Question I Got Wrong

Question 1

What can you use for dynamo DB Caching

Answer 1

DynamoDB Accelerator DAX

Question 2

If you access data only twice a year but need rapid access what S3 Storage class should you use?

Answer 2

Standard-IA. Standard-IA storage class is for data that is accessed less frequently but requires rapid access when needed. Has lower cost per GB but 99.9% availability vs the Standard 99.99%

Question 3

How many TB of storage Does the snowball edge hold

Answer 3

80 TB

Question 4

What are the downsides to Direct Connect

Answer 4

Direct Connect involves significant monetary investment and takes at least a month to set up

Question 5

What is AWS Direct Connect

Answer 5

AWS Direct Connect is a networking service that provides an alternative to using the internet to connect to AWS. Using AWS Direct Connect, data that would have previously been transported over the internet is delivered through a private network connection between your facilities and AWS.

Question 6

If you need to create secure connection between you on-prem data center and AWS what service should you use ?

Answer 6

AWS Site-to-Site VPN. It can be configure in minutes if you have an immediate need.

Question 7

What file system should you use for “hot” and “cold” data

Answer 7

FSx for Lustre

Question 8

Do you need to pay for S3 Transfer Acceleration if did not result in accelerated transfer

Answer 8

No, you pay only for transfers that are accelerated.

Question 9

What are the destination for Amazon Data Firehose

Answer 9

• S3
• Redshift
• OpenSearch
• Splunk
• Custom HTTP endpoints
• 3rd Party service provider Enpoints

Question 10

If you can a new version of object have a different retention period or mode?

Answer 10

Yes

Question 11

What service should you use to migrate on-prem SMB file shares to AWS. The Company wants to stil use its native Windows workloads to have access to the data.

Answer 11

Fsx File Gateway. Amazon FSx File Gateway provides low-latency, on-premises access to fully managed file shares in Amazon FSx for Windows File Server.

Question 12

If you have temporary storage that changes frequently such as buffers, caches, or data that is replicated across a fleet of instances what should you use. (EC2 context)

Answer 12

Instance Store.
Instance Store based volumes provide high random I/O performance at low cost (as the storage is part of the instance’s usage cost)

Question 13

What cache service provides special commands for geospatial data

Answer 13

Amazon ElastiCache for Redis

Question 14

What type of storage give maximum performance (EC2 context)

Answer 14

Instance Store

Question 15

What is the format of the url for s3 buckets as a websiet

Answer 15

http://bucket-name.s3-website.Region.amazonaws.com

http://bucket-name.s3-website-Region.amazonaws.com

Question 16

A health-care company manages its web application on Amazon EC2 instances running behind Auto Scaling group (ASG). The company provides ambulances for critical patients and needs the application to be reliable. The workload of the company can be managed on 2 Amazon EC2 instances and can peak up to 6 instances when traffic increases.
What would you set for the min capacity? How many in each AZ? What would you set for the max capacity ?

Answer 16

Min: 4 / 2 per AZ
Max: 6

Question 17

What is the retrieval time/Latency for S3 Glacier Flexible Retrieval ?

Answer 17

Minutes

Question 18

What is the retrieval time/Latency for S3 - Standard - IA

Answer 18

Milliseconds

Question 19

What can you do to increase the through put of your Kineses data stream while not increasing your cost ?

Answer 19

Using Batch Messages

Question 20

What is Amazon Redshift Spectrum?

Answer 20

A feature of Amazon Web Services’ (AWS) Redshift data warehousing service that allows users to run SQL queries against data stored in Amazon S3 without data loading or ETL.

Question 21

What is the key use case for GuardDuty

Answer 21

Amazon GuardDuty offers threat detection that enables you to continuously monitor and protect your AWS accounts, workloads, and data stored in Amazon S3.

Question 22

What Data does GuardDuty analyze?

Answer 22

• CloudTrail Events
• VPC Flow Logs
• DNS Logs

Question 23

In what order are the cheapest for EBS, EFS, S3

Answer 23

Amazon S3 Standard < Amazon EFS < Amazon EBS

Question 24

Can you suspend the ReplaceUnhealthy Process on an AutoScaling Group?

Answer 24

YES

Question 25

What the use case for the “Standby” state in EC2 Instances ?

Answer 25

Update some software or troubleshoot the instance, and then return the instance to service. Instances that are on standby are still part of the Auto Scaling group, but they do not actively handle application traffic.

Question 26

What is the make concurrent lambda executions per AWS account per region?

Answer 26

1000 but you ask support to raise the limit

Question 27

Can CloudTrail be ingested into CloudWatch ?

Answer 27

YES, you can use all features such as Logs Insight, Contributor Insights, Metric filters, and CloudWatch Alarms.

Question 28

What storage Volumes CANNOT be used as boot volumes

Answer 28

Throughput Optimized Hard disk drive (st1)
Cold Hard disk drive (sc1)

Question 29

How would you connect an EFS instance to multiple EC2 instances across multiple regions?

Answer 29

Inter-region VPC peering connection

Question 30

How is a retention period for an object version set ?

Answer 30

You can place a retention period on an object version either explicitly using Retain Until Date or through a bucket default setting

Question 31

What are the available Destinations for Kinesis Data Firehose ?

Answer 31

• Amazon Simple Storage Service (Amazon S3)
• Amazon Redshift
• Amazon OpenSearch Service,
• Splunk
• any custom HTTP endpoint
• HTTP endpoints owned by supported third-party service providers, including Datadog, Dynatrace, LogicMonitor, MongoDB, New Relic, and Sumo Logic.

Question 32

What can Kinesis Data Analytics ingest data from?

Answer 32

Kinesis Data Streams
Kinesis Data Firehose

Question 33

What Tier has the highest priority [1, 4, 5]

Answer 33

Amazon Aurora will promote the Read Replica that has the highest priority (the lowest numbered tier)

Question 34

If there is two Replicas with the same priority, how does RDS choose?

Answer 34

Promotes the replica that is largest in size (Storage SIze)

Question 35

You would like to mount a network file system on Linux instances, where files will be stored and accessed frequently at first, and then infrequently. What solution is the MOST cost-effective?

Answer 35

Amazon EFS Infrequent Access

Question 36

What is the difference between a Spot Fleet and Spot Instance

Answer 36

Spot instance is a single EC2 Instance that is not being used where a Spot fleet is a collection Spot instances that are managed as a group.

Question 37

When can you use Service Control Policy (SCP) ?

Answer 37

When the account is under an organization.

Question 38

After upgrading an backend api using API Gateway the old response no longer works for the consumers what should you do to make it compatible?

Answer 38

Configure Mapping Template with API Gateway

Question 39

What are some of the benefits of using EventBridge in tandem with S3 Event Notifications

Answer 39

• Enhanced Filtering: Helps match object a parameters which can be used to get only specific notification
• Multiple Destination: You can forward event notification to multiple destination
• Fast, Reliable Invocation: fast and reliable way to froward notification without additional custom codes

Question 40

What is a datashare in the context of RedShift? What are some of its integrations?

Answer 40

A unit of Sharing data that can be created for sharing data in Redshift with users in the same or different accounts

It integrates with AWS IAM which provides a way to share data with specific users in different accounts.

Question 41

What are termination Polices for Auto Scaling Groups ?

Answer 41

Default – Terminate instances according to the default termination policy.

AllocationStrategy – Terminate instances in the Auto Scaling group to align the remaining instances to the allocation strategy for the type of instance that is terminating (either a Spot Instance or an On-Demand Instance). This policy is useful when your preferred instance types have changed. If the Spot allocation strategy is lowest-price, you can gradually rebalance the distribution of Spot Instances across your N lowest priced Spot pools. If the Spot allocation strategy is capacity-optimized, you can gradually rebalance the distribution of Spot Instances across Spot pools where there is more available Spot capacity. You can also gradually replace On-Demand Instances of a lower priority type with On-Demand Instances of a higher priority type.

OldestLaunchTemplate – Terminate instances that have the oldest launch template. With this policy, instances that use the noncurrent launch template are terminated first, followed by instances that use the oldest version of the current launch template. This policy is useful when you’re updating a group and phasing out the instances from a previous configuration.

OldestLaunchConfiguration – Terminate instances that have the oldest launch configuration. This policy is useful when you’re updating a group and phasing out the instances from a previous configuration. With this policy, instances that use the noncurrent launch configuration are terminated first.

ClosestToNextInstanceHour – Terminate instances that are closest to the next billing hour. This policy helps you maximize the use of your instances that have an hourly charge.

NewestInstance – Terminate the newest instance in the group. This policy is useful when you’re testing a new launch configuration but don’t want to keep it in production.

OldestInstance – Terminate the oldest instance in the group. This option is useful when you’re upgrading the instances in the Auto Scaling group to a new EC2 instance type. You can gradually replace instances of the old type with instances of the new type.

Question 42

What Rate based rules does WAF have?

Answer 42

Blanket rate-based rule: to protect your application from large HTTP floods.
URI-specific rate-based rule: A rate-based rule to protect specific URIs at more restrictive rates than the blanket rate-based rule.
IP reputation rate-based rule: A rate-based rule to protect your application against known malicious source IPs.

Question 43

If you want to create a failover record how many do you need to for one primary and one secondary

Answer 43

Two Failover alias records

Question 44

What is the most cost effective way to transfer EFS data between regions without using the public networks

Answer 44

AWS DataSync

Question 45

Who is Not Effected by Service Control Polices

Answer 45

User or roles in the management account

Question 46

What is ECMP (in relation to Site-to-Site) VPN ?

Answer 46

Equal Cost multi path

Question 47

Which supports ECMP? AWS Transit Gateway or Virtual Private Gateway ?

Answer 47

AWS Transit gateway

Question 48

What is the maximum throughput of site-to-site VPN?

Answer 48

1.25 GPS

Question 49

How can yo in increase the through put of site-to-site VPN?

Answer 49

Using AWS Transit Gateway. It supports ECMP which can scale over the limit of 1.25 Gbps. You must have dynamic routing using BGP enable on you Transit Gateway for routing over multiple VPN tunnels.

Question 50

How can you route traffic between two VPCs that have over lapping subnets ?

Answer 50

Private NAT Gateway. All Traffic form overlapping subnets is mapped to the IP address assigned to NAT Gateway

Question 51

How can you can you track and categorize cost incurred by resources?

Answer 51

Using Cost Allocation Tags

Question 52

Who assigns cost allocation tags ?

Answer 52

Each member account

Question 53

If you have Direct Connection with VPC B and VPC B has a peering connection with VPC A can you connect to an EFS instance through the direct connect on-prem

Answer 53

No VPC peering is non-transitive

Question 54

Is VPC Peering Transitive ?

Answer 54

NO

Question 55

What is AWS PrivateLink?

Answer 55

AWS PrivateLink provides private connectivity between virtual private clouds (VPCs), supported AWS services, and your on-premises networks without exposing your traffic to the public internet. (Use in conjuction with VPC endpoints)

Question 56

What service can you use to connect EFS from one VPC to another

Answer 56

AWS PrivateLink

Question 57

What is AWS X-Ray

Answer 57

AWS X-RAY Provides a complete view of requests as they travel through your application and filters visual data across payloads, functions, traces, services, APIs, and more with no-code and low-code motions. It also integrates with SQS

Question 58

What is Parallel Query?

Answer 58

A Feature supported by Amazon Aurora For My SQL that makes it possible to perform analytical queries over the data stored in you transactional database with out copying that data to a separate system for analytics

Question 59

How do you establish a private connection between a VPC and Secrets Manager ?

Answer 59

Create an Interface VPC Endpoint

Question 60

How long are ACM certs valid for ?

Answer 60

13 months / 395 days

Question 61

If a ACM certificates is in pending validation stage what does that mean ?

Answer 61

You need to look for an email form ACM and then follow the link in that email to perform validation.

Question 62

What type of records can yo not create for a root domain like mysite.com

Answer 62

CNAME

Question 63

What AWS IAM Identity Center?

Answer 63

A Cloud based single sign on service that makes it easy to centrally managed single sgn on to different account
- Also provides built-in integrations with many cloud applications like SaleForce, Jenkins
- You have the User dastbase in IAM, AWS managed Microsoft AD, on-prem AD Services, and integration with an Identity Provider who is SAML 2.0 compliant.

Question 64

What is the delivery time of Amazon EventBridge

Answer 64

Near real-time

Question 65

What is CloudTrail Lake?

Answer 65

A fully managed solution for capturing, storing, storing any analyzing user & api related activity for 2 yeasrs .

Question 66

What is AWS Security Hub?

Answer 66

Provides a single a place that aggregates, organizes, and prioritizes alerts or finds form multiple AWS services.

Question 67

What is AWS Outpost ?

Answer 67

AWS Outposts is a family of fully managed solutions delivering AWS infrastructure and services to virtually any on-premises or edge location for a truly consistent hybrid experience. Outposts solutions allow you to extend and run native AWS services on premises, and is available in a variety of form factors, from 1U and 2U Outposts servers to 42U Outposts racks, and multiple rack deployments.

Question 68

What is AWS Lake Formation?

Answer 68

Easily set up Data Lakes in days. collects and catalogs data form databases and object storage, moves dasta into new S3 data lake, uses ML algos to clean and classify data, and secures access to the sensitive data using granular controls at the column, row, and cell-levels.

Question 69

What is the response time for S3 Glacier Instant Retrieval ?

Answer 69

Milliseconds

Question 70

What is Redshift AQUA

Answer 70

Advanced Query Accelerator. Accelerates certain types of queries, particularly those involed in large-scale data analytics and data lake queries. Integrates with s3

Question 71

What can AWS System manager Run Command be used for ?

Answer 71

Used to remotely run commands, like running package updates= on all EC2 Instances.

Question 72

What types of keys do you use for “signing”

Answer 72

Asymmetric Keys

Question 73

What is the conversational AI from Amazon?

Answer 73

Amazon Lex

Question 74

For Amazon Cloudfront where do certificates need to be imported ?

Answer 74

US-EAST-1

Question 75

What is AWS AppSync?

Answer 75

A way to create serverless GraphQL APIs

Question 76

Does EFS have lifecycle policies?

Answer 76

Yes, Based on that, the lifecycle policy will archive your file to the EFS Standard–Infrequent Access (Standard-IA) or One Zone–Infrequent Access (One Zone-IA) storage class, depending on your file system if the files haven’t been accessed for that defined period of time.

Question 77

What service would you use to back up you data for Amazon EFS ?

Answer 77

AWS Backup, it is natively integrated with EFS. You can enable automatic backups for your file systems.

Question 78

What is CloudWatch Execution Logging

Answer 78

Allows you to capture user request, response payloads, and error traces .

Question 79

Using what CloudFront Feature can you control access to multiple content files and not change the url

Answer 79

CloudFront Signed Cookies.

Question 80

If your RPO is 10s of Minutes what should you use ?

Answer 80

Pilot Light

Question 81

If your RPO is minutes what should you use ?

Answer 81

Warm Standby

Question 82

If your RPO is hours what should you use?

Answer 82

Backup and Restore

Question 83

What is EBS Snapshots Archive?

Answer 83

A storage tier for storing snapshots that are rarely accessed and stored for long periods of time

Question 83

What is Amazon Inspector?

Answer 83

A vulnerability Management Service that can identify software vunerabilities and network exposure.

It can be initiated on EC2 instances and Amazon ECR

Question 84

What type of data is Amazon Timestream good for?

Answer 84

Is the most suitable for timeseries dasta for IoT and Operational Services . It can store trillions of Events.

Question 85

What is the max storage for EBS volume

Answer 85

16TB / 16384 GB

Question 86

How would you move something from Glacier Deep Archive to S3 Intelligent Storage

Answer 86

First you need to restore them to their original locations using the S3 Console. Then use the lifecycle policy to move objects to the required S3 Intelligent Tiering Class