Aws Practice 3 Flashcards
An IT company has deployed its infrastructure on the AWS cloud. There must be a database that supports reads with a latency of under a millisecond for critical applications.
Which AWS service will meet this requirement?
-AWS Glue
-Amazon ElastiCache
-Amazon RDS
-Amazon EMR
Amazon ElastiCache
Amazon ElastiCache s is a blazing fast in-memory data store that provides sub-millisecond latency to power internet-scale real-time applications. Built on open-source Redis or Memcached, ElastiCache works seamlessly with Redis or Memcached without any code changes.
AWS Glue is an event-driven, serverless computing platform.
Whilst RDS is a database solution, it cannot handle single millisecond queries.
Amazon EMR is a cloud big data platform that can be queried using SQL.
An ecommerce company is using Auto Scaling groups to manage a group of web servers running on Amazon EC2 and are additionally placed behind an Elastic Load balancer.
This architecture follows which AWS Well-Architected Framework best practice?
-Design for failure
-Think parallel
-Decouple infrastructure components
-Secure the workload
Design for failure
Designing for failure is an important part of architecting for cloud workloads and the easiest way to do this when using Amazon EC2 instances is to put the within an Auto Scaling group and then place them behind an Elastic Load balancer.
An Auto Scaling group contains a collection of EC2 instances that are treated as a logical grouping for the purposes of automatic scaling and management. An Auto Scaling group also enables you to use Amazon EC2 Auto Scaling features such as health check replacements and scaling policies. Both maintaining the number of instances in an Auto Scaling group and automatic scaling are the core functionality of the Amazon EC2 Auto Scaling service.
An Elastic load balancer distributes the load to each of these web servers in a distributed manner, allowing for scalable and flexible architecture.
The combination of both features of Amazon EC2 will enable high availability and is an example of designing for failure.
“Decouple infrastructure components” is incorrect. Auto Scaling Groups and Elastic Load Balancers are typically not used to decouple architecture, and there are other services which are specifically designed to do this such as the Amazon Simple Queue Service (SQS) or AWS Lambda.
How can a company separate costs for storage, Amazon EC2, Amazon S3, and other AWS services by department?
-Add department-specific tags to each resource
-Create a separate AWS account for each department
-Create a separate VPC for each department
-Use AWS Organizations
Add department-specific tags to each resource
A tag is a label that you or AWS assigns to an AWS resource. Each tag consists of a key and a value. For each resource, each tag key must be unique, and each tag key can have only one value.
You can use tags to organize your resources, and cost allocation tags to track your AWS costs on a detailed level. After you activate cost allocation tags, AWS uses the cost allocation tags to organize your resource costs on your cost allocation report, to make it easier for you to categorize and track your AWS costs.
AWS provides two types of cost allocation tags, an AWS generated tags and user-defined tags. AWS defines, creates, and applies the AWS generated tags for you, and you define, create, and apply user-defined tags. You must activate both types of tags separately before they can appear in Cost Explorer or on a cost allocation report.
How does the AWS global infrastructure offer high availability and fault tolerance to customers?
-AWS allows users to choose AWS Regions and data centers so that users can select the closest data centers in different Regions.
-The AWS infrastructure consists of isolated AWS Regions with independent Availability Zones that are connected with low-latency networking and redundant power supplies.
-The AWS infrastructure consists of subnets containing various Availability Zones with multiple data centers located in the same geographic location.
-The AWS infrastructure is made up of multiple AWS Regions within various Availability Zones located in areas that have low flood risk and are interconnected with low-latency networks and redundant power supplies.
-The AWS infrastructure consists of isolated AWS Regions with independent Availability Zones that are connected with low-latency networking and redundant power supplies.
AWS has the concept of a Region, which is a physical location around the world where we cluster data centers. We call each group of logical data centers an Availability Zone. Each AWS Region consists of multiple, isolated, and physically separate AZs within a geographic area. Each Region and each AZ is fully redundant from one another, meaning a failure in one AZ / Region will not impact another Region or AZ.
Under the AWS shared responsibility model, which of the following is an example of security in the AWS Cloud?
-Global infrastructure
-Firewall configuration
-Physical security
-Managing edge locations
Firewall configuration
Which AWS services are associated with Edge Locations? (Select TWO.)
-Amazon CloudFront
-Amazon EBS
-AWS Config
-AWS Direct Connect
-AWS Shield
-Amazon CloudFront
-AWS Shield
Edge Locations are parts of the Amazon CloudFront content delivery network (CDN) that are all around the world and are used to get content closer to end-users for better performance.
AWS Shield which protects against Distributed Denial of Service (DDoS) attacks is available globally on Amazon CloudFront Edge Locations.
Which IAM entity can be used for assigning permissions to AWS services”?
-IAM Access Key ID and Secret Access Key
-IAM Role
-IAM Policy
-Security Token Service (STS)
IAM Role
With IAM Roles you can delegate permissions to resources for users and services without using permanent credentials (e.g. username and password). To do so you can create a role and assign an IAM policy to the role that has the permissions required.
An IAM policy is a policy document that is used to define permissions that can be applied to users, groups and roles. You don’t apply the policy to the service, you apply it to the role. The role is then used to assign permissions to the AWS service.
What technology enables compute capacity to adjust as loads change?
-Auto Scaling
-Round robin
-Automatic failover
-Load balancing
Auto Scaling allows the dynamic adjustment of provisioned resources based on demand. For instance, you can use Amazon EC2 Auto Scaling to launch additional EC2 instances when CloudWatch metrics report the CPU utilization has reached a certain threshold.
“Round robin” is incorrect. This is typically associated with the Domain Name Service (DNS) where responses are provided from a pool of addresses in a sequential and circular fashion.
An organization moves a workload to Amazon EC2 instances on AWS. Cost-effectiveness is the key to running the workload properly in the Cloud.
What can the company do to meet this requirement?
-Use AWS Key Management Service (AWS KMS).
-Use multiple AWS accounts and consolidated billing.
-Use AWS CloudFormation to deploy the infrastructure.
-Right size all the EC2 instances that are used in the deployment
Right size all the EC2 instances that are used in the deployment
Rightsizing EC2 instances simply means making sure that the instances you are using are not too large or too small for the workloads they are running. The part of this which is related to cost optimization is ensuring that the EC2 instances provisioned are not too small for the workloads (i.e. you need a m5.2xlarge and you are using an m5.4xlarge instance type. As you simply get billed for the instance you are using and not how many VCPUs you are using, right sizing is a powerful way to optimize cost.
AWS Compute Optimizer is a useful tool that uses machine learning to report on overutilization and underutilization of resources. You can use Compute Optimizer to gather the information needed to rightsize your workloads.
AWS CloudFormation is an infrastructure as code tool which provisions your infrastructure using either JSON or YAML. This may improve various aspects of your architecture but will not make it any cheaper.
A company has a website that delivers static content from an Amazon S3 bucket to users from around the world. Which AWS service will deliver the content with low latency?
-AWS Global Accelerator
-Amazon CloudFront
-AWS Elastic Beanstalk
-AWS Lambda
Amazon CloudFront
Amazon CloudFront is a content delivery network (CDN) and can use an Amazon S3 bucket configured as a static website as an origin for the content is caches globally. CloudFront reduces latency for global users by serving the requested content from a local cache.
Global Accelerator is used to direct traffic to application endpoints in different Regions using the AWS global network. It does not cache content and would not be used in front of an S3 bucket.
Which service can be used to cost-effectively move exabytes of data into AWS?
-AWS Snowmobile
-S3 Cross-Region Replication (CRR)
-AWS Snowball
-S3 Transfer Acceleration
AWS Snowmobile
With AWS Snowmobile you can move 100PB per snowmobile. AWS call this an “Exabyte-scale data transfer service”.
Which service allows an organization to view operational data from multiple AWS services through a unified user interface and automate operational tasks?
-AWS Config
-Amazon CloudWatch
-AWS OpsWorks
-AWS Systems Manager
AWS Systems Manager
AWS Systems Manager gives you visibility and control of your infrastructure on AWS. Systems Manager provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources.
A company needs to invoke an AWS Step Functions workflow each time an Amazon EC2 instance state changes.
Which AWS service can the company use to meet this requirement?
-AWS Fargate
-Amazon EventBridge
-Amazon Connect
-Amazon SageMaker
Amazon EventBridge
Amazon EventBridge is a serverless event bus that makes it easier to build event-driven applications at scale using events generated from your applications. You can set rules for actions to take place when certain events happen, like instance state changes, items are uploaded to an S3 bucket etc.
An Amazon EC2 instance running the Amazon Linux 2 AMI is billed in what increment?
-Per CPU
-Per hour
-Per GB
-Per second
Per second
Amazon EC2 instances running Linux are billed in one second increments, with a minimum of 60 seconds.
To gain greater discounts, which services can be reserved? (Select TWO.)
-Amazon S3
-AWS Lambda
-Amazon DynamoDB
-Amazon CloudWatch
-Amazon RedShift
-Amazon DynamoDB
-Amazon RedShift
Reservations provide you with greater discounts, up to 75%, by paying for capacity ahead of time. Some of the services you can reserve include: EC2, DynamoDB, ElastiCache, RDS, and RedShift.
Which of the following are advantages of the AWS Cloud? (Select TWO.)
-Overprovision to ensure capacity.
-Launch globally in minutes.
-Focus on managing hardware infrastructure.
-Trade variable expenses for capital expenses.
-High economies of scale.
-Launch globally in minutes.
-High economies of scale.
Economies of scales refers to the fact that because AWS has a global customer base, they can afford to sell much cheaper to any one customer. This is a benefit of being on the cloud and the customer number keeps increasing, and the price keeps going down as a result.
Also as AWS have Regions placed all over the globe, there is a large degree of choice you have in where your applications are launched. In a traditional IT environment this would have been a big problem, and it would have been a logistical nightmare launching an application across multiple Regions.
How can a user block a suspicious IP address from connecting to an Amazon EC2 instance?
-Block the IP on the inbound rule of a network ACL.
-Block the IP on the outbound rule of a security group.
-Block the IP on the inbound rule of a security group and network ACL.
-Block the IP on the outbound rule of a security group and network ACL.
Block the IP on the inbound rule of a network ACL.
With a Network ACL you can block a specific IP address that would be coming inbound into your subnet. This would prevent a specific IP from gaining access if you suspected them of being a bad actor.
The table below shows the key differences between Network ACLs and Security Groups:
A company currently uses a Security Assertion Markup Language (SAML) based application to log in to third-party business applications and would like to have this hosted in AWS using managed services.
Which AWS service will meet this requirement?
-AWS Identity and Access Management (IAM).
-AWS CLI.
-Amazon Cognito.
-AWS Single Sign-On.
AWS Single Sign-On (SSO)
AWS SSO allows you to manage SAML-based authentication and provides centralized access to third-party business applications, such as those supporting SAML for single sign-on. It is designed to integrate with external identity providers and facilitate SSO for AWS services and third-party applications.
- Amazon Cognito is primarily used for user sign-up, sign-in, and managing authentication for web and mobile apps. It can integrate with SAML-based identity providers, but it is designed more for managing access for customer-facing applications (B2C) or external users. It’s great for adding authentication mechanisms (including SAML) to your apps but not for centralized management of workforce users.
- AWS Single Sign-On (SSO), on thel other hand, is designed specifically for managing workforce identities and providing centralized access to AWS accounts and third-party business applications (which can use SAML). It is more suitable for managing access to multiple business applications within an organization.
Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. Amazon Cognito scales to millions of users and supports sign-in with social identity providers, such as Apple, Facebook, Google, and Amazon, and enterprise identity providers via SAML 2.0 and OpenID Connect.
AWS Single Sign-On (AWS SSO) is where you create, or connect, your workforce identities in AWS once and manage access centrally across your AWS organization and doesn’t use SAML.
Your CTO wants to move to cloud. What cost advantages are there to moving to cloud?
-You provision only what you need and adjust to peak load
-You can reduce your marketing costs
-You get free data transfer into and out of the cloud
-You don’t need to pay for application licensing
You provision only what you need and adjust to peak load
One of the best benefits of cloud is that you can launch what you need to and automatically adjust your resources as demand changes. This means you only ever pay for what you’re using.
Which of the below is an example of an architectural benefit of moving to the cloud?
-Elasticity
-Monolithic services
-Proprietary hardware
-Vertical scalability
Elasticity
A user needs a quick way to determine if any Amazon EC2 instances have ports that allow unrestricted access.
Which AWS service will support this requirement?
-VPC Flow Logs
-AWS Shield
-AWS Trusted Advisor
-AWS CloudWatch Logs
AWS Trusted Advisor
Access to the ports on an Amazon EC2 instance is controlled through security groups. AWS Trusted Advisor scans the security groups in your account to see if any security groups allow unrestricted access to any ports. This information is then presented to you in the console and you can then act on this information to secure the ports through editing the rules in the security group.
VPC Flow Logs capture information about the IP traffic going to and from network interfaces in your VPC.
CloudWatch Logs captures logging information from applications and AWS services.
Which Amazon EC2 pricing model is the most cost-effective for an always-up, right-sized database server running a project that will last 1 year?
-On-Demand Instances
-Standard Reserved Instances
-Convertible Reserved Instances
-Spot Instances
Standard Reserved Instances
Reserved Instances (RIs) provide you with a significant discount (up to 72%) compared to On-Demand instance pricing. Standard reserved instances offer the most cost savings. RIs are based on a 1 or 3 year contract so they are suitable for workloads that will run for the duration of the contract period.
“Convertible Reserved Instances” is incorrect. You have the flexibility to change families, OS types, and tenancies while benefitting from RI pricing when you use Convertible RIs. However, this is not required for a right-sized server.
How does Amazon EC2 Auto Scaling help with resiliency?
-By automating the failover of applications
-By launching and terminating instances as needed
-By distributing connections to EC2 instances
-By changing instance types to increase capacity
By launching and terminating instances as needed
Amazon EC2 Auto Scaling launches and terminates instances as demand changes. This helps with resiliency and high availability as it can also be set to ensure a minimum number of instances are always available.
A company has many different business units all using the same AWS services to manage their different applications.
Which AWS service or tool can the company use to receive volume discounts across multiple AWS accounts?
-AWS Cost and Usage Report
-AWS Budgets
-AWS Organizations
-Cost Explorer
AWS Organizations
You can use the consolidated billing feature in AWS Organizations to consolidate billing and payment for multiple AWS accounts. Every organization in AWS Organizations has a management account that pays the charges of all the member accounts. With consolidated billing you can take advantage of cost savings for services that have tiered licensing models.
