Training

Question 1

How often are CloudWatch metrics created for an EBS volume?

Answer 1

Every 5 minutes

Question 2

What parameter needs to be disabled to maintain a root volume after instance termination?

Answer 2

Delete on Termination

Question 3

How many EC2 instances can be attached to an EBS volume?

Answer 3

1

Question 4

What is the time interval at which EFS metric data gets sent to CloudWatch?

Answer 4

1 minute

Question 5

If an EBS volume is encrypted at the time of a snapshot, what will be the status of the snapshot?

Answer 5

Encrypted

Question 6

How long do you have to validate your Vault Lock Policy?

Answer 6

24 hours

Question 7

In terms of EBS and instance-store root volumes, what is the default action upon instance termination?

Answer 7

Delete on Termination

Question 8

How many GiB is needed to attain 120 IOPS?

Answer 8

40 GiB

Question 9

How many times can an object be replicated with S3 CRR?

Answer 9

1

Question 10

What is a file gateway used for?

Answer 10

Store and retrieve files.

Question 11

What storage classes are integrated with Amazon EFS?

Answer 11

• Standard-IA

- Standard

Question 12

How long is EFS metric data retained within CloudWatch?

Answer 12

15 months

Question 13

What must be enabled on a database to create Read Replicas?

Answer 13

Enable database backups

Question 14

What are the three main functions of Route 53?

Answer 14

• Health Checks
• DNS (Domain Name System) service
• Domain Registration

Question 15

What is Guard Duty ?

Answer 15

A threat detection service that monitors for threats to AWS accounts and workloads.

Question 16

What is TCO Calculator ?

Answer 16

Estimation of the cost savings to be had by migrating to the AWS Cloud from an on-premises datacenter.

Question 17

What is AWS Cost explorer ?

Answer 17

Visualize, understand, and manage your AWS costs and usage over time.

Question 18

What is AWS SImple Calculator ?

Answer 18

Calculate anticipated billing.

Question 19

Why used stored volumes ?

Answer 19

Store all data locally, but periodically that data is backed up to AWS using snapshots.

Question 20

Why used Cached Volume ?

Answer 20

Store all data in the AWS cloud and cache data locally.

Question 21

What does a route table do?

Answer 21

Directs traffic within a network

Question 22

In the event history of CloudTrail, how many days of events are retained?

Answer 22

90 days

Question 23

What component of a CloudWatch Alarm configuration is defined as the amount of time before notification?

Answer 23

The Period

Question 24

How do CloudWatch Events differ from CloudWatch Alarms?

Answer 24

Events react to patterns, and alarms react to thresholds.

Question 25

What are the 3 state of cloudwatch alarm ?

Answer 25

• OK
• Alarm
• Insufficient_Data

Question 26

What three AWS services can receive CloudWatch Alarm notifications?

Answer 26

• AutoScaling
• EC2
• SNS

Question 27

What databases are compatible with Amazon Aurora?

Answer 27

PostgreSQL

MySQL

Question 28

What is a Hash Function ?

Answer 28

A function to map data of arbitrary size to fixed-size values.

Question 29

What is the maximum number of data copies that Amazon Aurora can lose without affecting writes?

Answer 29

2

Question 30

What CloudWatch metric is used to determine needs for storage type changes?

Answer 30

ReadIOPS/WriteIOPS

Question 31

What is swap usage ?

Answer 31

A metric that displays the amount of hard disk space swapped for lack of RAM.

Question 32

Which important Cloud concepts will an ELB improve?

Answer 32

Fault tolerance

High Availibility

Question 33

What are the four primary benefits of using cloud services ?

Answer 33

High availability, fault tolerant, scalability and elasticity.

Question 34

What is Amazon RDS?

Answer 34

A managed relational database service, where the underlying infrastructure is supported by AWS

Question 35

What is the purpose of CloudTrail?

Answer 35

Log, monitor, and retain account activity related to actions across your AWS infrastructure

Question 36

What is the default maximum number of SNS topics per account?

Answer 36

100 000

Question 37

What is the defaulted limit to the number of SNS subscriptions per topic?

Answer 37

12 500 000

Question 38

What happens to instances in an Auto Scaling Group if it is marked unhealthy?

Answer 38

The instance will terminate and be replaced with a new instance.

Question 39

What are the two main components of Auto Scaling?

Answer 39

Launch configuration and Auto Scaling group

Question 40

What is the purpose of the launch configuration?

Answer 40

It determines the configuration that will be used on EC2 instances that will be launched.

Question 41

What are the two primary ways you are charged for using Lambda?

Answer 41

Execution requests and execution duration

Question 42

Which can be used to execute or invoke Lambda code?

Answer 42

The AWS Console + SNS, S3, and CloudTrail

Question 43

If you are using an ELB to serve HTTP web traffic to EC2 instances, what port(s) must be open on the ELB’s security group?

Answer 43

Port 80

Question 44

What listeners can you configure your Application Load Balancer to accept?

Answer 44

HTTP

HTTPS

Question 45

What mechanism is used to ensure that Port 80 traffic is allowed into a subnet?

Answer 45

Network Access Control Lists (NACLs) can be used to allow and deny communication via a specific port into the subnet.

Question 46

What happens if you launch an EC2 instance without specifying a subnet?

Answer 46

It gets launched into a default subnet in the default VPC.

Question 47

If data is traveling from a customer, over the open internet, to a website you are hosting on an EC2 instance in an AWS VPC, what is the order of components that data will travel through?

Answer 47

IGW -> Route Table -> NACL -> Security Group -> EC2 Instance

Question 48

What is service-link-roles ?

Answer 48

A unique type of IAM role that is linked directly to an AWS service.

Question 49

What is an Instance Profile?

Answer 49

A container for an IAM role that you can use to pass role information to an EC2 instance when the instance starts.

Question 50

What is Confused deputy problem ?

Answer 50

One process tricks another process to do an action it doesn’t have permissions to do

Question 51

What differentiates a role from a user?

Answer 51

• A role can be assumed by multiple identities.

- A role does not have standard long-term credentials.

Question 52

What is a principal ?

Answer 52

An entity that can take an action on an AWS resource. Your administrative IAM user is your first principal. Users, roles, federated users, and applications are all AWS principals.

Question 53

What are Access Levels ?

Answer 53

A way to categorize actions => List, Read, Write, Permissions Management, and Tagging are valid access levels.

Question 54

What is Power User Access ?

Answer 54

Provides full access to AWS services and resources, but does not allow management of Users and groups

Question 55

What is Policy Summary Tables ?

Answer 55

A table that describe the access level, resources, and conditions that are allowed or denied for each service in a policy.

Question 56

What is the rule for nesting IAM Groups?

Answer 56

IAM Groups cannot be nested.

Question 57

What is the relationship between groups and policies?

Answer 57

Many (groups) to many (policies)

Question 58

Besides CloudFront, what are two ways API Gateway can block DDOS attacks from reaching your backend?

Answer 58

• Request Throttling

- Caching API Responses

Question 59

How big can a SQS text message be in size?

Answer 59

256 kb

Question 60

Which messaging service uses standard APIs and protocols such as JMS, NMS, AMQP, STOMP, MQTT, and WebSocket?

Answer 60

Amazon MQ

Question 61

Which ECS mode allows AWS to fully manage the backend infrastructure?

Answer 61

Fargate

Question 62

What is the maximum period that RDS keeps an automated backup?

Answer 62

35 days

Question 63

How many read replicas can you have from one master instance?

Answer 63

5

Question 64

An RDS database’s endpoint is:

Answer 64

• an identifier that can be used to communicate the primary instance
• is represented as a domain name, hostname, or CNAME

Question 65

What is the difference between CloudTrail and CloudWatch Events?

Answer 65

CloudWatch can see events in almost real-time, while CloudTrail can take up to 15 minutes.
CloudWatch Events can take action or use automation based on Rules and State Changes, while CloudTrail is an auditing tool.

Question 66

Which types of data are ideal for Athena to query?

Answer 66

• structured data
• unstructured data
• semi-structured data

Question 67

What is an API endpoint?

Answer 67

It is a location that allows for API interaction

Question 68

What is the longest runtime allowable on a state machine?

Answer 68

Up to 1 year

Question 69

How long, at maximum, will Lambda process a function before it is terminated?

Answer 69

15 minutes

Question 70

What is the role of an API?

Answer 70

It’s a set of functions designed to facilitate communication with other applications.

Question 71

What language is used to configure state machines?

Answer 71

ASL (Amazon State Language)

Question 72

How can you restrict a root user of an Organization Unit account?

Answer 72

By creating and attaching a service control policy

Question 73

What OSI layer is used in VPC peering?

Answer 73

Layer 3

Question 74

What type of IP address can attach to an operating system?

Answer 74

IPv6

Question 75

What are the functions that a NAT gateway provides for IPv4 resources ?

Answer 75

• Shares a single public IP address for a private resource
• Provides private instances a route to the internet
• Translates private to public IPs and vice versa

Question 76

What are the two types of VPC endpoints?

Answer 76

• Interface endpoints

- Gateway endpoints

Question 77

Which of the following are similarities between gateway endpoints and interface endpoints?

Answer 77

• Allow you to connect to a public AWS service without needing a public gateway or public IP
• Both are VPC endpoints
• Both can be used to achieve high availability

Question 78

Which CIDR block is given when IPv6 is allocated to a VPC?

Answer 78

/56

Question 79

Security groups can be shared across _.

Answer 79

• 2 VPCs in the same region
• multiple EC2s instances in a VPC
• AWS accounts in the same region

Question 80

What is the maximum amount (without logging a support ticket) of GSIs per table within DynamoDB?

Answer 80

20

Question 81

How many replicas does DynamoDB provide per table?

Answer 81

3 replicas each in their own AZ

Question 82

In DynamoDB, what is the difference between a scan and a query operation?

Answer 82

A scan will search the whole table, which uses more computing power. A query operation searches for only the primary key attributes, that are more efficient.

Question 83

What are the two types of indexing in DynamoDB?

Answer 83

GSI (global secondary index) and LSI (local secondary index)

Question 84

How many days does Dynamdb maintain continuous point in time backups of your table ?

Answer 84

35 days

Question 85

What is the max limit of access keys an IAM User may possess at a time?

Answer 85

2

Question 86

What is the difference between the two types of policies in an IAM Role?

Answer 86

The trust policy allows identities to assume roles, while the permission policy defines the permissions provided.

Question 87

What is the syntax for ARNs?

Answer 87

arn:partition:service:region:account-id:

Question 88

A Route 53 health check can monitor the health of an HTTP or HTTPS page every

Answer 88

30 and 10 seconds

Question 89

Which record is used to list the mail servers for a domain?

Answer 89

MX Records

Question 90

What split-view DNS (or horizon DNS) in Route 53 allow to do ?

Answer 90

Allows for a private (internal) version of a website while using the same domain name as a public website

Question 91

Which are default records of a zone?

Answer 91

NS and SOA

Question 92

What information does a DNS server hold?

Answer 92

DNS holds and maintains a directory of domain names and IP addresses.

Question 93

Which record is used to set the authoritative servers for a subdomain?

Answer 93

NS record

Question 94

How frequently are you billed for Route 53 health checks?

Answer 94

Per month and are based on the number of checks within the month.

Question 95

Which record maps domain names to their IPv4 address?

Answer 95

A record

Question 96

Which OSI layer’s primary task is to add encryption to a packet?

Answer 96

Presentation

Question 97

What are the benefits of a proxy server?

Answer 97

• Can be installed on an EC2
• Caching of frequently visited sites
• Outbound filtering based on application values

Question 98

Which OSI layer views the request and reply communication as a single session between the client and the server?

Answer 98

Session

Question 99

What is the main function of a firewall?

Answer 99

Monitors and inspects traffic to determine if it should allow/deny access to/from its network.

Question 100

Which layer assigns MAC addresses on devices in a local network?

Answer 100

Datalink

Question 101

Which layers are used in a device to device communication within the same local network?

Answer 101

Datalink and Physical layer

Question 102

Which OSI layer would you place a firewall if you wanted to deny traffic by port number?

Answer 102

Transport Layer

Question 103

Name the OSI layers starting at layer seven and ending at layer one.

Answer 103

Application, Presentation, Session, Transport, Network, Data Link, Physical

Question 104

Which layer is used for device to device communication over intermediate routers?

Answer 104

Network

Question 105

What best describes an IAM role?

Answer 105

A role is something that a user, application or service can “assume” to receive temporary security credentials that provide access to a resource.

Question 106

How many records of the same name does failover routing allow?

Answer 106

2

Question 107

When incrementing Lambda function memory sizing, what is the increment size you are restricted to?

Answer 107

64 MB

Question 108

You receive 429 Error (Throttle Limit) codes when what type of invocation fails?

Answer 108

Synchronous (Not Stream-based)

Question 109

Can we create a nat gateways without elastic IP

Answer 109

No