Continuous Improvement for Existing Solutions

Question 1

What to use for shared persistent storage for ECS Fargate containers

Answer 1

EFS

Question 2

What is AWS Transfer Family used for?

Answer 2

FTP

Question 3

What types of EC2 operating systems are supported by EFS

Answer 3

Linux only

Question 4

Which costs more: On-Demand Instances or Spot Instances?

Answer 4

On-Demand Instances cost way more. Spot Instances have more than a 90% discount compared to On-Demand.

Question 5

Which service is a simple document repository

Answer 5

AWS Artifact

Question 6

What are the 3 types of scaling for AWS OpWorks Stacks

Answer 6

24/7, time-based, and load-based

Question 7

What might cause users to get “access denied” messages while trying to launch a Service Catalog product?

Answer 7

1. The product does not have a launch constraint assigned.
2. The launch constraint does not have permissions to CloudFormation.
3. The user launching the product does not have required permissions to launch the product.

Question 8

A client’s RDS instance has “Available” listed in the Maintenance column. They don’t want to update until they can have a chance to review the changes. What do you advise?

Answer 8

Delay the update until they’re comfortable.

Question 9

Which service assess applications for vulnerabilities or deviations from best practices.

Answer 9

Amazon Inspector

Question 10

What two methods can be used to restore access to EC2 instances if you lose your private SSH key?

Answer 10

Stop the instance, detach its root volume, and attach the root volume to another instance. Use that instance to edit the authorized_keys file.

OR

AWS Systems Manager Automation with the AWSSupport-ResetAccess

Question 11

You’re setting up Elasticsearch for your Aurora database. While using Database Migration Service to load the indexes from Aurora, it terminates with an Elasticsearch return code of 429 and a message stating ‘Too many requests’. What must be done to fix this?

Answer 11

Set the number of queue slots as a product of the number of indexes, shards, and replicas

Question 12

A new policy requires use of encryption at rest for all data. Some existing EC2 instances were created without encryption for their root EBS volume. How do you fix this?

Answer 12

Stop the instances, create AMIs, and redeploy

Question 13

A client is migrating Linux servers with RAID1 disk configuration to EC2 and intends to keep the same disk configuration. How should you advise them?

Answer 13

Carefully evaluate whether or not RAID on EBS is the correct choice

Question 14

For petabyte-scale amounts of data that needs to be processed over a few days once per quarter, is it better to use S3 Standard or S3 Standard-IA

Answer 14

S3 Standard

Question 15

What port/s does a server use to respond to an HTTP request

Answer 15

Ephemeral ports

Question 16

What do you need to do in order to validate the checksum of S3 objects that were uploaded with Multipart Upload?

Answer 16

Use a custom metadata parameter instead of the entity tag checksum.

Question 17

You have a Network Load Balancer with an Autoscaling Group running EC2 instances. You notice that instances in one AZ have a lot of traffic while instances in another AZ have very little. What is the most likely reason for this?

Answer 17

Network Load Balancers cannot handle cross-zone load balancing

Question 18

How to avoid connection issues with Amazon RDS Multi-AZ instances after failover?

Answer 18

Ensure that the subnets have the same routing rules.

Question 19

How do you include manual evidence in AWS Audit Manager?

Answer 19

First upload it to an S3 bucket, then import it into AWS Audit Manager

Question 20

Which service detects confidential data in applications

Answer 20

AWS Macie

Question 21

Where can you find official documents for AWS on PCI compliance, HIPPA, compliance, etc.

Answer 21

AWS Artifact

Question 22

Your SSH private key for an EC2 instance has been compromised. Other than deleting the key pair in Amazon EC2 management console, what do you need to do?

Answer 22

Stop and terminate the instance immediately, then launch it with a new key pair

Question 23

Which has less maintenance? ECS on EC2 or AWS Fargate?

Answer 23

AWS Fargate

Question 24

Lower costs for S3 object encryption?

Answer 24

Configure S3 bucket keys for SSE-KMS

Question 25

Tool to allow a CloudFormation template to make an external API call

Answer 25

Lambda

Question 26

What do you have to do to enable an EC2 instance to be accessible via AWS Session Manager in Systems Manager?

Answer 26

The System Manager agent must be installed for Session Manager.

Question 27

What does an account need in order to access an Amazon Managed Blockchain?

Answer 27

Create a VPC PrivateLink endpoint in the account

Question 28

How to lower the stress on EC2 instances that have high CPU Utilization due handling TLS encryption and decryption?

Answer 28

Configure the TLS listener on a Network Load Balancer instead.

Question 29

A client with a WordPress application hosted on EC2 instances is having poor performance reading from Aurora due to a lot of product catalog lookups. How to fix?

Answer 29

Use ElastiCache Memcached as a caching layer and install a plugin to allow WordPress to use ElastiCache.

Question 30

An application pulling messages from SQS is getting a lot of empty ReceiveMessageResponse responses. What needs to be done to lessen this?

Answer 30

Increase the visibility time out

Question 31

How to enable communication between instances in two different Wavelength Zones?

Answer 31

Transit Gateway

Question 32

How would you use AWS OpWorks Stacks to handle spikes that occur at consistent times of day?

Answer 32

Time-based instances

Question 33

How to replicate existing databases to different regions to serve as backups and provide quick recovery?

Answer 33

Enable cross-region automated backup replication on the DB instance to create snapshots in other regions.

Question 34

How to ensure that you have capacity for auto scaling in a heavily used region

Answer 34

Zonal Reserved Instances

Question 35

In API Gateway, change 403 Forbidden responses to return 404 Not Found instead

Answer 35

In the Gateway Responses pane of the API, choose “Missing Authentication Token” and modify the status code from 403 to 404.

Question 36

When a custom domain for Amazon Cognito is created, what resource does it create and associate with its ACM certifiate?

Answer 36

A CloudFront distribution

Question 37

Your client is using TLS certificates from ACM. What should they do instead in order to protect the certificates from being stolen by spoofers?

Answer 37

Nothing.

Question 38

Run ECS Containers on-premises

Answer 38

Amazon ECS Anywhere

Question 39

Can you use Spot Instances for autoscaling at peak usage times?

Answer 39

Only if you’re using a Spot Fleet

Question 40

What do you need to do to let instances on a VPC in one account use the private hosted zone Route53 DNS resolution on a VPC in another account?

Answer 40

Associate the VPC with the hosted zone

Question 41

What type of interface do you need to establish an encrypted VPN on a DirectConnect connection?

Answer 41

A public virtual interface

Question 42

What resources can AWS WAF protect?

Answer 42

CloudFront, Application Load Balancer, API Gateway, AWS AppSync

Question 43

Where can Amazon Macie be used to scan for sensitive data?

Answer 43

S3 only

Question 44

Allow EC2 instances to send logs to CloudWatch

Answer 44

Install the CloudWatch Logs Agent