EC2 Fundamentals

Question 1

True or False:

Security groups only contain allow rules.

Answer 1

True

Question 2

What are security groups?

Answer 2

They act as a “firewall” on EC2 instances.

Question 3

What do security groups regulate?

Answer 3

Access to ports
Authorized IP ranges - IPv4 and IPv6
Control of inbound network
Control of outbound network

Question 4

Can a security group be attached to multiple instances?

Answer 4

Yes

Question 5

Are security groups locked to a region / VPC combination?

Answer 5

Yes

Question 6

Do security groups live “inside” or “outside” the EC2 instance?

Answer 6

Outside. If traffic is blocked, EC2 won’t see it.

Question 7

What is port for SSH to log into Linux instance?

Answer 7

22

Question 8

What is port to for FTP?

Answer 8

21

Question 9

What is port for SFTP?

Answer 9

22

Question 10

What is port for HTTP and HTTPS websites?

Answer 10

80 for HTTP

443 for HTTPS

Question 11

What is port for RDP (remote desktop protocol) to log into a Windows isntance?

Answer 11

3389

Question 12

When you get timeout when connecting to EC2 instance, where is the issue?

Answer 12

Within security groups

Question 13

When you first download a SSH file with permissions 0644, and get “permissions too open” error, how do you fix?

Answer 13

chmod 0400

Question 14

What user do you use to login to EC2 via SSH?

Answer 14

ec2-user@

Question 15

What is EC2 Instance Connect?

Answer 15

Allows you to connect to an EC2 instance within the web browser

Question 16

What is the best way to provide AWS credentials to our EC2 instances?

Answer 16

IAM roles

Question 17

What are the 4 types of EC2 instance purchasing options?

Answer 17

1. On-demand instances
2. Reserved instances
3. Spot instances
4. Dedicated hosts

Question 18

Describe EC2 on demand, it’s pros/cons, and best use cases

Answer 18

Pay for what you use. Billing per second on Windows/Linux, otherwise per hour use.

Has the highest cost but no upfront costs or long term commitment

Recommended for:
Short -term and un-interrupted workloads, where you can’t predict how the application will behave

Question 19

Describe EC2 reserved instances, pros / cons, and it’s best use cases

Answer 19

Reserved for 1-3 years. Bigger discounts for longer time commitments, or paying more upfront.

Upfront costs can be none, partial, or all. Must reserve a specific instance type.

Recommended for steady-state usage applications (think database)

Question 20

What is a convertible reserved instance?

Answer 20

Allows you to change the EC2 instance type during your reserved period. Up to 54% discount.

Question 21

What is a scheduled reserved instance?

Answer 21

Launched only within time window you reserve. Best for when you only need for fraction of day / month / year.

Still requires time commitment of 1-3 years.

Question 22

Describe EC2 spot instance, pros/cons, and best use cases

Answer 22

Instance that you can “lose” when your max price is less than the current spot price.

MOST cost efficient option. Best for workloads resilient to failure, such as: batch jobs, data analysis, image processing, distributed workloads, workloads with flexible start/end time.

NOT for databases or citical jobs.

Question 23

Describe EC2 dedicated hosts, pros/cons, and best use cases

Answer 23

Entire physical server fully dedicated for your use. 3 year time commitment.

Most expensive options.

Best for addressing compliance requirements or for using your existing server-bound software licenses. Good for companies with strong regulatory or compliance needs, or complicated licensing models.

Question 24

dedicated instances vs. dedicated hosts

Answer 24

Hosts are much more involved than instances.

Instances run on hardware that’s dedicated to you, but don’t have access to the underlying hardware.

Question 25

What is the grace period for stopping your EC2 spot instance?

Answer 25

2 minutes

Question 26

Describe max spot price vs. spot block

Answer 26

Max spot price gets you the instance while your max price > current spot price

Spot block gets an instance during a specified timeframe (1-6 hours)

Question 27

True or False

Cancelling a spot request terminates spot instances.

Answer 27

False. You must first cancel your spot request, and then your instances.

Question 28

Describe a spot fleet

Answer 28

Spot fleet is a set of spot instances + an optional on-demand instance.

Tries to meet a target capacity with price constraints. Can define multiple launch pools, instance types, OS, AZ. The fleet will choose what will be the cheapest to get the job done.

Question 29

Describe the 3 spot instance strategies:

1. lowestPrice
2. diversified
3. capacityOptimized

Answer 29

1. Chooses from the pool with the lowest price(cost optimization, short workload)
2. Distributes across all pools (great for availability, long workloads)
3. Pool with optimal capacity for the number of instances.

Question 30

Which EC2 Purchasing Option can provide you the biggest discount, but it is not suitable for critical jobs or databases?

Answer 30

Spot instances

Question 31

What should you use to control traffic in and out of EC2 instances?

Answer 31

Security groups

Question 32

How long can you reserve an EC2 Reserved Instance?

Answer 32

1 year OR 3 years

Question 33

You would like to deploy a High-Performance Computing (HPC) application on EC2 instances. Which EC2 instance type should you choose?

Answer 33

Compute Optimized

These EC2 instances are great for compute-intensive workloads requiring high-performance processors (e.g., batch processing, media transcoding, high-performance computing, scientific modeling & machine learning, and dedicated gaming servers).

Question 34

Which EC2 Purchasing Option should you use for an application you plan to run on a server continuously for 1 year?

Answer 34

Reserved Instances

Reserved Instances are good for long workloads. You can reserve EC2 instances for 1 or 3 years.

Question 35

You are preparing to launch an application that will be hosted on a set of EC2 instances. This application needs some software installation and some OS packages need to be updated during the first launch. What is the best way to achieve this when you launch the EC2 instances?

Answer 35

EC2 User Data is used to bootstrap your EC2 instances using a bash script. This script can contain commands such as installing software/packages, download files from the Internet, or anything you want.

Question 36

Which EC2 Instance Type should you choose for a critical application that uses an in-memory database?

Answer 36

Memory Optimized

Memory Optimized EC2 instances are great for workloads requiring large data sets in memory.

Question 37

You have an e-commerce application with an OLTP database hosted on-premises. This application has popularity which results in its database has thousands of requests per second. You want to migrate the database to an EC2 instance. Which EC2 Instance Type should you choose to handle this high-frequency OLTP database?

Answer 37

Storage Optimized

Storage Optimized EC2 instances are great for workloads requiring high, sequential read/write access to large data sets on local storage.

Question 38

True or False:

Security Groups can be attached to only one EC2 instance.

Answer 38

False. Security Groups can be attached to multiple EC2 instances within the same AWS Region/VPC.

Question 39

You’re planning to migrate on-premises applications to AWS. Your company has strict compliance requirements that require your applications to run on dedicated servers. You also need to use your own server-bound software license to reduce costs. Which EC2 Purchasing Option is suitable for you?

Answer 39

Dedicated Hosts

Dedicated Hosts are good for companies with strong compliance needs or for software that have complicated licensing models. This is the most expensive EC2 Purchasing Option available.

Question 40

You would like to deploy a database technology on an EC2 instance and the vendor license bills you based on the physical cores and underlying network socket visibility. Which EC2 Purchasing Option allows you to get visibility into them?

Answer 40

Dedicated Hosts