Confusing Items

Question 1

Which performs synchronous data replication in RDS?

Answer 1

Multi-AZ deployment

Question 2

Asynchronous replication - high scalable feature of RDS

Answer 2

RDS Read Replica

Question 3

Cloudtrail parameter to capture changes made to AWS resources in all regions and which will also include activity from global services such as IAM, Route 53, AWS WAF, and CloudFront

Answer 3

• -is-multi-region-trail

- -include-global-service-events

Question 4

two types of events that can be logged in CloudTrail:

Answer 4

1. management events (default)

2. data events

Question 5

As a best practice, create a trail that applies to all regions in the AWS partition in which you are working. (default) - true or false

Answer 5

true

Question 6

CloudWatch custom metrics:

Answer 6

1. Memory utilization
2. disk swap utilization
3. disk space utilization
4. page file utilization
5. log collection

Question 7

Enhanced Monitoring is a feature of RDS and not of CloudWatch - true or false

Answer 7

true

Question 8

Cloudwatch agent

Answer 8

It can be installed to all of your EC2 instances which gathers the memory and disk utilization data

Question 9

SSM Agent runs using ? permissions

Answer 9

SSM agent runs on EC2 using root permissions (Linux) or System permissions (Windows)

Question 10

You can directly assign an EIPto an Auto Scaling group. - true or false

Answer 10

false; you still cannot directly assign an EIPto an Auto Scaling group.

Question 11

ASG is highly dependent on the ELB - true or false

Answer 11

true

Question 12

SSD are best for workloads with

Answer 12

small, random IO Operations

Question 13

HDD are best for

Answer 13

large, sequential IO operations

Question 14

gp2
volume size
max iops

Answer 14

general purpose SSD
1GiB-16TiB
16,000 IOPS

Question 15

io1
volume size
max iops

Answer 15

Provisioned IOPS SSD
4GiB-16TiB
64,000 IOPS

Question 16

st1
volume size
max iops

Answer 16

Throughput Optimized HDD
500GiB-16TiB
500 IOPS

Question 17

sc1
volume size
max iops

Answer 17

Cold HDD
500GiB-16TiB
250 IOPS

Question 18

Aurora primary instance handles all?

Answer 18

DDL and DML statements

Question 19

The Aurora custom endpoint

Answer 19

provides load-balanced database connections based on criteria other than the read-only or read-write capability of the DB instances

Question 20

reader endpoint enables your Aurora database to automatically perform load-balancing among all the Aurora Replicas - true or false

Answer 20

true

Question 21

cluster/writer endpoint has the functionality to automatically perform load-balancing among all the Aurora Replicas of your cluster - true or false

Answer 21

false - cluster/writer endpoint DOES NOT HAVE the functionality to automatically perform load-balancing among all the Aurora Replicas of your cluster

Question 22

Cloudfront Origin group can be any combination of the following:

Answer 22

AWS origins, like Amazon S3 buckets or Amazon EC2 instances, or custom origins, like your own HTTP web server

Question 23

Field Level Encryption

Answer 23

cloudfront feature that allows you to specify upload user submitted data such as credit card numbers to your origin servers

Question 24

the application could use EBS encryption to encrypt or decrypt each individual data that it writes on the disk. - T or F

Answer 24

false; the application could not use EBS Encryption to encrypt or decrypt each individual data that it writes on the disk.

Question 25

most cost-effective storage type for the EC2 instance which is used for infrequently accessed data

Answer 25

Cold HDD

Question 26

An EBS volume is off-instance storage that can persist independently from the life of an instance - T or F

Answer 26

true

Question 27

When you create an EBS volume in an Availability Zone, it is automatically replicated on a separate AWS region to prevent data loss due to a failure of any single hardware component.- T or F

Answer 27

false; When you create an EBS volume in an Availability Zone, it is automatically replicated within that zone to prevent data loss due to a failure of any single hardware component.

Question 28

Classic Load Balancer supportServer Name Indication (SNI) - t or f

Answer 28

false; Classic Load Balancer does not supportServer Name Indication (SNI)

Question 29

Amazon CloudFront Adds SNI Custom SSL and HTTP to HTTPS Redirect Features - t or F

Answer 29

true

Question 30

prerequisites when routing traffic using Amazon Route 53 to a website that is hosted in an Amazon S3 Bucket

Answer 30

1. The S3 bucket name must be the same as the domain name

2. A registered domain name

Question 31

Geolocation routing lets you

Answer 31

choose the resources that serve your traffic based on the geographic location of your users, meaning the location that DNS queries originate from

Question 32

Elastic Load Balancers distribute traffic among EC2 instances across multiple AvailabilityZones but not across AWS regions - true or false

Answer 32

true

Question 33

CloudFront geo-restriction feature is primarily used to

Answer 33

prevent users in specific geographic locations from accessing content that you’re distributing through a CloudFront web distribution

Question 34

S3 Server Side Encryption:

Answer 34

1. Amazon S3-Managed Keys (SSE-S3)
2. AWS KMS-Managed Keys (SSE-KMS)
3. Customer Provided Keys (SSE-3)

Question 35

S3 Client Side Encryption:

Answer 35

1. AWS KMS-managed Customer Master Key

2. Client-side master Key

Question 36

EBS Encryption uses:

Answer 36

AWS KMS

Question 37

Elastic Load Balancing provides access logs that contains:

Answer 37

1. time the request was received
2. client’s IP address,
3. latencies,
4. request paths, and
5. server responses.
   You can use these access logs to analyze traffic patterns and troubleshoot issues

Question 38

Access logging is enabled by default for Elastic Load Balancing - true or false

Answer 38

false; Access logging is an optional feature of Elastic Load Balancing that is disabled by default

Question 39

You can only change the storage class of your objects from S3 Standard storage class to STANDARD_IA or ONEZONE_IA storage after 30 days - T or F

Answer 39

true

Question 40

Does INTELLIGENT_TIERING, GLACIER, and DEEP_ARCHIVE storage class have a time constraint for transitioning S3 objects?

Answer 40

No, It doesn’t apply to INTELLIGENT_TIERING, GLACIER, and DEEP_ARCHIVE storage class

Question 41

AVault Lock policyis a

Answer 41

a vault access policy that you can attach to S3 Glacier value with one resource based vault access - can help to enforce regulatory and compliance requirements

Question 42

Redshift Cross-Region Snapshots Copy

Answer 42

When cross-region copy is enabled for a cluster, all new manual and automatic snapshots are copied to the specified region.

Question 43

Redshift only supprts multi-AZ deployments - T or F

Answer 43

false; Redshift only supports Single AZ

Question 44

AWS X-Ray

Answer 44

trace and analyze user requests as they travel through your Amazon API Gateway APIs to the underlying services

Question 45

CloudTrail is primarily used for

Answer 45

API logging of all of your AWS resources

Question 46

What can you add to cognito if there’s a requirement to add a second authentication method that doesn’t solely rely on username and password

Answer 46

Add multi-factor authentication (MFA) to a user pool in Cognito to protect the identity of your users.

Question 47

FTP server protocol for security group

Answer 47

TCP, Port range: 20-21

Question 48

DynamoDB Auto Scaling uses ? for scaling

Answer 48

the AWS Application Auto Scaling service to dynamically adjust provisioned throughput capacity on your behalf.

Question 49

Can ASG be used to scale DynamoDB?

Answer 49

No, you can only put Ec2 instances for ASG

Question 50

unified CloudWatch agent

Answer 50

Used to collect logs from your Amazon EC2 instances and on-premises servers into CloudWatch Logs

Question 51

CloudWatch Logs Insights enables you to

Answer 51

interactively search and analyze your log data in Amazon CloudWatch Log

Question 52

Which methods ensure that all of the objects uploaded to the S3 bucket can be read publicly all over the Internet?

Answer 52

1. In S3, set the permissions of the object to public read during upload.
2. Configure the S3 bucket policy to set all objects to public read.

Question 53

Detailed Monitoring is used by

Answer 53

Cloudwatch for Ec2 (Data is available in 1-minute periods for an additional cost)

Question 54

EnhancedMonitoring is used for

Answer 54

RDS Cloudwatch (except for db.m1.small)

Question 55

Amazon Cloudwatch Logs vs CloudWatch Logs Agent vs Cloudwatch Agent

Answer 55

Amazon CloudWatch Logs to monitor, store, and access your log files from Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, Route53, and other sources

CloudWatch Logs agent provides an automated way to send log data to CloudWatch Logs from Amazon EC2 instances

CloudWatch agent - Collect logs from Amazon EC2 instances and on-premises servers, running either Linux or Windows Server

Question 56

Amazon Kinesis Data Firehose is the

Answer 56

easiest way to load streaming data into data stores and analytics tools.

Question 57

Amazon Kinesis is the streaming data platform of AWS and has four distinct services under it:

Answer 57

1. Kinesis Data Firehose,
2. Kinesis Data Streams,
3. Kinesis Video Streams, and
4. Amazon Kinesis Data Analytics

Question 58

Active-Active Failover

Answer 58

when you want all of your resources to be available the majority of the time

Question 59

Active-Passive Failover

Answer 59

when you want a primary resource or group of resources to be available the majority of the time and you want a secondary resource or group of resources to be on standby in case all the primary resources become unavailable

Question 60

The following VPC peering connection configurations are not supported.

Answer 60

1. Overlapping CIDR Blocks
2. Transitive Peering
3. Edge to Edge Routing Through a Gateway or Private Connection

Question 61

Valid VPC Peering configurations:

Answer 61

1. Two VPCs peered to a specific CIDR block in one VPC
2. One to one relationship between two Virtual Private Cloud networks
3. One VPC Peered with two VPCs using longest prefix match

Question 62

You can use a combination of EC2 and SWF for the following scenarios:

Answer 62

1. Managing a multi-step and multi-decision checkout process of an e-commerce mobile app.
2. Orchestrating the execution of distributed business processes

Question 63

Elasticache is the best option for

Answer 63

distributed session management.