Udemy Exam 1 Flashcards
A Big Data analytics company wants to set up an AWS cloud architecture that throttles requests in case of sudden traffic spikes. The company is looking for AWS services that can be used for buffering or throttling to handle such traffic variations.
Which of the following services can be used to support this requirement?
Throttling is the process of limiting the number of requests an authorized program can submit to a given operation in a given amount of time.
Amazon API Gateway, Amazon SQS and Amazon Kinesis
Amazon API Gateway
- To prevent your API from being overwhelmed by too many requests, Amazon API Gateway throttles requests to your API using the token bucket algorithm, where a token counts for a request.
- Specifically, API Gateway sets a limit on a steady-state rate and a burst of request submissions against all APIs in your account. In the token bucket algorithm, the burst is the maximum bucket size.
Amazon SQS - Amazon Simple Queue Service (SQS)
- Is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications.
- Amazon SQS offers buffer capabilities to smooth out temporary volume spikes without losing messages or increasing latency.
Amazon Kinesis
- Amazon Kinesis is a fully managed, scalable service that can ingest, buffer, and process streaming data in real-time.
The sourcing team at the US headquarters of a global e-commerce company is preparing a spreadsheet of the new product catalog. The spreadsheet is saved on an EFS file system created in us-east-1 region. The sourcing team counterparts from other AWS regions such as Asia Pacific and Europe also want to collaborate on this spreadsheet.
As a solutions architect, what is your recommendation to enable this collaboration with the LEAST amount of operational overhead?
The spreadsheet on the EFS file system can be accessed in other AWS regions by using an inter-region VPC peering connection
- Amazon Elastic File System (Amazon EFS) provides a simple, scalable, fully managed elastic NFS file system for use with AWS Cloud services and on-premises resources.
- Amazon EFS is a regional service storing data within and across multiple Availability Zones (AZs) for high availability and durability.
- Amazon EC2 instances can access your file system across AZs, regions, and VPCs, while on-premises servers can access using AWS Direct Connect or AWS VPN.
- You can connect to Amazon EFS file systems from EC2 instances in other AWS regions using an inter-region VPC peering connection, and from on-premises servers using an AWS VPN connection.
The engineering team at a Spanish professional football club has built a notification system for its website using Amazon SNS notifications which are then handled by a Lambda function for end-user delivery. During the off-season, the notification systems need to handle about 100 requests per second. During the peak football season, the rate touches about 5000 requests per second and it is noticed that a significant number of the notifications are not being delivered to the end-users on the website.
As a solutions architect, which of the following would you suggest as the BEST possible solution to this issue?
Amazon SNS message deliveries to AWS Lambda have crossed the account concurrency quota for Lambda, so the team needs to contact AWS support to raise the account limit
Amazon Simple Notification Service (SNS)
- Is a highly available, durable, secure, fully managed pub/sub messaging service that enables you to decouple microservices, distributed systems, and serverless applications.
With AWS Lambda,
- You can run code without provisioning or managing servers. You pay only for the compute time that you consume—there’s no charge when your code isn’t running.
- AWS Lambda currently supports 1000 concurrent executions per AWS account per region.
- If your Amazon SNS message deliveries to AWS Lambda contribute to crossing these concurrency quotas, your Amazon SNS message deliveries will be throttled.
- You need to contact AWS support to raise the account limit.
A data analytics company measures what the consumers watch and what advertising they’re exposed to. This real-time data is ingested into its on-premises data center and subsequently, the daily data feed is compressed into a single file and uploaded on Amazon S3 for backup. The typical compressed file size is around 2 GB.
Which of the following is the fastest way to upload the daily compressed file into S3?
Upload the compressed file using multipart upload with S3 transfer acceleration
Transfer Acceleration
- Takes advantage of Amazon CloudFront’s globally distributed edge locations.
- Enables fast, easy, and secure transfers of files over long distances between your client and an S3 bucket.
- As the data arrives at an edge location, data is routed to Amazon S3 over an optimized network path.
Multipart upload
- Allows you to upload a single object as a set of parts.
- Each part is a contiguous portion of the object’s data.
- You can upload these object parts independently and in any order. If transmission of any part fails, you can retransmit that part without affecting other parts.
- After all parts of your object are uploaded, Amazon S3 assembles these parts and creates the object.
- If you’re uploading large objects over a stable high-bandwidth network, use multipart uploading to maximize the use of your available bandwidth by uploading object parts in parallel for multi-threaded performance.
- If you’re uploading over a spotty network, use multipart uploading to increase resiliency to network errors by avoiding upload restarts.
A major bank is using SQS to migrate several core banking applications to the cloud to ensure high availability and cost efficiency while simplifying administrative complexity and overhead. The development team at the bank expects a peak rate of about 1000 messages per second to be processed via SQS. It is important that the messages are processed in order.
Which of the following options can be used to implement this system?
Use Amazon SQS FIFO queue in batch mode of 4 messages per operation to process the messages at the peak rate
Amazon Simple Queue Service (SQS)
- Is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications.
- SQS offers two types of message queues -
- Standard queues
- FIFO queues.
FIFO queues
- The order in which messages are sent and received is strictly preserved (i.e. First-In-First-Out).
- On the other hand, the standard SQS queues offer best-effort ordering.
- This means that occasionally, messages might be delivered in an order different from which they were sent.
- By default, FIFO queues support up to 300 messages per second (300 send, receive, or delete operations per second).
- When you batch 10 messages per operation (maximum), FIFO queues can support up to 3,000 messages per second.
- Therefore you need to process 4 messages per operation so that the FIFO queue can support up to 1200 messages per second, which is well within the peak rate.
A news network uses Amazon S3 to aggregate the raw video footage from its reporting teams across the US. The news network has recently expanded into new geographies in Europe and Asia. The technical teams at the overseas branch offices have reported huge delays in uploading large video files to the destination S3 bucket.
Which of the following are the MOST cost-effective options to improve the file upload speed into S3? (Select two)
Use Amazon S3 Transfer Acceleration to enable faster file uploads into the destination S3 bucket
Amazon S3 Transfer Acceleration
- Enables fast, easy, and secure transfers of files over long distances between your client and an S3 bucket.
- Transfer Acceleration takes advantage of Amazon CloudFront’s globally distributed edge locations.
- As the data arrives at an edge location, data is routed to Amazon S3 over an optimized network path.
Use multipart uploads for faster file uploads into the destination S3 bucket -
- Multipart upload allows you to upload a single object as a set of parts.
- Each part is a contiguous portion of the object’s data.
- You can upload these object parts independently and in any order. If transmission of any part fails, you can retransmit that part without affecting other parts.
- After all parts of your object are uploaded, Amazon S3 assembles these parts and creates the object.
- In general, when your object size reaches 100 MB, you should consider using multipart uploads instead of uploading the object in a single operation.
- Multipart upload provides improved throughput, therefore it facilitates faster file uploads.
A video analytics organization has been acquired by a leading media company. The analytics organization has 10 independent applications with an on-premises data footprint of about 70TB for each application. The CTO of the media company has set a timeline of two weeks to carry out the data migration from on-premises data center to AWS Cloud and establish connectivity.
Which of the following are the MOST cost-effective options for completing the data transfer and establishing connectivity? (Select two)
Order 10 Snowball Edge Storage Optimized devices to complete the one-time data transfer
Snowball Edge Storage Optimized
- Is the optimal choice if you need to securely and quickly transfer dozens of terabytes to petabytes of data to AWS.
- It provides up to 80 TB of usable HDD storage, 40 vCPUs, 1 TB of SATA SSD storage, and up to 40 Gb network connectivity to address large scale data transfer and pre-processing use cases.
- As each Snowball Edge Storage Optimized device can handle 80TB of data, you can order 10 such devices to take care of the data transfer for all applications.
**Exam Alert:** * **The original Snowball devices were transitioned out of service and Snowball Edge Storage Optimized are now the primary devices used for data transfer.** * **You may see the Snowball device on the exam, just remember that the original Snowball device had 80TB of storage space.**
Setup Site-to-Site VPN to establish connectivity between the on-premises data center and AWS Cloud
- Enables you to securely connect your on-premises network or branch office site to your Amazon Virtual Private Cloud (Amazon VPC).
- You can securely extend your data center or branch office network to the cloud with an AWS Site-to-Site VPN connection.
- A VPC VPN Connection utilizes IPSec to establish encrypted network connectivity between your intranet and Amazon VPC over the Internet.
- VPN Connections can be configured in minutes and are a good solution if you have an immediate need, have low to modest bandwidth requirements, and can tolerate the inherent variability in Internet-based connectivity.
Therefore this option is the right fit for the given use-case as the connectivity can be easily established within the given timeframe.
A gaming company is developing a mobile game that streams score updates to a backend processor and then publishes results on a leaderboard. The company has hired you as an AWS Certified Solutions Architect Associate to design a solution that can handle major traffic spikes, process the mobile game updates in the order of receipt, and store the processed updates in a highly available database. The company wants to minimize the management overhead required to maintain the solution.
Which of the following will you recommend to meet these requirements?
Push score updates to Kinesis Data Streams which uses a Lambda function to process these updates and then store these processed updates in DynamoDB
Lambda integrates natively with Kinesis Data Streams.
- To help ingest real-time data or streaming data at large scales, you can use Amazon Kinesis Data Streams (KDS).
- KDS can continuously capture gigabytes of data per second from hundreds of thousands of sources.
- The data collected is available in milliseconds, enabling real-time analytics.
- KDS provides ordering of records, as well as the ability to read and/or replay records in the same order to multiple Amazon Kinesis Applications.
- The polling, checkpointing, and error handling complexities are abstracted when you use this native integration.
- The processed data can then be configured to be saved in DynamoDB.
A large financial institution operates an on-premises data center with hundreds of PB of data managed on Microsoft’s Distributed File System (DFS). The CTO wants the organization to transition into a hybrid cloud environment and run data-intensive analytics workloads that support DFS.
Which of the following AWS services can facilitate the migration of these workloads?
Amazon FSx for Windows File Server
Amazon FSx for Windows File Server
- Provides fully managed, highly reliable file storage that is accessible over the industry-standard Service Message Block (SMB) protocol.
- It is built on Windows Server, delivering a wide range of administrative features such as user quotas, end-user file restore, and Microsoft Active Directory (AD) integration.
- Amazon FSx supports the use of Microsoft’s Distributed File System (DFS) to organize shares into a single folder structure up to hundreds of PB in size.
The payroll department at a company initiates several computationally intensive workloads on EC2 instances at a designated hour on the last day of every month. The payroll department has noticed a trend of severe performance lag during this hour. The engineering team has figured out a solution by using Auto Scaling Group for these EC2 instances and making sure that 10 EC2 instances are available during this peak usage hour. For normal operations only 2 EC2 instances are enough to cater to the workload.
As a solutions architect, which of the following steps would you recommend to implement the solution?
Configure your Auto Scaling group by creating a scheduled action that kicks-off at the designated hour on the last day of the month. Set the desired capacity of instances to 10. This causes the scale-out to happen before peak traffic kicks in at the designated hour
Scheduled scaling
- Allows you to set your own scaling schedule.
- For example, let’s say that every week the traffic to your web application starts to increase on Wednesday, remains high on Thursday, and starts to decrease on Friday.
- You can plan your scaling actions based on the predictable traffic patterns of your web application.
Scaling actions
- Are performed automatically as a function of time and date.
- A scheduled action sets the minimum, maximum, and desired sizes to what is specified by the scheduled action at the time specified by the scheduled action.
- For the given use case, the correct solution is to set the desired capacity to 10.
- When we want to specify a range of instances, then we must use min and max values.
A file-hosting service uses Amazon S3 under the hood to power its storage offerings. Currently all the customer files are uploaded directly under a single S3 bucket. The engineering team has started seeing scalability issues where customer file uploads have started failing during the peak access hours with more than 5000 requests per second.
Which of the following is the MOST resource efficient and cost-optimal way of addressing this issue?
Change the application architecture to create customer-specific custom prefixes within the single bucket and then upload the daily files into those prefixed locations
Amazon Simple Storage Service (Amazon S3)
- Is an object storage service that offers industry-leading scalability, data availability, security, and performance.
- Your applications can easily achieve thousands of transactions per second in request performance when uploading and retrieving storage from Amazon S3. Amazon S3 automatically scales to high request rates.
For example, your application can achieve at least 3,500 PUT/COPY/POST/DELETE or 5,500 GET/HEAD requests per second per prefix in a bucket.
- There are no limits to the number of prefixes in a bucket.
- You can increase your read or write performance by parallelizing reads.
For example, if you create 10 prefixes in an Amazon S3 bucket to parallelize reads, you could scale your read performance to 55,000 read requests per second. Please see this example for more clarity on prefixes: if you have a file f1 stored in an S3 object path like so s3://your_bucket_name/folder1/sub_folder_1/f1, then /folder1/sub_folder_1/ becomes the prefix for file f1.
- Some data lake applications on Amazon S3 scan millions or billions of objects for queries that run over petabytes of data.
- These data lake applications achieve single-instance transfer rates that maximize the network interface used for their Amazon EC2 instance, which can be up to 100 Gb/s on a single instance.
- These applications then aggregate throughput across multiple instances to get multiple terabits per second.
Therefore creating customer-specific custom prefixes within the single bucket and then uploading the daily files into those prefixed locations is the BEST solution for the given constraints.
A large IT company wants to federate its workforce into AWS accounts and business applications.
Which of the following AWS services can help build a solution for this requirement? (Select two)
- Use AWS Single Sign-On (SSO)
- Use AWS Identity and Access Management (IAM)
Identity federation
- Is a system of trust between two parties for the purpose of authenticating users and conveying the information needed to authorize their access to resources.
- In this system, an identity provider (IdP) is responsible for user authentication, and a service provider (SP), such as a service or an application, controls access to resources.
- By administrative agreement and configuration, the SP trusts the IdP to authenticate users and relies on the information provided by the IdP about them.
- After authenticating a user, the IdP sends the SP a message, called an assertion, containing the user’s sign-in name and other attributes that the SP needs to establish a session with the user and to determine the scope of resource access that the SP should grant.
- Federation is a common approach to building access control systems that manage users centrally within a central IdP and govern their access to multiple applications and services acting as SPs.
You can use two AWS services to federate your workforce into AWS accounts and business applications:
- AWS Single Sign-On (SSO) or
- AWS Identity and Access Management (IAM).
- AWS SSO is a great choice to help you define federated access permissions for your users based on their group memberships in a single centralized directory.
- If you use multiple directories or want to manage the permissions based on user attributes, consider AWS IAM as your design alternative.
A company has moved its business critical data to Amazon EFS file system which will be accessed by multiple EC2 instances.
As an AWS Certified Solutions Architect Associate, which of the following would you recommend to exercise access control such that only the permitted EC2 instances can read from the EFS file system? (Select three)
- Use VPC security groups to control the network traffic to and from your file system
- Attach an IAM policy to your file system to control clients who can mount your file system with the required permissions
- Use EFS Access Points to manage application access
- You control which EC2 instances can access your EFS file system by using VPC security group rules and AWS Identity and Access Management (IAM) policies.
- Use VPC security groups to control the network traffic to and from your file system.
- Attach an IAM policy to your file system to control which clients can mount your file system and with what permissions, and use EFS Access Points to manage application access.
- Control access to files and directories with POSIX-compliant user and group-level permissions.
- Files and directories in an Amazon EFS file system support standard Unix-style read, write, and execute permissions based on the user ID and group IDs.
- When an NFS client mounts an EFS file system without using an access point, the user ID and group ID provided by the client is trusted.
- You can use EFS access points to override user ID and group IDs used by the NFS client.
- When users attempt to access files and directories, Amazon EFS checks their user IDs and group IDs to verify that each user has permission to access the objects
CloudFront offers a multi-tier cache in the form of regional edge caches that improve latency. However, there are certain content types that bypass the regional edge cache, and go directly to the origin.
Which of the following content types skip the regional edge cache? (Select two)
Dynamic content, as determined at request time (cache-behavior configured to forward all headers)
Amazon CloudFront
- Is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment.
- CloudFront points of presence (POPs) (edge locations) make sure that popular content can be served quickly to your viewers.
- CloudFront also has regional edge caches that bring more of your content closer to your viewers, even when the content is not popular enough to stay at a POP, to help improve performance for that content.
- Dynamic content, as determined at request time (cache-behavior configured to forward all headers), does not flow through regional edge caches, but goes directly to the origin. So this option is correct.
- Proxy methods PUT/POST/PATCH/OPTIONS/DELETE go directly to the origin
- Proxy methods PUT/POST/PATCH/OPTIONS/DELETE go directly to the origin from the POPs and do not proxy through the regional edge caches
The engineering team at a data analytics company has observed that its flagship application functions at its peak performance when the underlying EC2 instances have a CPU utilization of about 50%. The application is built on a fleet of EC2 instances managed under an Auto Scaling group. The workflow requests are handled by an internal Application Load Balancer that routes the requests to the instances.
As a solutions architect, what would you recommend so that the application runs near its peak performance state?
Configure the Auto Scaling group to use target tracking policy and set the CPU utilization as the target metric with a target value of 50%
An Auto Scaling group
- Contains a collection of Amazon EC2 instances that are treated as a logical grouping for the purposes of automatic scaling and management.
- An Auto Scaling group also enables you to use Amazon EC2 Auto Scaling features such as health check replacements and scaling policies.
With target tracking scaling policies
- You select a scaling metric and set a target value.
- Amazon EC2 Auto Scaling creates and manages the CloudWatch alarms that trigger the scaling policy and calculates the scaling adjustment based on the metric and the target value.
- The scaling policy adds or removes capacity as required to keep the metric at, or close to, the specified target value.
For example, you can use target tracking scaling to:
Configure a target tracking scaling policy to keep the average aggregate CPU utilization of your Auto Scaling group at 50 percent. This meets the requirements specified in the given use-case