Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS > Ch2-Part2 > Flashcards

Ch2-Part2 Flashcards

1
Q
  1. Which of the following are valid routing policies for Route 53? (Choose two.)

Simple routing
Fault recovery routing
Latency-based routing
Cached routing

A

A, C. Route 53 offers a number of different routing policies: simple, failover, geolocation, geoproximity, latency-based, multivalue answer, and weighted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. Which of the following are valid routing policies for Route 53? (Choose two.)

FIFO routing
Multivalue answer routing
Geoproximity routing
Distributed routing

A

B, C. Route 53 offers a number of different routing policies: simple, failover, geolocation, geoproximity, latency-based, multivalue answer, and weighted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. Which of the following routing policies sends traffic to a single resource, unless that resource is unhealthy, and then routes to a backup resource?

Health-based routing
Failover routing
Simple routing
Latency-based routing

A

B. Failover routing is used to send traffic to a single resource but then to failover routing to a secondary resource if the first is unhealthy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. Which of the following routing policies can direct traffic to multiple resources as long as those resources are healthy?

Health-based routing
Latency-based routing
Multivalue answer routing
Region-based routing

A

C. Multivalue answer routing can direct requests to multiple resources and also performs health checks on those resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. Which of the following values is an invalid weight for a weighted routing policy?

1
255
125
These weights are all valid.

A

D. Weights are simply integers that can be summed to determine an overall weight and the fractional weights of each resource to which traffic is directed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. How does a weight of 0 affect routing on Route 53 when using a weighted routing policy?

0 is an invalid weight.
All traffic is directed to the resource with a weight of 0, as long as that resource is healthy.
No traffic is directed to the resource with a weight of 0.
Traffic is routed to the resource, but health checks are not performed.

A

C. A weight of 0 removes the resource from service in a weighted routing policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. Which of the following statements concerning Route 53 routing policies are true? (Choose two.)

You can have multiple primary resources in a simple routing policy.
A weighted routing policy uses weights for routing, but not health checks.
You can have multiple secondary resources in a simple routing policy.
Health checks are ignored if a resource has a weight of over 100 in a routing policy.

A

A, C. A simple routing policy allows single and multiple resources for both the primary and secondary resources, so A and C are true. Weighted policies do honor health checks (so B is false), and D is inaccurate as weight numbers do not affect health checks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. You are responsible for a media-serving website backed by a database that has a global user base. The fleet of EC2 instances serving the website is responding well to requests from the US, but requests from the EU are taking nearly five times as long to receive a response. Database CPU utilization stays between 70% and 90% throughout the day. What suggestions would you make to attempt to improve performance of this website? (Choose two.)

Install ElastiCache in front of the RDS instance to cache common queries and reduce database reads and therefore overall load.
Set up CloudFront to enable caching of data at edge locations closer to the EU user base.
Set up an Auto Scaling group with low CPU thresholds to scale up the EC2 instances.
Create additional EC2 instances that will serve the website, and locate them in a South Asia region.

A

A, B. The issues here are geographical proximity from EU users and load on the database, which has high CPU utilization. Therefore, those problems must be addressed. ElastiCache (A) should reduce load on the RDS instance, and CloudFront (B) caches responses in a way that should serve EU users more quickly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. Which of the following are not valid instance types? (Choose two.)

T3
E1
M5
Q2

A

B, D. This is another memorization question. Valid instance types begin with T, M, C, R, X, Z, D, H, I, F, G, and P. Frankly, it’s hard to memorize these; the questions like this aren’t frequent, but they can sometimes appear. In this case, E and Q are not valid instance type prefixes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. Which of the following statements about IAM are accurate? (Choose two.)

IAM manages access from one AWS resource to another.
IAM manages the authentication interface for the AWS console.
IAM manages access from a user to the AWS console.
IAM manages single sign-on for users to AWS applications.

A

A, C. IAM controls permissions for resource-to-resource interaction as well as user access to the AWS console. It does not provide an authentication interface or single sign-on.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. What does IAM stand for?

Improved Access Management
Identity and Access Management
Information and Access Management
Identity and Authorization Management

A

B. IAM stands for Identity and Access Management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. Which of the following does IAM manage? (Choose two.)

Management of users accessing the AWS platform
Management of permissions for hosted application features
Management of roles affecting resources within AWS
Management of cost controls for user actions

A

A, C. IAM only applies to permissions for users, roles, and groups and does not affect billing or cost or specific application feature accessibility.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. Which of the following is not a feature of IAM?

Multi-Factor Authentication for AWS console access
Multi-Factor Authentication for object deletion in S3
Centralized control of AWS resource access
Integration with Active Directory accounts

A

B. IAM is not the managed service for handling MFA Delete setup on S3 buckets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. Which of the following is required when you create additional IAM users beyond the root user?

Turning on MFA for all accounts
Turning on MFA for the root account
Creating a customized sign-in link for users in addition to the AWS root account sign-in link
Creating IAM groups for each new user

A

C. The only requirement here is creating a sign-in link that is not the same as the root sign-in link. Turning on MFA for the root or all accounts is not required, and while it is common to create an IAM group at this stage, it is not required for access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. Which of the following are components of IAM? (Choose two.)

Users
Groups
Organizations
Organizational units

A

AB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. Which of the following are components of IAM? (Choose two.)

Roles
User policies
Connections
Permissions

A

A, D. Users, groups, roles, permissions, and similar constructs are part of IAM.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q
  1. Which of the following are valid AWS and IAM policy types? (Choose two.)

Access control lists
Application-based
Resource-based
Permission-based

A

A, C. There are four types of policies in IAM: identity-based, resource-based, organization SCPs, and access control lists (ACLs).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q
  1. How does IAM provide scalability benefits to your application deployments? (Choose two.)

It allows assignment of permissions to users en masse via groups.
It handles allowing users access to hosted applications en masse.
It allows consistency in access from instances to managed AWS services across large numbers of instances.
It ensures that users do not accidentally delete objects from S3 stores.

A

A, C. IAM aids in scalability primarily by consolidating and centralizing management of permissions, both to AWS users (A) and from instances to services (C).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q
  1. What is power user access, as it relates to IAM roles?

The AWS name for the root user
All IAM users are considered power users.
A type of user that has full access to all AWS services and resources but not group or user management
A user that can access application deployment profiles

A

C. Power user access is a predefined policy that allows access to all AWS services with the exception of group or user management within IAM.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q
  1. Which of the following can a power user not do?

Create users.
Create a new SNS topic.
Stop a running EC2 instance created by another user.
The power user can do all of these.

A

A. Power users can work with managed services, but they cannot create (or otherwise manage) IAM users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q
  1. Which of the following is a best practice for handling root user access keys?

Store them only in an instances-protected .aws/ directory.
Delete them and instead use different user IAM credentials.
Only use them for API access but avoid console access.
Enable MFA Delete for when they are used in association with S3.

A

B. Although it might sound odd, AWS strongly recommends you delete your root user access keys and create IAM users for everyday use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q
  1. Which of the following require root user credentials? (Choose two.)

Close an AWS account.
Delete IAM users.
Create a CloudFront key pair.
Create an IAM policy.

A

A, C. As a starting point, always consider that the root account is typically required for account-level operations, such as closing an account (A). It’s also needed for very privileged access; in this case, that’s creating a CloudFront key pair, which essentially provides signed access to applications and is a very trusted action. IAM does allow you to distribute user and policy management (B and D).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q
  1. Which of the following do not require root user credentials? (Choose two.)

Resizing an existing RDS instance
Deploying an application via a CloudFormation template
Restoring revoked permissions for a user
Changing support options for an AWS account

A

A, B. Affecting another account is generally something that requires root account level access. In this case, that’s D, as well as restoration of user permissions (C). Both A and B are available to non-root users.

24
Q
  1. How do you remove the AWS account root user’s access to your application EC2 instances?

Delete all the keys in the instance’s .aws/ directory.
Switch the instance to only accept SSH logins.
Remove any keys from the instance’s .ssh/ directory.
You can’t remove access for an AWS account root user.

A

D. It is impossible to remove access for the AWS account’s root user.

25
Q
  1. In a typical single-account AWS environment, which group of users should have root-level account access?

Developers and managers
Account auditors and developers
2 to 3 developers or engineers responsible for account management
Nobody

A

C. This is a bit of a “gimme” question but sometimes comes up. AWS firmly believes that root account access should be highly limited, but also not confined to a single user. C, having a very small group of engineers (ideally AWS certified) is the best approach to reducing root account level access as much as possible.

26
Q
  1. You want to set your DevOps team up quickly in IAM. You have created users for each member of the team. What additional steps should you take? (Choose two.)

Create sign-in URLs for the users.
Check the DevOps option for each user in the console.
Attach the Developer Power User policy to each user.
Attach the View-Only User policy to each user.

A

A, C. You will always need to provide non-root sign-in URLs for new users, so A is essential. The remaining answers are concerned with permissions, and of the choices (B, by the way, isn’t an actual option), the Developer Power User policy is a much better fit than the View-Only User policy.

27
Q
  1. Which of the following policies would be the best fit for a manager who wants access to the company’s main AWS account?

Administrator
Power User
Security Auditor
View-Only User

A

D. Unless your manager is both highly technical and working on actual development issues, D is the best option: It provides View-Only access to AWS without adding unneeded privileges for the manager.

28
Q
  1. Which of the following are not possible to do with IAM policies and permissions? (Choose two.)

Remove access for a user from EC2 instances.
Remove access for the root user from EC2 instances.
Give the root user access to a hosted web application.
Add an additional user with access to all EC2 instances.

A

B, C. It is impossible to remove a root user’s access to EC2 instances (B). Further, IAM is concerned with the raw AWS resources, not access to running web applications (C).

29
Q
  1. What does logging out of the AWS console and then logging back in accomplish?

Applies any IAM policies attached to the user since their last login
Applies any IAM policies attached to groups that the user was added to since their last login
Applies any updates to IAM policies via JSON or the AWS REST API that have been made since the user’s last login
Nothing, all changes to an account are immediate and do not require logging in or back out.

A

D. IAM changes apply immediately to all users across the system; there is no lag, and no need to log out and back in (D).

30
Q
  1. How can you ensure that the new users you have created only can access AWS via the API rather than through the console? (Choose two.)

Do not create a sign-in URL for the users.
Only provide the users with an access key ID and secret access key.
Uncheck the Log In To Console box next to the user in the AWS console.
Turn off MFA for the user.

A

A, B. To access the console, users need a sign-in URL (A) and a username and password. This is not the access key ID and secret access key referenced in B. Therefore, A and B would effectively block a user from accessing the console. There is no Log In To Console box for users.

31
Q
  1. To what degree do usernames have to be unique across AWS?

Across the region in which the user exists
Across all AWS accounts
Across the AWS account in which the user exists
Usernames don’t have to be unique, but email addresses do.

A

C. AWS usernames have to be unique across the AWS account in which that user exists.

32
Q
  1. You have a large user base in an Active Directory and want to give these users access to the AWS console without creating individual users in AWS for each. What approach would you take?

Set the AWS console to use the Read Users From Another Authentication Source feature.
Use the database migration tool to migrate the Active Directory database into RDS.
Set up AWS to federate the users from the Active Directory into AWS.
You cannot use a non-AWS Active Directory for access to AWS.

A

C. If you have an external Active Directory, you’d want to federate those users into AWS. This allows you to use the existing user base, not re-create each individual user.

33
Q
  1. Which of the following is a collection of permissions?

Group
Role
Topic
Policy

A

D. A policy document is a collection of permissions in IAM.

34
Q
  1. You want to add a small group of developers located in a different region than your main development office. How would you handle scaling out users and permissions to this new region?

Create the new users in the second region.
Create the new users in the primary region and then replicate them to the new region.
Create the new users in the primary region, set up IAM replication, and then apply correct permissions to the replicated users in the new region.
Create the new users and they will apply to all regions.

A

D. IAM users are global to an AWS account and are not region-specific.

35
Q
  1. What considerations do you need to take to ensure that your policy documents will scale across your entire organization and set of AWS resources?

Make sure each policy has a name unique within the region to which it applies.
Make sure each policy document has the region: * attribute so it applies to all regions.
Nothing, policy documents are automatically applicable across all AWS resources within an account.
When you create the policy document, ensure that you select the Avoid Regional Conflicts option.

A

C. Like IAM users, policy documents are global. There are no changes or steps you need to take to make these work globally.

36
Q
  1. Which of the following does Auto Scaling address? (Choose two.)

Application monitoring
Capacity management
Cost limiting
Permissions management

A

A, B. Auto Scaling is most focused on capacity management (B), ensuring that your applications can perform by keeping the capacity sufficient. Further, it performs a minimal amount of monitoring to effect this (A). It does not limit cost, although it does help in cost reduction, and it has nothing to do with permissions management.

37
Q
  1. Which of the following can be scaled using the Auto Scaling interface? (Choose two.)

DynamoDB
Route 53 domains
Aurora read replicas
ALBs

A

A, C. Auto Scaling can be applied to both Aurora (and specifically read replicas) and DynamoDB.

38
Q
  1. Which of the following can be scaled using the Auto Scaling interface? (Choose two.)

ECS containers
SNS topics
Redshift
EC2 instances

A

A, D. EC2 instances as well as ECS containers can both be scaled up and down by Auto Scaling.

39
Q
  1. What does AWS call a collection of components that can grow or shrink to meet user demand?

Auto Scaling policy
Launch configuration
Auto Scaling group
Capacity group

A

C. A collection of components, such as EC2 instances that will grow and shrink to handle load, is an Auto Scaling group.

40
Q
  1. Which of the following can you not specify in an Auto Scaling group? (Choose two.)

Minimum size
Instances to add
Desired capacity
Desired cost

A

B, D. When creating an Auto Scaling group, you can specify the minimum and maximum size as well as a desired capacity and scaling policy. You cannot specify how many instances to add at once, nor the desired cost.

41
Q
  1. Which of the following can you specify in an Auto Scaling group? (Choose two.)

Maximum size
Scaling policy
Minimum processing threshold
Memory allocation

A

A, B. When creating an Auto Scaling group, you can specify the minimum and maximum size as well as a desired capacity and scaling policy. While you can specify triggers that are used to grow or shrink the group, you can not specify a memory allocation or a minimum processing threshold (neither is an actual AWS term).

42
Q
  1. Which of the following are part of an Auto Scaling launch configuration? (Choose two.)

Application language
AMI ID
Security group
API endpoint

A

B, C. A launch configuration contains an AMI ID, key pair, instance type, security groups, and possibly a block device mapping.

43
Q
  1. Which of the following are not part of an Auto Scaling launch configuration? (Choose two.)

Instance type
Maximum memory utilization
Cluster size
Security group

A

B, C. A launch configuration contains an AMI ID, key pair, instance type, security groups, and possibly a block device mapping. Cluster size is not part of a launch configuration, although a maximum number of instances can be added to an Auto Scaling group. Maximum memory utilization also is not part of a launch configuration but can be a trigger for scaling.

44
Q
  1. Which of the following are valid scaling options for an Auto Scaling group? (Choose two.)

Manual scaling
Memory-based scaling
Schedule-based scaling
Security-based scaling

A

A, C. There are a number of valid scaling policies for Auto Scaling: Maintain current instance levels, manual scaling, schedule-based scaling, and demand-based scaling.

45
Q
  1. Which of the following are valid scaling options for an Auto Scaling group? (Choose two.)

Demand-based scaling
Instance-based scaling
Resource-based scaling
Maintain current instance levels

A

A, D. There are a number of valid scaling policies for Auto Scaling: Maintain current instance levels, manual scaling, schedule-based scaling, and demand-based scaling. Resource-based scaling and instance-based scaling are not actual scaling policy options.

46
Q
  1. Which Auto Scaling policy would you use to ensure that a specific number of instances is running at all times?

Demand-based scaling
Instance-based scaling
Resource-based scaling
Maintain current instance levels

A

D. You can choose to maintain current instance levels at all times. This is essentially ensuring that no instances are added unless an instance fails its health checks and needs to be restarted or replaced.

47
Q
  1. Which Auto Scaling policy would you use to add and remove instances based on CPU utilization?

Demand-based scaling
Schedule-based scaling
Resource-based scaling
Maintain current instance levels

A

A. Demand-based scaling allows you to specify parameters to control scaling. One of those parameters can be CPU utilization, so this is the policy you’d use for this use case.

48
Q
  1. Which Auto Scaling policy would you use to control scaling yourself, within a specified maximum and minimum number of instances?

Demand-based scaling
Schedule-based scaling
Manual-based scaling
Maintain current instance levels

A

C. Manual scaling allows you to specify a minimum and maximum number of instances as well as a desired capacity. The Auto Scaling policy then handles maintaining that capacity.

49
Q
  1. Which of these would you supply for a manual Auto Scaling policy?

Desired capacity
Time to scale up
Maximum CPU utilization
Scaling condition

A

A. Manual scaling allows you to specify a minimum and maximum number of instances as well as a desired capacity. You would specify a time to scale up for a schedule-based policy and maximum CPU utilization as well as scaling conditions for a demand-based policy.

50
Q
  1. You have an Auto Scaling group with an instance that you believe is passing its health checks but is not responding properly to requests. What is the best approach to troubleshoot this instance?

Restart the instance.
Remove the instance from the Auto Scaling group and then trouble shoot it.
Put the instance into the Standby state and troubleshoot it normally.
Add a CloudWatch metric to the instance to trigger Auto Scaling.

A

C. While you can remove the instance altogether (B), you’d eventually want to put it back in the group, meaning you’re incurring extra work. The best approach is to put the instance into Standby mode. This allows the group to scale up if needed, and then you can troubleshoot the instance and then put it back into the InService state when complete.

51
Q
  1. Which of the following are valid instance states for instances in an Auto Scaling group? (Choose two.)

Deleted
ReadyForService
InService
Standby

A

C, D. InService and Standby are valid states for an instance, while Deleted and ReadyForService are not.

52
Q
  1. What is the correct order of tasks to create an Auto Scaling group?

Verify your group, create an Auto Scaling group, create a launch configuration.
Create a launch configuration, create an Auto Scaling group, verify your group.
Create an Auto Scaling group, create a launch configuration, verify your group.
Create a launch configuration, verify your group, create an Auto Scaling group.

A

B. You have to create a launch configuration first, then an Auto Scaling group, and then you can verify your configuration and group.

53
Q
  1. How many security groups can you use within a single Auto Scaling group launch configuration?

None, you do not specify a security group for a launch configuration.
One security group for all instances within the group
One security group for incoming requests and 1 security group for all outgoing requests
As many as you like

A

D. Security groups work for launch configurations just as they do with instances: You may use as many as you like.

54
Q
  1. From which of the following can you create an Auto Scaling group?

An EC2 instance
A launch configuration
A launch template
Any of these

A

D. All of these are valid options for creating an Auto Scaling group.

55
Q
  1. You have an application that is peaking daily. You have determined that a large user base on the East Coast is accessing the application every evening, causing the application’s performance to degrade during those hours. What steps would you take to level out performance? (Choose two.)

Create an Auto Scaling group with schedule-based scaling.
Consider hosting your Auto Scaling group in a US East region.
Implement CloudFront to cache responses to user requests.
Set up an Auto Scaling group with manual scaling.

A

B, C. All of these are acceptable options, but the best options are to use the existing EC2 instance as a basis for a new Auto Scaling group and to set up demand-based scaling. Anytime you have an existing instance that is working, you can simply start from there, rather than using a launch configuration and duplicating the setup. Demand-based scaling will respond to changing conditions better than having to manually scale up and down or to set a desired capacity (which is unknown based on the question).

56
Q
  1. Which of the following will take the longest to retrieve data from?

S3 standard.
S3-IA.
S3 One Zone-IA.
They are all equal.

A

D. This is easy to miss, and often is. All three of these S3 storage classes share the same first-byte latency: milliseconds.

AWS (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions