

Your company needs to run several monthly workloads that will each take several hours to complete. Although critical, these workloads can be stopped and restarted without adversely affecting the outcome of the job. Which pricing model would you use to deliver the most economical solution?

Answer 30

Spot instances are a cost-effective choice if you can be flexible about when your applications run and if your applications can be interrupted.

Question 31

Your fleet of EC2 instances is running 100% of the time, and there is no reason to believe that the demand will decrease. What pricing model could you use to reduce costs?

Answer 31

Reserved Instances provide you with a significant discount (up to 75%) compared to On-Demand instance pricing. You have the flexibility to change families, OS types, and tenancies while benefiting from Reserved Instance pricing when you use Convertible Reserved Instances.

Question 32

Your existing on-premise servers rely on Memcached to provide memory object caching. If you were to move to AWS, how might you preserve this functionality?

Answer 32

ElastiCache is a web service that makes it easy to set up, manage, and scale a distributed in-memory cache environment in the cloud. It provides a high-performance, scalable, and cost-effective caching solution, while removing the complexity associated with deploying and managing a distributed cache environment.

Question 33

True or False: there is a cost associated with transferring from Amazon S3 to an EC2 instance in the same Region.

Answer 33

F - There is no cost assicated with moving data from S3 to EC2 if both are in the same Region.

Question 34

You have heavy load on your RDS database which is now the maximum available size possible. Which two of the following AWS technologies should you use to further ease the load?

Answer 34

You could use RDS Read Replica or ElastiCache to further offset load.

Question 35

You have a small database workloads with infrequent I/O. Which storage medium would the most cost-effective way to meet these requirements?

Answer 35

Amazon RDS Magnetic Storage would be the most suitable.

Question 36

You have a very heavily-trafficked Wordpress blog that has approximately 95% read traffic and 5% write traffic. You notice that the blog is getting slower and slower. You discover that the bottleneck is in your RDS instance. Which two of the following answers can improve your Wordpress blog’s performance?

Answer 36

You should use a combination of Read Replica’s and Elasticache to help offload the traffic.

Question 37

True or False: You should store your Access Keys in an AMI.

Answer 37

F Access keys should never be stored on an AMI

Question 38

You need to upgrade your RDS database to a larger instance class and you must minimize the amount of disruption to your business as much as possible. What should you do.

Answer 38

When upgrading an RDS instance class your database will be temporarily unavailable while the DB Instance class is modified. This period of unavailability typically lasts only a few minutes, and will occur during the maintenance window for your DB Instance, unless you specify that the modification should be applied immediately.

Question 39

Which of the following AWS services store data as key-value pairs?

Answer 39

Both DynamoDB and S3 use key-value pairs.

Question 40

You are running a production database using MySQL on RDS. From time to time, management asks you to run highly complex SQL queries with multiple table joins against the database. These queries often overwhelm your database, and the production environment is beginning to be affected. Which of the following would you recommend as a means of reducing the load on the database?

Answer 40

You cannot run queries off a multi-AZ secondary copy database. You should use a read replica instead.

Question 41

Which of the following services allows you to have root level access to the underlying operating system

Answer 41

you can use SSH to access the underlying operating systems of EMR and EC2.

Question 42

You’ve been tasked with the implementation of an offsite backup/DR solution. You’ll only be responsible only for flat files and server backup. Which of the following would you include in your proposed solution (select all that apply.)?

Answer 42

EC2 is a compute service not applicable to this scenario. All others could be part of a comprehensive backup/DR solution.

Question 43

You’ve enabled website hosting on a bucket called “aspiring-guru” in the us-west-2 Region. Which of the following is the URL that will be assigned to your website?

Answer 43

Your bucket name always comes first, “s3-website” followed by the Region always comes next.

Question 44

You are auditing your RDS estate and you discover an RDS production database that is not encrypted at rest. This violates company policy and you need to rectify this immediately. What should you do to encrypt the database as quickly and as easy as possible.

Answer 44

At the present time, encrypting an existing DB Instance is not supported. To use Amazon RDS encryption for an existing database, create a new DB Instance with encryption enabled and migrate your data into it.

Question 45

You need to develop an infrastructure that can be replicated and deployed in another AWS Region in a matter of minutes. Which AWS service might you use to build a reproducible, version-controlled infrastructure?

Answer 45

AWS CloudFormation gives developers and systems administrators an easy way to create and manage a collection of related AWS resources, provisioning and updating them in an orderly and predictable fashion.

Question 46

Your on-premise servers are running low on disk storage space, but your company is not yet ready for a complete move to the public cloud. You’ve been tasked with finding an interim storage solution that also offers backup and archiving capabilities. Which AWS service would you recommend to meet this immediate need?

Answer 46

Storage Gateway with Gateway-Cached Volumes would store your most frequently-accessed data on-premise, and would write your other data to S3.

Question 47

Your AWS environment contains several reserved EC2 instances dedicated to a project that has just been cancelled. You need to recoup the cost of these reserved instances, and you need to preserve the data for future use. What can you do to minimize charges for these instances?

Answer 47

You should retain the data by taking snapshots of the EBS volumes backing your instances and sell the instances on the Reserved Instance Marketplace.

Question 48

You must to encrypt all incoming and outgoing traffic between your servers and your customers. Your fleet of EC2 instances lives inside a public subnet and behind an elastic load balancer. Your application is very CPU intensive, and you want to minimize the processing load these EC2 instances must bear. What should you do?

Answer 48

The best answer would be to offload your SSL decryption to an Elastic Load Balancer.

Question 49

The company you work for is considering a move to AWS, but they are concerned that their current, 50Mbps connection will not be able to handle the 100 TB of data that need to be migrated without causing unacceptable downtime. As their solutions architect, which AWS service would you recommend to move this data?

Answer 49

Given the amount of data to be moved and the speed of the connection, Snowball would be the fastest and most economical solution.

Question 50

One of your junior developers needs access to an Elastic Load Balancer in your custom VPC. This is the first and only time he will need access to AWS services. Which of the following choices is the most secure way to grant this access?

Answer 50

It’s always best practice to grant users access via IAM roles and groups.

Question 51

You’ve been tasked with replicating your production VPC in another region for disaster recovery purposes. Part of your environment relies on EC2 instances with preconfigured software. What steps would you take to configure the instances in another region?

Answer 51

The AMIs will need to be copied to the new Region prior to deployment.

Question 52

From the command line, which of the following should you run to get the public hostname of an EC2 instance?

Answer 52

You would use the command curl http://169.254.169.254/latest/meta-data/public-hostname

Question 53

Amazon RDS supports which of the following databases:

Answer 53

Amazon RDS currently supports MySQL, MariaDB, PostgreSQL, Oracle, Microsoft SQL Server, and Amazon Aurora database engines.

Question 54

True or False: EBS Volumes are hard-disks in the cloud.

Answer 54

T Amazon Elastic Block Store (Amazon EBS) provides block level storage volumes for use with EC2 instances. They are analogous to hard disks.

Question 55

Which database engines support read replicas?

Answer 55

Read Replicas are supported by Amazon RDS for MySQL and PostgreSQL.

Question 56

You’ve been tasked with setting up an S3 solution to store large amounts of critical data. With high availability and fault-tolerance in mind, what further safeguards should you implement to protect your data in the event that an entire AZ was lost to a natural (or similarly catastrophic) disaster?

Answer 56

S3 is a Global service, and its reliability and durability are not bound to any Region or Availability Zone.

Question 57

What is the maximum retention period for RDS automated backups?

Answer 57

35 days - Amazon RDS retains backups of a DB Instance for a limited, user-specified period of time called the retention period, which by default is one day but can be set to up to thirty five days.

Question 58

Which two of the following characterize a scalable and reliable solution on AWS?

Answer 58

Scale app resilient and op efficient
Scale sol will decrease in cost at scale
The AWS Well-Architected framework has been developed to help cloud architects build the most secure, high-performing, resilient, and efficient infrastructure possible for their applications. This framework provides a consistent approach to application and solution architecture that will scale with your needs over time.

Question 59

You have an RDS database that has high-performance OLTP workloads. Which storage medium would be best to accommodate these requirements?

Answer 59

Amazon RDS Provisioned IOPS (SSD) Storage would be the most suitable.

Question 60

What type of replication is supported by Multi-AZ RDS instances?

Answer 60

Multi-AZ deployments utilize synchronous replication, making database writes concurrently on both the primary and standby so that the standby will be up-to-date in the event a failover occurs.

Question 61

You are creating a new website where users will be able to login using their facebook, google and amazon.com credentials. You need to deploy this website as quickly as possible and you are looking for an AWS service that will enable you to deploy the authentication quickly. Which AWS service should you use?

Answer 61

Cognito is a service that can authenticate users via federated Identity Providers, and assign them manage access to AWS resources based on your policies. Identity Pools (Federated Identities): https://docs.aws.amazon.com/cognito/latest/developerguide/external-identity-providers.html

Question 62

You work for a construction company that has its production environment in AWS. The production environment consists of 3 identical web servers that are launched from a standard Amazon Linux AMI using Auto Scaling. The web servers are launched into the same public subnet and belong to the same security group. They also sit behind the same ELB. You decide to do some testing: you launch a 4th EC2 instance in to the same subnet and same security group. Annoyingly, your 4th instance does not appear to have internet connectivity. What could be the cause of this?

Answer 62

Of these choices, the absence of the Elastic IP is the only one that could prevent internet access. Enabling Internet Access: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Internet_Gateway.html

Question 63

You work for a famous bakery that are deploying a hybrid cloud approach. Their legacy IBM AS400 servers will remain on-premise within their own data centre. However, they will need to be able to communicate with the AWS environment over a site-to-site VPN connection. What do you need to do to establish a VPN connection?

Answer 63

A virtual private gateway is the VPN concentrator on the Amazon side of the VPN connection. You create a virtual private gateway and attach it to the VPC from which you want to create the VPN connection. Virtual Private Gateways: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_VPN.html#VPNGateway

Question 64

Which of the following Route 53 policies allow you to a) route data to a second resource if the first is unhealthy, and b) route data to resources that have better performance?

Answer 64

Failover Routing and Latency-based Routing are the only two correct options, as they consider routing data based on whether the resource is healthy or whether one set of resources is more performant than another. Any answer containing location based routing (Geoproximity and Geolocation) cannot be correct in this case, as these types only consider where the client or resources are located before routing the data. They do not take into account whether a resource is online or slow. Simple Routing can also be discounted as it does not take into account the state of the resources. Choosing a Routing Policy: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html

Question 65

You work at a large financial institution. You have many files that need to be stored for 7 years or more for regulatory purposes. These files need to be stored at the lowest cost possible. It is acceptable to wait for files to become available. Which of the following S3 Storage Tiers is best suited for this request?

Answer 65

S3 Glacier Deep Archive is Amazon S3’s lowest-cost storage class and supports long-term retention and digital preservation for data that won’t be regularly accessed. It is designed for customers — particularly those in highly-regulated industries, such as the Financial Services, Healthcare, and Public Sectors — that retain data sets for 7-10 years or longer to meet regulatory compliance requirements. S3 Glacier Deep Archive can also be used for backup and disaster recovery use cases, and is a cost-effective and easy-to-manage alternative to magnetic tape systems, whether they are on-premises libraries or off-premises services. S3 Glacier Deep Archive complements Amazon S3 Glacier, which is ideal for more active archives where data is regularly retrieved and needed in minutes. All objects stored in S3 Glacier Deep Archive are replicated and stored across at least three geographically-dispersed Availability Zones, protected by 99.999999999% of durability, and can be restored within 12 hours. Amazon S3 Storage Classes - Glacier Deep Archive: https://aws.amazon.com/s3/storage-classes/#____