Quiz Qs

Question 1

Your company provides an online image recognition service and uses SQS to decouple system components. Your EC2 instances poll the image queue as often as possible to keep end-to-end throughput as high as possible, but you realize that all this polling is resulting in both a large number of CPU cycles and skyrocketing costs. How can you reduce cost without compromising service?

Answer 1

Enable long polling by setting the ReceiveMessageWaitTimeSeconds to a number > 0.

This is enable long polling…

Remember there is no such thing as ReceiveMessageWaitTImeMinutes!

SQS long polling doesnt return a response until a message arrives in the queue, reducing your overall cost over time. Short polling WILL return empty

Question 2

At the monthly product meeting, one of the Product Owners proposes an idea to address an immediate shortcoming of the product system: storing a copy of the customer price schedule in the customer record in the database. You know that you can store large text or binary objects in DynamoDB. You give a tentative OK to do a Minimal Viable Product test, but stipulate that it must comply with the size limitation on the Attribute Name & Value. Which is the correct limitation?

Answer 2

The combined Value and Name combined must not exceed 400 KB.

Question 3

You run a meme creation website that stores the original images in S3 and each meme’s metadata in DynamoDB. You need to decide upon a low-cost storage option for the memes, themselves. If a meme object is unavailable or lost, a Lambda function will automatically recreate it but at a $10 licensing cost per creation. Which storage solution should you use to store the memes in the most cost-effective way?

Answer 3

S3-IA

The Question describes a situation where low cost OneZone-IA would be perfect. However it also says that there is a high licence cost with each meme generation. The storage savings between IA and OneZone-IA are about $0.0025 this is small compared to the $10 for licensing. Therefore you may well be better to pay for full S3-IA.

Question 4

A client is concerned that someone other than approved administrators is trying to gain access to the Linux web app instances in their VPC. She asks what sort of network access logging can be added. Which of the following might you recommend? (Choose 2)

Answer 4

1) Set up a Flow Log for the group of instances and forward them to CloudWatch.
2) Make use of an OS level logging tools such as iptables and log events to CloudWatch or S3.

Question 5

You’re building out a single-region application in us-west-2. However, disaster recovery is a strong consideration, and you need to build the application so that if us-west-2 becomes unavailable, you can fail-over to us-west-1. Your application relies exclusively on pre-built AMI’s. In order to share those AMI’s with the region you’re using as a backup, which process would you follow?

Answer 5

Copy the AMI from us-west-2, manually apply launch permissions, user-defined tags, and Amazon S3 bucket permissions of the default AMI to the new instance, and launch the instance.

REMEMBER
AWS does not copy launch permissions, user-defined tags, or Amazon S3 bucket permissions from the source AMI to the new AMI.

Question 6

Which of the following strategies does AWS use to deliver the promised levels of DynamoDB performance? (Choose 2)

Answer 6

1) The Database is partitioned across a number of nodes.
2) Data is stored on Solid State Disks.

Remember:
DynamoDB makes use of parallel processing to achieve predictable performance. You visualise each partition as an independent DB server of fixed size. Each responsible for a defined block of data. In SQL terminology it is called sharding. The documentation is specific about the SSDs, but makes no mention of read-replicas or EBS-Optimised. Caching in-front of DDB is an option (DAX), but it is not inherent to DDB

Question 7

You are a consultant planning to deploy DynamoDB across three AZs. Your lead DBA is concerned about data consistency. Which of the following do you advise the lead DBA to do?

Answer 7

To ask the development team to code for strongly consistent reads. As the consultant, you will advise the CTO of the increased cost.

The term consistency has specific meaning in relationship to DynamoDB.

Question 8

You have provisioned a custom VPC with a subnet that has a CIDR block of 10.0.3.0/28 address range. Inside this subnet, you have 2 webservers, 2 application servers, 2 database servers, and a NAT. You have configured an Autoscaling group on the two web servers to automatically scale when the CPU utilization goes above 90%. Several days later you notice that autoscaling is no longer deploying new instances into the subnet, despite the CPU utilization of all web servers being at 100%. Which of the following answers may offer an explanation? (Choose 2)

Answer 8

1) AWS reserves both the first four and the last IP address in each subnet’s CIDR block.
2) Your Autoscaling Group (ASG) has provisioned too many EC2 instances and has exhausted the number of internal IP addresses available in the subnet.

REMEMBER:
A /28 subnet will only have 16 addresses available. AWS reserve both the first four and last IP addresses in each subnet’s CIDR block. It is likely that your autoscaling group has provisioned too many EC2 instances and you have run out of internal private IP addresses.

Question 9

Your company has hired a young and enthusiastic accountant. After reviewing the AWS documentation and usage graphs, he announces that you are wasting vast amounts of money running your Windows servers for a full hour instead of spinning them up only when they are needed and down again as soon as they are idle for 1 minute. He cites the AWS claim that you only pay for what you use, and that as a senior engineer, you should be more conscious of wasting company money. How do you respond?

Answer 9

You thank him for his concern, and advise him that he has misinterpreted the pricing document: Windows instances are billed by the full hour, and partial hours are billed as such. Additionally, storage charges are incurred even if the Db instance sits idle. Taking into account productivity losseYou work for a large software company in Seattle. They have their production environment provisioned on AWS inside a custom VPC. The VPC contains both a public and private subnet. The company tests their applications on custom EC2 instances inside a private subnet. There are approximately 500 instances, and they communicate to the outside world via a proxy server. At 3am every night, the EC2 instances pull down OS updates, which are usually 150MB or so. They then apply these updates and reboot: if the software has not downloaded within half an hour, then the update will attempt to download the following day. You notice that a number of EC2 instances are continually failing to download the updates in the allotted time. Which of the following answers might explain this failure? (Choose 2)s, stopping and restarting Db instances may actually result in additional costs. As such, your solution is fine as it now stands

Question 10

You work for a large software company in Seattle. They have their production environment provisioned on AWS inside a custom VPC. The VPC contains both a public and private subnet. The company tests their applications on custom EC2 instances inside a private subnet. There are approximately 500 instances, and they communicate to the outside world via a proxy server. At 3am every night, the EC2 instances pull down OS updates, which are usually 150MB or so. They then apply these updates and reboot: if the software has not downloaded within half an hour, then the update will attempt to download the following day. You notice that a number of EC2 instances are continually failing to download the updates in the allotted time. Which of the following answers might explain this failure? (Choose 2)

Answer 10

1) The proxy server is in a private subnet and uses a NAT instance to connect to the internet. However, this instance is too small to handle the required network traffic. You should re-provision the NAT solution so that it’s able to handle the throughput.
2) The proxy server is on an inadequately sized EC2 instance and does not have sufficient network throughput to handle all updates simultaneously. You should increase the instance size or type of the EC2 instance for the proxy server.

REMEMBER:
Network throughput is the obvious bottleneck. You are not told in this question whether the proxy server is in a public or private subnet. If it is in a public subnet, the proxy server instance size itself may not be large enough to cope with the current network throughput. If the proxy server is in a private subnet, then it must be using a NAT instance or NAT gateway to communicate out to the internet. If it is a NAT instance, this may also be inadequately provisioned in terms of size. You should therefore increase the size of the proxy server and/or the NAT solution.

Question 11

When using EC2 instances with Dedicated Hosting, which of the following modes are you able to transition between by stopping the instance and starting it again?

Answer 11

Dedicated & Host

Remember:
The tenancy of an instance can only be change between variants of ‘dedicated’ tenancy hosting. It cannot be changed from or to default tenancy hosting.

Question 12

You have been engaged as a consultant by a company that generates utility bills and publishes them online. PDF images are generated, then stored on a high-performance RDS instance. Customarily, invoices are viewed by customers once per month. Recently, the number of customers has increased threefold, and the wait-time necessary to view invoices has increased unacceptably. The CTO is unwilling to alter the codebase more than necessary this quarter, but needs to return performance to an acceptable level before the end-of-the-month print run. Which of the following solutions would you feel comfortable proposing to the CTO and GM? (Choose 2)

Answer 12

1) Evaluate the risks and benefits associated with an RDS instance upgrade.
2) Create RDS Read-Replicas and additional Web/App instances across all the available AZs.

REMEMBER
Caching content is not always effective. Sometimes, optimal solutions cannot be achieved; so you need to figure out the next best way to keep the show going.

Question 13

You successfully configure VPC Peering between VPC-A and VPC-B. You then establish an IGW and a Direct-Connect connection in VPC-B. Can instances in VPC-A connect to your corporate office via the Direct-Connect service, and connect to the Internet via the IGW?

Answer 13

VPC peering does not support edge to edge routing.

Question 14

When coding a routine to upload to S3, you have the option of using either single part upload or multipart upload. Identify all the possible reasons below to use Multipart upload. (Choose 4)

Answer 14

1) Multipart upload delivers the ability to pause and resume object uploads.
2) Multipart upload delivers quick recovery from network issues.
3) Multipart upload delivers the ability to begin an upload before you know the final object size.
4) Multipart upload delivers improved throughput.

Question 15

What is proactive cyclic scaling?

Answer 15

Proactive Cyclic Scaling allows you to scale during the desired time window.

Question 16

You’ve been commissioned to develop a high-availability application with a stateless web tier. Identify the most cost-effective means of reaching this end.

Answer 16

Use an Elastic Load Balancer, a multi-AZ deployment of an Auto-Scaling group of EC2 Spot instances (primary) running in tandem with an Auto-Scaling group of EC2 On-demand instances (secondary), DynamoDB.

Remember:
With proper scripting and scaling policies, the On-demand instances behind the Spot instances will deliver the most cost-effective solution because the on-demand will only spin up if the spot instances are not available. DynamoDB is a regional service, there is no need to explicitly create a multi-AZ deployment. RDS could be used, but DynamoDB lends itself better to supporting stateless web/app installations.

Question 17

Which of the following services should you implement in multiple availability zones in order to achieve high availability? (Choose 2)

Answer 17

1) EC2
2) RDS

Remember:
S3, SQS & DynamoDB are already built in a fault tolerant fashion, you do not need to provision these services across multiple availability zones. Therefore the correct answers are RDS and EC2

Question 18

You have a database-style application that frequently has multiple reads and writes across the data set. Which of the following AWS storage services are capable of hosting this application? (Choose 2)

Answer 18

You would either user EBS or EFS. S3 is for object storage, not applications; and Glacier is for data archiving.

Question 19

What data formats are used to create CloudFormation templates? (Choose 2)

Answer 19

1) YAML

2) JSON

Question 20

You have been engaged by a company to design and lead a migration to an AWS environment. The team is concerned about the capabilities of the new environment, especially when it comes to avoiding bottlenecks. The design calls for about 20 instances (C3.2xLarge) pulling jobs/messages from SQS. Network traffic per instance is estimated to be around 500 Mbps at the beginning and end of each job. Which network configuration should you plan on deploying?

Answer 20

Spread the Instances over multiple AZs to minimize the traffic concentration and maximize fault-tolerance.

Question 21

Your company likes the idea of storing files on AWS. However, low-latency service of the last few days of files is important to customer service. Which Storage Gateway configuration would you use to achieve both of these ends? (Choose 2)

Answer 21

1) File Gateways
2) Gateway-Cached

Remember!
Gateway-Cached and File Gateway volumes retain a copy of frequently accessed data subsets locally. Cached volumes offer substantial cost savings on primary storage and minimize the need to scale your storage on-premises. Note that AWS recently changed the naming. You should know both for

Question 22

Amazon ElastiCache can fulfill a number of roles. Choose the operations from the following list which can be implemented using ElastiCache for Redis. (Choose 3)

Answer 22

1) Pub/Sub
2) In-Memory Data Store
3) Sorted Sets

Question 23

Your Security Manager has hired a security contractor to audit your firewall implementation. When the consultant asks for the login details for the firewall appliance, which of the following might you do? (Choose 2)

Answer 23

1) Explain that AWS implements network security differently and that there is no such thing as a Firewall appliance. You might then suggest that the consultant take the ‘A Cloud Guru’ AWS CSA-A course in preparation for the audit.
2) Create an IAM User with a policy that can Read Security Group and NACL settings.

Remember!
AWS has removed the Firewall appliance from the hub of the network and implemented the firewall functionality as stateful Security Groups, and stateless subnet NACLs. This is not a new concept in networking, but rarely implemented at this scale. In this case an IAM role by itself will not be enough to gain access to the AWS infrastructure - an IAM user will also be required.

Question 24

The risk with spot instances is that you are not guaranteed use of the resource for as long as you might want. Which of the following are scenarios under which AWS might execute a forced shutdown? (Choose 4)

Answer 24

1) AWS sends a notification of termination and you receive it 120 seconds before the intended forced shutdown, but AWS do not action the shutdown.
2) AWS sends a notification of termination and you receive it 120 seconds before the forced shutdown, but the normal lease expired before the forced shutdown.
3) AWS sends a notification of termination but you do not receive it within the 120 seconds and the instance is shutdown.
4) AWS sends a notification of termination and you receive it 120 seconds before the intended forced shutdown.

Question 25

Following advice from your consultant, you have configured your VPC to use Dedicated hosting tenancy. A subsequent change to your application has rendered the performance gains from dedicated tenancy superfluous, and you would now like to recoup some of these greater costs. How do you revert to Default hosting tenancy?​

Answer 25

Use the AWS CLI to modify the Instance Placement attribute of each instance and the VPC tenancy attribute of the VPC

Remember
Once a VPC is set to Dedicated hosting, it can be changed back to default hosting via the CLI, SDK or API. Note that this will not change hosting settings for existing instances, only future ones. Existing instances can be changed via CLI, SDK or API but need to be in a stopped state to do so

Question 26

You have been asked to decouple an application by utilizing SQS. The application dictates that messages on the queue can be delivered more than once, but must be delivered in the order that they have arrived, and also must allow for efficient, repeated polling of the queue. Which of the following options are most suitable?

Answer 26

Configure a FIFO SQS queue and enable long polling

Question 27

You have created a VPC that contains two EC2 instances in different availability zones. Both are running web servers, hosting the same content. These web servers will be accessible via the internet. Which of the following DNS configurations could you consider? (Choose 2)

Answer 27

1) Set up an Application Load Balancer and place your instances behind this ELB. Configure a Route 53 Alias record to point to the resource of the Application Load Balancer.
2) Assign each EC2 instance with an Elastic IP Address. Configure a Route 53 “A” multi-value record with both EIP’s and health checks.

Remember
Using an ALB will provide a very fault tolerant setup. When creating a record in Route 53 to other AWS resources, including ALB’s, you should use Alias records where available. The alternate option of attaching Elastic IPs directly to the instances with an “A” record accomplishes similar results, but doesn’t incur the cost of an ALB

Question 28

You are a solutions architect working for a cosmetics company. Your company has a busy Magento online store that consists of a two-tier architecture. The webservers are behind an Auto Scaling Group and the database is on a Large MySQL instance. Your store is having a Black Friday sale at the end of the week, and having reviewed the performance for the last sale you expect the site to start running very slowly during the peak load. You investigate and you determine that the database was struggling to keep up with the number of reads that the store was generating. How can you successfully scale this environment out so as to increase the speed of the site? (Choose 2)

Answer 28

1) Migrate the database from MySQL to Aurora for better performance, then update the connection string in Magneto.
2) Place the RDS instances behind an ElastiCache instance, then update the connection string in Magneto.

Remember
Adding a read replica on its own won’t solve your problem, you would need to alter the code for Magento to use the read replica (which was not in the offered options). Multi-AZ is a reliability technique not a performance technique. The best answer available is to migrate the database to Aurora which has superior Read performance due to its design. Implementing ElastiCache, is relatively easy and will also offload some of the Read traffic.