General

Question 1

What error will you get if you try to ssh into an instance with a new keypair?

Answer 1

Permissions 0644 for are too open.

Question 2

What should you run to resolve permission 0644 error?

Answer 2

chmod 0400

Question 3

Can security groups span regions?

Answer 3

No

Question 4

What is the most likely cause of a connection timeout?

Answer 4

Issue in Security Group.

Question 5

What is the most likely cause of a Connection Refused error?

Answer 5

An application error after successfully communicating with server

Question 6

What are the default inbound/outbound rules for a default security group?

Answer 6

All inbound traffic is blocked

All outbound traffic is allowed

Question 7

What is the difference between an IP assigned to an instance and an Elastic IP?

Answer 7

An assigned IP can change if the instance is rebooted. An Elastic IP is an IP you manage and allows you to have a fixed IP for your instance

Question 8

What are 5 features of the Application Load Balancer?

Answer 8

• Handles Layer 7 HTTP traffic
• It can load balanced to multiple applications on the same machine
• It can load balance based on the route in the URL
• It can load balance based on the hostname in the URL
• It has a port mapping feature to redirect to a dynamic port

Question 9

What does an A record do?

Answer 9

Maps a URL to an IPv4 address

Question 10

What does an AAAA record do?

Answer 10

Maps a URL to an IPv6 address

Question 11

What does a CNAME do?

Answer 11

Maps a url to another url (one domain to another).

Question 12

What does an Alias do?

Answer 12

Maps a URL to an AWS resource.

Question 13

What does ASYNC Replication mean?

Answer 13

It means that the consistency will be eventual consistency.

Question 14

How is RDS data encrypted at REST?

Answer 14

AWS-KMS using AES-256 encryption.

Question 15

How do you enforce SSL in PostgreSQL?

Answer 15

On the AWS RDS Console in Parameter Groups, set rds.force_ssl=1

Question 16

How do you enforce SSL in MySQL?

Answer 16

In the DB, set:

GRANT USAGE ON . TO ‘mysqluser’@’%’ REQUIRE SLL;

Question 17

How do you enable SSE-S3?

Answer 17

When posting an object, set a header to:

“x-amz-server-side-encryption”: “AES256”

Question 18

How do you enable SSE-KMS?

Answer 18

When posting an object, set a header to:

“x-amz-server-side-encryption”: “aws:kms”

Question 19

What is a CMK?

Answer 19

A KMS Customer Master Key

Question 20

What does CORS stand for?

Answer 20

Cross Origin Resource Sharing

Question 21

Why would you need to enable CORS?

Answer 21

If you request data from another s3 bucket

Question 22

Previously, what would you have done to optimize your s3 key performance?

Answer 22

prefix the keys with random characters.

Question 23

What is Lazy Loading in Elasticache?

Answer 23

Lazy Loading means to Load only when necessary.

Question 24

What is Write Through in Elasticache?

Answer 24

It is when you add or update the cache when the database is updated

Question 25

What is S3 Select and Glacier Select?

Answer 25

It allows you to use SQL SELECT queries to tell S3 or Glacier exactly what attributes/filters you want.

Question 26

What file formats does S3 Select work with?

Answer 26

CSV, JSON or Parquet

Question 27

Can you use subqueries or joins in S3 SELECT?

Answer 27

No

Question 28

What 2 things must you do to enable HTTPS on ElasticBeanstalk?

Answer 28

• Load an SSL Cert onto the Load Balancer

- Configure a Security Group Rule to allow incoming traffic on port 443

Question 29

What 3 ways can you assign an SSL cert to the load balancer for Elastic Beanstalk?

Answer 29

• In the AWS console, in the ELB configuration
• In the code, in the ebextensions/securelistener-alb.config file
• Using AWS Certificate Manager

Question 30

How do you configure ELasticBeanstalk to redirect from HTTP to HTTPS?

Answer 30

• Configure instances to redirect
• Configure Application Load Balancer with a rule
• Make sure Health Checks are not redirected

Question 31

What is the max version count that ElasticBeanstalk can store?

Answer 31

1000

Question 32

What are the 2 Lifecycle policies for ElasticBeanstalk?

Answer 32

• Time Based

- Space Based

Question 33

What is a worker environment?

Answer 33

It is an ElasticBeanstalk application for workloads that take long to complete

Question 34

In ElasticBeanstalk, how can you define periodic tasks?

Answer 34

In a cron.yaml file

Question 35

What is Kinesis KCL?

Answer 35

It is Kinesis Client Library which is a Java library that helps read a record from a Kinesis Stream

Question 36

How many KCL instances can query a shard?

Answer 36

1

Question 37

How do you bundle your dependencies with you Lambda function?

Answer 37

You need to install your packages alongside your code and zip together

Question 38

What is the max size of the Lambda /tmp directory

Answer 38

512MB

Question 39

What is Lambda@Edge?

Answer 39

It is the process of deploying a Lambda function into a CDN network to make the Lambda Global