EC2

Question 1

What are the types of EC2 instances?

Answer 1

On-Demand - fixed fee, no commitment
Reserved - with contract
Spot - Bid
Dedicated hosts - physically dedicated system

Question 2

How are you charged for a partial hour if the prices changes on a spot instance?

Answer 2

You will not be charged

Question 3

How are you charged for a partial hour if you terminate a spot instance?

Answer 3

You will be charged

Question 4

What are the instance types

Answer 4

F
I
G
H
T
D
R
M
C
P
X
Z
A
U

Question 5

You delete an EBS instance. What is the default protection behavior?

Answer 5

None, it is deleted unless termination protection was turned on

Question 6

You delete an EC2 instance, Will addition EBS volumes other than root be retained?

Answer 6

Yes

Question 7

Can default AMI root volumes be encrypted?

Answer 7

No.

Question 8

How can you encrypt a root volume?

Answer 8

Use a 3rd party tool or it can be done when creating the AMI

Question 9

Can EBS volumes be encrypted?

Answer 9

Yes, but not the root when using a default AMI

Question 10

Security group fundamentals?

Answer 10

All inbound is blocked by default
All outbound is allowed
Changes take effect immediately
Unlimited number of EC2 instances can use the same Sec Group
Are stateful

Question 11

What does stateful mean?

Answer 11

When a port is opened it is open for both inbound and outbound

Question 12

How can you block IP addresses? Sec groups or NACL’s?

Answer 12

NACLS

Question 13

What are the EBS Types?

Answer 13

GP (SSD)
PIOPS (SSD) = DB-s
TO (HDD) =Big data
Cold (HDD) = File servers
EBS Mag - Infrequently accessed

Question 14

You take an EBS snapshot, where is it stored?

Answer 14

S3

Question 15

T or F Snapshots are Full

Answer 15

False

Question 16

How do you ensure an EBS snapshot is quiesced?

Answer 16

Stop the instance

Question 17

Can you take an EBS snap while the instance is running?

Answer 17

Yes

Question 18

Can you create AMI’s from volumes and snapshots?

Answer 18

Yes

Question 19

You want to change the EBS volume size and and type. When can you do this?

Answer 19

You can do this on the fly

Question 20

How do you move a EC2 volume to another AZ?

Answer 20

Take a snapshot, create an AMI then launch in the new AZ

Question 21

How do you move a EC2 volume to another region?

Answer 21

Take a snapshot, create an AMI then move to the new region

Question 22

Are snapshot of encrypted volumes encrypted?

Answer 22

Yes

Question 23

Are encrypted volumes that are restored encrypted?

Answer 23

Yes

Question 24

Can you share encrypted volumes?

Answer 24

No

Question 25

Can you share snapshots?

Answer 25

Yes, if they are unencrypted

Question 26

What are the characteristics of Instance Store

Answer 26

Cannot be stopped. If host is stopped or fails data is lost

You can reboot

Question 27

When an instance is deleted, what will happen to an instance volume and EBS?

Answer 27

Both will be deleted, but you can protect the EBS volume

Question 28

How do you encrypt the root volume?

Answer 28

Create a snapshot
Create a copy of the snapshot
Create an AMI from the encrypted snapshot
Use that AMI to launch a new encrypted instance

Question 29

What is the default cloudwatch monitoring interval?

Answer 29

5 min, but can be change to 1 min by turning on detailed monitoring

Question 30

What is the difference between cloudwatch and cloudtrail?

Answer 30

Cloud watch is used to gauge performance, cloud trail is used for auditing

Question 31

Features of cloud watch

Answer 31

Dashboards
Alarms
Events
Logs

Question 32

What can be used to automate a new instance build

Answer 32

Boot strap script

Question 33

What is the URL to get instance information?

Answer 33

http: //169.254.169.254/latest/meta-data/
http: //169.254.169.254/latest/user-data/

Question 34

What is the EFS format>

Answer 34

NFS V4
Pay for use
scalable to PB
Supports thousands of concurrent NFS connections
Data is stored across multiple AZs within a region
read after write consistency

Question 35

Benefits of roles?

Answer 35

more secure
easy to manage
Can be assigned after instance creation
Can be used in any region

Question 36

What is the best way to secure, centrally, hundreds of EC2 instances rather than using access key and secret access key

Answer 36

Roles

Question 37

Which of the following statements are true about containers on AWS? (Choose 5)

Answer 37

You can have AWS manage Kubernetes for you.
You can install and manage Kubernetes on AWS, yourself.
ECR can be used to store Docker images.
ECS allows you to control the scheduling and placement of your containers and tasks.
To be able to use ECS, you must use the ECS Agent.