Performant Architectures Flashcards

Question 1

Q

When replicating data from a primary RDS instance to a secondary one, how much will you be charged, in relation to the standard data transfer charge?

A) Your data will be transferred at the standard data transfer charge.
B) Your data will be transferred at half of the standard data transfer charge.
C) Your data will be transferred at half of the standard data transfer charge up to 1 GB of transfer per day and then additional data at the standard data transfer charge.
D) There is no charge for primary-to-secondary data replication.

Answer

A

D. There is no way to reason through this; it is a matter of memorization. There is no charge associated with data replication in this scenario.

Question 2

Q

Which of the following are valid options for where an RDS read replica is set up in relation to the primary instance? (Choose two.)

A) In the same region as the primary instance
B) In a separate region from the primary instance
C) In an instance running on premises
D) Both A and B

Answer

A

C, D. All of these are valid options. Although it’s not particularly common, you can set up a read replica in an on-premises instance. Additionally, read replicas are often created in separate regions from the primary instance, to improve performance for clients closer to different regions than the primary instance.

Question 3

Q

What is the primary purpose of a read replica RDS configuration?

A) Disaster recovery
B) Fault tolerance
C) Performance
D) Security

Answer

A

C. A read replica configuration is aimed squarely at increasing database performance, specifically the performance of reading data from an RDS instance.

Question 4

Q

Which of the following databases support read replicas?

A) MariaDB
B) MySQL
C) PostgreSQL
D) All of the above

Answer

A

D. All three of these databases support read replicas. Most other databases supported by RDS (Oracle, for example, or Aurora) offer other approaches to gain similar functionality to read replicas but do not support the AWS read replica functionality.

Question 5

Q

Which of the following databases support read replicas?

A) Oracle
B) MySQL
C) DynamoDB
D) All of the above

Answer

A

B. Currently, read replicas in RDS are only supported by MariaDB, MySQL, and PostgreSQL.

Question 6

Q

Which of the following is true about a read replica? (Choose two.)

A) It is a read-only instance of a primary database.
B) It can only exist in the same region as the primary database, although it can be in a different availability zone.
C) It is updated via asynchronous replication from the primary instance.
D) It is updated via synchronous replication from the primary instance.

Answer

A

A, C. A read replica is a read-only instance of a database created from a snapshot of the primary instance (A). Read replicas can be in the same instance, or a different one, as the primary instance (so B is false). Read replicas are updated via asynchronous replication—the most performant approach—from the primary database.

Question 7

Q

Which of the following is true about an RDS read replica configuration? (Choose two.)

A) Only three read replicas can be set up for a single primary database instance.
B) Only MariaDB, MySQL, and Aurora are supported.
C) A read replica replicates all databases in the primary instance.
D) A read replica can exist in a different region than the primary instance.

Answer

A

C, D. Read replicas can be in a different region than the primary instance (D), and they replicate all the databases in the primary instance (C). You can have up to five read replicas at a time for a single instance (so A is false). While MySQL and MariaDB are supported (B), Aurora is not.

Question 8

Q

You have a primary database set up to use read replicas running on an instance in US East 1. You have three read replicas also in US East 1 and two additional replicas in US West 2. You are trying to create a new replica in EU West 1 and are getting an error. What do you need to do to resolve this error and successfully create a new read replica in EU West 1?

A) Turn on the Multi-AZ option for your primary instance.
B) You can’t create the replica in EU West 1. Instead, create the replica in another US region to avoid regulations about read replicas in the EU.
C) Contact AWS about raising the number of read replicas allowed from 5 to 8.
D) Turn off one of the read replicas in US East 1 and then you can create the instance in EU West 1.

Answer

A

D. The root issue here is that a read replica setup only allows for five read replicas. This is not a limit that can be raised by AWS either (so C is out). Option A won’t address the issue, and option B isn’t accurate; there are no EU limitations affecting the issue here. The only answer that would result in being able to create the instance is D: By turning off an existing instance, you can create a new fifth replica in the desired region.

Question 9

Q

Which of the following are true about a read replica setup? (Choose two.)

A) Backups are configured by default when you set up read replicas.
B) They provide a highly scalable solution for your on-premises databases.
C) They can exist within a single AZ, cross-AZ, or cross-region.
D) A read replica can be promoted to a stand-alone database instance.

Answer

A

C, D. Read replicas are focused on performance, so you can generally eliminate any answers related to disaster recovery—in this case, A. Read replicas work with RDS databases, as well, so B is out; on-premises databases aren’t supported. This leaves C and D, which are both valid.

Question 10

Q

Which of the following are true about a read replica setup? (Choose two.)

A) Automated backups are taken from the read replicas rather than the primary instance.
B) The database engine on all instances is active.
C) Each read replica instance can upgrade its database engine separate from the primary instance.
D) Replication is synchronous.

Answer

A

B, C. No backups are taken from any instance automatically, including the primary instance, so A is false. Since each read replica has its own database instance running, both B and C are valid. Replication is asynchronous rather than synchronous (so D is false).

Question 11

Q

Which of the following statements are false? (Choose two.)

A) Both read replicas and Multi-AZ configurations ensure that you have database instances in multiple availability zones.
B) Both read replicas and Multi-AZ configurations provide disaster recovery options for your primary instance.
C) A single database can both have a read replica and be part of a Multi-AZ setup.
D) A read replica can be promoted to be a stand-alone database instance.

Answer

A

A, B. A is false because you can create read replicas in the same AZ as the primary instance. There is no requirement to use multiple AZs, as there is with a Multi-AZ setup. B is also false; read replicas provide no disaster recovery options. Both C and D are true.

Question 12

Q

Which of the following statements is true?

A) A Multi-AZ setup is aimed at fault tolerance, while a read replica setup is aimed at scalability.
B) Both read replicas and Multi-AZ configurations are aimed at fault tolerance.
C) A Multi-AZ setup is aimed at scalability, while a read replica setup is aimed at fault tolerance.
D) Both read replicas and Multi-AZ configurations are aimed at scalability.

Answer

A

A. Only A is correct. A Multi-AZ setup is focused on disaster recovery and fault tolerance, while read replicas provide performance and scalability.

Question 13

Q

How do applications communicate with read replica instances?

A) Through the read replica REST API provided by RDS
B) ELBs and ALBs will automatically translate requests to a read replica to use the read replica REST API provided by RDS.
C) Each read replica provides a read replica key that allows applications to communicate with the instance as if it were a normal database instance.
D) Applications communicate with a read replica exactly as they would with a non-read replica.

Answer

A

D. There is no difference in how applications communicate with read replicas as compared to the communication with non-replica instances. In fact, applications don’t “know” that they’re communicating with a read replica other than an inability to make writes.

Question 14

Q

Which of the following are valid reasons to use read replication? (Choose two.)

A) You have a read-heavy database that is peaking in traffic.
B) You have a large number of errors reported by applications trying to update user entries in your current database and want to reduce these errors.
C) You want an automated disaster recovery solution in case you lose an AZ.
D) You have a large number of business reporting queries that are currently interfering with customer application performance.

Answer

A

A, D. A and D are both solutions that would be aided by additional read-only instances. B is not a valid answer because updating records would still only be possible with the primary instance; read replicas don’t support writes. C is incorrect because read replicas do not provide automated fault recovery.

Question 15

Q

Does a read replica provide any assistance at all in creating a fault-tolerant database setup?

A) Yes, it provides automated backups to the read replicas.
B) Yes, if the primary instance fails, one of the replicas can be manually promoted to a stand-alone database instance.
C) Yes, if the primary instance fails, one of the replicas will be automatically promoted to a stand-alone database instance.
D) No

Answer

A

B. You need to be careful here. While read replicas are not advertised or even suggested as solutions for disaster recovery, option B does provide a somewhat manual process to use them in that manner. While you get no automated backups or failover (A or C), you can manually promote a read replica instance to a stand-alone instance if you have to. Still, a Multi-AZ setup is almost always a more robust solution for fault tolerance.

Question 16

Q

Which of the following are valid reasons to use read replication? (Choose two.)

A) You have customers in a region geographically distant from your primary instance and want to improve their read performance when they access your applications hosted in regions closer to them.
B) Your current database instance is showing memory saturation with current traffic loads.
C) Your boss has asked for an automated backup solution that takes advantage of AWS managed services.
D) You need to perform additional OLTP queries and want to improve the performance of those queries.

Answer

A

A, B. Both A and B are ideal situations for read replicas. C is the usual incorrect answer: read replicas don’t provide automated backups. And D is not accurate; the actual database processing doesn’t improve; you are merely adding more sources for reading data for clients.

Question 17

Q

Can you configure a database instance to be both a read replica and a primary database instance for the original instance?

A) Yes, as long as the instances are all in the same availability zone.
B) Yes, if you turn on circular replication in both primary database instances.
C) Yes, as long as the instances are not in the same availability zone.
D) No, AWS does not support circular replication.

Answer

A

D. AWS does not support circular replication through RDS. While some of the databases supported by RDS do, RDS itself does not provide access to this functionality.

Question 18

Q

In which of the following ways can you create a read replica? (Choose two.)

A) Through the AWS console
B) Through the AWS online support system
C) Through the AWS API
D) Through Elastic Beanstalk

Answer

A

A, C. You can create a read replica through the AWS console (A), the AWS API (C), and the AWS CLI (not mentioned, but still true).

Question 19

Q

How are automated backups related to read replicas?

A) They are not; read replicas and automated backups have no relationship at all.
B) Read replicas do not create automatic backups, but the primary database instance must have automatic backups enabled to create read replicas.
C) Read replicas cause the primary database instance to automatically begin backing up.
D) Each read replica is automatically backed up after an initial read from the primary database instance.

Answer

A

B. As has been said numerous times, read replicas are not a backup strategy, nor do they cause automatic backups to be set up. However, you must turn on automatic backups for the primary database instance to enable read replicas.

Question 20

Q

Can a database instance be a read replica of one database and the source instance for another read replica?

A) Yes, as long as the source and replicant database are not the same instance.
B) No, a database cannot be both a read replica and a source database.
C) Yes, as long as the source and replicant database are in the same availability zone.
D) Yes, as long as you enable circular replication on both databases.

Answer

A

A. This bears careful reading. Amazon RDS does not support circular replication, which means one database reads from a second database but then is replicated back by that second database. However, it is absolutely permissible for one database to replicate another database and then be the source for a third database. This makes option A correct.

Question 21

Q

How quickly can you make changes to the backup window used by your RDS instance?

A) Changes to the window via the console take place within 1 hour; changes made via the API take place immediately.
B) Changes to the window take place after the next complete backup occurs.
C) Changes to the window via the API take place within 1 hour; changes made via the console take place immediately.
D) Changes to the window take place immediately.

Answer

A

D. There is no difference in response to a change in the backup window based on how that window is changed (API, console, etc.). All changes take place immediately.

Question 22

Q

What is the longest backup retention window that Amazon RDS allows?

A) 30 days
B) 35 days
C) 45 days
D) 365 days

Answer

A

B. This is another straight memorization question: Amazon RDS backups can be retained for up to 35 days, and no longer.

Question 23

Q

You have an Oracle installation using a custom geospatial plug-in. You also want to ensure the maximum throughput for database operations once those operations are begun by the plug-in. How would you set up Oracle to meet these requirements?

A) Set up Oracle using RDS with provisioned IOPS.
B) Set up Oracle using RDS with magnetic storage.
C) Install Oracle on an EC2 instance with a provisioned IOPS EBS volume.
D) Install Oracle on an EC2 instance with a magnetic EBS volume.

Answer

A

C. There are two components to this question: using RDS or EC2 for Oracle hosting and the class of storage to select. While RDS is a better option in the general case, it is likely not possible to use RDS in this scenario due to the custom plug-in required. This eliminates A and B. Given an installation on EC2, then, the question becomes which storage class is faster: provisioned IOPS or magnetic. The answer here is always provisioned IOPS.

Question 24

Q

In what scenarios would you install an Oracle database on an EC2 instance rather than using RDS? (Choose two.)

A) You want to use an ALB to support multiple instances and round-robin request distributions.
B) Your database size is greater than 80% of the maximum database size in RDS.
C) You have custom plug-ins that will not run in RDS.
D) You want to ensure that your database is only accessible through your private subnet in a VPC.

Answer

A

B, C. Option C should be the immediately obvious first choice. Anytime you have custom plug-ins, you will likely need to install your database on an EC2 instance rather than using RDS. Options A and D are really both about network routes and services around your database, and both can be accomplished without affecting your EC2 vs. RDS decision. This leaves B, which also logically makes sense: If you have a very large database, and it will grow (as almost all databases do), then sizing restraints on RDS can be a limiting factor.

Question 25

Q

Which of the following are SQL-based options in RDS? (Choose two.)

A) Aurora
B) DynamoDB
C) MariaDB
D) Redshift

Answer

A

A, C. This should be an easy question if you’re prepared. While it’s easy to forget if Aurora and MariaDB are RDS options—they are!—you should know that DynamoDB is AWS’s NoSQL database, and Redshift is a data-warehousing solution.

Question 26

Q

You are a new architect at a company building out a large-scale database deployment for web applications that receive thousands of requests per minute. The previous architect suggested a Multi-AZ deployment in RDS to ensure maximum responsiveness to the web tier. Is this a good approach for high performance?

A) No, because a Multi-AZ deployment is no faster in responding to requests than a standard RDS deployment.
B) Yes, because the additional databases in a Multi-AZ deployment will share the request load from the web tier.
C) Yes, because a Multi-AZ deployment will ensure that if the primary database goes down, a secondary database will be current and available.
D) No, because a Multi-AZ deployment can only field requests from the availability zone in which each database resides.

Answer

A

A. This is not particularly difficult as long as you understand that a Multi-AZ deployment is concerned with failover, not performance. Option A is correct: There is no particular performance increase in a Multi-AZ deployment, unless read replicas are also turned on (which isn’t specified). B is false because only the primary database responds to requests in a Multi-AZ deployment. C is actually a true statement but does not have a bearing on the subject of the question: performance. And D doesn’t actually make sense in the context of the question at all!

Question 27

Q

You launch an EC2 instance that has two volumes attached: a root and an additional volume, both created with default settings. What happens to each volume when you terminate the instance?

A) The root volume is deleted and the additional volume is preserved.
B) Both volumes are deleted.
C) Both volumes are preserved.
D) The instance is unable to terminate until the root volume is deleted.

Answer

A

A. This one is a little tricky as it requires understanding what default options AWS puts in place. By default, root volumes are terminated on instance deletion, and by default, additional EBS volumes attached to an instance are not. This makes option A true. However, note that these settings can be changed! Also note that option D is not true in any configuration.

Question 28

Q

How many S3 buckets can you add to an account?

A) 100
B) 100 by default, but this can be increased by contacting AWS.
C) It depends on the default set for the new account by AWS.
D) It depends on how the account is configured at account creation.

Answer

A

B. The default for all new accounts is 100 allowed S3 buckets; this is consistent across AWS and does not change via configuration (meaning that C and D are not correct). However, this value can be raised through asking AWS for an exception and providing a reasonable justification, making B the correct answer.

Question 29

Q

What type of replication occurs in a Multi-AZ RDS setup?

A) Sequential replication
B) Synchronous replication
C) Asynchronous replication
D) Synchronous replication for full backups and asynchronous replication for incremental backups

Answer

A

B. Replication occurs synchronously from a primary instance to a secondary instance in a Multi-AZ setup. Asynchronous replication only occurs in a read replica setup (which can be enabled in addition to a Multi-AZ setup).

Question 30

Q

What type of replication occurs in a read replica RDS setup?

A) Sequential replication
B) Synchronous replication
C) Asynchronous replication
D) Synchronous replication for full backups and asynchronous replication for incremental backups

Answer

A

C. Replication occurs asynchronously from a primary instance to the various read replicas in a read replica setup. As a result, updates are not guaranteed to be instant on the read replicas. Synchronous replication occurs in a Multi-AZ setup.

Question 31

Q

Which of the following protocols and routing approaches does a classic load balancer support? (Choose two.)

A) IPv4
B) IPv6
C) HTTP/2
D) Registering targets in target groups and routing traffic to those groups

Answer

A

A, B. Classic load balancers support both IPv4 and IPv6. They support HTTP/1 and HTTP/1.1, but only application load balancers support HTTP/2. Further, you must register individual instances, rather than target groups, with classic load balancers; registering target groups is a functionality only available with application load balancers.

Question 32

Q

How many elastic IP addresses can you create per region by default in a new AWS account?

A) 5
B) 10
C) 20
D) There is no preset limit.

Answer

A

A. AWS accounts allow you five elastic IP addresses per region by default. As with most AWS defaults, this can be raised by contacting AWS and providing a reasonable justification.

Question 33

Q

To how many EBS volumes can a single EC2 instance attach?

A) 1
B) 2
C) 27
D) Unlimited

Answer

A

C. Officially, instances can have up to 28 attachments. One of those attachments is the network interface attachment, leaving 27 attachments available for EBS volumes. However, the better approach is to remember that an instance can attach to a root volume and several more volumes (more than two); this eliminates options A and B. Additionally, instances cannot have unlimited attachments. This leaves the correct answer, C.

Question 34

Q

How many EC2 instances can be attached to a single EBS volume at one time?

A) 1
B) 2
C) 27
D) Unlimited

Answer

A

A. Be careful with the wording, to ensure that you do not misread this as asking how many EBS volumes can be attached to an EC2 instance (a different question altogether). A single EBS volume can only be attached to one instance at a time.

Question 35

Q

Which of the following protocols are supported by an application load balancer? (Choose two.)

A) SSH
B) HTTP
C) HTTPS
D) FTP

Answer

A

B, C. This should be an easy answer: Application load balancers, as well as classic load balancers, only support HTTP and HTTPS.

Question 36

Q

Which of the following provide ways to automate the backup of your RDS database? (Choose two.)

A) Automated snapshots
B) S3 lifecycle management policies
C) Automated backups
D) Data pipeline

Answer

A

A, C. RDS provides two (and only two) methods for backing up RDS databases at this point: automated backups and automated snapshots. S3 lifecycle management policies are not applicable to RDS databases, and data pipeline is not relevant in this context.

Question 37

Q

You have an EC2 instance running a heavy compute process that is constantly writing data to and from a cache on disk. How and when should you take a snapshot of the instance to ensure the most complete snapshot?

A) Take a snapshot of the instance from the AWS console.
B) Shut down the instance and take a snapshot of the instance.
C) Take a snapshot of the instance from the AWS CLI.
D) Detach the EBS volume attached to the instance and take a snapshot of both the EC2 and EBS instance.

Answer

A

B. Data written to and from cache is ephemeral, and if your instance is reading and writing that data frequently, the only way to ensure that your snapshot isn’t missing data is to stop the instance from running altogether and to then take a snapshot (B). Both A and C will take snapshots but will likely miss any cached data. With option D, you cannot detach a root volume from an instance (it’s unclear from the question if the cached data is being written to EBS, EFS, or another storage mechanism in any case), and so it is not a safe choice.

Question 38

Q

Your web-based application uses a large RDS data store to write and read user profile information. The latest marketing campaign has increased traffic to the application by an order of magnitude. Users are reporting long delays when logging in after having signed up. Which solutions are valid approaches to addressing this lag? (Choose two.)

A) Set up a Multi-AZ configuration for your RDS and round-robin requests between the two RDS instances to spread out traffic.
B) Employ ElastiCache to cache users’ credentials after their initial visit to reduce trips to the database from the web application.
C) Set up a read replica configuration for your RDS and round-robin requests between all the replicas to spread out traffic.
D) Increase the number of EC2 instances allocated to your Auto Scaling group to spread out traffic on the web application tier.

Answer

A

B, C. Option A is invalid because Multi-AZ is a disaster recovery solution; the primary database is the only instance that can respond to traffic in normal operation (unless read replicas are also set up). Option B is valid; caching user data would reduce round trips to the database and should reduce lag for users. Option C also makes sense, as having additional databases from which to read should decrease network latency to a single RDS instance. Option D is not helpful as the problem appears to be in retrieving credentials, not in the web tier itself.

Question 39

Q

Your users are now storing all of their photos in your cloud-based application. CloudWatch metrics suggests that photos are written an average of 5 times per user per day and read 100 times per user per day. If photos are lost, user surveys indicate that users are not typically upset and simply re-upload the missing photo or ignore the missing photo altogether. What is the most cost-effective recommendation for the S3 storage class to use?

A) Standard S3
B) S3-IA
C) S3 One Zone-IA
D) S3 RRS

Answer

A

C. Standard S3 (A) is not a bad choice, but is the most expensive, and both it and S3-IA (B) are more expensive than S3 One Zone-IA because of their increased availability and resilience. The key here is that photos can be lost without an issue, making S3 One Zone-IA the better option. S3 RRS is no longer recommended by AWS.

Question 40

Q

You are consulting for a company that wants to migrate its 85TB data store into S3. It is willing to upload the data into S3 every night in small batches but is concerned that overseas customers using its other applications might experience network latency as they are transferring files into S3. What solution should you recommend to move the company’s data?

A) Enable Transfer Acceleration on S3.
B) Direct Connect
C) Snowball
D) Set up a VPN that uses a virtual private gateway for transferring the data.

Answer

A

C. This should be automatic: Anytime a large data transfer is involved (especially on an AWS exam!), the answer should be Snowball. This comes up a lot and should be an easy correct answer.

Question 41

Q

Which of the following are valid reasons for using Multipart Upload for uploading objects to S3? (Choose two.)

A) You need a solution that recovers from network issues.
B) You need a solution to upload files larger than 10 GB.
C) You need a solution for increasing the security around uploaded objects.
D) You need a solution to decrease the time required to upload large files.

Answer

A

A, D. The only tricky answer here is B. While Multipart Upload absolutely would improve the experience of uploading large files (larger than 10 GB, for example), it is not required; therefore, option B is not the best option to choose. Options A and D both are only possible with Multipart Upload enabled. Option C is false, as security is not related to Multipart Upload.

Question 42

Q

In which of the following situations would you recommend using a placement group?

A) Your fleet of EC2 instances requires high disk IO.
B) Your fleet of EC2 instances requires high network throughput across two availability zones.
C) Your fleet of EC2 instances requires high network throughput within a single availability zone.
D) Your fleet of EC2 instances requires high network throughput to S3 buckets.

Answer

A

C. A placement group is concerned primarily with network throughput and reducing latency among EC2 instances within a single availability zone. AWS does support a placement group spanning multiple AZs via spread placement groups, but unless “spread” is specifically mentioned, you should assume the question references a “normal” (or “cluster”) placement group.

Question 43

Q

Which of the following statements are true about cluster placement groups? (Choose two.)

A) All instances in the group must be in the same availability zone.
B) Instances in the group will see lowered network latency in communicating with each other.
C) Instances in the group will see improved disk write performance when communicating with S3.
D) Instances in the group must all be of the same instance class.

Answer

A

A, B. Cluster placement groups (the default type of placement group) must be made up of instances that exist within a single availability zone (A). This results in increased throughput for network activity (B) but does not affect actual disk performance when writing to S3 (C). Instances can also be of different types, so D is also false.

Question 44

Q

Which of the following statements are true about spread placement groups? (Choose two.)

A) All instances in the group must be in the same availability zone.
B) Instances in the group will see lowered network latency in communicating with each other.
C) You can have up to seven instances in multiple availability zones in the group.
D) AWS provisions the hardware rather than having you specify the distinct hardware for the group.

Answer

A

B, C. Spread placement groups can span availability zones and support up to seven instances per zone (C). Like cluster groups, this results in increased throughput for network activity (B). You must specify the distinct underlying hardware for spread placement groups, which means that D is false.

Question 45

Q

Which of the following storage classes has the lowest durability?

A) S3 standard
B) S3-IA
C) Glacier
D) They all have equal durability.

Answer

A

D. This is a question where the answer is nonintuitive. All the S3 storage classes have the same durability. Even S3 One Zone-IA has 11 9s of durability in the single availability zone in which it resides.

Question 46

Q

Which of the following storage classes has the highest availability?

A) S3 standard
B) S3-IA
C) Glacier
D) They all have equal availability.

Answer

A

A. Availability starts at 99.99% for S3 and then decreases to 99.9% for S3-IA, 99.5% for S3 One Zone-IA, and finally N/A for Glacier.

Question 47

Q

Which of the following storage classes support automated lifecycle transitions?

A) S3 standard
B) S3-IA
C) Glacier
D) They all support lifecycle transitions.

Answer

A

D. This question is easy if you recall that lifecycle transitions are concerned with moving between these storage classes. Therefore, all of these classes support those transitions.

Question 48

Q

Where is data stored when placed into S3-IA? (Choose two.)

A) In the region specified at bucket creation
B) In a special AWS “global” region for S3 storage
C) In at least three availability zones
D) In a single availability zone within at least three regions

Answer

A

A, C. All S3 and S3-IA data is stored in a single region and within at least three availability zones within that region. There is no “global” region for S3 storage.

Question 49

Q

You need to perform a large amount of OLAP. Which AWS service would you choose?

A) DynamoDB
B) RDS Aurora
C) Redshift
D) Oracle installed on EC2 instances

Answer

A

C. Redshift is the only database or service in this list suitable for online analytics processing (OLAP). DynamoDB is an object database (NoSQL), and both Aurora and Oracle are relational databases, better suited for transaction processing.

Question 50

Q

What is the maximum allowable RDS volume size when using provisioned IOPS storage?

A) 8 TB
B) 16 TB
C) 12 TB
D) 1 PB

Answer

A

B. All the major databases supported by RDS—MariaDB, SQL Server, MySQL, Oracle, and PostgreSQL—allow up to 16 TB of storage for a provisioned IOPS volume.

Question 51

Q

Which of the following EBS volumes is the most performant?

A) Provisioned IOPS
B) Throughput optimized HDD
C) Cold HDD
D) General SSD

Answer

A

A. A provisioned IOPS EBS volume is a solid-state drive that provides the highest performance volume.

Question 52

Q

Which of the following is a valid reason to use a cold HDD EBS volume?

A) You need a performant solid-state drive.
B) You are trying to choose the lowest-cost EBS volume possible.
C) You are performing data warehousing using the volume.
D) You need an inexpensive boot volume.

Answer

A

B. A cold HDD is the cheapest EBS option, so B is correct. It is not solid state (A), it is not appropriate for data warehousing (C), and it is not available to be used as a boot volume.

Question 53

Q

Which of the following are available to use as an EBS boot volume? (Choose two.)

A) General SSD
B) Cold HDD
C) Throughput optimized HDD
D) Provisioned IOPS

Answer

A

A, D. This is easiest to remember by noting that HDD types are not available to use as boot volumes. The SSD types (A, D) are, and are correct.

Question 54

Q

Which of the following is a valid reason to use a General Purpose SSD EBS volume? (Choose two.)

A) You need to support large database workloads.
B) You want a blend of a performant SSD and a cost-sensitive SSD volume.
C) You are performing data warehousing using the volume.
D) You have low-latency apps and want to run them on a bootable volume.

Answer

A

B, D. A General Purpose SSD is the less-expensive SSD (compared to provisioned IOPS), so B is a valid answer. It also provides low-latency performance and is bootable. Option A is more suitable for provisioned IOPS, and C is better for a throughput-optimized HDD.

Question 55

Q

Which of the following is a valid reason to use a magnetic EBS volume? (Choose two.)

A) You want a low-cost option for your EBS volume.
B) You have a set of data that is infrequently accessed but want it stored on an EBS volume rather than S3.
C) You need to perform processing to support Oracle installed on a fleet of EC2 instances.
D) You have low-latency apps and want to run them on a bootable volume.

Answer

A

A, B. Magnetic volumes are older and generally not used much. They are ideal for saving money (A) or for infrequently accessed data (B).

Question 56

Q

Which of the following is a valid reason to use a provisioned IOPS EBS volume? (Choose two.)

A) You want a low-cost option for your EBS volume.
B) You need to support a large MongoDB database workload.
C) You need massive performance and throughput for your applications.
D) You have applications that need a bootable environment but can fail from time to time and be re-created.

Answer

A

B, C. Provisioned IOPS volumes are not inexpensive (A) but are well-suited for critical database workloads and throughput (B and C).

Question 57

Q

Which of the following are characteristics of SSD-backed volumes? (Choose two.)

A) Transactional workloads
B) Streaming workloads
C) Small I/O size
D) Throughput-focused

Answer

A

A, C. An SSD volume is best for transactional workloads (A) with a large number of small I/O sized read/write operations.

Question 58

Q

Which of the following are characteristics of HDD-backed volumes? (Choose two.)

A) Transactional workloads
B) Streaming workloads
C) Small I/O size
D) Throughput-focused

Answer

A

B, D. An HDD-backed volume is best for streaming workloads where throughput needs to be maximized over IOPS.

Question 59

Q

You are charged with installing Oracle on a fleet of EC2 instances due to custom Java-based plug-ins you need to install along with Oracle. Which EBS volume type would you choose to best support your Oracle installation?

A) Magnetic
B) Throughput-optimized HDD
C) Provisioned IOPS SSD
D) General SSD

Answer

A

C. While it is possible that a General Purpose SSD might be sufficient to support an Oracle installation that doesn’t do a lot of processing, the best option is C, a provisioned IOPS SSD. Provisioned IOPS handles transaction processing well and will handle the large number of reads and writes that an Oracle installation would need.

Question 60

Q

You are the solutions architect for a company installing a web application on a set of EC2 instances. The application writes a small amount of user profile data to attached EBS volumes, and accesses that data an average of once every five minutes if the user is still using the web application. Additionally, because of the high cost of the application’s RDS instance, you would like to minimize your EBS volume costs. Which EBS volume type would you choose to support these applications?

A) Magnetic
B) Throughput-optimized HDD
C) Provisioned IOPS SSD
D) General SSD

Answer

A

A. This use case is one where access needs to be minimal, as does cost. If you have infrequently accessed data and cost is a major driver, magnetic drives might be a good option. While throughput-optimized HDDs are still cheaper than SSDs, magnetic is the cheapest option and would work fine for a set of data that is accessed without high performance needs.

Question 61

Q

Which of the following can be an EBS boot volume? (Choose two.)

A) Magnetic
B) Throughput-optimized HDD
C) Provisioned IOPS SSD
D) Cold HDD

Answer

A

A, C. You can boot an EC2 instance off any SSD type, as well as the magnetic type. HDD options are not available to use as boot volumes.

Question 62

Q

Which of the following cannot be used as an EBS boot volume? (Choose two.)

A) General SSD
B) Throughput-optimized HDD
C) Cold HDD
D) Magnetic

Answer

A

B, C. The HDD EBS volume types are not available to use as boot volumes, so B and C are the correct answers.

Question 63

Q

Which of the following is not an Elastic Load Balancing option?

A) Classic load balancer
B) Application load balancer
C) Weighting load balancer
D) Network load balancer

Answer

A

C. There is no such thing as a weighting load balancer. The other options are actual options.

Question 64

Q

Which of the following are valid Elastic Load Balancing options? (Choose two.)

A) ELB
B) MLB
C) ALB
D) VLB

Answer

A

A, C. An ELB is an elastic load balancer and generally refers to a classic load balancer. An ALB is an application load balancer. So A and C are valid; MLB and VLB are not acronyms or abbreviations for load balancers.

Answer 65

A

C. An ALB operates at Level 7, the individual request (application) level. Network load balancers operate at Level 4, the connection (transport) level. No load balancers operate at Level 1, and there is no Level 8 in the TCP/OSI stack.

Answer 66

A

B. An ALB operates at Level 7, the individual request (application) level. Network load balancers operate at Level 4, the connection (transport) level. No load balancers operate at Level 1, and there is no Level 8 in the TCP/OSI stack.

Answer 67

A

B, C. Classic load balancers operate at both the connection (Level 4) and the request (Level 7) layer of the TCP stack. An ALB operates at Level 7, the individual request level. Network load balancers operate at Level 4, the connection (transport) level.

Answer 68

A

D. With the newer features of an ALB, all of these use cases are supported. It is important to recognize that ALBs can balance across containers, making B true, and pointing you to D: all of the above.

Answer 69

A

B. This is a difficult question, and right at the edges of what the Architect exam might ask. However, it is possible to use a load balancer to operate within a VPC. It can be pointed internal, instead of Internet-facing, and distribute traffic to the private IPs of the VPC.

Answer 70

A

B. ALBs offer the most flexibility in routing and load distribution.

Answer 71

A

C. Network load balancers can handle the extremely high request load mentioned in the question as well as route between static IP addressed instances.

Answer 72

A

B. An ALB offers SSL termination and makes the SSL offload process very simple through tight integration with SSL processes. While an ELB will handle SSL termination, it does not offer the management features that ALBs do.

Answer 73

A

D. Both ALBs and ELBs offer SSL termination. While an ALB is a better choice when considering the management of SSL certificates—due to its ACM integration—both ELBs and ALBs are correct when considering just SSL termination.

Answer 74

A

D. Route 53 supports up to 50 domain names by default, but this limit can be raised if requested.

Answer 75

A

D. Route 53 supports all of the records mentioned, including alias records.

Answer 76

A

A. Route 53 does support zone apex (naked) domain records.

Answer 77

A

A, B. ElastiCache offers two engines: memcached and redis. Neither C nor D are even real things!

Answer 78

A

D. ElastiCache, when used through AWS, handles all of these tasks and more: hardware provisioning, software patching, setup, configuration, monitoring, failure recovery, and backups.

Answer 79

A

B, D. This is another example of an odd answer set, which sometimes appears on the AWS exam. In this case, all answers are valid, which means choosing two: B and D (D references the remaining two, A and C)!

Answer 80

A

A, C. ElastiCache is an in-memory data store (A) that shards across instances (C). It is not in itself a data distribution mechanism, which is why B is not correct. And it is not a monitoring solution at all (D).

Answer 81

A

D. CloudFront allows interaction via CloudFormation, the AWS CLI, the AWS console, the AWS CLI, the AWS APIs, and the various SDKs that AWS provides.

Answer 82

A

A, C. CloudFront can front a number of AWS services: AWS Shield, S3, ELBs (including ALBs), and EC2 instances.

Answer 83

A

B, C. CloudFront can front a number of AWS services: AWS Shield, S3, ELBs (including ALBs), and EC2 instances.

Answer 84

A

A, B. CloudFront can front a number of AWS services: AWS Shield, S3, ELBs (including ALBs), and EC2 instances. It also most recently supports Lambda@Edge as an origin.

Answer 85

A

A, C. This is a bit difficult, as CloudFront is typically associated with performance (A), and not a lot else. However, CloudFront also provides deep integration with many managed AWS services, such as S3, EC2, ELBs, and even Route 53.

Answer 86

A

B, D. CloudFront automatically provides AWS Shield (standard) to protect from DDoS, and it also can integrate with AWS WAF and AWS Shield advanced. These combine to secure content at the edge. HTTPS is not required (so A is incorrect), and there is no KMS involvement with CloudFront (C).

Answer 87

A

B, D. Edge locations number more than both regions and availability zones.

Answer 88

A

A, C. CloudFront is easy to set up and lets you create a global content delivery network without contracts (A). It’s also a mechanism for distributing content at low latency (C). Creating websites and the actual file storage reference in B and D are not features of CloudFront but of LightSail (for example) and S3, respectively.

Answer 89

A

A, B. CloudFront can serve static content from S3 and dynamic content generated by EC2 instances.

Answer 90

A

B. When you create a CloudFront distribution, you register a domain name for your static and dynamic content. This domain should then be used by clients.

Answer 91

A

A, C. CloudFront will always handle requests that it receives. It will either return the requested content if cached (A) or retrieve that content by requesting it from an origin server (C). It will not redirect the client (D), nor will it pass the request on directly (B).

Answer 92

A

C, D. Both A and B are true. C is not, as routing will occur to the nearest edge location to the client, not the origin server. D is false; RDS is not a valid origin server for CloudFront.

Answer 93

A

D. There is no charge associated with data moving from any region to a CloudFront edge location.

Answer 94

A

A, B. S3 stores files and CloudFront stores copies of files, so A is true. Both also encrypt their files (B) as needed. Only CloudFront caches files (C), and only CloudFront can guarantee low-latency distribution (D).

Answer 95

A

B, D. CloudFront can store and serve both static (HTML and CSS, option D) and dynamic (PHP, option B) content. SQL queries cannot be directly returned, nor can an actual Lambda function. You can front the result of a Lambda@Edge function, but not the function itself.

Answer 96

A

A, B. CloudFront supports a variety of origin servers, including a non-AWS origin server (A). It supports EC2 (B), regardless of region, as well. It does not support RDS or SNS.

Answer 97

A

A. An edge location is a data center that delivers CloudFront content. Edge locations are spread across the world.

Answer 98

A

B. A distribution is the setup including your origin servers and how the content from those servers is distributed via CloudFront. It does not specifically refer to cached content at any given point in time.

Answer 99

A

D. Edge locations check for updated content every 24 hours by default, but this value can be changed.

Answer 100

A

A. Edge locations can be set to have a 0-second expiration period, which effectively means no caching occurs.

Answer 101

A

B, C. The most obvious culprit is a very low expiration period (B). Ensure that time is not close to 0. Beyond that, it’s possible that—especially in conjunction with a very low expiration period—your compute resources or storage resources are getting flooded with requests. Consider using additional origin servers.

Answer 102

A

A. Setting an expiration period to 0 expires all content (A). It actually would slow down response time and has nothing to do with DDoS attacks. While it would technically always return the most current content (D), that’s not a good reason to take this step; it defeats the purpose of CloudFront if the period is left at that value.

Answer 103

A

B, C. First, there is no mechanism either in the AWS console (A) or the AWS CLI (D) to interact directly with files on CloudFront distributions or edge locations. Second, the correct solution is to remove the file and then wait for the expiration period to cause a reload—which can be forced by setting that time to 0.

Answer 104

A

C. You need to remove a file from CloudFront’s origin servers before doing anything else, because files are replicated from the origin server. If the file exists, it will end up on an edge location. Then, with the file removed, the expiration period can be set to 0, and the cache will be updated—resulting in the file being removed.

Answer 105

A

C. The invalidation API is the fastest way to remove a file or object, although it will typically incur additional cost.

Answer 106

A

A. S3 will always be the most available S3 storage class. This should be an easy correct answer.

Answer 107

A

D. This can be a bit tricky. While S3 is more available, all the S3-based storage classes provide the same first byte latency: milliseconds. Remember that performance is identical; availability is not.

Answer 108

A

D. This is another semi-trick question. With the exception of Glacier, retrieving data from the various S3 storage classes should be virtually identical (network issues notwithstanding). The classes differ in availability, but not in how fast data can be accessed. (They also differ in terms of charging for the number of accesses of that data.)

Answer 109

A

C. Glacier data retrieval, using the standard class, takes 3–5 hours on average.

Answer 110

A

B. The difference between S3 and S3-IA is cost, and frequency of access (B). Retrieval is just as fast as S3 (so A is wrong), and data in S3-IA is stored redundantly (C and D).

Answer 111

A

C, D. C and D are both false. RDS instances cannot be origin servers, and the default expiration period is 24 hours, not 12.

Answer 112

A

D. CloudFront allows all of these as origin servers: S3, EC2 instances, ALBs, etc.

Answer 113

A

D. A collection of edge locations is a distribution.

Answer 114

A

C. An RTMP distribution is the Adobe Real-Time Messaging Protocol and is suitable for using S3 buckets as an origin server to serve streaming media.

Answer 115

A

A, C. CloudFront supports both web distributions and RTMP distributions. Media and edge distributions are not valid distribution types.

Answer 116

A

A, B. You can read and write objects directly to an edge location. You cannot delete or update them directly; only the CloudFront service can handle that.

Answer 117

A

A, D. ElastiCache is ideal for high-performance and real-time processing as well as heavy-duty business intelligence. It does not shine as much with offline transactions, where speed is less essential, and it’s not at all suitable for long-term or record storage.

Answer 118

A

B, D. Consider ElastiCache as only useful for storing transient data. Further, it’s not a persistent store; therefore, it’s great for caching data from a database or message service.

Answer 119

A

A, C. Consider ElastiCache as only useful for storing transient data. Further, it’s not a persistent store; therefore, it’s great for caching data from a message queue or providing very fast ephemeral storage.

Answer 120

A

A. ElastiCache uses shards as a grouping mechanism for individual redis nodes. So a single node is part of a shard, which in turn is part of a cluster (option A).

Answer 121

A

D. A storage gateway using cached volumes will cache frequently accessed data while storing the entire dataset on S3 in AWS.

Answer 122

A

C. A storage gateway using stored volumes will store all data locally while backing up the data to S3 in AWS as well.

Answer 123

A

C. A storage gateway using stored volumes will store all data locally, while all the other solutions store data in the cloud. Accessing local data will always be faster than accessing cloud data.

Answer 124

A

A. A storage gateway using stored volumes will store all data locally, providing low latency access to that data. Further, the entire dataset is backed up to S3 for disaster recovery. S3 is durable and available, but not as fast as accessing local data. A VTL provides a tape backup interface, but not necessarily fast data access.

Answer 125

A

B. The problem here is trying to tag individual folders. You can use IAM for permissions, but a particular folder cannot be tagged separately from other folders; only an entire bucket can be tagged.

Answer 126

A

D. A customer gateway with stored volumes provides the lowest latency for file access. A cached volume would not work because the majority of the files are the concern rather than just a small subset.

Answer 127

A

A. Configuring read replicas throughout all regions would provide the best response time on reads for customers spread across those same regions (A). While using multiple regions does provide some disaster recovery help, read replicas are really not a particularly effective disaster recovery approach. As for option C, read replicas do not increase network throughput; they just spread load out over the replicas, which may or may not desaturate the networks involved.

Answer 128

A

C. Read replicas are ultimately about providing faster read access to clients. If all your clients are in one region, then there is little advantage to adding read replicas to additional regions. Instead, providing replicas in the same region as the clients gives them the fastest access (C).

Answer 129

A

B. An argument could be made for option A here; customers will not be routed to a different region than the closest one if there are resources in a close region (so C is wrong) and D doesn’t make much sense here. However, it is possible that if the primary region failed altogether, you could convert a replica in another region to a primary database, meaning that B has some merit.

Answer 130

A

A, D. Read replicas can be backed up manually, and of course read from. However, they effectively become read-only instances, so cannot be written to. You also cannot fail over to a read replica. You can convert it to a stand-alone instance, but that is a manual process that is not a failover. Therefore, A and D are correct.

Answer 131

A

A, D. This is a tough question because there is not much context other than knowing the database is not performing well, in a general sense. However, of the options given, switching to DynamoDB and adding Multi-AZ would do little to improve performance. (Note that switching to DynamoDB could help, as DynamoDB auto-scales to handle load, but this is still not the best of the available answers). Adding read replicas and looking at bigger instances are safer and better answers given this limited context.

Answer 132

A

C, D. Only C and D would have a guaranteed effect here. While it is possible that S3 would deliver the PDFs faster, you’d still have heavy network traffic over AWS, and there’s no guarantee given the information here that S3 would be faster than RDS. B looks appealing, but note that the files are not accessed frequently. This means that caching is not going to help response time, as the files aren’t accessed enough for caching to kick in and be effective. The best options are setting up read replicas and looking at beefing up the database instance.

Answer 133

A

B, C. There are typically a lot of “the database is being overwhelmed” questions on the exam, and this is one of those. The key here is understanding that data is accessed infrequently, meaning that caching solutions (A and D) likely won’t help. Further, the staff is on-site, meaning that a customer gateway (C) could be a valid solution. Finally, it’s almost always safe to at least consider upgrading the database instance.

Answer 134

A

B. Here, the key details are infrequent data access and a geographically distributed customer base. This means that read replicas spread out across the country are the best bet (B). Caching won’t help, so A and D are out, and a storage gateway won’t help customers that aren’t accessing the data on-site.

Answer 135

A

D. This is a tough question, as several answers are valid. However, the key consideration here is that a single image is accessed several thousand times a day. Rather than adding instance power or read replicas (A and B), caching the images is the best approach, as it reduces overall database reads. In general, pulling an image from a cache (D) is far faster than performing a database read.

Answer 136

A

A, C. Route 53 offers a number of different routing policies: simple, failover, geolocation, geoproximity, latency-based, multivalue answer, and weighted.

Answer 137

A

A, B. Route 53 offers a number of different routing policies: simple, failover, geolocation, geoproximity, latency-based, multivalue answer, and weighted.

Answer 138

A

B, C. Route 53 offers a number of different routing policies: simple, failover, geolocation, geoproximity, latency-based, multivalue answer, and weighted.

Answer 139

A

C. Simple routing is ideal for sending all traffic to a single resource.

Answer 140

A

B. Failover routing is used to send traffic to a single resource but then to failover routing to a secondary resource if the first is unhealthy.

Answer 141

A

C. Geolocation routing uses the location of a user’s DNS query to determine which route to use.

Answer 142

A

B. Latency-based routing uses the latency of regions to determine where routing should direct users.

Answer 143

A

C. Multivalue answer routing can direct requests to multiple resources and also performs health checks on those resources.

Answer 144

A

D. Weighted routing uses predefined weights to determine how traffic is routed across multiple resources.

Answer 145

A

A. When there is a single resource to which traffic should be directed, simple routing is the best option.

Answer 146

A

A, C. The two options here that are valid are geolocation and geoproximity routing, both of which consider the location of the user before routing that user to a resource. Geographical routing is not a valid routing policy for Route 53.

Answer 147

A

D. Weights are simply integers that can be summed to determine an overall weight and the fractional weights of each resource to which traffic is directed.

Answer 148

A

C. A weight of 0 removes the resource from service in a weighted routing policy.

Answer 149

A

A. In a weighted routing policy, the numerical weights are added up, and each resource’s weight is divided by the sum of all the weights. In this case, the total weight is 400, so A is 25% of that (100/400), B is 25% (100/400), and C is 50% (200/400).

Answer 150

A

A, C. A simple routing policy allows single and multiple resources for both the primary and secondary resources, so A and C are true. Weighted policies do honor health checks (so B is false), and D is inaccurate as weight numbers do not affect health checks.

Answer 151

A

A, B. The issues here are geographical proximity from EU users and load on the database, which has high CPU utilization. Therefore, those problems must be addressed. ElastiCache (A) should reduce load on the RDS instance, and CloudFront (B) caches responses in a way that should serve EU users more quickly.

Answer 152

A

B, D. This is another memorization question. Valid instance types begin with T, M, C, R, X, Z, D, H, I, F, G, and P. Frankly, it’s hard to memorize these; the questions like this aren’t frequent, but they can sometimes appear. In this case, E and Q are not valid instance type prefixes.

Answer 153

A

B. IAM offers permissions for AWS resources as well as access rights for users of the AWS platform.

Answer 154

A

A, C. IAM controls permissions for resource-to-resource interaction as well as user access to the AWS console. It does not provide an authentication interface or single sign-on.

Answer 155

A

B. IAM stands for Identity and Access Management.

Answer 156

A

A, C. IAM only applies to permissions for users, roles, and groups and does not affect billing or cost or specific application feature accessibility.

Answer 157

A

B, C. IAM does handle user permissions for accessing AWS (A) and EC2-to-S3 access (D), so these are both true and therefore incorrect. It does not handle hosted application permissions (B) or relate to SNS, making B and C the correct answers.

Answer 158

A

B. IAM is not the managed service for handling MFA Delete setup on S3 buckets.

Answer 159

A

B. Anytime a single account in AWS is shared, you likely have a security risk.

Answer 160

A

C. The only requirement here is creating a sign-in link that is not the same as the root sign-in link. Turning on MFA for the root or all accounts is not required, and while it is common to create an IAM group at this stage, it is not required for access.

Answer 161

A

A, B. Users, groups, roles, permissions, and similar constructs are part of IAM. Organizations and organizational units are part of AWS Organizations, a different facility.

Answer 162

A

A, D. Users, groups, roles, permissions, and similar constructs are part of IAM.

Answer 163

A

A, C. In this case, you’d need to create a role that allows an EC2 instance to communicate with another AWS service, in this case S3. While a default role would probably cover this use case, you might also write a custom policy if you had particular needs for something other than the default role’s allowances.

Answer 164

A

A, D. You can provide console access and programmatic access via IAM. Programmatic access incudes API and CLI access.

Answer 165

A

A, C. There are four types of policies in IAM: identity-based, resource-based, organization SCPs, and access control lists (ACLs).

Answer 166

A

B. IAM policies are written in JSON.

Answer 167

A

A, C. IAM policies can be attached to users, groups, and roles in the case of identity-based policies, and AWS services and components via resource-based policies.

Answer 168

A

B. MFA stands for Multi-Factor Authentication and can be enabled on a user account by IAM.

Answer 169

A

A, C. IAM aids in scalability primarily by consolidating and centralizing management of permissions, both to AWS users (A) and from instances to services (C).

Answer 170

A

C, D. IAM provides permissions, groups, users, and roles, and AWS Organizations provides logical groupings and account management. Both operate across all AWS resources.

Answer 171

A

C. Power user access is a predefined policy that allows access to all AWS services with the exception of group or user management within IAM.

Answer 172

A

D. Root users can perform all actions related to IAM.

Answer 173

A

A. Power users can work with managed services, but they cannot create (or otherwise manage) IAM users.

Answer 174

A

B. Although it might sound odd, AWS strongly recommends you delete your root user access keys and create IAM users for everyday use.

Answer 175

A

A, C. As a starting point, always consider that the root account is typically required for account-level operations, such as closing an account (A). It’s also needed for very privileged access; in this case, that’s creating a CloudFront key pair, which essentially provides signed access to applications and is a very trusted action. IAM does allow you to distribute user and policy management (B and D).

Answer 176

A

A, B. Affecting another account is generally something that requires root account level access. In this case, that’s D, as well as restoration of user permissions (C). Both A and B are available to non-root users.

Answer 177

A

D. It is impossible to remove access for the AWS account’s root user.

Answer 178

A

C. This is a bit of a “gimme” question but sometimes comes up. AWS firmly believes that root account access should be highly limited, but also not confined to a single user. C, having a very small group of engineers (ideally AWS certified) is the best approach to reducing root account level access as much as possible.

Answer 179

A

D. AWS defines and keeps updated a number of IAM policies for users, including Administrator, Billing, and Power User.

Answer 180

A

A, C. You will always need to provide non-root sign-in URLs for new users, so A is essential. The remaining answers are concerned with permissions, and of the choices (B, by the way, isn’t an actual option), the Developer Power User policy is a much better fit than the View-Only User policy.

Answer 181

A

D. Unless your manager is both highly technical and working on actual development issues, D is the best option: It provides View-Only access to AWS without adding unneeded privileges for the manager.

Answer 182

A

D. The Data Scientist policy is designed for just this purpose: running queries used for data analytics and business intelligence

Answer 183

A

A. This is a System Administrator role. While Power User would give permissions to the same services, it is likely too permissive. Remember, the key with these questions is to find the role that allows the specified operations without going beyond those any more than is necessary.

Answer 184

A

B, C. It is impossible to remove a root user’s access to EC2 instances (B). Further, IAM is concerned with the raw AWS resources, not access to running web applications (C).

Answer 185

A

D. IAM changes apply immediately to all users across the system; there is no lag, and no need to log out and back in (D).

Answer 186

A

A. New users have no access to AWS services. They are “bare” or “empty” or “naked” users, in that it is merely a login to the AWS console (if a URL is provided). They cannot make any changes to AWS services or even view services.

Answer 187

A

C, D. New users have no access to AWS services. They will need a URL to use for logging in (C) and permissions via a valid AWS group such as Administrators or power users. Options A and B refer to groups that are not predefined by AWS.

Answer 188

A

A, B. To access the console, users need a sign-in URL (A) and a username and password. This is not the access key ID and secret access key referenced in B. Therefore, A and B would effectively block a user from accessing the console. There is no Log In To Console box for users.

Answer 189

A

C. AWS usernames have to be unique across the AWS account in which that user exists.

Answer 190

A

B, D. Programmatic access requires an access key ID and a secret access key pair. Usernames and passwords are used for console access.

Answer 191

A

A, C. Console access requires a username and password. Access keys and pairs are used for programmatic access, not console access.

Answer 192

A

B. IAM policy documents are written in JSON.

Answer 193

A

A. Of these, SSO is single sign-on, IAM is more generally applied here, and JSON is the language used for policy documents. But SAML, the Security Assertion Markup Language, is used directly to implement single sign-on.

Answer 194

A

C. If you have an external Active Directory, you’d want to federate those users into AWS. This allows you to use the existing user base, not re-create each individual user.

Answer 195

A

D. A policy document is a collection of permissions in IAM.

Answer 196

A

D. IAM users are global to an AWS account and are not region-specific.

Answer 197

A

C. Like IAM users, policy documents are global. There are no changes or steps you need to take to make these work globally.

Answer 198

A

A, B. Auto Scaling is most focused on capacity management (B), ensuring that your applications can perform by keeping the capacity sufficient. Further, it performs a minimal amount of monitoring to effect this (A). It does not limit cost, although it does help in cost reduction, and it has nothing to do with permissions management.

Answer 199

A

A, C. Auto Scaling helps you to quickly set up scaling (C) and to then keep costs to a minimum (A). It does not affect network performance, and while there is a reduction of overhead, this is not related to maintaining individual VPCs (D).

Answer 200

A

A, C. Auto Scaling can be applied to both Aurora (and specifically read replicas) and DynamoDB.

Answer 201

A

A, D. EC2 instances as well as ECS containers can both be scaled up and down by Auto Scaling.

Answer 202

A

C. A collection of components, such as EC2 instances that will grow and shrink to handle load, is an Auto Scaling group.

Answer 203

A

B, D. When creating an Auto Scaling group, you can specify the minimum and maximum size as well as a desired capacity and scaling policy. You cannot specify how many instances to add at once, nor the desired cost.

Answer 204

A

A, B. When creating an Auto Scaling group, you can specify the minimum and maximum size as well as a desired capacity and scaling policy. While you can specify triggers that are used to grow or shrink the group, you can not specify a memory allocation or a minimum processing threshold (neither is an actual AWS term).

Answer 205

A

B, C. A launch configuration contains an AMI ID, key pair, instance type, security groups, and possibly a block device mapping.

Answer 206

A

B, C. A launch configuration contains an AMI ID, key pair, instance type, security groups, and possibly a block device mapping. Cluster size is not part of a launch configuration, although a maximum number of instances can be added to an Auto Scaling group. Maximum memory utilization also is not part of a launch configuration but can be a trigger for scaling.

Answer 207

A

A, C. There are a number of valid scaling policies for Auto Scaling: Maintain current instance levels, manual scaling, schedule-based scaling, and demand-based scaling.

Answer 208

A

A, D. There are a number of valid scaling policies for Auto Scaling: Maintain current instance levels, manual scaling, schedule-based scaling, and demand-based scaling. Resource-based scaling and instance-based scaling are not actual scaling policy options.

Answer 209

A

D. You can choose to maintain current instance levels at all times. This is essentially ensuring that no instances are added unless an instance fails its health checks and needs to be restarted or replaced.

Answer 210

A

A. Demand-based scaling allows you to specify parameters to control scaling. One of those parameters can be CPU utilization, so this is the policy you’d use for this use case.

Answer 211

A

B. This one should be pretty easy. Schedule-based scaling allows you to specify a particular time period during which resources should scale up or down.

Answer 212

A

C. Manual scaling allows you to specify a minimum and maximum number of instances as well as a desired capacity. The Auto Scaling policy then handles maintaining that capacity.

Answer 213

A

A. Manual scaling allows you to specify a minimum and maximum number of instances as well as a desired capacity. You would specify a time to scale up for a schedule-based policy and maximum CPU utilization as well as scaling conditions for a demand-based policy.

Answer 214

A

A, C. The most common approach is to use CloudWatch triggers—such as memory or CPU utilization—to notify AWS to scale a group up or down. However, you can also manually scale up or down with the AWS console.

Answer 215

A

C. While you can remove the instance altogether (B), you’d eventually want to put it back in the group, meaning you’re incurring extra work. The best approach is to put the instance into Standby mode. This allows the group to scale up if needed, and then you can troubleshoot the instance and then put it back into the InService state when complete.

Answer 216

A

C, D. InService and Standby are valid states for an instance, while Deleted and ReadyForService are not.

Answer 217

A

B. You have to create a launch configuration first, then an Auto Scaling group, and then you can verify your configuration and group.

Answer 218

A

B. A launch configuration needs a single AMI ID to use for all instances it launches.

Answer 219

A

D. Security groups work for launch configurations just as they do with instances: You may use as many as you like.

Answer 220

A

D. All of these are valid options for creating an Auto Scaling group.

Answer 221

A

B, C. All of these are acceptable options, but the best options are to use the existing EC2 instance as a basis for a new Auto Scaling group and to set up demand-based scaling. Anytime you have an existing instance that is working, you can simply start from there, rather than using a launch configuration and duplicating the setup. Demand-based scaling will respond to changing conditions better than having to manually scale up and down or to set a desired capacity (which is unknown based on the question).

Answer 222

A

A, B. This is a case of having a recurring performance issue, which points to using schedule-based scaling. Further, you know that access is centered around the US East regions. C might help the issue, but without knowing more about the application, it’s not possible to tell if caching content would significantly improve performance.

Answer 223

A

C. Here, the determining factor is the requirement of instant access. S3 One Zone-IA will give you that access, at a lower cost than S3 standard and S3-IA. According to AWS, all three classes have the same first byte latency (milliseconds).

Answer 224

A

D. Glacier takes 3–5 hours to deliver the first byte.

Answer 225

A

D. This is easy to miss, and often is. All three of these S3 storage classes share the same first-byte latency: milliseconds.

Answer 226

A

D. Spot instances offer you significant costs savings as long as you have flexibility and application processes can be stopped and started.

Brainscape's Knowledge GenomeTM

Performant Architectures Flashcards

Brainscape's Knowledge Genome^TM