TD Exam 5 - Review

Question 1

What is the minimum billing duration for AWS Glue

Answer 1

1 minutes

Question 2

Can AWS Batch automatically provision capacity for your batch jobs

Answer 2

Yes

Question 3

Does step scaling use CloudWatch Alarms

Answer 3

Yes

Question 4

What deos step scaling vary depending on

Answer 4

Size of alarm breach

Question 5

What does simple scaling depend on

Answer 5

A SINGLE scaling adjustment

Question 6

Is there such a thing as AWS Storage Gateway Hardware appliance

Answer 6

Yes

Question 7

What do you do if you want to use Storage gateway with an app that does not run on virtualized stuff

Answer 7

Storage Gateway Hardware appliance

Question 8

What kind of storage gateway do you need to use if you want SMB or NFS

Answer 8

File Gateway

Question 9

What protocol is used by Storage gateway volume mode

Answer 9

iSCSI, it’s block devices

Question 10

What does AppSync Gateway do

Answer 10

It offers an elegant server-side solution to aggregate data from multiple databases

Question 11

What is edge-optimized API Gateway used for

Answer 11

With CloudFront

Question 12

What can Transit Gateway use to make VPN more scalable

Answer 12

Equal Cost Multipath Routing, to do routing over multiple VPN tunnels

Question 13

What is the max throughput of a VPN tunnel

Answer 13

1.25 Gbps

Question 14

How many Virtual Private Gateways can VPCs have

Answer 14

One

Question 15

Can you have more than 2 tunnels for a VPN

Answer 15

No

Question 16

Will having a second Customer gateway device increase throughput of a VPN

Answer 16

No, only the redundancy

Question 17

What does Aurora do during Failover if you have no standby and are not serverless

Answer 17

Attemps to create new instance in same AZ, best efforts

Question 18

What happens during Aurora failover if you have a replica

Answer 18

CName flips to helathy relica. Around 30 s

Question 19

What does Aurora do during Failover if you have no standby and are serverless

Answer 19

Aurora automatically recreate db in different AZ

Question 20

What should you put in Route 53 to link an ALB

Answer 20

ALB DNS name

Question 21

Can you create CNAME records for you zone Apex

Answer 21

No

Question 22

Is data between EBS and EC2 encrypted if you use EBS encryption

Answer 22

Yes

Question 23

Are snapshots encrypted automatically if you use EBS encryption

Answer 23

Yes

Question 24

Are volumes created from encrypted EBS snapshots also encrypted

Answer 24

Yes

Question 25

What do you use to configure instances without SSH and RDP if Systems Manager is enabled

Answer 25

Run Command

Question 26

Should you use NACLs to deny access from a country

Answer 26

No, there is a lot of IPs in a country

Question 27

What should you do to deny access from a Country

Answer 27

AWS WAF

Question 28

What is Amazon Workspaces used for

Answer 28

Virtual Desktops

Question 29

Are cloudtrail files encrypted by default

Answer 29

Yes, using SSE

Question 30

Can EBS volumes be used when a snapshot is in progress

Answer 30

Yes

Question 31

How does data load to a volume created from EBS snapshot

Answer 31

Lazily and in the background

Question 32

Can Network firewall be used to inspect traffic entering and exiting a VPC

Answer 32

Yes

Question 33

is Network Firewall stateless

Answer 33

No, it is stateful

Question 34

Can you set lifecycle policy for 0 days in S3

Answer 34

Yes

Question 35

Can you upload directly to Glacier

Answer 35

Yes, but not using the console
Using console, you can change storage class to glacier though

Question 36

Can you specify public IPs for ALB

Answer 36

No

Question 37

What do you need to point to onprem from ALB

Answer 37

PrivateLink or VPN

Question 38

Does Network Load Balancer have weighted routing

Answer 38

No

Question 39

What should you use if you need Real Time

Answer 39

Kinesis

Question 40

What is AppSync

Answer 40

Serverless GraphQL and Pub/Sub API

Question 41

Does AWS Trusted Advisor have Service Limits checks

Answer 41

Yes

Question 42

What are CloudTrail Management events

Answer 42

Visibility into management events of AWS accounts

Question 43

What are data events in CloudTrail

Answer 43

Resource operations

Question 44

What polling does SQS use by default

Answer 44

Short Polling

Question 45

How do you configure polling in SQS

Answer 45

ReceiveMessageWaitTimeSeconds

Question 46

What value for ReceiveMessageWaitTimeSeconds means short polling

Answer 46

0

Question 47

What value for ReceiveMessageWaitTimeSeconds means long polling

Answer 47

more than 0

Question 48

What is false empty responses in SQS

Answer 48

You get an empty response when using short polling because not all servers are polled

Question 49

How does long polling diminish the number of empty responses

Answer 49

By allowing SQS to wait for a message before sending a response, until timeout

Question 50

How to you ensure all servers are polled using SQS

Answer 50

Use long polling

Question 51

What is the max performance for S3

Answer 51

3500 writes per s, 5500 reads per s per S3 prefix

Question 52

Does EFA support Windows

Answer 52

No

Question 53

What is AWS ParallelCluster

Answer 53

AWS-supported open-source cluster management tool

Question 54

What is a useful metric when sclaing based on SQS

Answer 54

ApproximateAgeOfOldestMessage

Question 55

What is a limitation of SimpleDB

Answer 55

It has a limit on request capacity and storage size for a given table

Question 56

How do you delay termination of instance

Answer 56

Lifecycle hook in AutoScaling Group to use Terminating:Wait state

Question 57

What is instance warmup condition

Answer 57

Specifies how long before including instance in metric

Question 58

What is AWS Wavelength

Answer 58

Allows AWS deployments in telecom provider data centers at edge of 5g netwroks

Question 59

What is the point of Wavelength

Answer 59

Extend AWS to 5g edges

Question 60

How can you used IAM for kubernetes RBAC

Answer 60

aws-auth configmap

Question 61

What is default visibility timeout

Answer 61

30s

Question 62

Which is more scalable, RDS or Aurora

Answer 62

Aurora

Question 63

Can you use tags to limit access to ressources with IAM

Answer 63

Yes

Question 64

Would XRAY on an ECS cluster track IP

Answer 64

No

Question 65

What is CloudWatch application insights

Answer 65

Facilitates observability of apps and underlying AWS resources
Uses SageMaker

Question 66

What do Access Logs on ALB provide

Answer 66

Request time, latencies, paths, client IP, server response
Disabled by default

Question 67

CloudTrail vs Cloudwatch

Answer 67

CloudTrail: AWS console actions and api calls
Cloudwatch: systems monitoring

Question 68

How to use IAM with MySQL

Answer 68

AWSAuthenticationPlugin for MySQL

Question 69

What DB engines does IAM db auth work with

Answer 69

MySQL and PostgreSQL

Question 70

What is an advantage of IAM DB auth

Answer 70

SSL for traffic

Question 71

What are NS record types

Answer 71

Allow delegation to occur

Question 72

What are A and AAAA records

Answer 72

Map host to IP (A = IPv4, AAAA = IPv6)
Or AWS Resource with alias

Question 73

What is CNAME Records

Answer 73

Host to host (point to other names)

Question 74

What is MX records

Answer 74

Mail

Question 75

What is TXT record

Answer 75

Used to prove domain ownership
Add random text

Question 76

Can you use a CNAME for the apex of a domain

Answer 76

No

Question 77

Could you use a CNAME to point to an ALB with www.asd.com

Answer 77

Yes, ity is not the apex

Question 78

Could you use a CNAME to point to an ALB with asd.com

Answer 78

No, it is the apex

Question 79

What is an alias record

Answer 79

Usually, maps name to AWS resource

Question 80

What can alias record be used with

Answer 80

naked/apex and normal recors

Question 81

What is the difference between alias an CNAME record for non-apex domains

Answer 81

They work in the same way.
Alias is free for requests pointing at AWS resource

Question 82

What type of record should you pick when pointing to AWS Service

Answer 82

Alias

Question 83

What is the record type for an alias

Answer 83

Should be the same type as what it is pointing at; can be CNAME, A, etc

Question 84

What kind of record is the DNS fiven for an ELB

Answer 84

A record

Question 85

What kind of record do you need for DNS pointing to ALB

Answer 85

Alias A record

Question 86

Can you use alias elsewhere than R53

Answer 86

No, it is implemented by AWS, outside the DNS standard

Question 87

Is EBS encrypted by default

Answer 87

No

Question 88

Where is the key to decrypt EBS held in plaintext

Answer 88

Only in memory of EC2 host

Question 89

Can you configure encryption for EBS by deaulft

Answer 89

Yes, for an account

Question 90

Is KMS key used to encrypt EBS volume

Answer 90

No, it uses a DEK, one per volume

Question 91

What volumes uses the same DEK in EBS

Answer 91

Snapshots, future volumes and the volume itself. No other volume uses it.

Question 92

Can you remove encryption from an EBS volume or snapshot

Answer 92

No

Question 93

What does OS see in an encrypted EBS

Answer 93

Plaintext

Question 94

Is EC2 OS aware of encryption

Answer 94

No
No performance loss

Question 95

What encryption used for EBS

Answer 95

AES-256

Question 96

Can you detach secondary ENI

Answer 96

Yes, and attach it to other instance

Question 97

Can ENIs have source/destination checks

Answer 97

Yes

Question 98

What is RDS multiAZ instance mode

Answer 98

One standby in other AZ
Synchronous replication at storage level
Access via CNAME points to primary
Can do backup from standby
Failover: CNAME points to standby
60-120s, remove DNS caching for faster
Cannot use standby for read/writes
Same region only

Question 99

What is RDS multiAZ cluster mode

Answer 99

One writer, 2 readers replicas (only) different AZs
SYNCHRONOUS replication
Readers are usable
Data committed when one reader at least has it
Each instance has it’s storage
Cluster endpoint
Reader endpoint (can include writer)
Instance endpoints
Replication via transaction logs, more efficient
Failover is faster, 35s + transaction logs apply

Question 100

What is Aurora

Answer 100

Single primary + 0 or more replicas; failover and reads
No local storage, shared cluster volume
Max size of shared storage: 128 TiB, across AZs
Synchronous replication across storage nodes
Replication at storage level
All instances have access to all storage nodes
Default: only primary can write
Can have up to 15 replicas, any can be failover
Don’t allocate storage, billed on what is used, high water mark
Endpoints

Question 101

What is Aurora serverless

Answer 101

Billed as serverless, write min an max ACU
Same resilience as Aurora (6 copies across AZ)

Question 102

How many REad instances in Aurora Global DB

Answer 102

only one

Question 103

What is systems manager used for

Answer 103

Centralize operational data and automate tasks across resources

Question 104

What does run command do

Answer 104

Remotely and securely manage configuration of managed instances at scale

Question 105

What is WAF

Answer 105

L7 firewall

Question 106

What does WAF apply to

Answer 106

CF, ALB, AppSync, API Gateway and such

Question 107

What is logged in CloudTrail

Answer 107

Almost anything that can be done to an AWS account

Question 108

What is default storage for CloudTrail

Answer 108

90 days

Question 109

Is Cloudtrail RT

Answer 109

No

Question 110

How are EBS snapshots implemented

Answer 110

They are incremental

Question 111

How can you force a complete restore of EBWS snapshot

Answer 111

Force read data
Or FSR (Fast snapshot restore)

Question 112

When should you use datasync

Answer 112

Huge transfers
Schedule
Encryption
Throttling
Automatic retry

Question 113

What is max size of SQS message

Answer 113

256 KB

Question 114

Does SQS support encryption

Answer 114

Yes, using KMS, at rest

Question 115

What are ASG Lifecycle hooks

Answer 115

Allow you to set up custom actions during ASG actions

Question 116

What do ASG Lifecycle hooks do

Answer 116

Instances are paused within flow, until timeout or unpaused (CompleteLifecycleAction)

Question 117

What can be used with Lifecycle hooks

Answer 117

SNS and EventBridge

Question 118

What is a concept used in step scaling

Answer 118

Size of alarm breach

Question 119

Can ASG respond to additional alarms during scaling for simple scaling

Answer 119

No

Question 120

Can ASG respond to additional alarms during scaling for step scaling

Answer 120

Yes

Question 121

Can AWS Achema COnversion handle app code

Answer 121

Apparently, yes

Question 122

What are the 2 supported solutions to add nodes automatically to EKS

Answer 122

Karpenter
Cluster Autoscaler