Test 5

Question 1

What 3 services can Kinesis save the data to?

Answer 1

• Dynamodb
• S3
• Redshift

Question 2

What file permission will throw an “Unprotected Private Key File” error?

Answer 2

0777

Question 3

What support plan provides:

1. ) 24x7 access to customer service, documentation, whitepapers, and support forums.
2. ) Access to full set of Trusted Advisor checks

Answer 3

Business

Question 4

What is AWS Cognito?

Answer 4

It provides authentication, authorization, and user management for your web and mobile apps. Your users can sign in directly with a user name and password, or through a third party such as Facebook, Amazon, or Google

Question 5

What is AWs WAF?

Answer 5

It is a web application firewall that helps protect your web applications from common web exploits.

Question 6

What are 2 managed services by AWS (you dont have to worry about OS patches etc)?

Answer 6

• RDS

- Dynamodb

Question 7

How do you ensure that employees who are responsible for the UAT instances don’t have the access to work on the production instances?

Answer 7

Define the tags on the UAT and Production servers and add a condition in the IAM Policy which allows access to those specific tags.

Question 8

What could be the cause of 1 of multiple Availability Zones behind a load balancer are not receiving traffic?

Answer 8

The problem Availability Zone has not been properly added to the load balancer.

Question 9

What can you use to configure a fleet of EC2 instances without having to shh into each instance?

Answer 9

Run command - AWS Systems Manager Run Command lets you remotely and securely manage the configuration of your managed instances

Question 10

In the event of system failure on the primary database instance, what happens to Amazon Aurora during the failover?

Answer 10

• Aurora will first attempt to create a new DB instance in the same AZ as the original.
• If unsuccessful, Aurora will create a new DB instance in a different AZ

Question 11

Which section of the Cloudformation template should you configure to get the Domain Name Server hostname of the ELB upon the creation of the AWS stack?

Answer 11

Outputs

Question 12

What is the default setting for Cloudtrail log encryption?

Answer 12

CloudTrail event log files are encrypted using Amazon S3 server-side encryption (SSE).

Question 13

How can you apply a group of database-specific settings to all of your Relational Database Instances?

Answer 13

Parameter Groups: You manage your DB engine configuration through the use of parameters in a DB parameter group.

Question 14

How should you configure the public DNS zone apex record to point to the load balancer?

Answer 14

Create an A record aliased to the load balancer DNS name

Question 15

How do you provide access to S3 data to another service without involving the internet?

Answer 15

Use a Gateway VPC Endpoint

Question 16

In EBS encryption, what service does AWS use to secure the volume’s data at rest?

Answer 16

• By using your own keys in AWs Key Management Service (KMS)

- By using Amazon-managed keys in Amazon Key Management Service (KMS)

Question 17

What is Amazon Cloud HSM?

Answer 17

It provides a secure key storage in tamper-resistant hardware in a single Availability Zone.

Question 18

How do you capture the detailed information of all HTTP requests that went through their public-facing application load balancer every five minutes?

Answer 18

Enable Access Logs on the application load balancer

Question 19

What services use VPC Gateway Endpoint?

Answer 19

• S3

- DynamoDB

Question 20

What services do NOT use VPC Interface Endpoint?

Answer 20

• S3

- DynamoDB

Question 21

What VPC Endpoint type do S3 and DynamoDB use?

Answer 21

VPC Gateway Endpoint