AWS Practice Test 1 Flashcards
C.R.O.P.S. is an acronym for the 5 pillars of the AWS well-architected framework. Name the 5 pillars
Cost optimization, reliability, operational excellence, performance efficiency, and security
VPC stands for what?
Virtual Private Cloud
In “Detailed” monitoring data available for your EBS volumes, Provisioned IOPS volumes automatically send _________ minute metrics to Amazon CloudWatch
Amazon Elastic Block Store (Amazon EBS) sends data points to CloudWatch for several metrics. All Amazon EBS volume types automatically send 1-minute metrics to CloudWatch, but only when the volume is attached to an instance.
Does Route 53 support MX Records?
Yes
Is it possible to change an instance type after it has been created?
Type can be changed if it has an EBS store volume root device
How can we protect accidental termination of our instances?
By using Enable termination protection option
You have an Amazon Elastic Cloud Compute (EC2) security group with several running EC2 instances. You change the security group rules to allow inbound traffic on a new port and protocol, and launch several new instances in the same security group. The new rules apply
Immediately to all instances in the security group
You are developing a highly available web application using stateless web servers. Which services are suitable for storing session state data? Choose 3 answers
Amazon DynamoDB
OR
Amazon ElasticCache
OR
Amazon Relational Database Service (RDS)
You are configuring a new VPC for one of your client for a cloud migration project. Only a public VPN will be in place. After you created your VPC, you created a new subnet, a new internet gateway and attached your internet gateway with your VPC. As you created your first instance in to your VPC, you realized that you can not connect the instance even it is configured with elastic IP. What should be done to access the instance?
A route should be created as 0.0.0.0/0 and your internet gateway as target
All traffic should be routed via Internet Gateway. So, a route should be created with 0.0.0.0/0 as a source, and your Internet Gateway as your target.
You can use _______ and ________ to help secure the instances in your VPC.
Security groups and network ACLs
Can we attach an EBS volume to more than one EC2 instance at the same time?
No
You have a business-critical two-tier web app currently deployed in two AZ in a single region, using Elastic Load Balancing and Auto Scaling. The app depends on synchronous replication (very low latency connectivity) at the database layer. The application needs to remain fully available even if one application AZs goes off-line, and Auto Scaling cannot launch new instances in the remaining AZs. How can the current architecture be enhanced to ensure this
Deploy in three Availability Zones, with Auto Scaling minimum set to handle 50 percent peak load per zone.
Will my standby RDS instance be in the same AZ as my primary?
No
The user just started an instance at 3 PM. Between 3 PM to 5 PM, he stopped and started the instance twice. During the same period, he has run the linux reboot command by ssh once and triggered reboot from AWS console once. For how many instance hours will AWS charge this user
4
An IAM user is trying to perform an action on an object belonging to some other root account’s bucket. Which of the below mentioned options will AWS S3 not verify?
Permission provided by the parent of the IAM user on the bucket
If the IAM user is trying to perform some action on the object belonging to another AWS user’s bucket, S3 will verify whether the owner of the IAM user has given sufficient permission
After creating a new AWS account, you use the API to request 40 on-demand Amazon Elastic Compute Cloud (EC2) instances in a single Availability Zone. After 20 successful requests, subsequent requests failed. What could be a reason for this issue, and how would you resolve it?
You encountered a soft limit of 20 instances per region. Submit the limit increase form and retry the failed requests once approved
We can run any number of Amazon EC2 instances within a VPC, so long as your VPC is appropriately sized to have an IP address assigned to each instance. You are initially limited to launching 20 Amazon EC2 instances at any one time and a maximum VPC size of /16 (65,536 IPs).
Can you create IAM security credentials for existing users?
Yes, existing users can have security credentials associated with their account
About the charge of Elastic IP Address, which of the following is true?
You can have one Elastic IP (EIP) address associated with a running instance at no charge.
An Elastic IP address doesn’t incur charges as long as all the following conditions are true: The Elastic IP address is associated with an EC2 instance. The instance associated with the Elastic IP address is running. The instance has only one Elastic IP address attached to it.
Select the correct set of options. These are the initial settings for the default security group
Allow no inbound traffic, Allow all outbound traffic and Allow instances associated with this security group to talk to each other.
Which service alias record is not free when using with Route 53?
AS
What does Amazon CloudFormation provide?
A template resource creation for Amazon Web Services.
CloudFormation supports creating VPCs, subnets, gateways, route tables and network ACLs as well as creating resources such as elastic IPs, Amazon EC2 Instances, EC2 security groups, auto scaling groups, elastic load balancers, Amazon RDS database instances and Amazon RDS security groups in a VPC.
You are deploying an application an Amazon Elastic Cloud Compute (EC2) that must call AWS APIs. What method of securely passing credentials to the application should you use?
Use AWS Identity and Access Management roles for EC2 instances.
Which DNS name can only be resolved within Amazon EC2?
Internal DNS name
What about below is false for AWS SLA?
S3 availability is guarantee to 99.95%.
Which of the following requires a custom CloudWatch metric to monitor
Memory use
Placement Groups: enables applications to participate in a low-latency, 10 Gbps network. Which of below statements is false.
You can move an existing instance into a placement group by specify parameter of placement group.
In reviewing the Auto Scaling events for your application you notice that your application is scaling up and down multiple times in the same hour. What design choice could you make to optimize for cost while preserving elasticity? Choose 2 answers
Modify the Auto Scaling group cool-down timers.
OR
Modify the Amazon CloudWatch alarm period that triggers your Auto Scaling scale down policy.
You are setting up a VPC and you need to set up a public subnet within that VPC. What following requirement must be met for this subnet to be considered a public subnet?
Subnet’s traffic is routed to an Internet gateway
Which record type queries are free when using Route 53?
Alias
What does the “Server Side Encryption” option an Amazon S3 provide?
It encrypts the files that you send to Amazon S3, on the server side.
Amazon S3 encrypts each object with a unique key. As an additional safeguard, it encrypts the key itself with a master key that it regularly rotates. Amazon S3 server-side encryption uses one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256), to encrypt your data.
You have assigned one Elastic IP to your EC2 instance. Now we need to restart the VM without EIP changed. Which of below you should not do?
Reboot and stop/start both works.
If any change is made to a security group rule, when are these changes effective?
Changes are automatically applied after a short period
We can add and remove rules at any time. Your changes are automatically applied to the instances that are associated with the security group. The effect of some rule changes can depend on how the traffic is tracked.
A new instance is launched in public VPC subnet. There is an internet gateway and a route entry as 0.0.0.0/0 but instance can not reach internet. Other instances in this subnet have no issue. How can this problem be solved?
Instance should have either public IP or elastic IP
Which of the following is a durable key-value store?
Amazon Simple Storage Service
http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingObjects.html
What is the Reduced Redundancy option in Amazon S3?
Reproducible data at Less redundancy for a lower cost
When you run a DB Instance as a Multi-AZ deployment, the “______” serves database writes and reads
Primary
How can you change the instance type used in Auto Scaling Group?
AS Group should be deleted and recreated
Amazon Elastic Block Store (Amazon EBS) sends data points to CloudWatch for several metrics. All Amazon EBS volume types automatically send 1-minute metrics to CloudWatch, but only when the volume is attached to an instance.
OR
A new launch configuration with a new instance type should be created and attached to AS group
You have an Amazon Virtual Private Cloud (VPC) with a public subnet. Three Amazon Elastic Compute Cloud (EC2) instances currently running inside the subnet can successfully communicate with other hosts on the Internet. You launch a fourth instance in the same subnet, using the same Amazon Machine Image (AMI) and security group configuration you used for the others, but find that this instance cannot be accessed from the Internet. What should you do to enable Internet access?
Assign an elastic IP address to the fourth instance
Is it possible to create an AMI while an instance is running?
Yes, if only “no reboot” option is checked
Amazon EC2 shuts down the instance, takes snapshots of any attached volumes, creates and registers the AMI, and then reboots the instance. You can choose the option “No reboot” if you don’t want your instance to be shut down. However, please note that If you choose No reboot, AWS can’t guarantee the file system integrity of the created image
What action is required to establish an Amazon Virtual Private Cloud (VPC) VPN connection between an on-premises data center and an Amazon VPC virtual private gateway?
Assign a static Internet-routable IP address to an Amazon VPC customer gateway.
Which type of volume is suited for use as boot volume?
Standard volume
A Standard volume is best suited for boot volumes and provides roughly 100 IOPS (Input/Output Per Second) on average
You receive a Spot Instance at a bid of $0.05/hr. After 30 minutes, the Spot Price increases to $0.06/hr and your Spot Instance is terminated by AWS. What was the total EC2 compute cost of running your Spot Instance?
$0.00
A startup company hired you to help them build a mobile application, that will ultimately store billions of images and videos in Amazon Simple Storage Service (S3). The company is lean on funding, and wants to minimize operational costs, however, they have an aggressive marketing plan, and expect to double their current installation base every six months. Due to the nature of their business, they are expecting sudden and large increases in the traffic to and from S3, and need to ensure that it can handle the performance needs of their application. What other information must you gather from this customer in order to determine whether S3 is the right option?
You receive a Spot Instance at a bid of $0.05/hr. After 30 minutes, the Spot Price increases to $0.06/hr and your Spot Instance is terminated by AWS. What was the total EC2 compute cost of running your Spot Instance?
$0.00
A startup company hired you to help them build a mobile application, that will ultimately store billions of images and videos in Amazon Simple Storage Service (S3). The company is lean on funding, and wants to minimize operational costs, however, they have an aggressive marketing plan, and expect to double their current installation base every six months. Due to the nature of their business, they are expecting sudden and large increases in the traffic to and from S3, and need to ensure that it can handle the performance needs of their application. What other information must you gather from this customer in order to determine whether S3 is the right option?
You must find out the total number of requests per second at peak usage.
An Organization is planning to build an online chat application for their enterprise level collaboration for their employees across the world. They are looking for a single digit latency fully managed database to store and retrieve conversations. What would AWS Database service you recommend?
AWS DynamoDB
Which protocol is not supported when using with Route 53 health check?
UDP
You have been tasked with creating a VPC network topology for your company. The VPC network must support both Internet-facing applications and internally-facing applications accessed only over VPN. Both Internet-facing and internally-facing applications must be able to leverage at least three AZs for high availability. At a minimum, how many subnets must you create within your VPC to accommodate these requirements?
6
We run a database on a m1.small instance and customers have performance issues. After investigation, database administrators asks you to improve iops performance. Which options can be used to improve iops?
Using a EBS optimized instance
OR
Using Provisioned IOPS
You host a static website in an S3 bucket and there are global clients from multiple regions. You want to use an AWS service to store cache for frequently accessed content so that the latency is reduced and the data transfer rate is increased. Which of the following options would you choose?
Configure CloudFront to deliver the content in the S3 bucket.
CloudFront is able to store the frequently accessed content as a cache and the performance is optimized.
Your Answer
Which route must be added to your routing table in order to allow connections to the Internet from your subnet?
Destination: 0.0.0.0/0 –> Target: your Internet gateway
Which of the below mentioned steps will not be performed while creating the AMI of instance stored-backend?
Define the AMI launch permissions.
A VPC public subnet is one that:
Has at least one route in its associated routing table that uses an Internet Gateway (IGW).
You want to implement a HPC ( High performance computing ) system with low-latency network performance. In order to establish this, which AWS feature can be used?
Placement groups
What about is EC2 Role is true?
Launch an instance with an AWS Identity and Aceess Management (IAM) role to restrict AWS API access for the instance.
How can software determine the public and private IP addresses of the Amazon Elastic Cloud Compute instance that it is running on?
Query the local instance metadata.
An instance is launched in private VPC subnet. All security, NACL and routing definition configured as expected. A custom NAT instance is launched. Which of the following answer is right for configuring custom NAT instance?
Source/Destination check should be disabled on NAT Instance
Each instance performs source/destination checks by default. This means that the instance must be the source or destination of any traffic it sends or receives. However, a NAT instance must be able to send and receive traffic when the source or destination is not itself. Therefore, you must disable source/ destination checks on the NAT instance.
How can an instance be copied to another region?
By creating an AMI and copy it to another region
What happens to data on ephemeral volume of an EBS-backed instance if instance is stopped and started?
Data will be deleted and will no longer be accessible
An instance running a webserver is launched in a VPC subnet. A security group and a NACL are configured to allow inbound port 80. What should be done to make web server accessible by everyone?
Outbound Ports 49152-65535 should be enabled on NACL
How can we attach our instance store volume to another instance?
We can stop the instance. Detach the volume. And attach to other instance
_____ is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS
AWS Shield
