Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS SAA3 > EC2 > Flashcards

EC2 Flashcards

1
Q

What two resource tags are supported for an EC2 instance?

  1. VPC endpoint
  2. EIP
  3. network interface
  4. security group
  5. Flow Log
A
  1. VPC endpoint
  2. EIP
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

You wish to provide shared network storage to mount on multiple EC2 Windows Instances. How would this be accomplished?

  • Create an Elastic File System (EFS) regional mount; mount the share on each Instance with NFS v4.1
  • Create Elastic File System (EFS) mount targets in each AZ; mount the share on each Instance with NFS v4.0
  • Create Elastic File System (EFS) mount targets in each AZ; mount the share on each Instance with the SMB protocol
  • None of the above
A

None of the above

None of these options are correct. All 3 options are incorrect because EFS does not support the Windows OS. Only Linux instances are supported for EFS. “Create Elastic File System (EFS) mount targets in each AZ; mount the share on each Instance with the SMB protocol” is incorrect as well because the EFS service does not provide an SMB share option; only NFS v4.0 or 4.1 are supported on EFS. At the time of this writing, a new service was announced called FSx which is designed for Windows shares. FSx will provide SMB shares for Windows or Linux instances; and fully supports Active Directory permissions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a Security Group ID format, prefix?

A

sg-xxxxxxxxxxxxxxxx is the typical format of a security group ID.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You’re running an application that needs to be highly available in eu-west-1. In order for this application to function correctly, 10 related EC2 instances must running at all times. Which of the following deployments provides the ability to meet the requirements should an AZ go down? (choose 2)

  • 3 EC2 instances in eu-west-1a, 3 EC2 instances in eu-west-1b, and 3 EC2 instances in eu-west-1c.
  • 10 EC2 instances in eu-west-1a, 0 EC2 instances in eu-west-1b, and 10 EC2 instances in eu-west-1c
  • 4 EC2 instances in eu-west-1a, 4 EC2 instances in eu-west-1b, and 2 EC2 instances in eu-west-1c.
  • 5 EC2 instances in eu-west-1a, 5 EC2 instances in eu-west-1b, and 5 EC2 instances in eu-west-1c
A

Should an AZ go down, only the answers of 5,5,5 or 10,0,10 EC2 instances are correct because if you take out one of those AZs, you would still have 10 EC2 instances running. Of course 10,10,10 will be more expensive, butit is still a valid answer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following EC2 operating systems is NOT supported by CloudWatch?

  • Amazon Linux
  • Debian
  • Ubuntu
  • None of these.
A

All EC2 operating systems are supported by CloudWatch.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following statements is TRUE.

  • It is possible to use Autoscaling with EBS, rather than EC2.
  • It is possible to configure an Autoscaling Group to repair degraded EBS volumes, without the need to terminate the EC2 instances.
  • You are able to attach multiple EBS volumes to an EC2 instance.
  • You are able to attach multiple EC2 instances to an EBS Volume.
A

You are able to attach multiple EBS volumes to an EC2 instance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

You have created an EC2 Instance into a Subnet. You later need to change the subnet the EC2 instance is directly attached to. How can this be achieved?

  • Simply move the EC2 instance by shutting it down, moving the instance and starting it back up
  • Shutdown, snapshot the EC2 instance, and deploy a new instance from the snapshot
  • Move the eth0 ENI to the new subnet
  • Create a new ENI in the new Subnet, remove the original Eth0 ENI, and mount the new ENI to the EC2 instance.
A
  • Shutdown, snapshot the EC2 instance, and deploy a new instance from the snapshot

An EC2 instance cannot be directly moved. If you snapshot the EC2 instance, a new EC2 instance can be created in a new subnet. “Simply move the EC2 instance by shutting it down, moving the instance and starting it back up” is incorrect because it cannot be moved. “Move the eth0 ENI to the new subnet” and “Create a new ENI in the new Subnet, remove the original Eth0 ENI, and mount the new ENI to the EC2 instance.” are incorrect because Eth0 cannot be removed or moved.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What two types of status checks run every minute on a running EC2 Instance? (Select 2)

  • System Status Checks
  • Application Status Checks
  • Network Status Checks
  • Instance Status Checks
A
  • Instance Status Checks
  • System Status Checks

System Status Checks monitor the health of the EC2 host your instance is running on. This includes watching for loss of power, loss of network connectivity, and software/hardware issues on the host that impairs reachability. Instance Status Checks monitors for software or network issues on your EC2 Instance, including failed System Status Checks, network misconfiguration, exhausted memory, and corrupt file systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

You have suggested moving your company’s web servers to AWS, but your supervisor is concerned about cost. Which of the following deployments will give you the most scalable and cost-effective solution?

  • A hybrid solution that leverages on-premise resources
  • A solution that’s built to run 24/7 at 100% capacity, using a fixed number of T2 Micro instances
  • An EC2 auto-scaling group that will expand and contract with demand
  • None of these options
A

An Auto-Scaling group of EC2 instances will exactly match the demand placed on your servers, allowing you to pay only for the compute capacity you actually need.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You require a stateful firewall option for your EC2 instances, what service provides this?

  • Network Access Control List (NACL)
  • Security Group
  • AWS WAF
  • AWS Firewall Manager
A

Security group provides a stateful firewall.

NACL is stateless, WAF is not a traditional firewall and is designed for web applications, but not to act as a full firewall. Lastly Firewall manager simply coordinates and manages firewall rules throughout your organization and is not a firewall itself.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What method detects when to replace an EC2 instance that is assigned to an Auto-Scaling group?

  • health check
  • load balancing algorithm
  • EC2 health check
  • not currently supported
  • dynamic path detection
  • Auto-Scaling
A

health check

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

You have an EC2 instance with a Security Group attached. This security group is configured to only allow traffic to/from 10.0.0.0/16. A collegue has also configured a NACL on the private subnet that the instance resides on, and this NACL is configured to block all traffic, except where the destination is in 10.0.1.0/24. What will happen when the instance attempts to access IP 192.168.0.12 on port 80?

  • The traffic will be allowed as it is still within a private range
  • The security group will block the traffic before it is evaluated by the NACL
  • The traffic will be blocked simultaneously by the Security Group and NACL
  • The NACL will block the traffic before it is evaluated by the security group
A
  • The security group will block the traffic before it is evaluated by the NACL

With outbound traffic, Security Groups are evaluated first, then NACLs. The security group is configured to only allow traffic where the destination is 10.0.0.0/16, and as 192.168.0.12 does not fall within this range it will be blocked by the security group before it reaches the NACL.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which statements are true of Security Groups? (Select 2)

  • Security Groups are Stateful. Traffic allowed through in one direction will be allowed through the other direction.
  • Security Groups are Stateless. For traffic to flow, an Inbound and Outbound rule must be created allowing the traffic
  • Security Groups control inbound and outbound traffic destined for a resource
  • Security Groups control inbound and outbound traffic destined for a subnet
A
  • Security Groups are Stateful. Traffic allowed through in one direction will be allowed through the other direction.
  • Security Groups control inbound and outbound traffic destined for a resource

“Security Groups are Stateful. Traffic allowed through in one direction will be allowed through the other direction” & “Security Groups are Stateful. Traffic allowed through in one direction will be allowed through the other direction” are true of Security Groups. The other answers describe Access Control Lists in a VPC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is unique about the “T” family EC2 instance type?

  • The T family is a burstable resource
  • The T family is for development use only
  • The T family is a Temporary instance
  • The T family is a Testing instance
A

The T family is a burstable resource, managed through Credits. Credits are earned when the instance operates its CPU below the baseline, while consuming credits when operating its CPU above the baseline.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the name of the service or feature that will create and terminate EC2 instances when utilization changes?

  • Predictive Capacity Planning
  • EC2 Auto Scaling
  • EC2 Auto Provisioning
  • EC2 Auto Recovery
A

EC2 Auto Scaling

EC2 Auto Scaling is a service in AWS which will manage the capacity of our EC2 instances. It will not make instances bigger or smaller (vertical scaling); it adds nodes and removes them to create a horizontal scaling mechanism. Predictive Capacity Planning and EC2 Auto Provisioning are wrong because they are not real features or products in AWS. EC2 Auto Recovery is a feature in AWS which can be enabled but it is not for scaling but rather recovery of failed resources and actually should not be used in conjunction with Auto Scaling.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

You have been running a handful of EC2 instances for an extended period of time and are now ready to purchase some Reserved Instances (RI’s). What is not a valid EC2 Reserved Instance option?

  • Standard RI, 2 year term, paid up front
  • Convertible RI, 3 year term, paid partially up front
  • Standard RI, 1 year term, no upfront payment
  • Scheduled RI, 1 year term, scheduled for 1 hour a day
A

“Standard RI, 2 year term, paid up front”

“Standard RI, 2 year term, paid up front” is not a valid RI term, as RI’s are only offered in either 1 or 3 year terms. 2 year terms are not an option. All other options listed are possible. All options allow for 3 payment options, all up front, partial up front, or no up front. There are both Standard, Convertible, and Scheduled RI options.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

You are running an instance from the AWS Spot Market. When AWS requires use of the spot resource, you will receive a warning. Where is this warning provided? (Choose 2)

  • A CloudWatch Event rule
  • A Trusted Advisor notification
  • Within the EC2 meta-data
  • A message in an SQS queue
A
  • A CloudWatch Event rule
  • Within the EC2 meta-data

EC2 Spot instances provide a warning if the instance is flagged for removal. That warning can be provided via the EC2 meta-data, as well as via a CloudWatch Event Rule. Trusted Advisor does not monitor EC2 Spot warnings, nor is an SQS Queue used for this purpose

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Name the feature now available to T2 and T3 instances, that allow it to perform above baseline CPU performance even if you run out of CPU Credits.

  • T2/T3 Max
  • T2/T3 Standard
  • T2/T3 Unlimited
  • T2/T3 Limitless
A

T2/T3 Unlimited

is the name of the feature that allows this instance family to maintain CPU performance above the baseline regardless of your CPU Credit balance. The price to maintain this feature is built in to the cost of the instance when this feature is active.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Application Developers need a virtual server to push code into production once functionality is confirmed. According to the Tech Lead, the EC2 instance to be configured should not only have the ability to burst above its baseline performance, but also support network speeds of up to 5 Gbps.. Which of the following instance choices will be most suitable for the production server?

  • a1.xlarge
  • c5.large
  • t2.medium
  • t3.medium
A
  • t3.medium

Neither the A1 instance nor the C5 one is burstable. Although T2 instances are burstable, they do not meet the network performance requirements dictated by the Tech Lead. T3 instances are not only burstable, but they also provide a network performance of up to 5 Gbps.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

You are developing a disaster recovery model and need to ensure that capacity is available upon request. What is a way to ensure capacity will exist when it is required?

  • Do nothing; on-demand pricing will guarantee capacity
  • Reserved Instance can allow for capacity guarantees
  • There is no way to guarantee capacity
  • Enable DR capacity options when launching EC2 instances
A
  • Reserved Instance can allow for capacity guarantees

Reserved Instances have an option to have capacity guarantees defined. This will ensure the capacity exists when it is required; keeping in mind, an RI is paid for whether it is used or not. On-Demand does not provide any guarantees for capacity. And there is no DR capacity options for EC2.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is the minimum volume size of a Throughput Optimized HDD (st1)?

  • 1GiB
  • 100GiB
  • 500GiB
  • 1 TiB
A

Currently, the minimum size for both st1 and sc1 volume types is 500GiB.

22
Q

You have a file server and require the use of tiered storage options. You will require about 10,000 IOPS at the peak for your active data. You have a lot of data that is stale/inactive but needs to be presented through the file server as well for immediate access as needed (cannot be archived). What storage volumes should be leveraged to meet this?

  • Provisioned IOPS for the active data, and General Purpose SSD volume type for stale data
  • Use EC2 Instance Storage for the Active data due to its high performance, and utilize General Purpose SSD for the stale data
  • Use General Purpose SSD for the active data, while using the Cold HDD volume type for the stale data
  • None of the above will meet this need
A

Use General Purpose SSD for the active data, while using the Cold HDD volume type for the stale data

Currently, General Purpose SSD can be provisioned to accommodate up to 16,000 IOPS depending on its provisioned size. In addition, Cold HDD volumes are great for workloads requiring 250 IOPS or less and 250 MiB/s or less. If more IOPS or Throughput are required, a few of these volumes could be striped to accomplish more throughput. The Cold HDD EBS volume type is approximately ¼ the cost of the General Purpose SSD type. The reason “Provisioned IOPS for the active data, and General Purpose SSD volume type for stale data” is a poor choice is because provisioned IOPS are not needed here and will be substantially more expensive. In addition, General Purpose SSD would be 4 times the cost of Cold HDD for the stale data needs.

23
Q

Which of the following may happen when an EC2 instance with an associated Elastic IP is stopped and restarted? (choose 2)

  • The underlying host for the instance may be changed.
  • All data on instance-store devices will be lost.
  • The Elastic IP will be disassociated from the instance.
  • The Elastic Network Interface will be detached.
A
  • The underlying host for the instance may be changed.
  • All data on instance-store devices will be lost.

When such an instance is stopped and restarted, the instance will restart on a different physical host, and all instance-store data will be lost.

24
Q

What are two attributes that define an EC2 instance type?

  • vCPU
  • license type
  • EBS volume storage
  • IP address
  • Auto-Scaling
A

vCPU
EBS volume storage

25
Q

What is not a valid EC2 cost metric?

  • Cross-AZ data transfer
  • EC2 Per second Fee
  • Percentage of CPU utilization
  • Data transfer out of the region
A

Percentage of CPU utilization

You are not charged for CPU cycles or actual utilization. AWS does not oversubscribe its resources, thus when you are running an EC2 instance, as far as AWS is concerned, it is 100% utilized as they cannot use those resources. Whether your instance is running at 0% CPU or 100% the cost is the same. The rest are all valid cost measurements.

26
Q

You wish to request 100 spot instances together at once for a large job. What service offering will achieve this?

  • Standard spot request. Just define the quantity required when submitting a spot request
  • Spot Fleet
  • Spot Cluster
  • Standard spot request, one at a time; though all hundred could be requested with 100 requests
A
  • Spot Fleet

The spot fleet option allows one to potentially request thousands of instances at once. Spot fleet allows one to also incorporate the ability for the service to select on-demand if spot resources are unavailable to meet the need.

27
Q

When enabling an Auto-Assigned Public IP Address when launching an EC2 instance, which of the following statements is true?

  • The Public IP Address is persistent for the life of your EC2 instance, and will not be released unless you terminate the instance
  • The Public IP Address is dynamic, and a new address will be assigned to your instance every time you restart or shutdown
  • The Public IP Address is dynamic, and a new address will be assigned to your instance every 7 days
  • The Public IP address is dynamic, and a new address will be assigned any time you shut down the instance, but will persist through reboots.
A

An Auto-Assigned Public IP Address is dynamic, and a new address will be assigned any time you shut down the instance,

An Auto-Assigned Public IP Address is dynamic, and a new address will be assigned any time you shut down the instance, due to instances potentially moving to a different host once you restart it. Note: Elastic IP Addresses are persistent, and will remain so through restarts, shutdowns, and even terminations, as they are not tied to any specific instance.

28
Q

An EC2 instance requires a Reserved Instance purchase. You are unsure if the instance family in use is going to be what you will retain for the life of the contract. What reserved instance type would be best suited for this scenario?

  • Standard Reserved Instance
  • Convertible Reserved Instance
  • Dedicated Reserved Instance
  • Do not buy an RI since they cannot be modified and we are uncertain of the instance future needs.
A

Convertible Reserved Instance

Convertible Reserved Instances allow for extreme flexibility around instance size, type, and even OS needs. Standard Reserved Instance allows for instance sizes to be adjusted (if Linux) and can also be split or merged (1 contract split into multiple, or multiple merged into 1). One main requirement, however, is that the contract is bound to the region in question.

29
Q

You have an EC2 instance that may be moving to another region within 3 months; however you are evaluating the use case to move this to a Reserved Instance. What is the ideal course of action here?

  • Purchase a Convertible Reserved Instance so that it can be exchanged with an RI in another region when that time comes
  • Purchase a Standard Reserved Instance, since we will not be changing the terms, instance types, or OS, a Convertible Reserved Instance is unnecessary and a Standard Reserved Instance can still be moved to another region when that time comes
  • Do not purchase an RI until the future is known
A

Do not purchase an RI until the future is known

RI’s cannot be moved across Regions. As such, either do not purchase an RI until the move to a new region takes effect; or, if enough time is to pass before the move takes place. As an example, an RI may have a break-even point (compared to On-Demand) of 4 or 5 months. If the move is to not take place for 6 months, then we may still want to consider an RI anyhow and would then allow us to have additional “free” compute capacity the remaining 6 months in that region should it be needed.

30
Q

You put a bid into the EC2 spot market. The current spot price is $0.054 and you bid $0.075 for the instance and your request is fulfilled. The on-demand price is $0.09. What rate are you going to pay?

  • $0.054
  • $0.075
  • $0.090
  • Not enough information
A
  • $0.054

When bidding for spot EC2 instances, your bid is treated as a limit on what you’re willing to pay; you will not pay your bid price, but rather the current spot price. The on-demand price is irrelevant.

31
Q

You wish to scale an EC2 Auto Scaling group out and in at specified times of the day. What function is used to accomplish this?

  • CRON Actions
  • Scheduled Actions
  • Dynamic Scaling with a CRON schedule defined
  • This cannot be done natively. A lambda function needs to be configured to force the scaling to occur at the intervals defined.
A

Scheduled Actions

32
Q

An ALB will route traffic to multiple groups of EC2 Instances per routing rules. What is the name of the EC2 Instance groups?

  • Target Groups
  • Cluster Groups
  • Bundle Groups
  • Collection Groups
A

The name of a back-end ALB group is a Target Group. All other options listed here do not exist.

33
Q

When selecting an EC2 instance type for your application, it’s important to know which of the following? (select 2)

  • The peak expected usage
  • The memory requirements
  • The required number of I/O operations
  • The location from which most traffic comes
A
  • The memory requirements
  • The required number of I/O operations

Of the answers offered, the EC2 instance you choose will be determined by the number of I/O operations needed, as well as the anticipated amount of memory required. There are other parameters that should be considered, but they are not offered in the answers.

34
Q

EC2 Instance A connects directly to port 80 on EC2 Instance B in another AZ within the same VPC. The communication appears to be blocked. How many SG rules, and NACL rules are traversed which would need to be investigated?

  • 2 SG’s, 0 NACL
  • 4 SG’s, 2 NACL
  • 2 SG’s, 2 NACL
  • 2 SG’s, 4 NACL
  • Since NACLs are optional, we cannot know for sure without more information
A

2 SG’s, 4 NACL

Each EC2 instance is in a different AZ, we are dealing with 2 Subnets. Each subnet will have an inbound rule and outbound rule for a NACL – being stateless each rule is handled independently. Though NACLs are thought to be “Optional” they are not – every subnet has them, its just that the default rule is set to allow all. We would need to make sure that rule has not been modified from its original, and if so make sure it permits the proper traffic. This makes 4 total NACL’s involved in the communication flow. One to exit the first subnet, one to enter the second. Then the return traffic will need to exit the subnet and enter the original subnet – each with its own rules. Security groups impacted in this flow would be one outbound from EC2 A, and one Inbound to EC2 B. This makes a total of 6 rules that must be evaluated.

35
Q

You have established 2 EC2 instances for a legacy public facing application. One system is the primary active server, the second is a hot standby. Both servers are not able to accept traffic at the same time as only one can be “active” at any given time. Each are in a different AZ. You wish to create a High Availability architecture. You must be able to recover from a failure within 10 minutes. Which option is NOT viable?

  • Put a load balancer in front of both instances, and keep the second instance in an “out of service” state. In the event of a failure, the secondary node can be placed in service, and the one failing will be taken out of service. Disable the connection draining feature of the load balancer.
  • Create a steady state auto scaling EC2 group. Instead of creating 2 instances, only one will exist at any given time but in the event of a failure EC2 Auto Scaling will provide the HA mechanism by replacing the server that is not healthy.
  • Attach a secondary ENI to the EC2 instance and use this for the primary application connectivity. In the event of a failure, simply move this ENI to the secondary node
  • Create an EIP and assign to the “Active” EC2 instance. In the event of a failure, re-assign the EIP to the standby instance.
A

Create an EIP and assign to the “Active” EC2 instance. In the event of a failure, re-assign the EIP to the standby instance.

“Attach a secondary ENI to the EC2 instance and use this for the primary application connectivity. In the event of a failure, simply move this ENI to the secondary node” is not possible. An ENI belongs to an AZ. Having a system in a secondary AZ means we cannot simply move an ENI to the second server; however, we could use an EIP and associate with the secondary instance should a failure occur.

36
Q

Currently, General Purpose SSD (gp2) volume type states a maximum IOPS of 16,000. What block size is this measurement based on?

  • 4KiB I/O Size
  • 16KiB I/O Size
  • 256KiB I/O Size
  • 1024KiB I/O Size
A
  • 16KiB I/O Size

The General Purpose SSD, GP2 volume type is based on 16 kibibyte IOPS measurement. If one were to format the volume using 32 kibibyte blocks, each IO could potentially be billed as 2. Please note, if one were to go the other direction, and have the disk formatted using 4 KiB block sizes, typically 4 IO’s would be billed as 1 IO. EBS tends to aggregate IO when possible to optimize performance and billing.

37
Q

What is NOT an EC2 pricing model in AWS?

  • Scheduled Spot Instances
  • Flexible Reserved Instance
  • Dedicated Instance
  • On Demand
  • None of the above
A

All of these models are in fact EC2 pricing models

38
Q

You have been asked to migrate a 10 GB unencrypted EBS volume to an encrypted volume for security purposes. What are the three key steps required as part of the migration?”

  • create a new encrypted volume of the same size and availability zone
  • pause the unencrypted instance” Excerpt From: Shaun Hummel.
  • create a new encrypted volume of the same size in any availability zone.
  • start converter instance
  • shutdown and detach the unencrypted instance
A

pause the unencrypted instance”
start converter instance
shutdown and detach the unencrypted instance

39
Q

How is EC2 Auto Scaling billed?

  • Per scaling action / activity
  • Per scaling policy / rule
  • An up-charge per-EC2 Instance in the Auto Scaling group
  • None of the above
A

None of the above

EC2 Auto Scaling itself is free. You only pay for the resources that you run as a result.

40
Q

You suspect an EC2 instance your organization has been running for well over a year has been compromised. Upon further investigation you discover the system has not been patched since it was deployed. Assuming all steps to retain forensic has been taken, what are a few valid remediation actions? (choose 2)

  • Raise a priority AWS support request to update the instance immediately
  • Push updates to the system through AWS Config
  • Take the EC2 system off the network and patch ourselves, in addition to performing other necessary remediation actions
  • Identify how the attack was successful, and implement further controls to reduce risk for the future
A

Take the EC2 system off the network and patch ourselves, in addition to performing other necessary remediation actions

Identify how the attack was successful, and implement further controls to reduce risk for the future

“Raise a priority AWS support request to update the instance immediately” is wrong because AWS does not, and cannot, patch instances. AWS does not have access to the guest (Customer) OS. The OS Is the customers responsibility to appropriately patch and harden. AWS Config is not a service for deploying patches, nor for EC2 system control at all. Follow best practices in the Security best practices whitepapers including the CIS Security Benchmark whitepaper.

41
Q

You have a Linux application currently running on an on-demand m5.xlarge instance and all seems to perform well. You are considering buying a reserved instance; however, you are unsure about the scale this application may require over the next 6 months. Instance type seems to be correct for the workload, but you are not sure if you will need to grow the instance size over the next 6 months. You have considered waiting for 6 months to see what the growth looks like before purchasing an RI. Is this a good decision or not? What should be the course of action?

  • Leave as is using on-demand before purchasing any Reserved Instances. You do not want to enter into a long-term contract without knowing what this may look like in the near future. Once a better understanding of growth is achieved, then purchase RI’s as needed.
  • Purchase a Convertible Reserved Instance now since it can be adjusted, and make changes as needed later.
  • Purchase a Standard Reserved Instance and change the instance size later or add to the contract if required.
  • Purchase an RI from the marketplace with only 6 months left
A

Purchase a Standard Reserved Instance and change the instance size later or add to the contract if required.

If we wait 6 months to purchase a contract, the savings will have already been lost. As an example, if we get a Standard Reserved Instance for 1 year, in 6 months of On-Demand more than that entire year for the RI will have already been spent. Even if we do not use the RI after 6 months, the NET savings still make this worth it. Waiting will only cost us more money. Though “Purchase a Convertible Reserved Instance now since it can be adjusted, and make changes as needed later” could work, it is less savings than “Purchase a Standard Reserved Instance and change the instance size later or add to the contract if required”, and is not needed. The reason for a convertible RI is extreme flexibility such as changing instance families or operating systems. Though “Purchase an RI from the marketplace with only 6 months left” could also work, its typically unlikely one would find the exact terms they need for the situation at hand and at a price they expect. “Purchase a Standard Reserved Instance and change the instance size later or add to the contract if required.” is the most savings with plenty of flexibility too. If after 6 months a larger instance is needed, an additional RI of the smaller size could be purchased, and the two RI’s could be merged to total the size. This maximizes savings, while still retaining flexibility. Contrary to popular belief, the Standard Reserved Instance still has a lot of flexibility around changing instance sizes, as well as merging or splitting contracts as well.

42
Q

Services running on an EC2 instance need to be able to write data to an S3 bucket. Both reside in the same region. What is the most efficient way to provide access?

  • Store IAM credentials securely on the EC2 instance, and have the service use them for access.
  • Attach an IAM Role with PutObject access to the S3 bucket to the EC2 instance.
  • Have the service authenticate to your local identity store, then receive access through STS.
  • EC2 already has access to write to S3 if they sit in the same region, so no further action is
A

Attach an IAM Role with PutObject access to the S3 bucket to the EC2 instance.

“Store IAM credentials securely on the EC2 instance, and have the service use them for access” would work but is less efficient and clean. “Have the service authenticate to your local identity store, then receive access through STS” would effectively do the same as “Attach an IAM Role with PutObject access to the S3 bucket to the EC2 instance.”, as STS will allow a federated user to assume an IAM role with specific permissions. “EC2 already has access to write to S3 if they sit in the same region, so no further action is” is not a true statement, EC2 does not have automatic access to S3 unless explicitly granted.

43
Q

You’ve been tasked with replicating your production VPC in another region for disaster recovery purposes. Part of your environment relies on EC2 instances with preconfigured software. What steps would you take to configure the instances in another region?

  • Create AMIs of the instances and copy them to the new Region for deployment.
  • None of these.
  • Write the IAM permissions for the new Region to use the AMIs from the original Region.
  • Create AMIs of the instances and deploy them in the new Region
A

Create AMIs of the instances and copy them to the new Region for deployment.

The AMIs must be copied to the new Region prior to deployment.

44
Q

The volume of transactions coming into your online trading application fluctuates each day depending on market events. Log analyses indicate that on the heaviest volume days, compute demand comes in triple that of the average volume days. These heavy volume days occur about 15 days per year. You also have some workloads that need to process before close of business to provide input to daily reporting functions. How would you structure your mix of EC2 General Purpose Linux instances to obtain the highest cost efficiency?

  • 1-Year Term Standard Reserved Instances for 100% of the average and heavy volume days, and Spot Instances to handle the reporting workloads
  • 3-Year Term Standard Reserved Instances for 100% of the average volume days and the reporting workloads, On-Demand instances to handle the spikes from the heavy volume days
  • 3-Year Term Standard Reserved Instances for 100% of the average and heavy volume days, and the reporting workloads
  • 3-Year Term Standard Reserved Instances for 100% of the average volume days, On-Demand instances to handle the spikes from the heavy volume days, and Spot Instances to handle the reporting workloads
A

3-Year Term Standard Reserved Instances for 100% of the average volume days, On-Demand instances to handle the spikes from the heavy volume days, and Spot Instances to handle the reporting workloads

The most cost effective pricing for EC2 General Purpose Linux instances will usually involve a mix of pricing models. In this scenario, since the number of heavy volume days is limited, using a combination of reserved instances sized for the average volume days, on-demand instances to handle transaction volume increases on the heavy volume days, and spot instances to handle workloads that just need to complete by a certain time is the best option. Spot instances for reporting workloads will cost less than using reserved instances and capacity doesn’t need to be guaranteed. 3-year reserved instances are more cost-effective than one-year-term reserved instances. Over-provisioning for all but the 15 heavy volume days each year by using RI to cover heaviest load leaves a lot of underutilised capacity.

45
Q

Which of the following is true with regard to Elastic IP addresses? (select 3)

  • If released, an Elastic IP address can be recovered if it is not associated with another AWS account.
  • An Elastic IP address can be recovered using the Amazon EC2 API or a command line tool only.
  • An Elastic IP address is for a specific region only.
  • An Elastic IP address will remain associated with the EC2-Classic instance when the EC2-Classic instance is stopped.
  • An Elastic IP address is for a specific Availability Zone only.
  • When an Elastic IP address is associated with an instance, the instance’s Public IPv4 address is released back to the Amazon pool and cannot be reused. The public DNS hostname of the instance changes to match the Elastic IP address.
A
  • If released, an Elastic IP address can be recovered if it is not associated with another AWS account.
  • An Elastic IP address can be recovered using the Amazon EC2 API or a command line tool only.
  • An Elastic IP address is for a specific region only.

Elastic IP address is a static IPv4 address and can be associated with a public address for dynamic cloud computing. When Elastic IP is associated with an instance, the existing Public IPv4 address is released back to the Amazon pool. Elastic IP addresses are region specific. Elastic IPs may be recovered if released, only if the IP is not associated with another account. Elastic IPs can be recovered using EC2 API or CLI tool only. In EC2-Classic, an Elastic IP is disassociated from the instance when you stop it.

46
Q

What is NOT a purpose of EC2 Auto Scaling?

  • High Availability
  • Scaling out to meet demand
  • Scaling in to save costs
  • To scale demand instantly
A

To scale demand instantly

Auto scaling can be used for High Availability as well as sealing in and out; however, when one uses EC2 Auto Scaling, it will take time for an EC2 instance to come online, typically around 60-90 seconds minimum. If bootstrapping is occurring, it could be substantially longer depending on how long that task takes. If instant scaling is required, perhaps that’s a better task for Docker along with ECS, EKS, or Fargate.

47
Q

You would like to request 100 spot instances, and if spot is unavailable mix in On-Demand if necessary. What method supports this?

  • Spot does not natively do this. One could script this; perform each request and if the request fails, launch On-Demand instead. Creating a CloudWatch monitoring metric will identify if a spot instance is taken back by AWS, which we could then trigger a new request or replace with On-Demand.
  • Spot Fleet offers this natively. Just select the option to include On-Demand in the spot fleet request. Spot fleet will work to maintain the fleet numbers and scale, while utilizing various instance types that qualify, as well as including On-Demand if spot resources are limited
  • Create an EC2 Auto Scaling group, define the spot request in the ASG policy, and include the option to fall back to On-Demand. Auto Scaling will work to maintain consistent scale/group size.
  • Spot Clustering offers this natively. Select the necessary options as required and Spot Clustering will do this for you.
A

Spot Fleet offers this natively. Just select the option to include On-Demand in the spot fleet request. Spot fleet will work to maintain the fleet numbers and scale, while utilizing various instance types that qualify, as well as including On-Demand if spot resources are limited

Spot Fleet offers this option. “Create an EC2 Auto Scaling group, define the spot request in the ASG policy, and include the option to fall back to On-Demand. Auto Scaling will work to maintain consistent scale/group size.” is incorrect because although EC2 ASG’s can in fact be set to request spot, they are not inherently designed to make decisions around mixing on-demand into the ASG. One would need to actually provision multiple ASGs, with different settings and manage this logic a bit more themselves. Spot fleet has the necessary features to accomplish the goals mentioned. Spot Clustering offers this natively. Select the necessary options as required and Spot Clustering will do this for you.” is incorrect because there is no such thing as Spot Clustering.

48
Q

You have an application built on EC2 which cannot horizontally scale and does not support high availability (HA) fail-over within the application. What is an option to build HA into the architecture and maintain a single stable instance at all times? Note: An AMI is built for this server and can be used to re-deploy as needed within the Region.

  • Set the EC2 persistence flag so if it becomes unhealthy it will restart itself or redeploy per an AMI automatically
  • Use EC2 Auto Scaling and define a steady state group of a minimum and maximum of 1 healthy instance across 2 or more AZ’s
  • Create a Lambda Function as a scheduled action which occurs on regular intervals to check the health of the EC2 Instance. If the instance is not meeting health requirements, use the Lambda function to re-deploy the instance in another AZ using the AMI
  • This cannot be done natively. A lambda function needs to be configured to force the scaling to occur at the intervals defined.
A

Use EC2 Auto Scaling and define a steady state group of a minimum and maximum of 1 healthy instance across 2 or more AZ’s

“Use EC2 Auto Scaling and define a steady state group of a minimum and maximum of 1 healthy instance across 2 or more AZ’s” is the simplest, most cost effective solution. EC2 Auto Scaling is commonly used not just to scale, but to also maintain a particular number of healthy instances. This is a perfect fit for such a design. “Set the EC2 persistence flag so if it becomes unhealthy it will restart itself or redeploy per an AMI automatically” is false because there is no such thing as a “Persistence Flag” for EC2. “Create a Lambda Function as a scheduled action which occurs on regular intervals to check the health of the EC2 Instance. If the instance is not meeting health requirements, use the Lambda function to re-deploy the instance in another AZ using the AMI” could technically work but is “over-engineered” and will cost more than Auto Scaling, even if minimal. The biggest problem with “Create a Lambda Function as a scheduled action which occurs on regular intervals to check the health of the EC2 Instance. If the instance is not meeting health requirements, use the Lambda function to re-deploy the instance in another AZ using the AMI” is the operational overhead incurred for maintaining your own Lambda functions to do something that is 1) in your VPC, and 2) could be natively handled by Auto Scaling.

49
Q

What can be used to publish custom CloudWatch metrics from an EC2 instance?

  • AWS CLI
  • CloudWatch agent
  • AWS SDK
  • All of the above
A

Any of these options will support publishing custom CloudWatch metrics.

50
Q

You wish to spin up multiple EC2 instances designed for High Performance Computing, which will transfer data to one another rapidly. You would like to deploy these instances with as little latency and highest bandwidth between instances as possible. What EC2 feature could be leveraged to accomplish this?

  • Enable EC2 Clustering
  • Deploy the instances into a Placement Group
  • Create an overlay network with GRE tunnels between all nodes in the HPC cluster
  • Attach HPC ENIs to each instance and connect using EC2 clustering
A

Deploy the instances into a Placement Group

A placement group allows all instances in the group to be deployed as physically close to one another as possible. This will limit the distance between instances and increase the overall network performance between instances. In some case, it’s even possible the nodes will be deployed on the same physical host, rack or area of the datacenter if you wish, depending on your configuration.

AWS SAA3 (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions