Review Flashcards
RDS Read Replicas
asynchronous
How would you restore an EBS snapshot to an EC2 instance?
Create a new volume from the snapshot, attach the volume to the EC2 instance, pre-warm the volume and mount it to the device
Your infrastructure does not have an Internet Gateway attached to any of the subnets. What might you do in order to SSH into your EC2 instances? All other configurations are correct.
Create a VPN connection
You support a website with a large user base concentrated on the east coast, but very few users outside of that region. Traffic load is much heavier on the site during business hours so you are planning to implement Auto Scaling to optimize the number of running EC2 instances to meet the traffic load throughout the day. You are also looking for a solution to distribute traffic evenly among those instances. Which of the following solutions will distribute traffic most evenly among the EC2 instances hosting this website in the US-East-1 region?
Incorrect
Place the instances behind an Elastic Load Balancer with stickiness disabled.
Explanation
Elastic Load Balancers with sticky sessions configured may not distribute traffic equally between EC2 instances. Latency-based routing won’t evenly distribute the load among all instances, since the users are not evenly distributed and all the instances are in the same region.
You manage a technology blog website on EC2 instances in an Auto Scaling group behind an Elastic Load Balancer. Traffic volume to the site is consistently low, except during several weeks of the year when major technology conferences are occurring, when traffic increases 300 percent. What is the least advisable way to manage this environment?
Upgrade the reserved instances that handle the typical load for the website to larger reserved instances during technology conference weeks.
Explanation
Upgrading the size of reserved instances means you incur a cost to reserve resources for the entire period of the reservation, which at a minimum of one year, is much more commitment than is needed for a few week-long conferences. It’s better to keep the reserved instances sized properly to handle the typical load and use on-demand instances to handle the spikes.
Your company’s compliance department mandates that within your multi-national organization, all data for customers in the UK must never leave UK servers and networks. Similarly, US data must never leave US servers and networks without explicit authorization first. What do we have to do to comply with this requirement in our web-based applications running on AWS in EC2? The user has already set up a user profile that states their geographic location.
We can run EC2 instances in multiple regions, and leverage a third-party data provider to determine whether a user should be redirected to the appropriate region based on that user’s profiles.
What is the result of the following bucket policy? { “Statement”: [ { “Sid”: “Sid1”, “Action”: “s3:”, “Effect”: “Allow”, “Resource”: “arn:aws:s3:::mybucket/.”, “Principal”: { {“AWS”: [“arn:aws:iam::5555555555:user/jeff”]} } }, { “Sid”: “Sid2”, “Action”: “s3:”, “Effect”: “Deny”, “Resource”: “arn:aws:s3:::mybucket/”, “Principal”: { “AWS”: [ “*” ] } } ] }
It will deny all access to the bucket mybucket
Explanation
Explicit denies override allows
Your company is ready to start migrating its application over to the cloud, but you cannot afford any downtime. Your manager asks you to come up with a plan of action. She also wants a solution that offers the flexibility to test the application on AWS with only a subset of users, but with the ability to increase the number of users over time. Which of these options are you most likely to recommend?
Implement a Route53 weighted routing policy that distribute the traffic between your on-premises application and the AWS application depending on weight.
Explanation
This option works great because we can modify the weight of one record set over the other to increase or decrease the amount of traffic. If the application on AWS is behaving properly, we can slowly increase the number of users that get routed to that application and slowly phase out the on-premises application. Otherwise, we can revert back to the on-premises application.
Rule 100 in a NACL associated with subnets A and B denies HTTP traffic from 0.0.0.0/0. Rule 105 in the same NACL allows HTTP traffic from 0.0.0.0/0. EC2 Instances in subnet A are associated with a security group that allows HTTP traffic from 192.168.0.0/24. EC2 Instances in subnet B are associated with a security group that denies HTTP traffic from 128.168.0.0/24. Which of the following statements are true?
HTTP traffic from the internet will be denied to EC2 instances in both subnets due to the NACL rules.
Explanation
Rule 105 is the higher number rule and will not be evaluated. NACL rules are evaluated in order from lowest to highest so HTTP traffic from the internet will be denied to instances in subnet B.
When working with Amazon RDS, by default, AWS is responsible for implementing which two management-related activities?
Installing and periodically patching the database software, If automated backups are enabled, creating and maintaining automated database backups with a point-in-time recovery of up to five minutes
If Multi-AZ is enabled and automated backups occur on your instance, your application will experience performance issues due to the increased I/O operations caused by the automated backup.
False
Explanation
Automated backups are performed on the backup instance instead of the source database instance in order to avoid this performance degradation.
What are some steps you can take to optimize costs on AWS? (Choose three)
Purchase reserved instances, Detach underutilized EBS volumes and take a snapshot of the EBS volume and then delete the EBS volume, For RDS DB instances that consistently have 0 connections, take a snapshot of the instance and terminate the instance
Your company is being audited by a third party IT auditing service; they have asked you for details about the physical network and virtualization infrastructure. What do you tell them?
You go to your AWS rep and AWS will give that information to the third party in charge of doing your audit
Multi-AZ RDS replications use asynchronous data replication.
False
You have an Elastic Load Balancer with an Auto Scaling group for your application. You also have 4 running instances and you have Auto Scaling enabled. Some of those instances are running in one Availability Zone, and others are in a different Availability Zone. Some instances within one of the zones are not available to the ELB. What could be the cause?
The ELB isn’t configured for that Availability Zone
A colleague noticed that CloudWatch was reporting that there has not been any connections to one of your MySQL databases for several months. You decided to terminate the database. Two months after the database was terminated, you get a phone call from a very upset user who needs information from that database to run end-of-year reports. What can you do?
If you took a manual snapshot of the database, you can restore the database from that snapshot.
Explanation
Manual snapshots persist even after a database is terminated. There is not an expiration period for manual snapshots. While automated backups do have a maximum retention period of 35 days, they are deleted at the time a database is terminated.
We have terminated an instance which had a root EBS volume attached to it. What do we do now if we need to access the important data that was on this volume if we created this instance with the default storage options?
If we did not first take a snapshot of the EBS volume we will not be able to access the data after an instance termination because the volume was deleted
Explanation
By default, EBS root volumes are configured to terminate upon instance termination; however, when creating an EC2 instance we have the option to un-select the volume deletion option. We must also create snapshots of the EBS volume which we can restore the data from.
You are uploading 3 gigabytes of data every night to S3 from your on-premises data center. It takes 3 hours to upload and you are uploading it to Amazon S3. You are only using half of your available bandwidth through your internet provider. How might you decrease the amount of time to back up that 3GB of data from your on-premises data center to S3?
You can use multipart upload to speed up the upload process, You could establish a Direct Connect connection between your on-premises data center and AWS VPC
In order for reserved instances to reduce the cost of running instances, those instances must match the exact specifications of the reserved instance including: Region, Availability Zone, and instance type.
AWS announced late in 2016 that you could now apply a reserved instance to a region in order to get cost benefits across all AZs. Before this announcement, that was not the case. Because they do not update certification exams with every new feature announcement, and the SysOps course is training for the exam, we need to keep the question the way it is until they update it. With that being said, this is no longer true for “Availability Zone.”
In your infrastructure, you are running a corporate application using a T2.Small instance. You are also using a NAT instance so that your private instances can reach out to the internet without being publicly available. What is one thing that we should do to speed up bandwidth and performance?
Increase your T2.Small instance to a M3.Small or M3.Medium
Explanation
Instance size has a direct influence on the amount of data your instance can send and receive. If your AWS environment has many instances using NAT availability, a network bottleneck could occur. Increasing the instance size will increase the available network throughput.
If we want to be able to monitor billing and cost metrics, what AWS configuration do we need to enable and use?
Incorrect
Billing Alerts in Account Preferences
Explanation
CloudWatch is used to monitor billing and cost metrics, BUT we are required to enable Billing Alerts in our Account Preferences before being able to create billing alerts with CloudWatch.
What might be the cause of an EC2 instance not launching in an auto-scaling group?
The Availability zone is no longer supported, Invalid EBS device mapping, The key pair associated with EC2 instance does not exist
Best practice is to pre-warm:
EBS volumes newly created from snapshots. Pre-warm by accessing each block once.
Explanation
The read and write back method is used to pre-warm EBS volumes created from a snapshot. Fresh EBS volumes do require read or write back during pre-warming. Elastic load balancers should be pre-warmed prior to an anticipated large spike in traffic, but this is done by contacting AWS to provision additional back-end resources, not by a read and write back command.
You notice that several of your AWS environment’s CloudWatch metrics are hovering near a value of 100. Which of these are you least concerned about?
ElastiCache CurrConnections
Explanation
A high number of connections is not necessarily a bad thing, if there are adequate resources to service those connections. 100% usage of resources for the other options typically means they are strained under a heavy load. A high SpilloverCount for an Elastic Load Balancer is also bad, as you do not want requests to be rejected.
Which of the following could be a procedure for disaster recovery as it relates to RDS?
Create a read replica in a different region. In the event of a failover, promote the read replica as the primary and change the DNS for your application to point to the new primary and then enable Multi AZ.
Your RDS instance is consistently maxed out on its resource utilization. What are multiple ways to solve this issue? (Choose three)
Fire up an ElastiCache cluster in front of your RDS instance., Increase RDS instance size., Offload read-only activity to a read replica if the application is read-intensive.
Which of the following can be overridden at the EC2 instance level?
The choice to not use dedicated tenancy at the VPC level., An IAM policy explicitly allowing a user the right to terminate all EC2 instances.
Explanation
The default option for a VPC is to not use dedicated tenancy, but that can be overridden at the instance level. If the option to use dedicated tenancy is explicitly set at the VPC level, however, it cannot be overridden at the instance level. Explicit denies in IAM policies always trump explicit allows, so a user who is allowed to terminate all EC2 instances in an account can be denied the permission to terminate a particular instance.
