test

Question 1

Scaling an EC2 instance from r4.large to r4.4xlarge is called …………………

a. Horizontal Scalability
b. Vertical Scalability

Answer 1

b. Vertical Scalability

Question 2

Running an application on an Auto Scaling Group that scales the number of EC2 instances in and out is called …………………

a. Horizontal Scalability
b. Vertical Scalability

Answer 2

a. Horizontal Scalability

Question 3

Elastic Load Balancers provide a …………………..

a. static IPv4 we can use in our application
b. static DNS name we can use in our application
c. static IPv6 we can use in our application

Answer 3

b. static DNS name we can use in our application

Only Network Load Balancer provides both static DNS name and static IP. While, Application Load Balancer provides a static DNS name but it does NOT provide a static IP. The reason being that AWS wants your Elastic Load Balancer to be accessible using a static endpoint, even if the underlying infrastructure that AWS manages changes.

Question 4

You are running a website on 10 EC2 instances fronted by an Elastic Load Balancer. Your users are complaining about the fact that the website always asks them to re-authenticate when they are moving between website pages. You are puzzled because it’s working just fine on your machine and in the Dev environment with 1 EC2 instance. What could be the reason?

a. Your website must have an issue when hosted on multiple EC2 instances.

b. The EC2 instances log out users as they cant see their IP addresses, instead, they receive ELB IP addresses.

c. The Elastic Load Balancer does not have Sticky Sessions enabled

Answer 4

c. The Elastic Load Balancer does not have Sticky Sessions enabled

ELB Sticky Session feature ensures traffic for the same client is always redirected to the same target (e.g., EC2 instance). This helps that the client does not lose his session data.

Question 5

You are using an Application Load Balancer to distribute traffic to your website hosted on EC2 instances. It turns out that your website only sees traffic coming from private IPv4 addresses which are in fact your Application Load Balancer’s IP addresses. What should you do to get the IP address of clients connected to your website?

a. Modify your website’s frontend so that users send their IP in every request.

b. Modify your website’s backend to get the client IP address from the X-Forwarded-For header.

c. Modify your website’s backend to get the client IP address from the X-Forwarded-Port heather.

d. Modify your website’s backend to get the client IP address from the X-Forwarded-Proto header

Answer 5

b. Modify your website’s backend to get the client IP address from the X-Forwarded-For header.

When using an Application Load Balancer to distribute traffic to your EC2 instances, the IP address you’ll receive requests from will be the ALB’s private IP addresses. To get the client’s IP address, ALB adds an additional header called “X-Forwarded-For” contains the client’s IP address.

Question 6

You hosted an application on a set of EC2 instances fronted by an Elastic Load Balancer. A week later, users begin complaining that sometimes the application just doesn’t work. You investigate the issue and found that some EC2 instances crash from time to time. What should you do to protect users from connecting to the EC2 instances that are crashing?

a. Enable ELB Health Checks
b. Enable ELB Stickiness
c. Enable SSL Termination
d. Enable Cross-Zone Load Balancing

Answer 6

a. Enable ELB Health Checks

When you enable ELB Health Checks, your ELB won’t send traffic to unhealthy (crashed) EC2 instances.

Question 7

You are working as a Solutions Architect for a company and you are required to design an architecture for a high-performance, low-latency application that will receive millions of requests per second. Which type of Elastic Load Balancer should you choose?

a. Application Load Balancer
b. Classic Load Balancer
c. Network Load Balancer

Answer 7

c. Network Load Balancer

Network Load Balancer provides the highest performance and lowest latency if your application needs it.

Question 8

Application Load Balancers support the following protocols, EXCEPT:

a. HTTP
b. HTTPS
c. TCP
d. Websocket

Answer 8

c. TCP

Application Load Balancers support HTTP, HTTPS and WebSocket

Question 9

Application Load Balancers can route traffic to different Target Groups based on the following, EXCEPT:

a. Client’s Location(Geography)
b. Hostname
c. Request URL Path
d. Source IP Address

Answer 9

a. Client’s Location(Geography)

ALBs can route traffic to different Target Groups based on URL Path, Hostname, HTTP Headers, and Query Strings.

Question 10

Registered targets in a Target Groups for an Application Load Balancer can be one of the following, EXCEPT:

a. EC2 Instances
b. Network Load Balancer
c. Private IP Addresses
d. Lambda Functions

Answer 10

b. Network Load Balancer

Question 11

For compliance purposes, you would like to expose a fixed static IP address to your end-users so that they can write firewall rules that will be stable and approved by regulators. What type of Elastic Load Balancer would you choose?

a. Application Load Balancer with an Elastic IP attached to it.
b. Network Load Balancer
c. Classic Load Balancer

Answer 11

b. Network Load Balancer

Network Load Balancer has one static IP address per AZ and you can attach an Elastic IP address to it. Application Load Balancers and Classic Load Balancers have a static DNS name.

Question 12

You want to create a custom application-based cookie in your Application Load Balancer. Which of the following you can use as a cookie name?

a. AWSALBAPP
b. APPUSERC
c. AWSALBTG
d. AWSALB

Answer 12

b. APPUSERC

The following cookie names are reserved by the ELB (AWSALB, AWSALBAPP, AWSALBTG).

Question 13

You have a Network Load Balancer that distributes traffic across a set of EC2 instances in us-east-1. You have 2 EC2 instances in us-east-1b AZ and 5 EC2 instances in us-east-1e AZ. You have noticed that the CPU utilization is higher in the EC2 instances in us-east-1b AZ. After more investigation, you noticed that the traffic is equally distributed across the two AZs. How would you solve this problem?

a. Enable Cross-Zone Load Balancing
b. Enable Sticky Sessions
c. Enable ELB Health Checks
d. Enable SSL Termination

Answer 13

a. Enable Cross-Zone Load Balancing

When Cross-Zone Load Balancing is enabled, ELB distributes traffic evenly across all registered EC2 instances in all AZs.

Question 14

Which feature in both Application Load Balancers and Network Load Balancers allows you to load multiple SSL certificates on one listener?

a. TLS Termination
b. Server Name Indication(SNI)
c. SSL Security Policies
d. Host Headers

Answer 14

b. Server Name Indication(SNI)

Question 15

You have an Application Load Balancer that is configured to redirect traffic to 3 Target Groups based on the following hostnames: users.example.com, api.external.example.com, and checkout.example.com. You would like to configure HTTPS for each of these hostnames. How do you configure the ALB to make this work?

a. Use an HTTP to HTTPS redirect rule
b. Use a security group SSL certificate
c. Use Server Name Indication(SNI)

Answer 15

c. Use Server Name Indication(SNI)

Server Name Indication (SNI) allows you to expose multiple HTTPS applications each with its own SSL certificate on the same listener. Read more here: https://aws.amazon.com/blogs/aws/new-application-load-balancer-sni/

Question 16

You have an application hosted on a set of EC2 instances managed by an Auto Scaling Group that you configured both desired and maximum capacity to 3. Also, you have created a CloudWatch Alarm that is configured to scale out your ASG when CPU Utilization reaches 60%. Your application suddenly received huge traffic and is now running at 80% CPU Utilization. What will happen?

a. Nothing
b. The desired capacity will go up to 4 and the maximum capacity will stay at 3
c. The desired capacity will go up to 4 and the maximum capacity will stay at 4

Answer 16

a. Nothing

The Auto Scaling Group can’t go over the maximum capacity (you configured) during scale-out events.

Question 17

You have an Auto Scaling Group fronted by an Application Load Balancer. You have configured the ASG to use ALB Health Checks, then one EC2 instance has just been reported unhealthy. What will happen to the EC2 instance?

a. The ASG will keep the instance running and re-start the application
b. The ASG will detach the EC2 instance and leave it running
c. The ASG will terminate the EC2 instance

Answer 17

c. The ASG will terminate the EC2 instance

You can configure the Auto Scaling Group to determine the EC2 instances’ health based on Application Load Balancer Health Checks instead of EC2 Status Checks (default). When an EC2 instance fails the ALB Health Checks, it is marked unhealthy and will be terminated while the ASG launches a new EC2 instance.

Question 18

Your boss asked you to scale your Auto Scaling Group based on the number of requests per minute your application makes to your database. What should you do?

a. Create a CloudWatch custom metric then create a CloudWatch Alarm on this metric to scale your ASG
b. You Politely tell him its impossible
c. Enable Detailed Monitoring then create a CloudWatch Alarm to scale your ASG

Answer 18

a. Create a CloudWatch custom metric then create a CloudWatch Alarm on this metric to scale your ASG

There’s no CloudWatch Metric for “requests per minute” for backend-to-database connections. You need to create a CloudWatch Custom Metric, then create a CloudWatch Alarm.

Question 19

An application is deployed with an Application Load Balancer and an Auto Scaling Group. Currently, you manually scale the ASG and you would like to define a Scaling Policy that will ensure the average number of connections to your EC2 instances is around 1000. Which Scaling Policy should you use?

a. Simple Scaling Policy
b. Step Scaling Policy
c. Target Tracking Policy
d. Schedule Scaling Policy

Answer 19

c. Target Tracking Policy

Question 20

You have an ASG and a Network Load Balancer. The application on your ASG supports the HTTP protocol and is integrated with the Load Balancer health checks. You are currently using the TCP health checks. You would like to migrate to using HTTP health checks, what do you do?

a. Migrate to an Application Balancer
b. Migrate the heath check to HTTP

Answer 20

b. b. Migrate the heath check to HTTP

Question 21

You have a website hosted in EC2 instances in an Auto Scaling Group fronted by an Application Load Balancer. Currently, the website is served over HTTP, and you have been tasked to configure it to use HTTPS. You have created a certificate in ACM and attached it to the Application Load Balancer. What you can do to force users to access the website using HTTPS instead of HTTP?

a. Send an email to all customers to use HTTPS instead of HTTP
b. Configure the Application Load Balancer to redirect HTTP to HTTPS
c. Configure the DNS record to redirect HTTP to HTTPS

Answer 21

b. Configure the Application Load Balancer to redirect HTTP to HTTPS

Question 22

What is a proper definition of an IAM Role?

a. IAM Users in multiple User Groups
b. An IAM entity that defines a password policy for IAM Users
c. An IAM entity that defines a set of permissions for making requests to AWS services, and will be used by an AWS service
d. Permissions assigned to IAM Users to perform actions

Answer 22

c. An IAM entity that defines a set of permissions for making requests to AWS services, and will be used by an AWS service

Some AWS services need to perform actions on your behalf. To do so, you assign permissions to AWS services with IAM Roles.

Question 23

Which of the following is an IAM Security Tool?

a. IAM Credentials Report
b. IAM Root Account Manager
c. IAM Services Report
d. IAM Security Advisor

Answer 23

a. IAM Credentials Report

IAM Credentials report lists all your AWS Account’s IAM Users and the status of their various credentials.

Question 24

Which answer is INCORRECT regarding IAM Users?

a. IAM Users can belong to multiple User Groups
b. IAM Users don’t have to belong to a User Group
c. IAM Policies can be attached directly to IAM Users
d. IAM Users access AWS services using root account credentials

Answer 24

d. IAM Users access AWS services using root account credentials

IAM Users access AWS services using their own credentials (username & password or Access Keys).

Question 25

Which of the following is an IAM best practice?

a. Create several IAM Users for one physical person
b. Don’t use the root user account
c. Share your AWS account credentials with your colleague, so she can perform a task for you
d. Do not enable MFA for easier access

Answer 25

b. Don’t use the root user account

Use the root account only to create your first IAM User and a few account/service management tasks. For everyday tasks, use an IAM User.

Question 26

What are IAM Policies?

a. A set of policies that defines how AWS accounts interact with each other
b. JSON documents that define a set of permissions for making requests to AWS services and can be used by IAM Users, User Groups and IAM Roles
c. A set of policies that define a password for IAM Users
d. A set of policies defined by AWS that show how customers interact with AWS

Answer 26

b. JSON documents that define a set of permissions for making requests to AWS services and can be used by IAM Users, User Groups and IAM Roles

Question 27

Which principle should you apply regarding IAM Permissions?

a. Grant most privilege
b. Grant more permissions if your employee asks you to
c. Grant least privilege
d. Restrict root account permissions

Answer 27

c. Grant least privilege

That’s right! Don’t give more permissions than the user needs.

Question 28

What should you do to increase your root account security?

a. Remove permissions from the root account
b. Only access AWS services through AWS Command Line Interface(CLI)
c. Don’t create IAM Users, only access your AWS account using the root account
d. Enable Multi-Factor Authentication (MFA)

Answer 28

d. Enable Multi-Factor Authentication (MFA)

When you enable MFA, this adds another layer of security. Even if your password is stolen, lost, or hacked your account is not compromised.

Question 29

IAM User Groups can contain IAM Users and other User Groups.

a. True
b. False

Answer 29

b. False

IAM User Groups can contain only IAM Users.

Question 30

An IAM policy consists of one or more statements. A statement in an IAM Policy consists of the following, EXCEPT:

a. Effect
b. Principal
c. Version
d. Action
e. Resource

Answer 30

c. Version

A statement in an IAM Policy consists of Sid, Effect, Principal, Action, Resource, and Condition. Version is part of the IAM Policy itself, not the statement.

Question 31

Which EC2 Purchasing Option can provide you the biggest discount, but it is not suitable for critical jobs or databases?

a. Convertible Reserved Instances
b. Dedicated Hosts
c. Spot Instances

Answer 31

c. Spot Instances

Spot Instances are good for short workloads and this is the cheapest EC2 Purchasing Option. But, they are less reliable because you can lose your EC2 instance.

Question 32

What should you use to control traffic in and out of EC2 instances?

a. Network Access Control List (NACL)
b. Security Groups
c. IAM Policies

Answer 32

b. Security Groups

Security Groups operate at the EC2 instance level and can control traffic.

Question 33

How long can you reserve an EC2 Reserved Instance?

a. 1 or 3 years
b. 2 or 4 years
c. 6 months or 1 year
d. Anytime between 1 and 3 years

Answer 33

a. 1 or 3 years

EC2 Reserved Instances can be reserved for 1 or 3 years only.

Question 34

You would like to deploy a High-Performance Computing (HPC) application on EC2 instances. Which EC2 instance type should you choose?

a. Storage Optimized
b. Compute Optimized
c. Memory Optimized
d. General Purpose

Answer 34

b. Compute Optimized

Compute Optimized EC2 instances are great for compute-intensive workloads requiring high-performance processors (e.g., batch processing, media transcoding, high-performance computing, scientific modeling & machine learning, and dedicated gaming servers).

Question 35

Which EC2 Purchasing Option should you use for an application you plan to run on a server continuously for 1 year?

a. Reserved Instances
b. Spot Instances
c. On-Demand Instances

Answer 35

a. Reserved Instances

Reserved Instances are good for long workloads. You can reserve EC2 instances for 1 or 3 years.

Question 36

You are preparing to launch an application that will be hosted on a set of EC2 instances. This application needs some software installation and some OS packages need to be updated during the first launch. What is the best way to achieve this when you launch the EC2 instances?

a. Connect to each EC2 instance using SSH, then install the required software and update your OS packages manually
b. Write a bash script that installs the required software and updates to your OS, then contact AWS Support and provide them with the script. They will run it on your EC2 instances at launch
c. Write a bash script that installs the required software and updates to your OS, then use this script in EC2 User Data when you launch your EC2 instances

Answer 36

c. Write a bash script that installs the required software and updates to your OS, then use this script in EC2 User Data when you launch your EC2 instances

EC2 User Data is used to bootstrap your EC2 instances using a bash script. This script can contain commands such as installing software/packages, download files from the Internet, or anything you want.

Question 37

Which EC2 Instance Type should you choose for a critical application that uses an in-memory database?

a. Compute Optimized
b. Storage Optimized
c. Memory Optimized
d. General Purpose

Answer 37

c. Memory Optimized

Memory Optimized EC2 instances are great for workloads requiring large data sets in memory.

Question 38

You have an e-commerce application with an OLTP database hosted on-premises. This application has popularity which results in its database has thousands of requests per second. You want to migrate the database to an EC2 instance. Which EC2 Instance Type should you choose to handle this high-frequency OLTP database?

a. Compute Optimized
b. Storage Optimized
c. Memory Optimized
d. General Purpose

Answer 38

b. Storage Optimized

Storage Optimized EC2 instances are great for workloads requiring high, sequential read/write access to large data sets on local storage.

Question 39

Security Groups can be attached to only one EC2 instance.

a. True
b. False

Answer 39

b. False

Security Groups can be attached to multiple EC2 instances within the same AWS Region/VPC.

Question 40

You’re planning to migrate on-premises applications to AWS. Your company has strict compliance requirements that require your applications to run on dedicated servers. You also need to use your own server-bound software license to reduce costs. Which EC2 Purchasing Option is suitable for you?

a. Convertible Reserved Instances
b. Dedicated Hosts
c. Spot Instances

Answer 40

b. Dedicated Hosts

Dedicated Hosts are good for companies with strong compliance needs or for software that have complicated licensing models. This is the most expensive EC2 Purchasing Option available.

Question 41

You would like to deploy a database technology on an EC2 instance and the vendor license bills you based on the physical cores and underlying network socket visibility. Which EC2 Purchasing Option allows you to get visibility into them?

a. Spot Instances
b. On-Demand
c. Dedicated Hosts
d. Reserved Instances

Answer 41

c. Dedicated Hosts

Question 42

Spot Fleet is a set of Spot Instances and optionally ……………

a. Reserved Instances
b. On-Demand Instances
c. Dedicated Hosts
d. Dedicated Instances

Answer 42

b. On-Demand Instances

Spot Fleet is a set of Spot Instances and optionally On-demand Instances. It allows you to automatically request Spot Instances with the lowest price.

Question 43

You have launched an EC2 instance that will host a NodeJS application. After installing all the required software and configured your application, you noted down the EC2 instance public IPv4 so you can access it. Then, you stopped and then started your EC2 instance to complete the application configuration. After restart, you can’t access the EC2 instance, and you found that the EC2 instance public IPv4 has been changed. What should you do to assign a fixed public IPv4 to your EC2 instance?

a. Allocate an Elastic IP and assign it to your EC2 instance
b. From inside you EC2 instance OS, change network configuration from DHCP to static and assign it a public IPc4
c. Contact AWS Support and request a fixed IPv4 to your EC2 instance
d. This can’t be done, you can only assign a fixed private IPv4 to your EC2 instance

Answer 43

a. Allocate an Elastic IP and assign it to your EC2 instance

Elastic IP is a public IPv4 that you own as long as you want and you can attach it to one EC2 instance at a time.

Question 44

You have an application performing big data analysis hosted on a fleet of EC2 instances. You want to ensure your EC2 instances have the highest networking performance while communicating with each other. Which EC2 Placement Group should you choose?

a. Spread Placement Group
b. Cluster Placement Group
c. Partition Placement Group

Answer 44

b. Cluster Placement Group

Cluster Placement Groups place your EC2 instances next to each other which gives you high-performance computing and networking.

Question 45

You have a critical application hosted on a fleet of EC2 instances in which you want to achieve maximum availability when there’s an AZ failure. Which EC2 Placement Group should you choose?

a. Cluster Placement Group
b. Partition Placement Group
c. Spread Placement Group

Answer 45

c. Spread Placement Group

You have a critical application hosted on a fleet of EC2 instances in which you want to achieve maximum availability when there’s an AZ failure. Which EC2 Placement Group should you choose?

Question 46

Elastic Network Interface (ENI) can be attached to EC2 instances in another AZ.

a. True
b. False

Answer 46

b. False

Elastic Network Interfaces (ENIs) are bounded to a specific AZ. You can not attach an ENI to an EC2 instance in a different AZ.

Question 47

The following are true regarding EC2 Hibernate, EXCEPT:

a. EC2 instance Root Volume must be an Instance Store Volume
b. Supports On-Demand and Reserve Instances
c. EC2 Instance RAM must be less than 150GB
d. EC2 Instance Root Volume type must be an EBS volume

Answer 47

a. EC2 instance Root Volume must be an Instance Store Volume

To enable EC2 Hibernate, the EC2 Instance Root Volume type must be an EBS volume and must be encrypted to ensure the protection of sensitive content.

Question 48

You have just terminated an EC2 instance in us-east-1a, and its attached EBS volume is now available. Your teammate tries to attach it to an EC2 instance in us-east-1b but he can’t. What is a possible cause for this?

a. He’s missing IAM permissions
b. EBS volumes are locked to an AWS Region
c. EBS volumes are locked to an Availability Zone

Answer 48

c. EBS volumes are locked to an Availability Zone

EBS Volumes are created for a specific AZ. It is possible to migrate them between different AZs using EBS Snapshots.

Question 49

You have launched an EC2 instance with two EBS volumes, Root volume type and the other EBS volume type to store the data. A month later you are planning to terminate the EC2 instance. What’s the default behavior that will happen to each EBS volume?

a. Both the root volume type and the EBS volume type will be deleted
b. The Root volume type will be deleted and the EBS volume type will not be deleted
c. The Root volume type will not be deleted and the EBS volume type will be deleted
d. Both the root volume type and the EBS volume type will not be deleted

Answer 49

b. The Root volume type will be deleted and the EBS volume type will not be deleted

By default, the Root volume type will be deleted as its “Delete On Termination” attribute checked by default. Any other EBS volume types will not be deleted as its “Delete On Termination” attribute disabled by default.

Question 50

You can use an AMI in N.Virginia Region us-east-1 to launch an EC2 instance in any AWS Region.

a. True
b. False

Answer 50

b. False

AMIs are built for a specific AWS Region, they’re unique for each AWS Region. You can’t launch an EC2 instance using an AMI in another AWS Region, but you can copy the AMI to the target AWS Region and then use it to create your EC2 instances.

Question 51

Which of the following EBS volume types can be used as boot volumes when you create EC2 instances?

a. gp2, gp3, st1, sc1
b. gp2, gp3, io1, io2
c. io1, io2, st1, sc1

Answer 51

b. gp2, gp3, io1, io2

When creating EC2 instances, you can only use the following EBS volume types as boot volumes: gp2, gp3, io1, io2, and Magnetic (Standard).

Question 52

What is EBS Multi-Attach?

a. Attach the same EBS volume to multiple EC2 instances in multiple AZs
b. Attach multiple EBS volumes in the same AZ to the same EC2 instance
c. Attach the same EBS volume to multiple EC2 instances in the same AZ
d. Attach multiple EBS volume in multiple AZs to the same EC2 instance

Answer 52

c. Attach the same EBS volume to multiple EC2 instances in the same AZ

Using EBS Multi-Attach, you can attach the same EBS volume to multiple EC2 instances in the same AZ. Each EC2 instance has full read/write permissions.

Question 53

You would like to encrypt an unencrypted EBS volume attached to your EC2 instance. What should you do?

a. Create an EBS snapshot of your EBS volume. Copy the snapshot and tick the option to encrypt the copied snapshot. Then, use the encrypted snapshot to create a new EBS volume
b. Select your EBS volume, choose Edit Attributes, then tick the Encrypt using KMS option
c. Create a new encrypted EBS volume, then copy data from your unencrypted EBS volume to the new EBS volume
d. Submit a request to AWS Support to encreypt your EBS volume

Answer 53

a. Create an EBS snapshot of your EBS volume. Copy the snapshot and tick the option to encrypt the copied snapshot. Then, use the encrypted snapshot to create a new EBS volume

Question 54

You have a fleet of EC2 instances distributes across AZs that process a large data set. What do you recommend to make the same data to be accessible as an NFS drive to all of your EC2 instances?

a. Use EBS
b. Use EFS
c. Use Instance Store

Answer 54

b. Use EFS

EFS is a network file system (NFS) that allows you to mount the same file system on EC2 instances that are in different AZs.

Question 55

You would like to have a high-performance local cache for your application hosted on an EC2 instance. You don’t mind losing the cache upon the termination of your EC2 instance. Which storage mechanism do you recommend as a Solutions Architect?

a. EBS
b. EFS
c. Instance Store

Answer 55

c. Instance Store

EC2 Instance Store provides the best disk I/O performance.

Question 56

You are running a high-performance database that requires an IOPS of 310,000 for its underlying storage. What do you recommend?

a. Use an EBS gp2 drive
b. Use an EBS io1 drive
c. Use an EC2 Instance Store
d. Use an EBS io2 Block Express drive

Answer 56

c. Use an EC2 Instance Store

You can run a database on an EC2 instance that uses an Instance Store, but you’ll have a problem that the data will be lost if the EC2 instance is stopped (it can be restarted without problems). One solution is that you can set up a replication mechanism on another EC2 instance with an Instance Store to have a standby copy. Another solution is to set up backup mechanisms for your data. It’s all up to you how you want to set up your architecture to validate your requirements. In this use case, it’s around IOPS, so we have to choose an EC2 Instance Store.

Question 57

Amazon RDS supports the following databases, EXCEPT:

a. MongoDB
b. MySQL
c. MariaDB
d. Microsoft SQL Server

Answer 57

a. MongoDB

RDS supports MySQL, PostgreSQL, MariaDB, Oracle, MS SQL Server, and Amazon Aurora.

Question 58

You’re planning for a new solution that requires a MySQL database that must be available even in case of a disaster in one of the Availability Zones. What should you use?

a. Create Read Replicas
b. Enable Encryption
c. Enable Multi-AZ

Answer 58

c. Enable Multi-AZ

Multi-AZ helps when you plan a disaster recovery for an entire AZ going down. If you plan against an entire AWS Region going down, you should use backups and replication across AWS Regions.

Question 59

We have an RDS database that struggles to keep up with the demand of requests from our website. Our million users mostly read news, and we don’t post news very often. Which solution is NOT adapted to this problem?

a. An ElastiCache Cluster
b. RDS Multi-AZ
c. RDS Read Replicas

Answer 59

b. RDS Multi-AZ

Be very careful with the way you read questions at the exam. Here, the question is asking which solution is NOT adapted to this problem. ElastiCache and RDS Read Replicas do indeed help with scaling reads

Question 60

You have set up read replicas on your RDS database, but users are complaining that upon updating their social media posts, they do not see their updated posts right away. What is a possible cause for this?

a. There must be a bug in your application
b. Read Replicas have Asynchronous Replication, therefore it’s likely your users will only read Eventual Consistency
c. You should have setup Multi-AZ instead

Answer 60

b. Read Replicas have Asynchronous Replication, therefore it’s likely your users will only read Eventual Consistency

Question 61

Which RDS (NOT Aurora) feature when used does not require you to change the SQL connection string?

a. Multi-AZ
b. Read Replicas

Answer 61

a. Multi-AZ

Multi-AZ keeps the same connection string regardless of which database is up.

Question 62

Your application running on a fleet of EC2 instances managed by an Auto Scaling Group behind an Application Load Balancer. Users have to constantly log back in and you don’t want to enable Sticky Sessions on your ALB as you fear it will overload some EC2 instances. What should you do?

a. Use your own custom Load Balancer on EC2 instances instead of using ALB
b. Store sessions data in RDS
c. Store session data in ElastiCache
d. Store session data in a shared EBS volume

Answer 62

c. Store session data in ElastiCache

Storing Session Data in ElastiCache is a common pattern to ensuring different EC2 instances can retrieve your user’s state if needed.

Question 63

An analytics application is currently performing its queries against your main production RDS database. These queries run at any time of the day and slow down the RDS database which impacts your users’ experience. What should you do to improve the users’ experience?

a. Setup a Read Replica
b. Setup Multi-AZ
c. Run the analytics queries at night

Answer 63

a. Setup a Read Replica

Read Replicas will help as your analytics application can now perform queries against it, and these queries won’t impact the main production RDS database.

Question 64

You would like to ensure you have a replica of your database available in another AWS Region if a disaster happens to your main AWS Region. Which database do you recommend to implement this easily?

a. RDS Read Replicas
b. RDS Multi-AZ
c. Aurora Read Replicas
d. Aurora Global Database

Answer 64

d. Aurora Global Database

Aurora Global Databases allows you to have an Aurora Replica in another AWS Region, with up to 5 secondary regions.

Question 65

How can you enhance the security of your ElastiCache Redis Cluster by allowing users to access your ElastiCache Redis Cluster using their IAM Identities (e.g., Users, Roles)?

a. Using Redis Authentication
b. Using IAM Authentication
c. Use Security Groups

Answer 65

b. Using IAM Authentication

Question 66

Your company has a production Node.js application that is using RDS MySQL 5.6 as its database. A new application programmed in Java will perform some heavy analytics workload to create a dashboard on a regular hourly basis. What is the most cost-effective solution you can implement to minimize disruption for the main application?

a. Enable Multi-AZ for the RDS database and run the analytics workload on the standby database
b. Create a Read Replica in a different AZ and run the analytics workload on the replica database
c. Create a Read Replica in a different AZ and run the analytics workload on the source database

Answer 66

b. Create a Read Replica in a different AZ and run the analytics workload on the replica database

Question 67

You would like to create a disaster recovery strategy for your RDS PostgreSQL database so that in case of a regional outage the database can be quickly made available for both read and write workloads in another AWS Region. The DR database must be highly available. What do you recommend?

a. Create a Read Replica in the same region and enable Multi-AZ on the main database
b. Create a Read Replica in the different region and enable Multi-AZ on the Read Replica
c. Create a Read Replica in the same region and enable Multi-AZ on Read Replica
d. Enable Multi-Region option on the main database

Answer 67

b. Create a Read Replica in the different region and enable Multi-AZ on the Read Replica

Question 68

You have migrated the MySQL database from on-premises to RDS. You have a lot of applications and developers interacting with your database. Each developer has an IAM user in the company’s AWS account. What is a suitable approach to give access to developers to the MySQL RDS DB instance instead of creating a DB user for each one?

a. By default IAM users have access to your RDS database
b. Use Amazon Cognito
c. Enable IAM Database Authentication

Answer 68

c. Enable IAM Database Authentication

Question 69

Which of the following statement is true regarding replication in both RDS Read Replicas and Multi-AZ?

a. Read Replica uses Asynchronous and Multi-AZ uses Asynchronous Replication
b. Read Replica uses Asynchronous and Multi-AZ uses Synchronous Replication
c. Read Replica uses Synchronous and Multi-AZ uses Synchronous Replication
d. Read Replica uses Synchronous and Multi-AZ uses Asynchronous Replication

Answer 69

b. Read Replica uses Asynchronous and Multi-AZ uses Synchronous Replication

Question 70

How do you encrypt an unencrypted RDS DB instance?

a. Do it straight from AWS Console, select your RDS DB instance, choose Actions then Encrypt using KMS
b. Do it straight from AWS Console, after stopping the RDS DB instance
c. Create a snapshot of the unencrypted RDS DB instance, copy the snapshot and tick “Enable Encryption”, then restore the RDS DB instance from the encrypted snapshot

Answer 70

c. Create a snapshot of the unencrypted RDS DB instance, copy the snapshot and tick “Enable Encryption”, then restore the RDS DB instance from the encrypted snapshot

Question 71

For your RDS database, you can have up to ………… Read Replicas.

a. 5
b. 15
c. 7.

Answer 71

b. 15

Question 72

Which RDS database technology does NOT support IAM Database Authentication?

a. Oracle
b. PostgreSQL
c. MySQL

Answer 72

a. Oracle

Question 73

You have an un-encrypted RDS DB instance and you want to create Read Replicas. Can you configure the RDS Read Replicas to be encrypted?

a. No
b. Yes

Answer 73

a. No

You can not create encrypted Read Replicas from an unencrypted RDS DB instance.

Question 74

An application running in production is using an Aurora Cluster as its database. Your development team would like to run a version of the application in a scaled-down application with the ability to perform some heavy workload on a need-basis. Most of the time, the application will be unused. Your CIO has tasked you with helping the team to achieve this while minimizing costs. What do you suggest?

a. Use an Aurora Global Database
b. Use an RDS Database
c. Use Aurora Serverless
d. Run Aurora on EC2, and write a script to shut down the EC2 instance at night

Answer 74

c. Use Aurora Serverless

Question 75

How many Aurora Read Replicas can you have in a single Aurora DB Cluster?

a. 5
b. 10
c. 15

Answer 75

c. 15

Question 76

Amazon Aurora supports both …………………….. databases.

a. MySQL and MariaDB
b. MySQL and PostgreSQL
c. Oracle and MariaDB
d. Oracle and MS SQL Server

Answer 76

b. MySQL and PostgreSQL

Question 77

You work as a Solutions Architect for a gaming company. One of the games mandates that players are ranked in real-time based on their score. Your boss asked you to design then implement an effective and highly available solution to create a gaming leaderboard. What should you use?

a. Use RDS for MySQL
b. Use an Amazon Aurora
c. Use ElastiCache for Memcache
d. Use Elasticache for Redis - Sorted Sets

Answer 77

d. Use Elasticache for Redis - Sorted Sets

Question 78

You need full customization of an Oracle Database on AWS. You would like to benefit from using the AWS services. What do you recommend?

a. RDS for Oracle
b. RDS Custom for Oracle
c. Deploy Oracle on EC2

Answer 78

b. RDS Custom for Oracle

Question 79

You need to store long-term backups for your Aurora database for disaster recovery and audit purposes. What do you recommend?

a. Enable Automated Backups
b. Perform On Demand Backups
c. Use Aurora Database Cloning

Answer 79

b. Perform On Demand Backups

Question 80

Your development team would like to perform a suite of read and write tests against your production Aurora database because they need access to production data as soon as possible. What do you advise?

a. Create an Aurora Read Replica for them
b. Do the test against the production
c. Make a DB Snapshot and Restore it into a new database
d. Use the Aurora Cloning Feature

Answer 80

c. Make a DB Snapshot and Restore it into a new database

Question 81

You have purchased mycoolcompany.com on Amazon Route 53 Registrar and would like the domain to point to your Elastic Load Balancer my-elb-1234567890.us-west-2.elb.amazonaws.com. Which Route 53 Record type must you use here?

a. CNAME
b. Alias

Answer 81

b. Alias

Question 82

You have deployed a new Elastic Beanstalk environment and would like to direct 5% of your production traffic to this new environment. This allows you to monitor for CloudWatch metrics and ensuring that there’re no bugs exist with your new environment. Which Route 53 Record type allows you to do so?

a. Simple
b. Weighted
c. Latency
d. Failover

Answer 82

b. Weighted

Weighted Routing Policy allows you to redirect part of the traffic based on weight (e.g., percentage). It’s a common use case to send part of traffic to a new version of your application.

Question 83

You have updated a Route 53 Record’s myapp.mydomain.com value to point to a new Elastic Load Balancer, but it looks like users are still redirected to the old ELB. What is a possible cause for this behavior?

a. Because of the Alias record
b. Because of the CNAME record
c. Because of the TTL
d. Because of Route 53 Health Checks

Answer 83

c. Because of the TTL

Each DNS record has a TTL (Time To Live) which orders clients for how long to cache these values and not overload the DNS Resolver with DNS requests. The TTL value should be set to strike a balance between how long the value should be cached vs. how many requests should go to the DNS Resolver.

Question 84

You have an application that’s hosted in two different AWS Regions us-west-1 and eu-west-2. You want your users to get the best possible user experience by minimizing the response time from application servers to your users. Which Route 53 Routing Policy should you choose?

a. Multi Value
b. Weighted
c. Latency
d. Geolocation

Answer 84

c. Latency

Latency Routing Policy will evaluate the latency between your users and AWS Regions, and help them get a DNS response that will minimize their latency (e.g. response time)

Question 85

You have a legal requirement that people in any country but France should NOT be able to access your website. Which Route 53 Routing Policy helps you in achieving this?

a. Latency
b. Simple
c. Multi Value
d. Geolocation

Answer 85

d. Geolocation

Question 86

You have purchased a domain on GoDaddy and would like to use Route 53 as the DNS Service Provider. What should you do to make this work?

a. Request for a domain transfer
b. Create a Provate Hosted Zone and update the 3rd party Registrar NS records
c. Create a Public Hosted and update the Route 53 NS records
d. Create a Public Hosted Zone and update the 3rd party Registrar NS records

Answer 86

d. Create a Public Hosted Zone and update the 3rd party Registrar NS records

Public Hosted Zones are meant to be used for people requesting your website through the Internet. Finally, NS records must be updated on the 3rd party Registrar.

Question 87

Which of the following are NOT valid Route 53 Health Checks?

a. Health Check that monitor SQS Queue

b. Health Check that monitors an Endpoint

c. Health Check that monitors other Heath Checks

d. Heath Check that monitor CloudWatch Alarms

Answer 87

a. Health Check that monitor SQS Queue

Question 88

Your website TriangleSunglasses.com is hosted on a fleet of EC2 instances managed by an Auto Scaling Group and fronted by an Application Load Balancer. Your ASG has been configured to scale on-demand based on the traffic going to your website. To reduce costs, you have configured the ASG to scale based on the traffic going through the ALB. To make the solution highly available, you have updated your ASG and set the minimum capacity to 2. How can you further reduce the costs while respecting the requirements?

a. Remove the ALB and use an Elastic IP instead

b. Reserve two EC2 instances

c. Reduce the minimum capacity to 1

d. Reduce the minimum capacity to 0

Answer 88

b. Reserve two EC2 instances

This is the way to save further costs as we will run 2 EC2 instances no matter what.

Question 89

Which of the following will NOT help us while designing a STATELESS application tier?

a. Store session data in Amazon RDS

b. Store session data in Amazon ElastiCache

c. Store session data in the client HTTP cookies

d. Store session data on EBS volumes

Answer 89

d. Store session data on EBS volumes

EBS volumes are created in a specific AZ and can only be attached to one EC2 instance at a time.

Question 90

You want to install software updates on 100s of Linux EC2 instances that you manage. You want to store these updates on shared storage which should be dynamically loaded on the EC2 instances and shouldn’t require heavy operations. What do you suggest?

a. Store the software updates on EBS and sync them using data replication software from one master in each EZ

b. Store the software updates on EFS and mount EFS as a network drive at startup

c. Package the software updates as an EBS snapshot and create EBS volumes for each new software update

d. Store the software updates on Amazon RDS

Answer 90

b. Store the software updates on EFS and mount EFS as a network drive at startup

EFS is a network file system (NFS) that allows you to mount the same file system to 100s of EC2 instances. Storing software updates on an EFS allows each EC2 instance to access them.

Question 91

As a Solutions Architect, you’re planning to migrate a complex ERP software suite to AWS Cloud. You’re planning to host the software on a set of Linux EC2 instances managed by an Auto Scaling Group. The software traditionally takes over an hour to set up on a Linux machine. How do you recommend you speed up the installation process when there’s a scale-out event?

a. Use a Golden AMI

b. Bootstrap using EC2 User Data

c. Store the application in Amazon RDS

d. Retrieve the application setup files from EFS

Answer 91

a. Use a Golden AMI

Golden AMI is an image that contains all your software installed and configured so that future EC2 instances can boot up quickly from that AMI.

Question 92

You’re developing an application and would like to deploy it to Elastic Beanstalk with minimal cost. You should run it in ………………

a. Single Instance Mode
b. High Availability Mode

Answer 92

a. Single Instance Mode

The question mentions that you’re still in the development stage and you want to reduce costs. Single Instance Mode will create one EC2 instance and one Elastic IP.

Question 93

You’re deploying your application to an Elastic Beanstalk environment but you notice that the deployment process is painfully slow. After reviewing the logs, you found that your dependencies are resolved on each EC2 instance each time you deploy. How can you speed up the deployment process with minimal impact?

a. Remove some dependencies in your code

b. Place the dependencies in Amazon EFS

c. Create a Golden AMI that contains the dependencies and use that image to launch the EC2 instances.

Answer 93

c. Create a Golden AMI that contains the dependencies and use that image to launch the EC2 instances.

Golden AMI is an image that contains all your software, dependencies, and configurations, so that future EC2 instances can boot up quickly from that AMI.

Question 94

You have a 25 GB file that you’re trying to upload to S3 but you’re getting errors. What is a possible solution for this?

a. The file size limit on S3 is 5GB
b. Update your bucket policy to allow the larger file
c. Use Multi-Part upload when uploading files larger than 5GB
d. Encrypt the file

Answer 94

c. Use Multi-Part upload when uploading files larger than 5GB

Multi-Part Upload is recommended as soon as the file is over 100 MB.

Question 95

You’re getting errors while trying to create a new S3 bucket named “dev”. You’re using a new AWS Account with no S3 buckets created before. What is a possible cause for this?

a. You’re missing IAM permissions to create an S3 bucket
b. S3 bucket names must be globally unique and “dev” is already taken

Answer 95

b. S3 bucket names must be globally unique and “dev” is already taken

Question 96

You have enabled versioning in your S3 bucket which already contains a lot of files. Which version will the existing files have?

a. 1
b. 0
c. -1
d. null

Answer 96

d. null

Question 97

You have updated an S3 bucket policy to allow IAM users to read/write files in the S3 bucket, but one of the users complain that he can’t perform a PutObject API call. What is a possible cause for this?

a. The S3 bucket policy must be wrong
b. The user is lacking permission
c. The IAM user must have an explicit DENY in the attached IAM policy
d. You need to contact AWS Support to lift this limit

Answer 97

c. The IAM user must have an explicit DENY in the attached IAM policy

Explicit DENY in an IAM Policy will take precedence over an S3 bucket policy.

Question 98

You want the content of an S3 bucket to be fully available in different AWS Regions. That will help your team perform data analysis at the lowest latency and cost possible. What S3 feature should you use?

a. Amazon CloudFront Distributions
b. S3 Versioning
c. S3 Static Website Hosting
d. S3 Replication

Answer 98

d. S3 Replication

S3 Replication allows you to replicate data from an S3 bucket to another in the same/different AWS Region.

Question 99

You have 3 S3 buckets. One source bucket A, and two destination buckets B and C in different AWS Regions. You want to replicate objects from bucket A to both bucket B and C. How would you achieve this?

a. Configure replication from bucket A to Bucket B, then from bucket A to Bucket C
b. Configure replication from bucket A to Bucket B, then from Bucket B to C
c. Configure replication from bucket A to bucket C, then from bucket C to buckete B

Answer 99

a. Configure replication from bucket A to Bucket B, then from bucket A to Bucket C

Question 100

Which of the following is NOT a Glacier Deep Archive retrieval mode?

a. Expedited (1-5 minutes)
b. Standar (12 hours)
c. Bulk (48 hours)

Answer 100

a. Expedited (1-5 minutes)

Question 101

Which of the following is NOT a Glacier Flexible retrieval mode?

a. Instant (10 seconds)
b. Expedited (1-5 minutes)
c. Standard (3-5 hours)
d. Bulk (5-12 hours)

Answer 101

a. Instant (10 seconds)

Question 102

How can you be notified when there’s an object uploaded to your S3 bucket?

a. S3 Select
b. S3 Access Logs
c. S3 Event Notifications
d. S3 Analytics

Answer 102

c. S3 Event Notifications

Question 103

You have an S3 bucket that has S3 Versioning enabled. This S3 bucket has a lot of objects, and you would like to remove old object versions to reduce costs. What’s the best approach to automate the deletion of these old object versions?

a. S3 Lifecycle Rules - Transition Actions
b. S3 Lifecycle Rules - Expiration Actions
c. S3 Access Logs

Answer 103

b. S3 Lifecycle Rules - Expiration Actions

Question 104

How can you automate the transition of S3 objects between their different tiers?

a. AWS Lambda
b. CloudWatch Events
c. S3 Lifecycle Rules

Answer 104

c. S3 Lifecycle Rules

Question 105

While you’re uploading large files to an S3 bucket using Multi-part Upload, there are a lot of unfinished parts stored in the S3 bucket due to network issues. You are not using these unfinished parts and they cost you money. What is the best approach to remove these unfinished parts?

a. Use AWS Lambda to loop each old/unfinished part and delete them
b. Request AWS Support to help you delete old/unfinished parts
c. Use an S3 Lifecycle Policy to automate old/unfinished parts deletion

Answer 105

c. Use an S3 Lifecycle Policy to automate old/unfinished parts deletion

Question 106

You are looking to get recommendations for S3 Lifecycle Rules. How can you analyze the optimal number of days to move objects between different storage tiers?

a. S3 Inventory
b. S3 Analytics
c. S3 Lifecycle Rules Advisor

Answer 106

b. S3 Analytics

Question 107

You are looking to build an index of your files in S3, using Amazon RDS PostgreSQL. To build this index, it is necessary to read the first 250 bytes of each object in S3, which contains some metadata about the content of the file itself. There are over 100,000 files in your S3 bucket, amounting to 50 TB of data. How can you build this index efficiently?

a. Use the RDS Import feature to load the data from S3 to PostgreSQL, and run a SQL query to build the index
b. Create an application that will traverse the S3 bucket, read all the files one by one, extract the first 250 bytes, and store that information in RDS
c. Create an application that will traverse the S3 bucket, issue a Byte Range Fetch for the first 250 bytes, and store that information in RDS
d. Create an application that will traverse the S3 bucket, use S3 Select to get the first 250 bytes, and store that information in RDS

Answer 107

c. Create an application that will traverse the S3 bucket, issue a Byte Range Fetch for the first 250 bytes, and store that information in RDS

Question 108

You have a large dataset stored on-premises that you want to upload to the S3 bucket. The dataset is divided into 10 GB files. You have good bandwidth but your Internet connection isn’t stable. What is the best way to upload this dataset to S3 and ensure that the process is fast and avoid any problems with the Internet connection?

a. Use Multi-part Upload only
b. Use S3 Select & Use S3 Transfer Acceleration
c. Use S3 Multi-part Upload & S3 Transfer Accleration

Answer 108

c. Use S3 Multi-part Upload & S3 Transfer Accleration

Question 109

You would like to retrieve a subset of your dataset stored in S3 with the .csv format. You would like to retrieve a month of data and only 3 columns out of 10, to minimize compute and network costs. What should you use?

a. S3 Analytics
b. S3 Access Logs
c. S3 Select
d. S3 Inventory

Answer 109

c. S3 Select

Question 110

A company is preparing for compliance and regulatory review on its infrastructure on AWS. Currently, they have their files stored on S3 buckets that are not encrypted, which must be encrypted as required for compliance and regulatory review. Which S3 feature allows them to encrypt all files in their S3 buckets in the most efficient and cost-effective way?

a. S3 Access Points
b. S3 Cross-Region Replication
c. S3 Batch Operation
d. S3 Lifecycle Rules

Answer 110

c. S3 Batch Operation

Question 111

Your client wants to make sure that file encryption is happening in S3, but he wants to fully manage the encryption keys and never store them in AWS. You recommend him to use ……………………….

a. SSE-S3
b. SSE-KMS
c. SSE-C
d. Client-Side Encryption

Answer 111

c. SSE-C

With SSE-C, the encryption happens in AWS and you have full control over the encryption keys.

Question 112

A company you’re working for wants their data stored in S3 to be encrypted. They don’t mind the encryption keys stored and managed by AWS, but they want to maintain control over the rotation policy of the encryption keys. You recommend them to use ………………..

a. SSE-S3
b. SSE-KMS
c. SSE-C
d. Client-Side Encryption

Answer 112

b. SSE-KMS

With SSE-KMS, the encryption happens in AWS, and the encryption keys are managed by AWS but you have full control over the rotation policy of the encryption key. Encryption keys stored in AWS.

Question 113

Your company does not trust AWS for the encryption process and wants it to happen on the application. You recommend them to use ………………..

a. SSE-S3
b. SSE-KMS
c. SSE-C
d. Client-Side Encryption

Answer 113

d. Client-Side Encryption

With Client-Side Encryption, you have to do the encryption yourself and you have full control over the encryption keys. You perform the encryption yourself and send the encrypted data to AWS. AWS does not know your encryption keys and cannot decrypt your data.

Question 114

You have a website that loads files from an S3 bucket. When you try the URL of the files directly in your Chrome browser it works, but when a website with a different domain tries to load these files it doesn’t. What’s the problem?

a. The Bucket policy is wrong
b. The IAM policy is wrong
c. CORS is wrong
d. Encryption is wrong

Answer 114

c. CORS is wrong

Cross-Origin Resource Sharing (CORS) defines a way for client web applications that are loaded in one domain to interact with resources in a different domain. To learn more about CORS, go here: https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html

Question 115

An e-commerce company has its customers and orders data stored in an S3 bucket. The company’s CEO wants to generate a report to show the list of customers and the revenue for each customer. Customer data stored in files on the S3 bucket has sensitive information that we don’t want to expose in the report. How do you recommend the report can be created without exposing sensitive information?

a. Use S3 Object Lambda to change the objects before they retrieved by the report generator application
b. Create another S3 bucket. Create a lambda function to process each file, remove the sensitive information, and then move them to the new S3 bucket
c. Use S3 Object Lock to lock the sensitive information from being fetched by the report generator application

Answer 115

a. Use S3 Object Lambda to change the objects before they retrieved by the report generator application

Question 116

You suspect that some of your employees try to access files in an S3 bucket that they don’t have access to. How can you verify this is indeed the case without them noticing?

a. Enabl S3 Access Logs and analyze them using Athena
b. Restrict their IAM policies and look at CloudTrail logs
c. Use a bucket policy

Answer 116

a. Enabl S3 Access Logs and analyze them using Athena

S3 Access Logs log all the requests made to S3 buckets and Amazon Athena can then be used to run serverless analytics on top of the log files.

Question 117

You are looking to provide temporary URLs to a growing list of federated users to allow them to perform a file upload on your S3 bucket to a specific location. What should you use?

a. S3 CORS
b. S3 Pre-Signed URL
c. S3 Bucket Policies

Answer 117

b. S3 Pre-Signed URL

S3 Pre-Signed URLs are temporary URLs that you generate to grant time-limited access to some actions in your S3 bucket.

Question 118

For compliance reasons, your company has a policy mandate that database backups must be retained for 4 years. It shouldn’t be possible to erase them. What do you recommend?

a. Glacier Vaults with Vault Lock Policies
b. EFS network drives with restrictive Linux permissions
c. S3 with Bucket Policies

Answer 118

a. Glacier Vaults with Vault Lock Policies

Question 119

You would like all your files in an S3 bucket to be encrypted by default. What is the optimal way of achieving this?

a. Use a bucket policy that forces HTTPS connections
b. Do nothing, Amazon S3 automatically encrypt new objects using Server-Side Encryption with S3-Managed Keys(SSE-S3)
c. Enable Versioning

Answer 119

b. Do nothing, Amazon S3 automatically encrypt new objects using Server-Side Encryption with S3-Managed Keys(SSE-S3)

Question 120

You have enabled versioning and want to be extra careful when it comes to deleting files on an S3 bucket. What should you enable to prevent accidental permanent deletions?

a. Use a bucket policy
b. Enable MFA delete
c. Encrypt the files
d. Disable versioning

Answer 120

b. Enable MFA delete

MFA Delete forces users to use MFA codes before deleting S3 objects. It’s an extra level of security to prevent accidental deletions.

Question 121

A company has its data and files stored on some S3 buckets. Some of these files need to be kept for a predefined period of time and protected from being overwritten and deletion according to company compliance policy. Which S3 feature helps you in doing this?

a. S3 Object Lock - Retention Governance Mode
b. S3 Versioning
c. S3 Object Lock - Retention Compliance Mode
d. S3 Glacier Vault Lock

Answer 121

c. S3 Object Lock - Retention Compliance Mode

Question 122

Which of the following S3 Object Lock configuration allows you to prevent an object or its versions from being overwritten or deleted indefinitely and gives you the ability to remove it manually?

a. Retention Governance Mode
b. Retention Compliance Mode
c. Legal Hold

Answer 122

c. Legal Hold

Question 123

You have a CloudFront Distribution that serves your website hosted on a fleet of EC2 instances behind an Application Load Balancer. All your clients are from the United States, but you found that some malicious requests are coming from other countries. What should you do to only allow users from the US and block other countries?

a. Use CloudFront Geo Restriction
b. Use Origin Access Control
c. Setup a security group and attach it to your CloudFront Distribution
d. Use a Route 53 Latency record and attach it to CloudFront

Answer 123

a. Use CloudFront Geo Restriction

Question 124

You have a static website hosted on an S3 bucket. You have created a CloudFront Distribution that points to your S3 bucket to better serve your requests and improve performance. After a while, you noticed that users can still access your website directly from the S3 bucket. You want to enforce users to access the website only through CloudFront. How would you achieve that?

a. Send an email to your clients and tell them to not use the S3 endpoint
b. Configure your CloudFront Distribution and create an Origin Access Control(OAC), then update your S3 bucket Policy to only accept requests from your CloudFront Distribution
c. Use S3 Access Points to redirect clients to CloudFront

Answer 124

b. Configure your CloudFront Distribution and create an Origin Access Control(OAC), then update your S3 bucket Policy to only accept requests from your CloudFront Distribution

Question 125

What does this S3 bucket policy do?

{

"Version": "2012-10-17",

"Id": "Mystery policy",

"Statement": [{

    "Sid": "What could it be?",

    "Effect": "Allow",

    "Principal": {

       "Service": "cloudfront.amazonaws.com"

    },

    "Action": "s3:GetObject",

    "Resource": "arn:aws:s3:::examplebucket/*",
    "Condition": {
        "StringEquals": {
            "AWS:SourceArn": "arn:aws:cloudfront::123456789012:distribution/EDFDVBD6EXAMPLE"
        }
    }

}]

}

a. Forces GetObject request to be encrypted if coming from CloudFront
b. Only allows the S3 bucket content to be accessed from your CloudFront Distribution
c. Only allows GetObject type of request on the S3 bucket from anybody

Answer 125

b. Only allows the S3 bucket content to be accessed from your CloudFront Distribution

Question 126

A WordPress website is hosted in a set of EC2 instances in an EC2 Auto Scaling Group and fronted by a CloudFront Distribution which is configured to cache the content for 3 days. You have released a new version of the website and want to release it immediately to production without waiting for 3 days for the cached content to be expired. What is the easiest and most efficient way to solve this?

a. Open a support ticket with AWS Support to remove the CLoudFront Cache
b. CloudFront Cache Invalidation
c. EC2 Cache Invalidation

Answer 126

b. CloudFront Cache Invalidation

Question 127

A company is deploying a media-sharing website to AWS. They are going to use CloudFront to deliver the content with low latency to their customers where they are located in both US and Europe only. After a while there a huge costs for CloudFront. Which CloudFront feature allows you to decrease costs by targeting only US and Europe?

a. CloudFront Cache Invalidation
b. CloudFront Price Classes
c. CloudFront Cache Behavior
d. Origin Access Control

Answer 127

b. CloudFront Price Classes

Question 128

A company is migrating a web application to AWS Cloud and they are going to use a set of EC2 instances in an EC2 Auto Scaling Group. The web application is made of multiple components so they will need a host-based routing feature to route to specific web application components. This web application is used by many customers and therefore the web application must have a static IP address so it can be whitelisted by the customers’ firewalls. As the customers are distributed around the world, the web application must also provide low latency to all customers. Which AWS service can help you to assign a static IP address and provide low latency across the globe?

a. AWS Global Accelerator + Application Load Balancer
b. Amazon CloudFront
c. Network Load Balancer
d. Application Load Balancer

Answer 128

a. AWS Global Accelerator + Application Load Balancer

Question 129

You need to move hundreds of Terabytes into Amazon S3, then process the data using a fleet of EC2 instances. You have a 1 Gbit/s broadband. You would like to move the data faster and possibly processing it while in transit. What do you recommend?

a. Use your network
b. Use Snowcone
c. Use AWS data migration
d. Use Snowball Edge

Answer 129

d. Use Snowball Edge

Snowball Edge is the right answer as it comes with computing capabilities and allows you to pre-process the data while it’s being moved into Snowball.

Question 130

You want to expose virtually infinite storage for your tape backups. You want to keep the same software you’re using and want an iSCSI compatible interface. What do you use?

a. AWS Snowball
b. AWS Storage Gateway - Tape Gateway
c. AWS Storage Gateway - Volume Gateway
d. AWS Storage Gateway - S3 File Gateway

Answer 130

b. AWS Storage Gateway - Tape Gateway

Question 131

Your EC2 Windows Servers need to share some data by having a Network File System mounted on them which respects the Windows security mechanisms and has integration with Microsoft Active Directory. What do you recommend?

a. Amazon Fsx for Windows (File Server)
b. Amazon EFS
c. Amazon Fsx for Lustre
d. S3 File Gateway

Answer 131

a. Amazon Fsx for Windows (File Server)

Question 132

You have hundreds of Terabytes that you want to migrate to AWS S3 as soon as possible. You tried to use your network bandwidth and it will take around 3 weeks to complete the upload process. What is the recommended approach to using in this situation?

a. AWS Storage Gateway - Volume Gateway
b. S3 Multi-part Upload
c. AWS Snowball Edge
d. AWS Data Migration Service

Answer 132

c. AWS Snowball Edge

Question 133

You have a large dataset stored in S3 that you want to access from on-premises servers using the NFS or SMB protocol. Also, you want to authenticate access to these files through on-premises Microsoft AD. What would you use?

a. AWS Storage Gateway - Volume Gateway
b. AWS Storage Gateway - S3 File Gateway
c. AWS Storage Gateway - Tape Gateway
d. AWS Data Migration Service

Answer 133

b. AWS Storage Gateway - S3 File Gateway

Question 134

You are planning to migrate your company’s infrastructure from on-premises to AWS Cloud. You have an on-premises Microsoft Windows File Server that you want to migrate. What is the most suitable AWS service you can use?

a. Amazon Fsx for Windows (File Server)
b. Amazon Storage Gateway - S3 File Gateway
c. AWS Managed Microsoft AD

Answer 134

a. Amazon Fsx for Windows (File Server)

Question 135

You would like to have a distributed POSIX compliant file system that will allow you to maximize the IOPS in order to perform some High-Performance Computing (HPC) and genomics computational research. This file system has to easily scale to millions of IOPS. What do you recommend?

a. EFS with Max. IO enabled
b. Amazon Fsx for Lustre
c. Amazon S3 mounted on the EC2 instances
d. EC2 instance store

Answer 135

b. Amazon Fsx for Lustre

Question 136

Which deployment option in the FSx file system provides you with long-term storage that’s replicated within AZ?

a. Scratch File System
b. Persistent File System

Answer 136

b. Persistent File System

Provides long-term storage where data is replicated within the same AZ. Failed files were replaced within minutes.

Question 137

Which of the following protocols is NOT supported by AWS Transfer Family?

a. File Transfer Protocol(FTP)
b. File Transfer Protocol over SSL (FTPS)
c. Transport Layer Security (TLS)
d. Secure File Transfer Protocol (SFTP)

Answer 137

c. Transport Layer Security (TLS)

AWS Transfer Family is a managed service for file transfers into and out of S3 or EFS using the FTP protocol, thus TLS is not supported.

Question 138

A company uses a lot of files and data which is stored in an FSx for Windows File Server storage on AWS. Those files are currently used by the resources hosted on AWS. There’s a requirement for those files to be accessed on-premises with low latency. Which AWS service can help you achieve this?

a. S3 File Gateway
b. Fsx for Windows File Server On-Premise
c. Fsx File Gateway
d. Volume Gateway

Answer 138

c. Fsx File Gateway

Question 139

A Solutions Architect is working on planning the migration of a startup company from on-premises to AWS. Currently, their infrastructure consists of many servers and 30 TB of data hosted on a shared NFS storage. He has decided to use Amazon S3 to host the data. Which AWS service can efficiently migrate the data from on-premises to S3?

a. AWS Storage Tape Gateway
b. Amazon EBS
c. AWS Transfer Family
d. AWS Data Sync

Answer 139

d. AWS Data Sync

Question 140

Which AWS service is best suited to migrate a large amount of data from an S3 bucket to an EFS file system?

a. AWS Snowball
b. AWS DataSync
c. AWS Transfer Family
d. AWS Backup

Answer 140

b. AWS DataSync

Question 141

A Machine Learning company is working on a set of datasets that are hosted on S3 buckets. The company decided to release those datasets to the public to be useful for others in their research, but they don’t want to configure the S3 bucket to be public. And those datasets should be exposed over the FTP protocol. What can they do to do the requirement efficiently and with the least effort?

a. Use AWS Transfer Family
b. Create an EC2 instance with an FTP server installed then copy the data from S3 to the EC2 instance
c. Use AWS Storage gateway
d. Copy the data from S3 to an EFS File system, then expose them over the FTP Protocol

Answer 141

a. Use AWS Transfer Family

Question 142

Amazon FSx for NetApp ONTAP is compatible with the following protocols, EXCEPT ………………

a. NFS
b. SMB
c. FTP
d. iSCSI

Answer 142

c. FTP

Question 143

Which AWS service is best suited when migrating from an on-premises ZFS file system to AWS?

a. Amazon Fsx for OpenZFS
b. Amazon Fsx for NetApp ONTAP
c. Amazon Fsx for Windows File Server
d. Amazon Fsx for Lustre

Answer 143

a. Amazon Fsx for OpenZFS

Question 144

A company is running Amazon S3 File Gateway to host their data on S3 buckets and is able to mount them on-premises using SMB. The data currently is hosted on S3 Standard storage class and there is a requirement to reduce the costs for S3. So, they have decided to migrate some of those data to S3 Glacier. What is the most efficient way they can use to move the data to S3 Glacier automatically?

a. Create a lambda function to migrate data to S3 Glacier and periodically trigger it everyday using Amazon EventBridge
b. Use S3 batch operations to loop through S3 files and move them to S3 Glacier everyday
c. Use S3 lifecycle policy
d. Use AWS DataSync to replicate data to S3 Glacier everyday

Answer 144

c. Use S3 lifecycle policy

Question 145

You have on-premises sensitive files and documents that you want to regularly synchronize to AWS to keep another copy. Which AWS service can help you with that?

a. AWS Database Migration Service
b. Amazon EFS
c. AWS DataSync

Answer 145

c. AWS DataSync

AWS DataSync is an online data transfer service that simplifies, automates, and accelerates moving data between on-premises storage systems and AWS Storage services, as well as between AWS Storage services.

Question 146

You have an e-commerce website and you are preparing for Black Friday which is the biggest sale of the year. You expect that your traffic will increase by 100x. Your website already using an SQS Standard Queue, and you’re running a fleet of EC2 instances in an Auto Scaling Group to consume SQS messages. What should you do to prepare your SQS Queue?

a. Contact AWS Support to pre-warm your SQS Standard Queue
b. Enable Auto Scaling in your SQS queue
c. Increase the capacity of the SQS queue
d. Do nothing, SQS scales automatically

Answer 146

d. Do nothing, SQS scales automatically

Question 147

You have an SQS Queue where each consumer polls 10 messages at a time and finishes processing them in 1 minute. After a while, you noticed that the same SQS messages are received by different consumers resulting in your messages being processed more than once. What should you do to resolve this issue?

a. Enable Long Polling
b. Add DelaySeconds parameter to the messages when being produced
c. Increase the Visibility Timeout
d. Decrease the Visibility Timeout

Answer 147

c. Increase the Visibility Timeout

SQS Visibility Timeout is a period of time during which Amazon SQS prevents other consumers from receiving and processing the message again. In Visibility Timeout, a message is hidden only after it is consumed from the queue. Increasing the Visibility Timeout gives more time to the consumer to process the message and prevent duplicate reading of the message. (default: 30 sec., min.: 0 sec., max.: 12 hours)

Question 148

Which SQS Queue type allows your messages to be processed exactly once and in order?

a. SQS Standard Queue
b. SQS Dead Letter Queue
c. SQS Delay Queue
d. SQS FIFO Queue

Answer 148

d. SQS FIFO Queue

SQS FIFO (First-In-First-Out) Queues have all the capabilities of the SQS Standard Queue, plus the following two features. First, The order in which messages are sent and received are strictly preserved and a message is delivered once and remains available until a consumer process and deletes it. Second, duplicated messages are not introduced into the queue.

Question 149

You have 3 different applications that you’d like to send them the same message. All 3 applications are using SQS. What is the best approach would you choose?

a. Use SQS Replication Feature
b. Use SNS + SQS Fan Out Pattern
c. Send messages individually to 3 SQS queues

Answer 149

b. Use SNS + SQS Fan Out Pattern

This is a common pattern where only one message is sent to the SNS topic and then “fan-out” to multiple SQS queues. This approach has the following features: it’s fully decoupled, no data loss, and you have the ability to add more SQS queues (more applications) over time.

Question 150

You have a Kinesis data stream with 6 shards provisioned. This data stream usually receiving 5 MB/s of data and sending out 8 MB/s. Occasionally, your traffic spikes up to 2x and you get a ProvisionedThroughputExceeded exception. What should you do to resolve the issue?

a. Add more Shards
b. Enable Kinesis Replication
c. Use SQS as a buffer to Kinesis

Answer 150

a. Add more Shards

The capacity limits of a Kinesis data stream are defined by the number of shards within the data stream. The limits can be exceeded by either data throughput or the number of reading data calls. Each shard allows for 1 MB/s incoming data and 2 MB/s outgoing data. You should increase the number of shards within your data stream to provide enough capacity.

Question 151

You have a website where you want to analyze clickstream data such as the sequence of clicks a user makes, the amount of time a user spends, and where the navigation begins and how it ends. You decided to use Amazon Kinesis, so you have configured the website to send these clickstream data all the way to a Kinesis data stream. While you checking the data sent to your Kinesis data stream, you found that the users’ data is not ordered and the data for one individual user is spread across many shards. How would you fix this problem?

a. There are too many shards, you should only use 1 shard
b. You shouldn’t use multiple consumers, only one and it should re-order data
c. For each record sent to Kinesis add a partition key that represents the identity of the user

Answer 151

c. For each record sent to Kinesis add a partition key that represents the identity of the user

Kinesis Data Stream uses the partition key associated with each data record to determine which shard a given data record belongs to. When you use the identity of each user as the partition key, this ensures the data for each user is ordered hence sent to the same shard.

Question 152

You are running an application that produces a large amount of real-time data that you want to load into S3 and Redshift. Also, these data need to be transformed before being delivered to their destination. What is the best architecture would you choose?

a. SQS + AWS Lambda
b. SNS + HTTP Endpoint
c. Kinesis Data Streams + Kinesis Data Firehose

Answer 152

c. Kinesis Data Streams + Kinesis Data Firehose

This is a perfect combo of technology for loading data near real-time data into S3 and Redshift. Kinesis Data Firehose supports custom data transformations using AWS Lambda.

Question 153

Which of the following is NOT a supported subscriber for AWS SNS?

a. Amazon Kinesis Data Streams
b. Amazon SQS
c. HTTPS Endpoint
d. AWS Lambda

Answer 153

a. Amazon Kinesis Data Streams

Note: Kinesis Data Firehose is now supported, but not Kinesis Data Streams.

Question 154

Which AWS service helps you when you want to send email notifications to your users?

a. Amazon SQS with AWS Lambda
b. Amazon SNS
c. Amazon Kinesis

Answer 154

b. Amazon SNS

Question 155

You’re running many micro-services applications on-premises and they communicate using a message broker that supports MQTT protocol. You’re planning to migrate these applications to AWS without re-engineering the applications and modifying the code. Which AWS service allows you to get a managed message broker that supports the MQTT protocol?

a. Amazon SQS
b. Amazon SNS
c. Amazon Kinesis
d. Amazon MQ

Answer 155

d. Amazon MQ

Amazon MQ supports industry-standard APIs such as JMS and NMS, and protocols for messaging, including AMQP, STOMP, MQTT, and WebSocket.

Question 156

An e-commerce company is preparing for a big marketing promotion that will bring millions of transactions. Their website is hosted on EC2 instances in an Auto Scaling Group and they are using Amazon Aurora as their database. The Aurora database has a bottleneck and a lot of transactions have been failed in the last promotion they have made as they had a lot of transaction and the Aurora database wasn’t prepared to handle these too many transactions. What do you recommend to handle those transactions and prevent any failed transactions?

a. Use SQS as a buffer to write to Aurora
b. Host the website in AWS Fargate instead of EC2 instances
c. Migrate Aurora to RDS for SQL Server

Answer 156

a. Use SQS as a buffer to write to Aurora

Question 157

A company is using Amazon Kinesis Data Streams to ingest clickstream data and then do some analytical processes on it. There is a campaign in the next few days and the traffic is unpredictable which might grow up to 100x. What Kinesis Data Stream capacity mode do you recommend?

a. Provisioned Mode
b. On-demant Mode

Answer 157

b. On-demant Mode

Question 158

You have multiple Docker-based applications hosted on-premises that you want to migrate to AWS. You don’t want to provision or manage any infrastructure; you just want to run your containers on AWS. Which AWS service should you choose?

a. Elastic Container Service (ECS) in EC2 Launch Mode
b. Elastic Container Registry (ECR)
c. AWS Fargate on ECS

Answer 158

c. AWS Fargate on ECS

AWS Fargate allows you to run your containers on AWS without managing any servers.

Question 159

Amazon Elastic Container Service (ECS) has two Launch Types: ……………… and ………………

a. Amazon EC2 Launch Type and Fargate Launch Type
b. Amazon EC2 Launch Type and EKS Launch Type
c. Fargate Launch Type and EKS Launch Type

Answer 159

a. Amazon EC2 Launch Type and Fargate Launch Type

Question 160

You have an application hosted on an ECS Cluster (EC2 Launch Type) where you want your ECS tasks to upload files to an S3 bucket. Which IAM Role for your ECS Tasks should you modify?

a. EC2 Instance Profile
b. ECS Task Role

Answer 160

b. ECS Task Role

ECS Task Role is the IAM Role used by the ECS task itself. Use when your container wants to call other AWS services like S3, SQS, etc.

Question 161

You’re planning to migrate a WordPress website running on Docker containers from on-premises to AWS. You have decided to run the application in an ECS Cluster, but you want your docker containers to access the same WordPress website content such as website files, images, videos, etc. What do you recommend to achieve this?

a. Mount an EFS volume
b. Mount an EBS volume
c. Use an EC2 Instance Store

Answer 161

a. Mount an EFS volume

EFS volume can be shared between different EC2 instances and different ECS Tasks. It can be used as a persistent multi-AZ shared storage for your containers.

Question 162

You are deploying an application on an ECS Cluster made of EC2 instances. Currently, the cluster is hosting one application that is issuing API calls to DynamoDB successfully. Upon adding a second application, which issues API calls to S3, you are getting authorization issues. What should you do to resolve the problem and ensure proper security?

a. Edit the EC2 instance role to add permissions to S3
b. Create an IAM task role for the new application
c. Enable the Fargate mode
d. Edit the S3 bucket policy to allow the ECS task

Answer 162

b. Create an IAM task role for the new application

Question 163

You are migrating your on-premises Docker-based applications to Amazon ECS. You were using Docker Hub Container Image Library as your container image repository. Which is an alternative AWS service which is fully integrated with Amazon ECS?

a. AWS Fargate
b. Elastic Container Registry(ECR)
c. Elastic Kubernetes Service(EKS)
d. Amazon EC2

Answer 163

b. Elastic Container Registry(ECR)

Amazon ECR is a fully managed container registry that makes it easy to store, manage, share, and deploy your container images. ECR is fully integrated with Amazon ECS, allowing easy retrieval of container images from ECR while managing and running containers using ECS.

Question 164

Amazon EKS supports the following node types, EXCEPT ………………..

a. Managed Node Groups
b. Self- Managed Nodes
c. AWS Fargate
d. AWS Lambda

Answer 164

d. AWS Lambda

Question 165

A developer has a running website and APIs on his local machine using containers and he wants to deploy both of them on AWS. The developer is new to AWS and doesn’t know much about different AWS services. Which of the following AWS services allows the developer to build and deploy the website and the APIs in the easiest way according to AWS best practices?

a. AWS App Runner
b. EC2 Instances + Application Load Balancer
c. Amazon ECS
d. AWS Fargate

Answer 165

a. AWS App Runner