Ch5 Flashcards

1
Q
  1. You are using an SQS queue in your web application. You are able to confirm that messages in the queue are being picked up by application instances for processing, but then nothing happens for over 12 hours. Then, after that period of time, the message appears in the queue again and processing restarts. What could be occurring?

The SQS queue has a visibility timeout that is set too high. The timeout should be reduced so that application instances can process the message more quickly.
SQS messages expire every 12 hours and must be reentered into the queue. The time that the message is invisible triggers the queue to ask for and receive the message from the original sender.
Processing is failing, or not completing, in the application instance. The message disappears because the SQS queue keeps it “invisible” for 12 hours while it is being processed. The message is then returned to the queue for processing if not handled prior to that timeout.
Your SQS queue needs to be restarted; it is likely not correctly queuing messages. The polling interval is also set too high, causing the long lack of visibility of the message.

A

C. SQS queues have a visibility timeout that controls how long a message in the queue is marked as “invisible” while being processed. This accounts for the message “disappearing.” Then, if application processing fails—as in option C—the message is remarked as visible and is available for processing again. Option A correctly notes this timeout, but reducing the timeout would not cause the message to be processed correctly. It would just reduce the time that the message is “invisible.” Option B is not how queues work; they cannot ask a sender to resend a message. Option D is incorrect as well, as the queue is operating as intended with regard to visibility of messages and timeouts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. In which of the following managed services are messages not pushed?

SQS
SNS
SWF
Redshift

A

A. SNS sends out notifications to subscribed listeners, and SWF pushes out messages as they arrive. Only SQS holds messages until the queue is polled. Redshift is not a messaging service at all but rather a data warehousing solution.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. Which of the following managed services guarantees single assignment of a message?

S3
SQS
SNS
SWF

A

D. Both SWF and SQS deliver a message at least once, but only SWF guarantees that a message will only be delivered a single time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. Which of the following managed services calls the messages it receives notifications?

S3
SWF
SNS
SQS

A

C. Messages in SWF are tasks; messages in SQS are messages; messages in SNS are notifications. S3 is not a messaging solution at all.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. Which of the following managed services calls the messages it receives “messages”?

S3
SWF
SNS
None of these

A

D. Messages in SWF are tasks; messages in SQS are messages; messages in SNS are notifications. S3 is not a message store. Since SQS is not an option, the answer is D, none of these.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. Which of the following managed services coordinates activities between different applications?

S3
SNS
SWF
SQS

A

C. SWF is more than a simple queue. It automates workflow, moving a task (what SWF calls its messages) from one application component to the next in a predetermined order.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. What does SWF stand for?

Simple Workflow Foundation
Simple Workflow Service
Sequential Workflow Service
Synchronous Workflow Foundation

A

B. SWF is not exactly a true acronym. It stands for Simple Workflow Service but is not represented by SWS. Instead, the WF refers to workflow.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. What services are suitable for running compute-intensive custom scripts? (Choose two.)

EC2
S3
Redshift
ECS

A

A, D. Both EC2 and ECS provide environments on which your custom code can run, and both are compute services. S3 is a storage service, and Redshift is a data warehousing solution. While Redshift can be helpful in analysis of data, it is not suitable for running custom scripts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. Which AWS service is ideal for hosting a website while requiring the least amount of AWS staff and knowledge?

S3 website hosting
Amazon Lightsail
EC2
ECS

A

B. Of the choices available, Amazon Lightsail is the easiest solution for getting simple applications running quickly. EC2 and ECS are both much more complex. While S3 website hosting is a web hosting solution, it does require quite a bit of AWS knowledge (security, permissions, etc.).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. You have a registered AMI using an EBS volume as a root device, created from a volume snapshot. However, you have detected malicious code running in the EBS volume and want to remove the AMI and delete the EBS volume and its snapshot. What steps are required? (Choose two.)

Immediately delete the EBS volume snapshot.
Immediately deregister the AMI.
After the EBS volume has been deleted, deregister the AMI.
After the AMI has been deregistered, remove the AMI, and delete the EBS volume and its snapshot.

A

B, D. An EBS snapshot cannot be deleted if it is the root device of a registered AMI while that AMI is in use. You’ll need to deregister the AMI first (B), and then you can delete the EBS volume and any snapshots and stop using the AMI.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. Which of the following AWS CLI commands is used to operate upon EBS volumes?

aws ec2 [command]
aws ebs [command]
aws instance [command]
You cannot operate upon EBS volumes directly from the AWS CLI.

A

A. EBS is considered a subset of EC2 functionality. Therefore, you use the aws ec2 commands; for example, aws ec2 delete-snapshot.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. You have a website running at applestoapples.net. However, many of your users have mistakenly entered in applestoapples.com as the URL in their browser. To correct this, you’ve recently purchased the additional domain applestoapples.com and now want to point all requests to this domain to applestoapples.net. Which DNS record set would you use?

MX
AAAA
CNAME
A

A

C. A records are used to point a specific domain or subdomain to an IP address. CNAMEs point to a different URL, which in turn can be resolved further by DNS. In this case, you’d want to create a CNAME record for applestoapples.com and point that record to applestoapples.net and then let DNS resolve that domain. Using an A record means you’d have to lock the record to a specific IP rather than the domain name for applestoapples.net. That’s a problem, though, as over time, the domain may be served by different resources with different IP addresses, making the A record dated and incorrect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. Your website has mostly static content, but you are adding a new section driven by an EC2 instance fleet behind an Elastic Load Balancer. You want to create a subdomain and direct all traffic to that subdomain toward the ELB. Which DNS record set would you use?

CNAME
AAAA
SOA
MX

A

A. A records are used to point a specific domain or subdomain to an IP address. CNAMEs point to URLs or other domain names. In this case, since you’re pointing at an ELB, you’d need to use a CNAME, as ELBs don’t expose a public IP address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. Your domain is hosted and managed by Route 53. You want to create a new subdomain and point it to a fleet of EC2 instances behind an application load balancer. What is the best approach to this?

Create an A record and configure it as an alias to the ALB.
Create a CNAME record pointed at the URL of the ALB.
Create an A record pointed at the IP address of the ALB.
Set the ALB to send a redirect header to clients with the IP addresses of the currently active EC2 instances.

A

A. This is a little trickier in terms of picking the best answer. It is possible to set a CNAME up and point that at the ALB’s URL (B). However, AWS prefers that you use an A record and configure it as an alias record, allowing you to direct traffic to the ALB. This is different than a standard A record, which can only point at an IP address. Option C is incorrect because ALBs don’t expose an IP address, and D doesn’t even make sense in this context.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. Does Route 53 supports zone apex records?

Yes, for all domains
Yes, but only for domains hosted on AWS
Yes, but only for services hosted on AWS
No

A

A. AWS supports zone apex records for all domains. A zone apex record is a DNS record at the root, or apex, of a DNS zone. So amazon.com is an apex record (sometimes called a naked domain record). Route 53 absolutely will support zone apex records and allows alias records (of A type) at this level as well.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. Which of the following statements are false? (Choose two.)

Route 53 does not allow aliases for naked domain names.
Route 53 supports zone apex records.
Route 53 allows aliases for domains hosted on AWS.
Route 53 only supports zone apex records for AWS-hosted services.

A

A, D. First, A is false. A zone apex record is a DNS record at the root, or apex, of a DNS zone. So amazon.com is an apex record (sometimes called a naked domain record). Route 53 absolutely will support zone apex records and allows alias records (of A type) at this level as well. D is also false; Route 53 supports zone apex records for AWS and non-AWS domains and services.

17
Q
  1. Which of the following statements are true? (Choose two.)

Route 53 supports Auto Scaling groups.
Route 53 automatically configures DNS health checks for registered domains.
Route 53 automatically sets up Auto Scaling groups for services to which it points.
Route 53 is automatically highly available.

A

A, D. Route 53 is scalable by design, so there are no steps required to make it highly available; this makes D true. Additionally, it supports all AWS services, including auto-scaling, so A is true.

18
Q
  1. How many domain names can you manage using Route 53?

50
100, but you can raise that limit by contacting AWS support.
Unlimited
50, but you can raise that limit by contacting AWS support.

A

D. By default, a single account can manage 50 domains using Route 53. However, this is a default, and AWS will raise it pretty willingly if you call and explain your need for management of additional domains.

19
Q
  1. Which of the following are true about VPC peering? (Choose two.)

A VPC peering connection is a networking connection between two VPCs within a single region.
A VPC peering connection is a VPN-based connection.
A VPC peering connection can help facilitate data transfer and file sharing.
Peered VPCs can exist in different regions.

A

C, D. VPC peering is a networking connection between two VPCs but is not limited to a single region (so A is false) and is neither VPN nor gateway-based (so B is false). This leaves C and D, both of which are true: VPCs can be used to share data and can peer across regions.

20
Q
  1. You have two VPCs paired across two different regions. What is another name for this type of connection?

Inter-VPC peering connection
Inter-region VPC peering connection
Inter-VPC region connection
Multi-region peering connection

A

B. AWS calls a connection between two VPCs via peering across regions an inter-region VPC peering connection.

21
Q
  1. Which of the following statements about peered VPCs is false?

Both VPCs do not need to be within the same region.
Both VPCs do not need to be in the same AWS account.
Both VPCs will automatically have routing set up when the connection is created.
Traffic can flow in both directions between peered VPCs by default.

A

C. When a VPC peering connection is set up, each VPC will need a route manually added to allow communication to the peered VPC.

22
Q
  1. Which of the following statements about peered VPCs is true?

Both VPCs need to be within the same region.
Both VPCs need to be in the same AWS account.
Each VPC must use a unique security group.
The two VPCs cannot have overlapping CIDR blocks.

A

D. Most of these statements are false: VPCs in different regions (A) and in different accounts (B) can be peered, and if both VPCs are in the same account, they can share a security group (C). However, two peered VPCs cannot have overlapping CIDR blocks (D).

23
Q
  1. VPC A is peered to both VPC B and VPC C. How can you allow traffic to flow from VPC B to VPC C?

You can’t; transitive peering relationships are not allowed in AWS.
You must enable route forwarding in VPC A.
You must peer VPC B to VPC C.
You must enable route forwarding on VPC B.

A

C. While it is true that transitive peering relationships are not allowed (A), you can still peer VPCs B and C to allow traffic to flow between the two VPCs.

24
Q
  1. How many peering connections can a single VPC be a part of?

One
Unlimited, within AWS overall account limits
One for each subnet in each VPC
One for each NACL associated with each VPC

A

B. A VPC can be a part of an unlimited number of VPC connections, as long as those connections are all with different VPCs and you stay within AWS’s overall account limits. Only one peering connection between two specific VPCs is possible; for example, only one connection can exist between VPC A and VPC B. But VPC A can have as many peering connections–each with a different VPC–as there are VPCs with which you can connect.

25
Q
  1. How does AWS support IPv6 communication in a VPC peering relationship? (Choose two.)

AWS does not support IPv6 communication in VPC peering.
You must associate IPv6 addresses with both VPCs and then set up routing to use these addresses.
You must associate IPv6 addresses with both VPCs and then set up a security group to use these addresses.
You must make sure the two VPCs are in the same region.

A

B, D. First, AWS does not support IPv6 inter-region communication. This means that for IPv6 communication to work, the two VPCs must be in the same region (D). Then, you must ensure that both VPCs have IPv6 addresses and that routing is set up to use those addresses (B).

26
Q
  1. Which of the following are advantages of launching instances into a VPC as opposed to EC2-Classic? (Choose two.)

You can assign multiple IP addresses to your instances.
Your instances automatically run on multi-tenant hardware.
You can attach multiple network interfaces to your instances.
Your network is flat instead of layered.

A

A, C. EC2-Classic was a flat network that offered very little in the way of multiple options. With VPCs, you can assign multiple IP addresses as well as multiple network interfaces (A and C).

27
Q
  1. Which of the following is assigned to instances launched into non-default subnets?

A private IPv6 address
A public IPv4 address
A private IPv4 address
A public IPv6 address

A

C. Non-default subnets and their instances are not public by default. Therefore, they are assigned a private IPv4 address (C) rather than a public one.

28
Q
  1. You want to provide Internet access for an instance in a non-default subnet. What do you need to do? (Choose two.)

Assign a private IP address to the instance.
Assign a public IP address to the instance.
Attach an internet gateway to the VPC in which the subnet resides.
Attach a NAT instance to the subnet.

A

B, C. Non-default subnets are private by default. Therefore, you need an internet gateway on the containing VPC (C) as well as giving the instance a public IP address (B). While a NAT instance might work (D), it would need to be in a different, public subnet rather than in the same subnet as the instance trying to reach the Internet.

29
Q
  1. Which of the following IAM groups will allow users within it to interact with all AWS services?

Administrator
Power User
The default IAM permissions provide this level of access.
Support User

A

A. Of these groups, only the Administrator group provides write access to all AWS services. The Power User group provides access to developer-related services, but not all services (like IAM). The Support User group is for creating and viewing support cases.

30
Q
  1. You have been tasked with building an application that provides backend servicing for a mobile game with millions of users. Which of the following services might you use to receive and process the messages that the mobile clients send?

EC2, Mobile SDK
Amazon Kinesis, Mobile SDK
Amazon Kinesis, RDS
EC2, Lambda

A

B. There are two key parts to this question: the mobile client that must have an endpoint to which it can send data and the receiver for a huge amount of data, as the question indicates millions of users. Mobile SDK is a bit of a giveaway for the mobile component. This also helpfully narrows the answer choices down to A and B. Of the two options, Kinesis and EC2, only Kinesis is built to handle a massive data stream. While you could theoretically scale up enough EC2 instances to serve an API for that volume of requests, it really makes no sense. Kinesis is built for incoming data streams, so is the better option.

31
Q
  1. Which of the following is required to set up a new AWS account for a company new to AWS?

Company name
Company email
Company account-holder username
Company URL

A

B. A new AWS account requires the company email (or account owner email) for the root account holder, or a generic email for the company as a whole.

32
Q
  1. Which of the following AWS-defined IAM policies offer read and write access to the S3 and EC2 services? (Choose two.)

Administrator
Network Administrator
Support User
Power User

A

A, D. Both the Administrators and the Power Users default policies provide read and write access to most AWS services. Power Users limits access to IAM, but that would not affect access to S3 or EC2.

33
Q
  1. Which of the following are advantages of using containers for applications in AWS compared to using EC2 instances? (Choose two.)

You can scale applications automatically.
You can run larger applications in a container.
You can reduce the startup time of applications.
You can avoid having to explicitly manage and provision servers.

A

C, D. Containers allow you to reduce startup times, as they are launched into already-running instances in most cases (C). This also touches on AWS’s facility to manage and provision the instances on which the containers run (D), another advantage. While you can scale applications in containers (A), you can just as easily scale applications on EC2 instances. Finally, option B is simply false.

34
Q
  1. Which of the following sets of services are used in a typical AWS container stack?

ECR, ECS, EC2
ECS, EMR, EC2
Fargate, ECS, S3
ECR, ECS, S3

A

A. The first thing here is to know these various acronyms. ECR is the Elastic Container Registry, ECS is the Elastic Container Service, EC2 is Elastic Compute Cloud, EMR is Elastic MapReduce, and of course S3 is Simple Storage Service. Given that, only A has all the needed components: the registry (ECR), the management service (ECS), and instances on which to run containers (EC2). Note that even though you might not use EC2 explicitly for your containers, it or Fargate will be required to manage instances at some level, even if only by AWS for you.

35
Q
  1. Which of the following services is typically associated with ECS?

EMR
S3
ECR
ECC

A

C. You’ll need to know these various acronyms. ECR is the Elastic Container Registry, ECS is the Elastic Container Service, EMR is Elastic MapReduce, and S3 is Simple Storage Service. ECC isn’t an AWS acronym, so it is immediately out. Of those left, ECR, the Elastic Container Registry, is most closely associated with ECS.

36
Q
  1. Which of the following are good reasons to consider using containers in AWS for your applications? (Choose two.)

You want to reduce overall cost.
You want to more effectively use your existing compute instances.
You have limited resources for managing your existing EC2 instances.
You need to scale up and down your applications.

A

B, C. Containers allow you to co-locate applications on instances and more effectively use your available instances without a lot of overhead, so B is true. C is in a similar vein: Containers reduce the management overhead of instances. A is not true, as containers don’t significantly change your cost structure, and D is false, as containers and instances can both scale up and down to meet demand.