TutorialsDojo

Question 1

You need to set up an alert that notifies the IT manager about EC2 instances service limits.

Answer 1

Use Amazon CloudWatch Events to detect and react to changes in the status of Trusted Advisor checks

Question 2

You need to track the deletion and rotation of CMKs.

Answer 2

Use AWS CloudTrail to log AWS KMS API calls

Question 3

You need to investigate if the traffic is reaching the EC2 instance.

Answer 3

Use VPC flow logs

Question 4

You need to ensure that the SSH protocol is always disabled on private servers.

Answer 4

Use AWS Config Rules

Question 5

You need to retrieve the instance metadata of an EC2 instance.

Answer 5

http://169.254.169.254/latest/

Question 6

You have to monitor the CPU usage of a single process in your EC2 instance.

Answer 6

Use the CloudWatch Agent procstat plugin to monitor system utilization.

Question 7

When the incoming message traffic increases the EC2 instances fall behind and it takes too long to process the messages.

Answer 7

Create an Auto Scaling group that can scale out based on the number of messages in the queue.

Question 8

You need to log the client’s IP address latencies request paths and server responses that go through your Application Load Balancer.

Answer 8

Enable access logging in ALB and store the logs on an S3 bucket.

Question 9

You need to determine which cipher is used for the SSL connection in your ELB.

Answer 9

Enable Server Order Preference

Question 10

You need to monitor the total number of requests or connections in your load balancer.

Answer 10

Monitor the SurgeQueueLength metric

Question 11

You need to ensure that the backups of an Amazon Redshift cluster are always available.

Answer 11

Configure the Amazon Redshift cluster to automatically copy snapshots of a cluster to another region.

Question 12

You must remotely execute shell scripts and securely manage the configuration of EC2 instances.

Answer 12

Use Systems Manager Run Command

Question 13

You need to identify the configuration changes in the CloudFormation resources.

Answer 13

Use drift detection

Question 14

Requires a CloudFormation template that can be reused for multiple environments. If the template has been updated all the stack that is referencing it will automatically use the updated configuration.

Answer 14

Use Nested Stacks

Question 15

You need to automate the process of updating the CloudFomration templates to map to the latest AMI IDs.

Answer 15

Use CloudFormation with Systems Manager Parameter Store

Question 16

The eviction count in Amazon ElastiCache for Memcached has exceeded its threshold.

Answer 16

Scale the cluster by increasing the number of nodes.

Question 17

You need to provide each department a new AWS account with governance guardrails and a defined baseline in place.

Answer 17

Set up AWS Control Tower

Question 18

An S3 bucket must be configured to move the objects older than 60 days to Infrequent Access storage class.

Answer 18

Set up a lifecycle policy

Question 19

You need to monitor all the COPY and UNLOAD traffic in the Redshift cluster.

Answer 19

Enable Enhanced VPC routing on the Redshift cluster.

Question 20

You need to generate a report on the replication and encryption status of all of the objects stored in the S3 bucket.

Answer 20

Use S3 Inventory

Question 21

A total of 500 TB of data needs to be transferred to Amazon S3 in the fastest way.

Answer 21

Use multiple AWS Snowball devices

Question 22

You need to encrypt all the objects at rest in your S3 bucket

Answer 22

Use SS3-S3 SSE-KMS or SSE-C

Question 23

You have to rotate an existing CMK with imported key material every 6 months

Answer 23

Create a new CMK with imported key material and update the key ID to point to the new CMK

Question 24

A company needs to restrict access to the data in an S3 bucket.

Answer 24

Use S3 ACL and bucket policy

Question 25

Mitigate malicious attacks such as SQL injection and DDoS attacks from unknown origins.

Answer 25

Use AWS WAF and Shield

Question 26

You need to define an IAM policy to enable the user to pass a role to an AWS service.

Answer 26

Define iam:PassRole in the IAM policy

Question 27

You need to create a solution that allows multiple EC2 instances in a private subnet to use AWS KMS and the traffic must not pass through the public Internet.

Answer 27

Configure a VPC endpoint

Question 28

You need to allow the EC2 instances in your VPC that support IPv6 to connect to the Internet but block any incoming connection.

Answer 28

Set up an egress-only Internet gateway

Question 29

You have to establish a dedicated connection between their on-premises network and their Amazon VPC.

Answer 29

Set up a Direct Connect connection

Question 30

You need to increase the cache hit ratio for a CloudFront web distribution.

Answer 30

Add a Cache-Control max-age and increase the TTL by specifying the longest value for max-age

Question 31

You need to ensure that users are consistently directed to the AWS region nearest to them.

Answer 31

Set up a Route 53 Geoproximity routing policy

Question 32

A company plans to implement a hybrid cloud architecture. You need to allow your resources on AWS the connectivity to external networks.

Answer 32

Assign an Internet Gateway to the VPC

Create a Virtual Private Gateway

Question 33

You have to automate the process of patching managed instances with security-related updates.

Answer 33

Use AWS Systems Manager Patch Manager

Question 34

You need to analyze the data hosted in Amazon S3 using standard SQL.

Answer 34

Use Amazon Athena

Question 35

Improving the site speed of a static S3 web hosting with customers around the globe

Answer 35

Create a CloudFront web distribution and set Amazon S3 as the origin.

Question 36

You need to implement a solution to enforce the tagging of all instances that will be launched in the VPC.

Answer 36

Use AWS Service Catalog TagOption library

Question 37

You need to get billing alerts once it reaches a certain limit.

Answer 37

Enable billing alerts in Account Preferences of the AWS Console.