Route 53, Cloud Front, DNS, SSL Flashcards

1
Q

S3 bucket uses CF using signed URL.
Access is allowed even without sighned URL

A

To utilise signe­d­URL’s on a Cloud­Front dis­tri­b­ution you need to con­fig­ure it to be pri­vate - in doing so it be­come 100% pri­vate. To fix this is­sue you need to cre­ate an Ori­gin Ac­cess identi­ty (OAI) (C) and then con­fig­ure the buck­et pol­i­cy
to ONLY al­low this OAI to ac­cess the buck­et.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which DNS Record type is used to com­mon­ly veri­fy do­main own­er­ship?

A

TXT records (E) are gen­er­al­ly used to ver­i­fy domain own­er­ship by stor­ing a unique code which can
be ver­i­fied via DNS res­o­lu­tion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The trycatsinstead.doggogram.io application has become really popular and you are noticing with billions of visits per day, there are some DNS costs which are becoming a concern. The application is currently using an application load balancer and you have the trycatsinstead record within the doggogram.io hosted zone using a CNAME record and pointing at the ALB A record. Which of the following is a good option to reduce the costs, without risking disruption to the application and staying compliant with the DNS standards (choose one)

A

Delete and recreate the app using Alias record
Alias­es can be used at a do­main apex
and are cheap­er to use vs CNAMES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

plan the deployment of SSL certificates using ACM across multiple regions

A

1 SSL certificate per region

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

You have arranged the registration of a domain using another provider. You want to use R53 to host the records for this domain. What steps should you take to make the domain records configurable within Route 53 (Choose 3)

A

Cre­ate a pub­lic host­ed zone in R53
Get the NS records for the host­ed zone
Up­date the NS val­ues on the do­main record

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

You have created a custom VPC and have launched 50 EC2 instances using an auto scaling group. You notice that none of the instance receives a public IPv4 DNS name and instances within the ASG cannot resolve any DNS names. Which of the following you should do to resolve the issue (choose one)

A

Set the en­able­DNSHost­Names to true and the
en­able­Dns­Sup­port to true on the VPC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What process occurs when the primary node of an RDS deployment fails (choose one)

A

The CNAME changes to the secondary node

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A leading US-based 24/7 online news network is planning to expand its reach and launch its paid news subscription in Europe, Asia and Oceania regions. You are instructed to implement multi-region AWS deployments for all their cloud infrastructure where their online platform is hosted.

In this scenario, which Amazon Route 53 feature would minimize response time of their platform for its subscribers?

A

Latency-based routing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A microservice application is being hosted in the ap-southeast-1 and ap-northeast-1 regions. The ap-southeast-1 region accounts for 80% of traffic, with the rest from ap-northeast-1. As part of the company’s business continuity plan, all traffic must be rerouted to the other region if one of the regions’ servers fails.

Which solution can comply with the requirement?

A

Set up an 80/20 weighted routing policy in AWS Route 53 and enable health checks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A real-estate company is leveraging an Elastic Load Balancer that uses a TLS certificate to provide HTTPS security to its website visitors. Users reported outages because of the TLS certificate expiry, and the SysOps administrator needs to find a solution that automates the renewal of the certificate.

What is the MOST operationally efficient approach to perform the automation required?

A

Register a public certificate via AWS Certificate Manager (ACM). Associate the newly registered certificate from ACM to the ELB. ACM automatically handles certificate renewal so there’s no need for further configuration.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A real-estate company is hosting a website on a set of Amazon EC2 instances behind an Application Load Balancer. The SysOps administrator used CloudFront for its content distribution and set the ALB as the origin. He also created a CNAME record in Route 53 that sends all traffic through the CloudFront distribution. Users started to report that they are being served with the desktop version of the website when using mobile phones.

Which action can help the SysOps administrator resolve the issue?

A

Update the CloudFront distribution origin settings. Add a User-Agent header to the list of origin custom headers.

NOT Set the cache behavior of the CloudFront distribution to forward the User-Agent header is incorrect because you can’t set the cache behavior of a CloudFront distribution to forward the User-Agent header. This is configured in the Origin Custom Headers setting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A leading national bank migrated its on-premises infrastructure to AWS. The SysOps Administrator noticed that the cache hit ratio of the CloudFront web distribution is less than 15%.

Which combination of actions should he do to increase the cache hit ratio for the distribution? (Select TWO.)

A

– In the Cache Behavior settings of your distribution, configure to forward only the query string parameters for which your origin will return unique objects.

– Configure your origin to add a Cache-Control max-age directive to your objects, and specify the longest practical value for max-age to increase your TTL.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A SysOps Administrator needs to set up a PostgreSQL database server that runs on a Reserved EC2 instance which will be used by various internal applications within a VPC. To simplify the naming convention of the database server, the Administrator is planning to allocate a custom domain name for the database.

Which of the following should the Administrator do to complete this task?

A

Set up a private hosted zone in Route 53. Create an A or AAAA record, such as db.tutorialsdojo.com, and specify the IP address of the database server.

NOT Set up a private hosted zone in Route 53. Create a CNAME record, such as db.tutorialsdojo.com, and specify the IP address of the database server is incorrect because it suggests using a CNAME record, which is not recommended for use with database servers. CNAME records are alias records and they can cause additional DNS lookups and result in performance issues.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A crowdfunding company has hired you for consultation services. They have set up many crowdfunding projects on their website using Lambda, CloudFront, and S3, and they have asked you to evaluate them. They want to add new features, such as logging statistical data on how much their website is being accessed, how successful their crowdfunding projects are, and a way to check if people within their company are maliciously modifying website content.

Which of the following will you recommend to address these requests in a cost-effective way? (Select TWO.)

A

– Use CloudFront monitoring and usage reporting features to analyze access data and viewer data.

– Use CloudTrail to log all activity within the AWS account.|

NOT Associate a security group in the S3 bucket to secure and monitor all requests is incorrect because you can’t associate a security group in Amazon S3. This will not help you monitor and log user activities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A company is hosting a multi-tiered web application that consists of an e-commerce module as well as a blogging site that fetches data from a database. Some articles, which are static web pages, have lots of page hits and sometimes cause the application to behave slowly.

Which of the following can be used to alleviate the issue of slow loading times when many users are visiting the application for such pages, in the MOST cost-effective way?

A

Consider hosting the web pages using static web site hosting in S3.

NOT Consider using the latency policy in Route 53 is incorrect since this is used for routing of traffic between multiple sites.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A website application is hosted on-premises, and a SysOps administrator plans to consider using Route 53 options to make the application highly available. The application is deployed on a primary server (Alpha) and a secondary passive server (Delta). She needs to configure Route 53 to direct traffic to the Alpha server if a health check returns 2xx or 3xx HTTP status codes. Else, other traffic should route towards the Delta server. The routing policies, failover record types, and record IDs are configured correctly for both servers.

What step should the SysOps administrator perform next?

A

Create an A record for both Alpha and Delta servers. Then, associate the new records with a Route 53 HTTP health check.

NOT Create an alias record for both Alpha and Delta servers. Set the Evaluate Target Health setting to Yes. Then, associate the records with a Route 53 TCP health check is incorrect because an alias record only allows you to route traffic to selected AWS resources or to another record. It will not help you route traffic to an on-premises server.

17
Q

A company launched a global cryptocurrency exchange portal which uses a total of 20 EC2 instances evenly deployed across 4 regions (5 instances per region). An Application Load Balancer has also been set up in each region to distribute the incoming traffic to the EC2 instances.

How can the SysOps Administrator set up the portal to maintain site availability if one of the 4 regions was to lose network connectivity for an extended period of time?

A
  1. Set up a Route 53 Latency Based Routing Record Set that resolves to the Application Load Balancers in each region.
  2. Set the Evaluate Target Health flag to true.

NOT 2. Set an appropriate health check on each ELB is incorrect because it also does not address the issue of routing traffic to a non-responsive ALB in a disconnected region.

18
Q

A school is planning on recreating their own website by adding new features to it and making it more interactive for visitors. Because of this, they would like to create subdomains that redirects to the new webpages, while reusing their old parent domain registered in an external DNS service for the main page of the website.

What would be a cost-effective solution for creating subdomains without having to migrate the parent domain?

A

Create a Route 53 hosted zone for the subdomain. Add records for the new subdomain to your Route 53 hosted zone. Update the DNS service for the parent domain by adding name server records for the subdomain.

19
Q

A popular entertainment website, which provides Hollywood events and celebrity news articles, is using a CloudFront web distribution. The Origin Shield feature is configured in CloudFront to serve as an additional layer to minimize the origin’s load, improve its availability, and reduce operating costs.

One of their writers accidentally posted a fake photo which was automatically cached in CloudFront. The photo should be removed immediately, even before the cache expires.

What will you do in order to fix this issue? (Select TWO.)

A

– Invalidate the file from edge caches.

– Use file versioning to serve a different version of the file that has a different name.

NOT Manually remove the photo from the CloudFront servers by using the AWS CLI is incorrect because you cannot manually remove a file in CloudFront using the AWS CLI