Common Exam Scenarios

Question 1

Set up asynchronous data replication to another RDS DB instance hosted in another AWS Region

Answer 1

Create a Read Replica

Question 2

A parallel file system for “hot” (frequently accessed) data

Answer 2

Amazon FSx For Lustre

Question 3

Implement synchronous data replication across Availability Zones with automatic failover in Amazon RDS

Answer 3

Enable Multi-AZ deployment in Amazon RDS

Question 4

Needs a storage service to host “cold” (infrequently accessed) data

Answer 4

Amazon S3 Glacier

Question 5

Set up a relational database and a disaster recovery plan with an RPO of 1 second and RTO of less than 1 minute.

Answer 5

Use Amazon Aurora Global Database.

Question 6

Monitor database metrics and send email notifications if a specific threshold has been breached.

Answer 6

Create an SNS topic and add the topic in the CloudWatch alarm.

Question 7

Set up a DNS failover to a static website.

Answer 7

Use Route 53 with the failover option to a static S3 website bucket or CloudFront distribution.

Question 8

Implement an automated backup for all the EBS Volumes.

Answer 8

Use Amazon Data Lifecycle Manager to automate the creation of EBS snapshots.

Question 9

Monitor the available swap space of your EC2 instances

Answer 9

Install the CloudWatch agent and monitor the SwapUtilizationmetric.

Question 10

Implement a 90-day backup retention policy on Amazon Aurora.

Answer 10

Use AWS Backup

Question 11

Implement a fanout messaging.

Answer 11

Create an SNS topic with a message filtering policy and configure multiple SQS queues to subscribe to the topic.

Question 12

A database that has a read replication latency of less than 1 second.

Answer 12

Use Amazon Aurora with cross-region replicas.

Question 13

A specific type of Elastic Load Balancer that uses UDP as the protocol for communication between clients and thousands of game servers around the world.

Answer 13

Use Network Load Balancer for TCP/UDP protocols.

Question 14

Monitor the memory and disk space utilization of an EC2 instance.

Answer 14

Install Amazon CloudWatch agent on the instance.

Question 15

Retrieve a subset of data from a large CSV file stored in the S3 bucket.

Answer 15

Perform an S3 Select operation based on the bucket’s name and object’s key.

Question 16

Upload 1 TB file to an S3 bucket.

Answer 16

Use Amazon S3 multipart upload API to upload large objects in parts.

Question 17

Improve the performance of the application by reducing the response times from milliseconds to microseconds.

Answer 17

Use Amazon DynamoDB Accelerator (DAX)

Question 18

Retrieve the instance ID, public keys, and public IP address of an EC2 instance.

Answer 18

Access the URL: http://169.254.169.254/latest/meta-data/ using the EC2 instance.

Question 19

Route the internet traffic to the resources based on the location of the user.

Answer 19

Use Route 53 Geolocation Routing policy.

Question 20

Encrypt EBS volumes restored from the unencrypted EBS snapshots

Answer 20

Copy the snapshot and enable encryption with a new symmetric CMK while creating an EBS volume using the snapshot.

Question 21

Limit the maximum number of requests from a single IP address.

Answer 21

Create a rate-based rule in AWS WAF and set the rate limit.

Question 22

Grant the bucket owner full access to all uploaded objects in the S3 bucket.

Answer 22

Create a bucket policy that requires users to set the object’s ACL to bucket-owner-full-control.

Question 23

Protect objects in the S3 bucket from accidental deletion or overwrite.

Answer 23

Enable versioning and MFA delete.

Question 24

Access resources on both on-premises and AWS using on-premises credentials that are stored in Active Directory.

Answer 24

Set up SAML 2.0-Based Federation by using a Microsoft Active Directory Federation Service.

Question 25

Secure the sensitive data stored in EBS volumes

Answer 25

Enable EBS Encryption

Question 26

Ensure that the data-in-transit and data-at-rest of the Amazon S3 bucket is always encrypted

Answer 26

Enable Amazon S3 Server-Side or use Client-Side Encryption

Question 27

Secure the web application by allowing multiple domains to serve SSL traffic over the same IP address.

Answer 27

Use AWS Certificate Manager to generate an SSL certificate. Associate the certificate to the CloudFront distribution and enable Server Name Indication (SNI).

Question 28

Control the access for several S3 buckets by using a gateway endpoint to allow access to trusted buckets.

Answer 28

Create an endpoint policy for trusted S3 buckets.

Question 29

Enforce strict compliance by tracking all the configuration changes made to any AWS services.

Answer 29

Set up a rule in AWS Config to identify compliant and non-compliant services.

Question 30

Provide short-lived access tokens that act as temporary security credentials to allow access to AWS resources.

Answer 30

Use AWS Security Token Service

Question 31

Encrypt and rotate all the database credentials, API keys, and other secrets on a regular basis.

Answer 31

Use AWS Secrets Manager and enable automatic rotation of credentials.

Question 32

A cost-effective solution for over-provisioning of resources.

Answer 32

Configure a target tracking scaling in ASG.

Question 33

The application data is stored in a tape backup solution. The backup data must be preserved for up to 10 years.

Answer 33

Use AWS Storage Gateway to backup the data directly to Amazon S3 Glacier Deep Archive.

Question 34

Accelerate the transfer of historical records from on-premises to AWS over the Internet in a cost-effective manner.

Answer 34

Use AWS DataSync and select Amazon S3 Glacier Deep Archive as the destination.

Question 35

Globally deliver the static contents and media files to customers around the world with low latency.

Answer 35

Store the files in Amazon S3 and create a CloudFront distribution. Select the S3 bucket as the origin.

Question 36

An application must be hosted to two EC2 instances and should continuously run for three years. The CPU utilization of the EC2 instances is expected to be stable and predictable.

Answer 36

Deploy the application to a Reserved instance.

Question 37

Implement a cost-effective solution for S3 objects that are accessed less frequently.

Answer 37

Create an Amazon S3 lifecyle policy to move the objects to Amazon S3 Standard-IA.

Question 38

Minimize the data transfer costs between two EC2 instances.

Answer 38

Deploy the EC2 instances in the same Region.

Question 39

Import the SSL/TLS certificate of the application.

Answer 39

Import the certificate into AWS Certificate Manager or upload it to AWS IAM.