Domain 4: Design Cost-Optimized Architectures Flashcards

1
Q

A car insurance company keeps specific details about accidents on file for a year, for quick retrieval, and then archives those files to long-term storage. The files are mainly accessed in the first 30 days. A recent audit has approved the general steps they are taking but pointed out many deficiencies in the technologies they are using. You have been hired as a consultant to come up with an automated solution. Your solution will recommend AWS storage options. What storage options could you recommend to meet the lifecycle requirements outlined, provide high availability, and offer the most savings?

Store the accident files in S3 for 30 days, then have the lifecycle policy move them to S3-IA. After a year, move them to Glacier.

Store the accident files in EBS volumes for a year, then migrate them to Glacier.

Store the accident files in S3 for a year, then have the lifecycle policy move them to S3 IA.

Store the accident files in Glacier for maximum cost savings.

A

Store the accident files in S3 for 30 days, then have the lifecycle policy move them to S3-IA. After a year, move them to Glacier.

To manage your objects so they are stored cost-effectively throughout their lifecycle, configure their Amazon S3 Lifecycle. An S3 Lifecycle configuration is a set of rules that defines actions that Amazon S3 applies to a group of objects. There are 2 types of actions: Transition actions define when objects transition to another storage class. For example, you might choose to transition objects to the S3 Standard-IA storage class 30 days after you created them, or archive objects to the S3 Glacier storage class 1 year after creating them. Expiration actions define when objects expire. Amazon S3 deletes expired objects on your behalf. The lifecycle expiration costs depend on when you choose to expire objects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

You have been tasked with migrating an application and the servers it runs on to the company AWS cloud environment. You have created a checklist of steps necessary to perform this migration. A subsection in the checklist is security considerations. One of the things that you need to consider is the shared responsibility model. Which option does AWS handle under the shared responsibility model?

Client-side data encryption

User Authentication

Physical hardware infrastructure

Firewall configuration

A

Physical hardware infrastructure

Security and compliance is a shared responsibility between AWS and the customer. This shared model can help relieve the customer’s operational burden as AWS operates, manages, and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates. The customer assumes responsibility for, and management of, the guest operating system (including updates and security patches), other associated application software, and the configuration of the AWS provided security group firewall. Customers should carefully consider the services they choose, as their responsibilities vary depending on the services used, the integration of those services into their IT environment, and applicable laws and regulations. The nature of this shared responsibility also provides the flexibility and customer control that permits the deployment.

AWS responsibility “Security of the Cloud”: AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services.

https://aws.amazon.com/compliance/shared-responsibility-model/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

After an IT Steering Committee meeting, you have been put in charge of configuring a hybrid environment for the company’s compute resources. You weigh the pros and cons of various technologies based on the requirements you are given. The main requirements to drive this selection are overall cost considerations and the ability to reuse existing internet connections. Which technology best meets these requirements?

AWS Direct Connect.

AWS Site-to-Site VPN.

VPC Peering.

AWS Direct Gateway.

A

AWS Site-to-Site VPN.

AWS Site-to-Site VPN lets you reuse existing VPN equipment and processes and also lets youe reuse existing internet connections. Reference: Network-to-Amazon VPC connectivity options

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You work for a Defense contracting company. The company develops software applications which perform intensive calculations in the area of Mechanical Engineering related to metals for ship building. The company competes for and wins contracts that typically range from 1 year to up to 5 years. These long-term contracts mean that the duration of your need for EC2 instances can be matched to the length of these contracts, and then extended if necessary. The main requirement is consistent performance for the duration of the contract. Which EC2 purchasing option provides the best value, given these long-term contracts?

On-Demand

Spot

Reserved

Dedicated Host

A

Reserved

Correct: Longer-term contracts such as this are ideally suited to gain maximum value by using reserved instances. Amazon EC2 provides the following purchasing options to enable you to optimize your costs based on your needs: On-Demand Instances – Pay, by the second, for the instances that you launch. Savings Plans – Reduce your Amazon EC2 costs by making a commitment to a consistent amount of usage, in USD per hour, for a term of 1 or 3 years. Reserved Instances – Reduce your Amazon EC2 costs by making a commitment to a consistent instance configuration, including instance type and region, for a term of 1 or 3 years. Scheduled Instances – Purchase instances that are always available on the specified recurring schedule, for a one-year term. Spot Instances – Request unused EC2 instances, which can reduce your Amazon EC2 costs significantly. Dedicated Hosts – Pay for a physical host that is fully dedicated to running your instances, and bring your existing per-socket, per-core, or per-VM software licenses to reduce costs. Dedicated Instances – Pay, by the hour, for instances that run on single-tenant hardware. Capacity Reservations – Reserve capacity for your EC2 instances in a specific Availability Zone for any duration. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-purchasing-options.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A company is running a teaching application which is consumed by users all over the world. The application is translated into 5 different languages. All of these language files need to be stored somewhere that is highly-durable and can be accessed frequently. As content is added to the site, the storage demands will grow by a factor of five, so the storage must be highly-scalable as well. Which storage option will be highly-durable, cost-effective, and highly-scalable?

RDS

Amazon S3

Glacier

EBS Instance Store Volumes

A

Amazon S3

Amazon S3 is object storage built to store and retrieve any amount of data from anywhere on the Internet. It’s a simple storage service that offers an extremely durable, highly-available, and infinitely-scalable data storage infrastructure at very low costs.

The total volume of data and number of objects you can store are unlimited. Individual Amazon S3 objects can range in size from a minimum of 0 bytes to a maximum of 5 terabytes. The largest object that can be uploaded in a single PUT is 5 gigabytes. For objects larger than 100 megabytes, customers should consider using the Multipart Upload capability.

Amazon S3 offers a range of storage classes designed for different use cases. These include S3 Standard for general-purpose storage of frequently accessed data, S3 Intelligent-Tiering for data with unknown or changing access patterns, S3 Standard-Infrequent Access (S3 Standard-IA), S3 One Zone-Infrequent Access (S3 One Zone-IA) for long-lived, but less frequently accessed data, Amazon S3 Glacier (S3 Glacier), and Amazon S3 Glacier Deep Archive (S3 Glacier Deep Archive) for long-term archive and digital preservation.

https://aws.amazon.com/s3/faqs/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

You have been assigned the review of the security in your company AWS cloud environment. Your final deliverable will be a report detailing potential security issues. One of the first things that you need to describe is the responsibilities of the company under the shared responsibility model. Which measure is the customer’s responsibility?

Managing underlying network infrastructure

EC2 instance OS patching

Physical security of data centers

Virtualization infrastructure

A

EC2 instance OS patching

https://d0.awsstatic.com/whitepapers/aws-security-best-practices.pdf

Security and compliance is a shared responsibility between AWS and the customer. This shared model can help relieve the customer’s operational burden as AWS operates, manages, and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates. The customer assumes responsibility for, and management of, the guest operating system (including updates and security patches), other associated application software, and the configuration of the AWS provided security group firewall. Customers should carefully consider the services they choose, as their responsibilities vary depending on the services used, the integration of those services into their IT environment, and applicable laws and regulations. The nature of this shared responsibility also provides the flexibility and customer control that permits the deployment. As shown in the chart below, this differentiation of responsibility is commonly referred to as Security “of” the Cloud versus Security “in” the Cloud.

Customers that deploy an Amazon EC2 instance are responsible for management of the guest operating system (including updates and security patches), any application software or utilities installed by the customer on the instances, and the configuration of the AWS-provided firewall (called a security group) on each instance.

https://aws.amazon.com/compliance/shared-responsibility-model/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The CFO of your company approaches you and inquires about cutting costs in your AWS account. One area you are able to identify for cost cutting is in S3. There is data in S3 that is very rarely used and has only been retained for audit purposes. You decide to archive this data to a cheaper storage solution. Which AWS solution would meet this requirement?

Write a cron job to archive the data to DynamoDB.

Use a lifecycle policy to archive the data to Redshift.

Use a lifecycle policy to archive the data to Glacier.

Use a lifecycle policy to archive the data to Amazon SQS.

A

Use a lifecycle policy to archive the data to Glacier.

Correct: Using S3 Lifecycle configuration, you can transition objects to the S3 Glacier or S3 Glacier Deep Archive storage classes for archiving. When you choose the S3 Glacier or S3 Glacier Deep Archive storage class, your objects remain in Amazon S3. You cannot access them directly through the separate Amazon S3 Glacier service. https://docs.aws.amazon.com/AmazonS3/latest/dev/lifecycle-transition-general-considerations.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

You are put in charge of your company’s Disaster Recovery planning. As part of this plan, you intend to create all of the company infrastructure with CloudFormation templates. The templates can then be saved in another region and used to launch a new environment in case of disaster. What determines the costs associated with CloudFormation templates?

There is a cost per template and discounts for over 100 templates.

It depends whether the resources in the template are in the free tier.

There is no cost for templates, but when deployed, the resources created may accumulate charges.

The distance of the region from the home region.

A

There is no cost for templates, but when deployed, the resources created may accumulate charges.

Correct: There is no additional charge for using AWS CloudFormation with resource providers in the following namespaces: AWS::, Alexa::, and Custom::*. In this case you pay for AWS resources (such as Amazon EC2 instances, Elastic Load Balancing load balancers, etc.) created using AWS CloudFormation as if you created them manually. You only pay for what you use, as you use it; there are no minimum fees and no required upfront commitments. When you use resource providers with AWS CloudFormation outside the namespaces mentioned above, you incur charges per handler operation. Handler operations are create, update, delete, read, or list actions on a resource.

https://aws.amazon.com/cloudformation/pricing/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A previous cloud engineer deployed several Amazon EC2 instances within your AWS account. You have recently taken over control of the account and have noticed there is a significant amount of idle and underutilized instances in place. Hundreds of instances are within the account, and you do not have the time to go through each instance and manually check all of them.

Which AWS service allows you to kick off the collection of metrics and generate recommendations for incorrectly sized EC2 instances?

AWS Budgets

AWS Cost and Usage Reports

Amazon CloudWatch dashboards

AWS Compute Optimizer

A

AWS Compute Optimizer

AWS Compute Optimizer allows you to automate the collection of metrics for underutilized and underperforming compute instances. It can then generate recommendations for you to save money.

Reference: What Is AWS Compute Optimizer?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Your company is storing stack traces for application errors in an S3 bucket. The engineers using these stack traces review them when addressing application issues. It has been decided that the files only need to be kept for four weeks; then, they must be purged. How can you meet this requirement in S3?

Create a bucket policy to purge the rules after one month.

Add an S3 Lifecycle rule to archive these files to Glacier after one month.

Write a cron job to purge the files after one month.

Configure the S3 Lifecycle rules to purge the files after a month.

A

Configure the S3 Lifecycle rules to purge the files after a month.

To manage your objects so that they are stored cost-effectively throughout their lifecycle, configure their Amazon S3 Lifecycle. An S3 Lifecycle configuration is a set of rules that define actions that Amazon S3 applies to a group of objects. There are two types of actions:

Transition actions define when objects transition to another storage class. For example, you might choose to transition objects to the S3 Standard-IA storage class 30 days after you created them, or archive objects to the S3 Glacier storage class one year after creating them.

Expiration actions define when objects expire. Amazon S3 deletes expired objects on your behalf.

The lifecycle expiration costs depend on when you choose to expire objects. Reference: Managing Your Storage Lifecycle

Selected

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A software company is looking for compute capacity in the cloud for a fault-tolerant and flexible application. The application is not mission-critical, so occasional downtime is acceptable. What type of EC2 servers can be used to meet these requirements at the lowest cost?

Dedicated Hosts

Reserved

On-Demand

Spot

A

Spot

You can use Spot Instances for various fault-tolerant and flexible applications. Examples include web servers, API backends, continuous integration/continuous development, and Hadoop data processing.

You can also take advantage of Spot Instances to run and scale applications such as stateless web services, image rendering, big data analytics, and massively parallel computations. Spot Instances are typically used to supplement On-Demand Instances, where appropriate, and are not meant to handle 100% of your workload. However, you can use all Spot Instances for any stateless, non-production application, such as development and test servers, where occasional downtime is acceptable. They are not a good choice for sensitive workloads or databases.

https://docs.aws.amazon.com/whitepapers/latest/cost-optimization-leveraging-ec2-spot-instances/when-to-use-spot-instances.html

Selected

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

You are consulting for a state agency focused on the state lottery. You have been given a task to have 2 million bar codes created as quickly as possible. This will require EC2 instances and an average CPU utilization of 70% for each of them. So you plan to spin up 10 EC2 instances to create the bar codes. You estimate the instances will complete the job from around 11 p.m. to 1 a.m. You don’t want the instances sitting idle for up to 9 hours until the next morning. What can you do to terminate these instances when they are done?

You can create a CloudWatch alarm that is triggered when the average CPU utilization percentage has been lower than 5% for 15 minutes and terminates the instance.

Write a Python script that queries the instance status. Also, write a Lambda function that can be triggered upon a certain status and terminate the instance.

Write a cron job that queries the instance status. Also, write a Lambda function that can be triggered upon a certain status and terminate the instance.

Write a cron job that queries the instance status. If a certain status is met, have the cron job kick off CloudFormation to terminate the existing instance, and create a new instance from a template.

A

You can create a CloudWatch alarm that is triggered when the average CPU utilization percentage has been lower than 5% for 15 minutes and terminates the instance.

Adding Terminate Actions to Amazon CloudWatch Alarms: “You can create an alarm that terminates an EC2 instance automatically when a certain threshold has been met (as long as termination protection is not enabled for the instance). For example, you might want to terminate an instance when it has completed its work, and you don’t need the instance again. If you might want to use the instance later, you should stop the instance instead of terminating it. For information about enabling and disabling termination protection for an instance, see “Enabling Termination Protection for an Instance” in the Amazon EC2 User Guide for Linux Instances.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Your application team has been approved to create a new machine learning application over the next two years. You intend to leverage numerous Amazon SageMaker instances and components to back your application. Your manager is worried about the cost potential of the services involved.

How could you maximize your savings opportunities for the Amazon SageMaker service?

Purchase a one-year All Upfront SageMaker Savings Plan. This applies to all SageMaker instances and components within any AWS Region.

Purchase a three-year All Upfront Compute Savings Plan. This applies to all SageMaker instances and components within any AWS Region.

Purchase a one-year All Upfront Compute Savings Plan. This applies to all SageMaker instances and components within any AWS Region.

Purchase a three-year All Upfront SageMaker Savings Plan. This applies to all SageMaker instances and components within any AWS Region.

A

Purchase a one-year All Upfront SageMaker Savings Plan. This applies to all SageMaker instances and components within any AWS Region.

SageMaker Savings Plans offer the maximum savings potential for all SageMaker components, and the one-year agreement type falls within the two-year period.

Reference: What Are Savings Plans?

Reference: Amazon SageMaker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly