Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS > EC2 > Flashcards

EC2 Flashcards

1
Q

What is the primary purpose of On-Demand Capacity Reservations in Amazon EC2?

A) To provide billing discounts similar to Savings Plans
B) To reserve compute capacity in a specific Availability Zone for any duration
C) To automatically scale EC2 instances
D) To offer free EC2 instances for a trial period

A

Answer: B) To reserve compute capacity in a specific Availability Zone for any duration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How do On-Demand Capacity Reservations differ from Savings Plans or Regional Reserved Instances?

A) They require a one-year minimum commitment.
B) They offer greater billing discounts.
C) They allow you to reserve capacity independently from billing discounts.
D) They are not available for EC2 instances.

A

Answer: C) They allow you to reserve capacity independently from billing discounts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

When does billing start for an On-Demand Capacity Reservation?

A) After a one-year commitment period
B) As soon as the capacity is provisioned and the reservation enters the active state
C) Only when the reserved capacity is fully utilized
D) When the Capacity Reservation is cancelled

A

Answer: B) As soon as the capacity is provisioned and the reservation enters the active state

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following is true about the commitment required for creating On-Demand Capacity Reservations?

A) A minimum of a three-year term commitment is required.
B) No term commitment is required; reservations can be made at any time.
C) Only available with a one-year term commitment.
D) Commitment varies based on the Availability Zone.

A

Answer: B) No term commitment is required; reservations can be made at any time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What happens when you no longer need an On-Demand Capacity Reservation?

A) The reservation automatically renews for the same duration.
B) Billing continues until the end of the reserved period.
C) You must continue to pay for the reservation until the next billing cycle.
D) Cancel the Capacity Reservation to stop incurring charges.

A

Answer: D) Cancel the Capacity Reservation to stop incurring charges.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Category: CSAA – Design Cost-Optimized Architectures
A multinational corporate and investment bank is regularly processing steady workloads of accruals, loan interests, and other critical financial calculations every night from 10 PM to 3 AM on their on-premises data center for their corporate clients. Once the process is done, the results are then uploaded to the Oracle General Ledger which means that the processing should not be delayed or interrupted. The CTO has decided to move its IT infrastructure to AWS to save costs. The company needs to reserve compute capacity in a specific Availability Zone to properly run their workloads.

As the Senior Solutions Architect, how can you implement a cost-effective architecture in AWS for their financial system?

Use Dedicated Hosts which provide a physical host that is fully dedicated to running your instances, and bring your existing per-socket, per-core, or per-VM software licenses to reduce costs.

Use On-Demand Capacity Reservations, which provide compute capacity that is always available on the specified recurring schedule.

Use Regional Reserved Instances to reserve capacity on a specific Availability Zone and lower down the operating cost through its billing discounts.

Use On-Demand EC2 instances which allows you to pay for the instances that you launch and use by the second.

Reserve compute capacity in a specific Availability Zone to avoid any interruption.

A

Use On-Demand Capacity Reservations, which provide compute capacity that is always available on the specified recurring schedule.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

When you create a Capacity Reservation, you specify:

A

– The Availability Zone in which to reserve the capacity

– The number of instances for which to reserve capacity

– The instance attributes, including the instance type, tenancy, and platform/OS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A payment processing company plans to migrate its on-premises application to an Amazon EC2 instance. An IPv6 CIDR block is attached to the company’s Amazon VPC. Strict security policy mandates that the production VPC must only allow outbound communication over IPv6 between the instance and the internet but should prevent the internet from initiating an inbound IPv6 connection. The new architecture should also allow traffic flow inspection and traffic filtering.

What should a solutions architect do to meet these requirements?

Launch the EC2 instance to a private subnet and attach an Egress-Only Internet Gateway to the VPC to allow outbound IPv6 communication to the internet. Use AWS Network Firewall to set up the required rules for traffic inspection and traffic filtering.

Launch the EC2 instance to a public subnet and attach an Internet Gateway to the VPC to allow outbound IPv6 communication to the internet. Use Traffic Mirroring to set up the required rules for traffic inspection and traffic filtering.

Launch the EC2 instance to a private subnet and attach AWS PrivateLink interface endpoint to the VPC to control outbound IPv6 communication to the internet. Use Amazon GuardDuty to set up the required rules for traffic inspection and traffic filtering.

Launch the EC2 instance to a private subnet and attach a NAT Gateway to the VPC to allow outbound IPv6 communication to the internet. Use AWS Firewall Manager to set up the required rules for traffic inspection and traffic filtering.

A

Launch the EC2 instance to a private subnet and attach an Egress-Only Internet Gateway to the VPC to allow outbound IPv6 communication to the internet. Use AWS Network Firewall to set up the required rules for traffic inspection and traffic filtering.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the main function of an egress-only internet gateway in a VPC?

A) To allow inbound IPv6 communication from the internet to instances.
B) To enable both inbound and outbound IPv6 communication.
C) To allow outbound IPv6 communication from instances to the internet, blocking inbound initiation.
D) To convert IPv6 addresses into private IPv4 addresses.

A

Answer: C) To allow outbound IPv6 communication from instances to the internet, blocking inbound initiation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Why would you use an egress-only internet gateway for your VPC instances?

A) To make your instances publicly accessible over IPv6.
B) To allow your instances outbound internet access while preventing unsolicited inbound communication.
C) To enable unrestricted inbound and outbound internet access for your instances.
D) To provide a static IPv6 address for your instances.

A

Answer: B) To allow your instances outbound internet access while preventing unsolicited inbound communication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the purpose of a subnet within a VPC?

A) To provide a backup for instances in case of failure.
B) To group instances based on their IPv6 addresses.
C) To range IP addresses for launching AWS resources.
D) To automatically scale the resources based on demand.

A

Answer: C) To range IP addresses for launching AWS resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How does the AWS Network Firewall protect your VPCs?

A) By providing a physical firewall device for each VPC.
B) By enabling automatic scaling and management of network traffic protection.
C) By encrypting all data within the VPC.
D) By assigning unique IPv6 addresses to each instance.

A

Answer: B) By enabling automatic scaling and management of network traffic protection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What capability does AWS Network Firewall’s stateful inspection feature offer?

A) It changes the state of your instances based on traffic flow.
B) It allows all traffic through without any checks.
C) It incorporates context from traffic flows to enforce policies.
D) It provides a static IP address for each instance in the VPC.

A

Answer: C) It incorporates context from traffic flows to enforce policies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How can AWS Network Firewall’s intrusion prevention system (IPS) protect your network?

A) By providing a VPN tunnel for secure communications.
B) By identifying and blocking vulnerability exploits with signature-based detection.
C) By converting IPv6 addresses to private IPv4 addresses.
D) By broadcasting your VPC’s IP address range to the internet.

A

Answer: B) By identifying and blocking vulnerability exploits with signature-based detection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A company has a cloud architecture that is composed of Linux and Windows EC2 instances that process high volumes of financial data 24 hours a day, 7 days a week. To ensure high availability of the systems, the Solutions Architect needs to create a solution that allows them to monitor the memory and disk utilization metrics of all the instances.

Which of the following is the most suitable monitoring solution to implement?

Use Amazon Inspector and install the Inspector agent to all EC2 instances.

Enable the Enhanced Monitoring option in EC2 and install CloudWatch agent to all the EC2 instances to be able to view the memory and disk utilization in the CloudWatch dashboard.

Install the CloudWatch agent to all the EC2 instances that gather the memory and disk utilization data. View the custom metrics in the Amazon CloudWatch console.

Use the default CloudWatch configuration to EC2 instances where the memory and disk utilization metrics are already available. Install the AWS Systems Manager (SSM) Agent to all the EC2 instances.

A

Install the CloudWatch agent to all the EC2 instances that gather the memory and disk utilization data. View the custom metrics in the Amazon CloudWatch console.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A company developed a meal planning application that provides meal recommendations for the week as well as the food consumption of the users. The application resides on an EC2 instance which requires access to various AWS services for its day-to-day operations.

Which of the following is the best way to allow the EC2 instance to access the S3 bucket and other AWS services?

Store the API credentials in the EC2 instance.

Store the API credentials in a bastion host.

Add the API Credentials in the Security Group and assign it to the EC2 instance.

Create a role in IAM and assign it to the EC2 instance.

A

Create a role in IAM and assign it to the EC2 instance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A company needs to deploy at least 2 EC2 instances to support the normal workloads of its application and automatically scale up to 6 EC2 instances to handle the peak load. The architecture must be highly available and fault-tolerant as it is processing mission-critical workloads.

As the Solutions Architect of the company, what should you do to meet the above requirement?

Create an Auto Scaling group of EC2 instances and set the minimum capacity to 4 and the maximum capacity to 6. Deploy 2 instances in Availability Zone A and another 2 instances in Availability Zone B.

Create an Auto Scaling group of EC2 instances and set the minimum capacity to 2 and the maximum capacity to 4. Deploy 2 instances in Availability Zone A and 2 instances in Availability Zone B.

Create an Auto Scaling group of EC2 instances and set the minimum capacity to 2 and the maximum capacity to 6. Use 2 Availability Zones and deploy 1 instance for each AZ.

Create an Auto Scaling group of EC2 instances and set the minimum capacity to 2 and the maximum capacity to 6. Deploy 4 instances in Availability Zone A.

A

Create an Auto Scaling group of EC2 instances and set the minimum capacity to 4 and the maximum capacity to 6. Deploy 2 instances in Availability Zone A and another 2 instances in Availability Zone B.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

The media company that you are working for has a video transcoding application running on Amazon EC2. Each EC2 instance polls a queue to find out which video should be transcoded, and then runs a transcoding process. If this process is interrupted, the video will be transcoded by another instance based on the queuing system. This application has a large backlog of videos which need to be transcoded. Your manager would like to reduce this backlog by adding more EC2 instances, however, these instances are only needed until the backlog is reduced.

In this scenario, which type of Amazon EC2 instance is the most cost-effective type to use?

Dedicated instances
On-demand instances
Reserved instances
Spot instances

A

Spot instances

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

The company that you are working for has a highly available architecture consisting of an elastic load balancer and several EC2 instances configured with auto-scaling in three Availability Zones. You want to monitor your EC2 instances based on a particular metric, which is not readily available in CloudWatch.

Which of the following is a custom metric in CloudWatch which you have to manually set up?

Network packets out of an EC2 instance
Memory Utilization of an EC2 instance
Disk Reads activity of an EC2 instance
CPU Utilization of an EC2 instance

A

Memory Utilization of an EC2 instance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

You are automating the creation of EC2 instances in your VPC. Hence, you wrote a python script to trigger the Amazon EC2 API to request 50 EC2 instances in a single Availability Zone. However, you noticed that after 20 successful requests, subsequent requests failed.

What could be a reason for this issue and how would you resolve it?

There is a vCPU-based On-Demand Instance limit per region which is why subsequent requests failed. Just submit the limit increase form to AWS and retry the failed requests once approved.

By default, AWS allows you to provision a maximum of 20 instances per region. Select a different region and retry the failed request.

By default, AWS allows you to provision a maximum of 20 instances per Availability Zone. Select a different Availability Zone and retry the failed request.

There was an issue with the Amazon EC2 API. Just resend the requests and these will be provisioned successfully.

A

There is a vCPU-based On-Demand Instance limit per region which is why subsequent requests failed. Just submit the limit increase form to AWS and retry the failed requests once approved.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

EC2 Instance Types - General Purpose

  • Great for?
  • Balance between?
A
  • Great for a diversity of workloads such as web servers or code repositories
  • Balance between: Compute, Memory, and Networking
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

EC2 Instance Types - Compute Optimized

  • Great for?
  • Balance between?
A
  • Great for compute-intensive tasks that require high performance processors:
    High performance web servers, high performance computing (HPC), scientific modeling and machine learning
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Cluster Placement Group

Use Case:
Details:

A

Use Case: Low network latency, high network throughput.

Details: Instances packed close together in a single Availability Zone. Ideal for HPC applications and tightly-coupled node-to-node communication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Partition Placement Group

Use Case:
Details:

A

Use Case: Large distributed and replicated workloads (e.g., Hadoop, Cassandra, Kafka).

Details: Instances spread across logical partitions, reducing the risk of correlated hardware failures by ensuring partitions do not share underlying hardware.

25
Q

Spread Placement Group

A

Use Case: High availability for critical instances.

Details: Instances placed on distinct underlying hardware to minimize the risk of simultaneous failures. Suitable for applications needing separation of critical instances.

26
Q

The company that you are working for has a highly available architecture consisting of an elastic load balancer and several EC2 instances configured with auto-scaling in three Availability Zones. You want to monitor your EC2 instances based on a particular metric, which is not readily available in CloudWatch.

Which of the following is a custom metric in CloudWatch which you have to manually set up?

1) Memory Utilization of an EC2 instance
2) CPU Utilization of an EC2 instance
3) Disk Reads activity of an EC2 instance
4) Network packets out of an EC2 instance

A

1) Memory Utilization of an EC2 instance

CloudWatch has available Amazon EC2 Metrics for you to use for monitoring. CPU Utilization identifies the processing power required to run an application upon a selected instance. Network Utilization identifies the volume of incoming and outgoing network traffic to a single instance. Disk Reads metric is used to determine the volume of the data the application reads from the hard disk of the instance. This can be used to determine the speed of the application. However, there are certain metrics that are not readily available in CloudWatch such as memory utilization, disk space utilization, and many others which can be collected by setting up a custom metric.

You need to prepare a custom metric using CloudWatch Monitoring Scripts which is written in Perl. You can also install CloudWatch Agent to collect more system-level metrics from Amazon EC2 instances. Here’s the list of custom metrics that you can set up:

– Memory utilization
– Disk swap utilization
– Disk space utilization
– Page file utilization
– Log collection

27
Q

You are automating the creation of EC2 instances in your VPC. Hence, you wrote a python script to trigger the Amazon EC2 API to request 50 EC2 instances in a single Availability Zone. However, you noticed that after 20 successful requests, subsequent requests failed.

What could be a reason for this issue and how would you resolve it?

1) By default, AWS allows you to provision a maximum of 20 instances per Availability Zone. Select a different Availability Zone and retry the failed request.

2) By default, AWS allows you to provision a maximum of 20 instances per region. Select a different region and retry the failed request.

3) There was an issue with the Amazon EC2 API. Just resend the requests and these will be provisioned successfully.

4) There is a vCPU-based On-Demand Instance limit per region which is why subsequent requests failed. Just submit the limit increase form to AWS and retry the failed requests once approved.

A

4) There is a vCPU-based On-Demand Instance limit per region which is why subsequent requests failed. Just submit the limit increase form to AWS and retry the failed requests once approved.

You are limited to running On-Demand Instances per your vCPU-based On-Demand Instance limit, purchasing 20 Reserved Instances, and requesting Spot Instances per your dynamic Spot limit per region. New AWS accounts may start with limits that are lower than the limits described here.

If you need more instances, complete the Amazon EC2 limit increase request form with your use case, and your limit increase will be considered. Limit increases are tied to the region they were requested for.

Hence, the correct answer is: There is a vCPU-based On-Demand Instance limit per region which is why subsequent requests failed. Just submit the limit increase form to AWS and retry the failed requests once approved.

The option that says: There was an issue with the Amazon EC2 API. Just resend the requests and these will be provisioned successfully is incorrect because you are limited to running On-Demand Instances per your vCPU-based On-Demand Instance limit. There is also a limit of purchasing 20 Reserved Instances and requesting Spot Instances per your dynamic Spot limit per region hence, there is no problem with the EC2 API.

The option that says: By default, AWS allows you to provision a maximum of 20 instances per region. Select a different region and retry the failed request is incorrect. There is no need to select a different region since this limit can be increased after submitting a request form to AWS.

The option that says: By default, AWS allows you to provision a maximum of 20 instances per Availability Zone. Select a different Availability Zone and retry the failed request is incorrect because the vCPU-based On-Demand Instance limit is set per region and not per Availability Zone. This can be increased after submitting a request form to AWS.

28
Q

A multinational corporate and investment bank regularly processes steady workloads of accruals, loan interests, and other critical financial calculations every night from 10 PM to 3 AM on their on-premises data center for their corporate clients. Once the process is done, the results are then uploaded to the Oracle General Ledger which means that the processing should not be delayed or interrupted. The CTO has decided to move its IT infrastructure to AWS to save costs. The company needs to reserve compute capacity in a specific Availability Zone to properly run their workloads.

As the Senior Solutions Architect, how can you implement a cost-effective architecture in AWS for their financial system?

1) Use On-Demand Capacity Reservations, which provide compute capacity that is always available on the specified recurring schedule.

2) Use On-Demand EC2 instances which allows you to pay for the instances that you launch and use by the second. Reserve compute capacity in a specific Availability Zone to avoid any interruption.

3) Use Dedicated Hosts, which provide a physical host that is fully dedicated to running your instances, and bring your existing per-socket, per-core, or per-VM software licenses to reduce costs.

4) Use Regional Reserved Instances to reserve capacity on a specific Availability Zone and lower the operating cost through its billing discounts.

A

1) Use On-Demand Capacity Reservations, which provide compute capacity that is always available on the specified recurring schedule.

On-Demand Capacity Reservations enable you to reserve compute capacity for your Amazon EC2 instances in a specific Availability Zone for any duration. This gives you the ability to create and manage Capacity Reservations independently from the billing discounts offered by Savings Plans or Regional Reserved Instances.

By creating Capacity Reservations, you ensure that you always have access to EC2 capacity when you need it, for as long as you need it. You can create Capacity Reservations at any time, without entering into a one-year or three-year term commitment, and the capacity is available immediately. Billing starts as soon as the capacity is provisioned and the Capacity Reservation enters the active state. When you no longer need it, cancel the Capacity Reservation to stop incurring charges.

When you create a Capacity Reservation, you specify:

– The Availability Zone in which to reserve the capacity

– The number of instances for which to reserve capacity

– The instance attributes, including the instance type, tenancy, and platform/OS

Capacity Reservations can only be used by instances that match their attributes. By default, they are automatically used by running instances that match the attributes. If you don’t have any running instances that match the attributes of the Capacity Reservation, it remains unused until you launch an instance with matching attributes.

In addition, you can use Savings Plans and Regional Reserved Instances with your Capacity Reservations to benefit from billing discounts. AWS automatically applies your discount when the attributes of a Capacity Reservation match the attributes of a Savings Plan or Regional Reserved Instance.

In this scenario, the company only runs the process for 5 hours (from 10 PM to 3 AM) every night. By usinng Capacity Reservations, they not only ensure availability but can also implement automation to procure and cancel capacity, as well as terminate instances once they are no longer needed. This approach prevents them from incurring unnecessary charges, ensuring they are billed only for the resources they actually use.

Hence, the correct answer is to use On-Demand Capacity Reservations, which provide compute capacity that is always available on the specified recurring schedule.

The option that says: Use On-Demand EC2 instances which allows you to pay for the instances that you launch and use by the second. Reserve compute capacity in a specific Availability Zone to avoid any interruption is incorrect because although an On-Demand instance is stable and suitable for processing critical data, it costs more than any other option. Moreover, the critical financial calculations are only done every night from 10 PM to 3 AM and not 24/7. This means that your computing capacity will not be utilized for a total of 19 hours every single day. On-Demand instances cannot reserve compute capacity at all. So this option is incorrect.

The option that says: Use Regional Reserved Instances to reserve capacity on a specific Availability Zone and lower the operating cost through its billing discounts. is incorrect because this feature is available in Zonal Reserved Instances only and not on Regional Reserved Instances.

The option that says: Use Dedicated Hosts, which provide a physical host that is fully dedicated to running your instances, and bring your existing per-socket, per-core, or per-VM software licenses to reduce costs is incorrect because the use of a fully dedicated physical host is not warranted in this scenario. Moreover, this will be underutilized since you only run the process for 5 hours (from 10 PM to 3 AM only), wasting 19 hours of compute capacity every single day.

29
Q

The media company that you are working for has a video transcoding application running on Amazon EC2. Each EC2 instance polls a queue to find out which video should be transcoded, and then runs a transcoding process. If this process is interrupted, the video will be transcoded by another instance based on the queuing system. This application has a large backlog of videos which need to be transcoded. Your manager would like to reduce this backlog by adding more EC2 instances, however, these instances are only needed until the backlog is reduced.

In this scenario, which type of Amazon EC2 instance is the most cost-effective type to use?

1) Dedicated instances
2) Reserved instances
3) On-demand instances
4) Spot instances

A

3) On-demand instances
You require an instance that will be used not as a primary server but as a spare compute resource to augment the transcoding process of your application. These instances should also be terminated once the backlog has been significantly reduced. In addition, the scenario mentions that if the current process is interrupted, the video can be transcoded by another instance based on the queuing system. This means that the application can gracefully handle an unexpected termination of an EC2 instance, like in the event of a Spot instance termination when the Spot price is greater than your set maximum price. Hence, an Amazon EC2 Spot instance is the best and cost-effective option for this scenario.

Amazon EC2 Spot instances are spare compute capacity in the AWS cloud available to you at steep discounts compared to On-Demand prices. EC2 Spot enables you to optimize your costs on the AWS cloud and scale your application’s throughput up to 10X for the same budget. By simply selecting Spot when launching EC2 instances, you can save up to 90% on On-Demand prices. The only difference between On-Demand instances and Spot Instances is that Spot instances can be interrupted by EC2 with two minutes of notification when the EC2 needs the capacity back.

You can specify whether Amazon EC2 should hibernate, stop, or terminate Spot Instances when they are interrupted. You can choose the interruption behavior that meets your needs.

Take note that there is no “bid price” anymore for Spot EC2 instances since March 2018. You simply have to set your maximum price instead.

Reserved instances and Dedicated instances are incorrect as both do not act as spare compute capacity.

On-demand instances is a valid option but a Spot instance is much cheaper than On-Demand.

30
Q

A payment processing company plans to migrate its on-premises application to an Amazon EC2 instance. An IPv6 CIDR block is attached to the company’s Amazon VPC. Strict security policy mandates that the production VPC must only allow outbound communication over IPv6 between the instance and the internet but should prevent the internet from initiating an inbound IPv6 connection. The new architecture should also allow traffic flow inspection and traffic filtering.

What should a solutions architect do to meet these requirements?

1) Launch the EC2 instance to a public subnet and attach an Internet Gateway to the VPC to allow outbound IPv6 communication to the internet. Use Traffic Mirroring to set up the required rules for traffic inspection and traffic filtering.

2) Launch the EC2 instance to a private subnet and attach AWS PrivateLink interface endpoint to the VPC to control outbound IPv6 communication to the internet. Use Amazon GuardDuty to set up the required rules for traffic inspection and traffic filtering.

3) Launch the EC2 instance to a private subnet and attach an Egress-Only Internet Gateway to the VPC to allow outbound IPv6 communication to the internet. Use AWS Network Firewall to set up the required rules for traffic inspection and traffic filtering.

4) Launch the EC2 instance to a private subnet and attach a NAT Gateway to the VPC to allow outbound IPv6 communication to the internet. Use AWS Firewall Manager to set up the required rules for traffic inspection and traffic filtering.

A

Launch the EC2 instance to a private subnet and attach an Egress-Only Internet Gateway to the VPC to allow outbound IPv6 communication to the internet. Use AWS Network Firewall to set up the required rules for traffic inspection and traffic filtering.

An egress-only internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows outbound communication over IPv6 from instances in your VPC to the internet and prevents it from initiating an IPv6 connection with your instances.

IPv6 addresses are globally unique and are therefore public by default. If you want your instance to be able to access the internet, but you want to prevent resources on the internet from initiating communication with your instance, you can use an egress-only internet gateway.

A subnet is a range of IP addresses in your VPC. You can launch AWS resources into a specified subnet. Use a public subnet for resources that must be connected to the internet and a private subnet for resources that won’t be connected to the internet.

AWS Network Firewall is a managed service that makes it easy to deploy essential network protections for all of your Amazon Virtual Private Clouds (VPCs). The service can be set up with just a few clicks and scales automatically with your network traffic, so you don’t have to worry about deploying and managing any infrastructure. AWS Network Firewall includes features that provide protection from common network threats.

AWS Network Firewall’s stateful firewall can incorporate context from traffic flows, like tracking connections and protocol identification, to enforce policies such as preventing your VPCs from accessing domains using an unauthorized protocol. AWS Network Firewall’s intrusion prevention system (IPS) provides active traffic flow inspection so you can identify and block vulnerability exploits using signature-based detection. AWS Network Firewall also offers web filtering that can stop traffic to known bad URLs and monitor fully qualified domain names.

In this scenario, you can use an egress-only internet gateway to allow outbound IPv6 communication to the internet and then use the AWS Network Firewall to set up the required rules for traffic inspection and traffic filtering.

Hence, the correct answer for the scenario is: Launch the EC2 instance to a private subnet and attach an Egress-Only Internet Gateway to the VPC to allow outbound IPv6 communication to the internet. Use AWS Network Firewall to set up the required rules for traffic inspection and traffic filtering.

The option that says: Launch the EC2 instance to a private subnet and attach AWS PrivateLink interface endpoint to the VPC to control outbound IPv6 communication to the internet. Use Amazon GuardDuty to set up the required rules for traffic inspection and traffic filtering is incorrect because the AWS PrivateLink (which is also known as VPC Endpoint) is just a highly available, scalable technology that enables you to privately connect your VPC to the AWS services as if they were in your VPC. This service is not capable of controlling outbound IPv6 communication to the Internet. Furthermore, the Amazon GuardDuty service doesn’t have the features to do traffic inspection or filtering.

The option that says: Launch the EC2 instance to a public subnet and attach an Internet Gateway to the VPC to allow outbound IPv6 communication to the internet. Use Traffic Mirroring to set up the required rules for traffic inspection and traffic filtering is incorrect because an Internet Gateway does not limit or control any outgoing IPv6 connection. Take note that the requirement is to prevent the Internet from initiating an inbound IPv6 connection to your instance. This solution allows all kinds of traffic to initiate a connection to your EC2 instance hence, this option is wrong. In addition, the use of Traffic Mirroring is not appropriate as well. This is just an Amazon VPC feature that you can use to copy network traffic from an elastic network interface of type interface, not to filter or inspect the incoming/outgoing traffic.

The option that says: Launch the EC2 instance to a private subnet and attach a NAT Gateway to the VPC to allow outbound IPv6 communication to the internet. Use AWS Firewall Manager to set up the required rules for traffic inspection and traffic filtering is incorrect. While NAT Gateway has a NAT64 feature that translates an IPv6 address to IPv4, it will not prevent inbound IPv6 traffic from reaching the EC2 instance. You have to use the egress-only Internet Gateway instead. Moreover, the AWS Firewall Manager is neither capable of doing traffic inspection nor traffic filtering.

31
Q

A company has a cloud architecture that is composed of Linux and Windows EC2 instances that process high volumes of financial data 24 hours a day, 7 days a week. To ensure high availability of the systems, the Solutions Architect needs to create a solution that allows them to monitor the memory and disk utilization metrics of all the instances.

Which of the following is the most suitable monitoring solution to implement?

1) Use the default CloudWatch configuration to EC2 instances where the memory and disk utilization metrics are already available. Install the AWS Systems Manager (SSM) Agent to all the EC2 instances.

2) Install the CloudWatch agent to all the EC2 instances that gather the memory and disk utilization data. View the custom metrics in the Amazon CloudWatch console.

3) Enable the Enhanced Monitoring option in EC2 and install CloudWatch agent to all the EC2 instances to be able to view the memory and disk utilization in the CloudWatch dashboard.

4) Use Amazon Inspector and install the Inspector agent to all EC2 instances.

A

Install the CloudWatch agent to all the EC2 instances that gather the memory and disk utilization data. View the custom metrics in the Amazon CloudWatch console.

Amazon CloudWatch has available Amazon EC2 Metrics for you to use for monitoring CPU utilization, Network utilization, Disk performance, and Disk Reads/Writes. In case you need to monitor the below items, you need to prepare a custom metric using a Perl or other shell script, as there are no ready to use metrics for:

Memory utilization
Disk swap utilization
Disk space utilization
Page file utilization
Log collection

Take note that there is a multi-platform CloudWatch agent which can be installed on both Linux and Windows-based instances. You can use a single agent to collect both system metrics and log files from Amazon EC2 instances and on-premises servers. This agent supports both Windows Server and Linux and enables you to select the metrics to be collected, including sub-resource metrics such as per-CPU core. It is recommended that you use the new agent instead of the older monitoring scripts to collect metrics and logs.

Hence, the correct answer is: Install the CloudWatch agent to all the EC2 instances that gathers the memory and disk utilization data. View the custom metrics in the Amazon CloudWatch console.

The option that says: Use the default CloudWatch configuration to EC2 instances where the memory and disk utilization metrics are already available. Install the AWS Systems Manager (SSM) Agent to all the EC2 instances is incorrect because, by default, CloudWatch does not automatically provide memory and disk utilization metrics of your instances. You have to set up custom CloudWatch metrics to monitor the memory, disk swap, disk space, and page file utilization of your instances.

The option that says: Enable the Enhanced Monitoring option in EC2 and install CloudWatch agent to all the EC2 instances to be able to view the memory and disk utilization in the CloudWatch dashboard is incorrect because Enhanced Monitoring is a feature of Amazon RDS. By default, Enhanced Monitoring metrics are stored for 30 days in the CloudWatch Logs.

The option that says: Use Amazon Inspector and install the Inspector agent to all EC2 instances is incorrect because Amazon Inspector is an automated security assessment service that helps you test the network accessibility of your Amazon EC2 instances and the security state of your applications running on the instances. It does not provide a custom metric to track the memory and disk utilization of each and every EC2 instance in your VPC.

32
Q

Elastic Network Interface (ENI)

Use Case:

Details:

A

Use Case: Network connectivity for EC2 instances, management networks, and failover scenarios.

Details: Virtual network card that can be attached to EC2 instances. Supports multiple IP addresses, security groups, and can be used for inter-subnet traffic management.

33
Q

Elastic Network Adapter (ENA)

Use Case:

Details:

A

Use Case: High-performance networking for data-intensive applications.

Details: Provides up to 100 Gbps bandwidth, low latency, and high packet per second (PPS) performance. Ideal for big data analysis, gaming servers, and other high-throughput applications.

34
Q

Elastic Fabric Adapter (EFA)

Use Case:

Details:

A

Use Case: High-performance computing (HPC) and machine learning (ML) applications.

Details: Enhances inter-instance communication with low latency and high throughput. Supports MPI and NCCL for scaling HPC and ML applications to thousands of CPUs or GPUs.

35
Q

Amazon Ec2 Pricing Use Cases: Developer working on a small project for several hours; cannot be interrupted

A

On-Demand

36
Q

Amazon Ec2 Pricing Use Cases: Compute-intensive, cost-sensitive distributed computing; can withstand interruption

A

Spot Instances

37
Q

Amazon Ec2 Pricing Use Cases: Steady-state, business critical, line -of - business application; continuous demand

A

Reserved

38
Q

Amazon Ec2 Pricing Use Cases: Reporting application, runs for 6hrs a day, 4 days per week

A

Scheduled Reserved

39
Q

Amazon Ec2 Pricing Use Cases: Database with per-socket licensing

A

Dedicated Hosts

40
Q

Amazon Ec2 Pricing Use Cases: Security-sensitive application, requires dedicated hardware; per-instance billing

A

Dedicated Instances

41
Q

An organization uses an application that uses per-socket licensing, and they need full control over the placement of their EC2 instances on underlying hardware. What should they use?

  1. Dedicated instances
  2. Dedicated hosts
  3. Spot instances
  4. Reserved instances
A

Dedicated hosts

42
Q

Which EC2 pricing model would you use for a short-term requirement that needs to complete over a weekend?

  1. Reserved instance
  2. Spot instance
  3. Dedicated instance
  4. On-Demand instance
A

On-demand instances are ideal for short-term or unpredictable workloads. You don’t get a discount, but you do have more flexibility with no commitments.

43
Q

An organization has launched EC2 instances in private subnets. They need to enable Internet connectivity for the subnets. The service should be highly available and scale automatically. What do they need to configure?

  1. Launch a NAT instance in a public subnet and add a route in the private subnet route table
  2. Attach an Internet gateway to the private subnet and update the route table
  3. Attach an Internet gateway to the public subnet and add a route in the private subnet route table
  4. Launch a NAT gateway in a public subnet and add a route in the private subnet route table
A

Launch a NAT gateway in a public subnet and add a route in the private subnet route table

A NAT Gateway provides high availability and automatic scaling. You attach a NAT Gateway to a public subnet and then add a route to it in the private subnet.

44
Q

Which type of network adapter should be used for High Performance Computing (HPC) uses cases that include tightly coupled applications?

  1. Elastic Fabric Adapter (EFA)
  2. Elastic Network Interface (ENI)
  3. Elastic Network Adapter (ENA)
A

EFA is good for High Performance Computing, MPI and ML use cases, tightly coupled applications and can be used with all instance types.

45
Q

What can you use to run a script at startup on an Amazon EC2 Linux instance?

  1. User data
  2. Metadata
  3. AWS Batch
  4. AWS Config
A

User data is data that is supplied by the user at instance launch in the form of a script.

46
Q

What do you need to securely connect using SSH to an EC2 instance launched from the Amazon Linux 2 AMI?

  1. A singed cookie
  2. An access key ID and secret access key
  3. A key pair
  4. A password
A

A key pair

Key pairs are used to securely connect to EC2 instances. A key pair consists of a public key that AWS stores, and a private key file that you store. For Linux AMIs, the private key file allows you to securely SSH (secure shell) into your instance.

47
Q

An Amazon EC2 instance requires a static public IP address. What would you choose?

  1. Public IP address
  2. Private IP address
  3. Elastic IP address
A

Elastic IP address

48
Q

Which of the following is NOT a benefit of the AWS Nitro System?

  1. High network performance
  2. High Performance Computing optimization
  3. High availability
    4 Dense storage instance options
A

High availability

The AWS Nitro system doesn’t make an instance have high availability

49
Q

What is an Elastic Network Interface (ENI) in AWS?

A. A physical network card in a data center
B. A logical networking component in a VPC that represents a virtual network card
C. A type of storage volume in AWS
D. A security group in AWS

A

B. A logical networking component in a VPC that represents a virtual network card

50
Q

Which of the following attributes does an ENI have?

A. Private IP address
B. Elastic IP address
C. MAC address
D. All of the above

A

D. All of the above

51
Q

What is the purpose of having multiple ENIs attached to an instance?

A. To increase storage capacity
B. To enable dual-homed environments for web, application, and database servers
C. To improve instance performance
D. To reduce network latency

A

B. To enable dual-homed environments for web, application, and database servers

52
Q

What happens to an ENI when the instance it is attached to is terminated, assuming the Delete on Termination flag is not set?

A. The ENI is deleted
B. The ENI remains alive
C. The ENI is detached and reattached to another instance
D. The ENI is converted to a security group

A

B. The ENI remains alive

53
Q

Which of the following is NOT a benefit of using ENIs in a VPC?

A. Increased flexibility in managing network interfaces
B. Ability to attach ENIs to instances at launch or while running
C. Improved storage performance
D. Enhanced control over network addressing

A

C. Improved storage performance

54
Q

How can ENIs be managed in a VPC?

A. They can only be created and attached at instance launch
B. They can be created ahead of time and attached to instances at launch or while running
C. They are automatically created and managed by AWS
D. They can only be attached to instances in different Availability Zones

A

B. They can be created ahead of time and attached to instances at launch or while running

55
Q

What is the significance of the source/destination check flag in an ENI?

A. It determines whether the ENI can be attached to multiple instances
B. It controls whether the instance can send and receive traffic
C. It specifies the maximum bandwidth for the ENI
D. It sets the priority of the ENI in the network

A

B. It controls whether the instance can send and receive traffic

56
Q

What is a potential use case for attaching multiple ENIs to a single instance?

A. To enable the instance to connect to multiple VPCs
B. To provide redundancy for network interfaces
C. To increase the storage capacity of the instance
D. To improve the instance’s compute performance

A

B. To provide redundancy for network interfaces

57
Q

You are designing a high-availability web application that requires instances to be dual-homed, meaning they need to be connected to two different subnets for redundancy. How would you use Elastic Network Interfaces (ENIs) to achieve this?

A. Attach a single ENI to each instance and configure it to connect to both subnets.
B. Attach two ENIs to each instance, each connected to a different subnet.
C. Use a single ENI and configure it with multiple IP addresses from different subnets.
D. Create a new VPC for each subnet and attach the instances to both VPCs.

A

B. Attach two ENIs to each instance, each connected to a different subnet.

58
Q

Your company is migrating a critical application to AWS, and you need to ensure that the network interfaces remain available even if the instances are terminated. How would you configure the Elastic Network Interfaces (ENIs) to meet this requirement?

A. Set the Delete on Termination flag to true for all ENIs.
B. Set the Delete on Termination flag to false for all ENIs.
C. Attach the ENIs to a different instance before terminating the original instance.
D. Use Elastic IP addresses instead of ENIs to ensure network availability.

A

B. Set the Delete on Termination flag to false for all ENIs.

AWS (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions