AWS Solutions Architect Associate Flashcards
How is the replication handled for RDS Multi-AZ?
Amazon RDS automatically provisions and maintains a synchronous standby replica in a different Availability Zone.
How long will a failover of an RDS database typically complete
one to two minutes.
When failing over, Amazon RDS simply flips the canonical name record (CNAME) for your DB instance to point at the standby, which is in turn promoted to become the new primary.
You want to attempt a cold attach for an Amazon Elastic Network Interface.
What does this mean?
Attach ENI when the instance is being launched.
Best practices for configuring network interfaces You can attach a network interface to an instance when it’s running (hot attach), when it’s stopped (warm attach), or when the instance is being launched (cold attach).
Application Load Balancer is to front the Auto Scaling Group and distribute the load between the instances.
The VPC is running IPv4 and IPv6.
The last thing you need to do to complete the configuration is point the domain name to the Application Load Balancer.
Using Route 53, which record type at the zone apex will you use to point the DNS name of the Application Load Balancer?
“AAAA” Record
“A” Record
Alias with a type “AAAA” record set and Alias with a type “A” record set are correct. To route domain traffic to an ELB, use Amazon Route 53 to create an alias record that points to your load balancer.
Your dev team has created a new AMI which has been hardened to meet company security standards, and this AMI needs to be deployed on all EC2 instances in the organization. What step or steps do you need to take to deploy this AMI?
Replace the launch configuration by a launch template using the new AMI.
AWS recommends that you create Auto Scaling groups from launch templates to ensure that you’re accessing the latest features and improvements.
Using CloudFormation to migrate to the new region they’ve discovered a problem with the template.
Whenever the template is created in the new region, it’s still referencing the AMI in the old region.
What steps can you take to automatically select the correct AMI when the template is deployed?
Create a mapping in the template. Define the unique AMI value per region.
This is exactly what mappings are built for. By using mappings, you easily automate this issue away. Make sure to copy your AMI to the region before you try and run the template, though, as AMIs are region specific.
The server team has been using Puppet for deployment automations. The decision has been made to continue using Puppet in the AWS environment if possible. If possible, which AWS service provides integration with Puppet?
AWS OpsWorks for Puppet Enterprise
Fully-managed configuration management service that hosts Puppet Enterprise, a set of automation tools from Puppet for infrastructure and application management. OpsWorks also maintains your Puppet master server by automatically patching, updating, and backing up your server.
Which description best describes Amazon Redshift?
Near real-time complex querying on massive data sets.
Amazon Redshift is a fast, fully-managed cloud data warehouse that makes it simple and cost-effective to analyze all your data using standard SQL and your existing Business Intelligence (BI) tools.
The DynamoDB table has a preconfigured read and write capacity. Users have been reporting slowdown issues, and an analysis has revealed the DynamoDB table has begun throttling during peak traffic times. What step can you take to improve game performance?
Adjust your auto scaling thresholds to scale more aggressively.
Amazon DynamoDB auto scaling uses the AWS Application Auto Scaling service to dynamically adjust provisioned throughput capacity on your behalf in response to actual traffic patterns.
You have decided to use AWS Kinesis Data Firehose to stream the data to multiple backend storing services for analytics. Which service is not a viable solution to stream the real time data to?
Athena
Amazon Athena is correct because Amazon Kinesis Data Firehose cannot load streaming data to Athena.
What is the Limit of space on a Snowcone device?
8 TB
you have 25 TB of data that needs to be moved to an S3 bucket. Your company has just finished setting up a 1 GB Direct Connect drop, but you do not have a VPN currently up and running. This data needs to be encrypted during transit and at rest and must be uploaded to the S3 bucket within 21 days. How can you meet these requirements?
Use a Snowball device to transmit the data.
This would be the perfect choice to transmit your data. Snowball encrypts your data, so all the security and speed requirements would be met.
Configured a VPC as well as two subnets within the VPC.
Attach an internet gateway to the VPC.
In the first subnet, they create the EC2 instance which will host their web application.
Finish the configuration by making the application accessible from the Internet.
The second subnet has an instance hosting a smaller, secondary application.
But this application is not currently accessible from the Internet. What could be potential problems?
The second subnet does not have a route in the route table to the internet gateway.
The EC2 instance does not have a public IP address.
A news media company is using an S3 bucket as a website to serve photos of television personalities within the company. The photos are intended to be served nationwide to local affiliates across the company. But you have found that these photos are being accessed and pirated for other websites not affiliated with the company. What can you do to stop this?
Remove public read access from your bucket, then provide your users with pre signed URLs to access the photos.
Security Groups act at what level?
The Instance Level
What is AWS STS?
AWS Security Token Service (AWS STS) is the service that you can use to create and provide trusted users with temporary security credentials that can control access to your AWS resources.
You have been evaluating the NACLs in your company. Most of the NACLs are configured the same:
100 All Traffic Allow
200 All Traffic Deny
* All Traffic Deny
How can the last rule * All Traffic Deny be edited?
You can’t modify or remove this rule.
The default network ACL is configured to allow all traffic to flow in and out of the subnets with which it is associated. Each network ACL also includes a rule whose rule number is an asterisk. This rule ensures that if a packet doesn’t match any of the other numbered rules, it’s denied. You can’t modify or remove this rule.
Route 53:
What does TTL Mean?
What does it control?
Time to live
Controls how long the DNS record will be Cached
Using Route 53, how would you direct example.com traffic to various IPs based on the country the user was sending traffic from?
Use Geolocation Routing policy
True or False? Route 53 only provides DNS for public IPs.
False
Route 53 allows you to host both public and private zones.
Using Route 53, how would you direct example.com traffic to 1 primary IP with a second one for backup?
Use Failover Routing Policy
If the visibility timeout on a message in an SQS queue expires, what happens to the message?
It’s now available in the queue to be retrieved.
If the timeout expires, the message will again be available in the queue for processing.
What is the maximum length of time a message may remain in an SQS queue?
14 Days
Which service is SNS commonly paired with to alert users that an alarm has gone off?
Cloudwatch