Quiz Flashcards by Michael D

What is a proper definition of an IAM Role?

a) IAM Users in multiple User Groups
b) An IAM entity that defines a password policy for IAM Users
c) An IAM entity that defines a set of permissions for making requests to AWS services, and will be used by an AWS service
d) Permissions assigned to IAM Users to perform actions

c) An IAM entity that defines a set of permissions for making requests to AWS services, and will be used by an AWS service

How well did you know this?

Not at all

Perfectly

Which of the following is an IAM Security Tool?

a) IAM Credentials Report
b) IAM Root Account Manager
c) IAM Services Report
d) IAM Security Advisor

a) IAM Credentials Report

How well did you know this?

Not at all

Perfectly

Which answer is INCORRECT regarding IAM Users?

a) IAM Users can belong to multiple User Groups
b) IAM Users don’t have to belong to a User Group
c) IAM Policies can be attached directly to IAM Users
d) IAM Users access AWS services using root account credentials

d) IAM Users access AWS services using root account credentials

How well did you know this?

Not at all

Perfectly

Which of the following is an IAM best practice?

a) Create several IAM Users for one physical person
b) Don’t use the root user account
c) Share your AWS account credentials with your colleague, so they can perform a task for you
d) Do not enable MFA for easier access

b) Don’t use the root user account

How well did you know this?

Not at all

Perfectly

What are IAM Policies?

a) A set of policies that defines how AWS accounts interact with each other
b) JSON documents that define a set of permissions for making requests to AWS services, and can be used by IAM Users, User Groups, and IAM Roles
c) A set of policies that define a password for IAM Users
d) A set of policies defined by AWS that show how customers interact with AWS

b) JSON documents that define a set of permissions for making requests to AWS services, and can be used by IAM Users, User Groups, and IAM Roles

How well did you know this?

Not at all

Perfectly

Which principle should you apply regarding IAM Permissions?

a) Grant most privilege
b) Grant more permissions if your employee asks you to
c) Grant least privilege
d) Restrict root account permissions

c) Grant least privilege

How well did you know this?

Not at all

Perfectly

What should you do to increase your root account security?

a) Remove permissions from the root account
b) Only access AWS services through AWS Command Line Interface (CLI)
c) Don’t create IAM Users, only access your AWS account using the root account
d) Enable Multi-Factor Authentication (MFA)

d) Enable Multi-Factor Authentication (MFA)

How well did you know this?

Not at all

Perfectly

IAM User Groups can contain IAM Users and other User Groups.

a) True
b) False

b) False

How well did you know this?

Not at all

Perfectly

An IAM policy consists of one or more statements. A statement in an IAM Policy consists of the following, EXCEPT:

a) Effect
b) Principal
c) Version
d) Action
e) Resource

c) Version

How well did you know this?

Not at all

Perfectly

Which EC2 Purchasing Option can provide you the biggest discount, but it is not suitable for critical jobs or databases?

a) Convertible Reserved Instances
b) Dedicated Hosts
c) Spot Instances

c) Spot Instances

How well did you know this?

Not at all

Perfectly

What should you use to control traffic in and out of EC2 instances?

a) Network Access Control Lists (NACL)
b) Security Groups
c) IAM Policies

b) Security Groups

How well did you know this?

Not at all

Perfectly

How long can you reserve an EC2 Reserved Instance?

a) 1 or 3 years
b) 2 or 4 years
c) 6 months or 1 year
d) Anytime between 1 and 3 years

a) 1 or 3 years

How well did you know this?

Not at all

Perfectly

You would like to deploy a High-Performance Computing (HPC) application on EC2 instances. Which EC2 instance type should you choose?

a) Storage Optimized
b) Compute Optimized
c) Memory Optimized
d) General Purpose

b) Compute Optimized

How well did you know this?

Not at all

Perfectly

Which EC2 Purchasing Option should you use for an application you plan to run on a server continuously for 1 year?

a) Reserved Instances
b) Spot Instances
c) On-Demand Instances

a) Reserved Instances

How well did you know this?

Not at all

Perfectly

You are preparing to launch an application that will be hosted on a set of EC2 instances. This application needs some software installation and some OS packages need to be updated during the first launch. What is the best way to achieve this when you launch the EC2 instances?

a) Connect to each EC2 instance using SSH, then install the required software and updated your OS packages manually
b) Write a bash script that installs the required software and updates to your OS, then contact AWS support and provide them with the script. They will run it on your EC2 instances at launch.
c) Write a bash script that installs the required software and updates to your OS, then use this script in EC2 User Data when you launch your EC2 instances.

How well did you know this?

Not at all

Perfectly

Which EC2 Instance Type should you choose for a critical application that uses an in-memory database?

a) Compute Optimized
b) Storage Optimized
c) Memory Optimized
d) General Purpose

c) Memory Optimized

How well did you know this?

Not at all

Perfectly

You have an e-commerce application with an OLTP database hosted on-premises. This application has popularity which results in its database has thousands of requests per second. You want to migrate the database to an EC2 instance. Which EC2 Instance Type should you choose to handle this high-frequency OLTP database?

a) Compute Optimized
b) Storage Optimized
c) Memory Optimized
d) General Purpose

b) Storage Optimized

How well did you know this?

Not at all

Perfectly

Security Groups can be attached to only one EC2 instance.

a) True
b) False

b) False

How well did you know this?

Not at all

Perfectly

You’re planning to migrate on-premises applications to AWS. Your company has strict compliance requirements that require your applications to run on dedicated servers. You also need to use your own server-bound software license to reduce costs. Which EC2 Purchasing Option is suitable for you?

a) Convertible Reserved Instances
b) Dedicated Hosts
c) Spot Instances

b) Dedicated Hosts

How well did you know this?

Not at all

Perfectly

You would like to deploy a database technology on an EC2 instance and the vendor license bills you based on the physical cores and underlying network socket visibility. Which EC2 Purchasing Option allows you to get visibility into them?

a) Spot Instances
b) On-Demand
c) Dedicated Hosts
d) Reserved Instances

c) Dedicated Hosts

How well did you know this?

Not at all

Perfectly

Spot Fleet is a set of Spot Instances and optionally ……………

a) Reserved Instances
b) On-Demand Instances
c) Dedicated Hosts
d) Dedicated Instances

b) On-Demand Instances

How well did you know this?

Not at all

Perfectly

You have launched an EC2 instance that will host a NodeJS application. After installing all the required software and configured your application, you noted down the EC2 instance public IPv4 so you can access it. Then, you stopped and then started your EC2 instance to complete the application configuration. After restart, you can’t access the EC2 instance, and you found that the EC2 instance public IPv4 has been changed. What should you do to assign a fixed public IPv4 to your EC2 instance?

a) Allocate an Elastic IP and assign it to your EC2 instance
b) From inside your EC2 instance OS, change network configuration from DHCP to static and assign it a public IPv4
c) Contact AWS upport and request a fixed public IPv4 to your EC2 instance
d) This can’t be done, you can only assign a fixed private IPv4 to your EC2 instance

a) Allocate an Elastic IP and assign it to your EC2 instance

How well did you know this?

Not at all

Perfectly

You have an application performing big data analysis hosted on a fleet of EC2 instances. You want to ensure your EC2 instances have the highest networking performance while communicating with each other. Which EC2 Placement Group should you choose?

a) spread placement group
b) cluster placement group
c) partition placement group

b) cluster placement group

How well did you know this?

Not at all

Perfectly

You have a critical application hosted on a fleet of EC2 instances in which you want to achieve maximum availability when there’s an AZ failure. Which EC2 Placement Group should you choose?

a) cluster placement group
b) partition placement group
c) spread placement group

c) spread placement group

How well did you know this?

Not at all

Perfectly

Elastic Network Interface (ENI) can be attached to EC2 instances in another AZ. a) True b) False

b) False

The following are true regarding EC2 Hibernate, EXCEPT: a) EC2 Instance Root Volume must be an instance store volume b) Supports On-Demand and Reserved Instances c) EC2 Instance RAM must be less than 150GB d) EC2 Instance Root Volume type must be an EBS volume

a) EC2 Instance Root Volume must be an instance store volume

You have just terminated an EC2 instance in us-east-1a, and its attached EBS volume is now available. Your teammate tries to attach it to an EC2 instance in us-east-1b but he can't. What is a possible cause for this? a) He's missing IAM permissions b) EBS volumes are locked to an AWS Region c) EBS volumes are locked to an Availability Zone

c) EBS volumes are locked to an Availability Zone

You have launched an EC2 instance with two EBS volumes, Root volume type and the other EBS volume type to store the data. A month later you are planning to terminate the EC2 instance. What's the default behavior that will happen to each EBS volume? a) Both the root volume type and the EBS volume type will be deleted b) The root volume type will be deleted and the EBS volume type will not be deleted c) The root volume type will not be deleted and the EBS volume type will be deleted d) Both the root volume type and the EBS volume type will not be deleted

b) The root volume type will be deleted and the EBS volume type will not be deleted

You can use an AMI in N.Virginia Region us-east-1 to launch an EC2 instance in any AWS Region. a) true b) false

false AMIs are built for a specific AWS Region, they're unique for each AWS Region. You can't launch an EC2 instance using an AMI in another AWS Region, but you can copy the AMI to the target AWS Region and then use it to create your EC2 instances.

Which of the following EBS volume types can be used as boot volumes when you create EC2 instances? a) gp2, gp3, st1, sc1 b) gp2, gp3, io1, io2 c) io1, io2, st1, sc1

b) gp2, gp3, io1, io2

What is EBS Multi-Attach? a) Attach the same EBS volume to multiple EC2 instances in multiple Azs b) Attach multiple EBS volumes in the same AZ to the same EC2 instance c) Attach the same EBS volume to multiple EC2 instances in the same AZ d) Attach multiple EBS volumes in the multiple AZs to the same EC2 instance

c) Attach the same EBS volume to multiple EC2 instances in the same AZ Using EBS Multi-Attach, you can attach the same EBS volume to multiple EC2 instances in the same AZ. Each EC2 instance has full read/write permissions.

You would like to encrypt an unencrypted EBS volume attached to your EC2 instance. What should you do? a) Create an EBS snapshot of your EBS volume. Copy the snapshot and tick the option to encrypt the copied snapshot. Then, use the encrypted snapshot to create a new EBS volume. b) Select your EBS volume, choose Edit Attributes, then tick the Encrypt using KMS option c) Create a new encrypted EBS volume, then copy data from your unencrypted EBS volume to the new EBS volume d) Submit a request to AWS Support to encrypt your EBS volume

a) Create an EBS snapshot of your EBS volume. Copy the snapshot and tick the option to encrypt the copied snapshot. Then, use the encrypted snapshot to create a new EBS volume.

You have a fleet of EC2 instances distributes across AZs that process a large data set. What do you recommend to make the same data to be accessible as an NFS drive to all of your EC2 instances? a) Use EBS b) Use EFS c) Use an Instance Store

b) Use EFS EFS is a network file system (NFS) that allows you to mount the same file system on EC2 instances that are in different AZs.

You would like to have a high-performance local cache for your application hosted on an EC2 instance. You don't mind losing the cache upon the termination of your EC2 instance. Which storage mechanism do you recommend as a Solutions Architect? a) EBS b) EFS c) Instance Store

c) Instance Store EC2 Instance Store provides the best disk I/O performance.

You are running a high-performance database that requires an IOPS of 310,000 for its underlying storage. What do you recommend? a) Use an EBS gp2 drive b) Use an EBS io1 drive c) Use an EC2 Instance Store d) Use and EBS io2 Block Express drive

c) Use an EC2 Instance Store You can run a database on an EC2 instance that uses an Instance Store, but you'll have a problem that the data will be lost if the EC2 instance is stopped (it can be restarted without problems). One solution is that you can set up a replication mechanism on another EC2 instance with an Instance Store to have a standby copy. Another solution is to set up backup mechanisms for your data. It's all up to you how you want to set up your architecture to validate your requirements. In this use case, it's around IOPS, so we have to choose an EC2 Instance Store.

Scaling an EC2 instance from r4.large to r4.4xlarge is called a) Horizontal Scalability b) Vertical Scalability

b) Vertical Scalability

Running an application on an Auto Scaling Group that scales the number of EC2 instances in and out is called a) Horizontal Scalability b) Vertical Scalability

a) Horizontal Scalability

Elastic Load Balancers provide a a) static IPv4 we can use in our application b) static DNS name we can use in our application c) static IPv6 we can use in our application

b) static DNS name we can use in our application Only Network Load Balancer provides both static DNS name and static IP. While, Application Load Balancer provides a static DNS name but it does NOT provide a static IP. The reason being that AWS wants your Elastic Load Balancer to be accessible using a static endpoint, even if the underlying infrastructure that AWS manages changes.

You are running a website on 10 EC2 instances fronted by an Elastic Load Balancer. Your users are complaining about the fact that the website always asks them to re-authenticate when they are moving between website pages. You are puzzled because it's working just fine on your machine and in the Dev environment with 1 EC2 instance. What could be the reason? a) Your website must have an issue when hosted on multiple EC2 instances b) The EC2 instances log out users as they can't see their IP addresses, instead, they receive ELB IP addresses c) The Elastic Load Balancer does not have Sticky Sessions enabled

c) The Elastic Load Balancer does not have Sticky Sessions enabled ELB Sticky Session feature ensures traffic for the same client is always redirected to the same target (e.g., EC2 instance). This helps that the client does not lose his session data.

You are using an Application Load Balancer to distribute traffic to your website hosted on EC2 instances. It turns out that your website only sees traffic coming from private IPv4 addresses which are in fact your Application Load Balancer's IP addresses. What should you do to get the IP address of clients connected to your website? a) Modify your website's frontend so that users send their IP in every request b) Modify your website's backend to get the client IP address from the X-Forwarded-For header c) Modify your website's backend to get the client IP address from the X-Forwarded-Port header d) Modify your website's backend to get the client IP address from the X-Forwarded-Proto header

b) Modify your website's backend to get the client IP address from the X-Forwarded-For header When using an Application Load Balancer to distribute traffic to your EC2 instances, the IP address you'll receive requests from will be the ALB's private IP addresses. To get the client's IP address, ALB adds an additional header called "X-Forwarded-For" contains the client's IP address.

You hosted an application on a set of EC2 instances fronted by an Elastic Load Balancer. A week later, users begin complaining that sometimes the application just doesn't work. You investigate the issue and found that some EC2 instances crash from time to time. What should you do to protect users from connecting to the EC2 instances that are crashing? a) Enable ELB Health Checks b) Enable ELB Stickiness c) Enable SSL Termination d) Enable Cross-Zone Load Balancing

a) Enable ELB Health Checks When you enable ELB Health Checks, your ELB won't send traffic to unhealthy (crashed) EC2 instances.

You are working as a Solutions Architect for a company and you are required to design an architecture for a high-performance, low-latency application that will receive millions of requests per second. Which type of Elastic Load Balancer should you choose? a) Application Load Balancer b) Classic Load Balancer c) Network Load Balancer

c) Network Load Balancer Network Load Balancer provides the highest performance and lowest latency if your application needs it.

Application Load Balancers support the following protocols, EXCEPT: a) HTTP b) HTTPS c) TCP d) WebSocket

c) TCP

Application Load Balancers can route traffic to different Target Groups based on the following, EXCEPT: a) Client's Location (geography) b) Hostname c) Request URL Path d) Source IP Address

a) Client's Location (geography) ALBs can route traffic to different Target Groups based on URL Path, Hostname, HTTP Headers, and Query Strings.

Registered targets in a Target Groups for an Application Load Balancer can be one of the following, EXCEPT: a) EC2 Instances b) Network Load Balancer c) Private IP Addresses d) Lambda Functions

b) Network Load Balancer

For compliance purposes, you would like to expose a fixed static IP address to your end-users so that they can write firewall rules that will be stable and approved by regulators. What type of Elastic Load Balancer would you choose? a) Application LB with Elastic IP attached b) Network LB c) Classic LB

b) Network LB Network Load Balancer has one static IP address per AZ and you can attach an Elastic IP address to it. Application Load Balancers and Classic Load Balancers have a static DNS name.

You want to create a custom application-based cookie in your Application Load Balancer. Which of the following you can use as a cookie name? a) AWSALBAPP b) APPUSERC c) AWSALBTG d) AWSALB

b) APPUSERC

You have a Network Load Balancer that distributes traffic across a set of EC2 instances in us-east-1. You have 2 EC2 instances in us-east-1b AZ and 5 EC2 instances in us-east-1e AZ. You have noticed that the CPU utilization is higher in the EC2 instances in us-east-1b AZ. After more investigation, you noticed that the traffic is equally distributed across the two AZs. How would you solve this problem? a) Enable Cross-Zone load balancing b) Enable Sticky Sessions c) Enable ELB Health Checks d) Enable SSL Termination

a) Enable Cross-Zone load balancing When Cross-Zone Load Balancing is enabled, ELB distributes traffic evenly across all registered EC2 instances in all AZs.

Which feature in both Application Load Balancers and Network Load Balancers allows you to load multiple SSL certificates on one listener? a) TLS Termination b) Server Name Indication (SNI) c) SSL Security Policies d) Host Headers

b) Server Name Indication (SNI)

You have an Application Load Balancer that is configured to redirect traffic to 3 Target Groups based on the following hostnames: users.example.com, api.external.example.com, and checkout.example.com. You would like to configure HTTPS for each of these hostnames. How do you configure the ALB to make this work? a) Use an HTTP to HTTPS redirect rule b) Use a security group SSL certificate c) Use Server Name Indication (SNI)

c) Use Server Name Indication (SNI) Server Name Indication (SNI) allows you to expose multiple HTTPS applications each with its own SSL certificate on the same listener. Read more here: https://aws.amazon.com/blogs/aws/new-application-load-balancer-sni/

You have an application hosted on a set of EC2 instances managed by an Auto Scaling Group that you configured both desired and maximum capacity to 3. Also, you have created a CloudWatch Alarm that is configured to scale out your ASG when CPU Utilization reaches 60%. Your application suddenly received huge traffic and is now running at 80% CPU Utilization. What will happen? a) Nothing b) The desired capacity will go up to 4 and the maximum capacity will stay at 3 c) The desired capacity will go up to 4 and the maximum capacity will stay at 4

a) Nothing

You have an Auto Scaling Group fronted by an Application Load Balancer. You have configured the ASG to use ALB Health Checks, then one EC2 instance has just been reported unhealthy. What will happen to the EC2 instance? a) The ASG will keep the instance running and re-start the application b) The ASG will detach the EC2 instance and leave it running c) The ASG will terminate the EC2 instance

c) The ASG will terminate the EC2 instance

Your boss asked you to scale your Auto Scaling Group based on the number of requests per minute your application makes to your database. What should you do? a) Create a CloudWatch custom metric then create a CloudWatch Alarm on this metric to scale your ASG b) you politely tell him its impossible c) Enable Detailed Monitoring then create a CloudWatch Alarm to scale your ASG

a) Create a CloudWatch custom metric then create a CloudWatch Alarm on this metric to scale your ASG There's no CloudWatch Metric for "requests per minute" for backend-to-database connections. You need to create a CloudWatch Custom Metric, then create a CloudWatch Alarm.

An application is deployed with an Application Load Balancer and an Auto Scaling Group. Currently, you manually scale the ASG and you would like to define a Scaling Policy that will ensure the average number of connections to your EC2 instances is around 1000. Which Scaling Policy should you use? a) Simple Scaling Policy b) Step Scaling Policy c) Target Tracking Policy d) Scheduled Scaling Policy

c) Target Tracking Policy

You have an ASG and a Network Load Balancer. The application on your ASG supports the HTTP protocol and is integrated with the Load Balancer health checks. You are currently using the TCP health checks. You would like to migrate to using HTTP health checks, what do you do? a) Migrate to an Application Load Balancer b) Migrate the health check to HTTP

b) Migrate the health check to HTTP

You have a website hosted in EC2 instances in an Auto Scaling Group fronted by an Application Load Balancer. Currently, the website is served over HTTP, and you have been tasked to configure it to use HTTPS. You have created a certificate in ACM and attached it to the Application Load Balancer. What you can do to force users to access the website using HTTPS instead of HTTP? a) Send an email to all customers to use HTTPS instead of HTTP b) Configure the Application Load Balancer to redirect HTTP to HTTPS c) Configure the DNS record to redirect HTTP to HTTPS

b) Configure the Application Load Balancer to redirect HTTP to HTTPS

Amazon RDS supports the following databases, EXCEPT: a) MongoDB b) MySQL c) MariaDB d) Microsoft SQL Server

MongoDB RDS supports MySQL, PostgreSQL, MariaDB, Oracle, MS SQL Server and Amazon Aurora

You're planning for a new solution that requires a MySQL database that must be available even in case of a disaster in one of the Availability Zones. What should you use? a) Create Read Replicas b) Enable Encryption c) Enable Multi-AZ

Enable Multi-AZ

We have an RDS database that struggles to keep up with the demand of requests from our website. Our million users mostly read news, and we don't post news very often. Which solution is NOT adapted to this problem? a) An ElastiCache Cluster b) RDS Multi-AZ c) RDS Read Replicas

RDS Multi-AZ

You have set up read replicas on your RDS database, but users are complaining that upon updating their social media posts, they do not see their updated posts right away. What is a possible cause for this? a) There must be a bug in your application b) Read Replicas have Asynchronous Replication, therefore it's likely your users will only read Eventual Consistency c) You should have setup Multi-AZ instead

Which RDS (NOT Aurora) feature when used does not require you to change the SQL connection string? a) Multi-AZ b) Read Replicas

Multi-AZ keeps the same connection string regardless of which database is up.

Your application running on a fleet of EC2 instances managed by an Auto Scaling Group behind an Application Load Balancer. Users have to constantly log back in and you don't want to enable Sticky Sessions on your ALB as you fear it will overload some EC2 instances. What should you do? a) Use your own custom Load Balancer on EC2 instances instead of using ALB b) Store session data in RDS c) Store session data in ElastiCache d) Store session data in a shared EBS volume

Store session data in ElastiCache. Storing session data in ElastiCache is a common pattern to ensure different EC2 instances can retrieve your user's state if needed.

An analytics application is currently performing its queries against your main production RDS database. These queries run at any time of the day and slow down the RDS database which impacts your users' experience. What should you do to improve the users' experience? a) Setup a Read Replica b) Setup Multi-AZ c) Run the analytics queries at night

Setup a Read Replica

You would like to ensure you have a replica of your database available in another AWS Region if a disaster happens to your main AWS Region. Which database do you recommend to implement this easily? a) RDS Read Replicas b) RDS Multi-AZ c) Aurora Read Replicas d) Aurora Global Database

Aurora Global Database

How can you enhance the security of your ElastiCache Redis Cluster by allowing users to access your ElastiCache Redis Cluster using their IAM Identities (e.g., Users, Roles)? a) Using Redis Authentication b) Using IAM Authentication c) Use Security Groups

Using IAM Authentication

Your company has a production Node.js application that is using RDS MySQL 5.6 as its database. A new application programmed in Java will perform some heavy analytics workload to create a dashboard on a regular hourly basis. What is the most cost-effective solution you can implement to minimize disruption for the main application? a) Enable Multi-AZ for the RDS database and run the analytics workload on the standby database b) Create a Read Replica in a different AZ and run the analytics workload on the replica database c) Create a Read Replica in a different AZ and run the analytics workload on the source database

You would like to create a disaster recovery strategy for your RDS PostgreSQL database so that in case of a regional outage the database can be quickly made available for both read and write workloads in another AWS Region. The DR database must be highly available. What do you recommend? a) Create a Read Replica in the same region and enable Multi-AZ on the main database b) Create a Read Replica in a different region and enable Multi-AZ on the Read Replica c) Create a Read Replica in the same region and enable Multi-AZ on the Read Replica d) Enable Multi-Region option on the main database

You have migrated the MySQL database from on-premises to RDS. You have a lot of applications and developers interacting with your database. Each developer has an IAM user in the company's AWS account. What is a suitable approach to give access to developers to the MySQL RDS DB instance instead of creating a DB user for each one? a) By default IAM users have access to your RDS database b) Use Amazon Cognito c) Enable IAM Database Authentication

Enable IAM Database Authentication

Which of the following statement is true regarding replication in both RDS Read Replicas and Multi-AZ? a) Read Replica uses Asynchronous Replication and Multi-AZ uses Asynchronous Replication b) Read Replica uses Asynchronous Replication and Multi-AZ uses Synchronous Replication c) Read Replica uses Synchronous Replication and Multi-AZ uses Synchronous Replication d) Read Replica uses Synchronous Replication and Multi-AZ uses Asynchronous Replication

How do you encrypt an unencrypted RDS DB instance? a) Do it straight from AWS Console, select your RDS DB instance, choose Actions then Encrypt using KMS b) Do it straight from AWS Console, after stopping the RDS DB instance c) Create a snapshot of the unencrypted RDS DB instance, copy the snapshot and tick "Enable encryption", then restore the RDS DB instance from the encrypted snapshot

For your RDS database, you can have up to ............ Read Replicas. a) 5 b) 15 c) 7

Which RDS database technology does NOT support IAM Database Authentication? a) Oracle b) PostgreSQL c) MySQL

Oracle

You have an un-encrypted RDS DB instance and you want to create Read Replicas. Can you configure the RDS Read Replicas to be encrypted? a) No b) Yes

An application running in production is using an Aurora Cluster as its database. Your development team would like to run a version of the application in a scaled-down application with the ability to perform some heavy workload on a need-basis. Most of the time, the application will be unused. Your CIO has tasked you with helping the team to achieve this while minimizing costs. What do you suggest? a) Use an Aurora Global Database b) Use an RDS database c) Use Aurora Serverless d) Run Aurora on EC2, and write a script to shut down the EC2 instance at night

Use Aurora Serverless

How many Aurora Read Replicas can you have in a single Aurora DB Cluster? a) 5 b) 10 c) 15

Amazon Aurora supports both .......................... databases. a) MySQL and MariaDB b) MySQL and PostgreSQL c) Oracle and MariaDB d) Oracle and MS SQL Server

MySQL and PostgreSQL

You work as a Solutions Architect for a gaming company. One of the games mandates that players are ranked in real-time based on their score. Your boss asked you to design then implement an effective and highly available solution to create a gaming leaderboard. What should you use? a) Use RDS for MySQL b) Use an Amazon Aurora c) Use ElastiCache for Memcached d) Use ElastiCache for Redis - Sorted Sets

Use ElastiCache for Redis - Sorted Sets

You need full customization of an Oracle Database on AWS. You would like to benefit from using the AWS services. What do you recommend? a) RDS for Oracle b) RDS Custom for Oracle c) Deploy Oracle on EC2

RDS Custom for Oracle

You need to store long-term backups for your Aurora database for disaster recovery and audit purposes. What do you recommend? a) Enable Automated Backups b) Perform On Demand Backups c) Use Aurora Database Cloning

Perform On Demand Backups

Your development team would like to perform a suite of read and write tests against your production Aurora database because they need access to production data as soon as possible. What do you advise? a) Create an Aurora Read Replica for them b) Do the test against the production database c) Make a DB Snapshot and Restore it into a new database d) Use the Aurora Cloning feature

Use the Aurora Cloning feature

You have 100 EC2 instances connected to your RDS database and you see that upon a maintenance of the database, all your applications take a lot of time to reconnect to RDS, due to poor application logic. How do you improve this? a) Fix all the applications b) Disable Multi-AZ c) Enable Multi-AZ d) Use an RDS Proxy

Use an RDS Proxy

You have purchased mycoolcompany.com on Amazon Route 53 Registrar and would like the domain to point to your Elastic Load Balancer my-elb-1234567890.us-west-2.elb.amazonaws.com. Which Route 53 Record type must you use here? a) CNAME b) Alias

Alias

You have deployed a new Elastic Beanstalk environment and would like to direct 5% of your production traffic to this new environment. This allows you to monitor for CloudWatch metrics and ensuring that there're no bugs exist with your new environment. Which Route 53 Routing Policy allows you to do so? a) Simple b) Weighted c) Latency d) Failover

Weighted

You have updated a Route 53 Record's myapp.mydomain.com value to point to a new Elastic Load Balancer, but it looks like users are still redirected to the old ELB. What is a possible cause for this behavior? a) Because of the Alias record b) Because of the CNAME record c) Because of the TTL d) Because of Route 53 Health Checks

Because of the TTL

You have an application that's hosted in two different AWS Regions us-west-1 and eu-west-2. You want your users to get the best possible user experience by minimizing the response time from application servers to your users. Which Route 53 Routing Policy should you choose? a) Multi Value b) Weighted c) Latency d) Geolocation

Latency

You have a legal requirement that people in any country but France should NOT be able to access your website. Which Route 53 Routing Policy helps you in achieving this? a) Latency b) Simple c) Multi Value d) Geolocation

Geolocation

You have purchased a domain on GoDaddy and would like to use Route 53 as the DNS Service Provider. What should you do to make this work? a) Request for a domain transfer b) Create a Private Hosted Zone and update the 3rd party Registrar NS records c) Create a Public Hosted Zone and update the Route 53 NS records d) Create a Public Hosted Zone and update the 3rd party Registrar NS records

Which of the following are NOT valid Route 53 Health Checks? a) Health Check that monitors SQS Queue b) Health Check that monitors and Endpoint c) Health Check that monitors other Health Checks d) Health Check that monitors CloudWatch Alarms

Health Check that monitors SQS Queue

Your website TriangleSunglasses.com is hosted on a fleet of EC2 instances managed by an Auto Scaling Group and fronted by an Application Load Balancer. Your ASG has been configured to scale on-demand based on the traffic going to your website. To reduce costs, you have configured the ASG to scale based on the traffic going through the ALB. To make the solution highly available, you have updated your ASG and set the minimum capacity to 2. How can you further reduce the costs while respecting the requirements? a) Remove the ALB and use an Elastic IP instead b) Reserve two EC2 instances c) Reduce the minimum capacity to 1 d) Reduce the minimum capacity to 0

Which of the following will NOT help us while designing a STATELESS application tier? a) store session data in Amazon RDS b) store session data in Amazon ElastiCache c) store session data in the client HTTP cookies d) store session data on EBS volumes

d EBS volumes are created in a specific AZ and can only be attached to one EC2 instance at a time

You want to install software updates on 100s of Linux EC2 instances that you manage. You want to store these updates on shared storage which should be dynamically loaded on the EC2 instances and shouldn't require heavy operations. What do you suggest? a) Store the software updates on EBS and sync them using data replication software from one master in each AZ b) Store the software updates on EFS and mount EFS as a network drive at startup c) Package the software updates as an EBS snapshot and create EBS volumes for each new software update d) Store the software updates on Amazon RDS

As a Solutions Architect, you're planning to migrate a complex ERP software suite to AWS Cloud. You're planning to host the software on a set of Linux EC2 instances managed by an Auto Scaling Group. The software traditionally takes over an hour to set up on a Linux machine. How do you recommend you speed up the installation process when there's a scale-out event? a) Use a Golden AMI b) Bootstrap using EC2 User Data c) Store the application in Amazon RDS d) Retrieve the application setup files from EFS

Use a Golden AMI

You're developing an application and would like to deploy it to Elastic Beanstalk with minimal cost. You should run it in .................. a) Single Instance Mode b) High Availability Mode

Single Instance Mode

You're deploying your application to an Elastic Beanstalk environment but you notice that the deployment process is painfully slow. After reviewing the logs, you found that your dependencies are resolved on each EC2 instance each time you deploy. How can you speed up the deployment process with minimal impact? a) Remove some dependencies in your code b) Place the dependencies in Amazon EFS c) Create a Golden AMI that contains the dependencies and use that image to launch the EC2 instances

You're getting errors while trying to create a new S3 bucket named "dev". You're using a new AWS Account with no S3 buckets created before. And you double-checked and found that you have the correct IAM permissions to create S3 Buckets. What is a possible cause for this? a) Only AWS account root user can create S3 Buckets b) S3 bucket names must be globally unique and "dev" is already taken

You have enabled versioning in your S3 bucket which already contains a lot of files. Which version will the existing files have? a) 1 b) 0 c) -1 d) null

null

You have updated an S3 bucket policy to allow IAM users to read/write files in the S3 bucket, but one of the users complain that he can't perform a PutObject API call. What is a possible cause for this? a) The S3 bucket policy must be wrong b) The user is lacking permissions c) The IAM user must have an explicit DENY in the attached IAM Policy d) You need to contact AWS Support to lift this limit

The IAM user must have an explicit DENY in the attached IAM policy. Explicit DENY in an IAM Policy will take precedence over and S3 bucket policy.

You want the content of an S3 bucket to be fully available in different AWS Regions. That will help your team perform data analysis at the lowest latency and cost possible. What S3 feature should you use? a) Amazon CloudFront Distributions b) S3 Versioning c) S3 Static Website Hosting d) S3 Replication

S3 Replication

You have 3 S3 buckets. One source bucket A, and two destination buckets B and C in different AWS Regions. You want to replicate objects from bucket A to both bucket B and C. How would you achieve this? a) Configure replication from bucket A to bucket B, then from bucket A to bucket C b) Configure replication from bucket A to bucket B, then from bucket B to bucket C c) Configure replication from bucket A to bucket C, then from bucket C to bucket B

Which of the following is NOT a Glacier Deep Archive retrieval mode? a) expedited (1 - 5 minutes) b) standard (12 hours) c) bulk (58 hours)

expedited (1 - 5 minutes)

Which of the following is NOT a Glacier Flexible retrieval mode? a) Instant (10 seconds) b) Expedited (1 - 5 minutes) c) Standard (3 - 5 hours) d) Bulk (5 - 12 hours)

How can you be notified when there's an object uploaded to your S3 bucket? a) S3 Select b) S3 Access Logs c) S3 Event Notifications d) S3 Analytics

S3 Event Notifications

You have an S3 bucket that has S3 Versioning enabled. This S3 bucket has a lot of objects, and you would like to remove old object versions to reduce costs. What's the best approach to automate the deletion of these old object versions? a) S3 Lifecycle Rules - Transition Actions b) S3 Lifecycle Rules - Expiration Actions c) S3 Access Logs

S3 Lifecycle Rules - Expiration Actions

How can you automate the transition of S3 objects between their different tiers? a) AWS Lambda b) CouldWatch Events c) S3 Lifecycle Rules

S3 Lifecycle Rules

While you're uploading large files to an S3 bucket using Multi-part Upload, there are a lot of unfinished parts stored in the S3 bucket due to network issues. You are not using these unfinished parts and they cost you money. What is the best approach to remove these unfinished parts? a) Use AWS Lambda to loop on each old/unfinished part and delete them b) Request AWS Support to help you delete old/unfinished parts c) Use an S3 Lifecycle Policy to automate old/unfinished parts deletion

You are looking to get recommendations for S3 Lifecycle Rules. How can you analyze the optimal number of days to move objects between different storage tiers? a) S3 Inventory b) S3 Analytics c) S3 Lifecycle Rules Advisor

S3 Analytics

You are looking to build an index of your files in S3, using Amazon RDS PostgreSQL. To build this index, it is necessary to read the first 250 bytes of each object in S3, which contains some metadata about the content of the file itself. There are over 100,000 files in your S3 bucket, amounting to 50 TB of data. How can you build this index efficiently? a) Use the RDS Import feature to load the data from S3 to PostgreSQL, and run a SQL query to build the index b) Create an application that will traverse the S3 bucket, read all the files one by one, extract the first 250 bytes, and store that information in RDS c) Create an application that will traverse the S3 bucket, issue a Byte Range Fetch for the first 250 bytes, and store that information in RDS d) Create an application that will traverse the S3 bucket, use S3 Select to get the first 250 bytes, and store that information in RDS

You have a large dataset stored on-premises that you want to upload to the S3 bucket. The dataset is divided into 10 GB files. You have good bandwidth but your Internet connection isn't stable. What is the best way to upload this dataset to S3 and ensure that the process is fast and avoid any problems with the Internet connection? a) Use Multi-part Upload Only b) Use S3 Select & Use S3 Transfer Acceleration c) Use S3 Multi-part Upload & S3 Transfer Acceleration

A company is preparing for compliance and regulatory review on its infrastructure on AWS. Currently, they have their files stored on S3 buckets encrypted using S3 Default Encryption, which must be encrypted using KMS as required for compliance and regulatory review. Which S3 feature allows them to encrypt all files in their S3 buckets in the most efficient and cost-effective way? a) S3 Access Points b) S3 Cross-Region Replication c) S3 Batch Operations d) S3 Lifecycle Rules

S3 Batch Operations

You have a 25 GB file that you're trying to upload to S3 but you're getting errors. What is a possible solution for this? a) The file size limit on S3 is 5GB b) Update your bucket policy to allow the larger file c) Use Multi-Part upload when uploading files larger than 5GB d) Encrypt the file

Your client wants to make sure that file encryption is happening in S3, but he wants to fully manage the encryption keys and never store them in AWS. You recommend him to use ............................ a) SSE-S3 b) SSE-KMS c) SSE-C d) Client-Side Encryption

SSE-C

A company you're working for wants their data stored in S3 to be encrypted. They don't mind the encryption keys stored and managed by AWS, but they want to maintain control over the rotation policy of the encryption keys. You recommend them to use .................... a) SSE-S3 b) SSE-KMS c) SSE-C d) Client-Side Encryption

SSE-KMS

Your company does not trust AWS for the encryption process and wants it to happen on the application. You recommend them to use .................... a) SSE-S3 b) SSE-KMS c) SSE-C d) Client-Side Encryption

Client-side Encryption

You have a website that loads files from an S3 bucket. When you try the URL of the files directly in your Chrome browser it works, but when a website with a different domain tries to load these files it doesn't. What's the problem? a) The bucket policy is wrong b) The IAM policy is wrong c) CORS is wrong d) Encryption is wrong

CORS is wrong

An e-commerce company has its customers and orders data stored in an S3 bucket. The company’s CEO wants to generate a report to show the list of customers and the revenue for each customer. Customer data stored in files on the S3 bucket has sensitive information that we don’t want to expose in the report. How do you recommend the report can be created without exposing sensitive information? a) Use S3 Object Lambda to change the objects before they are retrieved by the report generator application b) Create another S3 bucket. Create a Lambda function to process each file, remove the sensitive information, and them move them to the new S3 bucket c) Use S3 Object Lock to lock the sensitve information from being fetched by the report generator application

You suspect that some of your employees try to access files in an S3 bucket that they don't have access to. How can you verify this is indeed the case without them noticing? a) Enable S3 Access Logs and analyze them using Athena b) Restrict their IAM policies and look at CloudTrail logs c) Use a bucket policy

You are looking to provide temporary URLs to a growing list of federated users to allow them to perform a file upload on your S3 bucket to a specific location. What should you use? a) S3 CORS b) S3 Pre-Signed URL c) S3 Bucket Policies

S3 Pre-Signed URL

For compliance reasons, your company has a policy mandate that database backups must be retained for 4 years. It shouldn't be possible to erase them. What do you recommend? a) Glacier Vaults with Vault Lock Policies b) EFS network drives with restrictive Linux permissions c) S3 with bucket Policies

Glacier Vaults with Vault Lock Policies

You would like all your files in an S3 bucket to be encrypted by default. What is the optimal way of achieving this? a) Use a bucket policy that forces https connections b) Do nothing, Amazon S3 automatically encrypts new objects using Server-Side Encryption wiht S3-Managed Keys (SSE-S3) c) Enable Versioning

You have enabled versioning and want to be extra careful when it comes to deleting files on an S3 bucket. What should you enable to prevent accidental permanent deletions? a) Use a bucket policy b) Enable MFA Delete c) Encrypt the files d) Disable versioning

Enable MFA Delete

A company has its data and files stored on some S3 buckets. Some of these files need to be kept for a predefined period of time and protected from being overwritten and deletion according to company compliance policy. Which S3 feature helps you in doing this? a) S3 Object Lock - Rentention Governance Mode b) S3 Versioning c) S3 Object Lock - Retention Compliance Mode d) S3 Glacier Vault Lock

Which of the following S3 Object Lock configuration allows you to prevent an object or its versions from being overwritten or deleted indefinitely and gives you the ability to remove it manually? a) Retention Governance Mode b) Retention Compliance Mode c) Legal Hold

Legal Hold