Tutorial Dojo

Question 1

AWS Transit Gateway provides ___ design for connecting VPCs and on-premise networks.

Answer 1

Hub and Spoke

Question 2

Hybrid Connectivity (VPN/Direct Connect) to a single ____ to control organization’s entire AWS routing.

Answer 2

Transit Gateway

Question 3

Hub and spoke simplifies management and cost because ____ only connect to ____ to gain access to networks

Answer 3

Transit Gateways/VPCs

Question 4

AWS TG and AWS _____ solution simplify management of connections between AVPC and your network over a _____. It also minimizes network costs, improves bandwidth and provides more reliable network experience

Answer 4

Direct Connect/private connection

Question 5

True/False: VPC peering is supported in a Direct Connect connection.

Answer 5

False. VPC Peering does not support transitive peering relationships.

Question 6

What are the three “free” data transfers for S3?

Answer 6

1) In from Internet
2) Out to EC2 instance when in same region as S3 bucket
3) Out to CloudFront

Question 7

GP2 and Provisioned IOPS (io1) are backed by

Answer 7

SSD

Question 8

Throughput Optimized (st1) and Cold (sc1) are backed by

Answer 8

HDD/Magnetic

Question 9

SDD-backed provide better performance when IO is

Answer 9

random or sequential

Question 10

HDD-backed provide better performance when IO is __________ and ________

Answer 10

large AND sequential

Question 11

Provisioned IOPS (io1) are best for I/O intensive workloads such as ____ (3 examples). Therefore, io1 is a better solution for these platforms than [other storage option]_____.

Answer 11

Databases [MongoDB, Oracle, MySQL] / GP2

Question 12

What is Amazon Fargate?

Answer 12

Compute engine for containers w/ECS and Elastic Kubernetes Service (EKS). No over-provisioning.

Question 13

What is Amazon EMR?

Answer 13

Cloud big data platform for processing vast amounts of data using open source tools.

Question 14

True/False: ELB Access logging is enabled by default.

Answer 14

False. It is disabled. Once we turn it on it will store the logs to S3 as compressed files.

Question 15

What is the backing framework for Amazon EMR?

Answer 15

Hadoop.

Question 16

The combined use of IAM _______ and AWS ________ will support autonomy of corporate divisions while enabling governance and oversight.

Answer 16

Cross-Account access and consolidated billing w/ AWS organizations (linking accounts up to parent)

Question 17

Week after a Kinesis Data Stream and Lambda is deployed, users have noticed slowness as data rate increases. There’s a performance issue with Kinesis. What should be done?

Answer 17

Increase shards with UpdateSharedCount command.

Question 18

What are the two types of Kinesis resharding operations?

Answer 18

Split and Merge

Question 19

True/False: you are charged on a per-shard basis for Kinesis.

Answer 19

True. Therefore increasing # of shards increases cost (and vice versa).

Question 20

True/False. There is step scaling in Kinesis.

Answer 20

False. This is only applicable to EC2.

Question 21

What would three pieces of an elastic, scalable web tier solution be?

Answer 21

Elastic Load Balancing, Amazon EC2, and Auto Scaling

Question 22

Which DB solution is best for OLTP

Answer 22

Amazon RDS (not scalable)/Aurora (fully managed)

Question 23

You get a ‘insufficient capacity error’ for a Placement group. What is the correct action to take?

Answer 23

Stop and restart the instances in the placement group and try the launch again.

Question 24

What are the four metrics that CloudWatch monitors by default?

Answer 24

CPU Util
Network Util
Disk performance
Disk Read/Write

Question 25

Enhanced Monitoring metrics are stored for ___ days in CW logs.

Answer 25

30

Question 26

Session State data is best stored in (two items)?

Answer 26

DynamoDB

ElastiCache

Question 27

True/False: DynamoDB is best to store key-value pairs

Answer 27

True.

Question 28

Which database at AWS is best for OLAP?

Answer 28

Redshift

Question 29

What is AWS OpsWorks?

Answer 29

Configuration management service that provides managed instances of Chef and Puppet.

Question 30

What is DynamoDB?

Answer 30

Fast and Flexible NoSQL, fully managed relational DB service.

Question 31

NACLs can be used to control what?

Answer 31

Traffic coming in and out of VPC network

Question 32

NACLs are stateful or stateless [what does that mean]?

Answer 32

Stateless

Stateless means you have to have matching inbound/outbound rules.

Question 33

What is the Amazon service that provides temporary elevated access.

Answer 33

AWS Security Token Service (STS)

Question 34

Which of these subnets provides a range and which provides a specific IP address; /32 /0

Answer 34

/0 is a range of IPs/entire network

/32 is a specific IP

Question 35

Ture or false: Traffic between VPC and other Amazon services do not leave Amazon Network

Answer 35

True.

Question 36

What is an interface endpoint?

Answer 36

ENI w/ private IP; entry point for traffic.

Question 37

What is a gateway endpoint?

Answer 37

Target for specified route in route table; used for traffic to a supported AWS service [S3 / DynamoDB].

Question 38

What are two services that need a gateway endpoint?

Answer 38

S3

DynamoDB

Question 39

True or False. EBS volumes are restricted while snapshots are taken.

Answer 39

False. EBS can be used while snapshots are in progress.

Question 40

When transitioning from STANDARD to STANDARD_IA or ONEZONE_IA what are the constraints (three of them)?

Answer 40

1) Objects smaller than 128k are not transitioned
2) Objects have to be stored 30 days in current storage class before you can transition them.
3) Only objects that are at least 30 days noncurrent can be transferred

Question 41

Limitations on changing storage class do not apply for which classes (three of them)?

Answer 41

INTELLIGENT_TIERING, GLACIER, and DEEP_ARCHIVE

Question 42

What are three things required to access an EC2 instance from the INTERNET?

Answer 42

1) IGW
2) Route to the IGW in the route table of the VPC
3) Public IP address attached to the instance

Question 43

S3 log files are encrypted by either: ____ or you can encrypt with this service

Answer 43

Default Server Side Encryption (SSE)
AWS KMS (Key Management Service)

Question 44

What is the encryption algorithm used by S3?

Answer 44

AES-256

Question 45

How does Aurora handle failure of primary instance?

1) How are replicas/CNAME handled?
2) What if AZ becomes unavailable?
3) What if no replica, and not serverless?

Answer 45

Failover is automatic.

1) If you have a replica, the CNAME is flipped to point to healthy replica (and then that is promoted).
2) Amazon recreates DB in different AZ
3) If you don’t have a replica (and are running serverless), It will attempt to create new DB instance in same AZ.

Question 46

How can you enable DR for Redshift in the event of an AWS region outage

Answer 46

Enable Cross-Region Snapshots

Question 47

NLBs function at what OSI layer?

Answer 47

Layer 4

Question 48

What is BYOIP, which LB is it associated with and what might it be used for?

Answer 48

Bring Your Own IP. You can use it to put an IP onto an Elastic IP that is assigned to an NLB. This can be useful if your IP is already whitelisted to clients.

Question 49

True or False: NAT Instances and NAT Gateways support IPv6.

Answer 49

False. Only IPv4.

Question 50

UDP is at Layer ___ of the OSI and therefore a ____ is the best way to route traffic to multiple targets.

Answer 50

4

Network Load Balancer

Question 51

What is the EC2 CLI way to get a “StateReason”. Why might it be used?

Answer 51

aws ec2 describe-instances

This would show status of EC2 instances, with the reason the state was changed.

Question 52

When using a static webpage, using ____ [for caching] and ____ [for storage] will ensure ideal hosting as it can support html, css, java, and images.

Answer 52

CloudFront

S3

Question 53

What would be used to trace and analyze RESTful API requests?

Answer 53

AWS X-Ray

Question 54

If you want new EBS volumes in a region to be automatically encrypted what step should you take?

Answer 54

Turn on EBS Encryption by Default Feature for the Region.

Question 55

By default, records of a stream in Amazon Kinesis are accessible for up to _____ from the time they are added to the stream. You can raise this limit to up to ____ by enabling extended data retention.

Answer 55

24 hours

7 days

Question 56

NACLS are used to control traffic to an entire VPC, what vehicle can be used to control access to a single EC2 instance?

Answer 56

Security Group

Question 57

If you need to create an AutoScaling fleet of EC2 instances with a new AMI, what step should be taken? Why?

Answer 57

Create a new launch configuration.

You can only specify one launch configuration for an Auto Scaling group at a time, and you can’t modify a launch configuration after you’ve created it. Therefore, if you want to change the launch configuration for an Auto Scaling group, you must create a launch configuration and then update your Auto Scaling group with the new launch configuration.

Question 58

What is the purpose of Lambda@Edge

Answer 58

Run lambda functions to customize content that cloudfront delivers (functions are executed at edge locations)

Question 59

What is HTTP 504?

Answer 59

Gateway timeout

Question 60

With CloudFront, why would you setup an origin group with two origins?

Answer 60

CloudFront would automatically switch over if one origin fails.

Question 61

Which of these two is better for large sets of data? AWS Storage Gateway or AWS DataSync

Answer 61

AWS DataSync

Question 62

The largest object that can be uploaded to S3 is:

Answer 62

5G

Question 63

Real time analytics for lots of records in small sizes batches is best done by what two services? [one to send, one to process]

Answer 63

Kinesis Data Stream

AWS Lambda

Question 64

Non-relational DB In-memory cache that delivers up to 10x performance improvement from milliseconds to microseconds or even at millions of requests per second.

Answer 64

Amazon DynamoDB Accelerator

Question 65

________ improves the performance of your database through caching query results.

Answer 65

ElastiCache

Question 66

True/False. ENI is detached if you stop an EC2 instance.

Answer 66

False

Question 67

True/False. EIP attached to an EC2 instance is ephemeral.

Answer 67

False

Question 68

True/False. Data stored in instance-store devices is ephemeral.

Answer 68

True

Question 69

Relational Databases have rigid schema which means what in relationship to flexibility?

Answer 69

That you have constraints and limits to what can be inserted. Therefore, Relational Databases are no good if you are going to have frequent schema changes.

Question 70

Generally, do relational databases scale well? What is the relational Amazon DB service that does scale well.

Answer 70

No. DynamoDB.

Question 71

Scale-In Operation has three things it will do in determining which instance to terminate. What are they?

Answer 71

AZ with most instances
Instances with oldest launch config
Instance that is closest in next billing hour.

Question 72

SNI _____ relies on the SNI extension of the Transport Layer Security protocol.

Answer 72

Custom SSL

Question 73

What allows multiple domains to serve SSL traffic over the same IP address by including the hostname which the viewers are trying to connect to?

Answer 73

SNI extension of Transport Layer Security Protocol

Question 74

In regard to certificates, CloudFront web distribution with dedicated IP is not cost effective. Why?

Answer 74

Charge begins when you associate your SSL/TLS certificate with your CloudFront distribution. Additionally, dedicated IP is a monthly charge.

Question 75

Read-after-write consistency, low-latency file operations, and multi-system connectivity are associated with what storage solution?

Answer 75

EFS

Question 76

If a shard iterator in Kinesis data stream is expiring, what is a possible solution?

Answer 76

Increase the write capacity assigned to the shard table

Question 77

Regarding size, storage capacity for Dynamo DB is automatically _____ for storage.

Answer 77

Scaled

Question 78

What type of messing service is Amazon SNS?

Answer 78

Pub/Sub

Question 79

Amazon SNS can push to what endpoints (5)?

Answer 79

SQS Queue
Lambda
HTTP Endpoint
eMail
Mobile Device

Question 80

What is the ability to only send certain SNS topics to an endpoint?

Answer 80

Filtering

Question 81

A decoupled application architecture would use what two services at AWS?

Answer 81

Simple Queue Service [SQS]

Simple Workflow Service [SWS]

Question 82

True or False. DynamoDB can be used for real-time tabulations

Answer 82

True.

Question 83

What is the service that keeps collaborative apps with shared data updated in real time and what is the backing DB?

Answer 83

AppSync

DynamoDB

Question 84

Kinesis Data Stream enables [how fast] _________ processing of streaming ______.

Answer 84

Real-time

Big Data

Question 85

True/False. SQS allows for duplicates to be sent.

Answer 85

True.

Question 86

[vocab word] AWS Step Functions allows for serverless ______ for modern applications.

Answer 86

Orchestrations

Question 87

What is Orchestrtation in regard to AWS Step Functions?

Answer 87

Centrally manage workflow by breaking it into steps with flow logic and tracking inputs/outputs between steps.

Question 88

What is AmazonMQ?

Answer 88

Managed message broker service that supports multiple protocols.

Question 89

What service can collect, process, and analyze data in real-time?

Answer 89

Amazon Kinesis

Question 90

What are the three types of storage solutions provided by Storage Gateway?

Answer 90

File, Volume and Tape

Question 91

Which of the AWS storage gateway options provides ability to use NFS/SMB?

Answer 91

File

Question 92

By default RDS does not monitor certain things, in order to facilitate better monitoring of RDS, what should be done?

Answer 92

Enable Enhanced RDS monitoring.

Question 93

It is expected that the database read queries will significantly increase in the coming weeks ahead. A Solutions Architect recently launched two Read Replicas to the database cluster to improve the platform’s scalability. How should this be done with Aurora?

Answer 93

Use the built-in Reader endpoint of Aurora.

Question 94

NLBs is primarily used to distribute traffic to servers not this piece of RDS technology ______ [regarding database]

Answer 94

Read Replicas

Question 95

What is the most likely reason a Lambda function with over 15 minutes runtime would terminate?

Answer 95

Maximum Execution time setting

Question 96

One way to secure private content on Cloudfront is to require signed _____ or signed ______.

Answer 96

URLs

Cookies

Question 97

Origin Access Identity (OAI) can be used to require users access S3 content by using only

Answer 97

CloudFront URLs

Question 98

True/False. IAM Policy can be applied to a conditional tag.

Answer 98

True

Question 99

What is a good way to restrict users to only a certain environment at AWS (e.g. UAT)

Answer 99

IAM policies that allow access to specific tags

Question 100

To handle bursts in API gateway (e.g. massive amount of requests expected), you should setup:

Answer 100

Throttling limits in API gateway

Question 101

HTTP requests through a public-facing ALB every five minutes can be tracked with what function? Bonus: is this feature enabled by default?

Answer 101

Access logs

No.

Question 102

For an S3 API Call, on a successful upload there are two results. What are they?

Answer 102

HTTP 200 result code and MD5 checksum

Question 103

If you have an identity store that is not compatible with SAML, one option is to:

Answer 103

Build a custom identity broker application. This would use STS to give short-lived AWS creds.

Question 104

What is a visibility timeout in SQS?

Answer 104

Period of time during which SQS prevents other consuming components from receiving and processing a message.

Question 105

Egress-Only Internet Gateway is only applicable to what AWS component?

Answer 105

VPCs

Question 106

In order for an EC2 instance to get out to the internet, but not allow anything in, you should use a:

Answer 106

NAT Gateway

Question 107

Best way to secure S3 from others getting to your items is to:

Answer 107

Configure S3 bucket to remove public read access and use pre-signed URLs with expiry dates.

Question 108

AWS Directory Service AD Connector provides what?

Answer 108

Allows AWS to integrate with existing AD/LDAP in the cloud.

Question 109

True/False: You can assign an EIP to an ALB.

Answer 109

False.

Question 110

What services can you use to import SSL/TLS certificate form a third party CA?

Answer 110

IAM Certificate Store

AWS Certificate Manager

Question 111

True/False in Route 53, Active-Active failover allows for a ‘primary’ and ‘secondary’ resource.

Answer 111

False. Active-Active uses all available resources.

Question 112

For accessing Cloud front with these restrictions what is the best option: You want to provide access to multiple restricted files, for example, all of the files for a video in HLS format or all of the files in the subscribers’ area of a website; You don’t want to change your current URLs.

Answer 112

Signed Cookies

Question 113

For accessing cloud front with these cases, what is the best option? You want to use an RTMP distribution, You want to restrict access to individual files, for example, an installation download for your application, Your users are using a client (for example, a custom HTTP client) that doesn’t support cookies.

Answer 113

Signed URLs

Question 114

There are two main types of VPC endpoint. Most AWS services use VPC ______ Endpoint except for S3 and DynamoDB, which use VPC ______ Endpoint.

Answer 114

Interface

Gateway

Question 115

Patch management, infrastructure selection and data sync can coordinate multiple AWS services into serverless workflows via what AWS Service?

Answer 115

AWS Step Functions.

Question 116

What is a VPN and its benefit?

Answer 116

Allows connection to on-prem DC using IPSec/TLS.

Question 117

AWS Direct Connect allows for what between your network and VPC?

Answer 117

Private and dedicated network connetion.

Question 118

What are the prerequisites when routing traffic using Amazon Route 53 to a website that is hosted in an Amazon S3 Bucket?

Answer 118

S3 Bucket must be the same as domain name

Registered domain name

Question 119

Which of these is not a default cloudwatch metrics? CPU Util, Memory Util, Network Packets out, Disk read activity?

Answer 119

Memory Util

Question 120

What is the function that would allow an EC2 instance to access DB instead of password.

Answer 120

AWS IAM [w/DB authentication]

Question 121

One of the developers was instructed to create the environment variables for the MongoDB database hostname, username, and password as well as the API credentials that will be used by the Lambda function for DEV, SIT, UAT, and PROD environments.

Considering that the Lambda function is storing sensitive database and API credentials, how can this information be secured to prevent other developers in the team, or anyone, from seeing these credentials in plain text?

Answer 121

Create new KMS key and enable encryption helpers to store/encrypt sensitive info.

Question 122

Which service provide a record of actions taken by a user, role, or an AWS service in Amazon S3?

Which service provides detailed records for the requests that are made to an S3 bucket?

Answer 122

AWS CloudTrail

Amazon S3 server access logs

Question 123

In what scenario would you use target tracking scaling as opposed to simple scaling?

Answer 123

When you don’t want to wait for a cooldown period to complete before doing additional scaling activities.

Question 124

You’ve got a group of EC2 instances behind a LB, need to secure the application by allowing multiple domains to serve SSL traffic over same IP. What is the option to use here?

Answer 124

Generate an SSL certificate with AWS Certificate Manager and create a CloudFront web distribution. Associate the certificate with your web distribution and enable the support for Server Name Indication (SNI).

Question 125

When dealing with an encrypted EBS volume, there are four types of data encrypted. What are they?

Answer 125

Data at rest inside the volume
Data moving between volume and instance
Snapshots created from the volume
All volumes created from the snapshots

Question 126

In cloud formation, JSON/YAML is used to descript infrastructure.  Of these, which is required?
– Format Version
– Description
– Metadata
– Parameters
– Mappings
– Conditions
– Transform
– Resources
– Outputs

Answer 126

Only resources is required, but the rest should be provided in some semblance of order.

Question 127

When should you consider AWS Snowball based on internet connection speed [size/amount of data]
T3
100M
1000M

Answer 127

2T or more
5T or more
60T or more

Question 128

To setup private endpoints that don’t pass through public internet, what is the best option: AWS VPN CloudHub, AWS Direct Connect, VPC endpoints or Transit Gateway

Answer 128

VPC Endpoints

Question 129

What is a stream record in regard to DynamoDB?

Answer 129

A modification record of the dynamodb table (create/update/delete)

Question 130

DynamoDB performance can be better distributed evenly by using provisioned throughput by having partition keys with __________; which have a few/great number of distinct values for each item.

Answer 130

High-Cardinality; great

Question 131

True/False CloudWatch Alarms can update ECS task count.

Answer 131

False.

Question 132

What is the IOP guarantee for EC2 with io1?

Answer 132

32000

Question 133

In order to get above 32000 IOPs for EC2, what type of instance is necessary

Answer 133

A Nitro-

Question 134

If you wanted to split-up read requests to Aurora what is necessary?

Answer 134

Custom Reader Endpoint

Question 135

What is the primary function of Amazon Macie?

Answer 135

To scan data stored in S3 and detect PII or intellectual property.

Question 136

What is the primary function of Amazon Rekognition?

Answer 136

Identifies objects, people, text, scenes and activities in images/videos.

Question 137

What is the easiest way to create NAT gateway high availability?

Answer 137

Have one in each AZ.

Question 138

DynamoDB Stream and AWS Lambda Triggers can be used to serve what functionality (regarding “follow” actions)?

Answer 138

SNS notification to subscribers

Question 139

What service should be used to handle minimum number of ECS tasks with Fargate?

Answer 139

CloudWatch Event rules.

Question 140

True/False: Standard Reserved instances can be later exchanged for other convertible reserved instances.

Answer 140

False.

Question 141

Which is more cost effective: Lambda with Step Functions or Kinesis Data Streams/SQS?

Answer 141

KDS/SQS.

Question 142

What are the possible Event Notification destinations available for S3 buckets?

Answer 142

SQS

Lambda

Question 143

Which Amazon service is most effective for blocking SQL Injection/Cross-Site Scripting attacks?

Answer 143

WAF

Question 144

You want to evenly distribute incoming traffic to an ALB, in Route 53, which record types will you use to point the DNS name of the Application Load Balancer?

Answer 144

Alias w/ type A

Alias w/ type AAAA

Question 145

CNAME records in Route 53 can only be used for what?

Answer 145

Subdomains

Question 146

What is an AAAA type DNS record?

Answer 146

IPv6

Question 147

What is an MX DNS/Route 53 entry primarily used for?

Answer 147

Mail servers

Question 148

True/False: DataSync can write directly to S3, Glacier and/or Glacier Deep Archive.

Answer 148

True

Question 149

Which of the LBs supports support path-based routing, host-based routing, and support for containerized applications?

Answer 149

Application LB

Question 150

What is the function/purpose of AWS Config?

Answer 150

Assess, audit, and evaluate the configurations of your AWS resources.

Question 151

By default, EC2 instances use the _____ addressing protocol.

Answer 151

IPv4

Question 152

RDS automatically performs a failover to standby for what two events?

Answer 152

Storage failure on primary

Loss of AZ

Question 153

When should AWS Snowmobile be used?

Answer 153

In exabyte/petabyte range.

Question 154

What Amazon service is cloud-agnostic and open-source for containerized workloads?

Answer 154

Amazon EKS

Question 155

Which of the DB services gives the Architect the ability to store huge amounts of data and perform quick and flexible queries on it?

Answer 155

Redshift

Question 156

True/False: a Classic load balancer supports SNI.

Answer 156

False.

Question 157

Geoproximity can be used to specify a larger ____ known as a ____ for countries/locations

Answer 157

Area/Bias

Question 158

What needs configured outside the VPC for successful site-to-site VPN?

Answer 158

Internet-routable IP address to customer gateway external interface for the on-prem network

Question 159

True/False: Every subnet created is auto associated with them main route table for the VPC.

Answer 159

True.

Question 160

What are the two allowed block size in a VPC (netmask)?

Answer 160

/16 [65,536 IPs]; and /28 [16 IPs]

Question 161

Which option is cheaper: On-demand or spot?

Answer 161

Spot is much cheaper than On-Demand.

Question 162

In the following scenario, what actions should be taken:

The instance uses a default security group and has an attached Elastic IP address. The network ACL has been configured to block all traffic to the instance. The Solutions Architect must allow incoming traffic on port 443 to access the application from any source.

Answer 162

Security group to allow TCP on port 443 from source 0.0.0.0/0
NACL allowing TCP connection to ephemeral ports 32768-65535

Question 163

True/False in Route-53: Active-Active failover includes a primary and secondary source.

Answer 163

False.

Question 164

When would s3:ObjectRemoved:DeleteMarkerCreated be triggered?

Answer 164

When a delete marker is created for a versioned object.

Question 165

If you wanted to use S3 Select against a specific object, what two things are needed?

Answer 165

Bucket Name

Object Key

Question 166

True/False: You will be billed when reserved instance is in terminated state

Answer 166

True

Question 167

True/False: You will be billed when On-demand is in pending?

Answer 167

False

Question 168

True/False: You will be billed when spot instance is in stopping state

Answer 168

False

Question 169

True/False: You will be billed when On-Demand is preparing to hibernate in stopping state.

Answer 169

True

Question 170

How are NACL rules processed?

Answer 170

In order of number; lowest is evaluated first and if it matches, it is applied immediately regardless of higher-value rule that may contradict it.

Question 171

In which Amazon Service is SSE an option (EC2 or S3)?

Answer 171

S3

Question 172

RDS Metrics that are monitored without Enhanced monitoring (3):

Answer 172

CPU Util
Database Connections
Freeable Memory

Question 173

RDS Metrics monitored WITH enhanced monitoring (3):

Answer 173

RDS Child Processes
RDS Processes
OS Processes

Question 174

AnyCast IP is associated with which AWS Service?

Answer 174

AWS Global Accelerator

Question 175

Which is more efficient: AWS Systems Manager Agent (SSM) or CloudWatch?

Answer 175

CloudWatch

Question 176

These are the four things that ______ has advantages for:

• collecting logs with metrics
• can run on windows server
• additional system metrics
• better performance

Answer 176

CloudWatch Agent

Question 177

What is needed to ensure Redshift is highly available/can handle an AWS region outage?

Answer 177

Cross-Region Snapshots

Question 178

There are two ways to ensure that requests coming in to an SQS queue can be changed/modified to ensure single processing, what are they?

Answer 178

SQS FIFO Queue

Change from SQS to SWF

Question 179

Amazon RDS w/MySQL can automatically failover when what configuration exists?

Answer 179

Standby replica in another availability zone w/Multi-AZ deployment

Question 180

In what scenario is FSx for Lustre used?

Answer 180

Compute-intensive HPC/machine learning; works natively with/optimized for S3. HOWEVER, Lustre doesn’t support Windows-based applications only Windows servers.

Question 181

Security Groups are Stateful or Stateless [what does that mean?]

Answer 181

Stateful; if incoming is granted, outgoing is also granted.

Question 182

The Outputs section of a CF template defines what and could be used for what function?

Answer 182

Optional section template that describes the values that are returned whenever you view your stack’s properties [such as DNS server hostname]

Question 183

On-prem sharing of traffic (50% to on-prem, 50% to aws) can be handled with what two functions?

Answer 183

Route 53 w/Weighted Routing

ALB w/Weighted Target Groups

Question 184

True/False: EFA is supported on Windows Instances.

Answer 184

False. You can attach one but it just functions as a regular ENA.

Question 185

True/False: It is possible to recover from a CloudHSM via snapshot if it gets zeroed out.

Answer 185

False – you must have your own copy of the keys for solid backup.

Question 186

Can AWS Secrets Manager generate short-lived authentication tokens?

Answer 186

No. It is used for storing passwords, secrets and other creds.

Question 187

In SQS, if an EC2 instance is terminated in a parallel asynchronous processing scenario, what happens to the message?

Answer 187

When visibility timeout expires, it becomes available for processing by other EC2 instances.

Question 188

Long Polling helps reduce cost of SQS by reducing the number of _____ responses and eliminating false _____ responses.

Answer 188

empty

Question 189

What is the Amazon service that you can use for Virtual Deskops?

Answer 189

Amazon Workspace

Question 190

In order to point to a DNS zone apex record, how should the Route-53 be configured.

Answer 190

Create an A record aliased to load balancer DNS

Question 191

What is the ApproximateAgeOfOldestMessage metric useful for?

Answer 191

Application with time sensitive messages; and/or scaling policies.

Question 192

When tracing detailed information on an ALB for HTTP, what is the best option?

Answer 192

Access logs on the ALB [it is disabled by default]

Question 193

When real-time processing is needed, what is the service you should immediately think of?

Answer 193

Kinesis

Question 194

Gateway endpoints are targets for traffic destined to where?

Answer 194

S3

DynamoDB

Question 195

Which type of scaling uses metrics and threshold values with a set of scaling adjustments?

Answer 195

Step Scaling

Question 196

Vertical scaling means ___________ your current resource

Answer 196

Upgrading

Question 197

Horizontal scaling means _________ your current resource

Answer 197

Adding more

Question 198

What is DNSSEC? Is it supported by Route 53?

Answer 198

Domain Name System Security Extensions. Protocols that add security to DNS lookup. No.

Question 199

In terms of caching, the best way to control what a user gets from a cloudfront distribution is to use what functionality?

Answer 199

Versioned Objects

Question 200

AWS Global Accelerator services what function and what can it be used for?

Answer 200

Static IP that acts as point of entry for single or multiple AWS regions (ALB/NLB/EC2). This can reduce number of IPs [e.g. whitelisting]

Question 201

What is the recommended storage engine for MySQL?

Answer 201

InnoDB

Question 202

Cross-Region Read Replication latency of less than a second is a feature of what RDS solution?

Answer 202

Aurora

Question 203

True/False: EFS works natively with S3.

Answer 203

False

Question 204

True/False: S3 works natively with Amazon FSx for Windows.

Answer 204

False

Question 205

If you have several EC2 instances in multiple AZs, how can you distribute incoming requests evenly?

Answer 205

Cross-zone load balancing

Question 206

If you wanted to group resources together and had a fleet of EC2 instances you wanted to push a new version of code to, what is the best option?

Answer 206

CodeDeploy

Question 207

In Elastic Beanstalk, where does it store the application files and server log files?

Answer 207

Application files are stored in S3; server logs can also optionally be stored in S3/CloudWatch Logs.

Question 208

RDS synchronously replicates the data to a standby instance in a different Availability Zone (AZ) that is in what region?

Answer 208

The same as the primary

Question 209

What are the two options to connect an on-prem infrastucture to AWS?

Answer 209

Direct Connect & IPSec VPN connection

Question 210

What is the minimum duration charge for S3? S3-Intilligent? S3 Standard-IA? S3 One-zone IA? S3 Glacier? S3 Glacier Deep Archive?

Answer 210

none, 30, 30, 30, 90, 180 days

Question 211

CloudTrail is used for what purpose

Answer 211

Tracking changes to AWS resources; API and non-API account activity.

Question 212

True/False. Oracle Real Application Clusters [RAC] are supported in RDS.

Answer 212

False.

Question 213

If you wanted to automate snapshots of EBS volumes, what product would you use.

Answer 213

Amazon DLM (Data Lifecycle Manager)

Question 214

True/False - you can set a priority on individual items in a single SQS queue (example: split priority from free)

Answer 214

False; best thing to do here is setup two SQS queues

Question 215

True/False: Systems Manager parameter store rotates parms by default

Answer 215

False

Question 216

Perfect Security Secrecy is a SSL/TLS cipher suite used with what two services?

Answer 216

CloudFront & ELB

Question 217

AWS Trusted Advisor is best used for what function?

Answer 217

Providing “best practice” reccomendations.

Question 218

What is the default value for the autoscaling cooldown?

Answer 218

300 seconds

Question 219

To encrypt S3-managed SSE, what is the header request?

Answer 219

x-amz-server-side-encryption

Question 220

What is needed to be configured outside the VPC to have a successful site-to-site VPN?

Answer 220

Internet-routable static IP address of gateway

External interface for on-prem network

Question 221

CloudFormation with based on success signals (applications are properly running before stack creation proceeds is done via what attribute?

Answer 221

CreationPolicy w/cfn-signal helper.

Question 222

What is the limit for regions for On-Demand based on; what must be done to increase it?

Answer 222

vCPU. Request a limit increase from Amazon.

Question 223

Is EKS good to run docker?

Answer 223

No; Fargate should be used instead.

Question 224

What benefits does Fargate provide?

Answer 224

Provisioning and managing servers, pay per resources per application. Improves security by isolation by design.

Question 225

What does Kinesis Data Firehose get you?

Answer 225

Streaming data into analytic tools. Capture, transform and load data into S3/Redshift/Elasticsearch and Splunk.

Question 226

How are EBS volumes encrypted?

Answer 226

Via AWS KMS

Question 227

Is SSE an option on EBS?

Answer 227

No; SSE is not used in EC2/EBS.

Question 228

True/False. RDS Read Replicas can elastically scale out?

Answer 228

True

Question 229

What kind of synchronization do Read Replicas provide?

Answer 229

Asynchronous

Question 230

What is provisioned capacity in regard to S3?

Answer 230

Retrieval capacity for expedited retrievals is there when you need it. Three expedited retrievals can be performed every five minutes.

Question 231

Is a DynamoDB table and CloudFront compatible?

Answer 231

No.

Question 232

What are the settings in VPC that allow/generate a DNS hostname?

Answer 232

DNS resolution

DNS hostnames

Question 233

If you have a high throughput DynamoDB table; what is the best way to improve performance of an application using it?

Answer 233

Enable DynamoDB auto scaling

Question 234

What is Data Pipeline?

Answer 234

Cloud-based data workflow; moves data between different AWS services.

Question 235

What is the ratio of provisioned IOPS to volume size?

Answer 235

50:1

Question 236

What is the difference between Volume Gateway cached mode and stored mode?

Answer 236

Cached gives you access to a subset (frequently accessed) of your data; stored is the entire dataset.

Question 237

What is target tracking scaling?

Answer 237

Capacity is increased/decreased based on target value for specific metric.

Question 238

True/False: CloudTrail logs are encrypted by default using S3 SSE.

Answer 238

True

Question 239

To use Long Polling on an SQS queue, what should be done?

Answer 239

Change ReceiveMessageWaitTimeSeconds to a value greater than zero.

Question 240

EIPs will not be charged under what three conditions?

Answer 240

EIP associated with instance
Instance is running
Only on EIP attached to instance

Question 241

What is necessary to make API calls to AWS resources?

Answer 241

Set of access keys for the user and necessary permissions

Question 242

What is a major difference between Elastic Beanstalk and ECS?

Answer 242

Features like load balancing, monitoring and auto scaling are not auto-enabled in ECS.

Question 243

What is the setting/parm to ensure connections are using SSL for RDS?

Answer 243

rds.force_ssl

Question 244

What is the requirement to have MicrosoftSQL encrypted [what cert?]

Answer 244

Amazon RDS Root CA