Review

Question 1

S3 offers 256-bit encryption for data-at-rest.

Answer 1

S3 offers 256-bit encryption for data-at-rest, which is an option you an turn on/off. AWS manages the keys and will decrypt the data when you request to download it.

Question 2

What feature should you utilize for redundancy if auto scaling and load balancing are not available?

Answer 2

Setting up an Elastic IP address and having it ready for failover is a great solution when other services that provide high availability and fault tolerance are not available.

Question 3

The AMI ID used in an Auto Scaling policy is configured in the

Answer 3

Launch configuration

Question 4

Which of the following is not a benefit of a decoupled architecture using EC2, Auto Scaling, and SQS?

Answer 4

An application does not become unavailable due to the deletion of a single SQS queue
Deletion of an SQS queue used in an application will cause the application to fail.

Question 5

you recently purchased and deployed four reserved EC2 instances in the US-East-1 region’s Availability Zone 1 for a new project. Your supervisor just informed you that this project only requires two EC2 instances. Rather than selling the reserved instances, she asked you to terminate the extra instances and convert two of the on-demand instances already running in Availability Zone 1 to reserved instances. Can this be done?

Answer 5

Yes, you can terminate the reserved instances and AWS will automatically begin billing the two on-demand instances as reserved instances

Question 6

Data stored on EBS volumes are automatically and redundantly stored in multiple physical volumes in the same Availability Zone as part of the normal operations of the EBS service and at no additional charge.

Answer 6

true

Question 7

Which of the following AWS services allow you access to the underlying operating system?

Answer 7

Amazon EMR, Amazon Elastic Beanstalk

Question 8

You are building a system to distribute confidential training videos to employees. Using CloudFront, what method would be used to serve content that is stored in S3 but not publicly accessible from S3 directly?

Answer 8

Create an Origin Access Identify (OAI) for CloudFront and grant access to the objects in your S3 bucket to that OAI

Question 9

You have 8 instances running on your VPC and all 10 of your users (5 production and 5 development) currently have access to all the instances. However, you have been told that because 4 of the instances are used for production and 4 are used for development, you will need to set up access so that the 5 production people can only access the production server and the 5 development people can only access the development server. Using policies, which of the following would be the best way to accomplish this?

Answer 9

Define the tags on the test and production servers, and add a condition to the IAM policy which allows access to specific tags

Question 10

Amazon Auto Scaling is not meant to handle instant load spikes but is built to grow with a gradual increase in usage over a short time period.

Answer 10

true

Question 11

You recently purchased hardware to run a decoupled application in your on-premises datacenter. The application is working great but has seen an increased workload in recent weeks that makes you concerned that your hardware cannot handle the load. Your supervisor asks you to analyze the possibility of expanding the application using cloud resources. You cannot completely migrate the application to AWS because of the investment you have already made in on-premises hardware. What items will most likely be included in your analysis?

Answer 11

You can leverage SQS to utilize both on-premises servers and EC2 instances for your decoupled application, You can leverage SWF to utilize both on-premises servers and EC2 instances for your decoupled application

Question 12

When designing an application architecture utilizing EC2 instances and the ELB, to determine the instance size required for your application, what questions might be important?

Answer 12

Determining the minimum memory requirements for an application, Determining the required I/O operations

Question 13

Stripping Options

Answer 13

Raid 0 and 1(common type); Raid 5 and 6(not recommended because of the extended stipe

Question 14

Raid 0 Disadvantage

Answer 14

Performance of the stripe is limited to the worst performing volume in the set.. Loss of a single volume results in a complete data loss of the array

Question 15

Raid 1 Disadvantage

Answer 15

Does not provide a write performance improvement; requires more Amazon RC2 to Amazon EBS bandwidth than non-RAID configurations because the data is written to multiple volumes simultaneously.

Question 16

Raid 5 and Raid 6

Answer 16

are not recommedned for amazon EBS because the parity write operations of these RAID modes consume some of the IOPS available to your volumes.. Increased cost.

Question 17

Is creating a Read replica of another read replica supported?

Answer 17

only with MySQL based RDS

Question 18

If I want my instance to run on a single-tenant hardware, which value do I have to set the instance’s tenancy attribute to?

Answer 18

Dedicated.

Question 19

maximum response time for a Business level Premium Support case?

Answer 19

1 hour

Question 20

Sharding

Answer 20

Sharding embodies the “share-nothing” architecture and essentially just involves breaking a
larger database up into smaller databases. Common ways to split a database are:
Splitting tables that are not joined in the same query onto different hosts Duplicating a table across multiple hosts and then splitting where a row goes.

Question 21

Enhanced Networking – launch HVM AMI in VPC.

Answer 21

Enhanced Networking enables you to get significantly higher packet per second (PPS) performance, lower network jitter and lower latencies. This feature uses a new network virtualization stack that provides higher I/O performance and lower CPU utilization compared to traditional implementations. In order to take advantage of Enhanced Networking, you should launch an HVM AMI in VPC, and install the appropriate driver.

Question 22

Improve Application Throughput

Answer 22

You can run and scale applications such as stateless web services, image rendering, big data analytics and massively parallel computations on Spot instances. Since it costs less , you can increase your compute capacity by 2-10x within the same budget.

Question 23

I2

Answer 23

Optimized to deliver tens of thousands of low-latency, randon I.O operations per second to applications.
NoSQl, Clustered databases, Online transaction processing(OLTP) systems

Question 24

Billing dashboard elements

Answer 24

Bills;
cost Explorer;
Budgets;
Reports;
Cost Allocation Tags;
Payment Methods;
Payment History;
Consolidated Billing;
Preferences;
Credits;
Tax Settings;
DevPay

Question 25

Read replicas

Answer 25

MySQL, MariaDB, PostgreSQL, Amazon Aurora.

Question 26

VM Import/Export

Answer 26

VM Import/Export enables customers to import Virtual Machine (VM) images in order to create Amazon EC2 instances. Customers can also export previously imported EC2 instances to create VMs. Customers can use VM Import/Export to leverage their previous investments in building VMs by migrating their VMs to Amazon EC2

Question 27

What is the service used by AWS to segregate control over the various AWS services ?

Answer 27

AWS Identity and Access Management (IAM).

Question 28

Instance Family

Answer 28

T2/M4/C4 -- HVM EBS-Backed; | M3/C3-- HVM and PV; EBS and Instance store;

Question 29

Maximum ratio of IOPS to Volume size

Answer 29

50:1

Question 30

http://169.254.169.254/latest/meta-data/public-ipv4

Answer 30

latest, then meta-data

Question 31

Routed 53 features

Answer 31

* Register domain names – Your website needs a name, such as example.com. Amazon Route 53 lets you register a name for your website or web application, known as a domain name. * Route internet traffic to the resources for your domain – When a user opens a web browser and enters your domain name in the address bar, Amazon Route 53 helps the Domain Name System (DNS) connect the browser with your website or web application. * Check the health of your resources – Amazon Route 53 sends automated requests over the internet to a resource, such as a web server, to verify that it's reachable, available, and functional. You also can choose to receive notifications when a resource becomes unavailable and choose to route internet traffic away from unhealthy resources.

Question 32

Golden Image

Answer 32

an AMI that has been constructed from a customized image.

Question 33

if DNS hostnames option of the VPC is not set to "YES"

Answer 33

then instances launched in the subnet will not get DNS Names.

Question 34

Requirement for cross-region replication

Answer 34

• The source and destination buckets must be versioning-enabled. • The source and destination buckets must be in different AWS regions. • You can replicate objects from a source bucket to only one destination bucket. • Amazon S3 must have permission to replicate objects from that source bucket to the destination bucket on your behalf. • If the source bucket owner also owns the object, the bucket owner has full permissions to replicate the object. If not, the source bucket owner must have permission for the Amazon S3 actions s3:GetObjectVersion and s3:GetObjectVersionACL to read the object and object ACL. • If you are setting up cross-region replication in a cross-account scenario (where the source and destination buckets are owned by different AWS accounts), the source bucket owner must have permission to replicate objects in the destination bucket. The destination bucket needs to grant these permissions via a bucket policy.

Question 35

Lambda Resource Limits per Invocation limit

Answer 35

``` 512 MB temp space; payload size -- 6MB/128k number of file descriptors -- 1024 number of processes and threads -- 1024 memory allocation range -- 128MB -- 3008 MB max execution time per request -- 5 min ```

Question 36

VPC and Subnet Sizing for IPv4

Answer 36

When you create a VPC, you must specify an IPv4 CIDR block for the VPC. The allowed block size is between a /16 netmask (65,536 IP addresses) and /28 netmask (16 IP addresses).

Question 37

Redshift's columnar storage size

Answer 37

1MB(1024KB)

Question 38

Server access log

Answer 38

In order to track requests for access to your bucket, you can enable access logging. Each access log record provides details about a single access request, such as the requester, bucket name, request time, request action, response status, and error code, if any. Access log information can be useful in security and access audits. 

Question 39

snapshot for EBS Volumes in a RAID configuration

Answer 39

it is critical that there is no data I/O to or from the volumes when the snapshots are created. RAID arrays introduce data interdependencies and a level of complexity not present in a single EBS volume configuration. 1. Suspend disk I/O, 2. Start EBS snapshot of volumes, 3. Wait for snapshots to complete, 4. Resume disk

Question 40

Business support plan

Answer 40

1) 24x7 access to customer service, documentation, whitepapers, and support forums 2) Access to full set of Trusted Advisor checks 3) 24x7 access to Cloud Support Engineers via email, chat & phone

Question 41

EC2 classic vs VPC

Answer 41

For instances launched in a VPC, a private IPv4 address remains associated with the network interface when the instance is stopped and restarted, and is released when the instance is terminated. For instances launched in EC2-Classic, we release the private IPv4 address when the instance is stopped or terminated. If you restart your stopped instance, it receives a new private IPv4 address

Question 42

Best Practice to monitor EC2 Instance

Answer 42

• Make monitoring a priority to head off small problems before they become big ones. • Create and implement a monitoring plan that collects monitoring data from all of the parts in your AWS solution so that you can more easily debug a multi-point failure if one occurs. Your monitoring plan should address, at a minimum, the following questions: ◦ What are your goals for monitoring? ◦ What resources you will monitor? ◦ How often you will monitor these resources? ◦ What monitoring tools will you use? ◦ Who will perform the monitoring tasks? ◦ Who should be notified when something goes wrong? • Automate monitoring tasks as much as possible. • Check the log files on your EC2 instances.

Question 43

Instance States

Answer 43

``` rebooting; pending; running; shutting-down; terminated; stopping; stopped ```

Question 44

types of distributions Cloudfront supports

Answer 44

S3 Buckets; | Custom Origin

Question 45

You have written a CloudFormation template that creates 1 elastic load balancer fronting 2 EC2 instances. Which section of the template should you edit so that the DNS of the load balancer is returned upon creation of the stack?

Answer 45

Outputs

Question 46

What is the basic requirement to login into an EC2 instance on the AWS cloud?

Answer 46

Key pairs

Question 47

WAF

Answer 47

web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules. You can use AWS WAF to create custom rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that are designed for your specific application. New rules can be deployed within minutes, letting you respond quickly to changing traffic patterns. Also, AWS WAF includes a full-featured API that you can use to automate the creation, deployment, and maintenance of web security rules.

Question 48

Maintaining a single snapshot provides the lowest cost for Amazon Elastic Block Store snapshots while giving you the ability to fully restore data

Answer 48

Maintain a single snapshot the latest snapshot is both Incremental and complete.

Question 49

EBS Volume Encryption

Answer 49

has to be done during volume creation.

Question 50

CloudWatch Metrics now supports the following three retention schedules:

Answer 50

* 1 minute datapoints are available for 15 days * 5 minute datapoints are available for 63 days * 1 hour datapoints are available for 455 days

Question 51

revoke-security-group-ingress

Answer 51

Removes one or more rules from a security groups.

Question 52

Perfect Forward Secrecy is used to offer SSL/TLS cipher suites for which two AWS services?

Answer 52

cloudFront and Elastic Load Balancing.

Question 53

Event notification of S3

Answer 53

can be sent via SNS, SQS, or Lambda function

Question 54

AWS IOT

Answer 54

AWS IoT is a managed cloud platform that lets connected devices easily and securely interact with cloud applications and other devices. AWS IoT can support billions of devices and trillions of messages, and can process and route those messages to AWS endpoints and to other devices reliably and securely. With AWS IoT, your applications can keep track of and communicate with all your devices, all the time, even when they aren’t connected.

Question 55

Your company is moving their entire 20 TB data warehouse to the cloud. With your current bandwidth, it would take 2 months to transfer the data. Which service would allow you to quickly get your data into AWS?

Answer 55

Amazon import/Export

Question 56

You are testing an application that uses EC2 instances to poll an SQS queue. At this stage of testing, you have verified that the EC2 instances can retrieve messages from the queue, but your coworkers are complaining about not being able to manually retrieve any messages from the queue from their on-premises workstations. What is the most likely source of this problem?

Answer 56

Your coworkers may not have permission to the SQS queue

Question 57

CloudTrail

Answer 57

AWS Cloudtrail is the defacto service provided by aws for monitoring all API calls to AWS and is used for logging and monitoring purposes for compliance purposes. Amazon cloudtrail detects every call made to aws and creates a log which can then be further used for analysis.

Question 58

DNS record Type

Answer 58

CloudFront distribution Select A — IPv4 address. If IPv6 is enabled for the distribution, create two records, one with a value of A — IPv4 address for Type, and one with a value of AAAA — IPv6 address. Elastic Beanstalk environment that has regionalized subdomains Select A — IPv4 address ELB load balancer Select A — IPv4 address or AAAA — IPv6 address Amazon S3 bucket Select A — IPv4 address Another record in this hosted zone Select the type of the record that you're creating the alias for. All types are supported except NS and SOA.

Question 59

EMR

Answer 59

In Amazon EMR , you have the ability to work with the underlying instances wherein the EMR service allows you to associate the EC2 Key pair with the launched instances.

Question 60

VPC configuration Options

Answer 60

VPC with a single Public Subnet VPC with public and private subnets VPC with public and private and Hardware VPN access VPC with a Private subnet Only and Hardware VPN Access

Question 61

ClassicLInk

Answer 61

within the same region, allows us to link an EC2-CLassic instance to a VPC in our account.

Question 62

AWS Workspaces

Answer 62

is used for Virtual desktops

Question 63

CloudWatch Metrics

Answer 63

``` CPU Utilization Disk Reads Disk Read Operations Network statistics for Data transfer For RDS: DB Connections Free Storage Space; Freeable Memory ```

Question 64

Trusted Advisor

Answer 64

``` Cost Optimization Performance Security Fault Tolerance help you identify underutilized resources in AWS. and monitor service limit. ```

Question 65

Error: Server refused our key (or) Error: No supported authentication methods available

Answer 65

Verify that you are connecting with the appropriate user name for your AMI. You should also verify that your private key (.pem) file has been correctly converted to the format recognized by PuTTY (.ppk).

Question 66

User name in Putty COnfiguration

Answer 66

``` Linux AMI -- ec2-user RHEL-- ec2-user or root Ubuntu AMI -- ubuntu or root Centos AMI -- centos ... ```

Question 67

best solution to store session data

Answer 67

ElastiCache

Question 68

Serverless Platform

Answer 68

Compute -- Lambda API Proxy -- API Gateway Storage -- S3 Database -- DynamoDB

Question 69

CloudWatch Logs Agent

Answer 69

provides an automated way to send log data to Cloudwatch Logs from Amazon EC2 instances. The agent is comprised of the following components: · A plug-in to the AWS CLI that pushes log data to CloudWatch Logs. · A script (daemon) that initiates the process to push data to CloudWatch Logs. · A cron job that ensures that the daemon is always running.

Question 70

S3 Cost

Answer 70

related to number of request and storage.

Question 71

Auto Scaling cooldown period

Answer 71

a configurable setting for your Auto Scaling group that helps to ensure that Auto Scaling doesn't launch or terminate additional instances before the previous scaling activity takes effect.

Question 72

Kinesis limits

Answer 72

retention period -- 24 hours by default, max -- 7 days

Question 73

encrypted EBS volume

Answer 73

Data at rest inside the volume · All data moving between the volume and the instance · All snapshots created from the volume

Question 74

Active Directory connector

Answer 74

is a directory gateway with which you can redirect directory requests to your on-premises Microsoft Active Directory without caching any information in the cloud. AD Connector comes in two sizes, small and large. A small AD Connector is designed for smaller organizations of up to 500 users. A large AD Connector can support larger organizations of up to 5,000 users.

Question 75

define health check

Answer 75

When defining a health check, in addition to the port number and protocol , you have to also define the page which will be used for the health check. If you don’t have the page defined on the web server then the health check will always fail.

Question 76

Temporary security credentials.

Answer 76

the temporary security credentials are valid for the duration that you specified when calling AssumeRole, or until the time specified in the SAML authentication response's SessionNotOnOrAfter value, whichever is shorter. The duration can be from 900 seconds (15 minutes) to a maximum of 3600 seconds (1 hour). The default is 1 hour.

Question 77

GetSessionToken

Answer 77

must be called by using the long-term AWS security credentials of the AWS account or an IAM user. Credentials that are created by IAM users are valid for the duration that you specify, from 900 seconds (15 minutes) up to a maximum of 129600 seconds (36 hours), with a default of 43200 seconds (12 hours); credentials that are created by using account credentials can range from 900 seconds (15 minutes) up to a maximum of 3600 seconds (1 hour), with a default of 1 hour.

Question 78

Application Load Balancer vs Classic Load balancer

Answer 78

Application Load Balancer does not support the TCP protocol. When you configure the health check for TCP , you need to configure the protocol and port number Application Load Balancer Support for path-based routing. You can configure rules for your listener that forward requests based on the URL in the request. This enables you to structure your application as smaller services, and route requests to the correct service based on the content of the URL.

Question 79

CloudTrail deliver to

Answer 79

S3, Cloudwatch Logs

Question 80

trail applies to all region advantage

Answer 80

- -The configuration settings for the trail apply consistently across all regions. - -You receive CloudTrail events from all regions in a single S3 bucket and optionally in a CloudWatch Logs log group. - -You manage trail configuration for all regions from one location. - -You immediately receive events from a new region. When a new region launches, CloudTrail automatically creates a trail for you in the new region with the same settings as your original trail. - -You can create trails in regions that you don't use often to monitor for unusual activity

Question 81

All data moving between the volume and S3

Answer 81

not encrypted

Question 82

Elastic Beanstalk

Answer 82

can be used to create web server environment and Worker environments.

Question 83

AWS Certificate Manager

Answer 83

The AWS Certificate manager can be used to generate SSL certificates that can be used to encrypt traffic in transit, but not at rest

Question 84

API Gateway with STS

Answer 84

used for issuing tokens when using API gateway for traffic in transit.

Question 85

NGINX

Answer 85

NGINX is an open source software for web serving, reverse proxying, caching, load balancing etc. It complements the load balancing capabilities of Amazon ELB and ALB by adding support for multiple HTTP, HTTP/2, and SSL/TLS services, content-based routing rules, caching, autoscaling support, and traffic management policies. It can be hosted on an EC2 instance. Launch an EC2 instance through console. SSH into the instance and use the command yum install -y nginx to install nginx and make sure that it is configured to restart automatically after a reboot. It can also be installed with an Elastic Beanstalk service. To enable the Nginx proxy server with your Tomcat application, you must add a configuration file to .ebextensions in the application source bundle that you upload to Elastic Beanstalk.

Question 86

Flow Logs

Answer 86

is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data is stored using Amazon CloudWatch Logs. After you've created a flow log, you can view and retrieve its data in Amazon CloudWatch Logs.

Question 87

If you need low-latency access to your entire dataset, first configure your on-premises gateway to store all your data locally. Then asynchronously back up point-in-time snapshots of this data to Amazon S3. This configuration provides durable and inexpensive offsite backups that you can recover to your local data center or Amazon EC2.

Answer 87

Configure Storage gateway stored volume

Question 88

multivalue answer record

Answer 88

If you want to route traffic approximately randomly to multiple resources, such as web servers, you can create one multivalue answer record for each resource and, optionally, associate an Amazon Route 53 health check with each record. For example, suppose you manage an HTTP web service with a dozen web servers that each have their own IP address. No one web server could handle all of the traffic, but if you create a dozen multivalue answer records, Amazon Route 53 responds to DNS queries with up to eight healthy records in response to each DNS query. Amazon Route 53 gives different answers to different DNS resolvers. If a web server becomes unavailable after a resolver caches a response, client software can try another IP address in the response.

Question 89

spot instance use case

Answer 89

stateless web services, image rendering, big data analytics and massively parallel computations

Question 90

Auto scaling options

Answer 90

Scheduled Scaling ; Dynamic scaling; manual scaling

Question 91

Resource Limits

Answer 91

- -Access keys assigned to an IAM user 2 - - Access keys assigned to the AWS account root user 2 - - Aliases for an AWS account 1 - -Groups an IAM user can be a member of 10 - -Identity providers (IdPs) associated with an IAM SAML provider object 10 - -Keys per SAML provider 10 - -Login profiles for an IAM user 1 - - Managed policies attached to an IAM group 10 - - Managed policies attached to an IAM role 10 - - Managed policies attached to an IAM user 10 - - MFA devices in use by an IAM user 1 - - MFA devices in use by the AWS account root user 1 - - Roles in an instance profile 1 - - SAML providers in an AWS account 100 - - Signing certificates assigned to an IAM user 2 - - SSH public keys assigned to an IAM user 5 - - Versions of a managed policy that can be stored 5

Question 92

What is the command line instruction for running the remote desktop client in Windows?

Answer 92

mstsc

Question 93

If I want to run a database in an Amazon instance, which is the most recommended Amazon storage option?

Answer 93

EBS

Question 94

: http://status.aws.amazon.com/?

Answer 94

AWS Service Health Dashboard

Question 95

can not be tagged

Answer 95

key pairs B. Elastic IP addresses C. placement groups

Question 96

key pairs B. Elastic IP addresses C. placement groups

Answer 96

1, 000 to 10, 000

Question 97

max key length of a tag

Answer 97

128 Unicode Characters

Question 98

IOP throughputput

Answer 98

1, 000 to 10, 000