AWS Training Flashcards
You would like to expose a fixed static IPto your end-users for compliance purposes, so they can write firewall rules that will be stable and approved by regulators.Which Load Balancer should you use?
Network Load Balancers (NLB) expose a public static IP, whereas an Application or Classic Load Balancer exposes a static DNS (URL)
An application is deployed with an Application Load Balancer and an Auto Scaling Group. Currently, the scaling of the Auto Scaling Group is done manually and you would like to define a scaling policy that will ensure the average number of connections to your EC2 instances is averaging at around 1000. Which scaling policy should you use?
Target Tracking
Your application is using an Application Load Balancer. It turns out your application only sees traffic coming from private IPwhich are in fact your load balancer’s. What should you do to find the true IPof the clients connected to your website?
look into the x-forwared-for header in the backend
You quickly created an ELB and it turns out your users are complaining about the fact that sometimes, the servers just don’t work. You realise that indeed, your servers do crash from time to time. How to protect your users from seeing these crashes?
Health checks ensure your ELB won’t send traffic to unhealthy (crashed) instances
You are designing a high performance application that will require millions of connections to be handled, as well as low latency. The best Load Balancer for this is
NLB provide the highest performance if your application needs it
Application Load Balancers (ALB) handle all these protocols except
HTTP, HTTPS, Websocket.
NLB (Network Load Balancer) support TCP instead
The application load balancer can route to different target groups based on all these except…
Hostname, request Path, Source IP
Except Geography
You are running at desired capacity of 3 and the maximum capacity of 3. You have alarms set at 60%CPUto scale out your application.Your application is now running at 80%capacity. What will happen?
The capacity of your ASG cannot go over the maximum capacity you have allocated during scale out events
I have an ASGand an ALB, and I setup my ASG to get health status of instances thanks to my ALB. One instance has just been reported unhealthy. What will happen?
Because the ASG has been configured to leverage the ALB health checks, unhealthy instances will be terminated
Your boss wants to scale your ASG based on the number of requests per minute your application makes to your database.
create a CloudWatch custom metrix and build an alarm to scale your ASG
You would like to expose a fixed static IPto your end-users for compliance purposes, so they can write firewall rules that will be stable and approved by regulators.Which Load Balancer should you use?
Network Load Balancers expose a public static IP, whereas an Application or Classic Load Balancer exposes a static DNS (URL)
A web application hosted in EC2 is managed by an ASG. You are exposing this application through an Application Load Balancer. The ALBis deployed on the VPCwith the following CIDR: 192.168.0.0/18. How do you configure the EC2 instance security group to ensure only the ALBcan access the port 80?
Open up the EC2 security on port 80 to ALB security Group
This is the most secure way of ensuring only the ALB can access the EC2 instances.
Your application load balancer is hosting 3 target groups with hostnames being users.example.com, api.external.example.com and checkout.example.com. You would like to expose HTTPS traffic for each of these hostnames. How do you configure your ALBSSL certificates to make this work?
SNI (Server Name Indication) is a feature allowing you to expose multiple SSL certs if the client supports it.
Read more here: https://aws.amazon.com/blogs/aws/new-application-load-balancer-sni/
An ASGspawns across 2 availability zones. AZ-Ahas 3 EC2 instances and AZ-Bhas 4 EC2 instances. The ASGis about to go into a scale-in event. What will happen?
AZ-B will termnate the oldest Launch configuration
Make sure you remember the Default Termination Policy for ASG. It tries to balance across AZ first, and then delete based on the age of the launch configuration.
The Application Load Balancers target groups can be all of these EXCEPT…
EC2, IP ADDR, Lambda Function
Except NLB
You are running an application in 3 AZ, with an Auto Scaling Group and a ClassicLoad Balancer. It seems that the traffic is not evenly distributed amongst all the backend EC2 instances, with some AZ being overloaded. Which feature should help distribute the traffic across all the available EC2 instances?
Cross Zone Load Balancing
YourApplication Load Balancer (ALB)currently is routing to two target groups, each of them is routed to based on hostname rules. You have been tasked with enabling HTTPStraffic for each hostname and have loaded the certificates onto the ALB. Which ALBfeature will help it choose the right certificate for your clients?
Server Name Indication (SNI)
An application is deployed with an Application Load Balancer and an Auto Scaling Group. Currently, the scaling of the Auto Scaling Group is done manually and you would like to define a scaling policy that will ensure the average number of connections to your EC2 instances is averaging at around 1000. Which scaling policy should you use?
Target Tracking
Your instance in us-east-1a just got terminated, and the attached EBSvolume is now available. Your colleague tells you he can’t seem to attach it to your instance in us-east-1b.
EBS volumes are AZ locked
EBS Volumes are created for a specific AZ. It is possible to migrate them between different AZ through backup and restore
You have provisioned an 8TB gp2 EBSvolume and you are running out of IOPS. What is NOTa way to increase performance?
Increase the EBS VOLUME SIZE.
EBS IOPS peaks at 16,000 IOPS. or equivalent 5334 GB.
You would like to have a high-performance cache for your application that mustn’t be shared. You don’t mind losing the cache upon termination of your instance. Which storage mechanism do you recommend as a SolutionArchitect?
Instance Store provide the best disk performance
You are running a high-performance database that requires an IOPSof 210,000 for its underlying filesystem. What do you recommend?
Use an EC2 Instance Store
My company would like to have a MySQL database internally that is going to be available even in case of a disaster in the AWSCloud.I should setup
In this question, we consider a disaster to be an entire Availability Zone going down. In which case Multi-AZ will help.
Our RDSdatabase struggles to keep up with the demand of the users from our website. Our million users mostly read news, and we don’t post news very often. Which solution isNOTadapted to this problem?
RDS Multi AZ
The question is asking which solution is NOT adapted to this problem. ElastiCache and RDS Read Replicas do indeed help with scaling reads.
We have setup read replicas on our RDSdatabase, but our users are complaining that upon updating their social media posts, they do not see the update right away
Read Replicas have asynchronous replication and therefor it’s likely our user will only observe eventual consistency
Which RDSClassic (not Aurora)feature does not require us to change our SQLconnection string?
Multi AZ keeps the same connection string regardless of which database is up.
Your application functions on an ASG behind an ALB. Users have to constantly log back in and you’d rather not enable stickiness on your ALBas you fear it will overload some servers. What should you do?
Storing Session Data in ElastiCache is a common pattern to ensuring different instances can retrieve your user’s state if needed.
One analytics application is currently performing its queries against your main production database.These queries slow down the database which impacts the main user experience. What should you do to improve the situation?
Read Replicas will help as our analytics application can now perform queries against it, and these queries won’t impact the main production database.
You have a requirement to use TDE(Transparent Data Encryption) on top of KMS. Which database technology does NOT support TDEon RDS?
PostgreSQL
Which RDSdatabase technology does NOTsupport IAMauthentication?
Oracle
You would like to ensure you have a database available in another region if a disaster happens to your main region. Which database do you recommend?
Global Databases allow you to have cross region replication
How can you enhance the security of your Redis cache to force users to enter a password?
Use Redis AUTH
Your company has a production Node.js application that is using RDSMySQL5.6 as its data backend. Anew application programmed in Java will perform some heavy analytics workload to create a dashboard, on a regular hourly basis. You want to the final solution to minimize costs and have minimal disruption on the production application, what should you do?
Create Read Replica in the same AZ and run the analytics workload on the replica database
this will minimize cost because the data won’t have to move across AZ
You would like to create a disaster recovery strategy for your RDSPostgreSQLdatabase so that in case of a regional outage, a database can be quickly made available for Read and Write workload in another region. The DR database must be highly available. What do you recommend?
Create Read Replica in a different region and enable muti-AZ on the main database.
You are managing a PostgreSQLdatabase and for security reasons, you would like to ensure users are authenticated using short-lived credentials. What do you suggest doing?
In this case, IAM is leveraged to obtain the RDS service token, so this is the IAM authentication use case.
An application is running in production, using an Aurora database as its backend. Your development team would like to run a version of the application in a scaled-down application, but still, be able to perform some heavy workload on a need-basis. Most of the time, the application will be unused. Your CIO has tasked you with helping the team while minimizing costs. What do you suggest?
Use Aurora Serverless
RDS Database ports
RDS Databases ports:
PostgreSQL: 5432
MySQL: 3306
Oracle RDS: 1521
MSSQL Server: 1433
MariaDB: 3306 (same as MySQL)
Aurora: 5432 (if PostgreSQL compatible) or 3306 (if MySQL compatible)
