Practice Questions

Question 1

You work in the security industry for a large consultancy. A new customer of yours runs a production environment in AWS and they require a log of all API calls made to their Elastic Load Balancer. How can you achieve this?

Answer 1

Enable Cloud Trail on the ELB

Question 2

True or False: Amazon will always have root level SSH access in to your EC2 instances.

Answer 2

False

Question 3

You have a static HTML website that requires inexpensive, highly available hosting solution that scales automatically to meet traffic demands. Which AWS service would best suit this requirement?

Answer 3

S3 Static Website Hosting

Question 4

True or False: You should expect the same latency and throughput performance as Amazon S3 Standard when using Standard - IA.

Answer 4

True

Question 5

You have a website that allows users in third world countries to store their important documents safely and securely online. Internet connectivity in these countries is unreliable, so you implement multipart uploads to improve the success rate of uploading files. This works well, however you notice that when an object is not uploaded successfully, incomplete parts of that object are still being stored in S3 and you are still being charged for those objects. What S3 service can you implement to expire incomplete multipart uploads?

Answer 5

S3 Lifecycle Policies

Question 6

What is the durability of S3 - IA?

Answer 6

99.999999999% (Eleven 9’s).

Question 7

What is the minimum time interval granularity for the data that Amazon CloudWatch receives and aggregates?

Answer 7

1 Minute

Question 8

True or False: S3 does not support website redirects.

Answer 8

False

Question 9

You need to automatically migrate objects from one S3 storage class to another based on the age of the data. What S3 service can you use to achieve this?

Answer 9

Lifecycle Management

Question 10

You work for an electric car company that has its front end website on EC2. Company policy dictates that you must retain a history of all EC2 API calls made on your account for security analysis and operational troubleshooting purposes. What AWS service can assist you with this?

Answer 10

CloudTrail

Question 11

True or False: An Amazon Cluster Placement Group can be stretched across multiple availability zones?”

Answer 11

False - a placement group can only exist within 1 availability zone.

Question 12

Your three AWS accounts (A, B and C) share data. In an attempt to maximize performance between the accounts, you place all the instances for these accounts in ‘eu-west-1b’. During testing, you find almost no transfer latency between accounts A and B, but significant latency between accounts B and C, and accounts C and A. Which of the following possibilities is the most likely source of the problem?

Answer 12

The names of the AZs are randomly applied, so ‘eu-west-1b’ is not the same location for all three accounts.

Question 13

True or False: You can use S3 Transfer Acceleration with multipart uploads.

Answer 13

TRUE, You can use S3 Transfer Acceleration with multipart uploads.

Question 14

You have built an online dating application that allows users to send and receive photos as they court each other. You need to secure this data and you need to implement server-side encryption to protect this data. You decide that you want server-side encryption provided by Amazon. You will also need to have an audit trail so you can see who used your key to access which object and when, as well as view failed attempts to access data from users without permission to decrypt the data. What out of the box Amazon solution would enable you to achieve this?

Answer 14

SSE-KMS - AWS KMS provides an audit trail so you can see who used your key to access which object and when, as well as view failed attempts to access data from users without permission to decrypt the data.

Question 15

Which of the following is NOT a valid EC2 instance type? - D2, C4, M3, Z2

Answer 15

D2, C4, M3 are all valid EC2 instances. https://aws.amazon.com/ec2/instance-types/

Question 16

You work for a large insurance company that has issued 10,000 insurance policies. These policies are stored as PDFs. You need these policies to be highly available and company policy says that the data must be able to survive the simultaneous loss of two facilities. What storage solution should you use?

Answer 16

Your best solution would be to use S3, which redundantly stores multiple copies of your data in multiple facilities and on multiple devices within each facility.

Question 17

ou are a solutions architect working for a company that conducts surveys on specific industries. Each industry that you survey has its own EC2 fleet, separate from those of other industries. Company policy dictates that you should keep costs to a minimum, using only 1 load balancer, if possible. What type of load balancer should you use to suit this requirement?

Answer 17

You need an application-aware load balancer, so your best option would be to use an Application Load Balancer.

Question 18

In the future, you will need to preserve, restore, and retrieve every version of every file that you have stored in AWS. Which service should you use?

Answer 18

ersioning allows you to preserve, retrieve, and restore every version of every object stored in an Amazon S3 bucket.

Question 19

You need to restore an object from Glacier. What 2 ways can you accomplish this?

Answer 19

Because Amazon S3 maintains the mapping between your user-defined object name and Amazon Glacier’s system-defined identifier, Amazon S3 objects that are stored using the Amazon Glacier option are only accessible through the Amazon S3 APIs or the Amazon S3 Management Console.

Question 20

What is the Uptime SLA for Amazon EC2 and EBS within a given region?

Answer 20

Amazon’s SLA guarantees a Monthly Uptime Percentage of at least 99.95% for Amazon EC2 and Amazon EBS within a Region.

Question 21

What is the minimum object size for S3 - IA?

Answer 21

Standard - IA is designed for larger objects and has a minimum object size of 128KB. Objects smaller than 128KB in size will incur storage charges as if the object were 128KB.

Question 22

You have designed an application that stores large videos in S3. These videos are usually larger than 100Mb in size. You need to maximize upload performance. Select two answers that will achieve this end.

Answer 22

Multipart Upload is recommended for files greater than 100 Mb, and is required for files 5 GB or larger. S3 Transfer Accelearation is especially useful in cases where your bucket resides in a Region other than the one in which the file transfer was originated.

Question 23

You have an application that uses S3 to store objects. Company policy dictates that certain objects (such as JPGs and PDF’s) must be replicated to another region for redundancy. However, some objects (such as Word files) can stay in a single region. Company policy also dictates that you should use as few buckets as possible. How should you architect this solution?

Answer 23

You can use just one bucket and enable CRR on just a subset of uploaded objects (such as JPGs and PDF’s) by using specifying prefixes.

Question 24

You back the files that exist on an in-house SAN to S3. You need to minimize cost, however company policy states that objects must be instantly accessible. What S3 storage class should you use?

Answer 24

The best solutions for instant access, but lowest cost would be S3 - Infrequently Accessed storage.

Question 25

You need to implement a new web application which allows users to store family photos online in such a way that only invited guests will be able to view the images. Which type of S3 encryption should you choose to maintain full end-to-end control of the encryption/decryption of objects and assure that only encrypted objects are transmitted over the Internet to Amazon S3.

Answer 25

Using an encryption client library, such as the Amazon S3 Encryption Client, you retain control of the keys and complete the encryption and decryption of objects client-side using an encryption library of your choice. Some customers prefer full end-to-end control of the encryption and decryption of objects; that way, only encrypted objects are transmitted over the Internet to Amazon S3.

Question 26

True or False: Classic ELB’s support IPv6 as well as IPv4.

Answer 26

Each Classic Load Balancer has an associated IPv4, IPv6, and dualstack (both IPv4 and IPv6) DNS name. However, IPv6 is not supported in VPC at this time.

Question 27

Your company has a legacy SAN that has 75 TB’s of data. Your company has decided that they want to migrate this data to AWS S3 in the quickest way possible. You company has a single comms line with a maximum pipe line of 50Mbps Which service should you consider using?

Answer 27

Due to the size of the data and the small comms line, Snowball would be the fastest option available.

Question 28

Which EC2 operating system is NOT supported by CloudWatch

Answer 28

None. All EC2 operating systems are supported by CloudWatch.

Question 29

How can you securely upload or download your data to/from the S3 service?

SSL endpoints using the HTTPS protocol
(Correct)

Answer 29

ou can securely upload/download your data to/from Amazon S3 via SSL or HTTP endpoints using HTTPS.

Question 30

Which types of server side encryption are available for S3? (Choose all that apply.)

Answer 30

You can choose to encrypt data using SSE-S3, SSE-C, SSE-KMS, or a client library such as the Amazon S3 Encryption Client. All four enable you to store sensitive data encrypted at rest in Amazon S3.

Question 31

Your legal company is moving its production estate to AWS. They currently have a private cloud platform with VMDK files as their virtual machines. You need to move these files to AWS and create EC2 instances using the VMDK files. Which AWS service would help you achieve this goal?

Answer 31

VM Import/Export is designed to help you do exactly that.

Question 32

You are running a Cassandra database that requires access to tens of thousands of low latency IOPS. What EC2 instance family would best suit your needs?

Answer 32

High I/O instances use SSD-based local instance storage to deliver very high, low latency, I/O capacity to applications, and are optimized for applications that require tens of thousands of IOPS.

Question 33

You are creating an application that will leverage EC2 for its webservers. The application data will be stored on the root device volume attached to the EC2 instance. Data on this volume must persist independently of the life of this particular instance. What EC2 volume should you choose?

Answer 33

By using Amazon EBS, data on the root device will persist independently from the lifetime of the instance.

Question 34

What is the availability of S3 - IA

Answer 34

S3 - IA is 99.9% available. Do not confuse availability with durability.

Question 35

You run a security company which stores highly sensitive PDF’s on S3 with versioning enabled. To ensure MAXIMUM protection of your objects to protect against accidental deletion, what further security measure should you consider using?

Answer 35

If you enable Versioning with MFA Delete on your Amazon S3 bucket, two forms of authentication are required to permanently delete a version of an object: your AWS account credentials and a valid six-digit code and serial number from an authentication device in your physical possession.

Question 36

You work for a security company that stores highly sensitive documents on S3. One of your customers has had a security breach and, as a precaution, they have asked you to remove a sensitive PDF from their S3 bucket. You log in to the AWS console using your account and attempt to delete the object. You notice that versioning is turned on, and when you dig a little deeper you discover that you cannot delete the object. What may be the cause of this?

Answer 36

Only the owner of an Amazon S3 bucket can permanently delete a version.

Question 37

True or False: You can use your existing Microsoft Windows Server licenses with an Amazon EC2 shared tenancy instance.

Answer 37

FALSE. A Dedicated Host is required if you’d like to use your existing Windows Server licenses.

Question 38

By default, how many Elastic IP addresses are you limited to per region?

5
(Correct)

Answer 38

By default, all accounts are limited to 5 Elastic IP addresses per region.

Question 39

True or False: EBS Snapshots are versioned and you can read an older snapshot to do a point-in-time recovery?

Answer 39

The answer is TRUE. Each snapshot is given a unique identifier, and customers can create volumes based on any of their existing snapshots.

Question 40

You have an extremely high performance compute application that you need to deploy to AWS. You will need extremely low-latency network performance to allow node-to-node communication between your EC2 instances. You will also need a minimum network speed of 10 Gbps in order for your application to work. How should you deploy your instances?

Answer 40

Amazon EC2 cluster placement group functionality allows users to group Cluster Compute Instances in clusters – allowing applications to get the low-latency network performance necessary for tightly-coupled node-to-node communication typical of many HPC applications.

Question 41

By default, how many S3 buckets can you have with a new AWS account?

25

Answer 41

By default, customers can provision up to 100 buckets per AWS account. However, you can increase your Amazon S3 bucket limit by visiting AWS Service Limits.

Question 42

Which of the following operating systems is NOT supported by EC2

Answer 42

OSX is not supported on EC2

Question 43

You have developed a file-sharing website for a large corporate entity. They require that the site has regional redundancy. Which S3 service should you use to achieve this?

Answer 43

S3 with Cross-Region Replication (CRR) automatically replicates data across AWS regions. With CRR, every object uploaded to an S3 bucket is automatically replicated to a destination bucket in a different AWS region that you choose.

Question 44

You have been load testing a customers new production environment. You create the environment using CloudFormation and you utilize CloudWatch to monitor the environment. After extensive load testing, you are ready to hand the cloudformation template over to your customer. You delete the environment and give your customer the CloudFormation template. However, they now want to see the results of the load test. How long does CloudWatch store the metrics for EC2 & ELB after deleting those resources?

Answer 44

Amazon CloudWatch stores metrics for terminated Amazon EC2 instances or deleted Elastic Load Balancers for 2 weeks.

Question 45

Which of the following statements is TRUE.

You are able to attach multiple EBS volumes to an EC2 instance.
Correct

Answer 45

You are able to attach multiple EBS volumes to an EC2 instance is True.

Question 46

What are the two different types of virtualization available on AWS?

Answer 46

The two different types of virtualzation available are Hardware Virtual Machine (HVM) & Paravirtual Machine (PVM)

Question 47

You’ve been tasked with implementing a globally accessible storage solution that will scale from a few terabytes (now) to an unknown, but significantly greater, volume of data in three years time. Which AWS service would best meet your current and projected storage needs?

Answer 47

Amazon S3 is highly scalable, secure storage for “flat” files. S3 will scale to any projected volume of data. In this case, it’s your best bet.

Question 48

Your large scientific organization needs to use a fleet of EC2 instances to perform high performance, CPU intensive calculations. Your boss asks you to choose an instance type that would best suit the needs of your organization. Which of the following instance types should you recommend?

Answer 48

C instanes are recommended for high performance front-end fleets, web-servers, batch processing, distributed analytics, high performance science and engineering applications, ad serving, MMO gaming, and video-encoding. The best answer would be to use a C4 instance.

Question 49

You have an application that stores data in S3, and you need to design an integrated solution providing encryption at rest. You want Amazon to handle key management and protection using multiple layers of security. Which S3 encryption option should you use?

Answer 49

SSE-S3 uses managed keys and one of the strongest block ciphers available, AES-256, to secure your data at rest.

Question 50

You have an application that allows people in very remote locations to store their files safely and securely. You need to leverage Amazon CloudFront’s globally distributed AWS Edge Locations so that as data arrives at an AWS Edge Location the data is routed to your Amazon S3 bucket over an optimized network path. Which service should you use?

Answer 50

Amazon S3 Transfer Acceleration enables fast, easy, and secure transfers of files over long distances between your client and your Amazon S3 bucket. Transfer Acceleration leverages Amazon CloudFront’s globally distributed AWS Edge Locations.

Question 51

Which protocols is supported with an Elastic Load Balancer

Answer 51

Amazon’s ELB supports the following protocols - “HTTP, HTTPS, TCP, SSL”

Question 52

CRR replicates every object-level upload that you make directly to your source bucket. Which of the following also forms a part of that replication?

Answer 52

CRR replicates every object-level upload that you directly make to your source bucket. The metadata and ACLs associated with the object are also part of the replication.

Question 53

Can you use IPv6 with Amazon S3?

Answer 53

Using IPv6 support for Amazon S3, applications can connect to Amazon S3 without needing any IPv6 to IPv4 translation software or systems.

Question 54

You work for a genetics company that has extremely large datasets stored in S3. You need to minimize storage costs, while maintaining mandated restore times that depend on the age of the data. Data 30-59 days old must be available immediately, and data ≥ 60 days old must be available within 12 hours. Which two of the following options below should you consider?

Answer 54

You should use S3 - IA for the data that needs to be accessed immediately, and you should use Glacier for the data that must be recovered within 12 hours. S3 - RRS would not be suitable solution for irreplacable data, and CloudFront is a CDN service, not a storage solution.

Question 55

How quickly can objects be restored from Glacier?

Answer 55

You can expect most restore jobs initiated via the Amazon S3 APIs or Management Console to complete in 3-5 hours.

Question 56

What is the minimum object size for S3 Standard?

Answer 56

The minimum object size is 0 Bytes. Most often, this will be a “touched” file.

Question 57

Your application stores your customers’ sensitive passport information in S3. You are required by law to encrypt all data at rest. Company policy states that you must maintain control of your encryption keys. For ease of management however, you do not want to implement or maintain a client side encryption library. Which S3 encryption option should you use to secure your data at rest?

Answer 57

Use SSE-C if you want to maintain your own encryption keys, but don’t want to implement or leverage a client-side encryption library.

Question 58

Which of the following are compute services with AWS?

EC2, ECS, Lambda, Glacier

Answer 58

EC2, ECS and Lambda are all AWS compute services.

Question 59

You are a system administrator and you need to take a consistent snapshot of your EC2 instance. Your application holds large amounts of data in cache that is not written to disk automatically. What would be the best approach to taking an application consistent snapshot?

Answer 59

As you need an application consistent snapshot, your best option would be to shutdown the EC2 instance and detach the EBS volume, then take the snapshot.

Question 60

Your application requires highly-available object storage, and must comply with EU privacy laws. As such, no data may be stored outside the EU. Which two of the following options should you consider?

A single EC2 instance with an EBS volume provisioned in Eu-West-1. Put this EC2 instance behind an Autoscaling Group with a minimum target of 1.

Use an S3 bucket in EU-West-1

Multiple EC2 instances with an EBS volume provisioned in US-EAST-1. These EC2 instances will use Autoscaling Group with a minimum target of 3, 1 per availability zone.

Use an S3 bucket in EU-Central-1

Answer 60

You should use an object based storage solution (such as S3) in European regions.

Question 61

You are attempting to move data from one EBS volume to a duplicate volume in a separate region. Which of the following methods will do this best?

Take a snapshot of the EBS volume and copy it to the desired region.

Allow a VPC peering connection to pull the data over.

Move the data to S3 and enable cross-region replication.

Use a Linux tool like rsync to sync the volume to the other region.

Answer 61

After you’ve created a snapshot and it has finished copying to Amazon S3, you can copy it from one AWS region to another, or within the same region.

Question 62

You have suggested moving your company’s web servers to AWS, but your supervisor is concerned about cost. Which of the following deployments will give you the most scalable and cost-effective solution?

An EC2 auto-scaling group that will expand and contract with demand

A solution that’s built to run 24/7 at 100% capacity, using a fixed number of T2 Micro instances

A hybrid solution that leverages on-premise resources

None of the above

Answer 62

An Auto-Scaling group of EC2 instances will exactly match the demand placed on your servers, allowing you to pay only for the compute capacity you actually need.

Question 63

You have an IO intensive database in your production environment that requires regular backups. You need to configure them in such a way so that when an automated backup is taken, it does not impact your production environment. What RDS option should you choose to help you accomplish this?

Answer 63

With Multi-AZ RDS instances and automated backups, I/O activity is no longer suspended on your primary during your preferred backup window, since backups are taken from the standby.

Question 64

Your company needs to run several monthly workloads that will each take several hours to complete. Although critical, these workloads can be stopped and restarted without adversely affecting the outcome of the job. Which pricing model would you use to deliver the most economical solution?

Answer 64

Spot instances are a cost-effective choice if you can be flexible about when your applications run and if your applications can be interrupted.

Question 65

Your fleet of EC2 instances is running 100% of the time, and there is no reason to believe that the demand will decrease. What pricing model could you use to reduce costs?

Answer 65

Reserved Instances provide you with a significant discount (up to 75%) compared to On-Demand instance pricing. You have the flexibility to change families, OS types, and tenancies while benefiting from Reserved Instance pricing when you use Convertible Reserved Instances.

Question 66

Your existing on-premise servers rely on Memcached to provide memory object caching. If you were to move to AWS, how might you preserve this functionality?

Install Memcached on EC2

Answer 66

ElastiCache is a web service that makes it easy to set up, manage, and scale a distributed in-memory cache environment in the cloud. It provides a high-performance, scalable, and cost-effective caching solution, while removing the complexity associated with deploying and managing a distributed cache environment.

Question 67

True or False: there is a cost associated with transferring from Amazon S3 to an EC2 instance in the same Region.

Answer 67

There is no cost assicated with moving data from S3 to EC2 if both are in the same Region.

Question 68

You have heavy load on your RDS database which is now the maximum available size possible. Which two AWS technologies should you use to further ease the load?

Answer 68

You could use RDS Read Replica or ElastiCache to further offset load.

Question 69

You have a small database workloads with infrequent I/O. Which storage medium would the most cost-effective way to meet these requirements?

Answer 69

Amazon RDS Magnetic Storage would be the most suitable.

Question 70

You have a very heavily-trafficked Wordpress blog that has approximately 95% read traffic and 5% write traffic. You notice that the blog is getting slower and slower. You discover that the bottleneck is in your RDS instance. Which two of the following answers can improve your Wordpress blog’s performance?

Create a number of read replicas and update the connection string on your EC2 instances so that traffic is evenly shared amongst these new RDS instances.

Use Elasticache to cache the most commonly read posts of your Wordpress blog.

Create a secondary Multi-AZ database and run the queries off the secondary Multi-AZ database.

Export the database to DynamoDB which has push button scaleability.

Answer 70

You should use a combination of Read Replica’s and Elasticache to help offload the traffic.

Question 71

True or False: You should store your Access Keys in an AMI.

Answer 71

Access keys should never be stored on an AMI

Question 72

You need to upgrade your RDS database to a larger instance class and you must minimize the amount of disruption to your business as much as possible. What should you do.

Answer 72

When upgrading an RDS instance class your database will be temporarily unavailable while the DB Instance class is modified. This period of unavailability typically lasts only a few minutes, and will occur during the maintenance window for your DB Instance, unless you specify that the modification should be applied immediately.

Question 73

Which of the following AWS services store data as key-value pairs?

DynamoDB
EC2
RDS
S3

Answer 73

Both DynamoDB and S3 use key-value pairs.

Question 74

You are running a production database using MySQL on RDS. From time to time, management asks you to run highly complex SQL queries with multiple table joins against the database. These queries often overwhelm your database, and the production environment is beginning to be affected. Which of the following would you recommend as a means of reducing the load on the database?

Migrate the database to DynamoDB which will scale automatically in order to deal with the load.

Use Route53 health checks to determine the current load on the database and if there is a minimum load , configure the health check to run the SQL queries.

Create a secondary Multi-AZ database and run the queries off the secondary Multi-AZ database.

Create a read replica of the database and run your reports against the read replica, rather than the production database.

Answer 74

You cannot run queries off a multi-AZ secondary copy database. You should use a read replica instead.

Question 75

Which of the following services allows you to have root level access to the underlying operating system

Answer 75

You can use SSH to access the underlying operating systems of EMR and EC2.

Question 76

You’ve been tasked with the implementation of an offsite backup/DR solution. You’ll only be responsible only for flat files and server backup. Which of the following would you include in your proposed solution (select all that apply.)?

EC2
Storage Gateway
Snowball
S3

Answer 76

EC2 is a compute service not applicable to this scenario. All others could be part of a comprehensive backup/DR solution.

Question 77

You’ve enabled website hosting on a bucket called “aspiring-guru” in the us-west-2 Region. Which of the following is the URL that will be assigned to your website?

aspiring-guru.s3-website-us-west-2.amazonaws.com
s3-website-us-west-2.aspiring-guru.amazonaws.com
s3-website.aspiring-guru-us-west-2.amazonaws.com
None of the above

Answer 77

Your bucket name always comes first, “s3-website” followed by the Region always comes next.

Question 78

You are auditing your RDS estate and you discover an RDS production database that is not encrypted at rest. This violates company policy and you need to rectify this immediately. What should you do to encrypt the database as quickly and as easy as possible.

Use the RDS Import/Export Wizard to migrate the unencrypted RDS instance across to a new encrypted database.

Take a snapshot of your unencrypted DB Instance and then restore it making sure you select to encrypt the new copy.

Use AWS Database Migration Service

Create a new DB Instance with encryption enabled and then manually migrate your data into it.

Answer 78

At the present time, encrypting an existing DB Instance is not supported. To use Amazon RDS encryption for an existing database, create a new DB Instance with encryption enabled and migrate your data into it.

Question 79

You need to develop an infrastructure that can be replicated and deployed in another AWS Region in a matter of minutes. Which AWS service might you use to build a reproducible, version-controlled infrastructure?

Answer 79

CloudFormation AWS CloudFormation gives developers and systems administrators an easy way to create and manage a collection of related AWS resources, provisioning and updating them in an orderly and predictable fashion.

Question 80

Your on-premise servers are running low on disk storage space, but your company is not yet ready for a complete move to the public cloud. You’ve been tasked with finding an interim storage solution that also offers backup and archiving capabilities. Which AWS service would you recommend to meet this immediate need?

Snowball

Storage Gateway with Gateway-Cached Volumes

DirectConnect

Storage Gateway with Gateway-Stored Volumes

Answer 80

Storage Gateway with Gateway-Cached Volumes would store your most frequently-accessed data on-premise, and would write your other data to S3.

Question 81

Your AWS environment contains several reserved EC2 instances dedicated to a project that has just been cancelled. You need to recoup the cost of these reserved instances, and you need to preserve the data for future use. What can you do to minimize charges for these instances?

Take snapshots of the EBS volumes and terminate the instances.

Contact AWS and ask them to release you from your Reserved Instance purchase

Stop the instances and retain them for future use.

Sell the unused instances on the AWS Reserved Instance Marketplace.

Answer 81

You should retain the data by taking snapshots of the EBS volumes backing your instances and sell the instances on the Reserved Instance Marketplace.

Question 82

You must to encrypt all incoming and outgoing traffic between your servers and your customers. Your fleet of EC2 instances lives inside a public subnet and behind an elastic load balancer. Your application is very CPU intensive, and you want to minimize the processing load these EC2 instances must bear. What should you do?

Install the SSL certificates on each EC2 instance and allow them to do the encryption/decryption with your customers.

Install the SSL certificates on your ELB’s so that there is less load on the EC2 instances.

Use API Gateway to offload the SSL certificate, reducing the amount of load on both your ELB and EC2 instances.

Configure a NAT and install the EC2 instance on that NAT so that you offload SSL termination to a third party EC2 instance and not your production environment.

Answer 82

The best answer would be to offload your SSL decryption to an Elastic Load Balancer.

Question 83

The company you work for is considering a move to AWS, but they are concerned that their current, 50Mbps connection will not be able to handle the 100 TB of data that need to be migrated without causing unacceptable downtime. As their solutions architect, which AWS service would you recommend to move this data?

Answer 83

Given the amount of data to be moved and the speed of the connection, Snowball would be the fastest and most economical solution.

Question 84

One of your junior developers needs access to an Elastic Load Balancer in your custom VPC. This is the first and only time he will need access to AWS services. Which of the following choices is the most secure way to grant this access?

Create a new IAM user with the required credentials.

Let them log in with Admin credentials and change the Admin password when he is finished.

Add that developer to a Group with the requisite access.

None of the above

Answer 84

It’s always best practice to grant users access via IAM roles and groups.

Question 85

Which of the following are true about Amazon S3-RRS?

S3-RRS offers 99.99% availability.

S3-RRS offers 99.999999999 durability

S3-RRS offers 99.99% durability.

S3-RRS is most often used with reproducible objects.

Answer 85

Reduced Redundancy Storage (RRS) enables customers to reduce their costs by storing non-critical, reproducible data at lower levels of redundancy than Amazon S3’s standard storage.

Question 86

The customer service organization at your company just told you that a client’s purchase from your website was processed twice. Your order process involves EC2 instances processing messages from an SQS queue. What changes might you make to ensure this does not happen again?

Rewrite the order-processing workflow to use SWF, rather than SQS.

Increase the visibility timeout on the SQS queue

Switch to long-polling

Manually delete the order after processing.

Answer 86

An SWF work flow ensure that actions are executed only once.

Question 87

True or False: By default, Amazon RDS enables automated backups of your DB instance with a 1-day retention period.

Answer 87

By default and at no additional charge, Amazon RDS enables automated backups of your DB Instance with a 1 day retention period.

Question 88

True or False: It is best practice to use Access Keys whenever possible, rather than IAM Roles.

Answer 88

It is always better to assign roles. Following the “least privilege” model, IAM Roles grant each user a unique set of security credentials.

Question 89

True or False: Availability Zones in a given Region are connected by low-latency links, facilitating the development of fault-tolerant, high-availability applications.

Answer 89

Availability Zones offer you the ability to operate production applications and databases which are more highly available, fault tolerant and scalable than would be possible from a single data center.

Question 90

You have a custom VPC for your organization. You discover that one of your developers has created an RDS instance in the default VPC and this is in violation of company policy. You need to create this RDS instance inside your custom VPC with as little effort as possible. What should you do?

Use the RDS Import/Export Wizard to Migrate the RDS instance across to the custom VPC

Use AWS Database Migration Service

Take a snapshot of your DB Instance in the default VPC and restore it to VPC by specifying the DB Subnet Group you want to use in your custom VPC.

Use the command “aws rds mv dbname < VPC”
Explanation

Answer 90

The easiest way would be to take a snapshot of your DB Instance outside VPC and restore it to VPC by specifying the DB Subnet Group you want to use.

Question 91

You are working for a real estate company and you need to be able to record configuration changes to Amazon RDS DB Instances, DB Subnet Groups, DB Snapshots, DB Security Groups, and Event Subscriptions. What AWS service should you use to achieve this?

CloudTrail

CloudWatch

CloudAudit

AWS Config

Answer 91

You can use AWS Config to continuously record configurations changes to Amazon RDS DB Instances, DB Subnet Groups, DB Snapshots, DB Security Groups, and Event Subscriptions and receive notification of changes through Amazon Simple Notification Service (SNS).

Question 92

Which AWS service should you use to host MySQL, MariaDB, Oracle, SQL Server, or PostgreSQL database where you do not need to manage the underlying operating system?

DynamoDB

RDS

Aurora

EC2 with EBS

Answer 92

RDS

Question 93

You have an RDS database that has moderate I/O requirements. Which storage medium would be best to accommodate these requirements?

Amazon RDS Provisioned IOPS (SSD) Storage

Amazon RDS General Purpose (SSD) Storage

Amazon RDS Magnetic Storage

Amazon RDS Cold Storage

Answer 93

Amazon RDS General Purpose (SSD) Storage would be the most suitable.

Question 94

he large manufacturing company you work for is interested in moving their production estate to AWS. They run a Joomla store which utilizes MySQL on the back end. Currently, they also use clustered MySQL databases in an active/passive configuration at a single site. By moving to AWS they want an active/passive configuration across 2 geographically distinct locations, with automatic failover between the two. As their solutions architect, which of the following RDS options should you recommend?

Multi-AZ

Read Replicas

Cross Region Replication

Cross Region Failover

Answer 94

To automatically failover from one geographic location to another you should use Multi-AZ for RDS.

Question 95

You have a production application that is on the largest RDS instance possible, and you are still approaching CPU utilization bottlenecks. You have implemented read replicas, ElastiCache and even CloudFront and S3 to cache static assets, but you are still bottlenecking. What should be your next step?

You should implement database partitioning and spread your data across multiple DB Instances.

You have reached the limits of public cloud. You should get a dedicated database server and host this locally within your own data center.

You should consider using RDS Multi-AZ and using the secondary AZ nodes as read only nodes to further offset load.

You should provision a secondary RDS instance and then implement and ELB to spread the load between the two RDS instances.

Answer 95

You should implement database partitioning and spread your data across multiple DB Instances.

Question 96

The insurance company you work for is implementing new IT security policies for all RDS instances. In the future, you will need to perform both security analyses and operational troubleshooting on your RDS estate. As such, you will need a history of all RDS API calls made on your account. What AWS service should you use to achieve this?

CloudAudit

CloudWatch

CloudFront

CloudTrail

Answer 96

AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The AWS API call history produced by CloudTrail enables security analysis, resource change tracking, and compliance auditing.

Question 97

What are the two different ways of automating your RDS backups?

Automated Backups

Using S3

Automated Snapshots

Using Data Pipeline

Answer 97

Explanation

Amazon RDS provides two different methods for backing up and restoring your DB Instance(s): automated backups and database snapshots.

Question 98

What type of replication is supported by read replica instances?

synchronous replication

asynchronous replication

continous replication

sequential replication

Answer 98

Explanation

Updates are applied to your Read Replica(s) after they occur on the source DB Instance using “asynchronous” replication.

Question 99

Which three of the following statements are not true?

EBS Volumes can be attached to multiple instance simultaneously

EBS Volumes cannot be attached to an EC2 instance in another AZ.

EBS Volumes are ephemeral.

EBS Volumes can be attached to an EC2 instance in another AZ

Answer 99

Explanation

The only true statement is, “EBS Volumes cannot be attached to an EC2 instance in another AZ.” The rest are false.

Question 100

You need to configure a new subnet in your VPC for a database cluster you are building. The subnet will never need more than six IP addresses. Which of the following is the best choice for this subnet?

A /28 private subnet

A /28 public subnet

A /16 public subnet

A /16 private subnet

Answer 100

Explanation

Databases generally do not require public access from the Internet, so a private subnet is the better choice from a security perspective. /28 is the smallest possible subnet in an AWS VPC.

Question 101

True or False: An Availability Zone comprises multiple Regions

Answer 101

Just the opposite: A Region comprises at least two Availability Zones.

Question 102

Which three of the following events would cause Amazon RDS to initiate a failover to the standby replica?

Loss of availability in primary Availability Zone

Loss of network connectivity to primary

Compute unit failure on primary

Storage failure on secondary

Answer 102

Explanation

The events would cause Amazon RDS to initiate a failover to the standby replica would be; Loss of availability in primary Availability Zone, Loss of network connectivity to primary, Compute unit failure on primary, Storage failure on primary

Question 103

What is the minimum size of an SSD EBS Volume?

1byte

1GiB

1MB

1GB

Answer 103

Explanation

SSD volumes must be between 1 GiB - 16 TiB.

Question 104

True or False: An application designed for fault tolerance and high availability should almost always be built across multiple Availability Zones

Answer 104

Architects who care about the availability and performance of their applications should deploy across multiple Availability Zones in the same region for fault tolerance and low latency.

Question 105

You are auditing your company’s RDS estate, and you discover a database that is in a single Availability Zone – a violation of company policy. You decide to convert this to a multi-AZ deployment. Which three of the following things will happen?

A snapshot of your primary instance is taken

Synchronous replication is configured between primary and standby instances

A new standby instance is created in a different Availability Zone, from the snapshot

asynchronous replication is configured between primary and standby instances

Answer 105

Explanation

For the RDS MySQL, MariaDB, PostgreSQL and Oracle database engines, when you elect to convert your RDS instance from Single-AZ to Multi-AZ, the following happens: A snapshot of your primary instance is taken, A new standby instance is created in a different Availability Zone, from the snapshot, synchronous replication is configured between primary and standby instances.

Question 106

True or False: In addition to hosting domains, Route 53 serves as a domain registrar.

Answer 106

You can register domains with Amazon Route 53. You can also transfer the registration for existing domains from other registrars to Amazon Route 53 or transfer the registration for domains that you register with Amazon Route 53 to another registrar.

Question 107

Your SQL server requires a specific type of collation and some unique third party tools installed on it. You will need access to the underlying operating system for management and monitoring of these third party tools. However, you’d like to keep the overall amount of management to a minimum. Which AWS service would best suit your needs?

RDS with SQL Server

DynamoDB

SQL server installed on EC2 with EBS

ElasticCache

Answer 107

Explanation

As you need access to the underlying host operating system, your best option would be to deploy SQL Server on EC2 backed by EBS.

Question 108

True or False: It’s possible to have a Multi-AZ copy of your read replica?

Answer 108

At this time, you cannot have a multi-AZ copy of your read replica.

Question 109

Your data warehousing company has a number of different RDS instances. You have a medium size instance with automated backups switched on and a retention period of 1 week. One of your staff carelessly deletes this database. Which two of the following apply.

The automatic backups are deleted when the instance is deleted.

The automated backups will be retained for 2 weeks and then deleted after the 2 weeks has expired.

A final snapshot will be created upon deletion automatically.

A final snapshot MAY have been created when the instance was deleted, depending on whether the ‘SkipFinalSnapshot’ parameter was set to ‘False.’

Answer 109

Under normal circumstances, all automatic backups of an RDS instance are deleted upon termination. However, it is possible to can create a final DB Snapshot upon deletion.If you do, you can use this DB Snapshot to restore the deleted DB Instance at a later date. Amazon RDS retains this final user-created DB Snapshot along with all other manually created DB Snapshots after the DB Instance is deleted.

Question 110

True or False: A Region is another name for an Edge Location.

Answer 110

Regions and Availability Zones are not the same thing: An AWS Region is a geographic area, comprising two or more Availability Zones (data centers.) An Edge Location is simply a content delivery network endpoint.

Question 111

You’ve been tasked with replicating your production VPC in another region for disaster recovery purposes. Part of your environment relies on EC2 instances with preconfigured software. What steps would you take to configure the instances in another region?

Create AMIs of the instances and deploy them in the new Region

Create AMIs of the instances and copy them to the new Region for deployment.

Write the IAM permissions for the new Region to use the AMIs from the original Region.

None of the above

Answer 111

The AMIs will need to be copied to the new Region prior to deployment.

Question 112

From the command line, which of the following should you run to get the public hostname of an EC2 instance?

curl http://169.254.169.254/latest/meta-data/public-hostname

curl http://254.169.254.169/latest/user-data/public-hostname

curl http://254.169.254.169/latest/meta-data/public-hostname

curl http://169.254.169.254/latest/user-data/public-hostname

Answer 112

You would use the command curl http://169.254.169.254/latest/meta-data/public-hostname

Question 113

Amazon RDS supports which of the following databases:

MariaDB
MySQL
DB2
Sybase

Answer 113

Amazon RDS currently supports MySQL, MariaDB, PostgreSQL, Oracle, Microsoft SQL Server, and Amazon Aurora database engines.

Question 114

True or False: EBS Volumes are hard-disks in the cloud.

Answer 114

Amazon Elastic Block Store (Amazon EBS) provides block level storage volumes for use with EC2 instances. They are analogous to hard disks.

Question 115

Which database engines support read replicas?

SQL Server
Oracle
MySQL
PostgreSQL

Answer 115

Read Replicas are supported by Amazon RDS for MySQL and PostgreSQL.

Question 116

You’ve been tasked with setting up an S3 solution to store large amounts of critical data. With high availability and fault-tolerance in mind, what further safeguards should you implement to protect your data in the event that an entire AZ was lost to a natural (or similarly catastrophic) disaster?

Nothing: S3 is a global service and is not affected by the loss of an availability zone.

Use lifecycle policies to copy the data to Glacier.

Deploy a gateway-stored AWS Storage Gateway.

None of the above

Answer 116

S3 is a Global service, and its reliability and durability are not bound to any Region or Availability Zone.

Question 117

What is the maximum retention period for RDS automated backups?

7 days
2 weeks
1 month
35 days

Answer 117

Amazon RDS retains backups of a DB Instance for a limited, user-specified period of time called the retention period, which by default is one day but can be set to up to thirty five days.

Question 118

Which two of the following characterize a scalable and reliable solution on AWS?

A scalable application will be resilient and operationally efficient

A scalable solution applies elasticity at the expense of cost.

A scalable solution will decrease in cost at scale.

A scalable solution applies elasticity, but is cost-agnostic.

Answer 118

The AWS Well-Architected framework has been developed to help cloud architects build the most secure, high-performing, resilient, and efficient infrastructure possible for their applications. This framework provides a consistent approach to application and solution architecture that will scale with your needs over time.

Question 119

You have an RDS database that has high performance OLTP workloads. Which storage medium would be best to accommodate these requirements?

Amazon RDS Provisioned IOPS (SSD) Storage
Amazon RDS General Purpose (SSD) Storage
Amazon RDS Magnetic Storage
Amazon RDS Cold Storage

Answer 119

Amazon RDS Provisioned IOPS (SSD) Storage would be the most suitable.

Question 120

What type of replication is supported by Multi-AZ RDS instances?

synchronous replication
asynchronous replication
continuous replication
sequential replication

Answer 120

Multi-AZ deployments utilize synchronous replication,
making database writes concurrently on both the primary and standby so that the standby will be up-to-date in the event a failover occurs.

Question 121

Which two services are included at no additional cost with the use of the AWS platform?

S3
Auto Scaling
EC2
CloudFormation
ELB

Answer 121

Auto Scaling

AWS CloudFormation.

Question 122

Which of the following request headers, when specified in an API call, will cause an object to be encrypted by SSE?

server-side encryption
AES256
amz-server-side-encryption
x-amz-server-side-encryption

Answer 122

x-amz-server-side-encryption

Question 123

How many RCU are needed to support 25 strongly consistent reads per second of 15KB?

Answer 123

100 RCU

1 strongly consistent read per second of 4KB.

Question 124

How many RCU are needed to support 25 eventually consistent reads per second of 15KB?

Answer 124

50 RCU

1 RCU = 2 eventually consistent reads per second of 4KB

Question 125

How may WCU are needed to support 100 writes per second of 512 bytes?

Answer 125

100 WCU

1 WCU - 1 write per second of 1KB (1024 bytes) - have to round up.

Question 126

A security system monitors 3000 cameras and saves image metadata every 30 seconds to an amazon dynamodb table. each sample involves writing 512 bytes of data, and writes are evenly distributed over time. How much write throughput is required for the target table?

30 WCU
100 WCU
600 WCU
300 WCU
3600 WCU

Answer 126

100 WCU

(3000 cameras X 1 WCU) / 30 seconds

Question 127

Which of the following is an example of a good Amazon DynamoDB partition key schema for provisioned throughput efficiency?

Student ID, where every student has a unique ID number

College ID, where there are two colleges in the university

Class ID, where every student is in one of four classes

Tuition plan, where the vast majority of students are in-state and the rest are out-of-state.

Answer 127

Student ID, where every student has a unique ID number

Question 128

When using a large Scan operation in DynamoDB, what technique can you use to minimize the impact of a scan on a tables’s provisioned throughput?

Set a smaller page size for the scan
Use parallel scans
Define a range index on the table
Pre-warm the table by updating all items.

Answer 128

Set a smaller page size for the scan

Question 129

What is the default setting for SQS visibility timeout?

Answer 129

30 Seconds.

Question 130

Which of the following services are key/value stores? (3 answers)

Elasticache
SNS
DynamoDB
SWF
S3

Answer 130

Elasticache
DynamoDB
S3