TJ - Review mode set 3

Question 1

What type of EC2 can be stopped and restarted?

Answer 1

EBS-backed EC2’s

Question 2

What happens when you stop an EBS-backed EC2 instance, that also has an instance store?

Answer 2

the EBS volume is preserved, but the data in any attached instance store volume will be erased

Question 3

T or F: can an EBS-backed EC2 instance have attached Instance Store volumes?

Answer 3

True

Question 4

What happens to an ENI and the EIP when an instance is stopped?

Answer 4

ENI stays attached to the EC2, EIP remains associated with the instance as well.

Question 5

What queries are used for each Aurora endpoint?
1. Cluster endpoint
(Current Primary instance)
2. Reader endpoint
3. custom endpoint
4. Instance endpoint
(a Specific DB instance)

Answer 5

1. to perform DDL/write statements
2. perform queries, read
3. used with clusters with DB instances of different capacities or configurations
4. for more direct control over connections to the DB

Question 6

What scenario does AWS limit the # of EC2s you can create?

Answer 6

There is a vCPU-based On-Demand Instance limit per region. To fix - submit the increase form to AWS and retry the failed requests once approved.

Question 7

How do you ensure that users of AWS accounts are prevented from removing or modifying any rules in AWS Config?

Answer 7

Add the AWS account(s) to an organization unit (OU). Attach a service control policy (SCP) to the OU that restricts access to AWS Config.

Question 8

What is AWS control tower? And can this service restrict access from invoking an action to a specific resource, such as AWS Config, in your AWS account?

Answer 8

AWS Control Tower service is commonly used to set up and govern a secure multi-account AWS environment.

No, Control tower cannot restrict access in your aws account.

Question 9

In a Network ACL, how are rules evaluated ?

Answer 9

Rules are evaluated starting with the lowest numbered rule. As soon as a rule matches traffic, it’s applied immediately regardless of any higher-numbered rule that may contradict it.

Question 10

How many route tables can be associated with one subnet?
How many subnets can be associated with one route table?

Answer 10

One route table per subnet.
Multiple subnets per route table (if needed).

Question 11

When should a customer consider using Multipart Upload to S3 feature?

Answer 11

For objects larger than 100 megabytes

Question 12

What is Select S3? And what do you need to perform an S3 Select operation?

Answer 12

S3 Select enables applications to retrieve only a subset of data from an object by using simple SQL expressions.

Both the bucket’s name and the object key are needed to successfully perform an S3 Select operation.

Question 13

What is needed to create a Launch Template?

Answer 13

-ID of the AMI
-Instance type
-a key pair
-security group
-a block device mapping

Question 14

T or F:
You can’t modify a launch template after you’ve created it

Answer 14

True

Question 15

How do you create “a hub and spoke design for connecting VPCs and on-premises networks”?

Answer 15

AWS Transit Gateway

Question 16

True or False: . VPC peering is supported by using transitive peering relationships.

Answer 16

False

Question 17

Does DX connections support VPC peering?

Answer 17

No

Question 18

What is Expedited retrievals in S3?

Answer 18

allows you to quickly access your data when occasional urgent requests for a subset of archives are required.

Data under 250MB will be retrieved within 1-5 minutes.

Question 19

what is Provisioned capacity in S3?

Answer 19

ensures that your retrieval capacity for expedited retrievals is available when you need it. use case —> workload requires highly reliable and predictable access to a subset of your data in minutes.

Provides up to 150/MB of retrieval throughput.

Question 20

What is Amazon Glacier Select?

Answer 20

Used to perform filtering operations using simple Structured Query Language (SQL) statements directly on your data archive in Glacier.

Key word: SELECT (SQL operation)

Question 21

T or F: RDS automated snapshots are able to be exported to S3 automatically?

Answer 21

False.

automated snapshots must be exported manually to S3.

Question 22

Give definitions for each EC2 placement strategies:
-Cluster
-Partition
-Spread

Answer 22

Cluster – packs instances close together inside an Availability Zone. This strategy enables workloads to achieve the low-latency network performance necessary for tightly-coupled node-to-node communication that is typical of HPC applications.

Partition – spreads your instances across logical partitions such that groups of instances in one partition do not share the underlying hardware with groups of instances in different partitions. This strategy is typically used by large distributed and replicated workloads, such as Hadoop, Cassandra, and Kafka.

Spread – strictly places a small group of instances across distinct underlying hardware to reduce correlated failures.

Question 23

By default, who is the owner of an S3 object?

Answer 23

The account that uploaded the object.

Question 24

How do you make a subnet into a “public subnet”?

Answer 24

Attach it to an internet gateway

Question 25

what is a gateway endpoint?

Answer 25

a gateway that you specify in your route table to access Amazon S3 from your VPC over the AWS network

Question 26

What is a Interface endpoint?

Answer 26

A gateway endpoint with the extended functionality of using private IP addresses to route requests to Amazon S3 from within your VPC, on-premises, or from a different AWS Region.

Question 27

What is the best DB solution for frequent schema changes?

Answer 27

DynamoDB

Question 28

what is AppSync?

Answer 28

Serverless service used to build collaborative apps that keep shared data updated in real-time. Interacts with multiple data sources (SQL, NoSQL, REST, microservices, etc.)

Question 29

How long is the default record storage retention for KDS?

Answer 29

24 hours.

Question 30

Can you enable hibernation mode on an EC2 once it has been launched?

Answer 30

No.

To enable hibernation on your application you need to migrate it to a hibernation enabled EC2

Question 31

What do you do if you need to have hibernation mode on an application on EC2 that is already running?

Answer 31

Migrate the application to an EC2 instance with hibernation enabled

Question 32

When provisioning DDB, is auto scaling enabled by default for the following methods?

-Via AWS CLI?
-Via AWS console?

Answer 32

AWS CLI - No.
AWS console - Yes.

Question 33

What is the default behavior of EBS root device volumes upon termination of EC2s?

Answer 33

root volumes are automatically deleted when the instance terminates

Question 34

An EC2 has an instance store attached and an Elastic IP. What happens when the EC2 is stopped and started?

Answer 34

-The underlying host for the instance is possibly changed
-All data on the attached instance-store devices will be lost.

Question 35

What happens if you stop an EBS-backed EC2 instance with a instance store volume?

Answer 35

The EBS volume is preserved, but the data in any attached instance store volume will be erased.

Question 36

Why would a request for 50 EC2s to be created fail after 20 EC2s were successfully created?

Answer 36

There is a vCPU-based On-Demand Instance limit per region which is why subsequent requests failed. Just submit the limit increase form to AWS and retry the failed requests once approved.

Question 37

An AWS account is set up through AWS organizations. The account will have AWS Config rules set on it. How do you ensure that the account admin is prevented from modifying rules in AWS config?

Answer 37

Add the AWS account to an organization unit (OU). Attach a service control policy (SCP) to the OU that restricts access to AWS Config.

You cannot have an SCP without an OU (inside of AWS Organizations)

Question 38

What are SCPs in AWS?

Answer 38

Service control policies (SCPs) are a type of organization policy that you can use to manage permissions in your organization.

First, enable an OU in AWS Organizations. Then add your account to an OU. And then create and add an SCP to the OU.

Question 39

What happens while your On-Demand EC2 instance is preparing to hibernate with a stopping state?

Answer 39

You will still be billed as this EC2 is preparing to hibernate

**You will not billed if it is preparing to stop

Question 40

How does billing work for a reserved instance?

Answer 40

You will be billed for the entirety of the term of your contract. Even if the instance is terminated or stopped.

Question 41

For S3 event notifications, what is the API (JSON) notation needed to notify when a new object is added to a bucket?

Answer 41

s3:ObjectCreated:*

Question 42

For S3 event notifications, what is the API (JSON) notation needed to notify when a versioned object is permanently deleted OR an object is removed from a bucket?

-s3:ObjectRemoved:Delete
-s3:ObjectRemoved:*
-s3:ObjectRemoved:DeleteMarkerCreated

Answer 42

s3:ObjectRemoved:Delete

Question 43

What type of setup in AWS will allow multiple domains to serve SSL traffic without the need to reauthenticate and re provision your certificate everytime you add a new domain?

Answer 43

Upload all SSL certificates of the domains in the ALB using the console and bind multiple certificates to the same secure listener on your load balancer. ALB will automatically choose the optimal TLS certificate for each client using Server Name Indication (SNI).

Question 44

What is SNI?

Answer 44

An extension of the Transport Layer Security protocol, which allows multiple domains to serve SSL traffic over the same IP address by including the hostname which the viewers are trying to connect to.

Question 45

What is a wildcard certificate?

Answer 45

A wildcard certificate is a digital certificate that is applied to one main domain and all its subdomains.

Question 46

How do you improve the overall performance of DynamoDB and make it more scalable while keeping the costs low?

Answer 46

• Enable DynamoDB Accelerator (DAX) and ensure that the Auto Scaling is enabled and increase the maximum provisioned read and write capacity.
• Use API Gateway in conjunction with Lambda and turn on the caching on frequently accessed data and enable DynamoDB global replication.

Question 47

What is AWS Database Migration Service?

Answer 47

Migrate your databases to AWS with virtually no downtime.

Continuous Replication to the target, allowing the source database to be fully operational during the migration process.

Question 48

What is a way to ensure users only access content from cloudfront and not the origin (S3)?

Answer 48

-Require that your users access your private content by using special CloudFront signed URLs or signed cookies.
-Restrict access to files in the origin by creating an origin access identity (OAI) and give it permission to read the files in the bucket.

Question 49

When storing application values or parameters, what is most cost effective solution - Secrets manager or AWS Systems Manager Parameter Store?

Answer 49

AWS Systems Manager Parameter Store, specifically by using the SecureString type parameters feature.

Secrets manager also works but there is a COST. So for questions regarding cost, Systems Manager is best.