Deck 3 Flashcards
How many servers can you have per AZ in a spread placement group?
7
Which AWS service can you use to import data from supported databases into AWS Redshift?
DMS (Database Migration Service)
What subnet and VPC combinations are allowed when using the VPC Creation Wizard?
VPC with a single public subnet
VPC with public and private subnets (NAT)
VPC with public and private subnets and with hardware VPN access
VPC with a private subnet only and hardware VPN access
What is the best way to reuse code in multiple Lambda functions?
Create a Lambda layer
Which VPC does a Lambda function usually run in, and what do you need to do if you change this?
They run in an AWS owned VPC by default
If you run a Lambda function in your own VPC it will need a route through a NAT gateway to access public resources.
What type of access control gives user level control, but not AWS account level control for S3 buckets?
IAM Policies
What type of access control gives AWS account level control, but not user level control for S3 buckets?
ACLs
What type of access control gives both AWS account level control and user level control for S3 buckets?
Bucket Policies
What is the best way to improve S3 upload speed?
Use multipart uploads (allows for parallel uploads)
Use Amazon S3 Transfer Acceleration (transfers file to an edge location)
(do not accept Global Accelerator as an answer)
What is the most efficient way to send data from AWS S3 to Kinesis Data Streams?
AWS DMS service
Which storage classifications can S3 Storage Class Analysis offer recommendations for?
Standard IA only.
How could you prevent another website from using your assets in a public S3 bucket?
Remove the public read access and use pre-signed URLs with expiry dates.
What AWS services would you use to implement a “follow” feature in a DynamoDB social network?
DynamoDB Stream, with an AWS Lambda trigger to process the data and publish to an SNS topic.
What happens if there is an explicit deny in an IAM policy?
All other allows are overriden.
What is the correct tool to use for mitigating DDoS attacks?
AWS Shield Advanced
What is the best way to take data from an EC2 application with an RDS database, and push it through a distributed processing system?
On the EC2 instance, create a function or procedure to invoke a Lambda function. Configure the function to send event notifications to an SQS queue to be processed by the distributed system.
What two AWS services could you use to store web session data?
ElastiCache and DynamoDB
Does Amazon ECS support resource-based policies?
No - you need to use IAM (execution) roles instead.
What’s the best way to get detailed monitoring of your RDS instance, including percentage of CPU bandwidth and memory used by each process?
Enabling enhanced monitoring in RDS
How would you enable a lot of employees to use S3 to store their personal documents?
Set up a Federation Proxy or Identify provider and use AWS Security Token Service to generate temporary tokens and set up an IAM Policy and Role to allow access to S3.
List the standard EC2 Cloudwatch metrics
Broad statistics:
- CPU Utilisation
- Disk read and write
- Network in/out
How would you protect a serverless, API application in times of large traffic spikes?
Enable throttling limits and result caching in API Gateway
What is an HTTP 504 error?
A Gateway Timeout server error, caused but it not being able to communicate with an upstream server in time
Given a company that needs to have a minimum of two EC2 instances for its normal application workload, and that they want it to be highly available and fault tolerant, scaling up to a maximum of six EC2 instances for high loads, how would you size the auto-scaling groups across AZs to facilitate this?
Create an Auto Scaling group with two instances in each AZ, and a maximum capacity of six instances.