Section 4: ELB and ASG

Question 1

Load Balancers provide a
A) static IPv4 we can use in our application
B) static DNS name we can use in our application
C) static IPv6 we can use in our application

Answer 1

B) static DNS name we can use in our application

The reason being that AWS wants your load balancer to be accessible using a static endpoint, even if the underlying infrastructure that AWS manages changes

Question 2

You are running a website with a load balancer and 10 EC2 instances. Your users are complaining about the fact that your website always asks them to re-authenticate when they switch pages. You are puzzled, because it’s working just fine on your machine and in the dev environment with 1 server. What could be the reason?
A) The application must have a bug
B) The Load Balance does not have stickiness enabled
C) The EC2 instances log out users because they don’t see their true IPs

Answer 2

B) The Load Balance does not have stickiness enabled

Stickiness ensures traffic is sent to the same backend instance for a client. This helps maintaining session data

Question 3

Your application is using an Application Load Balancer. It turns out your application only sees traffic coming from private IP which are in fact your load balancer’s. What should you do to find the true IP of the clients connected to your website?

A) Modify the front-end of the website so that the user send their IP in the request
B) Look into the X-Forwarded-For header in the backend
C) Look into the X-Forwarded-Proto header in the backend

Answer 3

B) Look into the X-Forwarded-For header in the backend

This header is created by your load balancer and passed on to your backend application

Question 4

You quickly created an ELB and it turns out your users are complaining about the fact that sometimes, the servers just don’t work. You realise that indeed, your servers do crash from time to time. How to protect your users from seeing these crashes?

A) Enable Stickiness
B) Enable Health Checks
C) Enable SSL Termination

Answer 4

B) Enable Health Checks

Health checks ensure your ELB won’t send traffic to unhealthy (crashed) instances

Question 5

You are designing a high performance application that will require millions of connections to be handled, as well as low latency. The best Load Balancer for this is

A) Application Load Balancer
B) Classic Load Balancer
C) Network Load Balancer

Answer 5

C) Network Load Balancer

NLB provide the highest performance if your application needs it

Question 6

Application Load Balancers handle all these protocols except
A) HTTP
B) HTTPS
C) Websocket
D) TCP

Answer 6

D) TCP

Use a NLB (Network Load Balancer) support TCP instead

Question 7

The application load balancer can route to different target groups based on all these excep
A) Hostname
B) Request Path
C) Geography
D) Source Ip

Answer 7

C) Geography

Question 8

You are running at desired capacity of 3 and the maximum capacity of 3. You have alarms set at 60% CPU to scale out your application. Your application is now running at 80% capacity. What will happen?
A) Nothing
B) The desired capacity will go up to 4 and the maximum will stay at 3
C) The desired capacity will go up to 4 and the maximum will stay at 4

Answer 8

A) Nothing

The capacity of your ASG cannot go over the maximum capacity you have allocated during scale out events

Question 9

I have an ASG and an ALB, and I setup my ASG to get health status of instances thanks to my ALB. One instance has just been reported unhealthy. What will happen?
A) The ASG will keep the instance running and re-start the application
B) The ASG will detach the EC2 instance from the group, and leave it running
C) The ASG will terminate the EC2 instance

Answer 9

C) The ASG will terminate the EC2 instance

Because the ASG has been configured to leverage the ALB health checks, unhealthy instances will be terminated

Question 10

Your boss wants to scale your ASG based on the number of requests per minute your application makes to your database.
A) You politelly tell him its impossible
B) You create a CloudWatch custom metric and build an alarm on this to scale your ASG
C) You enable detailed monitoring and use that to scale your ASG

Answer 10

B) You create a CloudWatch custom metric and build an alarm on this to scale your ASG

The metric “requests per minute” is not an AWS metric, hence it needs to be a custom metric

Question 11

Scaling an instance from an r4.large to an r4.4xlarge is called
A) Horizontal Scalability
B) Vertical Scalability

Answer 11

B) Vertical Scalability

Question 12

Running an application on an auto scaling group that scales the number of instances in and out is called
A) Horizontal Scalability
B) Vertical Scalability

Answer 12

A) Horizontal Scalability

Question 13

You would like to expose a fixed static IP to your end-users for compliance purposes, so they can write firewall rules that will be stable and approved by regulators. Which Load Balancer should you use?
A) Application Load Balancer with Elastic IP attached to it
B) Network Load Balancer
C) Classic Load Balancer

Answer 13

B) Network Load Balancer

Network Load Balancers expose a public static IP, whereas an Application or Classic Load Balancer exposes a static DNS (URL)

Question 14

A web application hosted in EC2 is managed by an ASG. You are exposing this application through an Application Load Balancer. The ALB is deployed on the VPC with the following CIDR: 192.168.0.0/18. How do you configure the EC2 instance security group to ensure only the ALB can access the port 80?
A) Open up the EC2 security group on port 80 to 0.0.0.0/0
B) Open up the EC2 security group on port 80 to 192.168.0.0/18
C) Open up the EC2 security group on port 80 to the ALB’s security group
D) Load an SSL client certificate on the ALB

Answer 14

C) Open up the EC2 security group on port 80 to the ALB’s security group

A web application hosted in EC2 is managed by an ASG. You are exposing this application through an Application Load Balancer. The ALB is deployed on the VPC with the following CIDR: 192.168.0.0/18. How do you configure the EC2 instance security group to ensure only the ALB can access the port 80?

Question 15

Your application load balancer is hosting 3 target groups with hostnames being users.example.com, api.external.example.com and checkout.example.com. You would like to expose HTTPS traffic for each of these hostnames. How do you configure your ALB SSL certificates to make this work?
A) Use SNI
B) Use a wildcard SSL certificate
C) Use an HTTP to HTTPS redirect rule
D) Use a security group SSL certificate

Answer 15

A) Use SNI

SNI (Server Name Indication) is a feature allowing you to expose multiple SSL certs if the client supports it. Read more here: https://aws.amazon.com/blogs/aws/new-application-load-balancer-sni/

Question 16

An ASG spawns across 2 availability zones. AZ-A has 3 EC2 instances and AZ-B has 4 EC2 instances. The ASG is about to go into a scale-in event. What will happen?
A) The AZ-A will terminate an instance randomly
B) The AZ-A will terminate the instance with the oldest launch configuration
C) The AZ-B will terminate the instance with the oldest launch configuration
D) The AZ-B will terminate an instance randomly
E) The AZ-A will create an EC2 instance

Answer 16

C) The AZ-B will terminate the instance with the oldest launch configuration

Make sure you remember the Default Termination Policy for ASG. It tries to balance across AZ first, and then delete based on the age of the launch configuration.

Question 17

The Application Load Balancers target groups can be all of these EXCEPT...
A) EC2 Instances
B) IP Addresses
C) Lambda Functions
D) Network Load Balancers

Answer 17

D) Network Load Balancers

Question 18

You are running an application in 3 AZ, with an Auto Scaling Group and a Classic Load Balancer. It seems that the traffic is not evenly distributed amongst all the backend EC2 instances, with some AZ being overloaded. Which feature should help distribute the traffic across all the available EC2 instances?
A) Stickiness
B) Cross Zone Load Balancing
C) Target Group Rrouting Rules
D) HTTPS termination

Answer 18

B) Cross Zone Load Balancing

Question 19

Your Application Load Balancer (ALB) currently is routing to two target groups, each of them is routed to based on hostname rules. You have been tasked with enabling HTTPS traffic for each hostname and have loaded the certificates onto the ALB. Which ALB feature will help it choose the right certificate for your clients?
A) TLS Termination
B) Server Name Indication (SNI)
C) SSL Security Polocies
D) Host Header

Answer 19

B) Server Name Indication (SNI)

Server Name Indication (SNI) is an extension to the TLS protocol that is supported by browsers and clients released after 2010. If you configure CloudFront to serve HTTPS requests using SNI, CloudFront associates your alternate domain name with an IP address for each edge location.

Question 20

An application is deployed with an Application Load Balancer and an Auto Scaling Group. Currently, the scaling of the Auto Scaling Group is done manually and you would like to define a scaling policy that will ensure the average number of connections to your EC2 instances is averaging at around 1000. Which scaling policy should you use?
A) Simple Scaling Policy
B) Step Scaling Poliy
C) Target Tracking
D) Scheduled Scaling

Answer 20

C) Target Tracking