Udemy Test 1

Question 1

EFS issue resulted in the poor performance of the application that reads and writes data into the file system.

What step should the SysOps administrator perform to resolve the high PercentIOLimit metric on the file system?

Answer 1

Build a new EFS file system that is configured with Max I/O performance mode. Utilize AWS DataSync to migrate data to the newly created EFS file system.

Question 2

As the user visits grow, the IT department decides to implement a caching service for faster database performance and to maintain high availability for the RDS instance.

Which combination of steps should the SysOps admin perform to accomplish the requirement?

Answer 2

Utilize Amazon ElastiCache for Redis data store to support the demands of the database.

• Activate Multi-AZ deployment for the data store.

Question 3

Does multi-az support in-memory cache service like Amazon ElastiCache for Memcached data store

Answer 3

No it does not

Question 4

Users started to report that they are being served with the desktop version of the website when using mobile phones.

Which action can help the SysOps administrator resolve the issue?

Answer 4

Update the CloudFront distribution origin settings. Add a User-Agent header to the list of origin custom headers.

Question 5

configure CloudFront to forward one or more of the following headers to your custom origin if you cache based on the device the user is using

Answer 5

• CloudFront-Is-Desktop-Viewer
• CloudFront-Is-Mobile-Viewer
• CloudFront-Is-SmartTV-Viewer
• CloudFront-Is-Tablet-Viewer

Question 6

Can you set the cache behavior of the CloudFront distribution to forward the User-Agent header?

Answer 6

No, this is configured in the Origin Custom Headers setting. Not the CF distribution.

Question 7

CreationPolicy attribute supported resources

Answer 7

AWS::AutoScaling::AutoScalingGroup, AWS::EC2::Instance, and AWS::CloudFormation::WaitCondition.

Question 8

What is CreationPolicy attribute?

Answer 8

Use attribute when you want to wait on resource configuration actions before stack creation proceeds.

Question 9

DependsOn attribute

Answer 9

you can specify that the creation of a specific resource follows another.

When you add a DependsOn attribute to a resource, that resource is created only after the creation of the resource specified in the DependsOn attribute.

Question 10

Can you modify the existing EFS file system configuration and activate Max I/O performance mode?

Answer 10

you can’t change the performance mode configuration of an EFS file system right away. You need to migrate the data to another file system configured with your desired performance mode.

Question 11

Nested Stacks are used when

Answer 11

infrastructure grows, common patterns can emerge in which you declare the same components in multiple templates.

Nested stacks are stacks created as part of other stacks. You create a nested stack within another stack by using the AWS::CloudFormation::Stack resource. Nested stacks can themselves contain other nested stacks, resulting in a hierarchy of stacks.

Question 12

Users are directed to the AWS region nearest to them

Answer 12

Set up a Route 53 Geoproximity routing policy to direct users to their closest region.

Latency-based routing is primarily used to minimize end-user latency. Not use to route to closest region.

Question 13

Configuring VPC site to site

Answer 13

On VGW - add the customer on-premise subnet route as destination.

On CGW- Add AWS VPC subnet as destination.

Question 14

How to automatically encrypting newly created EBS volumes?

Answer 14

You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create.

Default only applies to specific AWS regions.

Example is when EC2 instance is created.

AWS Config only encrypts the existing ebs volumes with encrypted-volume option.

Question 15

AWS Budgets VS Billing Alarm

Answer 15

AWS Budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount.

set reservation utilization or coverage targets and receive alerts when your utilization drops below the threshold you define.

Amazon CloudWatch Billing Alarm - although you can use this to monitor your estimated AWS charges and specified thresholds, this service still does not allow you to set coverage targets and receive alerts when your utilization drops below the threshold you define.

Question 16

How to increase cache hit ratio when it’s low with cloud front?

Answer 16

using CloudFront is to reduce the number of requests that your origin server must respond to directly. Assisting with load of origin.

increasing the proportion of your viewer requests that are served from CloudFront edge caches instead of going to your origin servers for content

1. Increase the TTL of your objects
2. Configure the distribution to forward only the required query string parameters, cookies or request headers for which your origin will return unique objects.
3. Remove Accept-Encoding header when compression is not needed
4. Serving Media Content by using HTTP

Question 17

What is a stackset?

Answer 17

You can use AWS CloudFormation StackSets to launch AWS Service Catalog products across multiple AWS Regions and accounts.

You can specify the order in which products deploy sequentially within AWS Regions. Across accounts, products are deployed in parallel.

When launching, users can specify failure tolerance and the maximum number of accounts in which to deploy in parallel.

Question 18

Stack Policy

Answer 18

prevent stack resources from being unintentionally updated or deleted during a stack update by using a stack policy.

Question 19

Change Sets are used when

Answer 19

When you need to update a stack, understanding how your changes will affect running resources before you implement them can help you update stacks with confidence.

Change sets allow you to preview how proposed changes to a stack might impact your running resources, for example, whether your changes will delete or replace any critical resources, AWS CloudFormation makes the changes to your stack only when you decide to execute the change set, allowing you to decide whether to proceed with your proposed changes or explore other changes by creating another change set.

Question 20

ACM functionality - Private certificate authority

Answer 20

ACM manages

private CA service that helps you easily and securely manage the lifecycle of your private certificates. ACM Private CA provides you a highly-available private CA service without the upfront investment and ongoing maintenance costs of operating your own private CA or private CA hierarchy.

Question 21

ACM - Secure key management

Answer 21

Strong encryption and key management best practices are used when protecting and storing private keys.

Question 22

ACM - Integrated with other AWS cloud services

Answer 22

Elastic Load Balancer

Amazon CloudFront distribution or API in Amazon API Gateway.

works with AWS Elastic Beanstalk and AWS CloudFormation

Question 23

ACM functionality

Answer 23

managed renewal for your Amazon-issued SSL/TLS certificates.

This means that ACM will either renew your certificates automatically (if you are using DNS validation), or it will send you email notices when expiration is approaching.

Question 24

ACM Renewal Eligibility

Answer 24

1. if associated with another AWS service, such as Elastic Load Balancing or CloudFront.
2. exported since being issued or last renewed.
3. if it is a private certificate issued by calling the ACM RequestCertificate API and then exported or associated with another AWS service.
4. if it is a private certificate issued through the management console and then exported or associated with another AWS service.

Question 25

ACM Renewal Ineligibility

Answer 25

NOT ELIGIBLE if

1. if it is a private certificate issued by calling the ACM Private CA IssueCertificate API.
2. If imported
3. If already expired.

Question 26

ACM post renewal.

Answer 26

the certificate’s Amazon Resource Name (ARN) remains the same.

Also, ACM certificates are regional resources. If you have certificates for the same domain name in multiple AWS Regions, each of these certificates must be renewed independently.

Question 27

How to identify the affected resources with non-compliant tags?

Answer 27

You can can leverage the require-tags managed rule in AWS Config. This rule checks if a resource contains the tags that you specify.

Question 28

How to allow all accounts be able to sign in using a single login URL as shown below:
https://tutorialsdojo.signin.aws.amazon.com/console

Answer 28

It is possible for only the root account. To create an alias in place for account number. Other members in IAM users in that account can sign in with the URL.

It is not possible for MULTIPLE accounts to sign in under one URL.