Practice 6

Question 1

The recommended storage engine for MySQL is

Answer 1

InnoDB and notMyISAM

Question 2

InnoDB instances can be migrated to Aurora, while MyISAM instances can’t be migrated - T or F

Answer 2

true

Question 3

Example of ALB path based routing:

Answer 3

URL of /api/android

URL of /api/android

Question 4

What is host based routing:

Answer 4

host-based routing defines rules that forward requests to different target groups based on the host name in the host header instead of the URL

Question 5

Example of ALB host based routing:

Answer 5

allows you to send a request for api.example.com and for web.example.com to the same endpoint with the certainty it will be delivered to the correct back-end application

Question 6

Storage optimized instances are designed for

Answer 6

workloads that require high, sequential read and write access to very large data sets on local storage

Question 7

Memory optimized instances are designed to

Answer 7

deliver fast performance for workloads that process large data sets in memory

Question 8

Compute optimized instances are ideal for

Answer 8

compute-bound applications that benefit from high-performance processors, such as batch processing workloads and media transcoding.

Question 9

General purpose instances are the

Answer 9

most basic type of instances. They provide a balance of compute, memory, and networking resources, and can be used for a variety of workloads

Question 10

To prevent your Lambda function from running indefinitely, you specify atimeout - t or F

Answer 10

true (default is 3 sec; max 900 sec/15 mins)

Question 11

if AWS Lambda total concurrent executions limit is exceeded, the function will be ?

Answer 11

throttled but not terminated

Question 12

Recursive code in your Lambda function directly result to an abrupt termination of the function execution - T or F

Answer 12

FALSE;

recursive code in your Lambda function does not directly result to an abrupt termination of the function execution

Question 13

if a user assumes a role, temporary security credentials are created dynamically and provided to the user - T or F

Answer 13

true

Question 14

The ping utility uses the ? protocol

Answer 14

ICMP protocol, so this needs to be set in the Inbound Rules of your security group to ensure that the ping packets can be routed to the EC2 instances

Question 15

An Elastic IP address doesn’t incur charges as long as the following conditions are true:

Answer 15

1. The Elastic IP address is associated with an Amazon EC2 instance.
2. The instance associated with the Elastic IP address is running.
3. The instance has only one Elastic IP address attached to it.

Question 16

IAM database authentication works with which databases:

Answer 16

MySQL and PostgreSQL

Question 17

IAM database authentication provides the following benefits:

Answer 17

1. Network traffic to and from the database is encrypted using Secure Sockets Layer (SSL).
2. You can use IAM to centrally manage access to your database resources, instead of managing access individually on each DBinstance.
3. For applications running on Amazon EC2, you can use profile credentials specific to your EC2 instance to access your database instead of a password, for greater security

Question 18

Database Backtrack feature

Answer 18

simply “rewinds” the DB cluster to the time you specify.

Question 19

–ssl-caparameter

Answer 19

can provide SSL connection to your database

Question 20

Multicast?

Answer 20

network capability that allows one-to-many distribution of data. With multicasting, one or more sources can transmit network packets to subscribers that typically reside within a multicast group

Question 21

Amazon VPC support multicast or broadcast networking - True or False

Answer 21

false; Amazon VPC does not support multicast or broadcast networking

Question 22

overlay multicast is a method of

Answer 22

building IP level multicast across a network fabric supporting unicast IP routing, such as Amazon Virtual Private Cloud (Amazon VPC).

Question 23

TheCache-Control max-agedirective

Answer 23

lets you specify how long (in seconds) you want an object to remain in the cache before CloudFront gets the object again from the origin server

Question 24

The?? control how long objects stay in the cache

Answer 24

Cache-ControlandExpiresheaders

Question 25

Cache-Control minimum expiration time

Answer 25

0 seconds for web

3600 seconds for RMTP/1 hr

Question 26

Public Datasets will not cost anything - T or F

Answer 26

true

Question 27

Elastic Beanstalk vs ECS in terms of Docker container deployment

Answer 27

Both can do the same thing except that Beanstalk AUTOMATICALLY handles the details of capacity provisioning, load balancing, scaling, and application health monitoring while ECS will have to be manually configured to do all these.

Question 28

Port for Remote Desktop connection

Answer 28

TCP port 3389 and UDP port 3389

Question 29

AWS recommends that you primarily use file versioning for the following reasons:

Answer 29

• Versioning enables you to control which file a request returns even when the user has a version cached either locally or behind a corporate caching proxy. If you invalidate the file, the user might continue to see the old version until it expires from those caches.
• CloudFront access logs include the names of your files, so versioning makes it easier to analyze the results of file changes.
• Versioning provides a way to serve different versions of files to different users.
• Versioning simplifies rolling forward and back between file revisions.
• Versioning is less expensive. You still have to pay for CloudFront to transfer new versions of your files to edge locations, but you don’t have to pay for invalidating files.

Question 30

CodeDeploy is a

Answer 30

deployment service that automates application deployments to Amazon EC2 instances, on-premises instances, or serverless Lambda functions.

Question 31

In Elastic Beanstalk, where does it store the application files and server log files?

Answer 31

Application files are stored in S3. The server log files can be stored in :

1. EBS and
2. optionally stored in S3 or in CloudWatch Logs

Question 32

cross-account access

Answer 32

You can use an IAM role to delegate access to resources that are in different AWS accounts that you own. You share resources in one account with users in a different account. By setting up cross-account access in this way, you don’t need to create individual IAM users in each account

Question 33

Database Hash Joins are mainly used

Answer 33

if you need to join a large amount of data by using an equijoin and not for improving availability.

Question 34

Databsase Asynchronous Key Prefetch is mainly used

Answer 34

to improve the performance of queries that join tables across indexes

Question 35

Blue/Green Deployment

Answer 35

Blue is the current prod; Green is the new environment where the changes are being deployed

Question 36

For decoupling services, you should use IAM user or role?

Answer 36

IAM role not an IAMuser credential

Question 37

How to fix ‘insufficient capacity error’ while adding new instances to a new placement group?

Answer 37

Stop and restart the instances in the Placement Group and then try the launch again.

Question 38

Why do we get ‘insufficient capacity error’ when launching new instances to a new placement group?

Answer 38

If you try to add more instances to the placement group later, or if you try to launch more than one instance type in the placement group, you increase your chances of getting an insufficient capacity error

Question 39

Do we have a limit in the number of instances in a Placement Group?

Answer 39

No

Question 40

Enhanced networking advantages:

Answer 40

1. provides higher bandwidth,
2. higher packet per second (PPS) performance, and
3. consistently lower inter-instance latencies.

Question 41

There is an additional charge for using enhanced networking. True or False

Answer 41

false; There is no additional charge for using enhanced networking.

Question 42

Can you create a volume out of an EBS snapshot?

Answer 42

Yes, you can create a snapshot of the EBS volume first then create a volume using the snapshot in the other Availability Zone if necessary

Question 43

URLs to provide for the IAM user to be able to access the AWS Console?

Answer 43

https://YOU.signin.aws.amazon.com/console

Question 44

By DEFAULT, records of a stream in Amazon Kinesis are accessible for up to

Answer 44

24 hours from the time they are added to the stream. You can raise this limit to up to 7 days by enabling extended data retention

Question 45

DNSSEC (Domain Name System Security Extensions)

Answer 45

Amazon Route 53’s DNS services does not support DNSSEC at this time

Question 46

Amazon Route 53 currently supports the following DNS record types:

Answer 46

• -A (address record)
• -AAAA (IPv6 address record)
• -CNAME (canonical name record)
• -CAA (certification authority authorization)
• -MX (mail exchange record)
• -NAPTR (name authority pointer record)
• -NS (name server record)
• -PTR (pointer record)
• -SOA (start of authority record)
• -SPF (sender policy framework)
• -SRV (service locator)
• -TXT (text record)

Question 47

In cloudformation, what section is required?

Answer 47

Resources

Question 48

For Microsoft SQL Server, how to implement security of your in-flight data between your web servers and RDS?

Answer 48

1. Force all connections to your DB instance to use SSL by setting therds.force_sslparameter to true. Once done, reboot your DB instance.
2. Download the Amazon RDS Root CA certificate. Import the certificate to your servers and configure your application to use SSL to encrypt the connection to RDS.

Question 49

RDS running on Microsoft SQL Server: transparent data encryption (TDE) is primarily used to

Answer 49

encrypt stored data on your DB instances running Microsoft SQL Server, and not the data that is in-transit.