ELB & ASG

Question 1

What are the four types of load balancers?

Answer 1

Classic Load Balancer, Application Load Balancer, Network Load Balancer, Gateway Load Balancer

Question 2

What layer is an application load balancer?

Answer 2

Layer 7 (HTTP)

Question 3

What are the various manners we can route to different target groups with our ALB?

Answer 3

Path-based routing, hostname-based routing, Query string/header routing, and source IP

Question 4

What can be included in ALB Target groups?

Answer 4

EC2 instances, ECS tasks, Lambda functions and private IPs

Question 5

How can you find the IP of the client for the ALB?

Answer 5

In the header X-Forwarded-For

Question 6

What is a Network Load Balancer used for?

Answer 6

It functions at the fourth layer of the OSI model. To forward TCP & UDP traffic to your instances

Question 7

How many Static IPs per AZ can a Network Load Balancer have?

Answer 7

One

Question 8

What can the Target Groups of NLB be?

Answer 8

EC2 Instances, Private IPs or an ALB

Question 9

True or False: The NLB cannot have a fixed IP Address

Answer 9

False. The NLB must have a fixed IP address for each AZ.

Question 10

True or False: You must configure the security group for an NLB upon creation.

Answer 10

False. NLBs do not have security groups like ALB. The security group pertaining to the instances must be configured to allow traffic from the NLB and/or clients

Question 11

We want to use the GENEVE protocol on port 6081 to communicate with AWS resources. What do we use?

Answer 11

A Gateway Load Balancer. A Gateway Load Balancer operates at the third layer of the Open Systems Interconnection (OSI) model. It listens for all IP packets across all ports and forwards traffic to the target group that’s specified in the listener rule, using the GENEVE protocol on port 6081.

Question 12

Which load balancers can Sticky Sessions be applied for?

Answer 12

ALB and CLB

Question 13

How do Sticky Sessions work?

Answer 13

A cookie is supplied to the client with an expiration date. The cookie determines what resource the client is directed towards

Question 14

What are the two cookies provided for Sticky Sessions?

Answer 14

Application-based cookie: Gives more control around the duration of the session

Duration-based cookie: When the client routes to a target, it is given a load balancer generated cookie that is used to map the session to a target

Question 15

Why would you use Cross Zone Load Balancing?

Answer 15

You want to make sure that traffic is distributed evenly for all instances ACROSS AZs

Question 16

True or false: Cross-Zone load balancing is always on for ALB and NLB

Answer 16

False. ALB is enabled and can’t be disabled. NLB is disabled by default

Question 17

How can you configure the ALB to serve traffic to a specific target group?

Answer 17

Define the rules in the listeners. A listener is a process that checks for connection requests using a protocol and a port

Question 18

How can you configure the ALB to serve traffic to a specific target group?

Answer 18

Define a listener rule. The conditions in the listener rule help determine how the load balancer routes requests to its registered targets

Question 19

True or False: You cannot configure a security group on an ALB

Answer 19

False. An NLB does not have a security group configuration. An ALBs security group and EC2 security group must be configured

Question 20

Why would we use a Server Name Indication?

Answer 20

SNI solves the problem of loading multiple SSL certificates onto one web server.

Question 21

What is an SSL certificate?

Answer 21

It is a digital certificate that authenticates a websites identity and enables an encrypted connection

https://www.kaspersky.com/resource-center/definitions/what-is-a-ssl-certificate

Question 22

Why would we use Server Name Indication?

Answer 22

It allows the client to indicate which hostname it is trying to connect to at the start of the TLS handshake. That way, mulitple certificates can be used on one server.

Question 23

We have two domain names on a server being targeted by an ALB. How do we properly send traffic to the proper target group?

Answer 23

We can use Server Name Indication

Question 24

What is connection draining/de-registration delay?

Answer 24

ELB stops sending requests to targets that are deregistering. ELB will wait a certain amount of time (delay) to deregister so that requests in process can complete

Question 25

We need to make sure we have a certain number of EC2 instances running at any given time. What can we use?

Answer 25

An Auto Scaling Group

Question 26

We want to trigger more instances when a CloudWatch alarm is triggered, what ASG policy do we use?

Answer 26

Simple/Step Scaling

Question 27

What is the Simple/Step Scaling ASG Policy?

Answer 27

It is configured by setting a CloudWatch alarm that when triggered, adds instances

Question 28

What is the Target Tracking Scaling ASG policy?

Answer 28

It auto-scales based on average metrics, looking to keep things like CPU utilization or throughput on a specified average

Question 29

There are predictable times when the traffic on our EC2 instances will spike. What ASG policy can we use?

Answer 29

Scheduled Actions

Question 30

What is AWS Predictive Scaling for ASG?

Answer 30

It analyzes past trends, uses machine learning to generate a forecast and schedules scaling actions

Question 31

Scaling an EC2 instance from r4.large to r4.4xlarge is called….

Answer 31

Vertical Scaling. Vertical scaling is adding more compute power to existing machines

Question 32

True or False: an ALB provides a static IP

Answer 32

False. It will provide a static DNS though. AWS wants to provide a static endpoint for the ELB, even if the underlying infrastructure changes

Question 33

You are using an Application Load Balancer to distribute traffic to your website hosted on EC2 instances. It turns out that your website only sees traffic coming from private IPv4 addresses which are in fact your Application Load Balancer’s IP addresses. What should you do to get the IP address of clients connected to your website?

Answer 33

Modify your websites backend to get the client IP address from the X-Forwarded-For header

Question 34

What IP address will your instances receive when they receive requests from an ALB?

Answer 34

They will receive the ALB’s IP address. Not the clients.

Question 35

You are working as a Solutions Architect for a company and you are required to design an architecture for a high-performance, low-latency application that will receive millions of requests per second. Which type of Elastic Load Balancer should you choose?

Answer 35

Network Load Balancer

Question 36

Which protocol does ALB’s not support: HTTP, HTTPS, TCP or WebSocket?

Answer 36

TCP

Question 37

True or False: to get a static IP on an ALB, you must assign an Elastic IP

Answer 37

False. ALB cannot have static IPs. If you need a static IP, you should assign a Network Load Balancer in front.

Question 38

Which feature in both Application Load Balancers and Network Load Balancers allows you to load multiple SSL certificates on one listener?

Answer 38

Server Name Indication

Question 39

A web application is hosted on a fleet of EC2 instances managed by an Auto Scaling Group. You are exposing this application through an Application Load Balancer. Both the EC2 instances and the ALB are deployed on a VPC with the following CIDR 192.168.0.0/18. How do you configure the EC2 instances’ security group to ensure only the ALB can access them on port 80?

Answer 39

Add an Inbound Rule with port 80 and ALBs Security Group as the source. Using an ALBs security group is the best practice to keep the EC2 instances secure.

Question 40

An application is deployed with an Application Load Balancer and an Auto Scaling Group. Currently, you manually scale the ASG and you would like to define a Scaling Policy that will ensure the average number of connections to your EC2 instances is around 1000. Which Scaling Policy should you use?

Answer 40

Target Tracking Policy

Question 41

You have an ASG and a Network Load Balancer. The application on your ASG supports the HTTP protocol and is integrated with the Load Balancer health checks. You are currently using the TCP health checks. You would like to migrate to using HTTP health checks, what do you do?

Answer 41

Migrate the health checks to HTTP. A Network Load Balancer supports HTTP/s and TCP health checks.

Question 42

What is the difference between simple and step scaling policy for ASG?

Answer 42

Step will scale the number of instances based on INCREMENTAL CloudWatch triggers. Simple will scale to a specific number based on a single metric. Simple also has a cooldown period that must take place before it can scale again.