AWS Dev Associate Flashcards
Pass aws cert exam!
You plan on running an open-source MongoDB database year-round on EC2. Which instance launch mode should you choose?
- on-demand
- reserved instances
- spot instances
Reserved Instances
You are launching an EC2 instance in us-east-1 using this Python script snippet:
> ec2.create_instances(ImageId=’ami-b23a5e7’, MinCount=1, MaxCount=1)
It works well, so you decide to deploy your script in us-west-1 as well. There, the script does not work and fails with “ami not found” error. What’s the problem?
- AMI is region locked and the same ID cannot be used across regions
- The AMI needs to first be shared to another region. The same ID can then be used
AMI is region locked and the same ID cannot be used across regions
You would like to deploy a database technology and the vendor license bills you based on the physical cores and underlying network socket visibility. Which EC2 launch modes allow you to get visibility into them?
- spot ins
- dedicated hosts
- on-demand
Dedicated Hosts
You are running a critical workload of three hours per week, on Monday. As a solutions architect, which EC2 Instance Launch Type should you choose to maximize the cost savings while ensuring the application stability?
- on-demand ins
- reserved ins
- spot ins
- scheduled reserved ins
Scheduled Reserved Instances
Scalability vs High Availability
S: app can handle greater load by adapting (v & h: elasticity)
HA: running app in 2+ data centers, can survive data center loss
Load Balancers provide a
- static IPv4 we can use in our application
- static DNS name we can use in our app
- static IPv6 we can use in our app
static DNS name we can use in our app - ELB chapter
You are running a website with a load balancer and 10 EC2 instances. Your users are complaining about the fact that your website always asks them to re-authenticate when they switch pages. You are puzzled, because it’s working just fine on your machine and in the dev environment with 1 server. What could be the reason?
- the app must have a bug
- the load balancer does not have stickiness enabled
- the EC2 Instances log out users b/c they don’t see their true IPs
the load balancer does not have stickiness enabled
Your application is using an Application Load Balancer. It turns out your application only sees traffic coming from private IP which are in fact your load balancer’s. What should you do to find the true IP of the clients connected to your website?
- Modify the frontend of the website so that users send their IP in the requests
- Look into the X-Forwarded-For header in the backend
- Look into the X-Forwarded-Proto header in the backend
Look into the X-Forwarded-For header in the backend
You quickly created an ELB and it turns out your users are complaining about the fact that sometimes, the servers just don’t work. You realise that indeed, your servers do crash from time to time. How to protect your users from seeing these crashes?
- enable Stickiness
- enable Health Checks
- enable SSL Termination
enable Health Checks - CLB hands on
You are designing a high performance application that will require millions of connections to be handled, as well as low latency. The best Load Balancer for this is
- ALB
- CLB
- NLB
network load balancer
Application Load Balancers handle all these protocols except
- HTTP
- HTTPS
- Websocket
- TCP
TCP - ELB overview
The application load balancer can redirect to different target groups based on all these except…
- Hostname
- Request Path
- Client IP
Client IP
You are running at desired capacity of 3 and the maximum capacity of 3. You have alarms set at 60% CPU to scale out your application. Your application is now running at 80% capacity. What will happen?
- Nothing
- The desired capacity will go up to 4 and max will stay at 3
- The desired capacity will go up to 4 and max will stay at 4
nothing - auto scaling groups hands on
I have an ASG and an ALB, and I setup my ASG to get health status of instances thanks to my ALB. One instance has just been reported unhealthy. What will happen?
- the ASG will keep the instance running & restart the app
- the ASG will detach the EC2 instance from the group
- the ASG will terminate the EC2 instance
the ASG will terminate the EC2 instance
Your boss wants to scale your ASG based on the number of requests per minute your application makes to your database.
- it’s impossible
- create a CloudWatch custom metric & build alarm on this to scale your ASG
- enable detailed monitoring & use that to scale your ASG
create a CloudWatch custom metric & build alarm on this to scale your ASG
Scaling an instance from an r4.large to an r4.4xlarge is called
- horizontal
- vertical
scalability?
vertical scalability
Running an application on an auto scaling group that scales the number of instances in and out is called
- horizontal
- vertical
scalability?
horizontal scalability
You would like to expose a fixed static IP to your end-users for compliance purposes, so they can write firewall rules that will be stable and approved by regulators. Which Load Balancer should you use?
- ALB with Elastic IP attached to it
- NLB
- CLB
network load balancer
Network Load Balancers expose a public static IP, whereas an Application or Classic Load Balancer exposes a static DNS (URL)
A web application hosted in EC2 is managed by an ASG. You are exposing this application through an Application Load Balancer. The ALB is deployed on the VPC with the following CIDR: 192.168.0.0/18. How do you configure the EC2 instance security group to ensure only the ALB can access the port 80?
- open up the EC2 security group on port 80 to 0.0.0.0/0
- open up the EC2 security group on port 80 to 192.168.0.0/18
- open up the EC2 security group on port 80 to the ALB’s security group
open up the EC2 security group on port 80 to the ALB’s security group
This is the most secure way of ensuring only the ALB can access the EC2 instances. Referencing by security groups in rules is an extremely powerful rule and many questions at the exam rely on it.
Your application load balancer is hosting 3 target groups with hostnames being users.example.com, api.external.example.com, and checkout.example.com. You would like to expose HTTPS traffic for each of these hostnames. How do you configure your ALB SSL certificates to make this work?
- use SNI
- use a wildcard SSL certificate
- use an HTTP to HTTPS redirect rule
- use a security group SSL certificate
use SNI
SNI (Server Name Indication) is a feature allowing you to expose multiple SSL certs if the client supports it. Read more here: https://aws.amazon.com/blogs/aws/new-application-load-balancer-sni/
The Application Load Balancers target groups can be all of these EXCEPT…
- EC2 Instances
- IP Addresses
- Lambda functions
- NLBs
network load balancer
You are running an application in 3 AZ, with an Auto Scaling Group and a Classic Load Balancer. It seems that the traffic is not evenly distributed amongst all the backend EC2 instances, with some AZ being overloaded. Which feature should help distribute the traffic across all the available EC2 instances?
- stickiness
- cross zone load balancing
- target group routing rules
- HTTPS termination
cross zone load balancing - video #40
Your Application Load Balancer (ALB) currently is routing to two target groups, each of them is routed to based on hostname rules. You have been tasked with enabling HTTPS traffic for each hostname and have loaded the certificates onto the ALB. Which ALB feature will help it choose the right certificate for your clients?
- TLS Termination
- Server Name Indication (SNI)
- SSL Security Policies
- Host Header
Server Name Indication (SNI)
An application is deployed with an Application Load Balancer and an Auto Scaling Group. Currently, the scaling of the Auto Scaling Group is done manually and you would like to define a scaling policy that will ensure the average number of connections to your EC2 instances is averaging at around 1000. Which scaling policy should you use?
- simple scaling policy
- step scaling policy
- target tracking
- scheduled scaling
target tracking