Things To Know Flashcards
Learn important topics to pass the AWS Certified Solutions Associate
You have heavy load on your RDS database which is now the maximum available size possible. Which two of the following AWS technologies should you use to further ease the load?
RDS Read Replica, ElastiCache - You could use RDS Read Replica or ElastiCache to further offset load.
You have a very heavily-trafficked Wordpress blog that has approximately 95% read traffic and 5% write traffic. You notice that the blog is getting slower and slower. You discover that the bottleneck is in your RDS instance. Which two of the following answers can improve your Wordpress blog’s performance?
Create a number of read replicas and update tge connection strings on ec2, elasticache
True or False: You should expect the same latency and throughput performance as Amazon S3 Standard when using Standard - IA.
True - S3 Standard - IA offers the high durability, throughput, and low latency of Amazon S3 Standard, with a low per GB storage price and per GB retrieval fee.
True or False: An Amazon Cluster Placement Group can be stretched across multiple availability zones?”
False - Because of the low latency required for a cluster placement group, a cluster placement group can only exist within 1 availability zone.
You have built an online dating application that allows users to send and receive photos as they court each other. You need to secure this data and you need to implement server-side encryption to protect this data. You decide that you want server-side encryption provided by Amazon. You will also need to have an audit trail so you can see who used your key to access which object and when, as well as view failed attempts to access data from users without permission to decrypt the data. What out of the box Amazon solution would enable you to achieve this?
AWS SSE-KMS provides an audit trail so you can see who used your key to access which object and when, as well as view failed attempts to access data from users without permission to decrypt the data.
You need to restore an object from Glacier. What 2 ways can you accomplish this?
Using the S3 API, Using the AWS Console
Because Amazon S3 maintains the mapping between your user-defined object name and Amazon Glacier’s system-defined identifier, Amazon S3 objects that are stored using the Amazon Glacier option are only accessible through the Amazon S3 APIs or the Amazon S3 Management Console.
What is the minimum object size for S3 - IA?
Standard - IA is designed for larger objects and has a minimum object size of 128KB. Objects smaller than 128KB in size will incur storage charges as if the object were 128KB.
You need to implement a new web application which allows users to store family photos online in such a way that only invited guests will be able to view the images. Which type of S3 encryption should you choose to maintain full end-to-end control of the encryption/decryption of objects and assure that only encrypted objects are transmitted over the Internet to Amazon S3.
Amazon s3 Encryption Client.
Using an encryption client library, such as the Amazon S3 Encryption Client, you retain control of the keys and complete the encryption and decryption of objects client-side using an encryption library of your choice. Some customers prefer full end-to-end control of the encryption and decryption of objects; that way, only encrypted objects are transmitted over the Internet to Amazon S3.
How can you securely upload or download your data to/from the S3 service?
You can securely upload/download your data to/from Amazon S3 via SSL or HTTP endpoints using HTTPS.
What is the availability of S3 - IA
99.90% - S3 - IA is 99.9% available. Do not confuse availability with durability.
You run a security company which stores highly sensitive PDF’s on S3 with versioning enabled. To ensure MAXIMUM protection of your objects to protect against accidental deletion, what further security measure should you consider using?
Enable Versioning with MFA Delete on your S3 Bucket.
If you enable Versioning with MFA Delete on your Amazon S3 bucket, two forms of authentication are required to permanently delete a version of an object: your AWS account credentials and a valid six-digit code and serial number from an authentication device in your physical possession.
True or False: You can use your existing Microsoft Windows Server licenses with an Amazon EC2 shared tenancy instance.
FALSE. A Dedicated Host is required if you’d like to use your existing Windows Server licenses.
You have an application that stores data in S3, and you need to design an integrated solution providing encryption at rest. You want Amazon to handle key management and protection using multiple layers of security. Which S3 encryption option should you use?
SSE-S3 uses managed keys and one of the strongest block ciphers available, AES-256, to secure your data at rest.
Which of the following protocols is not supported with an Elastic Load Balancer
RDS,SSH are not supported.
Amazon’s ELB supports the following protocols - “HTTP, HTTPS, TCP, SSL”
CRR replicates every object-level upload that you make directly to your source bucket. Which of the following also forms a part of that replication?
CRR replicates every object-level upload that you directly make to your source bucket. The metadata and ACLs associated with the object are also part of the replication.
Your application requires highly-available object storage, and must comply with EU privacy laws. As such, no data may be stored outside the EU. Which two of the following options should you consider?
You should use an object based storage solution (such as S3) in European regions.
You back the files that exist on an in-house SAN to S3. You need to minimize cost, however company policy states that objects must be instantly accessible. What S3 storage class should you use?
The best solutions for instant access, but lowest cost would be S3 - Infrequently Accessed storage.
You work for a security company that stores highly sensitive documents on S3. One of your customers has had a security breach and, as a precaution, they have asked you to remove a sensitive PDF from their S3 bucket. You log in to the AWS console using your account and attempt to delete the object. You notice that versioning is turned on, and when you dig a little deeper you discover that you cannot delete the object. What may be the cause of this?
Only the owner of an Amazon S3 bucket can permanently delete a version.
You have developed a file-sharing website for a large corporate entity. They require that the site has regional redundancy. Which S3 service should you use to achieve this?
S3 with Cross-Region Replication (CRR) automatically replicates data across AWS regions. With CRR, every object uploaded to an S3 bucket is automatically replicated to a destination bucket in a different AWS region that you choose.
CRR replicates every object-level upload that you make directly to your source bucket. Which of the following also forms a part of that replication?
CRR replicates every object-level upload that you directly make to your source bucket. The metadata and ACLs associated with the object are also part of the replication.
Which of the following AWS services store data as key-value pairs?
Both DynamoDB and S3 use key-value pairs.
Which of the following services allows you to have root level access to the underlying operating system
You can use SSH to access the underlying operating systems of EMR and EC2.
You’ve been tasked with the implementation of an offsite backup/DR solution. You’ll only be responsible only for flat files and server backup. Which of the following would you include in your proposed solution (select all that apply.)?
EC2 is a compute service not applicable to this scenario. All others could be part of a comprehensive backup/DR solution.
You are auditing your RDS estate and you discover an RDS production database that is not encrypted at rest. This violates company policy and you need to rectify this immediately. What should you do to encrypt the database as quickly and as easy as possible.
At the present time, encrypting an existing DB Instance is not supported. To use Amazon RDS encryption for an existing database, create a new DB Instance with encryption enabled and migrate your data into it.