TutorialsDojo Flashcards
You need to set up an alert that notifies the IT manager about EC2 instances service limits.
Use Amazon CloudWatch Events to detect and react to changes in the status of Trusted Advisor checks
You need to track the deletion and rotation of CMKs.
Use AWS CloudTrail to log AWS KMS API calls
You need to investigate if the traffic is reaching the EC2 instance.
Use VPC flow logs
You need to ensure that the SSH protocol is always disabled on private servers.
Use AWS Config Rules
You need to retrieve the instance metadata of an EC2 instance.
http://169.254.169.254/latest/
You have to monitor the CPU usage of a single process in your EC2 instance.
Use the CloudWatch Agent procstat plugin to monitor system utilization.
When the incoming message traffic increases the EC2 instances fall behind and it takes too long to process the messages.
Create an Auto Scaling group that can scale out based on the number of messages in the queue.
You need to log the client’s IP address latencies request paths and server responses that go through your Application Load Balancer.
Enable access logging in ALB and store the logs on an S3 bucket.
You need to determine which cipher is used for the SSL connection in your ELB.
Enable Server Order Preference
You need to monitor the total number of requests or connections in your load balancer.
Monitor the SurgeQueueLength metric
You need to ensure that the backups of an Amazon Redshift cluster are always available.
Configure the Amazon Redshift cluster to automatically copy snapshots of a cluster to another region.
You must remotely execute shell scripts and securely manage the configuration of EC2 instances.
Use Systems Manager Run Command
You need to identify the configuration changes in the CloudFormation resources.
Use drift detection
Requires a CloudFormation template that can be reused for multiple environments. If the template has been updated all the stack that is referencing it will automatically use the updated configuration.
Use Nested Stacks
You need to automate the process of updating the CloudFomration templates to map to the latest AMI IDs.
Use CloudFormation with Systems Manager Parameter Store
The eviction count in Amazon ElastiCache for Memcached has exceeded its threshold.
Scale the cluster by increasing the number of nodes.
You need to provide each department a new AWS account with governance guardrails and a defined baseline in place.
Set up AWS Control Tower
An S3 bucket must be configured to move the objects older than 60 days to Infrequent Access storage class.
Set up a lifecycle policy
You need to monitor all the COPY and UNLOAD traffic in the Redshift cluster.
Enable Enhanced VPC routing on the Redshift cluster.
You need to generate a report on the replication and encryption status of all of the objects stored in the S3 bucket.
Use S3 Inventory
A total of 500 TB of data needs to be transferred to Amazon S3 in the fastest way.
Use multiple AWS Snowball devices
You need to encrypt all the objects at rest in your S3 bucket
Use SS3-S3 SSE-KMS or SSE-C
You have to rotate an existing CMK with imported key material every 6 months
Create a new CMK with imported key material and update the key ID to point to the new CMK
A company needs to restrict access to the data in an S3 bucket.
Use S3 ACL and bucket policy
Mitigate malicious attacks such as SQL injection and DDoS attacks from unknown origins.
Use AWS WAF and Shield
You need to define an IAM policy to enable the user to pass a role to an AWS service.
Define iam:PassRole in the IAM policy
You need to create a solution that allows multiple EC2 instances in a private subnet to use AWS KMS and the traffic must not pass through the public Internet.
Configure a VPC endpoint
You need to allow the EC2 instances in your VPC that support IPv6 to connect to the Internet but block any incoming connection.
Set up an egress-only Internet gateway
You have to establish a dedicated connection between their on-premises network and their Amazon VPC.
Set up a Direct Connect connection
You need to increase the cache hit ratio for a CloudFront web distribution.
Add a Cache-Control max-age and increase the TTL by specifying the longest value for max-age
You need to ensure that users are consistently directed to the AWS region nearest to them.
Set up a Route 53 Geoproximity routing policy
A company plans to implement a hybrid cloud architecture. You need to allow your resources on AWS the connectivity to external networks.
Assign an Internet Gateway to the VPC
Create a Virtual Private Gateway
You have to automate the process of patching managed instances with security-related updates.
Use AWS Systems Manager Patch Manager
You need to analyze the data hosted in Amazon S3 using standard SQL.
Use Amazon Athena
Improving the site speed of a static S3 web hosting with customers around the globe
Create a CloudFront web distribution and set Amazon S3 as the origin.
You need to implement a solution to enforce the tagging of all instances that will be launched in the VPC.
Use AWS Service Catalog TagOption library
You need to get billing alerts once it reaches a certain limit.
Enable billing alerts in Account Preferences of the AWS Console.
