EC2, EBS & FS, Auto-scaling Flashcards
Which actions are required to make an EC2 instance publicly accessible on the IPv4 internet.. (Choose all that apply)
0.0.0.0/0
Public IP4 Address configured on the instance
An attached IGW
Assuming you have allocated a keypair when launching a public EC2 instance and have network connectivity .. which of the following ways are valid for logging into a linux EC2 instance
Local SSH client using key auth
EC2 Instance Connect
A mission critical EBS volume has 20 GiB of data. A 1st EBS snapshot is taken. 6 GiB of changes are made to the drive before a 2nd snapshot is taken. 2 GiB of further changes are made, before a 3rd snapshot is taken. To save costs the first snapshot is deleted. Which statement best describes what can be recovered from the remaining snapshots?
A full recovery can be made to either snapshot 2 and 3
A startup is preparing to deploy its application on various instance types of Amazon EC2. However, during the initial testing phase, a SysOps Administrator encounters performance issues with specific EC2 instances. Due to budget limitations, the SysOps Administrator must carefully choose resource types that align with the required performance characteristics for the workload.
How can the SysOps Administrator fulfill this requirement?
AWS Compute Optimizer provides Amazon EC2 instance recommendations to help you improve performance, save money, or both. You can use these recommendations to decide whether to move to a new instance type. To make recommendations, Compute Optimizer analyzes your existing instance specifications and utilization metrics.
A stock brokerage company is setting up a PostgreSQL database on a large Reserved EC2 Instance for its online stock trading platform. Since the database is hosting critical financial data, you are instructed to ensure that the database tier is fault tolerant.
Which of the following options would you implement to satisfy this requirement in the MOST cost-effective manner?
Set up a RAID 1 configuration with multiple EBS volumes together.
A known security vulnerability was discovered in the outdated Operating System of your company’s EC2 fleet. As the Systems Administrator, you are responsible in mitigating the vulnerability as soon as possible to safeguard your systems from various cyber security attacks.
What is the most efficient way to solve this issue?
Use AWS Systems Manager to manage and deploy the security patch for the OS for the entire fleet of EC2 instances.
A SysOps team is in the process of automating tasks to expedite the time to recover Amazon instances in the event of underlying hardware failure. The team must ensure that the attached Elastic IP and the private IP address of the original instance are retained after the instance is recovered. Additionally, an automated email notification should be in place to inform everyone in the SysOps team once a recovery process is triggered to run.
Which steps should the SysOps team perform to meet the requirements
Create an Amazon SNS topic and subscribe everyone in the SysOps team using their corporate emails. Then, configure an Amazon CloudWatch alarm for the EC2 instance and specify StatusCheckFailed_System as the metric. Finally, create an alarm notification that publishes a message to the SNS topic that you just created.
NOT specify an EC2 action to the alarm to recover the instance (The StatusCheckFailed_Instance metric just monitors the software and network configuration of your individual instance. It does not detect if the underlying hardware failed. )
A DevOps Engineer reported a problem accessing his EC2 instance with a private IP address of 172.31.8.11 from his corporate laptop. The EC2 instance is hosting a web application which works well but he is still experiencing an issue establishing a connection to manage the instance.
As the SysOps Administrator, which of the following options is the most suitable solution in this scenario based on the VPC flow log entries below?
2 123456789010 eni-abc123de 110.217.100.70 172.31.8.11 49761 3389 6 20 4249 1418530010 1418530070 REJECT OK
Allow incoming RDP traffic in the security group of the EC2 instance including the inbound and outbound rules in the Network ACL.
A company has a new policy to encrypt all Amazon Elastic Block Store (Amazon EBS) volumes in the us-east-2 and us-west-2 AWS regions. To help enforce this policy, the company’s administrator needs to come up with a solution for automatically encrypting newly created EBS volumes.
Which method will meet the requirement in the most efficient way?
Enable the default EBS encryption setting in the Amazon EC2 Console of each AWS region.
NOT Configure the encrypted-volume AWS Config managed rule. Associate a remediation action that encrypts unencrypted EBS volumes as this would encrypt only existing EBS volumes, not new ones
A startup hosts its web application on a large Spot Fleet that uses tens of Amazon EC2 instances with diversified instance families across multiple Availability Zones. The application is primarily used for integration testing by a group of external customers for their staging environments. The Chief Information Officer(CIO) requires that the Spot Fleet is cost-optimized and less susceptible to application downtime due to Spot instance interruptions.
Which of the following should the SysOps Administrator implement to adhere to the CIO requirements?
Combine the lowestPrice allocation strategy with the InstancePoolsToUseCount parameter when making a Spot Fleet request.
NOT On-demand or RESERVED instances
An organization hosts its operating system, database, and application on an Amazon EC2 instance backed by multiple attached Amazon Elastic Block Store (EBS) volumes. The SysOps administrator plans to automate the process of taking daily Amazon Machine Images (AMIs). When performing the backups, he has to ensure the file system integrity of created images.
What should the SysOps Administrator do to meet these requirements?
Using the CreateImage API, build a Lambda function that will take an AMI of the EC2 instance and include a reboot parameter. Then, create a rule to invoke the Lambda function daily on Amazon EventBridge (Amazon CloudWatch Events).
An organization hosts an application across multiple Amazon EC2 instances backed by an Amazon Elastic File System (Amazon EFS) file system. While monitoring the instances, the SysOps administrator noticed that the file system’s PercentIOLimit metric consistently hit 100% for 20 minutes or longer. This issue resulted in the poor performance of the application that reads and writes data into the file system. The SysOps admin needs to ensure high throughput and IOPS while accessing the file system.
What step should the SysOps administrator perform to resolve the high PercentIOLimit metric on the file system?
Build a new EFS file system that is configured with Max I/O performance mode. Utilize AWS DataSync to migrate data to the newly created EFS file system.
NOT The option that says: Modify the existing EFS file system configuration and activate Max I/O performance mode is incorrect because you can’t change the performance mode configuration of an EFS file system right away. You need to MIGRATE DATA TO ANOTHER FS configured with your desired performance mode.
A research agency is performing a migration operation with its production file server to AWS. The SysOps administrator is required to ensure that the data stored on the file server in AWS will remain accessible even if an Availability Zone (AZ) is unavailable, system maintenance is ongoing, or unplanned service disruption occurs. In addition, users should be able to interact with the file server via SMB protocol and manage file permissions using Windows Access Control Lists (ACLs).
Which cloud solution can help the SysOps administrator accomplish the requirements?
Set up a Multi-AZ Amazon FSx for Windows File Server.
NO Create two Amazon FSx for Windows File Server Single-AZ 2 file systems on different AZs. Use Microsoft Distributed File System Replication (DFSR) to replicate data between the two file systems automatically
A company currently has an application which is hosted in an On-Demand EC2 instance in one Availability Zone. You are instructed to redesign the architecture to make it scalable and highly available. Which of the following should you do to accomplish this task?
Launch an Auto Scaling Group with subnets across 3 Availability Zones. Set the desired and maximum capacity to 5
A finance organization is running an application on its on-premises data center but needs to use AWS for backing up its data. The manager requires that the backup data is made available locally to comply with regulatory requirements. The backup software can only write to block-based storage compatible with Portable Operating System Interface (POSIX).
Which backup solution will help the SysOps admin meet the requirements?
Utilize AWS Storage Gateway and configure it to operate using stored volumes.
A web development company is using a fleet of On-Demand EC2 instances. You are working as their IT Consultant when a critical security vulnerability was discovered on the OS that the company is using. You are instructed to ensure that all EC2 instances are updated with the latest security patches as soon as possible.
Which of the following AWS services can you use to fulfill this task?
AWS Systems Manager.
NOT AWS Config
A company hosts its web application on an Amazon EC2 instance. To adhere to company standards, the SysOps Administrator was tasked to set up Traffic Mirroring on the instance. Upon reviewing the logs from the traffic mirror, the SysOps Administrator detected that several packets had been truncated.
How can the SysOps Administrator effectively resolve this issue?
Adjust the maximum transmission unit (MTU) size for the mirror target to a higher value.
Traffic Mirroring is an Amazon VPC feature that can be used to copy network traffic from an elastic network interface of type interface. Users can send the traffic to out-of-band security and monitoring appliances for:
– Content inspection
– Threat monitoring
– Troubleshooting
NOT Perform packet tracing on the truncated packets before they enter the AWS network
A tech lead plans to deploy a highly available web application on 12 Amazon EC2 instances. She is required to deploy each of the instances on distinct underlying hardware.
What solution should the tech lead implement to meet the requirements?
Deploy the instances in a single region and place them into a spread placement group.
A SysOps Administrator needs to implement a highly available and scalable cloud architecture in AWS for the new online remittance system of the organization. The Administrator set up an Application Load Balancer and launched an Auto Scaling group of Spot EC2 instances on their UAT VPC. The QA team conducted performance testing on the new system and found out a defect in the application server. The Administrator wants to investigate the problem and make the necessary changes without invoking the scaling down processes, which is why the Administrator temporarily suspended the Terminate scaling process.
What will be its effect on the Auto Scaling group’s Availability Zone rebalancing process (AZRebalance) during this period?
The Auto Scaling group can grow up to ten percent larger than its maximum size.
A SysOps Administrator launched an EBS-backed On-Demand EC2 Instance to host a web application. However, the instance always terminates after going into the pending state.
Which of the following could be the cause of this issue? (Select TWO.)
– The EBS volume limit has been reached.
– The root EBS volume is encrypted and you do not have permission to access the KMS key for decryption.
NOT The limit for EC2 Instances in your region has already been reached
AWS does not currently have enough available On-Demand capacity to service your request
A technology company is planning to use an Auto Scaling group of On-Demand EC2 Instances that would be used to host a suite of web-based applications written in ReactJS and NodeJS. These applications would be running 24/7 throughout the year and as the Systems Administrator, you are responsible in ensuring that the architecture is both elastic and cost-effective. The instance type would need to be upgraded during the year depending on the usage of the application.
Which of the following is the most suitable instance purchasing option to use?
Convertible Reserved Instances
In this scenario, the keyword is “instance type”. You can upgrade or downgrade the instance size of both Standard and Convertible Reserved Instance. However, only the Convertible Reserved instance can change the instance type.
A facial recognition system is using an Auto Scaling group of On-Demand EC2 instances. It has one specific instance which is causing an error and must be terminated immediately. Using the AWS CLI, how can you terminate an instance from the specified Auto Scaling group without updating the size of the group?
terminate-instance-in-auto-scaling-group –instance-id –no-should-decrement-desired-capacity.
A company has an application that is hosted on a fleet of EC2 instances with an Application Load Balancer that evenly distributes the incoming traffic. There once was an incident where a Junior DevOps Engineer accidentally made changes in the ALB in production that brought the whole application down. These situations should not happen again and hence, you have to monitor any activity or changes made to your AWS resources.
Which of the following services does not help you capture the monitoring information about the ELB activity?
ELB health checks
An application is deployed on us-east1 that runs on Amazon EC2 instances in an Auto Scaling Group called asg-prod. An Application Load Balancer is configured to target the asg-prod when forwarding traffic from Route 53. The SysOps Administrator needs to configure a CloudWatch alarm if all instances behind the ALB become unhealthy.
Which condition should you use in CloudWatch?
Use AWS/ApplicationELB HealthyHostCount <= 0.
