MyCloudGuru Flashcards

Question 1

Q

Which of the following are a part of AWS’ Networking & Content Delivery services?

(Choose 2)

A) Lambda

B) EC2

C) CloudFront

D) VPC

Answer

A

C) CloudFront

D) VPC

Question 2

Q

The VPC service is a member of which group of AWS services in the ‘All services’ view of the AWS Portal?

A) Networking & Content Delivery

B) Database Services

C) Global Infrastructure

D) Compute Services

Answer

A

A) Networking & Content Delivery

A Virtual Private Cloud (VPC) is a virtual network dedicated to a single AWS account. It is logically isolated from other virtual networks in the AWS cloud. VPC is found in the “Networking & Content Delivery” section of the AWS Portal.

Question 3

Q

The AWS Global Infrastructure comprises Regions, Availability Zones, and edge locations, and there is a different number of each infrastructure element. Select the option that shows the correct order from greatest to least.

A) Number of Availability Zones > Number of Regions > Number of Edge Locations

B) Number of Edge Locations > Number of Availability Zones > Number of Regions

C) Number of Availability Zones > Number of Edge Locations > Number of Regions

D) Number of Regions > Number of Availability Zones > Number of Edge Locations

Answer

A

B) Number of Edge Locations > Number of Availability Zones > Number of Regions

Currently, there are more Edge Locations in the Global Cloud Infrastructure than Availability Zones; in turn, there are more Availability Zones than Regions. Reference: Global Infrastructure.

Question 4

Q

What is an AWS region?

A) A region is a geographical area divided into Availability Zones. Each region contains at least two Availability Zones.

B) A region is a collection of Edge Locations available in specific countries.

C) A region is a subset of AWS technologies. For example, the Compute region consists of EC2, ECS, Lambda, etc.

D) A region is an independent data center, located in different countries around the globe.

Answer

A

A) A region is a geographical area divided into Availability Zones. Each region contains at least two Availability Zones.

Question 5

Q

In which of the following is CloudFront content cached?

A) Region

B) Edge Location

C) Availability Zone

D) Data Center

Answer

A

B) Edge Location

Question 6

Q

What does an AWS Region consist of?

A) A collection of databases that can only be accessed from a specific geographic region.

B) Each AWS Region consists of multiple, isolated, and physically separate Availability Zones within a geographic area.

C) A collection of data centers that is spread evenly around a specific continent.

D) A console that gives you a quick, global picture of your cloud computing environment.

Answer

A

B) Each AWS Region consists of multiple, isolated, and physically separate Availability Zones within a geographic area.

AWS has the concept of a Region, which is a physical location around the world where data centers are clustered. Each group of logical data centers is called an Availability Zone. Each AWS Region consists of multiple, isolated, and physically separate AZ’s within a geographic area.

Question 7

Q

What is an Amazon VPC?

A) Virtual Public Compute

B) Virtual Private Cloud

C) Virtual Private Compute

D) Virtual Public Cloud

Answer

A

B) Virtual Private Cloud

Question 8

Q

Which of the below are storage services in AWS?

(Choose 2)

A) EC2

B) S3

C) EFS

D) VPC

Answer

A

B) S3

C) EFS

S3 and EFS both provide the ability to store files in the cloud. EC2 provides compute, and is often augmented with other storage services. VPC is a networking service.

Question 9

Q

Which of the below are AWS compute services?

(Choose 2)

A) S3

B) Lambda

C) VPC

D) EC2

Answer

A

B) Lambda

AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume.

D) EC2

Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides resizable compute capacity in the cloud. It is designed to make web-scale computing easier for developers.

Question 10

Q

Which of the below are factors that have helped make public cloud so powerful?

(Choose 2)

A) No special skills required

B) The ease of trying new solutions.

C) Traditional methods that are used for on-premise infrastructure always work just as well in cloud

D) Pay-as-you-go approach for pricing

Answer

A

B) The ease of trying new solutions.

D) Pay-as-you-go approach for pricing

Question 11

Q

10,000 Foot Overview

Which of the below are database services from AWS?

(Choose 2)

A) S3

B) DynamoDB

C) EC2

D) Amazon RDS

Answer

A

B) DynamoDB

DynamoDB is a fast and flexible non-relational database service for any scale. DynamoDB enables customers to offload the administrative burdens of operating and scaling distributed databases to AWS so that they don’t have to worry about hardware provisioning, setup and configuration, throughput capacity planning, replication, software patching, or cluster scaling.

D) Amazon RDS

Amazon Relational Database Service (Amazon RDS) is a managed service that makes it easy to set up, operate, and scale a relational database in the cloud. Amazon RDS gives you access to the capabilities of a familiar MySQL, MariaDB, Oracle, SQL Server, or PostgreSQL database.

Question 12

Q

Which statement best describes Availability Zones?

A) A Content Distribution Network used to distribute content to users.

B) Distinct locations from within an AWS region that are engineered to be isolated from failures.

C) Restricted areas designed specifically for the creation of Virtual Private Clouds.

D) Two zones containing compute resources that are designed to automatically maintain synchronized copies of each other’s data.

Answer

A

B) Distinct locations from within an AWS region that are engineered to be isolated from failures.

An Availability Zone (AZ) is a distinct location within an AWS Region. Each Region comprises at least two AZs.

Question 13

Q

You are a security administrator working for a hotel chain. You have a new member of staff who has started as a systems administrator, and she will need full access to the AWS console. You have created the user account and generated the access key id and the secret access key. You have moved this user into the group where the other administrators are, and you have provided the new user with their secret access key and their access key id. However, when she tries to log in to the AWS console, she cannot. Why might that be?

A) You have not applied the “log in from console” policy document to the user. You must apply this first so that they can log in.

B) Your user is trying to log in from the AWS console from outside the corporate network. This is not possible.

C) You cannot log in to the AWS console using the Access Key ID / Secret Access Key pair. Instead, you must generate a password for the user, and supply the user with this password and your organization’s unique AWS console login URL.

D) You have not yet activated multi-factor authentication for the user, so by default they will not be able to log in.

Answer

A

C) You cannot log in to the AWS console using the Access Key ID / Secret Access Key pair. Instead, you must generate a password for the user, and supply the user with this password and your organization’s unique AWS console login URL.

Question 14

Q

You have created a new AWS account for your company, and you have also configured multi-factor authentication on the root account. You are about to create your new users. What strategy should you consider in order to ensure that there is good security on this account.

A) Require users only to be able to log in using biometric authentication.

B) Enact a strong password policy: user passwords must be changed every 45 days, with each password containing a combination of capital letters, lower case letters, numbers, and special symbols.

C) Give all users the same password so that if they forget their password they can just ask their co-workers.

D) Restrict login to the corporate network only.

Answer

A

B) Enact a strong password policy: user passwords must be changed every 45 days, with each password containing a combination of capital letters, lower case letters, numbers, and special symbols.

A password policy to set a minimum standard is good practice and is generally a top requirement for any industry compliance endorsement.

Question 15

Q

Which statement best describes IAM?

A) IAM allows you to manage users, groups, roles, and their corresponding level of access to the AWS Platform.

B) IAM allows you to manage permissions for AWS resources only.

C) IAM stands for Improvised Application Management, and it allows you to deploy and manage applications in the AWS Cloud.

D) IAM allows you to manage users’ passwords only. AWS staff must create new users for your organization. This is done by raising a ticket.

Answer

A

A) IAM allows you to manage users, groups, roles, and their corresponding level of access to the AWS Platform.

Question 16

Q

When you create a new user, that user ____.

A) Will be able to interact with AWS using their access key ID and secret access key using the API, CLI, or the AWS SDKs assuming programmatic access was enabled.

B) Will only be able to log in to the console in the region in which that user was created.

C) Will be able to log in to the console anywhere in the world, using their access key ID and secret access key.

D) Will be able to log in to the console only after multi-factor authentication is enabled on their account.

Answer

A

A) Will be able to interact with AWS using their access key ID and secret access key using the API, CLI, or the AWS SDKs assuming programmatic access was enabled.

To access the console you use an account and password combination. To access AWS programmatically you use a Key and Secret Key combination

Question 17

Q

Power User Access allows ____.

A) Read Only access to all AWS services and resources.

B) Users to inspect the source code of the AWS platform

C) Full Access to all AWS services and resources.

D) Access to all AWS services except the management of groups and users within IAM.

Answer

A

D) Access to all AWS services except the management of groups and users within IAM.

Question 18

Q

Which of the following is not a feature of IAM?

A) IAM integrates with existing active directory account allowing single sign-on.

B) IAM allows you to set up biometric authentication, so that no passwords are required.

C) IAM offers centralized control of your AWS account.

D) IAM offers fine-grained access control to AWS resources.

Answer

A

B) IAM allows you to set up biometric authentication, so that no passwords are required.

AWS makes use of Accounts & Passwords, or Keys and Secret keys, and MFA, to prove identity. You may have a 3rd party device that uses BioMetrics to initiate and exchange of the password or secret key with AWS, but that is not an AWS / IAM service.

Question 19

Q

In what language/format are policy documents written?

A) Python

B) Node.js

C) Java

D) JSON

Answer

A

D) JSON

JavaScript Object Notation is a human-readable and easily parsed structured data format used to pass blocks of data into and between systems.

Question 20

Q

What level of access does the “root” account have?

A) Administrator Access

B) Read-only Access

C) Power User Access

D) No Access

Answer

A

A) Administrator Access

The root account in an AWS account represents the Owner of the account and can do anything including changing billing details and even close the account. The details for this account should be locked away and only used when absolutely necessary.

Question 21

Q

Every user you create in the IAM systems starts with ____.

A) No Permissions

B) Partial Permissions

C) Inherited Permissions

D) Full Permissions

Answer

A

A) No Permissions

AWS systems are designed to be secure first. The system administrator needs to add permissions to allow accounts to take actions.

Question 22

Q

What is the default level of access a newly created IAM User is granted?

A) Read-only access to all AWS services.

B) Power user access to all AWS services.

C) No access to any AWS services.

D) Administrator access to all AWS services.

Answer

A

C) No access to any AWS services.

By default new IAM Users have no permissions to AWS services. They must be explicitly granted.

Question 23

Q

You are a solutions architect working for a large engineering company that are moving from a legacy infrastructure to AWS. You have configured the company’s first AWS account and you have set up IAM. Your company is based in Andorra, but there will be a small subsidiary operating out of South Korea, so that office will need its own AWS environment. Which of the following statements is true?

A) You will need to configure your policy documents regionally, however your users are global.

B) You will then need to configure Users and Policy Documents for each region, respectively.

C) You will need to configure Users and Policy Documents only once, as these are applied globally.

D) You will need to configure your users regionally, however your policy documents are global.

Answer

A

C) You will need to configure Users and Policy Documents only once, as these are applied globally.

IAM is a Global service.
You can have regional conditions in policies, however by default users & policies are Global.

Question 24

Q

What is an additional way to secure the AWS accounts of both the root account and new users alike?

A) Implement Multi-Factor Authentication for all accounts.

B) Configure the AWS Console so that you can only log in to it from your internal network IP address range.

C) Store the access key id and secret access key of all users in a publicly accessible plain text document on S3 of which only you and members of your organization know the address.

D) Configure the AWS Console so that you can only log in to it from a specific IP Address range

Answer

A

A) Implement Multi-Factor Authentication for all accounts.

MFA provides an additional requirement for the person signing on to prove that they are who they claim to be. Username & password are things you ‘know’ the MFA is something that you ‘have’. e.g. you have the only device that can generate the token.

Question 25

Q

A __ is an object in AWS stored as a JSON document that provides a formal statement of one or more permissions.

A) User

B) Role

C) Group

D) Policy

Answer

A

D) Policy

A policy is an object in AWS that, when associated with an identity or resource, defines their permissions. Most policies are stored in AWS as JSON documents.

Question 26

Q

Which of the following is not a component of IAM?

A) Organizational Units

B) Roles

C) Groups

D) Users

Answer

A

A) Organizational Units

Correct. Organization Units, or ‘OUs’ are a feature of AWS Organizations.

Question 27

Q

Identity Access Management & S3

You are a developer at a fast-growing startup. Until now, you have used the root account to log in to the AWS console. However, as you have taken on more staff, you will need to stop sharing the root account to prevent accidental damage to your AWS infrastructure. What should you do so that everyone can access the AWS resources they need to do their jobs?

(Choose 2)

A) Create an additional AWS root account for each new user.

B) Give your users the root account credentials so that they can also sign in.

C) Create individual user accounts with minimum necessary rights and tell the staff to log in to the console using the credentials provided.

D) Create a customized sign-in link such as “yourcompany.signin.aws.amazon.com/console” for your new users to use to sign in with.

Answer

A

C) Create individual user accounts with minimum necessary rights and tell the staff to log in to the console using the credentials provided.

D) Create a customized sign-in link such as “yourcompany.signin.aws.amazon.com/console” for your new users to use to sign in with.

Read the AWS Security Best Practice white paper. Also note that the IAM account signin URL is different from the Root account signin URL

Question 28

Q

Your company has launched a new app. To access the app files, the development team needs access to a bucket that is located within your team’s AWS account. The development team is using a different account and requires programmatic and console level access to your team’s S3 bucket. How would you share this bucket with the development team’s account?

A) Setting up a cross account IAM Role

B) Setting up a resource-based policy

C) Setting up a Resource Based Access Control List (ACL)

D) Setting up a shared IAM policy

Answer

A

A) Setting up a cross account IAM Role

Setting up a cross account IAM role is currently the only method that will allow IAM users to access cross account S3 buckets both programmatically and via the AWS console.

Question 29

Q

You have a client who is considering a move to AWS. In establishing a new account, what is the first thing the company should do?

A) Set up an account via SNS (Simple Notification Service)

B) Set up an account using Cloud Search.

C) Set up an account using their company email address.

D) Set up an account via SQS (Simple Queue Service).

Answer

A

C) Set up an account using their company email address.

This email address is a key part of linking the AWS account to your company. Using a private email address may make it harder to establish ownership if your need help from AWS.

Question 30

Q

A new employee has just started work, and it is your job to give her administrator access to the AWS console. You have given her a user name, an access key ID, a secret access key, and you have generated a password for her. She is now able to log in to the AWS console, but she is unable to interact with any AWS services. What should you do next?

A) Tell her to log out and try logging back in again.

B) Grant her Administrator access by adding her to an Administrators’ group.

C) Ensure she is logging in to the AWS console from your corporate network and not the normal internet.

D) Require multi-factor authentication for her user account.

Answer

A

B) Grant her Administrator access by adding her to an Administrators’ group.

By default new user accounts come with no permission to interact with services. These must be explicitly assigned by adding a Policy or adding them to a Group. The admin user should have also been configured with MFA as best practice, but MFA would not be related to the permission issue itself.

Question 31

Q

To retrieve instance metadata or user data you will need to use the following IP Address:

A) http://192.168.0.254

B) http://127.0.0.1

C) http://10.0.0.1

D) http://169.254.169.254

Answer

A

D) http://169.254.169.254

This IP Address is specific to AWS, where you can use it on any instance to acquire information about that instance. It is a specific type of address called a ‘link-local address’, and is only accessible from that particular instance. You can also disable the metadata service to prevent it’s misuse

Question 32

Q

To help you manage your Amazon EC2 instances, you can assign your own metadata in the form of ____.

A) Wildcards

B) Certificates

C) Notes

D) Tags

Answer

A

D) Tags

Tagging is a key part of managing an environment. Even in a lab, it is easy to lose track of the purpose of resources, and tricky determine why it was created and if it is still needed. This can rapidly translate into lost time and lost money.

Question 33

Q

Which AWS CLI command should I use to create a snapshot of an EBS volume?

A) aws ec2 new-snapshot

B) aws ec2 create-snapshot

C) aws ec2 fresh-snapshot

D) aws ec2 deploy-snapshot

Answer

A

B) aws ec2 create-snapshot

When looking at the AWS CLI, remember the verbs, like ‘create’, which are used as part of commands. This helps you build the necessary command in your head, without referring to the documentation. For example, we might create a new image along with this snapshot. From this, we could understand that the command would likely be ‘aws ec2 create-image’.

Question 34

Q

If an Amazon EBS volume is attached as an additional disk (not the root volume), can I detach it without stopping the instance?

A) Yes, although it may take some time.

B) No, you will need to stop the instance.

Answer

A

A) Yes, although it may take some time.

Since the additional disk does not contain the operating system, you can detach it in the EC2 Console while the instance is running. However, any data on that drive would become inaccessible, and possibly cause problems for the EC2 instance.

Question 35

Q

When creating a new security group, all inbound traffic is allowed by default.

TRUE / FALSE

Answer

A

FALSE

There are slight differences between a normal ‘new’ Security Group and a ‘default’ security group in the default VPC. For a ‘new’ security group nothing is allowed in by default.

Question 36

Q

EBS Snapshots are backed up to S3 in what manner?

A) Exponentially

B) Differentially

C) Incrementally

D) EBS snapshots are NOT stored on S3.

Answer

A

C) Incrementally

EBS snapshots use incremental backups and are stored in S3. Restores can be done from any of the snapshots. The original full snapshot can be safely deleted without impacting the ability to use the other related incremental backups.

Question 37

Q

Can Spread Placement Groups be deployed across multiple Availability Zones?

A) No.

B) Yes.

C) Yes, but only using the AWS API.

D) Only in Us-East-1.

Answer

A

B) Yes.

Spread Placement Groups can be deployed across availability zones since they spread the instances further apart. Cluster Placement Groups can only exist in one Availability Zone since they are focused on keeping instances together, which you cannot do across Availability Zones.

Question 38

Q

Is it possible to perform API actions on an existing Amazon EBS Snapshot?

A) Yes, it possible to perform API actions on an existing Amazon EBS Snapshots.

B) It depends on the region.

C) EBS does not have snapshot functionality.

D) No

Answer

A

A) Yes, it possible to perform API actions on an existing Amazon EBS Snapshots.

It possible to perform API actions on an existing Amazon EBS Snapshot through the AWS APIs, CLI, and AWS Console. You can use AWS APIs, CLI or the AWS Console to copy snapshots, share snapshots, and create volumes from snapshots.

Question 39

Q

You need to know both the private IP address and public IP address of your EC2 instance. You should ____.

A) Use the following command: AWS EC2 DisplayIP.

B) Retrieve the instance Metadata from http://169.254.169.254/latest/meta-data/local-ipv4 and http://169.254.169.254/latest/meta-data/public-ipv4.

C) Run IPCONFIG (Windows) or IFCONFIG (Linux).

D) Retrieve the instance User Data from http://169.254.169.254/latest/user-data/.

Answer

A

B) Retrieve the instance Metadata from http://169.254.169.254/latest/meta-data/local-ipv4 and http://169.254.169.254/latest/meta-data/public-ipv4.

Instance Metadata and User Data can be retrieved from within the instance via a special URL. Similar information can be extracted by using the API via the CLI or an SDK. The ipconfig and ifconfig tools don’t have the ability to see the Public IP Address directly, since it’s attached dynamically inside the AWS Software Defined Network which has to be queried by the API.

Question 40

Q

What type of storage are Amazon’s EBS volumes based on?

A) Object-based

B) File-based

C) Block-based

D) Database-based

Answer

A

C) Block-based

EBS uses Block-based storage, where the data is stored on a virtual disk managed by the Operating System. EFS uses File-based storage, where the underlying filesystem is managed by AWS. S3 uses Object-based storage, where files are kept in a flat structure.

Question 41

Q

The use of a cluster placement group is ideal ___

A) When you need to distribute content on a CDN network.

B) When you need to deploy EC2 instances that require high disk IO.

C) Your fleet of EC2 Instances requires low latency and high network throughput across multiple availability zones.

D) Your fleet of EC2 instances requires high network throughput and low latency within a single availability zone.

Answer

A

D) Your fleet of EC2 instances requires high network throughput and low latency within a single availability zone.

Cluster Placement Groups are primarily about keeping you compute resources within one network hop of each other on high speed rack switches. This is only helpful when you have compute loads with network loads that are either very high or very sensitive to latency.

Question 42

Q

Standard Reserved Instances can be moved between regions

TRUE / FALSE

Answer

A

FALSE

Standard Reserved Instances cannot be moved between regions. You can choose if a Reserved Instance applies to either a specific Availability Zone, or an Entire Region, but you cannot change the region.

Question 43

Q

Will an Amazon EBS root volume persist independently from the life of the terminated EC2 instance to which it was previously attached? In other words, if I terminated an EC2 instance, would that EBS root volume persist?

A) Yes - But only for certain instance types

B) Yes - It will always persist until deleted manually

C) No - Unless ‘Delete on Termination’ is unchecked for the root volume

D) No - It will always be deleted immediately on termination

Answer

A

C) No - Unless ‘Delete on Termination’ is unchecked for the root volume

You can control whether an EBS root volume is deleted when its associated instance is terminated. The default delete-on-termination behavior depends on whether the volume is a root volume, or an additional volume. By default, the DeleteOnTermination attribute for root volumes is set to ‘true.’ However, this attribute may be changed at launch by using either the AWS Console or the command line. For an instance that is already running, the DeleteOnTermination attribute must be changed using the CLI.

Question 44

Q

In order to enable encryption at rest using EC2 and Elastic Block Store, you must ____.

A) Configure encryption using the appropriate Operating Systems file system

B) Configure encryption using X.509 certificates

C) Mount the EBS volume in to S3 and then encrypt the bucket using a bucket policy.

D) Configure encryption when creating the EBS volume

Answer

A

D) Configure encryption when creating the EBS volume

The use of encryption at rest is default requirement for many industry compliance certifications. Using AWS managed keys to provide EBS encryption at rest is a relatively painless and reliable way to protect assets and demonstrate your professionalism in any commercial situation.

Question 45

Q

When updating the policy used by an IAM Role attached to an EC2 instance, what needs to happen for the changes to take effect?

A) Reattach the IAM Role to the EC2 instance

B) Wait up to 15 minutes for the change to take effect

C) Nothing - It will take effect almost immediately

D) Reboot the instance to force the change

Answer

A

C) Nothing - It will take effect almost immediately

Changes to IAM Policies take effect almost immediately (with maybe a few seconds delay). No substantial waiting time is required, nor changes to the system. This is because the IAM Policy exists in the AWS API, rather than on the instance itself. As a way to remember it in a scenario, if you think about a compromised system, you would need to revoke the access immediately, without waiting for changes to take effect.

Question 46

Q

When can you attach/replace an IAM role on an EC2 instance?

A) Anytime, but only if there isn’t already an attached IAM Role

B) Only during launch and cannot be changed once the instance is launched

C) To attach an IAM role to an instance that has no role, the instance can be in the stopped or running state. To replace the IAM role on an instance that already has an attached IAM role, the instance must be in the running state.

D) Anytime, but the instance must be stopped

Answer

A

C) To attach an IAM role to an instance that has no role, the instance can be in the stopped or running state. To replace the IAM role on an instance that already has an attached IAM role, the instance must be in the running state.

IAM Roles can be attached to instances in the stopped or running state, or replaced for instances in the running state. Prior to early 2017, you would only be able to attach an IAM role at launch, and if you wanted to attach a role, you would have to terminate and re-launch the instance.

Question 47

Q

Specifically, where in the AWS Global Infrastructure are EC2 instances provisioned?

A) In Availability Zones

B) Globally

C) In Regions

Answer

A

A) In Availability Zones

When you’re setting up an EC2 instance, you select which subnet you’d like to place your EC2 instance in. Each subnet is tied to a specific availability zone. You cannot move an instance between Availability Zones, without setting up a copied version of the instance. Whilst they exist in Regions, they are not portable across the whole region, nor across the whole globe.

Question 48

Q

TRUE / FALSE

Spread Placement Groups can be deployed across multiple Availability Zones.

Answer

A

TRUE

Spread Placement Groups can be deployed across availability zones since they spread the instances further apart. Cluster Placement Groups can only exist in one Availability Zone since they are focused on keeping instances together, which you cannot do across Availability Zones.

Question 49

Q

Which service would you use to run a general Windows File Server with minimal overhead?

A) EBS Multi Attach

B) S3

C) FSx for Windows

D) EFS

Answer

A

C) FSx for Windows

Amazon FSx for Windows File Server provides a fully managed native Microsoft Windows file system so you can easily move your Windows-based applications that require shared file storage to AWS. EBS Multi Attach allows you to attach a volume to up to 16 instances, but would have issues across multiple availability zones, and could not use NTFS natively. EFS uses the NFS protocol, and is explicitly not supported on Windows. S3 is object-based storage, and would not be suitable as the backend for a file server.

Question 50

Q

Which of the following provide the least expensive EBS options?

(Choose 2)

A) Cold (sc1)

B) Throughput Optimized (st1)

C) Provisioned IOPS (io1)

D) General Purpose (gp2)

Answer

A

A) Cold (sc1)

B) Throughput Optimized (st1)

Of all the EBS types, both current and of the previous generation, HDD based volumes will always be less expensive than SSD types. Therefore, of the options available in the question, the Cold (sc1) and Throughout Optimized (st1) types are HDD based and will be the least expensive options.

Question 51

Q

Can I delete a snapshot of the root device of an EBS volume used by a registered AMI?

A) Only via the Command-Line.

B) No.

C) Yes.

D) Only using the AWS API.

Answer

A

B) No.

If the original snapshot was deleted, then the AMI would not be able to use it as the basis to create new instances. For this reason, AWS protects you from accidentally deleting the EBS Snapshot, since it could be critical to your systems. To delete an EBS Snapshot attached to a registered AMI, first remove the AMI, then the snapshot can be deleted.

Question 52

Q

Which EC2 feature uses SR-IOV?

A) IAM Roles

B) Bootstrap Scripts (User Data)

C) Enhanced networking

D) CloudWatch Agent

Answer

A

C) Enhanced networking

Enhanced networking uses single root I/O virtualization (SR-IOV) to provide high-performance networking capabilities on supported instance types. SR-IOV is a method of device virtualization that provides higher I/O performance and lower CPU utilization when compared to traditional virtualized network interfaces. Enhanced networking provides higher bandwidth, higher packet per second (PPS) performance, and consistently lower inter-instance latencies.

Question 53

Q

What are the valid underlying hypervisors for EC2?

(Choose 2)

A) ESX

B) Xen

C) OVM

D) Hyper-V

E) Nitro

Answer

A

B) Xen

E) Nitro

AWS originally used a modified version of the Xen Hypervisor to host EC2. In 2017, AWS began rolling out their own Hypervisor called Nitro.

Question 54

Q

TRUE / FALSE

When creating a single-AZ Amazon RDS instance, you can select the Availability Zone into which you deploy it.

Answer

A

TRUE

When you create a DB instance, you can choose an Availability Zone or have AWS choose one for you. An Availability Zone is represented by an AWS Region code followed by a letter identifier (for example, us-east-1a).

Question 55

Q

What data transfer charge is incurred when replicating data between Availability Zones for your Amazon RDS MySQL in a Multi-AZ deployment?

A) The charge is half of the standard data transfer charge.

B) The charge is double the standard data transfer charge.

C) There is no charge associated with this action.

D) The charge is the same as the standard data transfer charge.

Answer

A

C) There is no charge associated with this action.

Data transferred between Availability Zones for replication of Multi-AZ deployments is free.

Question 56

Q

In RDS, what is the maximum value I can set for my backup retention period?

A) 30 Days

B) 15 Days

C) 45 Days

D) 35 Days

Answer

A

D) 35 Days

Question 57

Q

Which set of RDS database engines is currently available?

A) Amazon Aurora, MySQL, MariaDB, Oracle, SQL Server, and PostgreSQL

B) Aurora, MySQL, SQL Server, Cassandra

C) MariaDB, SQL Server, MySQL, Cassandra

D) PostgreSQL, MariaDB, MongoDB, Aurora

Answer

A

A) Amazon Aurora, MySQL, MariaDB, Oracle, SQL Server, and PostgreSQL

Amazon RDS supports Amazon Aurora, MySQL, MariaDB, Oracle, SQL Server, and PostgreSQL database engines.

Question 58

Q

If you are using Amazon RDS Provisioned IOPS storage with a Microsoft SQL Server database engine, what is the maximum size RDS volume you can have by default?

A) 16TB

B) 32TB

C) 500GB

D) 6TB

E) 1TB

Answer

A

A) 16TB

You can create Amazon RDS for SQL Server database instances with up to 16TB of storage. The 16TB storage limit is available when using the Provisioned IOPS and General Purpose (SSD) storage types.

Question 59

Q

TRUE / FALSE

RDS Reserved instances are available for multi-AZ deployments.

Answer

A

TRUE

Reserved DB instance benefits apply for both Multi-AZ and Single-AZ configurations.

Question 60

Q

Which of the following is NOT a feature supported by DynamoDB?

A) The primary key can be either a single-attribute or a composite partition-sort key

B) The ability to perform operations by using a user-defined primary key

C) Data reads that are either eventually consistent or strongly consistent

D) Amazon DynamoDB supports MongoDB workloads.

Answer

A

D) Amazon DynamoDB supports MongoDB workloads.

This is not a feature supported by DynamoDB. Amazon DocumentDB (with MongoDB compatibility) is a fast, scalable, highly available, and fully managed document database service that supports MongoDB workloads.

Question 61

Q

Which SQL-based relational database is suitable for high-performance OLTP (Online Transactional Processing) workloads?

A) Amazon DynamoDB

B) Amazon RDS with Provisioned IOPS (SSD) Storage

C) Amazon ElastiCache

D) Amazon Redshift

Answer

A

B) Amazon RDS with Provisioned IOPS (SSD) Storage

Amazon RDS with provisioned IOPS (SSD) storage allows you to implement a SQL-based relational database solution for your high-performance OLTP workloads.

Question 62

Q

Which of the following AWS services is a non-relational database?

A) Amazon DynamoDB

B) Amazon Redshift

C) Amazon ElastiCache

D) Amazon RDS

Answer

A

A) Amazon DynamoDB

Amazon DynamoDB is a non-relational database that delivers reliable performance at any scale. It’s a fully managed, multi-region, multi-master database that provides consistent single-digit millisecond latency, and offers built-in security, backup and restore, and in-memory caching.

Question 63

Q

Under what circumstances would I choose provisioned IOPS over standard storage when creating an RDS instance?

A) If you have workloads that are not sensitive to latency/lag.

B) If this was a test Database.

C) If you need to run an I/O-intensive relational database for a mission-critical application in production.

D) If your business was trying to save money.

Answer

A

C) If you need to run an I/O-intensive relational database for a mission-critical application in production.

Provisioned IOPS becomes important when you are running production environments requiring rapid responses, such as those which run e-commerce websites. Without high performant responses from an RDS instance page loads of the website could suffer resulting in loss of business. If your workloads are not latency sensitive or you are running a test environment the additional cost of provisioned IOPS will not be cost beneficial to your project.

Question 64

Q

TRUE / FALSE

You can SSH into and control the operating system where your Amazon RDS MySQL instance is running.

Answer

A

FALSE

Amazon RDS provides a managed database offering, so you can’t SSH and have control over the underlying operating system configurations where your Amazon RDS MySQL instance is running. You can only have such control when you deploy and manage your databases on EC2 instances.

Answer 65

A

B) During the next scheduled maintenance window or immediately

When applying changes to the backup window, you can choose either to have the changes done during the next scheduled maintenance window or immediately. The schedule itself is modified right away.

Answer 66

A

D) 6

Amazon Aurora automatically maintains 6 copies of your data across 3 Availability Zones.

Answer 67

A

A) Add 2 additional EBS SSD volumes and create a RAID 0 volume to host the database.

RAID 0 provides performance improvements compared with a single volume as data can be read and written to multiple disks simultaneously. 2 disks, each with a bandwidth of 4,000 IOPS will provide a combined bandwidth of 8,000 IOPS.

Answer 68

A

A) Redshift

Answer 69

A

A) I/O may be briefly suspended while the backup process initializes (typically under a few seconds), and you may experience a brief period of elevated latency.

Answer 70

A

A) Redis & Memcached

Answer 71

A

B) Redshift

Redshift is the most suitable AWS database for OLAP (Online Analytical Processing).

Answer 72

A

A) Apache Parquet

B) JSON

D) Apache ORC

Amazon Athena is an interactive query service that makes it easy to analyse data in Amazon S3, using standard SQL commands. It will work with a number of data formats including “JSON”, “Apache Parquet”, “Apache ORC” amongst others, but “XML” is not a format that is supported.

Answer 73

A

C) EBS

Elastic Block Storage (EBS) is recommended block level storage for EC2 instances if you were running a database on an EC2 instance. If the question didn’t focus on the solution being on the instance, RDS would be the preferred choice.

Answer 74

A

FALSE

You don’t need to specify a destination port number when you create DB security group rules. The port number defined for the DB instance is used as the destination port number for all rules defined for the DB security group.

Answer 75

A

C) Read and Write Capacity

D) Storage of Data

There will always be a charge for provisioning read and write capacity and the storage of data within DynamoDB, therefore these two answers are correct. There is no charge for the transfer of data into DynamoDB, providing you stay within a single region (if you cross regions, you will be charged at both ends of the transfer). There is no charge for local secondary indexes.

Answer 76

A

B) Error

Typically, you want your application to check whether a request generated an error before you spend any time processing results. The easiest way to find out if an error occurred is to look for an Error node in the response from the Amazon RDS API.

Answer 77

A

A) DynamoDB

Answer 78

A

B) Geolocation routing policy

Geolocation routing lets you choose the resources that serve your traffic based on the geographic location of your users, meaning the location that DNS queries originate from. For example, you might want all queries from Europe to be routed to an ELB load balancer in the Frankfurt region.

D) Geoproximity routing policy

Geoproximity routing lets Amazon Route 53 route traffic to your resources based on the geographic location of your users and your resources.

Answer 79

A

C) Multivalue Routing

R53 Multivalue lets you respond to DNS queries with up to eight IP addresses of ‘healthy’ targets. Plus it will give a different set of 8 to different DNS resolvers. The R53 Simple policy will provide a list of multiple instances in random order, but Multivalue is the AWS preferred option for this type of service.

Answer 80

A

C) True and False. With Route 53, there is a default limit of 20 domain names. However, this limit can be increased by contacting AWS support.

The limit is 20 for new customers as of March 2021. If you have an existing account and your default limit is 50 now, it will remain at 50.

Answer 81

A

A) Route 53 - Geolocation routing policy

E) Route 53 - Geoproximity routing policy

The instruction from the CTO is clear that that the division is based on geography. Latency based routing will approximate geographic balance only when all routes and traffic evenly supported which is rarely the case due to infrastructure and day night variations. You cannot combine blacklisting and whitelisting in CloudFront. Weighted routing is randomized and will not respect Geo boundaries. Geolocation is based on national boundaries and will meet the needs well. Geoproximity is based on Latitude & Longitude and will also provide a good approximation with potentially less configuration.

Answer 82

A

E) Route 53 allows you to create an Alias record at the top node of a DNS namespace (zone apex)

F) Alias Records provide a Route 53–specific extension to DNS functionality

Alias Records have special functions that are not present in other DNS servers. Their main function is to provide special functionality and integration into AWS services. Unlike CNAME records, they can also be used at the Zone Apex, where CNAME records cannot. Alias Records can also point to AWS Resources that are hosted in other accounts by manually entering the ARN

Answer 83

A

A) Failover Routing and Latency-based Routing

Failover Routing and Latency-based Routing are the only two correct options, as they consider routing data based on whether the resource is healthy or whether one set of resources is more performant than another. Any answer containing location based routing (Geoproximity and Geolocation) cannot be correct in this case, as these types only consider where the client or resources are located before routing the data. They do not take into account whether a resource is online or slow. Simple Routing can also be discounted as it does not take into account the state of the resources.

Answer 84

A

B) The route part of the Route 53 name came from a reference to Route 66. The 53 part came from the fact that the port for DNS is 53.

Answer 85

A

TRUE

Route 53 is Amazon’s highly available and scalable cloud DNS web service.

Answer 86

A

A) CNAME

B) Alias

CNAME maps to the host name

An alias could be created for the ELB. Alias records provide a Route 53–specific extension to DNS functionality

Answer 87

A

D) 5

You can have up to five Amazon VPCs per AWS account per AWS Region, but you can place a support request to increase the number.

Answer 88

A

B) Virtual Private Cloud

VPC stand for Virtual Private Cloud. It is a logically isolated (private) section where you can place AWS resources within a virtual network.

Answer 89

A

D) A Private IP Address & Public IP Address

In a default VPC, when you launch an EC2 instance and don’t specify a subnet, it’s automatically launched into a default subnet in your default VPC. The default subnet may MapPublicIPOnLaunch set to the value of true. So when it is launched, a public and private IP is available for the instance.

Answer 90

A

B) No

0.0.0.0/0 would allow ANYONE from ANYWHERE to connect to your instances. This is generally a bad plan. The phrase ‘web-facing subnets’ does not mean just web servers. It would include any instances in that subnet some of which you may not want strangers attacking. You would only allow 0.0.0.0/0 on port 80 or 443 to connect to your public-facing Web Servers, or preferably only to an ELB. Good security starts by limiting public access to only what the customer needs. Please see the AWS Security white paper for complete details.

Answer 91

A

B) VPC gateway endpoints ensure traffic between your VPC and the other service does not leave the Amazon network.

In contrast to a NAT gateway, traffic between your VPC and the other services does not leave the Amazon network when using VPC gateway endpoints. A gateway endpoint is a gateway that you specify as a target for a route in your route table for traffic destined to a supported AWS service (S3 and DynamoDB).

Answer 92

A

A) Network Access Control List (ACL)

B) Route Table

C) Security Group

When you create a custom VPC, a default Security Group, network access control list (ACL), and route table are created automatically. You must create your own subnets, internet gateway, and NAT gateway (if you need one).

Answer 93

A

FALSE

You may peer a VPC to another VPC that’s in your same account, or to any VPC in any other account.

Answer 94

A

B) Subnet Level

D) Network Interface Level

F) VPC Level

VPC Flow Logs can be created at the VPC, subnet, and network interface levels. VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC.

Answer 95

A

A) Create an Elastic IP address and associate it with your EC2 instance.

An Elastic IP address is a public IPv4 address, which is reachable from the internet. If your instance does not have a public IPv4 address, you can associate an Elastic IP address with your instance to enable communication with the internet. For example, this allows you to connect to your instance from your local computer.

Answer 96

A

D) Bastion Host

A Bastion host allows you to securely administer (via SSH or RDP) an EC2 instance located in a private subnet. Don’t confuse Bastions and NATs, which allow outside traffic to reach an instance in a private subnet.

Answer 97

A

B) Virtual Private Gateway

D) Customer Gateway

A Virtual Private Gateway sits at the edge of your VPC and is a key component when using a VPN. It’s responsible for site-to-site connection from on-premises to a VPC.

A customer gateway is a resource that is installed on the customer side and provides a customer gateway inside a VPC.

Answer 98

A

FALSE

Each subnet must reside entirely within one Availability Zone and cannot span across zones.

Answer 99

A

A) Security groups are stateful and Network Access Control Lists (NACLs) are stateless.

Security groups are stateful and Network Access Control Lists are stateless. Stateful means if you send a request from your instance, the response traffic for that request is allowed to flow in regardless of inbound security group rules.

Answer 100

A

A) 1

An internet gateway is a highly available VPC component; only one is attachable to a custom VPC.

Answer 101

A

B) Security groups operate at the instance level and are associated with network interfaces.

C) Security groups support “allow” rules only.

E) Security groups evaluate all rules before deciding whether to allow traffic.

Security groups control access at the instance-level (as they are associated with network interfaces), they support “allow” rules only, and they evaluate all rules before deciding whether to allow traffic into the instance(s).

Answer 102

A

C) Network Zone

A network zone services the static IP addresses for your accelerator from a unique IP subnet. Similar to an AWS Availability Zone, a network zone is an isolated unit with its own set of physical infrastructure. When you configure an accelerator, by default, Global Accelerator allocates two IPv4 addresses for it. If one IP address from a network zone becomes unavailable due to IP address blocking by certain client networks, or network disruptions, then client applications can retry on the healthy static IP address from the other isolated network zone.

Answer 103

A

TRUE

When setting up your ALB, for availability zone subnets, you must select at least two Availability Zone subnets from different Availability Zones. Each Availability Zone subnet for your load balancer should have a CIDR block with at least a /27 bitmask (Example, 10.0.0.0/27) and at least 8 free IP addresses per subnet.

Answer 104

A

C) VPC ‘A’

As transitive peering is not allowed, VPC ‘B’ can communicate directly only with VPC ‘A’. (A good alternative to many peer connections is AWS Transit Gateway. AWS Transit Gateway can connect VPCs and on-premises networks via a central hub and get around the transitive problem).

Answer 105

A

TRUE

In a custom VPC with new subnets in each AZ, there is a route within the route table that supports communication across all subnets/AZs. Additionally, it has a Default SG with an “allow” rule: all traffic, all protocols, all ports, from resource using this default security group.

Answer 106

A

FALSE

You can only have one Internet Gateway per VPC.

Answer 107

A

C) /16

The /16 offers 65,536 possible addresses.

Answer 108

A

D) CloudFront

AWS Global Accelerator and Amazon CloudFront are separate services that use the AWS global network and its edge locations around the world. CloudFront improves performance for both cacheable content (such as images and videos) and dynamic content (such as API acceleration and dynamic site delivery). Global Accelerator improves performance for a wide range of applications over TCP or UDP by proxying packets at the edge to applications running in one or more AWS Regions.

Answer 109

A

A) Network ACLs

NACLs act on the subnet level, while security groups act on the instance level.

Answer 110

A

TRUE

By default, a security group includes an outbound rule that allows all outbound traffic. You can remove the rule and add outbound rules that allow specific outbound traffic only. If your security group has no outbound rules, no outbound traffic originating from your instance is allowed.

Answer 111

A

B) Allows VPC based IPv6 traffic to communicate to the internet

D) Prevents IPv6 based internet resources to initiate a connection into a VPC

The purpose of an egress-only internet gateway is to allow IPv6 based traffic within a VPC to access the internet, whilst denying any internet based resources to connection back into the VPC.

Answer 112

A

B) Depends on the type of security assessment or penetration test and the service being assessed. Some assessments can be performed without alerting AWS, some require you to alert.

AWS customers are welcome to carry out security assessments or penetration tests against their AWS infrastructure without prior approval for 8 services only. You should request authorization for other simulated events.

Answer 113

A

A) Improved security

B) Faster performance

It is likely that if you choose to run your VPN through a Direct Connect from your datacenter to the AWS network that your VPN connection will be both faster, and more secure. However data charges are still incurred whilst using Direct Connect. Additionally Transit Gateway attachments may be made to VPN regardless of if it is through DX or not.

Answer 114

A

A) In Amazon VPC, an instance retains its public IP when stopped and started.

AWS releases your instance’s public IP address when it is stopped, hibernated, or terminated. Your stopped or hibernated instance receives a new public IP address when it is started.

Answer 115

A

B) Reliability

Each word has a specific meaning and your ability to select a correct answer may depend on understanding the difference. Reliability is closely related to Availability, however a system can be ‘Available’ but not be working properly. Reliability is the probability that a system will work as designed. This term is not used much in AWS, but is still worth understanding.

Answer 116

A

A) Use multiple autoscaling groups and boundaries for a staged or ‘canary’ deployment process.

The purpose of a canary deployment is to reduce the risk of deploying a new version that impacts the workload.

B) Use Route 53 with health checks to distribute load across multiple ELBs.

Using Route 53 in combination with ELBs is a good pattern to distribute regionally as well as across AZs.

E) Use a Classic Load Balancer to spread the load over several availability zones.

Cross-zone load balancing reduces the need to maintain equivalent numbers of instances in each enabled Availability Zone, and improves your application’s ability to handle the loss of one or more instances.

F) Use several Target groups or Auto Scaling groups under each Load Balancer.

Although the methods vary, you can place multiple autoscaling or target groups behind ELBs.

Answer 117

A

A) No.

You can’t use the standby (secondary database) to offload reads from an application. The standby instance is only there for failover. If you want an independent read node, you need to create a special type of DB instance called a read replica, from a source DB instance.

Answer 118

A

B) Application Load Balancers (ALB)

The ALB has functionality to distinguish traffic for different targets (mysite.co/accounts vs. mysite.co/sales vs. mysite.co/support) and distribute traffic based on rules for: target group, condition, and priority.

Answer 119

A

A) Consider replacing it with Aurora before go live.

B) Convert the RDS instance to a multi-AZ implementation.

There are two issues to be addressed in this question. Minimizing outages, whether due to required maintenance or unplanned failures. Plus the possibility of needing to scale up or down. Read-replicas can help you with high read loads, but are not intended to be a solution to system outages. Multi-AZ implementations will increase availability because in the event of a instance outage one of the instances in another AZs will pick up the load with minimal delay. Aurora provided the same capability with potentially higher availability and faster response.

Answer 120

A

B) A spread placement group supports a maximum of seven running instances per Availability Zone.

A spread placement group supports a maximum of seven running instances per Availability Zone. For example, in a Region with three Availability Zones, you can run a total of 21 instances in the group (seven per zone). If you try to start an eighth instance in the same Availability Zone and in the same spread placement group, the instance will not launch. If you need to have more than seven instances in an Availability Zone, then the recommendation is to use multiple spread placement groups. Using multiple spread placement groups does not provide guarantees about the spread of instances between groups, but it does ensure the spread for each group, thus limiting impact from certain classes of failures.

Answer 121

A

A) Scaling Up

Scaling out is where you have more of the same resource separately working in parallel (visualize services sitting side by side). Scaling Up is where you make it bigger and bigger like an ugly tower with more floors being added after the initial design was finished.

Answer 122

A

C) AWS Autoscaling

EC2 Autoscaling works in conjunction with the AWS Autoscaling service to provide a predictive ability to your autoscaling groups.

Answer 123

A

B) 99.999999999 percent

S3 Standard, S3 Intelligent-Tiering, S3 Standard-IA, S3 One Zone-IA, S3 Glacier, and S3 Glacier Deep Archive Amazon S3 storage classes, objects are designed for 99.999999999% (11 9’s) durability.

Answer 124

A

D) Resiliency

Resiliency is the ability of a workload to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions, such as misconfigurations or transient network issues.

Answer 125

A

C) S3 Standard-IA

The key drivers here are availability and cost, so an awareness of cost is necessary to answer this. Glacier cannot be considered as it is not intended for direct access. S3 has an availability of 99.99%, S3 Standard-IA has an availability of 99.9% while S3-1Zone-IA only has 99.5%

Answer 126

A

D) Scheduled Scaling

Target tracking could work but you need to invest time in determining the correct metric to track (e.g. CPU, Memory, Load Balancer Requests). Also Manual Scaling requires that someone changes configuration to scale up and scale down every day. Finally over provisioning in order to cope with peak demand defeats the purpose of elastic scaling of your compute. For situations where your traffic is very predictable, the easiest way to scale with demand is to create scheduled scaling actions.

Answer 127

A

A) S3 Standard

From the question, we can identify that:

the data is non-replaceable (All S3 classes are at 11 9s of Durability now except for RRS)
the data is frequently updated (Classes outside of S3 Standard & S3 Intelligent-Tiering have extra charges for frequently accessed data).
cost-effective (S3 is more cost effective than S3 Intelligent-Tiering if the data is updated frequently)
version control must be an available feature (S3 has versioning as a feature) All of these items combined make S3 the best option for the available information.

Answer 128

A

B) Availability

Each word has a specific meaning and your ability to select the correct answer may depend on understanding the difference. Availability can be described as the % of a time period when the service will be able to respond to your request in some fashion.

Answer 129

A

A) Copy the files from the NAS to an S3 bucket with the Standard-IA class.

S3 Standard-IA provides rapid access to files and is resilient against events that impact an entire Availability Zone, while offering the same 11 9’s of durability as all other storage classes. The trade-off is in the availability. It is designed for 99.9% availability over a given year, as opposed to 99.99% that S3 Standard offers. However in this brief as cost is more important than availability, S3 Standard-IA is the logical choice.

Answer 130

A

A) Yes.

In the event of a planned or unplanned outage of your DB instance, Amazon RDS automatically switches to a standby replica in another Availability Zone if you have enabled Multi-AZ. You can force a failover manually when you reboot a DB instance.

Answer 131

A

B) cfn-init

cfn-init is not a component of the EC2 Autoscaling service. Instead it is a feature which allows commands to be run, and software installed/configured on EC2 instances when they launch.

Answer 132

A

E) Network Load Balancers (NLB)

The Network Load Balancer is specifically designed for high performance traffic that is not conventional Web traffic. The Classic LB might also do the job, but would not offer the same performance.

Answer 133

A

C) Durability

Each word has a specific meaning and your ability to select a correct answer may depend on understanding the difference. Durability refers to the on-going existence of the object or resource. Note that it does not mean you can access it, only that it continues to exist.

Answer 134

A

C) SQS

In IT the term ‘message’ can be used in the common sense, or to describe a piece of data of Task in an asynchronous queueing system such as MQseries, RabbitMQ or SQS.

Answer 135

A

D) Enable caching and set throttling limits.

If a cache is configured, then Amazon API Gateway will return a cached response for duplicate requests for a customizable time, but only if under configured throttling limits. This balance between the backend and client ensures optimal performance of the APIs for the applications that it supports.

Answer 136

A

D) A service on AWS that ingests and stores data streams for processing.

Amazon Kinesis Data Streams (KDS) is a massively scalable and durable real-time data streaming service. KDS can continuously capture gigabytes of data per second from hundreds of thousands of sources such as website clickstreams, database event streams, financial transactions, social media feeds, IT logs, and location-tracking events. The data collected is available in milliseconds to enable real-time analytics use cases such as real-time dashboards, real-time anomaly detection, dynamic pricing, and more.

Answer 137

A

FALSE

The Standard SQS message queue does not preserve message order nor guarantee messages are delivered only once - these are features of a FIFO message queue. Since Standard SQS message queues are designed to be massively scalable using a highly distributed architecture, receiving messages in the exact order they are sent is not guaranteed. Standard queues provide at-least-once delivery, and in some circumstances, duplicates can occur.

Answer 138

A

FALSE

While there are a limited range of SDKs available for SWF, AWS provides an HTTP based API which allows you to interact using any language as long as you phrase the interactions in HTTP requests.

Answer 139

A

A) Loading streaming data into data lakes, data stores, and analytics tools.

C) Capturing, transforming and loading streaming data into Amazon S3

Amazon Kinesis Data Firehose is the easiest way to load streaming data into data stores and analytics tools. It can capture, transform, and load streaming data into Amazon S3, Amazon Redshift, Amazon Elasticsearch Service, and Splunk, enabling near real-time analytics with existing business intelligence tools and dashboards you’re already using today.

Answer 140

A

B) SNS is a push notification service, whereas SQS is message system that requires worker nodes to poll a queue.

SNS is a Notification service for sending text based communication of different types to different destinations. SQS is a Queue system for asynchronously manages tasks (called messages)

Answer 141

A

FALSE

If you have an existing application that uses standard queues and you want to take advantage of the ordering or exactly-once processing features of FIFO queues, you need to configure the queue and your application correctly. You can’t convert an existing standard queue into a FIFO queue. To make the move, you must either create a new FIFO queue for your application or delete your existing standard queue and recreate it as a FIFO queue.

Answer 142

A

C) Increase the visibility timeout of your queue, so that messages do not become visible once obtained by a consumer.

Duplicate messages occur when a consumer does not complete its message processing and the visibility timeout of the message expires, making it visible for another consumer to obtain. Increasing the visibility timeout to enable the consumer processing to complete, will prevent duplicate messages.

Answer 143

A

C) An Amazon Resource Name is created.

When a topic is created, Amazon SNS will assign a unique ARN (Amazon Resource Name) to the topic, which will include the service name (SNS), region, AWS ID of the user and the topic name. The ARN will be returned as part of the API call to create the topic. Whenever a publisher or subscriber needs to perform any action on the topic, they should reference the unique topic ARN.

Answer 144

A

C) Coordinate synchronous and asynchronous tasks

Similar to SQS SWF manages queues of work, however unlike SQS it can have out-of-band parallel and sequential task to be completed by humans and non AWS services

Answer 145

A

TRUE

Standard queues provide at-least-once delivery, which means that each message is delivered at least once.

Answer 146

A

TRUE

Amazon API Gateway is a fully managed service that makes it easy for developers to publish, maintain, monitor, and secure APIs at any scale. With a few clicks in the AWS Management Console, you can create an API that acts as a “front door” for applications to access data, business logic, or functionality from your AWS origin back-end services. Using API Gateway, you can create RESTful APIs and WebSocket APIs that enable real-time two-way communication applications. API Gateway supports containerized and serverless workloads, as well as web applications.

Answer 147

A

TRUE

One time only completion is a key feature of SWF. At one time this was a key distinction from SQS, however with SQS FIFO queues, this is no longer a distinguishing feature.

Answer 148

A

C) A collection of related workflows

Domains provide a way of scoping Amazon SWF resources within your AWS account. All the components of a workflow, such as the workflow type and activity types, must be specified to be in a domain. It is possible to have more than one workflow in a domain; however, workflows in different domains can’t interact with each other.

Answer 149

A

D) Delivery streams, records of data and destinations.

Key components of Kinesis Data Firehose are: delivery streams, records of data and destinations. Producers, shards and consumers are components of Kinesis Data Streams.

Answer 150

A

A) A native Cloud Architecture that allows customers to shift more operational responsibility to AWS.

B) The ability to run applications and services without thinking about servers or capacity provisioning.

‘Serverless’ computing is not about eliminating servers, but shifting most of the responsibility for infrastructure and operation of the infrastructure to a vendor so that you can focus more on the business services, not how to manage the infrastructure that they run on. Billing does tend to be based on simple units, but the choice of services, intended usage pattern (RIs), and amount of capacity needed also influences the pricing.

Answer 151

A

A) EC2, ECS, & Lambda.

The exact ratio of cores to memory has varied over time for Lambda instances, however Lambda like EC2 and ECS supports hyper-threading on one or more virtual CPUs (if your code supports hyper-threading).

Answer 152

A

B) Kinesis Data Firehose

C) API Gateway

D) Amazon Lex

ALB, Cognito, Lex, Alexa, API Gateway, CloudFront, and Kinesis Data Firehose are all valid direct (synchronous) triggers for Lambda functions. S3 is one of the valid asynchronous triggers.

Answer 153

A

B) Your lambda function does not have sufficient Identity Access Management (IAM) permissions to write to DynamoDB.

Like any services in AWS, Lambda needs to have a Role associated with it that provide credentials with rights to other services. This is exactly the same as needing a Role on an EC2 instance to access S3 or DDB.

Answer 154

A

A) Multiple instances of the Lambda function will be triggered, one for each image

Each time a Lambda function is triggered, an isolated instance of that function is invoked. Multiple triggers result in multiple concurrent invocations, one for each time it is triggered

Answer 155

A

B) AWS X-Ray

AWS X-Ray helps developers analyze and debug production, distributed applications, such as those built using a microservices & serverless architectures. With X-Ray, you can understand how your application and its underlying services are performing to identify and troubleshoot the root cause of performance issues and errors.

Answer 156

A

C) Create a duplicate sign up page that stores registration details in DynamoDB for asynchronous processing using SQS & Lambda.

Use NoSQL database to collect customer registration for asynchronous processing, and SQS backed by scalable compute to keep up with the requests.

E) Work with your web design team to refactor some web pages with embedded JavaScript for your 5 most popular information web pages and sign up web pages. Host those pages on S3 with static web hosting.

An AWS solution for this situation might include S3 static web pages with client side scripting (JavaScript) to meet high demand of information pages.

Answer 157

A

C) Out

Lambda scales out automatically - each time your function is triggered, a new, separate instance of that function is started. There are limits, but these can be adjusted on request.

Answer 158

A

B) Duration of each request (in ms).

As of December 2020, the Lambda compute duration is billed in 1ms increments instead of being rounded up to the nearest 100 ms increment per invoke. For example, a function that runs in 30ms on average used to be billed for 100ms. Now, it will be billed for 30ms resulting in a 70% drop in its duration spend.

C) The number of requests for each time the lambda executes in response to an event notification, or invoke call.

The number of requests for each time the lambda executes in response to an event notification, or invoke call is one of the factors involved in Lambda pricing.

D) The amount of memory assigned.

Lambda billing is based on both The MB of RAM reserved and the execution duration in 100ms units. You don’t choose the amount of CPU when setting up a Lambda Function. You can however choose between x86 or Arm/Graviton2 processors which does impact the price. (Note: the CPU choice came into general feature availability on 29 SEP 2021. AWS generally waits 6 months before new feature information is potentially introduced to exams).

Brainscape's Knowledge GenomeTM

MyCloudGuru Flashcards

Brainscape's Knowledge Genome^TM