AWS Cert SA Patrice exam 3

Question 1

Using the AWS Server Migration Service, what’s the maximum number of VMWare VMs that can be migrated concurrently?

Answer 1

At this writing, 50 VMs can be migrated concurrently.

Question 2

True or False: S3 provides read-after-write consistency for overwrite PUTS and DELETES.

Answer 2

F - S3 provides eventual consistency for overwrite PUTS and DELETES.

Question 3

Which of the following is an invalid VPC pairing configuration?

Answer 3

Edge-to-edge routing is not allowed through a VPN connection.

Question 4

Your application’s usage peaks at 90% during the hours of 9 AM and 10 AM everyday. All other hours require only 10% of the peak resources. What is the best way to scale your application so you’re only paying for max resources during peak hours?

Answer 4

Proactive cyclic scaling is scaling that occurs at a fixed interval (daily, weekly, monthly, quarterly)

Question 5

Your image manipulation application allows users take a picture, upload it to your app, and request filters to be added to the image. You need to decouple the application so your users are not waiting for the image processing to take place. How would you go about doing this?

Answer 5

SQS is the cornerstone of a decoupled application.

Question 6

True or False: For a successful cross-region replication of your S3 bucket, versioning must be enabled on both the source and target buckets.

Answer 6

T - Versioning must be enabled on both the source and target buckets.

Question 7

Contractual requirements mandate the use of AWS CloudHSM as an encryption solution. Application performance is a secondary, but important, concern. Where within your AWS infrastructure should you place the HSM appliances?

Answer 7

To decrease latency (and improve application performance), it’s best to place your HSMs as close to your EC2 instances as possible.

Question 8

An AWS VPC allows you to:

Answer 8

With an VPC, you can connect your cloud resources to your own IPSec VPN connections.

Question 9

True or False: Multifactor Authentication is required to delete objects from an S3 bucket.

Answer 9

F- The option to require Multifactor Authentication to delete objects from an S3 bucket is available, but it is not required.

Question 10

True or False: you can write objects directly to an edge location.

Answer 10

It is now possible to expedite uploads to S3 by writing directly to an Edge Location.

Question 11

Which of the following statements about Amazon SQS is true?

Answer 11

SQS will deliver your message at least once, but cannot guarantee that it will not create duplicates of that message. Additionally, SQS cannot guarantee message order.

Question 12

True or False: You can attach more than one EC2 instance to an AWS Elastic Block Store volume.

Answer 12

F - An EBS volume cannot back more than one instance. If you need multiple instance to access a file system, use Elastic File system (EFS) instead.

Question 13

Which of the following statements is FALSE regarding the role of a bastion host?

Answer 13

A bastion host sits in a public subnet, and serves as a secure gateway through which one SSHes into instances in a private subnet.

Question 14

You’ve been tasked with the creation of a highly available website that serves static content from EC2 instances. Which of the following is not a requirement to accomplish this goal?

Answer 14

While an SQS queue can be an important part of a decoupled web application, it is not required when hosting a highly available static website on EC2. An auto scaling group configured to deploy EC2 instances in multiple subnets located in multiple availability zones allows an application to remain online despite an instance or AZ failure.

Question 15

True or False: you can use IAM policies to deny the Root account access to EC2 instances.

Answer 15

F - The Root account has total access to all services.

Question 16

After setting up a VPC peering connection between your VPC and that of your clients, the client requests to be able to send traffic between instances in the peered VPCs using private IP addresses. What must you do to make this possible?

Answer 16

If a route is added to your Route Table, your client will have access to your instance via private IP address.

Question 17

You are trying to establish a VPC peering connection with another VPC, and you discover that there seem to be a lot of limitations and rules when it comes to VPC peering. Which of the following is not a VPC pairing limitation or rule?

Answer 17

A placement group may not span paired VPCs or multiple Regions. Placement Groups are limited to a single AZ.

Question 18

Your customer is a healthcare company with strict compliance and auditing requirements. As you use AWS to architect the application environment, which of the following services might you use to ensure compliance with their strict requirements?

Answer 18

The AWS API call history produced by CloudTrail enables security analysis, resource change tracking, and compliance auditing.

Question 19

What determines the cost of using CloudFormation templates?

Answer 19

There is no additional charge for AWS CloudFormation. You pay for AWS resources (such as Amazon EC2 instances, Elastic Load Balancing load balancers, etc.) created using AWS CloudFormation in the same manner as if you created them manually.

Question 20

To maintain compliance with HIPPA, all healthcare-related data being stored on Amazon S3 needs to be encrypted at rest. Assuming S3 is being used for storing the data, which two of the following are the preferred methods of encryption?

Answer 20

You should encrypt locally or let S3-SSE handle encryption for you.

Question 21

You create an SQS queue and test it by creating a simple application polls the queue for messages. After a message is retrieved, the application should delete it. You create three test messages in your SQS queue and discover that messages 1 and 3 are quickly deleted, but message 2 has remained in the queue. Which two of the following could account for your findings?

Answer 21

With short-polling, multiple polls of the queue may be necessary to process all messages in the queue. Additionally, SQS does NOT offer FIFO processing of messages from the queue.

Question 22

Your company is moving their entire 20 TB data warehouse to the cloud. With your current bandwidth, it would take 2 months to transfer the data. Which service would you use to quickly get your data into AWS?

Answer 22

At that amount of data and those bandwidth restrictions, Snowball would be the most expedient choice.

Question 23

Your company provides an online image recognition service that uses SQS to decouple system components. Your application polls the image queue as often as possible to maximize end-to-end throughput. However, you notice that polling in tight loops is burning CPU cycles and increasing costs with empty responses. How can you reduce the number of empty responses?

Answer 23

Long polling will reduce the number of CPU cycles and empty responses, saving you money.

Question 24

Which two of the following AWS Services were introduced at re:Invent 2016

Answer 24

Amazon Lex is a service for building conversational interfaces using voice and text. Polly is a service that turns text into lifelike speech.

Question 25

True or False: Amazon SQS guarantees that each message will be delivered at least once, but cannot guarantee that a message will not be delivered multiple times.

Answer 25

T - With SQS, each message will be delivered at least once, but the service cannot guarantee that a message will not be delivered more than once. In cases when a message must be delivered only once, consider Simple Work Flow.

Question 26

When reviewing Auto Scaling events, it is noticed that an application is scaling up and down multiple times per hour. What design change could you make to optimize cost while preserving elasticity?

Answer 26

Modifying your scaling threshold is preferable to altering your number of instances manually.

Question 27

You’ve been tasked with architecting a highly available application. After building the initial environment, you’ve discovered that your current security group configuration does not include a port you need for certain traffic. After adding the port to the appropriate security group, how long will it take for your changes to take effect, allowing your application to function correctly?

Answer 27

Modifications to a security group take effect immediately.

Question 28

When selecting an EC2 instance type for your application, it’s important to know which two of the following?

Answer 28

The EC2 instance you choose will be determined by the number of I/O operations needed, as well as the anticipated amount of memory required.

Question 29

What is the maximum size of a general-purpose SSD EBS volume?

Answer 29

16tb The maximum size of a general-purpose SSD EBS volume is 16 TiB.

Question 30

Your AWS environment contains several on-demand, EBS-backed EC2 instances dedicated to a project that has just been cancelled. Your supervisor does not want to incur charges for these on-demand instances, but also does not want to lose the data just yet because there is a chance the project may be revived in the next few days. What should you do to minimize charges for these instances in the meantime?

Answer 30

Stopping an EBS-backed on-demand instance, will stop the charges and preserve the data.

Question 31

The AMI ID used in an AutoScaling policy is specified in the_____.

Answer 31

The AMI used in an AutoScaling policy is specified in the Launch Configuration.

Question 32

You are testing an application that uses EC2 instances to poll an SQS queue. At this stage of testing, you have verified that the EC2 instances can retrieve messages from the queue, but your coworkers are complaining about not being able to manually retrieve any messages from the queue from their on-premises workstations. What is the most likely source of this problem?

Answer 32

Short polling may fail to retrieve messages sometimes, but if no messages can be retrieved after multiple attempts, permissions are the more likely cause.

Question 33

You’ve been tasked with migrating an on-premise application architecture to AWS. During the design process, you give consideration to current on-premise security and identify the security attributes you are responsible for on AWS. Which of the following does AWS provide for you as part of the shared responsibility model?

Answer 33

While AWS manages security of the cloud, security in the cloud is the responsibility of the customer. Customers retain control of what security they choose to implement to protect their own content, platform, applications, systems and networks, no differently than they would for applications in an on-site datacenter.

Question 34

You need to find both the Public and Private IP addresses of an instance. Which of the following URLs should you query?

Answer 34

http://169.254.169.254/latest/meta-data/

Question 35

Which of the following will transpire when an EC2 instance with an associated Elastic IP is stopped and started?

Answer 35

When such an instance is stopped and restarted, the instance will restart on a different physical host, and all instance-store data will be lost.

Question 36

What is the minimum size of an S3 object?

Answer 36

An empty file (often, a file that has been “touched”) is allowed. As such, the answer is 0 bytes

Question 37

True or False: When a snapshot is being taken against an EBS volume, the volume becomes unavailable and the instance no longer has the ability to communicate with the EBS volume until the snapshot is complete.

Answer 37

F -

Question 38

Your company requires that all the data on your EBS-backed EC2 volumes be encrypted. How would you go about doing this?

Answer 38

AWS allows you to encrypt an EBS volume only at the time of creation.

Question 39

As CloudWatch monitors RDS, it provides which of the following metrics by default?

Answer 39

By default, a number of concurrent connection to the DB

Question 40

If an instance belonging to an Elastic Load Balancer fails its health check, what will the ELB do?

Answer 40

dereg and stop sending traffic to it

Question 41

Elasticity is a fundamental property of the cloud. Which of the following best describes elasticity?

Answer 41

In cloud computing, elasticity is defined as “the degree to which a system is able to adapt to workload changes by provisioning and de-provisioning resources in an autonomic manner, such that at each point in time the available resources match the current demand as closely as possible”.

Question 42

True or False: AutoScaling is a tool used to build elastic, self-healing applications.

Answer 42

T - AutoScaling groups are the cornerstone of any self-healing application on AWS.

Question 43

What is the Well Architected Framework?

Answer 43

The AWS Well Architected Framework is a set of questions that you can use to evaluate how well your architecture is aligned to AWS practices.

Question 44

To protect S3 data from accidental overwrites and deletes, you should do which of the following?

Answer 44

enable versioning

Question 45

You manage an application that uses EC2 instances and SQS to process requests from end users. There are no known issues with your application, but your supervisor is concerned about the cost of the AWS resources it uses. Which of the following would not help address that concern?

Answer 45

Increasing the visibility timeout WILL NOT decrease cost over time.

Question 46

You wonder why a SWF workflow you created has not made any progress in the last three weeks. What is the most likely explanation for the workflow’s behavior?

Answer 46

SWF task and workflow execution can last up to one year, and can include (and depend on) tasks to be performed by on-premises servers and humans.

Question 47

True or False: There is no cost associated with removing cached objects from a CDN Edge Location.

Answer 47

F - While the first 1000 invalidation paths per month are free, additional invalidation paths are $0.005 per request.

Question 48

An EC2 instance retrieves a message from an SQS queue, begins processing the message, then crashes. What happens to the message?

Answer 48

When the message visibility timeout expires, the message becomes available for processing by other EC2 instances.

Question 49

True or False: You cannot attach more than one EC2 instance to an AWS Elastic Filesystem.

Answer 49

F - EFS provides multiple EC2 instances with low-latency, shared access to a fully-managed file system, and is designed to perform well for a wide variety of workloads, with the ability to scale to thousands of concurrent connections.

Question 50

True or False: AutoScaling groups are not intended to handle sudden spikes in traffic. Rather, they are intended to allow your applications to grow elastically as load increases over a short period of time.

Answer 50

T - Auto scaling is not really intended to respond to instantaneous spikes in traffic, as it will take some time to spin-up the instances that will handle the additional traffic. For sudden traffic spikes, make sure your application issues a 503 - Service Unavailable message.

Question 51

What is the “first-byte latency” when retrieving data from Glacier?

Answer 51

3 to 5 hrs

Question 52

Which of the following is not a pillar of the AWS Well Architected Framework?

Answer 52

Availability - The pillars of the AWS Well Architected Framework are Security, Reliability, Performance Efficiency, and Cost Optimization.

Question 53

You’ve been tasked with the creation of a highly-available, decoupled web application. Which of the following will not aid in that effort?

Answer 53

The creation of IAM credentials does not aid this effort.

Question 54

After migrating an application architecture from on-premise to AWS, you will not be responsible for the ongoing maintenance of which two of the following services.

Answer 54

DynamoDB and Amazon RDS are managed services. As such, AWS handles the ongoing maintenance.

Question 55

Your company wants to begin automated backups of the EBS volumes that back their EC2 instances. The durability of the backed-up data is key. Which of the following solutions would you implement and why?

Answer 55

AWS CLI cron job snapshot

The data from an EBS volume snapshot is durable because EBS snapshots are stored on the Amazon S3-Standard.

Question 56

True or False: Data stored on EBS volumes is automatically and redundantly stored in multiple physical volumes in the same availability zone as part of the normal operations of the EBS service at no additional charge.

Answer 56

T - Data stored on EBS volumes is automatically and redundantly stored in multiple physical volumes in the same availability zone as part of the normal operations of the EBS service at no additional charge.

Question 57

You have chosen to use S3-RRS with your cloud application. Which limitations have you considered in doing so?

Answer 57

In exchange for a significant cost savings, RRS offers only 99.99% durability.

Question 58

True or False: To prevent in-flight tampering, all requests sent with API keys over a REST or Query API should be sent via HTTPS.

Answer 58

T- All requests sent with API keys over a REST or Query API should be sent via HTTPS.

Question 59

Which of the following services allows you to access the service’s underlying operating system?

Answer 59

Access to the underlying operating system is granted for Elastic Map Reduce and Elastic Beanstalk. The others are managed services.

Question 60

Which of the following statements are true?

Answer 60

S3-Standard provides 99.99% availability and eleven-nines durability. S3-RRS provides 99.99% durability

Question 61

As a Solutions Architect, you advise on team planning activities. A team is building an application that must store persistent JSON data and be able to have an index. Data access must remain consistent if there is high traffic volume. What service should you recommend to the team?

Answer 61

Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. The data stored in DynamoDB is JSON format, making it the perfect data store for this requirement. What is Amazon DynamoDB?: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Introduction.html

Question 62

You have an application that requires that 500 messages per second be sent and processed in order. Which service should be used to accomplish this?

Answer 62

SQS FIFO queues are designed to enhance messaging between applications when the order of operations and events is critical, or where duplicates can’t be tolerated. SQS Standard queues can process the messages, but cannot guarantee order. SNS is used to send the messages, but does not process them. SES is an email service. Amazon SQS FIFO Queues: https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html

Question 63

Your mobile app needs to have images uploaded to S3. You want to bypass the existing web server for the uploads to avoid increasing load on the server. How can this be accomplished?

Answer 63

All objects and buckets by default are private. The pre-signed URLs are useful if you want your user/customer to be able to upload a specific object to your bucket, but you don’t require them to have AWS security credentials or permissions. Uploading Objects Using Pre-signed URLs: https://docs.aws.amazon.com/AmazonS3/latest/dev/PresignedUrlUploadObject.html

Question 64

You have been asked to set up an EFS storage solution for a project team. Which of the following tasks do you need to complete?

Answer 64

It is necessary to set up the bi-directional network permissions, normally with Security Groups. You will connect the EFS Target to your EC2 instance with a ‘mount’ statement. You do not need to stipulate the size or format the volume. AWS provide a nominally unlimited file system ready for you to use. As normal under the shared security model AWS will ensure that the EFS system is secure, but you are responsible for the access control security inside the EFS file space provided to you.

Question 65

Six years ago you launched a new app and had the forethought to design the environment to use ELBs and simple robust autoscaling groups. This has served well however recently you are seeing that the demand is coming on very steeply as people check the services 1st thing in the morning. Your dashboard is now showing that customer connections are being delayed and at time rejected. This is impacting your previously five-star customer satisfaction rating. Why is your design failing?

Answer 65

Auto scaling is not really intended to respond to instantaneous spikes in traffic. Even in the Cloud commissioning a server takes real time. The bigger and more complicated the server the longer it takes. There are ways to deal with this from redesign to use more agile compute like containers and Serverless, step and overlapping autoscaling policies to more rapidly respond, or scheduled scaling for predictable loads. AMIs may be ‘legacy’, but there is no limit as implied in the answer. Scaling policies can block each other, but it would not result in a ‘per hour’ limitation.