Mixed Bag Flashcards
True or False: It is possible to transfer a reserved instance from one AZ to another.
True.
True or False: You can have 1 subnet stretched across multiple AZs.
False.
When you create new subnets within a custom VPC, by default they can communicate with each other, across AZs.
True.
What is the default encryption used on S3?
AES 256.
Amazon S3 provides __________.
- The ability to act as a web server for dynamic content (i.e. can query a database)
- Unlimited storage
- A great place from whichto run a NoSQL database
- Unlimited file size for objects
Unlimited storage.
You create a static hosting website in a bucket called ‘acloudguru’ in Sydney using S3. What would the new URL endpoint be?
- https://s3-ap-southeast-2.amazonaws.com/acloudguru/
- http://acloudguru.s3-website-ap-eu-central-1.amazonaws.com
- http://acloudguru.s3-website-ap-southeast-2.amazonaws.com
- http://www.acloudguru.s3-website-ap-southeast-2.amazonaws.com
http://acloudguru.s3-website-ap-southeast-2.amazonaws.com
True or False: If you make an AMI public, this AMI is immediately available across all regions, by default.
False.
To retrieve instance metadata or userdata, you will need to use what IP address?
196.254.169.254
After successfully uploading a file to S3, what HTTP response code should you expect to see?
200.
True or False: S3 buckets offer read-after-write consistency for PUTs of new objects.
True.
True or False: You can have one subnet stretched across multiple AZs.
False.
Which of the following languages is NOT supported by the AWS SDK?
- Java
- Perl
- Python
- PHP
Perl.
True or False: There is a hard limit on how much data you can store in S3.
False.
True or False: S3 buckets do not provide eventual consistency for overwrite PUTs and DELETEs.
False.
You run a video-hosting website with two types of members: premium, fee-paying members; and free members. Each video that is uploaded is processed by a fleet of EC2 instances, which poll an SQS queue as videos are uploaded. However, you need to ensure that the videos uploaded by your premium, fee-paying members have a higher priority than those of your free members. How might you work with SQS to endure priority treatment of the premium members’ videos?
- SQS would not be suitable for this scenario. It would be much better to use SNS to encode the videos.
- Create two SQS queues — one for premium members, and one for free members. Program your EC2 fleet to poll the premium queue first and, if empty, to then poll your free members SQS queue.
- SQS allows you to set priorities on individual items within the queue, so simply set the fee-paying members at a higher priority than your free members.
Create two SQS queues — one for premium members, and one for free members. Program your EC2 fleet to poll the premium queue first and, if empty, to then poll your free members SQS queue.
True or False: With EC2, you can have 2 types of storage: EBS or Instance Store. EBS is persistent, and if an EC2 instance is stopped with an EBS volume attached, there will be no data lost. Instance Store is ephemeral and if the EC2 instance is stopped, all data will be lost.
True.
You are designing an application which needs to locate the public IP address of the EC2 instance on which it is stored. What do you do?
Get the instance’s META data by visiting http://169.254.169.254/latest/meta-data/
True or False: When you create new subnets within a custom VPC, by default they can communicate with each other, across AZs.
True.
How many Internet gateways can I attach to my custom VPC?
1
You have 2 EC2 instances which sit in a custom VPC in a public subnet. These instances are able to receive internet traffic. You add a 3rd instance to the subnet, but it cannot access the internet. What should you do?
- Move the EC2 instance into another subnet
- Add an elastic IP address to the new instance
- Enable port 80 on the security group
- Check your ACL permissions
Add an elastic IP address to the new instance.
In order to enable encryption at rest using EC2 and Elastic Block Store, you need to __________.
- Configure encryption using the appropriate Operating Systems file system
- Configure encryption when creating the EBS volume
- Mount the EBS volume into S3 and then encrypt the bucket using a bucket policy
- Configure encryption using X.509 certificates
Configure encryption when creating the EBS volume.
You have a motion sensor that reads 300 items of data every 30 seconds. Each item consists of 5kb. Your application uses eventually consistent reads. In order for your application to keep up, what should you set the read throughput to?
10 read units.
True or False: It is possible to transfer a reserved instance from one AZ to another.
True.
You are hosting a static website in an S3 bucket which uses Java script to reference assets in another S3 bucket. For some reason, these assets are not displaying when users browse to the site. What could the problem be?
- S3 doesn’t support JavaScript
- You haven’t enabled CORS on the bucket where the assets are stored
- You need to open port 80 on the appropriate security group in which the S3 bucket is located
- You cannot use one S3 bucket to reference another S3 bucket
You haven’t enabled CORS on the bucket where the assets are stored.
True or False: In IAM, you can use SAML (Security Assertion Markup Language 2.0) to give your federated users single sign-on (SSO) access to the AWS Management Console.
True.
What is the default region for all SDKs?
us-east-1
True or False: You can select a specific AZ in which to place your DynamoDB table.
False.
You have added a NAT EC2 instance to your VPC, but your EC2 instances in the private subnet still cannot access the internet. What should you do with the NAT?
- You should enable source/destination checks on the NAT instance.
- You should disable source/destination checks on the NAT instance.
- You should provision a second NAT and enable failover between the two.
- You should move the NAT to another subnet.
You should disable source/destination checks on the NAT instance.
Which of these AWS services do not use key value pairs?
- Route53
- SWF
- DynamoDB
- SNS
Route53.
True or False: You can have multiple SSL certificates (for multiple domain names) on a single ELB.
False.
True or False: A local secondary index has the same sort key as the table, but a different partition key.
False. A local secondary index is an index that has the same partition key as the table, but a different sort key.
Which of the following DynamoDB write operations allow conditional writes?
- DeleteItem
- PutItem
- BatchWriteItem
- UpdateItem
- DeleteItem
- PutItem
- UpdateItem
PutItem, UpdateItem, and DeleteItem allow conditional writes, where you specify an expression that must evaluate to true in order for the operation to succeed.
To make an SQS message immediately available for processing, you should do which of the following?
- Set the SQS visibility timeout to “0”.
- Manually remove the message from the queue for immediate processing.
- Invoke a call to process the message.
- Enable long polling.
Set the SQS visibility timeout to “0”. The visibility timeout is the time during which the message is invisible to workers. If this interval is set to “0”, the message will be immediately available for processing.
While working with the S3 API, you receive an error: 409 Conflict. What is the most likely cause?
- BucketAlreadyExists
- AccessDenied
- ObjectNotFound
- PermissionsIssue
BucketAlreadyExists. S3 error codes are handled with HTTP error responses. A 409 conflict means there is a conflicting issue.
You’ve enabled website hosting on a bucket named ‘acloud.guru’ in us-east-1. Select the URL you’ll receive from AWS as the URL for the bucket.
- acloud.guru.s3-website-us-east-1.amazonaws.com
- acloud.guru.s3-website-us-east.amazonaws.com
- acloud.guru.us-east-1-s3-website.amazonaws.com
- acloud-guru.s3-website-us-east-1.amazonaws.com
acloud.guru.s3-website-us-east-1.amazonaws.com
When using Web Identity Federation to allow a user to access an AWS service (such as an S3 bucket), which of the following is the correct order of steps?
- A user makes the AssumeRoleWithWebIdentity API Call. The user is then redirected to Facebook to authenticate. Once authenticated, the user is given an ID token. The user is then granted temporary access to the AWS platform.
- A user authenticates with facebook first. They are then given an ID token by Facebook. An API call, AssumeRoleWithWebIdentity, is then used in conjunction with the ID token. A user is then granted temporary security credentials.
- A user logs in to the AWS platform using their Facebook credentials. AWS authenticates with Facebook to check the credentials. Temporary Security Access is granted to AWS.
- Users cannot use Facebook credentials to access the AWS platform.
A user authenticates with facebook first. They are then given an ID token by Facebook. An API call, AssumeRoleWithWebIdentity, is then used in conjunction with the ID token. A user is then granted temporary security credentials.
True or False: in addition to XML, JSON, and unformatted text, an SQS message may contain certain Unicode characters.
True. In addition to XML, JSON, and unformatted text, the following Unicode characters are allowed: #x9 | #xA | #xD | #x20 to #xD7FF | #xE000 to #xFFFD | #x10000 to #x10FFFF
Which of the following is not a common S3 request header?
- Content-Type
- Content-Length
- Content-MD5
- Content-MD9
Content-MD9
You are creating a virtual data centre using CloudFormation and you need to output the DNS name of your load balancer. What command would you use to achieve this?
- FN::PostAtt
- LS::GetAtt
- LS::ReceiveAtt
- FN::GetAtt
FN::GetAtt. The Fn::GetAtt intrinsic function returns the value of an attribute from a resource in the template.
Which S3 error code does not correspond to HTTP status code 404?
- NoSuchBucket
- MissingSecurityHeader
- NoSuchVersion
- NoSuchBucketPolicy
MissingSecurityHeader. It has a 400 HTTP status code.
True or False: An account may have an absolute maximum of 100 S3 buckets.
False. An account has a default maximum of 100 buckets by default, but the limit can be increased by contacting AWS.
S3 Multipart upload is required for files larger than __________?
- 1GB
- 5GB
- 100MB
- 5TB
5GB. Multipart upload is *recommended* for files greater than 100MB, but it’s required for files larger than 5GB.
True or False: You can select a specific Availability Zone in which to place your DynamoDB Table.
False. DynamoDB is a regional service. All of your data is stored and automatically replicated across multiple AZs within the region.
When using the Ref function in CloudFormation, what do we get back if we pass in the logical ID of an AWS::EC2::Instance object?
- Nothing. AWS::EC2::Instance is not a valid resource type.
- The object’s InstanceId.
- The object’s creation status.
- All the attributes associated with the EC2 instance.
The object’s InstanceId.
True or False: While the UpdateTable operation is executing, the table status changes from ACTIVE to UPDATING, and you cannot issue another UpdateTable request until the table returns to the ACTIVE state.
True.
What is the maximum long poll timeout?
- 5 minutes
- 30 seconds
- 20 seconds
- 60 seconds
The maximum ReceiveMessageWaitTime is 20 seconds.
What is the minimum size of an S3 object?
0 bytes. Not sure if the exam will have it listed as 1 byte.
In DynamoDB, what is the maximum length of a partition key value?
- 1024 bytes
- 2048 bytes
- 256 bytes
- 512 bytes
2048 bytes maximum (1 byte min).
