Udemy Exam 1 Flashcards

1
Q

A Big Data analytics company wants to set up an AWS cloud architecture that throttles requests in case of sudden traffic spikes. The company is looking for AWS services that can be used for buffering or throttling to handle such traffic variations.

Which of the following services can be used to support this requirement?

A

Throttling is the process of limiting the number of requests an authorized program can submit to a given operation in a given amount of time.

Amazon API Gateway, Amazon SQS and Amazon Kinesis

Amazon API Gateway

  • To prevent your API from being overwhelmed by too many requests, Amazon API Gateway throttles requests to your API using the token bucket algorithm, where a token counts for a request.
  • Specifically, API Gateway sets a limit on a steady-state rate and a burst of request submissions against all APIs in your account. In the token bucket algorithm, the burst is the maximum bucket size.

Amazon SQS - Amazon Simple Queue Service (SQS)

  • Is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications.
  • Amazon SQS offers buffer capabilities to smooth out temporary volume spikes without losing messages or increasing latency.

Amazon Kinesis

  • Amazon Kinesis is a fully managed, scalable service that can ingest, buffer, and process streaming data in real-time.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The sourcing team at the US headquarters of a global e-commerce company is preparing a spreadsheet of the new product catalog. The spreadsheet is saved on an EFS file system created in us-east-1 region. The sourcing team counterparts from other AWS regions such as Asia Pacific and Europe also want to collaborate on this spreadsheet.

As a solutions architect, what is your recommendation to enable this collaboration with the LEAST amount of operational overhead?

A

The spreadsheet on the EFS file system can be accessed in other AWS regions by using an inter-region VPC peering connection

  • Amazon Elastic File System (Amazon EFS) provides a simple, scalable, fully managed elastic NFS file system for use with AWS Cloud services and on-premises resources.
  • Amazon EFS is a regional service storing data within and across multiple Availability Zones (AZs) for high availability and durability.
  • Amazon EC2 instances can access your file system across AZs, regions, and VPCs, while on-premises servers can access using AWS Direct Connect or AWS VPN.
  • You can connect to Amazon EFS file systems from EC2 instances in other AWS regions using an inter-region VPC peering connection, and from on-premises servers using an AWS VPN connection.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The engineering team at a Spanish professional football club has built a notification system for its website using Amazon SNS notifications which are then handled by a Lambda function for end-user delivery. During the off-season, the notification systems need to handle about 100 requests per second. During the peak football season, the rate touches about 5000 requests per second and it is noticed that a significant number of the notifications are not being delivered to the end-users on the website.

As a solutions architect, which of the following would you suggest as the BEST possible solution to this issue?

A

Amazon SNS message deliveries to AWS Lambda have crossed the account concurrency quota for Lambda, so the team needs to contact AWS support to raise the account limit

Amazon Simple Notification Service (SNS)

  • Is a highly available, durable, secure, fully managed pub/sub messaging service that enables you to decouple microservices, distributed systems, and serverless applications.

With AWS Lambda,

  • You can run code without provisioning or managing servers. You pay only for the compute time that you consume—there’s no charge when your code isn’t running.
  • AWS Lambda currently supports 1000 concurrent executions per AWS account per region.
  • If your Amazon SNS message deliveries to AWS Lambda contribute to crossing these concurrency quotas, your Amazon SNS message deliveries will be throttled.
  • You need to contact AWS support to raise the account limit.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A data analytics company measures what the consumers watch and what advertising they’re exposed to. This real-time data is ingested into its on-premises data center and subsequently, the daily data feed is compressed into a single file and uploaded on Amazon S3 for backup. The typical compressed file size is around 2 GB.

Which of the following is the fastest way to upload the daily compressed file into S3?

A

Upload the compressed file using multipart upload with S3 transfer acceleration

Transfer Acceleration

  • Takes advantage of Amazon CloudFront’s globally distributed edge locations.
  • Enables fast, easy, and secure transfers of files over long distances between your client and an S3 bucket.
  • As the data arrives at an edge location, data is routed to Amazon S3 over an optimized network path.

Multipart upload

  • Allows you to upload a single object as a set of parts.
  • Each part is a contiguous portion of the object’s data.
  • You can upload these object parts independently and in any order. If transmission of any part fails, you can retransmit that part without affecting other parts.
  • After all parts of your object are uploaded, Amazon S3 assembles these parts and creates the object.
  • If you’re uploading large objects over a stable high-bandwidth network, use multipart uploading to maximize the use of your available bandwidth by uploading object parts in parallel for multi-threaded performance.
  • If you’re uploading over a spotty network, use multipart uploading to increase resiliency to network errors by avoiding upload restarts.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A major bank is using SQS to migrate several core banking applications to the cloud to ensure high availability and cost efficiency while simplifying administrative complexity and overhead. The development team at the bank expects a peak rate of about 1000 messages per second to be processed via SQS. It is important that the messages are processed in order.

Which of the following options can be used to implement this system?

A

Use Amazon SQS FIFO queue in batch mode of 4 messages per operation to process the messages at the peak rate

Amazon Simple Queue Service (SQS)

  • Is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications.
  • SQS offers two types of message queues -
  1. Standard queues
  2. FIFO queues.

FIFO queues

  • The order in which messages are sent and received is strictly preserved (i.e. First-In-First-Out).
  • On the other hand, the standard SQS queues offer best-effort ordering.
  • This means that occasionally, messages might be delivered in an order different from which they were sent.
  • By default, FIFO queues support up to 300 messages per second (300 send, receive, or delete operations per second).
  • When you batch 10 messages per operation (maximum), FIFO queues can support up to 3,000 messages per second.
  • Therefore you need to process 4 messages per operation so that the FIFO queue can support up to 1200 messages per second, which is well within the peak rate.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A news network uses Amazon S3 to aggregate the raw video footage from its reporting teams across the US. The news network has recently expanded into new geographies in Europe and Asia. The technical teams at the overseas branch offices have reported huge delays in uploading large video files to the destination S3 bucket.

Which of the following are the MOST cost-effective options to improve the file upload speed into S3? (Select two)

A

Use Amazon S3 Transfer Acceleration to enable faster file uploads into the destination S3 bucket

Amazon S3 Transfer Acceleration

  • Enables fast, easy, and secure transfers of files over long distances between your client and an S3 bucket.
  • Transfer Acceleration takes advantage of Amazon CloudFront’s globally distributed edge locations.
  • As the data arrives at an edge location, data is routed to Amazon S3 over an optimized network path.

Use multipart uploads for faster file uploads into the destination S3 bucket -

  • Multipart upload allows you to upload a single object as a set of parts.
  • Each part is a contiguous portion of the object’s data.
  • You can upload these object parts independently and in any order. If transmission of any part fails, you can retransmit that part without affecting other parts.
  • After all parts of your object are uploaded, Amazon S3 assembles these parts and creates the object.
  • In general, when your object size reaches 100 MB, you should consider using multipart uploads instead of uploading the object in a single operation.
  • Multipart upload provides improved throughput, therefore it facilitates faster file uploads.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A video analytics organization has been acquired by a leading media company. The analytics organization has 10 independent applications with an on-premises data footprint of about 70TB for each application. The CTO of the media company has set a timeline of two weeks to carry out the data migration from on-premises data center to AWS Cloud and establish connectivity.

Which of the following are the MOST cost-effective options for completing the data transfer and establishing connectivity? (Select two)

A

Order 10 Snowball Edge Storage Optimized devices to complete the one-time data transfer

Snowball Edge Storage Optimized

  • Is the optimal choice if you need to securely and quickly transfer dozens of terabytes to petabytes of data to AWS.
  • It provides up to 80 TB of usable HDD storage, 40 vCPUs, 1 TB of SATA SSD storage, and up to 40 Gb network connectivity to address large scale data transfer and pre-processing use cases.
  • As each Snowball Edge Storage Optimized device can handle 80TB of data, you can order 10 such devices to take care of the data transfer for all applications.
**Exam Alert:**

* **The original Snowball devices were transitioned out of service and Snowball Edge Storage Optimized are now the primary devices used for data transfer.**
* **You may see the Snowball device on the exam, just remember that the original Snowball device had 80TB of storage space.**

Setup Site-to-Site VPN to establish connectivity between the on-premises data center and AWS Cloud

  • Enables you to securely connect your on-premises network or branch office site to your Amazon Virtual Private Cloud (Amazon VPC).
  • You can securely extend your data center or branch office network to the cloud with an AWS Site-to-Site VPN connection.
  • A VPC VPN Connection utilizes IPSec to establish encrypted network connectivity between your intranet and Amazon VPC over the Internet.
  • VPN Connections can be configured in minutes and are a good solution if you have an immediate need, have low to modest bandwidth requirements, and can tolerate the inherent variability in Internet-based connectivity.

Therefore this option is the right fit for the given use-case as the connectivity can be easily established within the given timeframe.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A gaming company is developing a mobile game that streams score updates to a backend processor and then publishes results on a leaderboard. The company has hired you as an AWS Certified Solutions Architect Associate to design a solution that can handle major traffic spikes, process the mobile game updates in the order of receipt, and store the processed updates in a highly available database. The company wants to minimize the management overhead required to maintain the solution.

Which of the following will you recommend to meet these requirements?

A

Push score updates to Kinesis Data Streams which uses a Lambda function to process these updates and then store these processed updates in DynamoDB

Lambda integrates natively with Kinesis Data Streams.

  • To help ingest real-time data or streaming data at large scales, you can use Amazon Kinesis Data Streams (KDS).
  • KDS can continuously capture gigabytes of data per second from hundreds of thousands of sources.
  • The data collected is available in milliseconds, enabling real-time analytics.
  • KDS provides ordering of records, as well as the ability to read and/or replay records in the same order to multiple Amazon Kinesis Applications.
  • The polling, checkpointing, and error handling complexities are abstracted when you use this native integration.
  • The processed data can then be configured to be saved in DynamoDB.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A large financial institution operates an on-premises data center with hundreds of PB of data managed on Microsoft’s Distributed File System (DFS). The CTO wants the organization to transition into a hybrid cloud environment and run data-intensive analytics workloads that support DFS.

Which of the following AWS services can facilitate the migration of these workloads?

A

Amazon FSx for Windows File Server

Amazon FSx for Windows File Server

  • Provides fully managed, highly reliable file storage that is accessible over the industry-standard Service Message Block (SMB) protocol.
  • It is built on Windows Server, delivering a wide range of administrative features such as user quotas, end-user file restore, and Microsoft Active Directory (AD) integration.
  • Amazon FSx supports the use of Microsoft’s Distributed File System (DFS) to organize shares into a single folder structure up to hundreds of PB in size.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The payroll department at a company initiates several computationally intensive workloads on EC2 instances at a designated hour on the last day of every month. The payroll department has noticed a trend of severe performance lag during this hour. The engineering team has figured out a solution by using Auto Scaling Group for these EC2 instances and making sure that 10 EC2 instances are available during this peak usage hour. For normal operations only 2 EC2 instances are enough to cater to the workload.

As a solutions architect, which of the following steps would you recommend to implement the solution?

A

Configure your Auto Scaling group by creating a scheduled action that kicks-off at the designated hour on the last day of the month. Set the desired capacity of instances to 10. This causes the scale-out to happen before peak traffic kicks in at the designated hour

Scheduled scaling

  • Allows you to set your own scaling schedule.
  • For example, let’s say that every week the traffic to your web application starts to increase on Wednesday, remains high on Thursday, and starts to decrease on Friday.
  • You can plan your scaling actions based on the predictable traffic patterns of your web application.

Scaling actions

  • Are performed automatically as a function of time and date.
  • A scheduled action sets the minimum, maximum, and desired sizes to what is specified by the scheduled action at the time specified by the scheduled action.
  • For the given use case, the correct solution is to set the desired capacity to 10.
  • When we want to specify a range of instances, then we must use min and max values.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A file-hosting service uses Amazon S3 under the hood to power its storage offerings. Currently all the customer files are uploaded directly under a single S3 bucket. The engineering team has started seeing scalability issues where customer file uploads have started failing during the peak access hours with more than 5000 requests per second.

Which of the following is the MOST resource efficient and cost-optimal way of addressing this issue?

A

Change the application architecture to create customer-specific custom prefixes within the single bucket and then upload the daily files into those prefixed locations

Amazon Simple Storage Service (Amazon S3)

  • Is an object storage service that offers industry-leading scalability, data availability, security, and performance.
  • Your applications can easily achieve thousands of transactions per second in request performance when uploading and retrieving storage from Amazon S3. Amazon S3 automatically scales to high request rates.

For example, your application can achieve at least 3,500 PUT/COPY/POST/DELETE or 5,500 GET/HEAD requests per second per prefix in a bucket.

  • There are no limits to the number of prefixes in a bucket.
  • You can increase your read or write performance by parallelizing reads.

For example, if you create 10 prefixes in an Amazon S3 bucket to parallelize reads, you could scale your read performance to 55,000 read requests per second. Please see this example for more clarity on prefixes: if you have a file f1 stored in an S3 object path like so s3://your_bucket_name/folder1/sub_folder_1/f1, then /folder1/sub_folder_1/ becomes the prefix for file f1.

  • Some data lake applications on Amazon S3 scan millions or billions of objects for queries that run over petabytes of data.
  • These data lake applications achieve single-instance transfer rates that maximize the network interface used for their Amazon EC2 instance, which can be up to 100 Gb/s on a single instance.
  • These applications then aggregate throughput across multiple instances to get multiple terabits per second.

Therefore creating customer-specific custom prefixes within the single bucket and then uploading the daily files into those prefixed locations is the BEST solution for the given constraints.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A large IT company wants to federate its workforce into AWS accounts and business applications.

Which of the following AWS services can help build a solution for this requirement? (Select two)

A
  1. Use AWS Single Sign-On (SSO)
  2. Use AWS Identity and Access Management (IAM)

Identity federation

  • Is a system of trust between two parties for the purpose of authenticating users and conveying the information needed to authorize their access to resources.
  • In this system, an identity provider (IdP) is responsible for user authentication, and a service provider (SP), such as a service or an application, controls access to resources.
  • By administrative agreement and configuration, the SP trusts the IdP to authenticate users and relies on the information provided by the IdP about them.
  • After authenticating a user, the IdP sends the SP a message, called an assertion, containing the user’s sign-in name and other attributes that the SP needs to establish a session with the user and to determine the scope of resource access that the SP should grant.
  • Federation is a common approach to building access control systems that manage users centrally within a central IdP and govern their access to multiple applications and services acting as SPs.

You can use two AWS services to federate your workforce into AWS accounts and business applications:

  1. AWS Single Sign-On (SSO) or
  2. AWS Identity and Access Management (IAM).
  • AWS SSO is a great choice to help you define federated access permissions for your users based on their group memberships in a single centralized directory.
  • If you use multiple directories or want to manage the permissions based on user attributes, consider AWS IAM as your design alternative.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A company has moved its business critical data to Amazon EFS file system which will be accessed by multiple EC2 instances.

As an AWS Certified Solutions Architect Associate, which of the following would you recommend to exercise access control such that only the permitted EC2 instances can read from the EFS file system? (Select three)

A
  1. Use VPC security groups to control the network traffic to and from your file system
  2. Attach an IAM policy to your file system to control clients who can mount your file system with the required permissions
  3. Use EFS Access Points to manage application access
  • You control which EC2 instances can access your EFS file system by using VPC security group rules and AWS Identity and Access Management (IAM) policies.
  • Use VPC security groups to control the network traffic to and from your file system.
  • Attach an IAM policy to your file system to control which clients can mount your file system and with what permissions, and use EFS Access Points to manage application access.
  • Control access to files and directories with POSIX-compliant user and group-level permissions.
  • Files and directories in an Amazon EFS file system support standard Unix-style read, write, and execute permissions based on the user ID and group IDs.
  • When an NFS client mounts an EFS file system without using an access point, the user ID and group ID provided by the client is trusted.
  • You can use EFS access points to override user ID and group IDs used by the NFS client.
  • When users attempt to access files and directories, Amazon EFS checks their user IDs and group IDs to verify that each user has permission to access the objects
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

CloudFront offers a multi-tier cache in the form of regional edge caches that improve latency. However, there are certain content types that bypass the regional edge cache, and go directly to the origin.

Which of the following content types skip the regional edge cache? (Select two)

A

Dynamic content, as determined at request time (cache-behavior configured to forward all headers)

Amazon CloudFront

  • Is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment.
  • CloudFront points of presence (POPs) (edge locations) make sure that popular content can be served quickly to your viewers.
  • CloudFront also has regional edge caches that bring more of your content closer to your viewers, even when the content is not popular enough to stay at a POP, to help improve performance for that content.
  • Dynamic content, as determined at request time (cache-behavior configured to forward all headers), does not flow through regional edge caches, but goes directly to the origin. So this option is correct.
  • Proxy methods PUT/POST/PATCH/OPTIONS/DELETE go directly to the origin
  • Proxy methods PUT/POST/PATCH/OPTIONS/DELETE go directly to the origin from the POPs and do not proxy through the regional edge caches
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The engineering team at a data analytics company has observed that its flagship application functions at its peak performance when the underlying EC2 instances have a CPU utilization of about 50%. The application is built on a fleet of EC2 instances managed under an Auto Scaling group. The workflow requests are handled by an internal Application Load Balancer that routes the requests to the instances.

As a solutions architect, what would you recommend so that the application runs near its peak performance state?

A

Configure the Auto Scaling group to use target tracking policy and set the CPU utilization as the target metric with a target value of 50%

An Auto Scaling group

  • Contains a collection of Amazon EC2 instances that are treated as a logical grouping for the purposes of automatic scaling and management.
  • An Auto Scaling group also enables you to use Amazon EC2 Auto Scaling features such as health check replacements and scaling policies.

With target tracking scaling policies

  • You select a scaling metric and set a target value.
  • Amazon EC2 Auto Scaling creates and manages the CloudWatch alarms that trigger the scaling policy and calculates the scaling adjustment based on the metric and the target value.
  • The scaling policy adds or removes capacity as required to keep the metric at, or close to, the specified target value.

For example, you can use target tracking scaling to:

Configure a target tracking scaling policy to keep the average aggregate CPU utilization of your Auto Scaling group at 50 percent. This meets the requirements specified in the given use-case

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A junior scientist working with the Deep Space Research Laboratory at NASA is trying to upload a high-resolution image of a nebula into Amazon S3. The image size is approximately 3GB. The junior scientist is using S3 Transfer Acceleration (S3TA) for faster image upload. It turns out that S3TA did not result in an accelerated transfer.

Given this scenario, which of the following is correct regarding the charges for this image transfer?

A

The junior scientist does not need to pay any transfer charges for the image upload

  • There are no S3 data transfer charges when data is transferred in from the internet.
  • Also with S3TA, you pay only for transfers that are accelerated.
  • Therefore the junior scientist does not need to pay any transfer charges for the image upload because S3TA did not result in an accelerated transfer.
17
Q

A gaming company uses Amazon Aurora as its primary database service. The company has now deployed 5 multi-AZ read replicas to increase the read throughput and for use as failover target. The replicas have been assigned the following failover priority tiers and corresponding sizes are given in parentheses: tier-1 (16TB), tier-1 (32TB), tier-10 (16TB), tier-15 (16TB), tier-15 (32TB).

In the event of a failover, Amazon RDS will promote which of the following read replicas?

A

Tier-1 (32TB)

  • Amazon Aurora features a distributed, fault-tolerant, self-healing storage system that auto-scales up to 64TB per database instance.
  • It delivers high performance and availability with up to 15 low-latency read replicas, point-in-time recovery, continuous backup to Amazon S3, and replication across three Availability Zones (AZs).

For Amazon Aurora,

  • Each Read Replica is associated with a priority tier (0-15).
  • In the event of a failover, Amazon Aurora will promote the Read Replica that has the highest priority (the lowest numbered tier).
  • If two or more Aurora Replicas share the same priority, then Amazon RDS promotes the replica that is largest in size.
  • If two or more Aurora Replicas share the same priority and size, then Amazon Aurora promotes an arbitrary replica in the same promotion tier.

Therefore, for this problem statement, the Tier-1 (32TB) replica will be promoted.

18
Q

A geological research agency maintains the seismological data for the last 100 years. The data has a velocity of 1GB per minute. You would like to store the data with only the most relevant attributes to build a predictive model for earthquakes.

What AWS services would you use to build the most cost-effective solution with the LEAST amount of infrastructure maintenance?

Ingest the data in AWS Glue job and use Spark transformations before writing to S3

A

Ingest the data in Kinesis Data Firehose and use a Lambda function to filter and transform the incoming stream before the output is dumped on S3

Amazon Kinesis Data Firehose

  • Is the easiest way to load streaming data into data stores and analytics tools.
  • It can capture, transform, and load streaming data into Amazon S3, Amazon Redshift, Amazon Elasticsearch Service, and Splunk, enabling near real-time analytics with existing business intelligence tools and dashboards you’re already using today.
  • It is a fully managed service that automatically scales to match the throughput of your data and requires no ongoing administration.
  • It can also batch, compress, and encrypt the data before loading it, minimizing the amount of storage used at the destination and increasing security.

The correct choice is to ingest the data in Kinesis Data Firehose and use a Lambda function to filter and transform the incoming data before the output is dumped on S3. This way you only store a sliced version of the data with only the relevant data attributes required for your model. Also it should be noted that this solution is entirely serverless and requires no infrastructure maintenance.

19
Q

The DevOps team at an e-commerce company wants to perform some maintenance work on a specific EC2 instance that is part of an Auto Scaling group using a step scaling policy. The team is facing a maintenance challenge - every time the team deploys a maintenance patch, the instance health check status shows as out of service for a few minutes. This causes the Auto Scaling group to provision another replacement instance immediately.

As a solutions architect, which are the MOST time/resource efficient steps that you would recommend so that the maintenance work can be completed at the earliest? (Select two)

A
  • Put the instance into the Standby state and then update the instance by applying the maintenance patch.
  • Once the instance is ready, you can exit the Standby state and then return the instance to service -
  • You can put an instance that is in the InService state into the Standby state, update some software or troubleshoot the instance, and then return the instance to service.
  • Instances that are on standby are still part of the Auto Scaling group, but they do not actively handle application traffic.
20
Q

A developer has created a new Application Load Balancer but has not registered any targets with the target groups. Which of the following errors would be generated by the Load Balancer?

A

HTTP 503: Service unavailable

The Load Balancer generates the HTTP 503: Service unavailable error when the target groups for the load balancer have no registered targets.

21
Q

The engineering team at an e-commerce company wants to establish a dedicated, encrypted, low latency, and high throughput connection between its data center and AWS Cloud. The engineering team has set aside sufficient time to account for the operational overhead of establishing this connection.

As a solutions architect, which of the following solutions would you recommend to the company?

A

Use AWS Direct Connect plus VPN to establish a connection between the data center and AWS Cloud

AWS Direct Connect

  • Is a cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS.
  • AWS Direct Connect lets you establish a dedicated network connection between your network and one of the AWS Direct Connect locations.

With AWS Direct Connect plus VPN,

  • You can combine one or more AWS Direct Connect dedicated network connections with the Amazon VPC VPN.
  • This combination provides an IPsec-encrypted private connection that also reduces network costs, increases bandwidth throughput, and provides a more consistent network experience than internet-based VPN connections.

This solution combines the AWS managed benefits of the VPN solution with low latency, increased bandwidth, more consistent benefits of the AWS Direct Connect solution, and an end-to-end, secure IPsec connection.

Therefore, AWS Direct Connect plus VPN is the correct solution for this use-case.

22
Q

The product team at a startup has figured out a market need to support both stateful and stateless client-server communications via the APIs developed using its platform. You have been hired by the startup as a solutions architect to build a solution to fulfill this market need using AWS API Gateway.

Which of the following would you identify as correct?

A

API Gateway creates RESTful APIs that enable stateless client-server communication and API Gateway also creates WebSocket APIs that adhere to the WebSocket protocol, which enables stateful, full-duplex communication between client and server

Amazon API Gateway

  • Is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale.
  • APIs act as the front door for applications to access data, business logic, or functionality from your backend services.
  • Using API Gateway, you can create RESTful APIs and WebSocket APIs that enable real-time two-way communication applications.

API Gateway creates RESTful APIs that:

  • Are HTTP-based.
  • Enable stateless client-server communication.
  • Implement standard HTTP methods such as GET, POST, PUT, PATCH, and DELETE.
  • API Gateway creates WebSocket APIs that:
  • Adhere to the WebSocket protocol, which enables stateful, full-duplex communication between client and server. Route incoming messages based on message content.

So API Gateway supports stateless RESTful APIs as well as stateful WebSocket APIs.

23
Q

An IT security consultancy is working on a solution to protect data stored in S3 from any malicious activity as well as check for any vulnerabilities on EC2 instances.

As a solutions architect, which of the following solutions would you suggest to help address the given requirement?

Use Amazon Inspector to monitor any malicious activity on data stored in S3. Use security assessments provided by Amazon GuardDuty to check for vulnerabilities on EC2 instances

A

Use Amazon GuardDuty to monitor any malicious activity on data stored in S3. Use security assessments provided by Amazon Inspector to check for vulnerabilities on EC2 instances

Amazon GuardDuty

  • Offers threat detection that enables you to continuously monitor and protect your AWS accounts, workloads, and data stored in Amazon S3.
  • GuardDuty analyzes continuous streams of meta-data generated from your account and network activity found in AWS CloudTrail Events, Amazon VPC Flow Logs, and DNS Logs.
  • It also uses integrated threat intelligence such as known malicious IP addresses, anomaly detection, and machine learning to identify threats more accurately.

Amazon Inspector security assessments

  • Help you check for unintended network accessibility of your Amazon EC2 instances and for vulnerabilities on those EC2 instances.
  • Amazon Inspector assessments are offered to you as pre-defined rules packages mapped to common security best practices and vulnerability definitions.
24
Q

An IT Company wants to move all the compute components of its AWS Cloud infrastructure into serverless architecture. Their development stack comprises a mix of backend programming languages and the company would like to explore the support offered by the AWS Lambda runtime for their programming languages stack.

Can you identify the programming languages supported by the Lambda runtime? (Select two)

A

C#/.NET

Go

  • A runtime is a version of a programming language or framework that you can use to write Lambda functions.
  • AWS Lambda supports runtimes for the following languages:
  1. C#/.NET
  2. Go
  3. Java
  4. Node.js
  5. Python
  6. Ruby
25
Q

The engineering team at an in-home fitness company is evaluating multiple in-memory data stores with the ability to power its on-demand, live leaderboard. The company’s leaderboard requires high availability, low latency, and real-time processing to deliver customizable user data for the community of users working out together virtually from the comfort of their home.

As a solutions architect, which of the following solutions would you recommend? (Select two)

A

Power the on-demand, live leaderboard using ElastiCache Redis as it meets the in-memory, high availability, low latency requirements

Amazon ElastiCache for Redis

  • Is a blazing fast in-memory data store that provides sub-millisecond latency to power internet-scale real-time applications.
  • Amazon ElastiCache for Redis is a great choice for real-time transactional and analytical processing use cases such as caching, chat/messaging, gaming leaderboards, geospatial, machine learning, media streaming, queues, real-time analytics, and session store.
  • ElastiCache for Redis can be used to power the live leaderboard, so this option is correct.
  • Power the on-demand, live leaderboard using DynamoDB with DynamoDB Accelerator (DAX) as it meets the in-memory, high availability, low latency requirements

Amazon DynamoDB

  • Is a key-value and document database that delivers single-digit millisecond performance at any scale.
  • It’s a fully managed, multiregion, multimaster, durable database with built-in security, backup and restore, and in-memory caching for internet-scale applications.
  • DAX is a DynamoDB-compatible caching service that enables you to benefit from fast in-memory performance for demanding applications.

So DynamoDB with DAX can be used to power the live leaderboard.

26
Q

The development team at an e-commerce startup has set up multiple microservices running on EC2 instances under an Application Load Balancer. The team wants to route traffic to multiple back-end services based on the URL path of the HTTP header. So it wants requests for https://www.example.com/orders to go to a specific microservice and requests for https://www.example.com/products to go to another microservice.

Which of the following features of Application Load Balancers can be used for this use-case?

A

Path-based Routing

Elastic Load Balancing

  • Automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and Lambda functions.
  • If your application is composed of several individual services, an Application Load Balancer can route a request to a service based on the content of the request.

Here are the different types

Host-based Routing:

  • You can route a client request based on the Host field of the HTTP header allowing you to route to multiple domains from the same load balancer.

Path-based Routing:

  • You can route a client request based on the URL path of the HTTP header.

HTTP header-based routing:

  • You can route a client request based on the value of any standard or custom HTTP header.

HTTP method-based routing:

  • You can route a client request based on any standard or custom HTTP method.

Query string parameter-based routing:

  • You can route a client request based on the query string or query parameters.

Source IP address CIDR-based routing:

  • You can route a client request based on source IP address CIDR from where the request originates.

Path-based Routing Overview:

  • You can use path conditions to define rules that route requests based on the URL in the request (also known as path-based routing).
  • The path pattern is applied only to the path of the URL, not to its query parameters.
27
Q

The solo founder at a tech startup has just created a brand new AWS account. The founder has provisioned an EC2 instance 1A which is running in region A. Later, he takes a snapshot of the instance 1A and then creates a new AMI in region A from this snapshot. This AMI is then copied into another region B. The founder provisions an instance 1B in region B using this new AMI in region B.

At this point in time, what entities exist in region B?

A

1 EC2 instance, 1 AMI and 1 snapshot exist in region B

  • An Amazon Machine Image (AMI)
  • Provides the information required to launch an instance.
  • You must specify an AMI when you launch an instance.
  • When the new AMI is copied from region A into region B, it automatically creates a snapshot in region B because AMIs are based on the underlying snapshots.

Further, an instance is created from this AMI in region B. Hence, we have 1 EC2 instance, 1 AMI and 1 snapshot in region B.

28
Q

A telecom company operates thousands of hardware devices like switches, routers, cables, etc. The real-time status data for these devices must be fed into a communications application for notifications. Simultaneously, another analytics application needs to read the same real-time status data and analyze all the connecting lines that may go down because of any device failures.

As a Solutions Architect, which of the following solutions would you suggest, so that both the applications can consume the real-time status data concurrently?

A

Amazon Kinesis Data Streams

  • Enables real-time processing of streaming big data.
  • It provides ordering of records, as well as the ability to read and/or replay records in the same order to multiple Amazon Kinesis Applications.

The Amazon Kinesis Client Library (KCL)

  • Delivers all records for a given partition key to the same record processor, making it easier to build multiple applications reading from the same Amazon Kinesis data stream (for example, to perform counting, aggregation, and filtering).

AWS recommends Amazon Kinesis Data Streams for use cases with requirements that are similar to the following:

  • Routing related records to the same record processor (as in streaming MapReduce).
    • For example, counting and aggregation are simpler when all records for a given key are routed to the same record processor.
  • Ordering of records.
    • For example, you want to transfer log data from the application host to the processing/archival host while maintaining the order of log statements.

Ability for multiple applications to consume the same stream concurrently.

  • For example, you have one application that updates a real-time dashboard and another that archives data to Amazon Redshift.
  • You want both applications to consume data from the same stream concurrently and independently.
  • Ability to consume records in the same order a few hours later.
    • For example, you have a billing application and an audit application that runs a few hours behind the billing application.

Because Amazon Kinesis Data Streams stores data for up to 7 days, you can run the audit application up to 7 days behind the billing application.

29
Q

An Electronic Design Automation (EDA) application produces massive volumes of data that can be divided into two categories. The ‘hot data’ needs to be both processed and stored quickly in a parallel and distributed fashion. The ‘cold data’ needs to be kept for reference with quick access for reads and updates at a low cost.

Which of the following AWS services is BEST suited to accelerate the aforementioned chip design process?

A

Amazon FSx for Lustre

Amazon FSx for Lustre

  • Makes it easy and cost-effective to launch and run the world’s most popular high-performance file system.
  • It is used for workloads such as machine learning, high-performance computing (HPC), video processing, and financial modeling.
  • The open-source Lustre file system is designed for applications that require fast storage – where you want your storage to keep up with your compute.
  • FSx for Lustre integrates with Amazon S3, making it easy to process data sets with the Lustre file system.
  • When linked to an S3 bucket, an FSx for Lustre file system transparently presents S3 objects as files and allows you to write changed data back to S3.
  • FSx for Lustre provides the ability to both process the ‘hot data’ in a parallel and distributed fashion as well as easily store the ‘cold data’ on Amazon S3.
30
Q

A technology blogger wants to write a review on the comparative pricing for various storage types available on AWS Cloud. The blogger has created a test file of size 1GB with some random data. Next he copies this test file into AWS S3 Standard storage class, provisions an EBS volume (General Purpose SSD (gp2)) with 100GB of provisioned storage and copies the test file into the EBS volume, and lastly copies the test file into an EFS Standard Storage filesystem. At the end of the month, he analyses the bill for costs incurred on the respective storage types for the test file.

What is the correct order of the storage charges incurred for the test file on these three storage types?

A

Cost of test file storage on S3 Standard < Cost of test file storage on EFS < Cost of test file storage on EBS

With Amazon EFS,

  • You pay only for the resources that you use.
  • The EFS Standard Storage pricing is $0.30 per GB per month.
  • Therefore the cost for storing the test file on EFS is $0.30 for the month.
  • For EBS General Purpose SSD (gp2) volumes,
  • The charges are $0.10 per GB-month of provisioned storage.
  • Therefore, for a provisioned storage of 100GB for this use-case, the monthly cost on EBS is $0.10*100 = $10. This cost is irrespective of how much storage is actually consumed by the test file.
  • For S3 Standard storage, the pricing is $0.023 per GB per month. Therefore, the monthly storage cost on S3 for the test file is $0.023.
31
Q

A leading video streaming service delivers billions of hours of content from Amazon S3 to customers around the world. Amazon S3 also serves as the data lake for its big data analytics solution. The data lake has a staging zone where intermediary query results are kept only for 24 hours. These results are also heavily referenced by other parts of the analytics pipeline.

Which of the following is the MOST cost-effective strategy for storing this intermediary query data?

A

Store the intermediary query results in S3 Standard storage class

S3 Standard

  • Offers high durability, availability, and performance object storage for frequently accessed data.
  • Because it delivers low latency and high throughput, S3 Standard is appropriate for a wide variety of use cases, including cloud applications, dynamic websites, content distribution, mobile and gaming applications, and big data analytics.
  • As there is no minimum storage duration charge and no retrieval fee (remember that intermediary query results are heavily referenced by other parts of the analytics pipeline), this is the MOST cost-effective storage class amongst the given options.
32
Q

The flagship application for a gaming company connects to an Amazon Aurora database and the entire technology stack is currently deployed in the United States. Now, the company has plans to expand to Europe and Asia for its operations. It needs the games table to be accessible globally but needs the users and games_played tables to be regional only.

How would you implement this with minimal application refactoring?

A

Use an Amazon Aurora Global Database for the games table and use Amazon Aurora for the users and games_played tables

Amazon Aurora

  • Is a MySQL and PostgreSQL-compatible relational database built for the cloud, that combines the performance and availability of traditional enterprise databases with the simplicity and cost-effectiveness of open source databases.
  • Features a distributed, fault-tolerant, self-healing storage system that auto-scales up to 64TB per database instance.
  • Aurora is not an in-memory database.

Amazon Aurora Global Database

  • Is designed for globally distributed applications, allowing a single Amazon Aurora database to span multiple AWS regions.
  • It replicates your data with no impact on database performance, enables fast local reads with low latency in each region, and provides disaster recovery from region-wide outages.

Amazon Aurora Global Database is the correct choice for the given use-case.

For the given use-case, we, therefore, need to have two Aurora clusters, one for the global table (games table) and the other one for the local tables (users and games_played tables).

33
Q

A media agency stores its re-creatable assets on Amazon S3 buckets. The assets are accessed by a large number of users for the first few days and the frequency of access falls down drastically after a week. Although the assets would be accessed occasionally after the first week, but they must continue to be immediately accessible when required. The cost of maintaining all the assets on S3 storage is turning out to be very expensive and the agency is looking at reducing costs as much as possible.

As a Solutions Architect, can you suggest a way to lower the storage costs while fulfilling the business requirements?

A

Configure a lifecycle policy to transition the objects to Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA) after 30 days

S3 One Zone-IA

  • Is for data that is accessed less frequently, but requires rapid access when needed.
  • Unlike other S3 Storage Classes which store data in a minimum of three Availability Zones (AZs), S3 One Zone-IA stores data in a single AZ and costs 20% less than S3 Standard-IA.
  • S3 One Zone-IA is ideal for customers who want a lower-cost option for infrequently accessed and re-creatable data but do not require the availability and resilience of S3 Standard or S3 Standard-IA.
  • The minimum storage duration is 30 days before you can transition objects from S3 Standard to S3 One Zone-IA.

S3 One Zone-IA

  • Offers the same high durability, high throughput, and low latency of S3 Standard, with a low per GB storage price and per GB retrieval fee.

S3 Storage Classes

  • Can be configured at the object level, and a single bucket can contain objects stored across S3 Standard, S3 Intelligent-Tiering, S3 Standard-IA, and S3 One Zone-IA.

You can also use S3 Lifecycle policies to automatically transition objects between storage classes without any application changes.

34
Q

A research group needs a fleet of EC2 instances for a specialized task that must deliver high random I/O performance. Each instance in the fleet would have access to a dataset that is replicated across the instances. Because of the resilient application architecture, the specialized task would continue to be processed even if any instance goes down, as the underlying application architecture would ensure the replacement instance has access to the required dataset.

Which of the following options is the MOST cost-optimal and resource-efficient solution to build this fleet of EC2 instances?

A

Use Instance Store based EC2 instances

An instance store

  • Provides temporary block-level storage for your instance.
  • This storage is located on disks that are physically attached to the host computer.
  • Instance store is ideal for the temporary storage of information that changes frequently such as buffers, caches, scratch data, and other temporary content, or for data that is replicated across a fleet of instances, such as a load-balanced pool of web servers.
  • Instance store volumes are included as part of the instance’s usage cost.

As Instance Store based volumes provide high random I/O performance at low cost (as the storage is part of the instance’s usage cost) and the resilient architecture can adjust for the loss of any instance, therefore you should use Instance Store based EC2 instances for this use-case.

35
Q

A social gaming startup has its flagship application hosted on a fleet of EC2 servers running behind an Elastic Load Balancer. These servers are part of an Auto Scaling Group. 90% of the users start logging into the system at 6 pm every day and continue till midnight. The engineering team at the startup has observed that there is a significant performance lag during the initial hour from 6 pm to 7 pm. The application is able to function normally thereafter.

As a solutions architect, which of the following steps would you recommend addressing the performance bottleneck during that initial hour of traffic spike?

Configure your Auto Scaling group by creating a step scaling policy. This causes the scale-out to happen even before peak traffic kicks in at 6 pm

A

Configure your Auto Scaling group by creating a scheduled action that kicks-off before 6 pm. This causes the scale-out to happen even before peak traffic kicks in at 6 pm

  • The scheduled action tells the Amazon EC2 Auto Scaling group to perform a scaling action at specified times.
  • To create a scheduled scaling action, you specify the start time when the scaling action should take effect, and the new minimum, maximum, and desired sizes for the scaling action.

For the given use-case, the engineering team can create a daily scheduled action to kick-off before 6 pm which would cause the scale-out to happen even before peak traffic kicks in at 6 pm.

36
Q

A gaming company is looking at improving the availability and performance of its global flagship application which utilizes UDP protocol and needs to support fast regional failover in case an AWS Region goes down.

Which of the following AWS services represents the best solution for this use-case?

A

AWS Global Accelerator

  • Utilizes the Amazon global network
  • Allowing you to improve the performance of your applications by lowering first-byte latency (the round trip time for a packet to go from a client to your endpoint and back again) and jitter (the variation of latency), and increasing throughput (the amount of time it takes to transfer data) as compared to the public internet.
  • Improves performance for a wide range of applications over TCP or UDP by proxying packets at the edge to applications running in one or more AWS Regions.
  • Is a good fit for non-HTTP use cases, such as gaming (UDP), IoT (MQTT), or Voice over IP, as well as for HTTP use cases that specifically require static IP addresses or deterministic, fast regional failover.
37
Q

A financial services company uses Amazon GuardDuty for analyzing its AWS account metadata to meet the compliance guidelines. However, the company has now decided to stop using GuardDuty service. All the existing findings have to be deleted and cannot persist anywhere on AWS Cloud.

Which of the following techniques will help the company meet this requirement?

A

Amazon GuardDuty

  • Offers threat detection that enables you to continuously monitor and protect your AWS accounts, workloads, and data stored in Amazon S3.
  • Analyzes continuous streams of meta-data generated from your account and network activity found in AWS CloudTrail Events, Amazon VPC Flow Logs, and DNS Logs.
  • It also uses integrated threat intelligence such as known malicious IP addresses, anomaly detection, and machine learning to identify threats more accurately.

Disabling the service will delete all remaining data, including your findings and configurations before relinquishing the service permissions and resetting the service.

38
Q

An audit department generates and accesses the audit reports only twice in a financial year. The department uses AWS Step Functions to orchestrate the report creating process that has failover and retry scenarios built into the solution. The underlying data to create these audit reports is stored on S3, runs into hundreds of Terabytes and should be available with millisecond latency.

As a solutions architect, which is the MOST cost-effective storage class that you would recommend to be used for this use-case?

A

Amazon S3 Standard-Infrequent Access (S3 Standard-IA)

  • Since the data is accessed only twice in a financial year but needs rapid access when required, the most cost-effective storage class for this use-case is S3 Standard-IA.
  • S3 Standard-IA storage class is for data that is accessed less frequently but requires rapid access when needed.
  • S3 Standard-IA matches the high durability, high throughput, and low latency of S3 Standard, with a low per GB storage price and per GB retrieval fee.
  • Standard-IA is designed for 99.9% availability compared to 99.99% availability of S3 Standard.

However, the report creation process has failover and retry scenarios built into the workflow, so in case the data is not available owing to the 99.9% availability of S3 Standard-IA, the job will be auto re-invoked till data is successfully retrieved.