SA Professional Exam

Question 1

How long does it take to get data out of Glacier?

Answer 1

It can take AT LEAST 3 hours

Question 2

What storage type provides the ability to create point-in-time snapshots of data volumes?

Answer 2

EBs

Question 3

Which three services have automated backups?

Answer 3

RDS
Elasticache (Redis only)
Redshift

Question 4

Which service does not have automated backups?

Answer 4

EC2

Question 5

In Read Replicas vs Multi-AZ;

Which is used for scaling?

Answer 5

Read Replicas

Question 6

In Read Replicas vs Multi-AZ;

Which is used for DR/MultiAZ?

Answer 6

Multi-AZ

Question 7

How many read replicas can you have?

Answer 7

Up to 5

Question 8

Can you have read replicas in different regions?

Answer 8

Yes - With the exception of SQL Server and Oracle

Question 9

Are read replicas synchronous or asynchronous?

Answer 9

Asynchronous

Question 10

[T/F] Read Replicas can be made off of Multi-AZ’s database

Answer 10

True

Question 11

[T/F] Read Replicas can be in Multi-AZ.

Answer 11

True

Question 12

Can you have a read replica of a read replica? Will this increase latency?

Answer 12

Yes, but only for MySQL and this will increase latency

Question 13

DB Snapshots and Automated backups [can/cannot] be taken of read replicas.

Answer 13

Can - but are not enabled by default

Question 14

If you application does not require transaction support, Atomicity, Consistency, Isolation, Durability (ACID) compliance, joins & SQL… What should you consider using instead of RDS?

Answer 14

DynamoDB

Question 15

What are the 4 different Storage Gateway Types?

Answer 15

File Gateway
Gateway-Cached Volumes
Gateway-Stored Volumes
Gateway-Virtual Tape Library

Question 16

How long does it take to access virtual tapes in your virtual tape library?

Answer 16

Instantaneous

Question 17

How long does it take to access your virtual tapes from your virtual tape shelf?

Answer 17

It can take 24 hours

Question 18

How is Storage Gateway encrypted?

Answer 18

Encrypted using SSL for transit

Encrypted at rest in S3 using AES-256

Question 19

How are Gateway-Stored Volumes stored?

Answer 19

Stored data as Amazon EBS Snapshots in S3.

Question 20

Gateway Storage snapshots [can/cannot] be scheduled.

Answer 20

Gateway Storage Volumes can be scheduled.

Question 21

Gateway Storage bandwidth [can/cannot] be throttled.

Answer 21

Gateway storage can be throttled - which is great for remote sites

Question 22

AWS Snowball _______ and _________ from S3.

Answer 22

Import; Export

Question 23

AWS Import Export can only _______ to S3.

Answer 23

Import

Question 24

_______ make it easy to group your resources using the tags that are assigned to them. You can group resources that share one or more tags.

Answer 24

Resource groups

Question 25

_________ allows you to get volume discounts on all your accounts.

Answer 25

Consolidated billing

Question 26

With consolidated billing, _____ is on a per account and per region basis but can be aggregated into a single bucket in the paying account.

Answer 26

CloudTrail

Question 27

The contract length for Reserved Instances is between __ and __ years.

Answer 27

1 & 3

Question 28

What are the 3 types of RIs?

Answer 28

Standard, Convertible, Scheduled

Question 29

Which of the RIs offers the largest discount?

Answer 29

All Upfront RIs

Question 30

Standard RIs for EC2 can be modified, but only if they are in the same _______ and only if the ______ factors are equal and only for the Linux operating system.

Answer 30

Family; Normalization;

Question 31

You can switch EC2 RIs between ______, but not between ______.

Answer 31

AZs; Regions

Question 32

EC2 RIs [can/cannot] be sold on the marketplace.

Answer 32

can

Question 33

Can you have reserved RDS instances?

Answer 33

Yes

Question 34

With RDS reserved instances, you can move ______ but not _______.

Answer 34

AZ’s but not regions.

Question 35

Elastic Beanstalk [can/cannot] provision RDS instances.

Answer 35

can

Question 36

Elastic Beanstalk [does/does not] support IAM.

Answer 36

does

Question 37

You have ___ access to the resources under Elastic Beanstalk.

Answer 37

full

Question 38

Elastic Beanstalk code is stored in ___.

Answer 38

S3

Question 39

With Elastic Beanstalk, ________ environments are allowed to support version control.

Answer 39

multiple

Question 40

Elastic Beanstalk [can/cannot] roll back changes.

Answer 40

can

Question 41

With Elastic Beanstalk, ______ the changes from ____ repositories are replicated.

Answer 41

Only the changes from Git repositories

Question 42

Amazon Elastic Beanstalk supports which AMIs?

Answer 42

Linux AMI & Windows 2012 R2

Question 43

OpsWork consists of ________ and ________.

Answer 43

Stacks; Layers

Question 44

OpsWorks runs on _____.

Answer 44

Chef

Question 45

In OpsWork, layers contain AWS resources such as…

Answer 45

EC2
ELB
RDS

Question 46

In OpsWork, layers are like _____, ______, and _______ layer.

Answer 46

Web; Application; Database

Question 47

In OpsWork, each stack will have how many layers?

Answer 47

1 or more

Question 48

What happens to any EC2 instance added outside of the OpsWork stack in ELB?

Answer 48

OpsWork will remove

Question 49

CloudFormation uses ________ to resolve dependency between resource creation.

Answer 49

wait condition

Question 50

What is mandatory for a CloudFormation template?

Answer 50

Resources

Question 51

With CloudFormation, you can create multiple ____ inside of one template.

Answer 51

VPCs

Question 52

If you wanted to connect VPCs in your CloudFormation template. You can enable _____________ using CloudFormation, but only within the same AWS account.

Answer 52

VPC Peering

Question 53

CloudFormation supports _____, ________, and _____ scripts.

Answer 53

Chef; Puppet; Bootstrap

Question 54

With CloudFormation, you can use ________ to output data.

Answer 54

Fn:GetAtt

Question 55

By default, the _______________ feature is enabled in CloudFormation.

Answer 55

“automatic rollback on error”

Question 56

CloudFormation itself costs what?

Answer 56

Nothing

Question 57

_______ is completely supported with CloudFormation. This includes creating new hosted zones or updating existing ones.

Answer 57

Route53

Question 58

If you are accessing services using HTTPs endpoints (think DynamoDB, S3) use public ____.

Answer 58

VIFs

Question 59

If you are accessing VPCs using private IP address ranges, use private ______.

Answer 59

VIFs

Question 60

In the US, you need ___ direct connect connection(s) to connect to all 4 US regions.

Answer 60

1

Question 61

Does data transferred between regions go over public internet?

Answer 61

No

Question 62

Layer 2 connections [are/are not] supported by direct connect.

Answer 62

Are not

Question 63

What is the difference between a Customer Gateway and a Virtual Private Gateway?

Answer 63

Customer Gateway - Customer side

Virtual Private Gateway - AWS Side

Question 64

Which ports does EC2-VPC ELB support?

Answer 64

1-65536

Question 65

What ports does the EC2-Class ELB support?

Answer 65

25
80/443
465
587
1024-65535

Question 66

Can you assign an Elastic IP to an Elastic Load Balancer?

Answer 66

No

Question 67

You can load balance to the _________ of your domain name with ELBs.

Answer 67

Zone Apex

Question 68

If you have multiple SSL certifications you should use ________ Elastic Load Balancers, unless you have a wildcard certificate.

Answer 68

Multiple

Question 69

A placement group [can/cannot] span availability zones but it [can/cannot] span subnets, provided that they are in the same VPC.

Answer 69

cannot; can

Question 70

You [can/cannot] move existing instances to placement groups.

Answer 70

cannot

Question 71

How can you reduce bottlenecks with NATs?

Answer 71

Scale up and Scale out;

If you scale out, add an additional NAT & subnet and migrate half your workload to the new subnet.

Question 72

Can you peer VPCs from different regions?

Answer 72

Nope

Question 73

If you peer two VPCs, what needs to be updated?

Answer 73

Security groups & make sure that a route table has been created in both VPCs to allow traffic.

Question 74

If your application is more oriented toward indexing and querying data, it may be better to use this Amazon DB for your needs.

Answer 74

DyanmoDB

Question 75

If your application has number BLOB data (binary large objects) then what would be a good choice for storage?

Answer 75

S3

Question 76

If you need fully automated scaling, which DB is best?

Answer 76

DynamoDB

Question 77

If you’re looking to scale your database up you should use ________, if you’re looking to scale out use ________.

Answer 77

RDS; DynamoDB

Question 78

Databases that require Joins and/or complex transactions should look to utilize what database options with AWS?

Answer 78

Amazon RDS or Amazon EC2 with self-managed database

Question 79

If you plan to store very large amounts of data that are infrequently accessed (Low I/O rates) where should you store that data?

Answer 79

S3

Question 80

Use _______ to optimize both GETs & PUTs with S3.

Answer 80

Parallelization

Question 81

S3 stores data in __________ order so you have to __________ the data.

Answer 81

Lexicographical; randomize

Question 82

You can secure S3 by doing what 3 things?

Answer 82

• Using Bucket policies
• Using MFA Delete
• Backing your Bucket Up to Another S3 Bucket Owned by a separate account

Question 83

CloudHSM is _____ tenanted.

Answer 83

Single Tenanted (1 physical device, for you only)

Question 84

CloudHSM must be used in _____.

Answer 84

a VPC

Question 85

You can use ___________ to connect o a CloudHSM from another VPC.

Answer 85

VPC Peering

Question 86

IF you need fault tolerance with your CloudHSM, you need to build a ________.

Answer 86

Cluster

Question 87

CloudHSM can integrate with the following databases & warehouses:

Answer 87

RDS (Oracle & SQL)

Redshift

Question 88

You monitor CloudHSM via ______.

Answer 88

Syslog

Question 89

The two types of directory services are ____ and ________.

Answer 89

AD Connector; Simple AD

Question 90

By default, CloudWatch Logs will store your log data for how long?

Answer 90

Indefinitely

Question 91

The default CloudWatch Alarm History is only how many days?

Answer 91

14

Question 92

Step 1 of 3 for developing an Identity Broker is:

Answer 92

Develop an Identity Broker to communicate with LDAP & AWS STS

Question 93

Step 2 of 3 for developing an Identity Broker is:

Answer 93

Identity Broker always communicates with LDAP first, THEN with AWS STS

Question 94

Step 3 of 3 for developing an Identity Broker is:

Answer 94

Application then gets temporary access to AWS resources.

Question 95

AWS Security Token Service returns which four values upon request for a federated token?

Answer 95

A Token
A Secret Access Key
Access Key ID
A Duration

Question 96

True or False: To minimize the attack surface area, servers can be placed behind a bastion host, through which all traffic must pass.

Answer 96

False

Question 97

If you want Intrusion Prevention AND Intrusion Detection you should use what?

Answer 97

A IPS tool