EC2, EBS & FS, Auto-scaling Flashcards
Which actions are required to make an EC2 instance publicly accessible on the IPv4 internet.. (Choose all that apply)
0.0.0.0/0
Public IP4 Address configured on the instance
An attached IGW
Assuming you have allocated a keypair when launching a public EC2 instance and have network connectivity .. which of the following ways are valid for logging into a linux EC2 instance
Local SSH client using key auth
EC2 Instance Connect
A mission critical EBS volume has 20 GiB of data. A 1st EBS snapshot is taken. 6 GiB of changes are made to the drive before a 2nd snapshot is taken. 2 GiB of further changes are made, before a 3rd snapshot is taken. To save costs the first snapshot is deleted. Which statement best describes what can be recovered from the remaining snapshots?
A full recovery can be made to either snapshot 2 and 3
A startup is preparing to deploy its application on various instance types of Amazon EC2. However, during the initial testing phase, a SysOps Administrator encounters performance issues with specific EC2 instances. Due to budget limitations, the SysOps Administrator must carefully choose resource types that align with the required performance characteristics for the workload.
How can the SysOps Administrator fulfill this requirement?
AWS Compute Optimizer provides Amazon EC2 instance recommendations to help you improve performance, save money, or both. You can use these recommendations to decide whether to move to a new instance type. To make recommendations, Compute Optimizer analyzes your existing instance specifications and utilization metrics.
A stock brokerage company is setting up a PostgreSQL database on a large Reserved EC2 Instance for its online stock trading platform. Since the database is hosting critical financial data, you are instructed to ensure that the database tier is fault tolerant.
Which of the following options would you implement to satisfy this requirement in the MOST cost-effective manner?
Set up a RAID 1 configuration with multiple EBS volumes together.
A known security vulnerability was discovered in the outdated Operating System of your company’s EC2 fleet. As the Systems Administrator, you are responsible in mitigating the vulnerability as soon as possible to safeguard your systems from various cyber security attacks.
What is the most efficient way to solve this issue?
Use AWS Systems Manager to manage and deploy the security patch for the OS for the entire fleet of EC2 instances.
A SysOps team is in the process of automating tasks to expedite the time to recover Amazon instances in the event of underlying hardware failure. The team must ensure that the attached Elastic IP and the private IP address of the original instance are retained after the instance is recovered. Additionally, an automated email notification should be in place to inform everyone in the SysOps team once a recovery process is triggered to run.
Which steps should the SysOps team perform to meet the requirements
Create an Amazon SNS topic and subscribe everyone in the SysOps team using their corporate emails. Then, configure an Amazon CloudWatch alarm for the EC2 instance and specify StatusCheckFailed_System as the metric. Finally, create an alarm notification that publishes a message to the SNS topic that you just created.
NOT specify an EC2 action to the alarm to recover the instance (The StatusCheckFailed_Instance metric just monitors the software and network configuration of your individual instance. It does not detect if the underlying hardware failed. )
A DevOps Engineer reported a problem accessing his EC2 instance with a private IP address of 172.31.8.11 from his corporate laptop. The EC2 instance is hosting a web application which works well but he is still experiencing an issue establishing a connection to manage the instance.
As the SysOps Administrator, which of the following options is the most suitable solution in this scenario based on the VPC flow log entries below?
2 123456789010 eni-abc123de 110.217.100.70 172.31.8.11 49761 3389 6 20 4249 1418530010 1418530070 REJECT OK
Allow incoming RDP traffic in the security group of the EC2 instance including the inbound and outbound rules in the Network ACL.
A company has a new policy to encrypt all Amazon Elastic Block Store (Amazon EBS) volumes in the us-east-2 and us-west-2 AWS regions. To help enforce this policy, the company’s administrator needs to come up with a solution for automatically encrypting newly created EBS volumes.
Which method will meet the requirement in the most efficient way?
Enable the default EBS encryption setting in the Amazon EC2 Console of each AWS region.
NOT Configure the encrypted-volume AWS Config managed rule. Associate a remediation action that encrypts unencrypted EBS volumes as this would encrypt only existing EBS volumes, not new ones
A startup hosts its web application on a large Spot Fleet that uses tens of Amazon EC2 instances with diversified instance families across multiple Availability Zones. The application is primarily used for integration testing by a group of external customers for their staging environments. The Chief Information Officer(CIO) requires that the Spot Fleet is cost-optimized and less susceptible to application downtime due to Spot instance interruptions.
Which of the following should the SysOps Administrator implement to adhere to the CIO requirements?
Combine the lowestPrice allocation strategy with the InstancePoolsToUseCount parameter when making a Spot Fleet request.
NOT On-demand or RESERVED instances
An organization hosts its operating system, database, and application on an Amazon EC2 instance backed by multiple attached Amazon Elastic Block Store (EBS) volumes. The SysOps administrator plans to automate the process of taking daily Amazon Machine Images (AMIs). When performing the backups, he has to ensure the file system integrity of created images.
What should the SysOps Administrator do to meet these requirements?
Using the CreateImage API, build a Lambda function that will take an AMI of the EC2 instance and include a reboot parameter. Then, create a rule to invoke the Lambda function daily on Amazon EventBridge (Amazon CloudWatch Events).
An organization hosts an application across multiple Amazon EC2 instances backed by an Amazon Elastic File System (Amazon EFS) file system. While monitoring the instances, the SysOps administrator noticed that the file system’s PercentIOLimit metric consistently hit 100% for 20 minutes or longer. This issue resulted in the poor performance of the application that reads and writes data into the file system. The SysOps admin needs to ensure high throughput and IOPS while accessing the file system.
What step should the SysOps administrator perform to resolve the high PercentIOLimit metric on the file system?
Build a new EFS file system that is configured with Max I/O performance mode. Utilize AWS DataSync to migrate data to the newly created EFS file system.
NOT The option that says: Modify the existing EFS file system configuration and activate Max I/O performance mode is incorrect because you can’t change the performance mode configuration of an EFS file system right away. You need to MIGRATE DATA TO ANOTHER FS configured with your desired performance mode.
A research agency is performing a migration operation with its production file server to AWS. The SysOps administrator is required to ensure that the data stored on the file server in AWS will remain accessible even if an Availability Zone (AZ) is unavailable, system maintenance is ongoing, or unplanned service disruption occurs. In addition, users should be able to interact with the file server via SMB protocol and manage file permissions using Windows Access Control Lists (ACLs).
Which cloud solution can help the SysOps administrator accomplish the requirements?
Set up a Multi-AZ Amazon FSx for Windows File Server.
NO Create two Amazon FSx for Windows File Server Single-AZ 2 file systems on different AZs. Use Microsoft Distributed File System Replication (DFSR) to replicate data between the two file systems automatically
A company currently has an application which is hosted in an On-Demand EC2 instance in one Availability Zone. You are instructed to redesign the architecture to make it scalable and highly available. Which of the following should you do to accomplish this task?
Launch an Auto Scaling Group with subnets across 3 Availability Zones. Set the desired and maximum capacity to 5
A finance organization is running an application on its on-premises data center but needs to use AWS for backing up its data. The manager requires that the backup data is made available locally to comply with regulatory requirements. The backup software can only write to block-based storage compatible with Portable Operating System Interface (POSIX).
Which backup solution will help the SysOps admin meet the requirements?
Utilize AWS Storage Gateway and configure it to operate using stored volumes.