TD Exam 2 - Short Review

Question 1

What Load Balancer should you use if you want unbroken encryption

Answer 1

NLB

Question 2

Which Load Balancer should you use if you want Static IP for whitelisting

Answer 2

NLB

Question 3

Which Load Balancer should you use if you want the fastest performance (millions of rps)

Answer 3

NLB

Question 4

Which Load Balancer should you use if you want to use a protocol other than HTTP or HTTPS

Answer 4

NLB

Question 5

Which Load Balancer should you use if you need Private Link

Answer 5

NLB

Question 6

Which Load Balancer should you use if you need to use Layer 7 information

Answer 6

ALB

Question 7

Which Load Balancer should you use for a gRPC app

Answer 7

ALB

Question 8

Can you assign an Elastic IP to an ALB

Answer 8

No

Question 9

Can you assign an Elastic IP to a NLB

Answer 9

Yes

Question 10

What are the protocol versions for ALB

Answer 10

HTTP1
HTTP2
gRPC

Question 11

Do NLBs support gRPC

Answer 11

No

Question 12

What are some use cases for Lambda@Edge

Answer 12

A/B Testing
Migration between S3 origins
Different Objects Based on Device
Content by Country
Overriding a response header
Redirect unauthenticated users to a sign-in page
Normalize query string params for better cache hits

Question 13

What should you used if you want to do A/B testing with CloudFront

Answer 13

Lambda@Edge on the viewer request

Question 14

What should you used if you want to do migration between S3 origins with CloudFront

Answer 14

Lambda@Edge on the Origin request

Question 15

What should you used if you want to do different objects based on device with CloudFront

Answer 15

Lambda@Edge on the Origin request

Question 16

What should you use if you want to do different content by country with CloudFront

Answer 16

Lambda@Edge on the Origin request

Question 17

What do CloudFront Header Policies do

Answer 17

They tell which HTTP headers should be included or excluded in the responses sent by CloudFront

Question 18

Which service should you use for transferring large sets of data to aws?

Answer 18

DataSync, not storage gateway

Question 19

When should you use DataSync

Answer 19

When you need reliable transfer of large amounts of data

Question 20

What is Amazon EMR

Answer 20

A managed cluster platform that simplifies running big data frameworks, like Apache Hadoop and Apache Spark

Question 21

What can you use Amazon EMR for

Answer 21

To process data, to transform and move large amounts of data in and out of AWS data stores and databases

Question 22

What is Amazon Redshift

Answer 22

A cloud data warehouse

Question 23

What does Redshift do

Answer 23

It makes it fast, simple and cost-effective to analyze all your data using standard SQL and existing BI tools

Question 24

What is AWS Network Firewall

Answer 24

A stateful, managed network firewall and intrusion detection and prevention service for VPC

Question 25

Where do you create an AWS Network Firewall

Answer 25

In your VPC

Question 26

Where do AWS Network Firewalls filter traffic

Answer 26

At the perimeter of the VPC

Question 27

At which level do Security Gorups provide protection

Answer 27

Instance level

Question 28

At what level do NACLs provide protection

Answer 28

Subnet level

Question 29

At what level foes WAF provide protection

Answer 29

Endpoint level

Question 30

What is needed if you set up AWS Network Firewall

Answer 30

Reroute VPC network traffic through the firewall endpoint

Question 31

How do you ensure 2 instances in different subnets can communicate

Answer 31

NACLs to allow traffic between subnets
SGs to allow instance to instance communication

Question 32

Do you launch Aurora in subnets

Answer 32

yes

Question 33

What is the default value for ASGs cooldown

Answer 33

300

Question 34

What does cooldown do in ASGs

Answer 34

It ensures that auto-0scaling does not terminate or launch instances before the previous scaling activity has taken effect

Question 35

Are cooldowns in ASGs configurable

Answer 35

Yes

Question 36

When would you use RDS Proxy

Answer 36

If you have a too many connections error
If you’re using Lambda
When you need long-running connections
When resilience to db failure is important

Question 37

What do you pay for in API Gateway

Answer 37

Per API call and for data transferred out

Question 38

Which APIs are supported by API Gateway

Answer 38

REST, HTTP, WebSockets

Question 39

What does AWS Config do

Answer 39

It enables you to assess, audit and evaluate the configurations of AWS resources

Question 40

What does AWS Inspector do

Answer 40

It scans EC2 instances and its OS (also containers) for vulnerabilities and deviations against best practices
Can do networking assessment

Question 41

What does GuardDuty do

Answer 41

It generates findings of suspicious activities using AI. It is used with data sources and can be cross-account

Question 42

How does failover occur in RDS multi-AZ

Answer 42

CNAME is switched from primary to standby instance

Question 43

Can DMS work with DynamoDB

Answer 43

Yes

Question 44

Can you use S3 as a target for DMS

Answer 44

Yes, and it will write data as CSV by default
Can also use parquet format if you want something more compact with faster queries

Question 45

How can you encrypt DMS connections

Answer 45

Use SSL by assigning a certificate to a DMS endpoint

Question 46

Do you need to set up SSL for Redshift data transfer

Answer 46

No, it’s endpoint already uses SSL, no need to set it up in DMS

Question 47

What is Landing Zone

Answer 47

It allows you to set up a well-architected multi-account environment with rules for security, operations and internal compliance

Question 48

How can you allow Organizational Units to launch new accounts with preapproved configurations

Answer 48

Use AWS Control Tower with guardrails to enfore policies or detect violations

Question 49

What is Control Tower GuardRails

Answer 49

It provides governance controls by preventing the creation of resources that don<t conform

Question 50

What other AWS services are used by Control Tower Guardrails

Answer 50

CloudFormation to establish a baseline
AWS Organization Service Control POlicies to prevent configuration changes
AWS Config rules to continuously detect non-complicance

Question 51

How do you specify a role for an ECS task

Answer 51

Declare the IAM Role in the taskRoleArn section of the task definition

Question 52

What is a service that is very suitable for batch jobs

Answer 52

ECS

Question 53

How can you use an existing Directory for AWS sign in

Answer 53

Use IAM Identity center (Federation)

Question 54

What do SCPs do

Answer 54

They say what permissions can be granted to identities in accounts in an organization

Question 55

Is the directory service intended to be used for multi-account auth purposes

Answer 55

No, not directly from AWS Organization, you still need IAM Identity center

Question 56

How do you use an existing directory service for user authentication

Answer 56

Configure IAM Identity center and integrate it using the Active Directory Connector

Question 57

Is there an option to use an external authentication on AWS Organizations

Answer 57

No

Question 58

Can you create VPC peering between onprem network and VPC

Answer 58

No

Question 59

Do peered VPCs support edge-to-edge routing

Answer 59

No

Question 60

Can VPC peering transmit a VPN connection

Answer 60

No

Question 61

Can VPC peering transmit a Direct Connect connection

Answer 61

No

Question 62

Can VPC peering transmit an internet connection from an Internet Gateway

Answer 62

No

Question 63

What are some services you can use to create a decoupled architecture for apps onprem and in AWS

Answer 63

SQS and SWF (Simple Workflow Service)

Question 64

Where can workers from SWF be

Answer 64

On cloud or onprem

Question 65

What is Amazon SWF

Answer 65

A web service that makes it easy to coordinate work across distributed application components

Question 66

What are the 2 main concepts in SWF

Answer 66

Tasks: invocation of logical steps in applications
Workers: programs that interact with SWF to get tasks, process them and return their results

Question 67

Can subnets span AZs

Answer 67

No

Question 68

For VPCs, are IPv4 CIDR ranges required

Answer 68

Yes

Question 69

For VPCs, are IPv6 CIDR ranges required

Answer 69

No

Question 70

Can you disable IPv4 for a VPC

Answer 70

No

Question 71

What do you need to attach to your VPC to have a VPN

Answer 71

Virtual Provate Gateway

Question 72

What are the steps to implement a VPN to a VPC

Answer 72

Attach a virtual private gateway to the VPC
Create a custom route table
Update security group rules
Create an AWS-managed VPN connection

Question 73

What does a customer gateway resource fo in AWS

Answer 73

It provies information to AWS about your customer gateway device

Question 74

Do Customer Gateways need a publicly routable static IP

Answer 74

Yes

Question 75

Do you need to attach an elastic IP to a Virtual Private Gateway

Answer 75

No

Question 76

Do you need a NAT instance to create a VPN connection

Answer 76

No

Question 77

What does geoproximity routing do

Answer 77

It gives the CLOSEST record

Question 78

Is EBS off-instance

Answer 78

Yes

Question 79

Can EBS volumes be attached to any EC2 instance in any AZ

Answer 79

No, it is only in one AZ

Question 80

Do EBS volumes support live configuration changes while in production

Answer 80

Yes, you can modify volume type, volume size and IOPS capacity without service interuption

Question 81

Can you modify EBS volume size without interruption

Answer 81

Yes

Question 82

Can you modify EBS volume type without interruption

Answer 82

Yes

Question 83

Can you modify EBS IOPS capacity without interruption

Answer 83

Yes

Question 84

Does EBS automatically replicate to another AZ

Answer 84

No

Question 85

Does EBS do automatic replication

Answer 85

Yes, within an AZ

Question 86

What types of EBS and EC2 instance types allow multi-instance connection

Answer 86

Provisioned IOPS SSD (io1) attached to multiple Nitro-based instances using EBS Multi-Attach

Question 87

What kind of VPC endpoint can be used with DynamoDB

Answer 87

Gateway endpoint

Question 88

What do you specify when you create a DynamoDB Gateway endpoint

Answer 88

Specify the VPC where it will be deployed and the route table that will be associated with the endpoint

Question 89

How can you implement department-by-department cost-tracking

Answer 89

Tag resources with the department name and enable cost allocation tags

Question 90

What is a tag in AWS

Answer 90

A label you associate to an AWS resource
COnsists of a key and a value
Each tag key must be unique
Each tag key can only have one value

Question 91

What are tags used for in AWS

Answer 91

To organize resources

Question 92

What are cost allocation tags used for in AWS

Answer 92

to track costs on a detailed level

Question 93

What does AWS Budget do

Answer 93

It allows you to be alerted and run custom actions if budget thresholds are exceeded

Question 94

Where do you need to activate tags to enable cost-tracking

Answer 94

In Billing and Cost management console

Question 95

What is Amazon EMR

Answer 95

A managed cluster that simplifies running big data frameworks on AWS to process and analyze vast amounts of data. It can do ETL

Question 96

What service should you associate with the phrase “big data processing frameworks”

Answer 96

EMR

Question 97

What service should you associate with the phrase “access data using various business intelligence tools and standard SQL queries”

Answer 97

Amazon Redshift

Question 98

Can you use big data frameworks effectively with Glue

Answer 98

No, use EMR

Question 99

What service allows you to do SQL queries in S3

Answer 99

Athena

Question 100

What does S3 select feature do

Answer 100

Allows you to run simple SQL queries against a subset of data from a specific S3 object

Question 101

What does Amazon Managed Service for Apache Flink studio do

Answer 101

Process streaming data

Question 102

What should you do to convert csv files to Parquet

Answer 102

Scheduled ETL job in AWS Glue, use crawler to automatically discover raw data

Question 103

What is a fanout scenario

Answer 103

SNS topic used to push to multiple places (multiple SQS queues subscribed to the topic)

Question 104

How can you limit what an SNS subscriber gets

Answer 104

SNS message filtering; by default, they receive everything

Question 105

Can you specify failover for Route 53

Answer 105

Yes

Question 106

What happens when you enable failover in route 53

Answer 106

It points to secondary when primary is unhealthy

Question 107

What do you need to host a static website on S3

Answer 107

An S3 bucket with the same name as the domain or subdomain configured to host a static website
Registered domain name
Route 53 as the DNS service for the domain

Question 108

Does the S3 bucket need to be in the same region as the R53 hosted zone for a static website

Answer 108

No

Question 109

What is a Bastion host

Answer 109

EC2 in public subnet with public or elastic IP with sufficient RDP or SSH access. Users log into it to manage other hosts in private subnets

Question 110

What protocol do you use with a Windows Bastion host

Answer 110

RDP

Question 111

What is Amazon Data Lifecycle Manager used for

Answer 111

Can use it to automate the creation, retention and deletion of snapshots taken to back up EBS

Question 112

Is there such a thing as EBS lifecycle policy

Answer 112

No