CG - Practice Test 2

Question 1

S3 encryption if you want to maintain full end to end control of the encryption/decryption of objects and assure that only encrypted objects are transimitted over the internet to Amazon S3

Answer 1

Client Side encryption - provide a client side master key to the Amazon S3 Encryption Client

Question 2

One way to offload your Ec2 instances

Answer 2

installing SSL certificates on your ELBs

Question 3

iptables

Answer 3

OS level logging tool that can log events to Cloud watch or S3 - is a command-line firewall utility that uses policy chains to allow or block traffic

Question 4

Cluster Placement groups can span VPCs but not Azs- true or false

Answer 4

true

Question 5

inter region vpc peering

Answer 5

creating a vpc connection between vps in different regions

Question 6

You cannot have more thane one vpc peering connection between the same VPCs at the same time - t or f

Answer 6

true

Question 7

Transfers between S3 buckets or from Amazon S3 to EC2 within the same AWS Region are free. T or F

Answer 7

true

Question 8

All S3 costs are based on the volume of data regardless of how it is handled. - T or F

Answer 8

False

Question 9

Data transfer into S3 from the Internet doesn’t incur any costs - T or F

Answer 9

true

Question 10

The total costs for data transfer out from S3 to CloudFront depend on the monthly volume of data, i.e a tiered pricing applies: The more data goes out, the more you save. T or F

Answer 10

false

Question 11

Transferring up to one GB of data per month out of S3 to end customers over the public internet is free. T or F

Answer 11

true

Question 12

If your application requires more compute resources than the largest DB instance class or more storage than the maximum allocation, you can:

Answer 12

implement partitioning thereby spreading your data across multiple DB instances

Question 13

Multi-AZ will help with performance - T or F

Answer 13

false, it will only help resiliency

Question 14

RDS autoscaling is only available with which DB

Answer 14

Aurora

Question 15

Z2 is a valid instance type - T or F

Answer 15

false

Question 16

AWS services that can help moving to stateless (all system and application state is stored and managed outside of the instances themselves)

Answer 16

DynamoDB, elasticache, RDS, S3

Question 17

VM Import/Export

Answer 17

enables you to import virtual machine (VM) images from your existing virtualization environment to Amazon EC2, and then export them back.

Question 18

If you deploy and ELB classic as part of your VPC web app, which are true:

Answer 18

1. The outward facing interface supports IPv4 addressing.
2. The inward facing interface supports IPv4 addressing
3. The Listener can be setup to distribute ‘Apache Derby Network Server’ (1527) connections

Question 19

Cloud9

Answer 19

requires addtl steps to achieve multi-AZ

Question 20

Which services don’t require addtl steps for it to be multi-AZ:

Answer 20

1. Neptune
2. S3
3. DynamoDB

Question 21

Bucket name rules

Answer 21

> Bucket names must be unique across all existing bucket names in Amazon S3.
Bucket names must comply with DNS naming conventions.
Bucket names must be at least 3 and no more than 63 characters long.
Bucket names must not contain uppercase characters or underscores.
Bucket names must start with a lowercase letter or number.
Bucket names must be a series of one or more labels. Adjacent labels are separated by a single period (.). Bucket names can contain lowercase letters, numbers, and hyphens. Each label must start and end with a lowercase letter or a number.
Bucket names must not be formatted as an IP address (for example, 192.168.5.4).
When you use virtual hosted–style buckets with Secure Sockets Layer (SSL), the SSL wildcard certificate only matches buckets that don’t contain periods. To work around this, use HTTP or write your own certificate verification logic. We recommend that you do not use periods (“.”) in bucket names when using virtual hosted–style buckets.