Practice Test #1

Question 1

For EFS on an EC2 instance, how many days since last access do you do you choose for your lifecycle policy to automatically move files to IA storage?

Answer 1

7 days since last access

Question 2

After cloud migration from on-prem, which are fully managed AWS services?

Answer 2

DynamoDB & RDS

Question 3

What would you use to provide a library of metabolism assessment functions to developers to share?

Answer 3

Lambda

Question 4

Company in NY needs S3 bucket in SF that is same of current prod S3 bucket. What 2 things should you configure?

Answer 4

S3 Bucket Versioning, Cross-Region Replication (requires the versioning!)

Question 5

What does Amazon S3 Glacier Vault Lock guarantee?

Answer 5

Non-rewriteable && non-erasable format (Write-Once-Read-Many)

Question 6

What service do you use to ensure that users in Europe are directed to this website. www.poopbutthole.com ?

Answer 6

Route53 - Geolocation routing allows you to use the location of users

Question 7

What two services does AWS Instance Scheduler help with?

Answer 7

RDS and EC2 Instances

Question 8

Need a highly available de-coupled web application. What 3 services should you use?

Answer 8

SQS, EC2, and Elastic Load Balancer

Question 9

In Change Controls, for S3 Eventual Consistency, what does updating ‘DelaySeconds’ attribute mean?

Answer 9

DelaySeconds = new message is added to a SQS queue, it will be hidden from consumers instances for fixed period.

Question 10

When are the messages hidden for a VisibilityTimeout in a SQS queue?

Answer 10

After it is consumed from the queue

Question 11

What is the minimum size of an S3 Object?

Answer 11

0 bytes

Question 12

What type of routing policy allows for multiple servers to be sent traffic randomly?

Answer 12

Multivalue Routing (basically Simple Routing - multiplied)

Question 13

Of RDS, DynamoDB, EC2, and S3, which ones need you to design redundancy into them?

Answer 13

EC2 & RDS

Question 14

What is RAID 0 vs RAID 1?

Answer 14

RAID is a configuration to use with a traditional bare metal server for EBS.
RAID 0 = for greater I/O performance with a single volume
RAID 1 = on-instance redundancy, mirror 2 volumes together
DO NOT BOOT FROM RAID VOLUME

Question 15

Is Elastic Load Balancer stateful?

Answer 15

YES BITCH

Question 16

What do you need to create a second copy of prod env in US-EAST-1 and copy needs to be in US-EAST-2 ?

Answer 16

Route53 Private Hosted Zone records, VPC, Security Groups

Question 17

Confidential data in S3 but need it available in different geographical location?

Answer 17

Enable Cross-Region Replication for the S3 bucket

Question 18

Oracle software license?

Answer 18

Dedicated Hosts

Question 19

A Multi-AZ RDS deployment will automatically fail-over as a result of what?

Answer 19

Loss of availability in primary AZ & Loss of network connectivity to Primary

Question 20

Is S3 Transfer Acceleration a HIPAA compliant program?

Answer 20

YES mam, also S3 TA won’t take more than a week

Question 21

What is proactive event-based scaling vs. cyclic scaling?

Answer 21

Cyclic scaling - occurs at a fixed interval

Question 22

What is supported by the Basic Support plan?

Answer 22

Service Limit Increase, Account and Billing Support (other is Technical Support only higher levels)

Question 23

What service allows you to store files as objects in Amazon S3?

Answer 23

AWS Storage Gateway

Question 24

How can you avoid error of max object size exceeded when uploading a HD video to S3 bucket?

Answer 24

Use Multipart Upload API to copy to S3

Question 25

What service enables on-prem to use AWS storage?

Answer 25

AWS Storage Gateway

Question 26

What service is serverless interactive query service to analyze data in S3?

Answer 26

Amazon Athena

Question 27

Which port does Amazon EC2 throttle traffic to all EC2 instances?

Answer 27

Port 25

Question 28

Which layers of DDoS attacks does AWS automatically address?

Answer 28

Layer 3 & Layer 4

Question 29

What 2 things do you need to deploy code to the CLl?

Answer 29

Access Key and Secret Access Key in CLI config

Question 30

If you don’t want to use or maintain client-side encryption library, what S3 encryption option can you use to secure data at rest?

Answer 30

SSE-C - Customer controlled

Question 31

What can you use to bypass existing web server for uploads to avoid increasing load on server?

Answer 31

Use Pre-Signed URLs to upload images

Question 32

Requirement for applications to be separate on cloud, but need to exchange data and communicate with the on-prem data centers. What should you use?

Answer 32

Individual VPCs for each app with peering connections between them.
Shared VPC with Direct Connect to the on-prem

Question 33

Application’s load balancer will need to always be on same IP Address. Which config do you use for your Load Balancer?

Answer 33

Network Load Balancer in public subnet

Question 34

What are the 3 types of server-side encryption for S3?

Answer 34

SSE-S3, SS3-C, SSE-KMS, or a client library like S3 Encryption Client

Question 35

What can you use to connect your cloud resources to your own IPSec VPN connections?

Answer 35

VPC ya dumb bitch

Question 36

Name the 4 types of EBS volumes and what you should use them for.

Answer 36

gp2 - General Purpose SSD - most workloads
io1 - Provisioned IOPS SSD - Databases
st1 - Throughput Optimized HDD - Big Data & Data Warehouses
sc1 - Cold HDD - File Servers

Question 37

How many Read Replicas of a DB can you have?

Answer 37

5, and each RR will have its own DNS endpoint

Question 38

What kind of storage and how many AZ does a DynamoDB have?

Answer 38

SSD storage && 3 geographically distinct data centers

Question 39

What is an Eventually Consistent Read (DynamoDB)?

Answer 39

Default, consistency usually within a second! Best Read Performance

Question 40

What is an Strongly Consistent Read (DynamoDB)?

Answer 40

Takes < 1 second

Returns result that reflects all writes that received a successful response prior to read

Question 41

Explain ElastiCache for Memcached and ElastiCache for Redis.

Answer 41

Memecached - scales horziontally, multi-threaded

Redis - Advanced data types, pub/sub/ sorting, Multi-AZ & restore abilities

Question 42

How is Multivalue Policy different than Simple Routing Policy in Route53?

Answer 42

Multivalue - puts health checks on each record set

Simple Routing - one record with multiple iP addresses - random order

Question 43

If you have a question on Route53 and it mentions subdomain, which Policy do you use?

Answer 43

C-name, but usually use Alias!

Question 44

Explain the difference between Security Groups and Network ACLs.

Answer 44

Network ACLs - stateless - can block IP addresses (allow and deny rules)
Security Groups = stateful

Question 45

What do you use to access a private subnet from a public subnet?

Answer 45

A Bastion host - SSH into the private subnet from the public subnet

Question 46

What is the largest and smallest subnet Amazon allows in VPC?

Answer 46

Largest = /16
Smallest = /28

Question 47

What comes with the default VPC?

Answer 47

• All subnets are internet accessible
• each EC2 instance has both public and private IP addresses
• get a NACL, Security Groups & Route Table

Question 48

What is VPC peering?

Answer 48

using private IP addresses to connect VPCs together

Question 49

Is there 1 subnet per 1 Availability Zone?

Answer 49

Yes, only 1 subnet for 1 AZ, but you can have multiple subnets in the same AZ

Question 50

How many IP addresses are actually available in IPv4?

Answer 50

Only 251, Amazon reserves 5 IP addresses

Question 51

Is there 1 Internet Gateway attached to one VPC?

Answer 51

Yes

Question 52

What does a NAT Instance help you do & what is it always behind?

Answer 52

NAT Instance enables you to install software to a private subnet

• NEED to Disable Source/ Destination Check on Instance
• ALWAYS behind a Security Group
• If bottleneck, go up in size

Question 53

What is a NAT Gateway and when do you use it?

Answer 53

NAT Gateway - NAT instance but redundant (scales automatically)

• use for Enterprise
• NO Security Group
• Spread across EC2 instances

Question 54

NACLs are evaluated before Security Groups. True or False bish?

Answer 54

TRUE BISH

Question 55

How many subnets do you need to provision an Elastic Load Balancer?

Answer 55

At least 2 public subnets

Question 56

What do VPC Flow Logs do?

Answer 56

• capture information on the IP traffic going in and out of network interfaces on VPC
• can be stored in CloudWatch Logs
• can be created at VPC, Subnet, or Network Interface Level

Question 57

What is a VPC Endpoint?

Answer 57

• Connects VPC to AWS services powered by PrivateLink (virtual devices)
• Traffic doesn’t leave Amazon network
• Interface and Gateway endpoints

Question 58

What are the two types of VPC Endpoints and what do they do?

Answer 58

ENI = Interface Endpoints - attach to an EC2 - work with private IP address to act as entry point for traffic

Gateway Endpoints - just like a NAT Gateway - supports S3 and DynamoDB

Question 59

What is Egress-Only Internet Gateway?

Answer 59

Allows IPv6 within a VPC to access internet

Question 60

Which Layers do Application, Network and Classic Load Balancers work on, respectively?

Answer 60

Application Load Balancer = works on Layer 7 & application aware
Network Load Balancer - extreme performance - Layer 4
Classic - Layer 7-specific features, x-forwarded, sticky sessions + Strict Layer 4

Question 61

What does a X-forwarded-for header get? (Classic Load Balancer)

Answer 61

A user’s public IPv4 address

Question 62

How are instances monitored by ELBs reported as?

Answer 62

InService/OutOfService

Question 63

What do you use for Disaster Recovery and for Performance?

Answer 63

Multi-AZ - DR
Read Replicas (Caching) - Performance

Question 64

What are the JSON files that CloudFormation is based off of?

Answer 64

STACKS BITCH

Question 65

What is AWS Quick Start?

Answer 65

Quick Start is a bunch of CloudFormation templates already built to create complex environments quickly

Question 66

Can you use the secondary database as an independent read node if you have deployed an RDS database into Multi-AZ?

Answer 66

NO YA BOOB

Question 67

Describe SQS vs SNS.

Answer 67

SQS - pull based - polling, messaging queue for web service - DECOUPLING
SNS - push-based, notifications to subscribers

Question 68

How long can messages in a SQS queue be kept?

Answer 68

1 minute - 14 days, default retention is 4 days

Question 69

In terms of SQS, what is the visibility timeout?

Answer 69

Time a message is invisible in the queue to the instance

• if message is processed before this amount, its deleted
• if you get duplicate messages, increase this time limit
• max value is 12 hours

Question 70

For SWF (Simple Workflow Service), can a task be duplicated?

Answer 70

No, a task is assigned only once and is never duplicated

• SWF = coordination of tasks
• may have human component
• Actors, starters, deciders, activity workers

Question 71

API Gateway is…

Answer 71

fully managed service to publish and manage API to scale access data or functionality from back-end services

• think LAMBDA
• FRONT DOOR to aws

Question 72

What does CORS do?

Answer 72

• enables the browser to request a resource outside of the domain of the first resource
• use when js/ajax
• enable on Api Gateway

Question 73

What do you enable if you see “Origin policy cannot be read at the remote resource.”

Answer 73

CORS on the API Gateway

Question 74

What is Amazon Kinesis?

Answer 74

helps you continuously stream media

- can use Kinesis Analytics on both types of Kinesis flows

Question 75

Explain Kinesis Streams

Answer 75

• Streams persistently store data 24hrs - 7 days

- uses Shards to save data

Question 76

Explain Kinesis Firehouse

Answer 76

• analyzes data immediately as it comes in
• no persistent storage
• best for Transforming and loading data into S3, data stores

Question 77

What is always recommended for mobile apps in terms of sign up and sign in?

Answer 77

AWS Cognito, a Web Identity Federation Service

- sign in/up w Facebook, google, etc via token exchange

Question 78

What are the two different types of Cognito Pools?

Answer 78

Cognito User Pools = user directory - manages username, passwords and actual user sign in via JWT
Cognito Identity Pools = gives AWS credentials to services themselves (S3 or DynamoDB)

Question 79

How does Lambda scale?

Answer 79

One request to one lambda function

Question 80

What 2 factors does Lambda pricing depend on?

Answer 80

1. Amount of memory - Number of requests (first million are free)
2. Duration - how long function runs

Question 81

Which service is an asynchronous (non-direct) trigger for Lambda and which cannot trigger Lambda?

Answer 81

Non-direct = S3

Can’t use trigger Lambda = RDS

Question 82

What can you use to identity a Lambda?

Answer 82

ARN id

Question 83

Name 3 services that super hyper-threading on one or more virtual CPUs.

Answer 83

EC2, ECS, Lambda

Question 84

What is Amazon Lightsail?

Answer 84

Creates virtual private servers on the cloud

Question 85

Are IAM Roles and Route53 global across a console?

Answer 85

Ya betch ur ass

Question 86

DynamoDB uses parallel processing to have predictable performance and does so by utilizing these two things:

Answer 86

• SSD storage

- partitioned across multiple nodes

Question 87

Name 2 things that AWS provide when you are launching a new instance from a copied AMI

Answer 87

• Launch permissions
• user-defined tags
• S3 bucket permissions from source AMI to new AMI

Question 88

What metric does CloudWatch NOT have? (What metric do you need to make custom to track with CloudWatch)

Answer 88

Memory Usage

Question 89

Explain Virtual Style, Path Style, Legacy Global, and Static Hosting Style Path naming conventions.

Answer 89

Virtual = bucketname.s3.region
Path = s3-bucket_name.region
Global - no region
Static = given DNS name.s3.region

Question 90

What are the default rates for logging metrics in CloudWatch for an EC2 instance?

Answer 90

every 5 minutes default,

every 1 minute detailed

Question 91

Do you need to make DynamoDB MultiAZ (no the answer is no, its regional)

Answer 91

No its Regional service (better for stateless)

Question 92

Which Storage Gateway Configuration would you use to store files on AWS with low-latency?

Answer 92

• File Gateways

- Gateway-Cached

Question 93

What is Amazon Workspaces?

Answer 93

Serves virtual cloud-based desktop sessions to your desktop/laptop users (windows or linux)

• Browser can be used from WorkSpaces to access web servers & use a NAT Gateway because traffic is initiated from the laptop itself
• provides creating an authentication directory and an ENI for each session inherently

Question 94

Which two services allows you root-level access to underling OS?

Answer 94

EMR and EC2 (hEE heEEE)

- can SSH to access the OS

Question 95

Can you enable hibernation on an existing instance? Ex. to re-use it later?

Answer 95

NO, Hibernation can be enabled only at instance launch and not when running or stopped

Question 96

Is encrypting an existing RDS DB instance currently supported? Will an outage be required?

Answer 96

NO! You have to create a new DB instance with encryption enabled and manually migrate your data into.
And yes, an outage will be required

Question 97

How do you reduce the number of empty responses in terms of SQS ?

Answer 97

Use long polling by setting “RecieveMessageWaitTimeSeconds” > 0

Question 98

What should you use to upload files that are greater than 100 Mb ?

Answer 98

Multipart Upload! Its required for files 5 GB and larger

Question 99

List the two ways RDS provides to back up and restore DB instances:

Answer 99

1. Automatic Backups

2. database snapshots

Question 100

How do you encrypt data on S3 at rest?

Answer 100

• Enable Server Side Encryption on bucket - automatically apply AES-256 encryption
• Encrypt data locally using encryption keys and transfer encrypted data to S3

Question 101

What 2 fucking things do you need to SSH into the EC2 instance?

Answer 101

Access Key and Secret Access Key in the CLI configuration

Question 102

What is AWS Firewall Manager?

Answer 102

Service to mange firewall rules across accounts in AWS Organizations. Manager must be Administrator account

Question 103

Can you peer two VPCs with overlapping CIDR ranges assigned?

Answer 103

Absu-fucking-lootly not ya ASS HOLE

Question 104

Does Route53 support DNSSEC or DNSKEY? Hmm hmn does it?

Answer 104

NO YOU FUCKING IDIOT

Question 105

How many Elastic IP addresses can you have in a region?

Answer 105

5

Question 106

What happens when an EC2 instance with an Elastic IP is stope and restarted?

Answer 106

1. Lose all instance store data

2. underlying host for the instance may be changed

Question 107

Elastic IP Addresses CANNOT be used with ELB, ALB or RDS. True or False

Answer 107

TRUE RTURURUUEUUEE

Question 108

Perfect Forward Secrecy is used to offer SSL/TLS cipher suites for which 2 services?

Answer 108

CloudFront and Elastic Load Balancing

Question 109

Using Classic Load Balancer, you need to secure application to allow many domains to serve SSL traffic on same IP address.

Answer 109

1. Make SSL certificate in AWS Certificate manager
2. Create CloudFront web distribution
3. Link certificate to distribution and enable SNI (Server Name Indication)

Question 110

What events will make an Multi-AZ RDS automatically failover to the standby replica?

Answer 110

Loss of availability in primary AZ && Storage failure on primary DB

Question 111

What happens when all primary resources are unhealthy?

Answer 111

Route53 will include only healthy secondary resources in response to DNS queries

Question 112

What types of data would you want to store in EFS storage?

Answer 112

Big Data analytics, enterprise applications, database backups, developer tools, container storage

Question 113

What 2 requirements must be met to integrate an standard S3 bucket and web domain name registered with Route53?

Answer 113

S3 bucket name must == domain name

Registered domain name

Question 114

What do you need to log into an EC2 instance?

Answer 114

Key pairs

Question 115

Which EBS storage class for large, sequential I/O operations?

Answer 115

sc1 = Cold HDD

Question 116

What is the unique Amazon Cognito Identifier that ti returns as a temporary, limited-privilege credential?

Answer 116

Cognito ID

Question 117

What are the 3 services that are destinations for S3 to publish events when enabling notifications?

Answer 117

Lambda, SQS, SNS