Quiz Challenge 1

Question 1

You have been asked by your employer to create an identical copy of your production environment in another Region for disaster recovery purposes. In the list below, which AWS resources would you NOT need to recreate, because they are available universally across the console?

Answer 1

Route 53 configurations are available universally across the AWS management console and do not need to be recreated in a different region.

Identity Access Management Roles are available universally across the AWS management console and do not need to be recreated in a different region.

Question 2

You run a meme creation website that stores the original images in S3 and each meme’s metadata in DynamoDB. You need to decide upon a low-cost storage option for the memes, which won’t be accessed on a regular basis, but require rapid access when needed. If a meme object is unavailable or lost, a Lambda function will automatically recreate it but at a $10 licensing cost per creation. There is a very large number of files. Which storage solution should you use to store the memes in the most cost-effective way?

Answer 2

S3 - IA
The storage savings between IA and OneZone-IA are about $0.0025 this is small compared to the $10 for licensing if many files are lost. The durability of S3 - IA and S3 - OneZone-IA is the same: 99.999999999%., but there is far more of a risk of high costs if it is in one zone. S3 - IA guards against that possibility.

Question 3

Which of the following are valid Route 53 routing policies?

Answer 3

Route 53 has the following routing policies - Simple, Weighted, Latency, Failover, Multivalue answer, Geoproximity. and Geolocation

Question 4

You are a solutions architect working for a large anti-virus company and your job is to secure your company’s production AWS environment. A new policy dictates that a particular public-facing subnet needs to allow RDP on port 3389 at custom network ACL layer. You create an inbound rule allowing traffic to port 3389 on the ACL level. However, users complain that they still cannot connect. Which of the following answers may represent the root cause of the connectivity issues?

Answer 4

Network Access lists are STATELESS

You need to create an outbound rule allowing RDP response traffic to go back out again.

Question 5

The Customer Experience manager comes to see you about some odd behaviors with the ticketing system: messages presented to the support team are not arriving in the order in which they were generated, and occasionally they are receiving a duplicate copy of the message. You know that this is due to the way that the underlying SQS standard queue service is being used to manage messages. Which of the following are correct explanations?

Answer 5

SQS uses multiple hosts, and each host holds only a portion of all the messages. When a staff member calls for their next message, the consumer process does not see all the hosts or all the messages. As such, messages are not necessarily delivered in the order in which they were generated.

If an agent abandons a message or takes a break before finishing with a message, it will be offered in the queue again. In order to ensure that no message is lost, a message will persist in the SQS queue until it is processed successfully or until the message retention quota is reached.

Question 6

A client is concerned that someone other than approved administrators is trying to gain access to the Linux web app instances in their VPC. She asks what sort of network access logging can be added. Which of the following might you recommend?​

Answer 6

Create a flow log for a VPC, subnet, or individual network interface. Publish the flow log data to either Amazon CloudWatch Logs or Amazon S3.

Question 7

Route 53, the AWS implementation of DNS, supports a number of Routing policies. Which of the following are valid Policy types?

Answer 7

Simple Routing Policy
Geoproximatey routing policy
Geolocation routing policy
Failover routing policy
Latency routing policy

Question 8

You are a solutions architect working for a biotech company who is pioneering research in immunotherapy. They have developed a new cancer treatment that may be able to cure up to 94% of cancers. They store their research data on S3. However, an intern recently deleted some critical files accidentally. You’ve been asked to prevent this from happening in the future. Which of the following solutions can be used to prevent accidental data loss?

Answer 8

Enable S3 versioning on the bucket and enable MFA Delete on the bucket

Question 9

At the monthly product meeting, one of the Product Owners proposes an idea to address an immediate shortcoming of the product system: storing a copy of the customer price schedule in the customer record in the database. You know that you can store large text or binary objects in DynamoDB. You give a tentative OK to do a Minimal Viable Product test, but stipulate that it must comply with the size limitation on the Attribute Name & Value. Which is the correct limitation?

Answer 9

DynamoDB allows for the storage of large text and binary objects, but there is a limit of 400 KB.
The combined Value and Name must net exceed 400KB

Question 10

You are working in the media industry, and you have created a web application where users will be able to upload photos they create to your website. This web application must be able to call the S3 API in order to be able to function. Where should you store your API credentials whilst maintaining the maximum level of security.

Answer 10

Don’t save your API credentials. Instead, create a role in IAM and assign this role to an EC2 instance when you first create it.

Question 11

Your company provides an online image recognition service and uses SQS to decouple system components. Your EC2 instances poll the image queue as often as possible to keep end-to-end throughput as high as possible, but you realize that all this polling is resulting in both a large number of CPU cycles and skyrocketing costs. How can you reduce cost without compromising service?

Answer 11

Enable long polling by setting the ReceiveMessageWaitTimeSeconds to a number > 0

Question 12

Which options are valid to protect your Amazon S3 data at rest using server-side encryption?

Answer 12

Server-Side Encryption with Customer Master Keys (CMKs) Stored in AWS Key Management Service (SSE-KMS)

Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)

Server-Side Encryption with Customer-Provided Keys (SSE-C)

Question 13

When editing Amazon S3 bucket permissions (policies and ACLs), to whom does the concept of the “resource owner” refer?

Answer 13

The “resource owner” refers to the AWS account that creates Amazon S3 buckets and objects.

Question 14

You successfully configure VPC Peering between VPC A and VPC B. You then establish an IGW and a Direct Connect connection in VPC B. Can instances in VPC A connect to your corporate office via the Direct Connect service, and connect to the Internet via the IGW?

Answer 14

VCP Peering does not support EDGE to EDGE routing.

Question 15

Which of the following AWS services allow native encryption of data, while at rest?

Answer 15

S3
Elastic Block Store (EBS)
Elastic File System (EFS)

Question 16

You’re building out a single-region application in us-west-2. However, disaster recovery is a strong consideration, and you need to build the application so that if us-west-2 becomes unavailable, you can fail-over to us-west-1. Your application relies exclusively on pre-built AMI’s, and has specific launch permissions, custom tags, and security group rules. In order to run your application leveraging those AMI’s in your backup region, which process would you follow?

Answer 16

Copy the AMI from us-west-2 to us-west-1. After the copy operation is complete, apply launch permissions, user-defined tags, and security group configurations.

Question 17

You are a consultant planning to deploy DynamoDB across three AZs. Your lead DBA is concerned about data consistency. Which of the following do you advise the lead DBA to do?

Answer 17

To ask the development team to code for strongly consistent reads. As the consultant, you will advise the CTO it may have higher latency than eventually consistent reads.

Question 18

You have provisioned a custom VPC with a subnet that has a CIDR block of 10.0.3.0/28 address range. Inside this subnet, you have 2 web servers, 2 application servers, 2 database servers, and a NAT. You have configured an Autoscaling group on the two web servers to automatically scale when the CPU utilization goes above 90%. Several days later you notice that autoscaling is no longer deploying new instances into the subnet, despite the CPU utilization of all web servers being at 100%. Which of the following answers may offer an explanation?

Answer 18

Your Autoscaling Group (ASG) has provisioned too many EC2 instances and has exhausted the number of internal IP addresses available in the subnet.

AWS reserves both the first four and the last IP address in each subnet’s CIDR block.

Question 19

What is true about Amazon S3 URLs for accessing a bucket?

Answer 19

Virtual-host-style URLs (such as: https://bucket-name.s3.Region.amazonaws.com/key name) are supported to access an S3 bucket

Path-Style URLs (such as https://s3.Region.amazonaws.com/bucket-name/key name) are supported to access an S3 bucket

Path-Style URLs will be eventually deprecated in favor of virtual hosted-style URLs for S3 bucket access

Question 20

Your company is looking for an inexpensive solution for offsite backups that you can easily recover to your local data center. You need low-latency access to your entire dataset. Which AWS Storage Gateway configuration would you use to achieve both of these ends?

Answer 20

Volume Gateway-Stored Volumes

Question 21

You are a solutions architect at a large digital media company. The company has decided that they want to operate within the Japanese region, and they need a bucket called “testbucket” set up immediately for testing purposes. You log in to the AWS console and try to create this bucket in the Japanese region. However, you are told that the bucket name is already taken. What should you do to resolve this?

Answer 21

Bucket names are global, not regional. This is a popular bucket name and is already taken. You must choose another bucket name.

Question 22

Your company has hired a young and enthusiastic accountant. After reviewing the AWS documentation and usage graphs, he announces that you are wasting vast amounts of money running your Windows servers for a full hour instead of spinning them up only when they are needed and down again as soon as they are idle for 1 minute. He cites the AWS claim that you only pay for what you use, and that as a senior engineer, you should be more conscious of wasting company money. How do you respond?

Answer 22

You thank him for his concern, and acknowledge that Windows instances are billed by second increments, with a minimum of 1 minute. However, you explain that storage charges are incurred even if the instance sits idle. Taking into account productivity losses, stopping and restarting instances may actually result in additional costs. As such, your solution is fine as it now stands.

Question 23

You have been engaged as a consultant by a company that generates utility bills and publishes them online. PDF images are generated, then stored on a high-performance RDS instance. Customarily, invoices are viewed by customers once per month. Recently, the number of customers has increased threefold, and the wait-time necessary to view invoices has increased unacceptably. The CTO is unwilling to alter the codebase more than necessary this quarter, but needs to return performance to an acceptable level before the end-of-the-month print run. Which of the following solutions would you feel comfortable proposing to the CTO and GM?

Answer 23

One way of scaling is vertical scaling. The decision must make sure the new instance size is the best solution.
Read Replicas are often a great way to help read queries on your database.

Create RDS Read-Replicas and additional Web/App instances across all the available AZs.

Evaluate the risks and benefits associated with an RDS instance type upgrade.

Question 24

How does AWS deliver high availability for DynamoDB?

Answer 24

DynamoDB data is automatically replicated across multiple AZ’s

Question 25

What is the maximum VisibilityTimeout of an SQS message in a FIFO queue?

Answer 25

12 hours

Question 26

You are a solutions architect working for a busy media company with offices in Japan and the United States. Your production environment is hosted both in US-EAST-1 and AP-NORTHEAST-1. Your European users have been connecting to the production environment in Japan, and are seeing the site in Japanese rather than in English. You need to ensure that they view the English language version. Which of the routing policies could help you achieve this?

Answer 26

Geoproximity Routing and Geolocation

Question 27

Which of the following Amazon S3 Storage Classes offer 99.999999999% (11 x 9s) durability?

Answer 27

Standard, Standard infrequently accessed, One-zone infrequent access

Question 28

By definition, a public subnet within a VPC is one that ____.

Answer 28

Has at least one route in its routing table that uses an Internet Gateway (IGW).

Question 29

When it comes to Security Groups within a custom VPC, which of the following statements are correct?

Answer 29

Security Groups are stateful

updates are applied immediately

Question 30

A user of your web-site makes an HTTP request to access a static resource on your server. The request is automatically redirected to the nearest CloudFront server. For some reason, the requested resource does not exist on the CloudFront server. Which of the following is true?

Answer 30

CloudFront will query the origin server and then cache the resource on the edge location.

Question 31

You work for a genomics company that is developing a cure for motor neuron disease by using advanced gene therapies. As a part of their research, they take extremely large data sets (usually in the terabytes) and analyze these data sets using Elastic Map Reduce. In order to keep costs low, they run the analysis for only a few hours in the early hours of the morning, using spot instances for the task nodes. The core nodes are on-demand instances. Lately however the EMR jobs have been failing. This is due to spot instances being unexpectedly terminated. Which of the following is recommended to have the best experience in terms of availability using the Spot service?

Answer 31

Use the capacity optimized allocation strategy.

Use proactive capacity rebalancing.

Question 32

You work for a large software company in Seattle. They have their production environment provisioned on AWS inside a custom VPC. The VPC contains both a public and private subnet. The company tests their applications on custom EC2 instances inside a private subnet. There are approximately 500 instances, and they communicate to the outside world via a proxy server. At 3am every night, the EC2 instances pull down OS updates, which are usually 150MB or so. They then apply these updates and reboot: if the software has not downloaded within half an hour, then the update will attempt to download the following day. You notice that a number of EC2 instances are continually failing to download the updates in the allotted time. Which of the following answers might explain this failure?

Answer 32

The proxy server is in a private subnet and uses a NAT instance to connect to the internet. However, this instance is too small to handle the required network traffic. You should re-provision the NAT solution so that it’s able to handle the throughput.

The proxy server is on an inadequately sized EC2 instance and does not have sufficient network throughput to handle all updates simultaneously. You should increase the instance size or type of the EC2 instance for the proxy server.

Question 33

What is the maximum response time for a Business Level ‘production down’ Support Case?

Answer 33

< 1 hour

Question 34

What are the available AWS Support Plans?

Answer 34

Basic, Developer, Business, Enterprise

Question 35

Which of the following strategies does AWS use to deliver the promised levels of DynamoDB performance?

Answer 35

AWS DynamoDB delivers predictable performance brought on by the use of Solid State Drives, better known as SSDs.

DynamoDB makes use of parallel processing to achieve predictable performance. You visualise each partition as an independent DB server of fixed size. Each responsible for a defined block of data. In SQL terminology it is called sharding.

Question 36

Your company has a policy of encrypting all data at rest. You host your production environment on EC2 in a bespoke VPC. Attached to your EC2 instances are multiple EBS volumes, and you must ensure this data is encrypted. Which of the following options will allow you to do this?

Answer 36

Use third party volume encryption tools.

Encrypt the data using native encryption tools available in the operating system.

Encrypt your data inside the application, before storing it on EBS.

Question 37

You are a systems administrator and you need to monitor the health of your production environment. You decide to do this using CloudWatch. However, you notice that you cannot see the health of every important metric in the default dashboard. When monitoring the health of your EC2 instances, for which of the following metrics do you need to design a custom CloudWatch metric?

Answer 37

Memory usage - Remember under the shared security model that AWS can see the instance, but not inside the instance to what it is doing. AWS can see that you have Memory, but how much of the memory is being used cannot be seen by AWS. In the case of CPU AWS can see how much of CPU you are using, but cannot see what you are using if for.

Question 38

When using a Dedicated Instance, which of the following tenancy attributes are you able to transition between by stopping the instance and starting it again?

Answer 38

Dedicated and Host - The tenancy of an instance can only be changed between variants of ‘dedicated’ tenancy hosting. It cannot be changed from or to default tenancy hosting

Question 39

A single m4.large NAT instance inside a VPC supports a company of 100 people. This NAT instance allows individual EC2 instances in private subnets to communicate out to the internet without being directly accessible via the internet. As the company has grown over the last year, they are finding that the additional traffic through the NAT instance is causing serious performance degradation. What might you do to solve this problem?

Answer 39

Increase the class size of the NAT instance from an m4.large to an m4.xlarge. -

The network bandwidth of the NAT instance depends on the bandwidth of the instance type. m4.xlarge instances deliver high network performance, whereas m4.large have moderate network performance. Hence, increasing the class size of the NAT instance would solve the performance degradation issue.

Question 40

Which of the following database technologies are supported by RDS.

Answer 40

RDS supports the MariaDB, PostgreSQL, MySQL, SQLServer, Oracle, and Aurora database engines

Question 41

Which of the following features only relate to Spread Placement Groups?

Answer 41

A spread placement group supports a maximum of seven running instances per Availability Zone.

Question 42

You work for a popular media outlet about to release a story that is expected to go viral. During load testing on the website, you discover that there is read contention on the database tier of your application. Your RDS instance consists of a MySQL database on an extra large instance. Which of the following approaches would be best to further scale this instance to meet the anticipated increase in traffic your viral story will generate?

Answer 42

Use ElastiCache to cache the frequently read, static data.

You should consider; using ElastiCache, using RDS Read Replicas Scaling up may also resolve the contention, however it may be more expensive than offloading the read activities to cache or Read-Replicas. RDS Multi-AZ is for resilience only.

Question 43

You are a solutions architect working for a construction company. Your company is migrating their production estate to AWS, and you are in the process of setting up access to the AWS console using Identity Access Management (IAM). You have created 15 users for your system administrators. What further steps do you need to take to enable your system administrators to get access to the AWS console in a secure fashion?

Answer 43

Have each user set up multi-factor authentication once they logged into the console.

Generate a password for each user and give these passwords to the system administrator.