Practice Questions Flashcards
You work in the security industry for a large consultancy. A new customer of yours runs a production environment in AWS and they require a log of all API calls made to their Elastic Load Balancer. How can you achieve this?
Enable Cloud Trail on the ELB
True or False: Amazon will always have root level SSH access in to your EC2 instances.
False
You have a static HTML website that requires inexpensive, highly available hosting solution that scales automatically to meet traffic demands. Which AWS service would best suit this requirement?
S3 Static Website Hosting
True or False: You should expect the same latency and throughput performance as Amazon S3 Standard when using Standard - IA.
True
You have a website that allows users in third world countries to store their important documents safely and securely online. Internet connectivity in these countries is unreliable, so you implement multipart uploads to improve the success rate of uploading files. This works well, however you notice that when an object is not uploaded successfully, incomplete parts of that object are still being stored in S3 and you are still being charged for those objects. What S3 service can you implement to expire incomplete multipart uploads?
S3 Lifecycle Policies
What is the durability of S3 - IA?
99.999999999% (Eleven 9’s).
What is the minimum time interval granularity for the data that Amazon CloudWatch receives and aggregates?
1 Minute
True or False: S3 does not support website redirects.
False
You need to automatically migrate objects from one S3 storage class to another based on the age of the data. What S3 service can you use to achieve this?
Lifecycle Management
You work for an electric car company that has its front end website on EC2. Company policy dictates that you must retain a history of all EC2 API calls made on your account for security analysis and operational troubleshooting purposes. What AWS service can assist you with this?
CloudTrail
True or False: An Amazon Cluster Placement Group can be stretched across multiple availability zones?”
False - a placement group can only exist within 1 availability zone.
Your three AWS accounts (A, B and C) share data. In an attempt to maximize performance between the accounts, you place all the instances for these accounts in ‘eu-west-1b’. During testing, you find almost no transfer latency between accounts A and B, but significant latency between accounts B and C, and accounts C and A. Which of the following possibilities is the most likely source of the problem?
The names of the AZs are randomly applied, so ‘eu-west-1b’ is not the same location for all three accounts.
True or False: You can use S3 Transfer Acceleration with multipart uploads.
TRUE, You can use S3 Transfer Acceleration with multipart uploads.
You have built an online dating application that allows users to send and receive photos as they court each other. You need to secure this data and you need to implement server-side encryption to protect this data. You decide that you want server-side encryption provided by Amazon. You will also need to have an audit trail so you can see who used your key to access which object and when, as well as view failed attempts to access data from users without permission to decrypt the data. What out of the box Amazon solution would enable you to achieve this?
SSE-KMS - AWS KMS provides an audit trail so you can see who used your key to access which object and when, as well as view failed attempts to access data from users without permission to decrypt the data.
Which of the following is NOT a valid EC2 instance type? - D2, C4, M3, Z2
D2, C4, M3 are all valid EC2 instances. https://aws.amazon.com/ec2/instance-types/
You work for a large insurance company that has issued 10,000 insurance policies. These policies are stored as PDFs. You need these policies to be highly available and company policy says that the data must be able to survive the simultaneous loss of two facilities. What storage solution should you use?
Your best solution would be to use S3, which redundantly stores multiple copies of your data in multiple facilities and on multiple devices within each facility.
ou are a solutions architect working for a company that conducts surveys on specific industries. Each industry that you survey has its own EC2 fleet, separate from those of other industries. Company policy dictates that you should keep costs to a minimum, using only 1 load balancer, if possible. What type of load balancer should you use to suit this requirement?
You need an application-aware load balancer, so your best option would be to use an Application Load Balancer.
In the future, you will need to preserve, restore, and retrieve every version of every file that you have stored in AWS. Which service should you use?
ersioning allows you to preserve, retrieve, and restore every version of every object stored in an Amazon S3 bucket.
You need to restore an object from Glacier. What 2 ways can you accomplish this?
Because Amazon S3 maintains the mapping between your user-defined object name and Amazon Glacier’s system-defined identifier, Amazon S3 objects that are stored using the Amazon Glacier option are only accessible through the Amazon S3 APIs or the Amazon S3 Management Console.
What is the Uptime SLA for Amazon EC2 and EBS within a given region?
Amazon’s SLA guarantees a Monthly Uptime Percentage of at least 99.95% for Amazon EC2 and Amazon EBS within a Region.
What is the minimum object size for S3 - IA?
Standard - IA is designed for larger objects and has a minimum object size of 128KB. Objects smaller than 128KB in size will incur storage charges as if the object were 128KB.
You have designed an application that stores large videos in S3. These videos are usually larger than 100Mb in size. You need to maximize upload performance. Select two answers that will achieve this end.
Multipart Upload is recommended for files greater than 100 Mb, and is required for files 5 GB or larger. S3 Transfer Accelearation is especially useful in cases where your bucket resides in a Region other than the one in which the file transfer was originated.
You have an application that uses S3 to store objects. Company policy dictates that certain objects (such as JPGs and PDF’s) must be replicated to another region for redundancy. However, some objects (such as Word files) can stay in a single region. Company policy also dictates that you should use as few buckets as possible. How should you architect this solution?
You can use just one bucket and enable CRR on just a subset of uploaded objects (such as JPGs and PDF’s) by using specifying prefixes.
You back the files that exist on an in-house SAN to S3. You need to minimize cost, however company policy states that objects must be instantly accessible. What S3 storage class should you use?
The best solutions for instant access, but lowest cost would be S3 - Infrequently Accessed storage.
You need to implement a new web application which allows users to store family photos online in such a way that only invited guests will be able to view the images. Which type of S3 encryption should you choose to maintain full end-to-end control of the encryption/decryption of objects and assure that only encrypted objects are transmitted over the Internet to Amazon S3.
Using an encryption client library, such as the Amazon S3 Encryption Client, you retain control of the keys and complete the encryption and decryption of objects client-side using an encryption library of your choice. Some customers prefer full end-to-end control of the encryption and decryption of objects; that way, only encrypted objects are transmitted over the Internet to Amazon S3.
True or False: Classic ELB’s support IPv6 as well as IPv4.
Each Classic Load Balancer has an associated IPv4, IPv6, and dualstack (both IPv4 and IPv6) DNS name. However, IPv6 is not supported in VPC at this time.
Your company has a legacy SAN that has 75 TB’s of data. Your company has decided that they want to migrate this data to AWS S3 in the quickest way possible. You company has a single comms line with a maximum pipe line of 50Mbps Which service should you consider using?
Due to the size of the data and the small comms line, Snowball would be the fastest option available.
Which EC2 operating system is NOT supported by CloudWatch
None. All EC2 operating systems are supported by CloudWatch.
How can you securely upload or download your data to/from the S3 service?
SSL endpoints using the HTTPS protocol
(Correct)
ou can securely upload/download your data to/from Amazon S3 via SSL or HTTP endpoints using HTTPS.
Which types of server side encryption are available for S3? (Choose all that apply.)
You can choose to encrypt data using SSE-S3, SSE-C, SSE-KMS, or a client library such as the Amazon S3 Encryption Client. All four enable you to store sensitive data encrypted at rest in Amazon S3.
Your legal company is moving its production estate to AWS. They currently have a private cloud platform with VMDK files as their virtual machines. You need to move these files to AWS and create EC2 instances using the VMDK files. Which AWS service would help you achieve this goal?
VM Import/Export is designed to help you do exactly that.
You are running a Cassandra database that requires access to tens of thousands of low latency IOPS. What EC2 instance family would best suit your needs?
High I/O instances use SSD-based local instance storage to deliver very high, low latency, I/O capacity to applications, and are optimized for applications that require tens of thousands of IOPS.
You are creating an application that will leverage EC2 for its webservers. The application data will be stored on the root device volume attached to the EC2 instance. Data on this volume must persist independently of the life of this particular instance. What EC2 volume should you choose?
By using Amazon EBS, data on the root device will persist independently from the lifetime of the instance.
What is the availability of S3 - IA
S3 - IA is 99.9% available. Do not confuse availability with durability.
You run a security company which stores highly sensitive PDF’s on S3 with versioning enabled. To ensure MAXIMUM protection of your objects to protect against accidental deletion, what further security measure should you consider using?
If you enable Versioning with MFA Delete on your Amazon S3 bucket, two forms of authentication are required to permanently delete a version of an object: your AWS account credentials and a valid six-digit code and serial number from an authentication device in your physical possession.
You work for a security company that stores highly sensitive documents on S3. One of your customers has had a security breach and, as a precaution, they have asked you to remove a sensitive PDF from their S3 bucket. You log in to the AWS console using your account and attempt to delete the object. You notice that versioning is turned on, and when you dig a little deeper you discover that you cannot delete the object. What may be the cause of this?
Only the owner of an Amazon S3 bucket can permanently delete a version.
True or False: You can use your existing Microsoft Windows Server licenses with an Amazon EC2 shared tenancy instance.
FALSE. A Dedicated Host is required if you’d like to use your existing Windows Server licenses.
By default, how many Elastic IP addresses are you limited to per region?
5
(Correct)
By default, all accounts are limited to 5 Elastic IP addresses per region.
True or False: EBS Snapshots are versioned and you can read an older snapshot to do a point-in-time recovery?
The answer is TRUE. Each snapshot is given a unique identifier, and customers can create volumes based on any of their existing snapshots.
You have an extremely high performance compute application that you need to deploy to AWS. You will need extremely low-latency network performance to allow node-to-node communication between your EC2 instances. You will also need a minimum network speed of 10 Gbps in order for your application to work. How should you deploy your instances?
Amazon EC2 cluster placement group functionality allows users to group Cluster Compute Instances in clusters – allowing applications to get the low-latency network performance necessary for tightly-coupled node-to-node communication typical of many HPC applications.
By default, how many S3 buckets can you have with a new AWS account?
25
By default, customers can provision up to 100 buckets per AWS account. However, you can increase your Amazon S3 bucket limit by visiting AWS Service Limits.
Which of the following operating systems is NOT supported by EC2
OSX is not supported on EC2
You have developed a file-sharing website for a large corporate entity. They require that the site has regional redundancy. Which S3 service should you use to achieve this?
S3 with Cross-Region Replication (CRR) automatically replicates data across AWS regions. With CRR, every object uploaded to an S3 bucket is automatically replicated to a destination bucket in a different AWS region that you choose.
You have been load testing a customers new production environment. You create the environment using CloudFormation and you utilize CloudWatch to monitor the environment. After extensive load testing, you are ready to hand the cloudformation template over to your customer. You delete the environment and give your customer the CloudFormation template. However, they now want to see the results of the load test. How long does CloudWatch store the metrics for EC2 & ELB after deleting those resources?
Amazon CloudWatch stores metrics for terminated Amazon EC2 instances or deleted Elastic Load Balancers for 2 weeks.
Which of the following statements is TRUE.
You are able to attach multiple EBS volumes to an EC2 instance.
Correct
You are able to attach multiple EBS volumes to an EC2 instance is True.
What are the two different types of virtualization available on AWS?
The two different types of virtualzation available are Hardware Virtual Machine (HVM) & Paravirtual Machine (PVM)
You’ve been tasked with implementing a globally accessible storage solution that will scale from a few terabytes (now) to an unknown, but significantly greater, volume of data in three years time. Which AWS service would best meet your current and projected storage needs?
Amazon S3 is highly scalable, secure storage for “flat” files. S3 will scale to any projected volume of data. In this case, it’s your best bet.
Your large scientific organization needs to use a fleet of EC2 instances to perform high performance, CPU intensive calculations. Your boss asks you to choose an instance type that would best suit the needs of your organization. Which of the following instance types should you recommend?
C instanes are recommended for high performance front-end fleets, web-servers, batch processing, distributed analytics, high performance science and engineering applications, ad serving, MMO gaming, and video-encoding. The best answer would be to use a C4 instance.
You have an application that stores data in S3, and you need to design an integrated solution providing encryption at rest. You want Amazon to handle key management and protection using multiple layers of security. Which S3 encryption option should you use?
SSE-S3 uses managed keys and one of the strongest block ciphers available, AES-256, to secure your data at rest.
You have an application that allows people in very remote locations to store their files safely and securely. You need to leverage Amazon CloudFront’s globally distributed AWS Edge Locations so that as data arrives at an AWS Edge Location the data is routed to your Amazon S3 bucket over an optimized network path. Which service should you use?
Amazon S3 Transfer Acceleration enables fast, easy, and secure transfers of files over long distances between your client and your Amazon S3 bucket. Transfer Acceleration leverages Amazon CloudFront’s globally distributed AWS Edge Locations.
Which protocols is supported with an Elastic Load Balancer
Amazon’s ELB supports the following protocols - “HTTP, HTTPS, TCP, SSL”
CRR replicates every object-level upload that you make directly to your source bucket. Which of the following also forms a part of that replication?
CRR replicates every object-level upload that you directly make to your source bucket. The metadata and ACLs associated with the object are also part of the replication.
Can you use IPv6 with Amazon S3?
Using IPv6 support for Amazon S3, applications can connect to Amazon S3 without needing any IPv6 to IPv4 translation software or systems.
You work for a genetics company that has extremely large datasets stored in S3. You need to minimize storage costs, while maintaining mandated restore times that depend on the age of the data. Data 30-59 days old must be available immediately, and data ≥ 60 days old must be available within 12 hours. Which two of the following options below should you consider?
You should use S3 - IA for the data that needs to be accessed immediately, and you should use Glacier for the data that must be recovered within 12 hours. S3 - RRS would not be suitable solution for irreplacable data, and CloudFront is a CDN service, not a storage solution.
How quickly can objects be restored from Glacier?
You can expect most restore jobs initiated via the Amazon S3 APIs or Management Console to complete in 3-5 hours.
What is the minimum object size for S3 Standard?
The minimum object size is 0 Bytes. Most often, this will be a “touched” file.
Your application stores your customers’ sensitive passport information in S3. You are required by law to encrypt all data at rest. Company policy states that you must maintain control of your encryption keys. For ease of management however, you do not want to implement or maintain a client side encryption library. Which S3 encryption option should you use to secure your data at rest?
Use SSE-C if you want to maintain your own encryption keys, but don’t want to implement or leverage a client-side encryption library.
Which of the following are compute services with AWS?
EC2, ECS, Lambda, Glacier
EC2, ECS and Lambda are all AWS compute services.
You are a system administrator and you need to take a consistent snapshot of your EC2 instance. Your application holds large amounts of data in cache that is not written to disk automatically. What would be the best approach to taking an application consistent snapshot?
As you need an application consistent snapshot, your best option would be to shutdown the EC2 instance and detach the EBS volume, then take the snapshot.
Your application requires highly-available object storage, and must comply with EU privacy laws. As such, no data may be stored outside the EU. Which two of the following options should you consider?
A single EC2 instance with an EBS volume provisioned in Eu-West-1. Put this EC2 instance behind an Autoscaling Group with a minimum target of 1.
Use an S3 bucket in EU-West-1
Multiple EC2 instances with an EBS volume provisioned in US-EAST-1. These EC2 instances will use Autoscaling Group with a minimum target of 3, 1 per availability zone.
Use an S3 bucket in EU-Central-1
You should use an object based storage solution (such as S3) in European regions.
You are attempting to move data from one EBS volume to a duplicate volume in a separate region. Which of the following methods will do this best?
Take a snapshot of the EBS volume and copy it to the desired region.
Allow a VPC peering connection to pull the data over.
Move the data to S3 and enable cross-region replication.
Use a Linux tool like rsync to sync the volume to the other region.
After you’ve created a snapshot and it has finished copying to Amazon S3, you can copy it from one AWS region to another, or within the same region.
You have suggested moving your company’s web servers to AWS, but your supervisor is concerned about cost. Which of the following deployments will give you the most scalable and cost-effective solution?
An EC2 auto-scaling group that will expand and contract with demand
A solution that’s built to run 24/7 at 100% capacity, using a fixed number of T2 Micro instances
A hybrid solution that leverages on-premise resources
None of the above
An Auto-Scaling group of EC2 instances will exactly match the demand placed on your servers, allowing you to pay only for the compute capacity you actually need.
You have an IO intensive database in your production environment that requires regular backups. You need to configure them in such a way so that when an automated backup is taken, it does not impact your production environment. What RDS option should you choose to help you accomplish this?
With Multi-AZ RDS instances and automated backups, I/O activity is no longer suspended on your primary during your preferred backup window, since backups are taken from the standby.
Your company needs to run several monthly workloads that will each take several hours to complete. Although critical, these workloads can be stopped and restarted without adversely affecting the outcome of the job. Which pricing model would you use to deliver the most economical solution?
Spot instances are a cost-effective choice if you can be flexible about when your applications run and if your applications can be interrupted.
Your fleet of EC2 instances is running 100% of the time, and there is no reason to believe that the demand will decrease. What pricing model could you use to reduce costs?
Reserved Instances provide you with a significant discount (up to 75%) compared to On-Demand instance pricing. You have the flexibility to change families, OS types, and tenancies while benefiting from Reserved Instance pricing when you use Convertible Reserved Instances.
Your existing on-premise servers rely on Memcached to provide memory object caching. If you were to move to AWS, how might you preserve this functionality?
Install Memcached on EC2
ElastiCache is a web service that makes it easy to set up, manage, and scale a distributed in-memory cache environment in the cloud. It provides a high-performance, scalable, and cost-effective caching solution, while removing the complexity associated with deploying and managing a distributed cache environment.
True or False: there is a cost associated with transferring from Amazon S3 to an EC2 instance in the same Region.
There is no cost assicated with moving data from S3 to EC2 if both are in the same Region.
You have heavy load on your RDS database which is now the maximum available size possible. Which two AWS technologies should you use to further ease the load?
You could use RDS Read Replica or ElastiCache to further offset load.
You have a small database workloads with infrequent I/O. Which storage medium would the most cost-effective way to meet these requirements?
Amazon RDS Magnetic Storage would be the most suitable.
You have a very heavily-trafficked Wordpress blog that has approximately 95% read traffic and 5% write traffic. You notice that the blog is getting slower and slower. You discover that the bottleneck is in your RDS instance. Which two of the following answers can improve your Wordpress blog’s performance?
Create a number of read replicas and update the connection string on your EC2 instances so that traffic is evenly shared amongst these new RDS instances.
Use Elasticache to cache the most commonly read posts of your Wordpress blog.
Create a secondary Multi-AZ database and run the queries off the secondary Multi-AZ database.
Export the database to DynamoDB which has push button scaleability.
You should use a combination of Read Replica’s and Elasticache to help offload the traffic.
True or False: You should store your Access Keys in an AMI.
Access keys should never be stored on an AMI
You need to upgrade your RDS database to a larger instance class and you must minimize the amount of disruption to your business as much as possible. What should you do.
When upgrading an RDS instance class your database will be temporarily unavailable while the DB Instance class is modified. This period of unavailability typically lasts only a few minutes, and will occur during the maintenance window for your DB Instance, unless you specify that the modification should be applied immediately.
Which of the following AWS services store data as key-value pairs?
DynamoDB
EC2
RDS
S3
Both DynamoDB and S3 use key-value pairs.
You are running a production database using MySQL on RDS. From time to time, management asks you to run highly complex SQL queries with multiple table joins against the database. These queries often overwhelm your database, and the production environment is beginning to be affected. Which of the following would you recommend as a means of reducing the load on the database?
Migrate the database to DynamoDB which will scale automatically in order to deal with the load.
Use Route53 health checks to determine the current load on the database and if there is a minimum load , configure the health check to run the SQL queries.
Create a secondary Multi-AZ database and run the queries off the secondary Multi-AZ database.
Create a read replica of the database and run your reports against the read replica, rather than the production database.
You cannot run queries off a multi-AZ secondary copy database. You should use a read replica instead.
Which of the following services allows you to have root level access to the underlying operating system
You can use SSH to access the underlying operating systems of EMR and EC2.
You’ve been tasked with the implementation of an offsite backup/DR solution. You’ll only be responsible only for flat files and server backup. Which of the following would you include in your proposed solution (select all that apply.)?
EC2
Storage Gateway
Snowball
S3
EC2 is a compute service not applicable to this scenario. All others could be part of a comprehensive backup/DR solution.
You’ve enabled website hosting on a bucket called “aspiring-guru” in the us-west-2 Region. Which of the following is the URL that will be assigned to your website?
aspiring-guru.s3-website-us-west-2.amazonaws.com
s3-website-us-west-2.aspiring-guru.amazonaws.com
s3-website.aspiring-guru-us-west-2.amazonaws.com
None of the above
Your bucket name always comes first, “s3-website” followed by the Region always comes next.
You are auditing your RDS estate and you discover an RDS production database that is not encrypted at rest. This violates company policy and you need to rectify this immediately. What should you do to encrypt the database as quickly and as easy as possible.
Use the RDS Import/Export Wizard to migrate the unencrypted RDS instance across to a new encrypted database.
Take a snapshot of your unencrypted DB Instance and then restore it making sure you select to encrypt the new copy.
Use AWS Database Migration Service
Create a new DB Instance with encryption enabled and then manually migrate your data into it.
At the present time, encrypting an existing DB Instance is not supported. To use Amazon RDS encryption for an existing database, create a new DB Instance with encryption enabled and migrate your data into it.
You need to develop an infrastructure that can be replicated and deployed in another AWS Region in a matter of minutes. Which AWS service might you use to build a reproducible, version-controlled infrastructure?
CloudFormation AWS CloudFormation gives developers and systems administrators an easy way to create and manage a collection of related AWS resources, provisioning and updating them in an orderly and predictable fashion.
Your on-premise servers are running low on disk storage space, but your company is not yet ready for a complete move to the public cloud. You’ve been tasked with finding an interim storage solution that also offers backup and archiving capabilities. Which AWS service would you recommend to meet this immediate need?
Snowball
Storage Gateway with Gateway-Cached Volumes
DirectConnect
Storage Gateway with Gateway-Stored Volumes
Storage Gateway with Gateway-Cached Volumes would store your most frequently-accessed data on-premise, and would write your other data to S3.
Your AWS environment contains several reserved EC2 instances dedicated to a project that has just been cancelled. You need to recoup the cost of these reserved instances, and you need to preserve the data for future use. What can you do to minimize charges for these instances?
Take snapshots of the EBS volumes and terminate the instances.
Contact AWS and ask them to release you from your Reserved Instance purchase
Stop the instances and retain them for future use.
Sell the unused instances on the AWS Reserved Instance Marketplace.
You should retain the data by taking snapshots of the EBS volumes backing your instances and sell the instances on the Reserved Instance Marketplace.
You must to encrypt all incoming and outgoing traffic between your servers and your customers. Your fleet of EC2 instances lives inside a public subnet and behind an elastic load balancer. Your application is very CPU intensive, and you want to minimize the processing load these EC2 instances must bear. What should you do?
Install the SSL certificates on each EC2 instance and allow them to do the encryption/decryption with your customers.
Install the SSL certificates on your ELB’s so that there is less load on the EC2 instances.
Use API Gateway to offload the SSL certificate, reducing the amount of load on both your ELB and EC2 instances.
Configure a NAT and install the EC2 instance on that NAT so that you offload SSL termination to a third party EC2 instance and not your production environment.
The best answer would be to offload your SSL decryption to an Elastic Load Balancer.
The company you work for is considering a move to AWS, but they are concerned that their current, 50Mbps connection will not be able to handle the 100 TB of data that need to be migrated without causing unacceptable downtime. As their solutions architect, which AWS service would you recommend to move this data?
Given the amount of data to be moved and the speed of the connection, Snowball would be the fastest and most economical solution.
One of your junior developers needs access to an Elastic Load Balancer in your custom VPC. This is the first and only time he will need access to AWS services. Which of the following choices is the most secure way to grant this access?
Create a new IAM user with the required credentials.
Let them log in with Admin credentials and change the Admin password when he is finished.
Add that developer to a Group with the requisite access.
None of the above
It’s always best practice to grant users access via IAM roles and groups.
Which of the following are true about Amazon S3-RRS?
S3-RRS offers 99.99% availability.
S3-RRS offers 99.999999999 durability
S3-RRS offers 99.99% durability.
S3-RRS is most often used with reproducible objects.
Reduced Redundancy Storage (RRS) enables customers to reduce their costs by storing non-critical, reproducible data at lower levels of redundancy than Amazon S3’s standard storage.
The customer service organization at your company just told you that a client’s purchase from your website was processed twice. Your order process involves EC2 instances processing messages from an SQS queue. What changes might you make to ensure this does not happen again?
Rewrite the order-processing workflow to use SWF, rather than SQS.
Increase the visibility timeout on the SQS queue
Switch to long-polling
Manually delete the order after processing.
An SWF work flow ensure that actions are executed only once.
True or False: By default, Amazon RDS enables automated backups of your DB instance with a 1-day retention period.
By default and at no additional charge, Amazon RDS enables automated backups of your DB Instance with a 1 day retention period.
True or False: It is best practice to use Access Keys whenever possible, rather than IAM Roles.
It is always better to assign roles. Following the “least privilege” model, IAM Roles grant each user a unique set of security credentials.
True or False: Availability Zones in a given Region are connected by low-latency links, facilitating the development of fault-tolerant, high-availability applications.
Availability Zones offer you the ability to operate production applications and databases which are more highly available, fault tolerant and scalable than would be possible from a single data center.
You have a custom VPC for your organization. You discover that one of your developers has created an RDS instance in the default VPC and this is in violation of company policy. You need to create this RDS instance inside your custom VPC with as little effort as possible. What should you do?
Use the RDS Import/Export Wizard to Migrate the RDS instance across to the custom VPC
Use AWS Database Migration Service
Take a snapshot of your DB Instance in the default VPC and restore it to VPC by specifying the DB Subnet Group you want to use in your custom VPC.
Use the command “aws rds mv dbname < VPC”
Explanation
The easiest way would be to take a snapshot of your DB Instance outside VPC and restore it to VPC by specifying the DB Subnet Group you want to use.
You are working for a real estate company and you need to be able to record configuration changes to Amazon RDS DB Instances, DB Subnet Groups, DB Snapshots, DB Security Groups, and Event Subscriptions. What AWS service should you use to achieve this?
CloudTrail
CloudWatch
CloudAudit
AWS Config
You can use AWS Config to continuously record configurations changes to Amazon RDS DB Instances, DB Subnet Groups, DB Snapshots, DB Security Groups, and Event Subscriptions and receive notification of changes through Amazon Simple Notification Service (SNS).
Which AWS service should you use to host MySQL, MariaDB, Oracle, SQL Server, or PostgreSQL database where you do not need to manage the underlying operating system?
DynamoDB
RDS
Aurora
EC2 with EBS
RDS
You have an RDS database that has moderate I/O requirements. Which storage medium would be best to accommodate these requirements?
Amazon RDS Provisioned IOPS (SSD) Storage
Amazon RDS General Purpose (SSD) Storage
Amazon RDS Magnetic Storage
Amazon RDS Cold Storage
Amazon RDS General Purpose (SSD) Storage would be the most suitable.
he large manufacturing company you work for is interested in moving their production estate to AWS. They run a Joomla store which utilizes MySQL on the back end. Currently, they also use clustered MySQL databases in an active/passive configuration at a single site. By moving to AWS they want an active/passive configuration across 2 geographically distinct locations, with automatic failover between the two. As their solutions architect, which of the following RDS options should you recommend?
Multi-AZ
Read Replicas
Cross Region Replication
Cross Region Failover
To automatically failover from one geographic location to another you should use Multi-AZ for RDS.
You have a production application that is on the largest RDS instance possible, and you are still approaching CPU utilization bottlenecks. You have implemented read replicas, ElastiCache and even CloudFront and S3 to cache static assets, but you are still bottlenecking. What should be your next step?
You should implement database partitioning and spread your data across multiple DB Instances.
You have reached the limits of public cloud. You should get a dedicated database server and host this locally within your own data center.
You should consider using RDS Multi-AZ and using the secondary AZ nodes as read only nodes to further offset load.
You should provision a secondary RDS instance and then implement and ELB to spread the load between the two RDS instances.
You should implement database partitioning and spread your data across multiple DB Instances.
The insurance company you work for is implementing new IT security policies for all RDS instances. In the future, you will need to perform both security analyses and operational troubleshooting on your RDS estate. As such, you will need a history of all RDS API calls made on your account. What AWS service should you use to achieve this?
CloudAudit
CloudWatch
CloudFront
CloudTrail
AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The AWS API call history produced by CloudTrail enables security analysis, resource change tracking, and compliance auditing.
What are the two different ways of automating your RDS backups?
Automated Backups
Using S3
Automated Snapshots
Using Data Pipeline
Explanation
Amazon RDS provides two different methods for backing up and restoring your DB Instance(s): automated backups and database snapshots.
What type of replication is supported by read replica instances?
synchronous replication
asynchronous replication
continous replication
sequential replication
Explanation
Updates are applied to your Read Replica(s) after they occur on the source DB Instance using “asynchronous” replication.
Which three of the following statements are not true?
EBS Volumes can be attached to multiple instance simultaneously
EBS Volumes cannot be attached to an EC2 instance in another AZ.
EBS Volumes are ephemeral.
EBS Volumes can be attached to an EC2 instance in another AZ
Explanation
The only true statement is, “EBS Volumes cannot be attached to an EC2 instance in another AZ.” The rest are false.
You need to configure a new subnet in your VPC for a database cluster you are building. The subnet will never need more than six IP addresses. Which of the following is the best choice for this subnet?
A /28 private subnet
A /28 public subnet
A /16 public subnet
A /16 private subnet
Explanation
Databases generally do not require public access from the Internet, so a private subnet is the better choice from a security perspective. /28 is the smallest possible subnet in an AWS VPC.
True or False: An Availability Zone comprises multiple Regions
Just the opposite: A Region comprises at least two Availability Zones.
Which three of the following events would cause Amazon RDS to initiate a failover to the standby replica?
Loss of availability in primary Availability Zone
Loss of network connectivity to primary
Compute unit failure on primary
Storage failure on secondary
Explanation
The events would cause Amazon RDS to initiate a failover to the standby replica would be; Loss of availability in primary Availability Zone, Loss of network connectivity to primary, Compute unit failure on primary, Storage failure on primary
What is the minimum size of an SSD EBS Volume?
1byte
1GiB
1MB
1GB
Explanation
SSD volumes must be between 1 GiB - 16 TiB.
True or False: An application designed for fault tolerance and high availability should almost always be built across multiple Availability Zones
Architects who care about the availability and performance of their applications should deploy across multiple Availability Zones in the same region for fault tolerance and low latency.
You are auditing your company’s RDS estate, and you discover a database that is in a single Availability Zone – a violation of company policy. You decide to convert this to a multi-AZ deployment. Which three of the following things will happen?
A snapshot of your primary instance is taken
Synchronous replication is configured between primary and standby instances
A new standby instance is created in a different Availability Zone, from the snapshot
asynchronous replication is configured between primary and standby instances
Explanation
For the RDS MySQL, MariaDB, PostgreSQL and Oracle database engines, when you elect to convert your RDS instance from Single-AZ to Multi-AZ, the following happens: A snapshot of your primary instance is taken, A new standby instance is created in a different Availability Zone, from the snapshot, synchronous replication is configured between primary and standby instances.
True or False: In addition to hosting domains, Route 53 serves as a domain registrar.
You can register domains with Amazon Route 53. You can also transfer the registration for existing domains from other registrars to Amazon Route 53 or transfer the registration for domains that you register with Amazon Route 53 to another registrar.
Your SQL server requires a specific type of collation and some unique third party tools installed on it. You will need access to the underlying operating system for management and monitoring of these third party tools. However, you’d like to keep the overall amount of management to a minimum. Which AWS service would best suit your needs?
RDS with SQL Server
DynamoDB
SQL server installed on EC2 with EBS
ElasticCache
Explanation
As you need access to the underlying host operating system, your best option would be to deploy SQL Server on EC2 backed by EBS.
True or False: It’s possible to have a Multi-AZ copy of your read replica?
At this time, you cannot have a multi-AZ copy of your read replica.
Your data warehousing company has a number of different RDS instances. You have a medium size instance with automated backups switched on and a retention period of 1 week. One of your staff carelessly deletes this database. Which two of the following apply.
The automatic backups are deleted when the instance is deleted.
The automated backups will be retained for 2 weeks and then deleted after the 2 weeks has expired.
A final snapshot will be created upon deletion automatically.
A final snapshot MAY have been created when the instance was deleted, depending on whether the ‘SkipFinalSnapshot’ parameter was set to ‘False.’
Under normal circumstances, all automatic backups of an RDS instance are deleted upon termination. However, it is possible to can create a final DB Snapshot upon deletion.If you do, you can use this DB Snapshot to restore the deleted DB Instance at a later date. Amazon RDS retains this final user-created DB Snapshot along with all other manually created DB Snapshots after the DB Instance is deleted.
True or False: A Region is another name for an Edge Location.
Regions and Availability Zones are not the same thing: An AWS Region is a geographic area, comprising two or more Availability Zones (data centers.) An Edge Location is simply a content delivery network endpoint.
You’ve been tasked with replicating your production VPC in another region for disaster recovery purposes. Part of your environment relies on EC2 instances with preconfigured software. What steps would you take to configure the instances in another region?
Create AMIs of the instances and deploy them in the new Region
Create AMIs of the instances and copy them to the new Region for deployment.
Write the IAM permissions for the new Region to use the AMIs from the original Region.
None of the above
The AMIs will need to be copied to the new Region prior to deployment.
From the command line, which of the following should you run to get the public hostname of an EC2 instance?
curl http://169.254.169.254/latest/meta-data/public-hostname
curl http://254.169.254.169/latest/user-data/public-hostname
curl http://254.169.254.169/latest/meta-data/public-hostname
curl http://169.254.169.254/latest/user-data/public-hostname
You would use the command curl http://169.254.169.254/latest/meta-data/public-hostname
Amazon RDS supports which of the following databases:
MariaDB
MySQL
DB2
Sybase
Amazon RDS currently supports MySQL, MariaDB, PostgreSQL, Oracle, Microsoft SQL Server, and Amazon Aurora database engines.
True or False: EBS Volumes are hard-disks in the cloud.
Amazon Elastic Block Store (Amazon EBS) provides block level storage volumes for use with EC2 instances. They are analogous to hard disks.
Which database engines support read replicas?
SQL Server
Oracle
MySQL
PostgreSQL
Read Replicas are supported by Amazon RDS for MySQL and PostgreSQL.
You’ve been tasked with setting up an S3 solution to store large amounts of critical data. With high availability and fault-tolerance in mind, what further safeguards should you implement to protect your data in the event that an entire AZ was lost to a natural (or similarly catastrophic) disaster?
Nothing: S3 is a global service and is not affected by the loss of an availability zone.
Use lifecycle policies to copy the data to Glacier.
Deploy a gateway-stored AWS Storage Gateway.
None of the above
S3 is a Global service, and its reliability and durability are not bound to any Region or Availability Zone.
What is the maximum retention period for RDS automated backups?
7 days
2 weeks
1 month
35 days
Amazon RDS retains backups of a DB Instance for a limited, user-specified period of time called the retention period, which by default is one day but can be set to up to thirty five days.
Which two of the following characterize a scalable and reliable solution on AWS?
A scalable application will be resilient and operationally efficient
A scalable solution applies elasticity at the expense of cost.
A scalable solution will decrease in cost at scale.
A scalable solution applies elasticity, but is cost-agnostic.
The AWS Well-Architected framework has been developed to help cloud architects build the most secure, high-performing, resilient, and efficient infrastructure possible for their applications. This framework provides a consistent approach to application and solution architecture that will scale with your needs over time.
You have an RDS database that has high performance OLTP workloads. Which storage medium would be best to accommodate these requirements?
Amazon RDS Provisioned IOPS (SSD) Storage
Amazon RDS General Purpose (SSD) Storage
Amazon RDS Magnetic Storage
Amazon RDS Cold Storage
Amazon RDS Provisioned IOPS (SSD) Storage would be the most suitable.
What type of replication is supported by Multi-AZ RDS instances?
synchronous replication
asynchronous replication
continuous replication
sequential replication
Multi-AZ deployments utilize synchronous replication,
making database writes concurrently on both the primary and standby so that the standby will be up-to-date in the event a failover occurs.
Which two services are included at no additional cost with the use of the AWS platform?
S3 Auto Scaling EC2 CloudFormation ELB
Auto Scaling
AWS CloudFormation.
Which of the following request headers, when specified in an API call, will cause an object to be encrypted by SSE?
server-side encryption
AES256
amz-server-side-encryption
x-amz-server-side-encryption
x-amz-server-side-encryption
How many RCU are needed to support 25 strongly consistent reads per second of 15KB?
100 RCU
1 strongly consistent read per second of 4KB.
How many RCU are needed to support 25 eventually consistent reads per second of 15KB?
50 RCU
1 RCU = 2 eventually consistent reads per second of 4KB
How may WCU are needed to support 100 writes per second of 512 bytes?
100 WCU
1 WCU - 1 write per second of 1KB (1024 bytes) - have to round up.
A security system monitors 3000 cameras and saves image metadata every 30 seconds to an amazon dynamodb table. each sample involves writing 512 bytes of data, and writes are evenly distributed over time. How much write throughput is required for the target table?
30 WCU 100 WCU 600 WCU 300 WCU 3600 WCU
100 WCU
(3000 cameras X 1 WCU) / 30 seconds
Which of the following is an example of a good Amazon DynamoDB partition key schema for provisioned throughput efficiency?
Student ID, where every student has a unique ID number
College ID, where there are two colleges in the university
Class ID, where every student is in one of four classes
Tuition plan, where the vast majority of students are in-state and the rest are out-of-state.
Student ID, where every student has a unique ID number
When using a large Scan operation in DynamoDB, what technique can you use to minimize the impact of a scan on a tables’s provisioned throughput?
Set a smaller page size for the scan
Use parallel scans
Define a range index on the table
Pre-warm the table by updating all items.
Set a smaller page size for the scan
What is the default setting for SQS visibility timeout?
30 Seconds.
Which of the following services are key/value stores? (3 answers)
Elasticache SNS DynamoDB SWF S3
Elasticache
DynamoDB
S3
