Timed Mode Set 7 – AWS Certified Solutions Architect Associate

Question 1

What hardware device service comes installed with AWS DataSync?

Answer 1

Snowcone comes pre-installed with DataSync agent.

Question 2

What service can be used with Glue Data Catalog to store and retrieve table metadata for the Amazon S3 data in your AWS account.

Answer 2

Athena.

Question 3

What is a service you can used to visualize Athena SQL queries ?

Answer 3

Amazon QuickSight

Question 4

What is an online tool that provides you with REAL-TIME GUIDANCE to help you provision your resources following AWS best practices?

Answer 4

AWS Trusted Advisor

Question 5

EMR runs on different instance types for different tasks, what are the best instances for each of the types below:

-Primary (Master) node
-Core nodes
-Task nodes

Answer 5

-Primary (Master) node = On-Demand
-Core nodes = On-Demand OR instance-fleet mix
-Task nodes = Spot OR instance-fleet mix

Question 6

What is the best way to automate the creation, retention, and deletion of EBS snapshots?

Answer 6

Amazon Data Lifecycle Manager

Question 7

What is the best way to deploy any serverless or container-based application with increased efficiency, consistency, and control?

Specifically the app is managed by AWS and its Dev friendly.

Answer 7

AWS Proton.

Question 8

Whats the best way to rehost (Lift-and-Shift) an application with the data and OS info from On-Prem to AWS?

Must not interrupt normal business ops.

Answer 8

AWS Application Migration Service (MGN).

This is great for lift and shift (rehost), moving the workload from on prem.

Question 9

What is a requirement for using a Prometheus agent with EKS?

Answer 9

To use Prometheus with EKS you MUST first integrate it with a CloudWatch agent.

Question 10

What is the best way to collect metrics and logs for your EKS cluster?

Answer 10

CloudWatch Container Insights.

Question 11

What AWS services does CW Container Insights support?

Answer 11

-ECS
-EKS
-K8s on EC2
-Fargate (ECS and EKS both)

Question 12

What is the AWS best practice way of automatically starting and stopping an EC2 and/or DB instances based on a predetermined schedule?

Answer 12

AWS Lambda function is the best way to start and stop EC2 and RDS DB instances … With low overhead and cost considerations

Question 13

What AWS service is best for triggering a Lambda function at specific times or intervals?

Answer 13

EventBridge (CloudWatch Events).

Question 14

What Linux service is more comparable to EventBridge?

Answer 14

Cron. Cronjobs.

Eventbridge uses cron format.

Question 15

What is the difference between FSx Lustre with Persistent mode and
Scratch mode?

Answer 15

Persistent is best for sustained throughput
Scratch is designed for temporary storage.

Question 16

What is best to protect DynamoDB tables from accidental write or delete operations?

Answer 16

Enable Point-In-Time Recovery (PITR) in DynamoDB.

PITR is continuous backups, restore. 35 day retention period

Question 17

*Review question 8 on subnets

Answer 17

do it

Question 18

What is a dedicated instance ?

Answer 18

A Dedicated instance runs in a VPC on hardware that’s dedicated to a single customer.

Question 19

Can both Reserved Instance types - Standard AND Convertible - be resold at the RI Marketplace?

Answer 19

Only Standard, NOT Convertible!!!!

Question 20

For an SFTP solution needing high IOPS performance, should you use S3 or EFS?

Answer 20

EFS.

Better IOPS than S3

Question 21

For compliance, what needs to be done to identify if a Log file has been tampered with in CloudTrail?

Answer 21

Enable the CloudTrail Log File Validation feature on all trails.

Question 22

What is the difference between Lambda functions RESOURCE policy and EXECUTION role?

Answer 22

Resource based policy - allows an AWS service to invoke Lambda.

Execution Roles - Allows Lambda access to other AWS services.

Question 23

For S3 lifecycle storage class transitions, how long must objects be stored in the current storage class before they can be transitioned?

(from standard –> IA or OneZone IA, for Example)

Answer 23

objects must be stored in current class for 30 DAYS before moving to 1ZIA or IA.

Question 24

What is best way to centrally manage security group rules across an organization to allow new CIDR ranges and remove old CIDR ranges as needed?

Answer 24

VPC customer-managed prefix list .

Provision a VPC customer-managed prefix list using the AWS CLI or the Amazon VPC console and add the CIDR blocks to be included in the list.

Question 25

How can you securely access one AWS service to another for compliance reasons?

Answer 25

Interface VPC endpoints.

Allows private connection between your VPC and other AWS service endpoints. Powered by AWS PrivateLink.

Question 26

How can an S3 bucket restrict access from specific endpoints, VPCs, IP address ranges, and AWS accounts?

Answer 26

S3 Bucket policy.

Question 27

What AWS service is used to detect software vulnerabilities and unintended network exposure along your AWS workloads ?

Answer 27

Amazon Inspector.

Question 28

How can you ensure that newly created EBS volumes are encrypted?

Answer 28

an IAM policy can be created with condition keys, mandating that any request to create an EBS volume MUST be encrypted.

Question 29

What service can help to remediate noncompliant resources in your environment (ex., non encrypted EBS volumes)?

Answer 29

AWS Config allows you to remediate noncompliant resources that are evaluated by Config rules.

Question 30

What service works with AWS Config to apply remediation on non compliant resources?

Answer 30

AWS Systems Manager.

Uses Automation Documents.

Question 31

What do Automation Documents do?

Answer 31

Automation Documents define the actions to be performed on noncompliant AWS resources evaluated by AWS Config Rules.

Question 32

What AWS service/feature deploys resources closer to a large population in order to deliver applications that require single-digit millisecond latency to end-users?

Answer 32

AWS Local Zones

Question 33

Which AWS Backup Vault mode is best for preventing deletion of backups for a specified period?

Governance or Compliance?

And Why?

Answer 33

Compliance.

Compliance prevents deletion, while governance allows certain users to modify or remove backups.

Question 34

What is Amazon Neptune?

Answer 34

fully-managed graph database service.

Question 35

What are some descriptions of a graph type database that can help to identify a graph type service (Amazon Neptune) on an exam?

Answer 35

complex, relationship-rich data.

“intricate relationships”

Question 36

What is the best service to process large streams of data specifically for GRAPH data?

Neptune Streams or Kinesis Data Streams?

Answer 36

Neptune Streams.

Neptune is designed for Graph data