AWS Certified Developer Associate Flashcards by Esmeralda Samarripa

What is the proper definition of an IAM Role?

a. IAM Users in multiple User Groups
b. An IAM entity that defines a set of permissions for making requests to AWS services and will be used by an AWS service.
c. An IAM entity that defines a password policy for IAM Users
d. Permissions assigned to IAM Users to perform actions

b. An IAM entity that defines a set of permissions for making requests to AWS services and will be used by an AWS service

How well did you know this?

Not at all

Perfectly

Which of the following is an IAM Security Tool?

a. IAM Credentials Report
b. IAM Root Account Manager
c. IAM Services Report
d. IAM Security Advisor

a. IAM Credentials Report

How well did you know this?

Not at all

Perfectly

Which answer is INCORRECT regarding IAM Users?

a. IAM Users can belong to multiple User Groups
b. IAM Users don’t have to belong to a User Group
c. IAM Policies can be attached directly to IAM Users
d. IAM Users access AWS services using root account credentials

d. IAM Users access AWS services using root account credentials

How well did you know this?

Not at all

Perfectly

Which of the following is an IAM best practice?

a. create serveral IAM Users for on physical person
b. share your AWS account credentials with your colleague, so he can perform a task for you
c. don’t use the root user account
d. do not enable MFA for easier access

c. don’t use the root user account

How well did you know this?

Not at all

Perfectly

What are IAM Policies?

a. a set of policies defines how AWS accounts interact with each other
b. JSON documents that define a set of permissions for making requests to AWS services, and can be used by IAM Users, User Groups, and IAM Roles
c. a set of policies that define a password for IAM Users
d. a set of policies defined by AWS that show how customers interact with AWS

b. JSON documents that define a set of permissions for making requests to AWS services, and can be used by IAM Users, User Groups, and IAM Roles

How well did you know this?

Not at all

Perfectly

Which principle should you apply regarding IAM Permissions?

a. grant least privilege
d. grant most privilege
c. grant more permissions if your employee asks you to
d. restrict root account permissions

a. grant least privilege

How well did you know this?

Not at all

Perfectly

What should you do to increase your root account security?

a. remove permissions from the root account
b. only access AWS services through AWS Command Line Interface (CLI)
c. enable Multi-factor Authentication (MFA)
d. don’t create IAM Users, only access your AWs account using the root account

c. enable Multi-factor Authentication (MFA)

How well did you know this?

Not at all

Perfectly

True or False:

IAM User Groups can contain IAM Users and other User Groups

False

How well did you know this?

Not at all

Perfectly

An IAM policy consists of one or more statements. A statement in an IAM Policy consists of the following EXCEPT:

a. effect
b. principal
c. version
d. action
e. resource

c. version

How well did you know this?

Not at all

Perfectly

According to the AWS Shared Responsibility Model, which of the following is AWS responsibility?

a. rotate Access Key for IAM users
b. enable MFA for the root account and all IAM Users
c. IAM Users, User Groups, and IAM Policies
d. AWS Infrastructure

d. AWS Infrastructure

How well did you know this?

Not at all

Perfectly

Which EC2 Purchasing Option can provide you the biggest discount, but it is not suitable for critical jobs or databases?

a. convertible reserved instances
b. dedicated hosts
c. spot instances

c. spot instances

How well did you know this?

Not at all

Perfectly

What should you use to control traffic in and out of EC2 instances?

a. network access control list (NACL)
b. security groups
c. IAM policies

b. security groups

How well did you know this?

Not at all

Perfectly

How long can you reserve and EC2 Reserved Instance?

a. 1 or 3 years
b. 2 or 4 years
c. 6 months or 1 year
d. anytime between 1 and 3 years

a. 1 or 3 years

How well did you know this?

Not at all

Perfectly

You would like to deploy a High-Performance Computing (HPC) application on EC2 instances. Which EC2 instance type should you choose?

a. storage optimized
b. memory optimized
c. compute optimized
d. general purpose

c. compute optimized

How well did you know this?

Not at all

Perfectly

Which EC2 Purchasing option should you use for an application you plan to run on a sever continuously for 1 year?

a. on-demand instances
b. spot instances
c. reserved instances

c. reserved instances

How well did you know this?

Not at all

Perfectly

You are preparing to launch an application that will be hosted on a set of EC2 instances. This application needs some software installation and some OS packages need to be updated during the first launch. What is the best way to achieve this when you launch the EC2 instance?

a. Connect to each EC2 instance using SSH, then install the required software and update your OS package manually.
b. Write a bash script that installs the required software and updates to your OS, then use this script in EC2 User Data when you launch your EC2 instances.
c. Write a bash script that installs the required software and updates to your OS, then contact AWS Support and provide them with the script. They will run it on your EC2 instances at launch.

b. Write a bash script that installs the required software and updates to your OS, then use this script in EC2 User Data when you launch your EC2 instances.

How well did you know this?

Not at all

Perfectly

Which EC2 instance type should you choose for a critical application that uses an in-memory database?

a. compute optimized
b. storage optimized
c. memory optimized
d. general purpose

c. memory optimized

How well did you know this?

Not at all

Perfectly

You have an e-commerce application with an OLTP database hosted on-premises. This application has popularity which results in its database has thousands of requests per second. You want to migrate the database to an EC2 instance. Which EC2 instance type should you choose to handle this high-frequency OLTP database?

a. compute optimized
b. storage optimized
c. memory optimized
d. general purpose

b. storage optimized

How well did you know this?

Not at all

Perfectly

True or False: Security Groups can be attached to only one EC2 instance.

False

How well did you know this?

Not at all

Perfectly

You are planning to migrate on-premises applications to AWS. Your company has strict compliance requirements that require your application to run on dedicated servers. You also need to use your own server-bound software license to reduce costs. Which EC2 purchasing options is suitable for you?

a. convertible reserved instances
b. dedicated hosts
c. spot instances

b. dedicated hosts

How well did you know this?

Not at all

Perfectly

You would like to deploy a database technology on an EC2 instance and the vendor license bills you based on the physical cores and underlying network socket visibility. Which EC2 purchasing option allows you to get visibility into them?

a. dedicated hosts
b. spot instances
c. on-demand
d. reserved instances

a. dedicated hosts

How well did you know this?

Not at all

Perfectly

You have just terminated an EC2 instance in us-east-1a, and its attached EBS volume is now available. Your teammate tries to attach it to an EC2 instance in us-east-1b but he can’t. What is a possible cause for this?

a. he’s missing IAM permissions
b. EBS volumes are locked to an AWS Region
c. EBS volumes are locked to an AZ

c. EBS volumes are locked to an AZ

How well did you know this?

Not at all

Perfectly

You have launched an EC2 instance with two EBS volumes, the root volume type and the other EBS volume type to store the data. A month later you are planning to terminate the EC2 instance. What’s the default behavior that will happen to each EBS volume?

a. both the root volume type and the EBS volume type will be deleted
b. the root volume type will be deleted and the EBS volume type will not be deleted.
c. the root volume type will not be deleted and the EBS volume type will be deleted.
d. Both the root volume type and the EBS volume type will not be deleted.

b. the root volume type will be deleted an the EBS volume type will not be deleted.

How well did you know this?

Not at all

Perfectly

True or False: You can use an AMI in N. Virginia Region us-east-1 to launch an EC2 instance in any AWS Region.

False

How well did you know this?

Not at all

Perfectly

Which of the following EBS volume types can be used as boot volumes when you create EC2 instances? a. gp2, gp3, io1, io2 b. gp2, gp3, st1, sc1 c. io1, io2, st1, sc1

a. gp2, gp3, io1, io2

What is EBS Multi-Attach? a. attach the same EBS volume to multiple EC2 instances in multiple AZs b. attach multiple EBS volumes in the same AZ to the same EC2 instance. c. attach the same EBS volume to multiple EC2 instances in the same AZ. d. attach multiple EBS volumes in multiple AZs to the same EC2 instance

c. attach the same EBS volume to multiple EC2 instances in the same AZ

You have provisioned an 8TB gp2 EBS volume and you are running out of IOPS. What is NOT a way to increase performance? a. mount EBS volumes in RAID 0 b. change to an io1 volume type c. increase the EBS volume size

c. increase the EBS volume size

You have a fleet of EC2 instances distributed across AZs that process a large data set. What do you recommend to make the same data to be accessible as an NFS drive to all of your EC2 instances? a. use an instance store b. use EBS c. use EFS

c. use EFS

You would like to have a high-performance local cache for your application hosted on an EC2 instance. You don't mind losing the cache upon the termination of your EC2 instance. Which storage mechanism do you recommend as a Solutions Architect? a. instance store b. EBS c. EFS

a. instance store

You are running a high-performance database that requires and IPS of 310,000 for its underlying storage. What do you recommend? a. use an EC2 Instance store b. use an EBS gp2 drive c. use an EBS io1 drive d. use an EBS io2 Block Express drive

a. use an EC2 instance store

Scaling an EC2 instance from r4.large to r4.4xlarge is called _____. a. horizontal scalability b. vertical scalability

b. vertical scalability

Running an application on an Auto Scaling Group that scales the number of EC2 instance in and out is called ____. a. vertical scalability b. horizontal scalability

b. horizontal scalability

Elastic Load Balancers provide a ____. a. static IPv4 we can use in our application b. static DNS name we can use in our application c. static IPv6 we can use in our application

b. static DNS name we can use in our application

You are running a website on 10 EC2 instances fronted by an Elastic Load Balancer. Your users are complaining about the fact that the website always asks them to re-authenticate when they are moving between website pages. You are puzzled because it's working just fin on your machine and in the Dev environment with 1 EC2 instance. What could be the reason? a. The elastic load balancer does not have Sticky Sessions enabled. b. your website must have an issue when hosted on multiple EC2 instances. c. The ec2 instances log out users as they cant see their IP addresses, instead, they receive ELB IP addresses.

a. The elastic load balancer does not have Sticky Sessions enabled.

You are using an Application Load Balancer to distribute traffic to your website hosted on EC2 instances. It turns out that your website only sees traffic coming from private IPv4 addresses which are in fact your Application Load Balancer's IP addresses. What should you do to get the IP address of clients connected to your website? a. modify your website's frontend so that users send their IP in every request. b. modify your website's backend to get the client IP address from X-Forwarded-For header c. modify your website's backend to get the client IP address from X-Forwarded-Port header d. modify your website's backend to get the client IP address from X-Forwarded-Proto header

b. modify your website's backend to get the client IP address from X-Forwarded-For header

You hosted an application on a set of EC2 instances fronted by an Elastic load balancer. A week later, users begin complaining that sometimes the application just doesn't work. You investigate the issue and found that some EC2 instances crash from time to time. What should you do to protect users from connecting to the EC2 instances that are crashing? a. Enable ELB stickiness b. enable SSL Termination c. enable ELB health checks d. enable Cross-Zone Load Balancing

c. enable ELB health checks

You are working as a Solutions Architect for a company and you are required to design an architecture for a high-performance, low-latency application that will receive millions of requests per second. Which type of Elastic Load Balancer should you choose? a. Application Load Balancer b. Classic Load Balancer c. Network Load Balancer

c. Network Load Balancer

Application Load Balancers support the following protocols, EXCEPT: a. HTTP b. HTTPS c. WebSocket d. TCP

d. TCP

Application Load Balancers can route traffic to different Target Groups based on the following EXCEPT: a. hostname b. client's location (geography) c. request URL path d. source IP address

b. client's location (geography)

Registered targets in a Target Group for an Application Load Balancer can be one of the following EXCEPT: a. network load balancer b. lambda functions c. private IP addresses d. EC2 instances

a. network load balancer

For compliance purposes, you would like to expose a fixed static IP address to your end-users so that they can write firewall rules that will be stable and approved by regulators. What type of Elastic Load Balancer would you choose? a. Application Load Balancer with an Elastic IP attached to it b. Network Load Balancer c. Classic Load Balancer

b. Network Load Balancer

You want to create a customer applciaton-based cookie in your Application Load Balancer. Which of the following can you use as a cookie name? a. AWSALBAPP b. AWSALBTG c. APPUSERC d. AWSALB

c. APPUSERC

You have a Network Load Balancer that distributes traffic across a set of EC2 instances in us-east-1. You have 2 EC2 instances in us-east-1b AZ and 5 EC2 instances in us-east-1e AZ. You have noticed that the CPU utilization is higher in the EC2 instances in us-east-1b AZ. After more investigation, you noticed that the traffic is equally distributed across the two AZs. How would you solve this problem? a. enable Sticky Sessions b. enable Cross-Zone Load Balancing c. enable ELB Health Checks d. enable SSL termination

b. enable Cross-Zone Load Balancing

Which feature in both Application Load Balancers and Network Load Balancers allows you to load multiple SSL certificates on one listener? a. Server Name Indication (SNI) b. TLS Termination c. Host Headers d. SSL Security Policies

a. Sever Name Indication (SNI)

You have an Application Load Balancer that is configured to redirect traffic to 2 Target Groups based on the following hostnames: users.example.com, api.external.example.com, and checkout.example.com. You would like to configure HTTPS for each of these hostnames. How do you configure the ALB to make this work? a. use an HTTP to HTTPS redirect rule b. use a security group SSL certificate c. use Server Name Indication (SNI)

c. user Server Name Indication (SNI)

You have an application hosted on a set of EC2 instances managed by an Auto Scaling Group that you configured both desired and maximum capacity to 3. Also, you have created a CloudWatch Alarm that is configured to scale out your ASG when CPU Utilization reaches 60%. Your application suddenly received huge traffic and is now running at 80% CPU Utilization. What will happen? a. the desired capacity will go up to 4 and the maximum capacity will stay at 3. b. nothing c. the desired capacity will go up to 4 and the maximum capacity will stay at 4

b. nothing

You have an Auto Scaling Group frontend by an Application Load Balancer. You have configured the ASG to use ALB Health Checks, then one EC2 instance has just been reported unhealthy. What will happen to the EC2 instance? a. the ASG will keep the instance running and re-start the applciaton. b. the ASG will detach the EC2 instance and leave it running c. the ASG will terminate the EC2 instance

c. the ASG will terminate the EC2 instance

Your boss asked you to scale your ASG based on the number of requests per minute your application makes to your database. What should you do? a. You politely tell him it's impossible b. create a CloudWatch custom metric then create a CloudWatch Alarm on this metric to scale your ASG c. enable Detailed Monitoring then create a CloudWatch Alarm to scale your ASG

b. create a CloudWatch custom metric then create a CloudWatch Alarm on this metric to scale your ASG

A web application hosted on a fleet of EC2 instances managed by an ASG. You are exposing the application through an ALB. Both the EC2 instances and the ALB are deployed on a VPC with the following CIDR 192.168.0.0/18. How do you configure the EC2 instances' security group to ensure only the ALB can access them on port 80? a. add an inbound rule with port 80 and 0.0.0.0/0 as the source b. add an inbound rule with port 80 and 192.168.0.0/18 as the source c. add an inbound rule with port 80 and the ALB's Security Group as the source d. load an SSL certificate on the ALB

c. add an inbound rule with port 80 and the ALB's Security Group as the source

An application is deployed with an ALB and an ASG. Currently, you manually scale the ASG and you would like to define a Scaling Policy that will ensure the average number of connections to your EC2 instances is around 1000. Which Scaling Policy should you use? a. simple scaling policy b. step scaling policy c. scheduled scaling policy d. target tracking policy

d. target tracking policy

Your application hosted on EC2 instances by and ASG suddenly receives a spike in traffic which triggers your ASG to scale out and a new EC2 instance has been launched. The traffic continuously increases but the ASG doesn't launch any new EC2 instances immediately but after 5 minutes. What is a possible cause for this behavior? a. cooldown period b. lifecycle hooks c. target tracking policy d. launch template

a. cooldown period

Amazon RDS supports the following databases, EXCEPT: a. MongoDB b. MySQL c. MariaDB d. Microsoft SQL Server

a. MongoDB

You're planning for a new solution that requires a MySQL database that must be available even in case of a disaster in one of the Availability Zones. What should you use? a. Create Read Replicas b. Enable Encryption c. Enable Multi-AZ

c. Enable Multi-AZ

We have an RDS database that struggles to keep up with the demand of requests from our website. Our million users mostly read news, and we don't post news very often. Which solution is NOT adapted to this problem? a. an ElastiCache Cluster b. RDS Multi-AZ c. RDS Read Replicas

b. RDS Multi-AZ

You have set up read replicas on your RDS database, but users are complaining that upon updating their social media posts, they do not see their updated posts right away. What is a possible cause for this? a. There must be a bug in your application b. Read Replicas have Asynchronous Replication, therefore it's likely your users will only read Eventual Consistency c. You should have setup Multi-AZ instead.

b. Read Replicas have Asynchronous Replication, therefore it's likely your users will only read Eventual Consistency

Which RDS (NOT Aurora) feature when used does not require you to change the SQL connection string? a. Read Replicas b. Multi-AZ

b. Multi-AZ

Your application running on a fleet of EC2 instances managed by an ASG behind an ALB. Users have to constantly log back in and you don't want to enable Sticky Sessions on your ALB as you fear it will overload some EC2 instances. What should you do? a. Use your own custom Load Balancer on EC2 instances instead of using ALB b. Store session data in RDS c. Store session data in ElastiCache d. Store session data in a shared EBS volume

c. Store Session data in ElastiCache

An analytics application is currently performing its queries against your main production RDS database. These queries run at any time of the day and slow down the RDS database which impacts your users' experience. What should you do to improve the users' experience? a. setup a read replica b. setup Multi-AZ c. run the analytics queries at night

a. setup a read replica

You are running an ElastiCache Redis cluster which you want to ensure it is high available. What should you do? a. add read replicas b. enable mulit-az

a. add read replicas

How can you enhance the security of your ElastiCache Redis Cluster by forcing users to enter a password when they connect? a. Use Redis Auth b. Use IAM Auth c. Use Security Groups

a. Use Redis Auth

Your company has a production Node.js application that is using RDS MySQL 5.6 as its database. A new application programmed in Java will perform some heavy analytics workload to create a dashboard on a regular hourly basis. What is the most cost-effective solution you can implement to minimize disruption for the main application? a. Enable Multi-AZ for the RDS database and run the analytics workload on the standby database. b. Create a Read Replica in a different AZ and run the analytics workload on the replica database c. Create a Read Replica in a different AZ and run the analytics workload on the source database

b. Create a Read Replica in a different AZ and run the analytics workload on the replica database.

You would like to create a disaster recovery strategy for your RDS PostgreSQL database so that in case of regional outage the database can be quickly made available for both read and write workloads in another AWS Region. The DR database must be highly available. what do you recommend? a. create a read replica in the same region and enable multi-az on the main database. b. create a read replica in the same region and enable multi-az on the read replica c. create a read replica in a different region and enable multi-az and the read replica d. enable multi-region option on the main database

c. create a read replica in a different region and enable multi-az and the read replica

You have migrated the MySQL database from on-premises to RDS. You have a lot of applications and developers interacting with your database. Each developer has an IAM user in the company's AWS account. What is a suitable approach to give access to developers to the MySQL RDS DB instance instead of creating a DB user for each one? a. enable IAM Database Authentication b. user Amazon Cognito c. by default IAM users have access to your RDS database

a. enable IAM Database Authenticaiton

Which of the following statement is true regarding replication in both RDS Read Replica and Multi-AZ? a. read replica uses Asynchronous Replication and Multi-AZ uses Asynchronous Replication b. read replica uses synchronous replication and multi-az uses asynchronous replication c. read replica uses synchronous replication and multi-az uses synchronous replication d. read replica uses asynchronous replication and multi-az uses synchronous replication

d. read replica uses asynchronous replication and multi-az uses synchronous replication

How do you encrypt an unencrypted RDS DB Instance? a. do it straight from AWS Console, select RDS DB instance, choose Actions then Encrypt using KMS b. create a snapshot of the unencrypted RDS DB instance, copy the snapshot and tick "Enable encryption", then restore the RDS DB instance from the encrypted snapshot c. Do it straight from AWS Console, after stopping the RDS DB instance

b. create a snapshot of the unencrypted RDS DB instance, copy the snapshot and tick "Enable encryption", then restore the RDS DB instance from the encrypted snapshot

For your RDS database, you can have up to ___ read replicas. a. 3 b. 5 c. 7

b. 5

Which RDS database technology does NOT support IAM Database Authentication? a. Oracle b. PostgreSQL c. MySQL

a. Oracle

Yes or No: You have an unencrypted RDS DB instance and you want to create read replicas. Can you configure the RDS read replicas to be encrypted?

How many Aurora Read Replicas can you have in a single Aurora DB Cluster? a. 5 b. 10 c. 15

c. 15

Amazon Aurora supports both ____ databases a. MySQL and MariaDB b. Oracle and MariaDB c. MySQL and PostgreSQL d. Oracle and MS SQL Server

c. MySQL and PostgreSQL

What is the maximum number of read replicas you can add in an ElastiCache Redis Cluster with Cluster-Mode Disabled? a. 3 b. 4 c. 5

c. 5

You have an ElastiCache Redis Cluster that serves a popular application. You have noticed that there are a large number of requests that go to the database because a large number of items are removed from the cache before they expire. What is this called and how to solve it? a. Cache Evictions, Scale up or out your ElastiCache Redis Cluster b. Cache Invalidations, Scale up or out your ElastiCache Redis Cluster c. Cache Evictions, Scale down or in your ElastiCache Cluster d. Cache Invalidations, Scale down or in your ElastiCache Cluster

a. Cache Evictions, Scale up or out your ElastiCache Redis Cluster

You have a MySQL RDS database instance on which you want to enforce SSL connections. What should you do? a. modify your DB security group to only allow SSL traffic b. download SSL certificates form your DB, then use these certificates in your application to connect over SSL c. enable MySQL RDS Database Encryption d. Execute a REQUIRE SSL SQL statement to all your DB users

d. Execute a REQUIRE SSL SQL statement to all your DB users

You have an ElastiCache cluster with small cache size, so you want to ensure that only the data that's requested will be loaded into the cluster. Which caching strategy should you use? a. write through b. lazy loading c. time-to-live(TTL)

b. lazy loading

You're hosting a dynamic website fronted by an ElastiCache Cluster. You have been instructed to keep latency to a minimum for all read requests for every user. Also, writes can take longer to happen. Which caching strategy do you recommend? a. Cache Aside b. Time-To-Live (TTL) c. Write Through

c. Write Through

You have purchased mycoolcompany.com on Amazon Route 53 Registrar and would like the domain to point to your Elastic Load Balancer my-elb-1234567890.us-west-2.elb.amazonaws.com. Which Route 53 Record type must you use here? a. CNAME b. Alias

b. Alias

You have deployed a new Elastic Beanstalk environment and would like to direct 5% of your production traffic to this new environment. This allows you to monitor for CloudWatch metrics and ensuring that no bugs exists with your new environment. Which Route 53 Record type allows you to do so? a. simple b. weighted c. latency d. failover

b. weighted

You have updated a Route 53 Record's myapp.mydomain.com value to point to a new Elastic Load Balancer, but it looks like users are still redirected to the old ELB. What is a possible cause for this behavior? a. Because of the Alias Record b. Because of the CNAME Record c. Because of the TTL d. Because of the Route 53 Health Checks

c. Because of the TTL

You have an application that's hosted in two different AWS Regions us-west-1 and eu-west-2. You want your users to get the best possible user experience by minimizing the response time from application servers to your users. Which Route 53 Routing Policy should you choose? a. latency b. multi value c. weighted d. geolocation

a. latency

You have a legal requirement that people in any country but France should NOT be able to access your website. Which Route 53 Routing Policy helps you in achieving this? a. latency b. simple c. multi value d. geolocation

d. geolocation

You have purchased a domain on GoDaddy and would like to use Route 53 as the DNS Service Provider. What should you do to make this work? a. Request for a domain transfer b. Create a Private Hosted Zone and update the 3rd party Registrar NS records c. Create a Public Hosted Zone and update the 3rd party Registrar NS records d. Create a Public Hosted Zone and update the Route 53 NS records

c. Create a Public Hosted Zone and update the 3rd party Registrar NS records

Which of the following are NOT valid Route 53 Health Checks? a. Health Check that monitor SQS Queue b. Health Check that monitors an Endpoint c. Health Check that monitors other Health Checks d. Health Check that monitor CloudWatch Alarms

a. Heath Check that monitor SQS Queue

Security Groups operate at the ____ level while NACLs operate at the ____ level. a. EC2 instance, Subnet b. Subnet, EC2 instance

a. EC2 instance, Subnet

You have attached an Internet Gateway to your VPC, but your EC2 instances still don't have access to the internet. What is NOT a possible issue? a. Route Tables are missing entries b. the EC2 instances don't have public IP's c. the Security Group does not allow traffic in d. the NACL does not allow network traffic out

c. the security group does not allow traffic in

You would like to provide internet access to your EC2 instances in private subnets with IPv4 while making sure this solution requires the least amount of administration and scales seamlessly. What should you use? a. NAT instances with source/destination check flag off b. NAT Gateway c. Egress only Internet Gateway

b. NAT Gateway

When using VPC Endpoints, what are the only two AWS services that have a Gateway Endpoint available? a. Amazon S3 & Amazon SQS b. Amazon SQS & DynamoDB c. Amazon S3 & DynamoDB

c. Amazon S3 & DynamoDB

You have 3 VPCs A, B, and C. You want to establish a VPC Peering connection between all the 3 VPCs. What should you do? a. Establish 3 VPC Peering connections (A-B, A-C, B-C) b. As VPC Peering supports Transitive Peering, so you need to establish 2 VPC Peering connections (A-B, B-C)

a. Establish 3 VPC Peering connections (A-B, A-C, B-C)

How can you capture information about IP traffic inside your VPCs? a. enable VPC Traffic Monitoring b. enable VPC Flow Logs c. enable CloudWatch Traffic Logs

b. enable VPC Flow Logs

You need to set up a dedicated connection between your on-premises corporate datacenter and AWS Cloud. This connection must be private, consistent, and traffic must not travel through the internet. Which AWS service should you use? a. Site-to-Site VPN b. AWS PrivateLink c. Amazon EventBridge d. AWS Direct Connect

d. AWS Direct Connect

You have a 25 GB file that you're trying to upload to S3 but you're getting errors. What is a possible solution for this? a. the file size limit on S3 is 5 GB b. update your bucket policy to allow the larger file c. use multi-part upload when uploading files larger than 5GB d. encrypt the file

c. use multi-part upload when uploading files larger than 5GB

You're getting errors while trying to create a new S3 bucket named dev. You're using a new AWS Account with no S3 buckets created before. What is a possible cause for this? a. You're missing IAM permissions to create an S3 bucket b. S3 bucket names must be globally unique and dev is already taken

b. S3 bucket names must be globally unique and dev is already taken

You have enabled versioning in your S3 bucket which already contains a lot of files. Which version will the existing files have? a. 1 b. 0 c. -1 d. null

d. null

Your client wants to make sure that file encryption is happening in S3, but he wants to fully manage the encryption keys and never store them in AWS. You recommend him to use ____. a. SSE-S3 b. SSE-KMS c. SSE-C d. Client-Side Encryption

c. SSE-C

A company you're working for wants their data store in S3 to be encrypted. They don't mind the encryption keys stored and managed by AWS, but they want to maintain control over the rotation policy of the encryption keys. You recommend them to use ____. a. SSE-S3 b. SSE-KMS c. SSE-C d. Client-Side Encryption

b. SSE-KMS

Your company does not trust AWS for the encryption process and wants it to happen on the application. You recommend them to use ____. a. SSE-S3 b. SSE-KMS c. SSE-C d. Client-Side Encryption

d. Client-Side Encryption

You have updated an S3 bucket policy to allow IAM users to read/write files in the S3 bucket, but one of the users complain that he can't perform a PutObject API call. What is a possible cause for this? a. The S3 bucket policy must be wrong b. The user is lacking permissions c. The IAM user must have an explicit DENY in the attached IAM Policy d. You need to contact AWS Support to lift this limit

c. The IAM user must have an explicit DENY in the attached IAM Policy

You have a website that loads files from an S3 bucket. When you try the URL of the files directly in your Chrome browser it works, but when the website you're visiting tries to load these files it doesn't. What's the problem? a. the bucket policy is wrong b. the IAM policy is wrong c. Encryption is wrong d. CORS is wrong

d. CORS is wrong

Which S3 encryption method mandates that you use HTTPS while uploading/download objects? a. SSE-C b. SSE-S3 c. SSE -KMS d. Client-Side Encryption

a. SSE-C

An application hosted on an EC2 instance wants to upload objects to an S3 bucket using the PutObject API call, but it lacks the required permissions. What should you do? a. From inside the EC2 instance, run "aws configure" and insert your personal IAM Credentials, because you have access to do the required API call. b. Ask an administrator to attach an IAM Policy to the IAM Role on your EC2 instance that authorizes it to do the required API call. c. Export the environment variables with your IAM credentials on the EC2 instance. d. use the EC2 Metadata API call

b. Ask an administrator to attach an IAM Policy to the IAM Role on your EC2 instance that authorizes it to do the required API call.

You and your colleague are working on an application that's interacting with some AWs services through making API calls. Your colleague can run the application on his machine without issues, while you get API Authorization Exceptions What should you do? a. send him your AWS Access Key and Secret Access Key so he can replicate the issue on his machine b. ask him to send you his IAM credentials so you can work without issues. c. Compare both your IAM Policy and his IAM Policy in AWS Policy Simulator to understand the differences d. Ask him to create an EC2 Instance and insert his IAM credentials inside it, so you can run the application from the EC2 instance.

c. Compare both your IAM Policy and his IAM Policy in AWS Policy Simulator to understand the differences

Your administrator launched a Linux EC2 instance ang gives you the EC2 Key Pair so you can SSH into it. After getting into the EC2 instance, you want to get the EC2 instance ID. What is the best way to do this? a. create an IAM Role and attach it to your EC2 instance so you can perform a "describe-instances" API call b. Query the user data at http://169.254.169.254/latest/user-data c. Query the metadata at http://254.169.254.169/latest/meta-data d. Query the metadata at http://169.254.169.254/latest/meta-data

d. Query the metadata at http://169.254.169.254/latest/meta-data

AWS CLI requires _____ as its runtime. a. Java b. Golang c. Python d. C#

c. Python

You're running an application on an on-premises server. The application needs to perform API calls to an S3 bucket. How can you achieve this in the most secure manner? a. create an IAM user to be used by the application, then generate IAM credentials and put the credentials into environment variables b. from inside your on-premises server, run "aws configure" and insert your personal IAM Credentials c. Create an IAM user to be used by the application, then generate IAM credentials and use the credentials in the application's code d. attach an IAM role to your on-premises server

a. create an IAM user to be used by the application, then generate IAM credentials and put the credentials into environment variables

When you have an IAM role attached to your EC2 instance and you run AWS CLI commands from inside this instance, AWS CLI uses the ______ to get _____ credentials. a. instance user data, temporary b. instance metadata, temporary c. instance user data, permanent d. instance metadata, permanent

b. instance metadata, temporary

You have created an IAM role with the required IAM permissions to make API calls to get sensitive files stored in an S3 bucket. You have attached the newly created IAM role to an EC2 instance an you want to test whether you can download these files from inside the EC2 instance. What should you do to make your tests without changing the parameters' values as they're critical? a. use IAM Policy simulator or the Instance metadata b. use "--dry-run" AWS CLI option or the Instance metadata c. use IAM Policy simulator or the "--dry-run" AWS CLI option

c. use IAM Policy simulator or the "--dry-run" AWS CLI option

True or False: When an IAM role is attached to your EC2 instance, you can retrieve both the IAM role name and the IAM policies attached to the role.

False

While performing EC2 API calls from inside your EC2 instance, you received the following authorization exception: vbguZQ1pz421h4rtSaXnEfDAZPii8X..... How can you decode this encrypted error message? a. contact AWS Support as they're the only ones who can decode these messages. b. use the EC2 decode-authorization-message API call c. use the IAM decode-authorization-message API call d. use the STS decode-authorization-message API call

d. use the STS decode-authorization-message API call

The last AP calls you made to AWS KMS begin to throttle, as you have reached the max allowed API calls per second. What should you do? a. make API calls every 10 ms b. use exponential Backoff Strategy c. use-linear backoff strategy

b. use exponential backoff strategy

Before making API calls against MFA-protected API, you should use ____ to get temporary credentials. a. STS GetSessionToken b. STS GetFederationToken c. IAM GetMFAToken

a. STS GetSessionToken

AWS CLI uses credentials located in multiple locations and certain locations take precedence over others. Which of the following is the correct order for locations AWS CLI uses to find credentials? a. environment variables -> command line options -> ec2 Instance Profile b. command line options -> environment variables -> ec2 instance profile c. ec2 instance profile -> command line options -> environment variables d. ec2 instance profile -> environment variables -> command line options

b. command line options -> environment variables -> ec2 instance profile

AWS CLI and AWS SDKs sign API requests for you using your AWS access key. If you're writing your custom code, you must sign AWS API requests using ______. a. signature version 1 (SigV1) b. signature version 2 (SigV2) c. signature version 3 (SigV3) d. signature version 4 (SigV4)

d. signature version 4 (SigV4)

You have enabled versioning and want to be extra careful when it comes to deleting files on an S3 bucket. What should you enable to prevent accidental permanent deletions? a. use a bucket policy b. encrypt the files c. enable mfa delete d. disable versioning

c. enable mfa delete

You would like all your files in an S3 bucket to be encrypted by default. What is the optimal way of achieving this? a. use a bucket policy that forces HTTPS connections b. enable default encryption c. enable versioning

b. enable default encryption

You suspect that some of your employees try to access files in an S3 bucket that they don't have access to. How can you verify this is indeed the case without them noticing? a. restrict their IAM policies and look at CloudTrail logs b. use a bucket policy c. enable S3 Access Logs and analyze them using Athena

c. enable S3 Access Logs and analyze them using Athena

You want the content of an S3 bucket to be fully available in different AWS Regions. That will help your team perform data analysis at the lowest latency and cost possible. What S3 feature should you use? a. Amazon CloudFront Distributions b. S3 Replication c. S3 versioning d. S3 Static Website hosting

b. S3 Replication

You have 2 S3 buckets. One source bucket A, and two destination buckets B and C in different AWS Regions. You want to replicate objects from bucket A to both bucket B and C. How would you achieve this? a. configure replication from bucket A to bucket B, then from bucket A to bucket C. b. Configure replication from bucket A to bucket B, then from bucket B to bucket C. c. configure replication from bucket A to bucket C, then from bucket C to bucket B.

a. configure replication from bucket A to bucket B, then from bucket A to bucket C.

Which of the following is NOT a Glacier Deep Archive retrieval mode? a. Standard (12 hrs) b. Expedited (1-5 minutes) c. Bulk (48 hrs)

b. Expedited (1-5 minutes)

How can you be notified when there's an object uploaded to your S3 bucket? a. S3 Select b. S3 Access Logs c. S3 Event Notifications d. S3 Analytics

c. S3 Event Notifications

You are looking to provide temporary URLs to a growing list of federated users to allow them to perform a file upload on your S3 bucket to a specific location. What should you use? a. S3 CORS b. S3 Pre-signed URL c. S3 Bucket Policies d. IAM Users

b. S3 Pre-signed URL

You have an S3 bucket that has S3 Versioning enabled. This S3 bucket has a lot of objects, and you would like to remove old object versions to reduce costs. What's the best approach to automate the deletion of these old object version? a. S3 Lifecycle Rules - Expiration Actions b. S3 Lifecycle Rules - Transition Actions c. S3 Access Logs

a. S3 Lifecycle Rules - Expiration Actions

How can you automate the transition of S3 objects between their different tiers? a. AWS Lambda b. CloudWatch Events c. S3 Lifecycle Rules

c. S3 Lifecycle Rules

Which of the following is NOT a Glacier Flexible retrieval mode? a. Expedited (1-5 min) b. Standard (3-5 hrs) c. Bulk (5-12 hrs) d. Instant (10 secs)

d. Instant (10 secs)

While you're uploading large files to an S3 bucket using Multi-part Upload, there are a lot of unfinished parts stored in the S3 bucket due to network issues. You are not using these unfinished parts and they cost you money. What is the best approach to remove these unfinished parts? a. Use AWS Lambda to loop on each old/unfinished part and delete them b. Use and S3 Lifecycle Policy to automate old/unfinished parts deletion c. Request AWS Support to help you delete old/unfinished parts

b. Use and S3 Lifecycle Policy to automate old/unfinished parts deletion

Which of the following is a Serverless data analysis service allowing you to query data in S3? a. S3 Analytics b. Redshift c. Athena d. RDS

c. Athena

You are looking to build an index of your files in S3, using Amazon RDS PostgreSQL. To build this index, tit is necessary to read the first 250 bytes of each object in S3, which contains some metadata about the content of the file itself. There are over 100,000 files in your S3 bucket, amounting to 50 TB of data, how can you build this index efficiently? a. use the RDS import feature to load the data from S3 to PostgreSQL, and run a SQL query to build the index b. Create an application that will traverse the S3 bucket, issue a Byte Range Fetch for the first 250 bytes, and store that information in RDS. c. Create an application that will traverse the S3 bucket, read all the files one by one, extract the first 250 bytes, and store that information in RDS. d. Create an application that will traverse the S3 bucket, use S3 Select to get the first 250 bytes, and store that information in RDS.

b. Create an application that will traverse the S3 bucket, issue a Byte Range Fetch for the first 250 bytes, and store that information in RDS.

You have a large dataset stored on-premises that you want to upload to the S3 bucket. The dataset is divided into 10GB files. You have good bandwidth but your internet connection isn't stable. What is the best way to upload this dataset to s3 and ensure that the process is fast and avoid any problems with the internet connection? a. use S3 multi-part upload & S3 Transfer Acceleration b. Use S3 Select & use S3 Transfer Acceleration c. use multi-part upload only

a. use S3 multi-part upload & S3 Transfer Acceleration

You would like to retrieve a subset of your dataset store in S3 with the CSV format. You would like to retrieve a month of data and only 3 columns out of 10, to minimize compute and network costs. What should you use? a. S3 Inventory b. S3 Select c. S3 Analytics d. S3 Access Logs

b. S3 Select

You have a paid content that is stored in the S3 bucket. You want to distribute the content globally, so you have set up a CloudFront Distribution and configured the S3 bucket to only exchange data with your CloudFront Distribution. Which CloudFront feature allows you to securely distribute this paid content? a. Origin Access Identity b. S3 Pre-Signed URL c. CloudFront Signed URL d. CloudFront Invalidation

c. CloudFront Signed URL

You have a CloudFront Distribution that serves your website hosted on a fleet of EC2 instances behind an Application Load Balancer. All your clients are from the United States, but you found that some malicious requests are coming from other countries. What should you do to only allow users from the US and block other countries? a. User Origin Access Identity b. Use CloudFront Geo Restriction c. set up a security group and attach it to your CloudFront Distribution d. Use a Route 53 Latency record and attach it to CloudFront

b. Use CloudFront Geo Restriction

You have a static website hosted on an S3 bucket. You have created a CloudFront Distribution that points to your S3 bucket to better serve your requests and improve performance. After a while, you noticed that users can still access your website directly from the S3 bucket. You want to enforce users to access the website only through CloudFront. How do you achieve that? a. Configure your CloudFront Distribution and create an Origin Access Identity, then update your S3 Bucket Policy to only accept requests from your CloudFront Distribution OAI user. b. Send an email to your clients and tell them to not use the S3 endpoint c. Use S3 Access Points to redirect clients to CloudFront

a. Configure your CloudFront Distribution and create an Origin Access Identity, then update your S3 Bucket Policy to only accept requests from your CloudFront Distribution OAI user.

A website is hosted on a set of EC2 instance fronted by an Application Load Balancer. You have created a CloudFront Distribution and set up its origin to point to your ALB. What should you use to provide access to hundreds of private files served by your CloudFront distribution? a. CloudFront Signed URLs b. CloudFront Origin Access Identity c. CloudFront HTTPS Encryption d. CloudFront Signed Cookies

d. CloudFront Signed Cookies

``` What does this S3 bucket policy do? { "Version": "2012-10-17", "Id": "Mystery Policy", "Statement": [ { "Sid": "What could it be?", "Effect": "Allow", "Principal": { "CanonicalUser": "CloudFront Origin Identity Canonical User ID" }, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::examplebucket/*" }] } ``` a. Forces GetObject request to be encrypted if coming from CloudFront b. Only allows the S3 bucket content to be accessed from your CloudFront Distribution Origin Access Identity c. Only allows GetObject type of request on the S3 bucket from anybody

b. Only allows the S3 bucket content to be accessed from your CloudFront Distribution Origin Access Identity

You have a React Single Page Application hosted on an S3 Bucket and served through CloudFront Distribution. You have made an update to your React application an pushed it to S3, but the old version is still cached at CloudFront, and clients still see the old version. You want the new update to be propagated immediately. What would you do? a. use CloudFront Invalidation b. delete and create a new CloudFront Distribution c. tell your clients to remove cache from their browsers or use Incognito Mode

a. use CloudFront Invalidation

You are hosting highly dynamic content in an S3 bucket in the us-east-1 region. You want to make this data to be available with low latency in Singapore's ap-southeast-1 region. What do you recommend? a. Amazon CloudFront b. S3 Cross-Region Replication c. S3 Pre-Signed URLs

b. S3 Cross-Region Replication

Using a CloudFront Distribution, you can cache based on the following, except ______. a. HTTP Headers b. HTTP Cookies c. Query String Parameters d. HTTP Methods

d. HTTP Methods

When you're configuring a CloudFront distribution to use Signed URLs/Cookies, it is recommended to use ______ signer instead of ______ signer. a. trusted key group, CloudFront key pair b. CloudFront key pair, Trusted key group

a. trusted key group, CloudFront key pair

You have multiple Docker-based applications hosted on-premises that you want to migrate to AWS. You don't want to provision or manage any infrastructure, you just want to run your containers on AWS. Which AWS Service should you choose? a. Elastic Container Service (ECS) b. Elastic Container Registry (ECR) c. AWS Fargate d. Elastic Kubernetes Service (EKS)

c. AWS Fargate

Two of the launch types of ECS are: a. Amazon EC2 Launch Type and Fargate Launch Type b. Amazon EC2 Launch Type and EKS Launch Type c. Fargate Launch Type and EKS Launch Type

a. Amazon EC2 Launch Type and Fargate Launch Type

You have an application hosted on an ECS Cluster (EC2 Launch Type) where you want your ECS tasks to upload files to an S3 bucket. Which IAM Role for your ECS Tasks should you modify? a. EC2 Instance Profile b. ECS Task Role

b. ECS Task Role

You're planning to migrate a Word Press website running on Docker containers from on-premises to AWS. You have decided to run the application in an ECS Cluster, but you want your Docker containers to access the same WordPress website content such as website files, images, videos, etc. What do you recommend to achieve this? a. Mount an EFS volume b. Mound and EBS volume c. Use and EC2 Instance Store

a. Mount and EFS volume

You are deploying an application on an ECS Cluster made of EC2 instances. Currently, the cluster is hosting one application that is issuing API calls to DynamoDB successfully. Upon adding a second application, which issues API calls to S3, you are getting authorization issues. What should you do to resolve the problem and ensure proper security? a. Edit the EC2 instance role to add permission to S3 b. Create and IAM task role for the new application c. Enable the Fargate mode d. Edit the S3 bucket policy to allow the ECS task

b. Create an IAM task role for the new application

Which feature allows an Application Load Balancer to redirect traffic to multiple ECS Tasks running on the same ECS Container instance? a. Automatic Port Mapping b. ECS Task Definition c. ECS Service d. Dynamic Port Mapping

d. Dynamic Port Mapping

You are migrating your on-premises Docker-based application to Amazon ECS. You were using Docker Hub Container Image Library as your container image repository. Which is an alternative AWS service which is fully integrated with Amazon ECS? a. AWS Fargate b. Elastic Kubernetes Service (EKS) c. Elastic Container Registry (ECR) d. Amazon EC2

c. Elastic Container Registry (ECR)

You have a Classic ECS cluster that you want to enable IAM roles for your ECS tasks so that they can make API requests to AWS Services. Which ECS configuration options should you enable in /etc/ecs/ecs.config? a. ECS_CLUSTER b. ECS_ENGINE_AUTH_DATA c. ECS_AVAILABLE_LOGGING_DRIVERS d. ECS_ENABLE_TASK_IAM_ROLES

d. ECS_ENABLE_TASK_IAM_ROLES

You have a CodePipeline pipeline, which contains a build state that uses AWS CodeBuild. This build stage builds your Docker images and pushes them to Amazon ECR. The build stage fails with an authorization issues. What is the issue? a. Open an AWS Support ticket? b. Delete and re-create your ECR repositories c. Double-check your IAM role and permissions for the AWS CodeBuild service d. You must have an up and running EC2 container instance

c. Double-check your IAM role and permissions for the AWS CodeBuild service

You are looking to run multiple copies of the same application on the same EC2 instance and expose it with an load balancer. The application is available as a Docker image. You should use _____. a. Application Load Balancer + ECS b. Classic Load Balancer + Beanstalk c. Application Load Balancer + Beanstalk d. Classic Load Balancer + ECS

a. Application Load Balancer + ECS

You have a containerized application stored as Docker images in an ECR repository, that you want to run on an ECS cluster. You're trying to launch two copies of the same Docker container to the same EC2 container instance. The first container successfully starts, but the second container doesn't. You have checked that there's enough CPU and RAM on the EC2 container instance. What is the problem here? a. The EC2 container instance doesn't have the required IAM permissions to fetch Docker images from the ECR repository. b. The host port defined in the task definition c. The container port defined in the task definition d. EC2 container instances can only run one container instance for each Docker image.

b. The host port defined in the task definition *** To enable random host port, set host port=0 (or empty), which allows multiple containers of the same type to launch on the same EC2 container instance.

A newly launched EC2 container instance can't be registered with your ECS cluster. What is NOT a reason for this issue? a. the ECS agent is not running b. the AMI used isn't the Amazon ECS-optimized AMI c. the EC2 container instance is missing IAM permissions d. the security group on the EC2 instance does not allow inbound traffic.

d. the security group on the EC2 instance does not allow inbound traffic.

You want to pull Docker images from a private ECR repository. Which AWS CLI command can you use? a. docker login -u $AWS_ACCESS_KEY_ID -p $AWS_SECRET_ACCESS_KEY $ECR_URL docker pull $ECR_IMAGE_URL b. docker login -u $AWS_USERNAME -p $AWS_PASSWORD $ECR_URL docker pull $ECR_IMAGE_URL c. $(aws ecr get-login --no-include-email) docker pull $ECR_IMAGE_URL d. docker build -t $ECR_URL docker pull $ECR_IMAGE_URL

c. $(aws ecr get-login --no-include-email) | docker pull $ECR_IMAGE_URL

You have an ECS cluster where you want to run 4 ECS services. Each ECS service needs to interact with various AWS services. Which of the following is the best practice while giving permission to these ECS services? a. Create an IAM role with 4 IAM policies and attach it to the EC2 instances in the ECS cluster. b. Create 4 IAM roles and attach them to the EC2 instances in the ECS cluster. c. Create 1 ECS Task role with 4 policies and attach it to each ECS Task definition. d. Create 4 ECS Task roles and attach them to the relevant ECS Task definition.

d. Create 4 ECS Task roles and attach them to the relevant ECS Task definition.

Which ECS Task Placement strategy is the most cost-efficient? a. spread b. binpack c. random

b. binpack

Which ECS Task Placement constraint allows you to place each ECS Task on a different EC2 container instance? a. distintInstance b. memberOf

a. distintInstance

You're developing an application and would like to deploy it to Elastic Beanstalk with minimal cost. you should run it in ___. a. single instance mode b. high availability mode

a. single instance mode

Elastic Beanstalk application versions can be deployed to ____. a. one environment b. many environments

b. many environments

You have been tasked to run an application developed using Rust language on Elastic Beanstalk. After checking you found that Rust runtime is not currently supported on Elastic Beanstalk. Which of the following is NOT a solution? a. Create a custom platform. b. Install scripts and security software using an EC2 User Data script c. Use a Docker image with all scripts and security software installed. d. use a Custom AMI

b. Install scripts and security software using an EC2 User Data script

True or False: Environments in Elastic Beanstalk must have the following names: dev, test, and prod.

False

You are developing a new application that's hosted on Elastic Beanstalk. As you are in the development process you don't mind downtime so you want your application to be deployed as soon as a new version is available. Which Elastic Beanstalk deployment option should you use? a. all at once b. rolling c. rolling with additional batches d. immutable

a. all at once

A company hosting their websites on AWS Elastic Beanstalk. They want a methodology to continuously release new application versions with the ability to roll back very quickly in case if there's any issues. Also, the application must be running at full capacity while releasing new versions. Which Elastic Beanstalk deployment option do you recommend? a. all at once b. rolling c. rolling with additional batches d. immutable

d. immutable

You're a DevOps engineer working for a startup company hosting their application on Elastic Beanstalk. The application is in its early phases and it has a lot of new updates every week while being used by a number of users. You want to continuously release new features without application downtime and without incurring extra costs. It's acceptable to temporarily decrease the number of running instances serving users. Which Elastic Beanstalk deployment option should you choose? a. all at once b. rolling c. rolling with additional batches d. immutable

b. rolling

Which Elastic Beanstalk deployment option allows you to release new version of your application with minimal added cost while maintaining the full capacity to serve the current users? a. all at once b. rolling c. rolling with additional batches d. immutable

c. rolling with additional batches

To improve you application performance, you want to add an ElastiCache cluster to your application hosted on Elastic Beanstalk. What should you do? a. Manually create an ElastiCache cluster outside of your Elastic Beanstalk and connect to it through using environment variables. b. Create an elasticache.extensions file at the root of the code zip files and provide appropriate configuration. c. Create a config.elasticache file in the .ebextensions folder which is at the root of the code zip file and provide appropriate configuration. d. Create and elasticache.config file in the .ebextensions folder which is at the root of the code zip file and provides appropriate configuration.

d. Create and elasticache.config file in the .ebextensions folder which is at the root of the code zip file and provides appropriate configuration.

Your deployment on Elastic Beanstalk have been painfully slow. After checking the logs, you realize that this is due to the fact that your application dependencies are resolved on each instance each time you deploy. What can you do to speed up to the deployment process with minimal impact? a. Resolve the dependencies beforehand and package them in the zip file uploaded to Elastic Beanstalk b. Remove some dependencies in your code c. Place the dependencies in an S3 Bucket

a. Resolve the dependencies beforehand and package them in the zip file uploaded to Elastic Beanstalk

Which AWS service does Elastic Beanstalk use under the hood? a. AWS OpsWorks b. AWS CloudFormation c. AWS Lambda d. Amazon EC2

b. AWS CloudFormation

Due to compliance regulations, you have been tasked to enable HTTPS for your application hosted on Elastic Beanstalk. This allows in-flight encryption between your clients and web servers. What must be done to set up HTTPS on Elastic Beanstalk? a. Use a separate CloudFormation template to load the SSL certificate onto the Application Load Balancer b. Modify Security Groups to allows inbound traffic on port 80. c. Create an .ebextension/securelistner-alb.config file to configure the Applicaiton Load Balancer d. Configure Health Checks

c. Create an .ebextension/securelistner-alb.config file to configure the Applicaiton Load Balancer

Which feature in Elastic Beanstalk allows you to automate deletions of old application versions so that new application versions can be created? a. setup an .ebextensions file b. use a lifecycle policy c. define a Lambda function d. use Worker environments

b. use a lifecycle policy

You're using Elastic Beanstalk and you would like to schedule tasks to run periodically and asynchronously. These tasks typically take more than 1 hour to complete. Which Elastic Beanstalk environment should you choose? a. web server environment and a .ebextension file b. web server environment and a cron.yaml file c. worker environment and a .ebextension file d. work environment and a cron.yaml file

d. work environment and a cron.yaml file

You have created a test environment in Elastic Beanstalk and as part of the environment, you have created an RDS DB instance. How can you make sure the database can be used after you delete the environment a. Make a selective delete in Elastic Beanstalk b. Make a snapshot of the RDS DB instance before it gets deleted c. Change the Elastic Beanstalk environment variables

b. Make a snapshot of the RDS DB instance before it gets deleted

You're running an application on Elastic Beanstalk. You have just finished a major update to your application. You want to deploy the new version then direct a small percentage of traffic to the new version so you can test and fall back if there're any issues. Which Elastic Beanstalk deployment option should you choose? a. Traffic Splitting b. Rolling c. Rolling with Additional Batches d. Immutable

a. Traffic Splitting

You have been hired by a company to run some tests on their application hosted on Elastic Beanstalk. You can't run these tests on the current environment as this is the production environment, so you have to create another environment similar to the one already running. Which Elastic Beanstalk feature allows you to do this? a. Download the current Elastic Beanstalk environment CloudFormation template, then use it to create another environment. b. Manually create another environment with the same configuration c. Elastic Beanstalk Cloning d. Use Worker Environment

c. Elastic Beanstalk Cloning