EC2

Question 1

What are the different EC2 pricing models?

Answer 1

1. On-Demand - allows paying fixed rate by the hour (or even second)
2. Reserved - provides you with a capacity reservation and offers a significant discount to the hourly charge (contract terms are 1-3 years)
3. SPot - enables you to bid whatever price you want for instance capacity, providing even greater savings if your applications have flexible start and end times
4. Dedicated Hosts - physical ec2 instances dedicated to you

Question 2

What is on demand EC2 useful for?

Answer 2

• Users that want the low cost and flexibility of ec2 without any up-front payment tor long-term commitment
• application with short term, spiky, or unpredictable workload that cannot be interrupted
• applications that are being developed or tested on ec2 for the first time

Question 3

What is reserved pricing useful for?

Answer 3

• applications with steady state or predictable usage
• apps that require reserved capacity
• users able to make upfront payments to reduce their total computing costs even further

Question 4

What is spot pricing useful for?

Answer 4

• apps that have flexible start and end times
• apps that are only feasible at very low compute prices
• users with urgent computing needs for large amounts of additional capacity

Question 5

What are dedicated hosts useful for?

Answer 5

• Useful for regulatory requirements that may not support multi-tenant virtualization
• great for licensing which does not support multi-tenancy or cloud deployments
• can be purchased hourly (on-demand)
• can be purchased as reservation for up to 70% off on-demand price

Question 6

What is the mnemonic for all the EC2 instances? Not needed for the test, but helpful to know

Answer 6

F - for FPGA

I - for IOPS

G - graphics

H - high disk throughput

T - cheap general purpose, think T2 micro

D - for density

R - for RAM

M - main choice for general-purpose apps

C - for compute

P - graphics (think pics)

X - extreme memory

Z - extreme memory AND CPU

A-arm based workloads

U - bare metal

Question 7

True or False. If you turn off a spot instance you will not get charged.

Answer 7

False. You will get charged for that run. You will not get charged if AWS turns off the instance.

Question 8

How many different types of hard drives can the root volume launch on? List them.

Answer 8

2

1. Magnetic
2. SSD (General, Provisioned)

Question 9

What are security groups?

Answer 9

Virtual firewall, how you direct various types of traffic.

Question 10

Can you encrypt root device volume on EC2?

Answer 10

Yes

Question 11

True or False. Termination protection is turned off by default.

Answer 11

True. You must turn it on.

Question 12

True or False. On an EBS backed instance, the default action is for the root EBS volume to be deleted. Additionally, all additional volumes default action is to be deleted as well.

Answer 12

Partially True, but overall False. The additional volumes default action is not to be deleted.

Question 13

True or False. EBS Root Volumes DEFAULT AMIs CAN NOT be encrypted.

Answer 13

False. They can be encrypted.

Question 14

How long does it take for a security group change to take place?

Answer 14

It happens instantanously.

Question 15

Can you block individual addresses using security groups?

Answer 15

Not really. Can’t explicitly block any IP, but can not allow it. Nothing is allowed until you allow it.

Question 16

True or False. All outbound traffic is allowed on security groups.

Answer 16

True. Outbound traffic is stateful.

Question 17

True or False. You can have any number of EC2 instances within a security group.

Answer 17

True.

Question 18

True or False. You can have multiple security groups attached to EC2 instances.

Answer 18

True.

Question 19

What does STATEFUL mean?

Answer 19

Means that if you create an inbound rule for something, an outbound rule is automatically created for it.

Question 20

True or False. You can block specific IP addresses using Security Groups.

Answer 20

False. You cannot block specific IP addresses using Security groups, instead you need to use Network Access Control Lists.

Question 21

True or False. You can deny rules in a security group.

Answer 21

False. You cannot do that in security groups but can do it in Network Access Control Lists.

Question 22

What is EBS?

Answer 22

Elastic Block Storage. Essentially a virtual hard disk in the cloud.

Question 23

What are the differences in the types of EBS drives?

Answer 23

• General Purpose SSD (gb2) - 16,000 iops/volume
• Provisioned Purpose SSD (io1) - 64,000 iops /volume
• Throughput Optimized HDD (st1) - 500 iops / volume
• Cold HDD (sc1) - 250 iops / volume
• EBS Magnetic (Standard) - 40-200 iops / volume

Question 24

What are the use cases for General Purpose SSD?Description?

Answer 24

Most Work Loads. Up to 16,000 IOPS.

Description: General purpose SSD volume that balances price and performance for a wide variety of transactional workloads.

Question 25

What are the use cases for Provisioned IOPS SSD? Description?

Answer 25

Databases. Up to 64,000 IOPS.

Description: Highest-performance SSD volume designed for mission-critical applications.

Question 26

What are the use cases for Throughput Optimized HDD?Description?

Answer 26

Big Data & Data Warehouses. Up to 500 IOPS / volume.

Description: Low-cost HDD volume designed for frequently accessed, throughput-intensive workloads.

Question 27

What are the use cases for Cold HDD? Description?

Answer 27

File Servers. Up to 250 IOPS/volume.

Description: Lowest cost HDD volume designed for less frequently accessed workloads.

Question 28

What are the use cases for EBS Magenetic? Description?

Answer 28

Workloads where data is infrequently accessed. Between 40-200 IOPS / volume.

Description: Previous generation HDD.

Question 29

True or False. EBS volumes will always be in the same availability zone as the EC2 instance.

Answer 29

True. By default, this is the case. You always want the EBS volume in the same availability zone as the EC2 instance. Think about it from a hardware perspective. If they are in different availability zones, you’re more likely to have lag.

Question 30

How can you distinguish which EBS volume is linked to the root on the EC2?

Answer 30

Under EBS > Volumes > the volumes that have the “Snapshot” field populated are the ones that are for the root volume.

Question 31

How do you move an EBS volume from one availability zone to another?

Answer 31

Click on the volume in question. Click Actions > Create Snapshot > Type in Title > Create Snapshot > Wait for Snapshot to be created

Click Snapshots > Click on snapshot > actions > create image > label > create

Click AMIs (under Images) > actions > launch > go through launching of ec2

Question 32

Can you move the image to another region as well?

Answer 32

Yes, first you copy the AMI into the new region and then choose the EC2 you want to launch in that region off that volume.

Question 33

True or False. Additional volumes attached to an EC2 instance are deleted after you terminate the EC2.

Answer 33

False. Only the root volume is terminated after terminating an EC2 instance. Additional volumes will persist.

Question 34

Where are snapshots stored?

Answer 34

On S3.

Question 35

True or False. Snapshots are a point in time copies of volumes. Snapshots are incremental.

Answer 35

True and True. Snapshots are point in time copies of volumes. They are also incremental, which means that only the blocks that have changed since your last snapshot are moved to s3.

Question 36

What is best practice when it comes to taking a snapshot of a root volume?

Answer 36

Always stop the instance before taking the snapshot. You can do it while the instance is running, it’s just not best practice.

Question 37

Why are instance store volumes sometimes called Ephermaral storage?

Answer 37

If for some reason it stops, you are going to lose all of your data. They cannot be stopped but if it fails, you will lose all of your data.

Question 38

True or False. If an EBS instance is stopped, you will lose all of your data.

Answer 38

False. EBS instances do not lose all their data when stopped.

Question 39

True or False. Both EBS backed instances and Instance stored volumes lose their root volumes upon termination.

Answer 39

True. HOWEVER, EBS you can ask AWS to keep your root volume.

Question 40

What is ENI?

Answer 40

Elastic Network Interface - virtual network card

Question 41

What is EN?

Answer 41

Enhanced Networking - uses I/O virtuallization to provide high perforamnce networking capbilities

Question 42

What is EFA?

Answer 42

Elastic Fabric Adapter - a network device that you can attach to your Amazon EC2 instance to accelerate high-performance computing (HPC) and machine learning applications or if you want to do an OS by-pass. Only available on Linux instances

Question 43

What is ENI and why use ENI?

Answer 43

ENI is an elastic network interface that is a logical networking component in a VPC that represents a virtual network card. It can include the following attributes: A primary private IPv4 address from the IPv4 address range of your VPC. One or more secondary private IPv4 addresses from the IPv4 address range of your VPC.

• creating a management network
• network and security appliances in your VPIC
• create dual-homed instances with workloads/roles on distinct subnets
• create a low-budget, high availability solution

Question 44

Why use Enhanced Networking?

Answer 44

• speeding up your network
• higher bandwidth

Question 45

True or False. Snapshots of encrypted volumes are encrypted automatically.

Answer 45

True.

Question 46

True or False. You can share snapshots, regardless of encryption.

Answer 46

False. You can only share unencrypted snapshots.

Question 47

What is CloudWatch?

Answer 47

Monitors your AWS resources as well as the applications that you run on AWS

Question 48

What is CloudTrail?

Answer 48

increases visibility into your user and resource activity by recording AWS Management COnold actions and API calls. Identify which users and accounts called AWS, source IP address, and when the calls were made

Question 49

What is the difference between CloudWatch and CloudTrail?

Answer 49

CloudWatch monitors all aws services (and helpful for performance updates) whereas CloudTrail is all about auditing.

Question 50

What can you do with CloudWatch? List 4 things

Answer 50

• Dashboards
• Alarms
• Events
• Logs

Question 51

What is the easiest way to add access key & secret access key to ec2?

Answer 51

Using roles. You can add roles to the EC2 instance. They are universal as well.

Question 52

What’s the url to get meta-data or user-data of your ec2 instance?

Answer 52

curl http://169.254.169.254/latest/meta-data

curl http://169.254.169.254/latest/user-data

Question 53

What is EFS? When should you use it?

Answer 53

Elastic File System (EFS) is a cloud-based file storage service for applications and workloads that run in the Amazon Web Services (AWS) public cloud. AWS automatically deploys and manages the infrastructure for EFS, which is distributed across an unconstrained number of servers to avoid performance bottlenecks.

Storage service for Amazon EC2 instances. It allows you to use and configure files systems quickly and easily. Allow for growth as needed. Also, ability to share files between two EC2 instances.

When you need distributed, highly resilient storage for Linux instances and Linux based applications.

Question 54

True or False. EFS supports NFSv4 protocol. What does NFSv4 stand for?

Answer 54

True. Network File System version 4.

Question 55

What is Amazon FSx for Windows File Server? When should you use it?

Answer 55

fully managed native file system so you can easily move windows based applications that require storage to AWS.

When you need centralized storage for windows-based applications such as Sharepoint, Microsoft SQL server, workspaces, IIS webserver, or any other native Microsoft application.

Question 56

What is FSx for Lustre? When should you use it?

Answer 56

A file system that is optimized for compute-intensive workloads, such as high performance computing, machine learning, media data process workflows and electronic design automation (EDA).

When you need high-speed, high-capacity distributed storage. This will be for applications that od High-Performance Compute (HPC), financial modeling etc. Remember that FSx for Lustre can store data directly on s3.

Question 57

What are the three different types of EC2 placement groups?

Answer 57

1. Clustered Placement Group
2. Spread Placement Group
3. Partitioned

Question 58

What is clustered placement group?

Answer 58

A grouping of instances within a single availability zone. For low network latency and high network throughput. Only certain instances can be launched into this placement group.

Question 59

What is spread placement group?

Answer 59

A grouping of instances that are each placed on the distinct underlying hardware. For applications that have a small number of critical instances that should be kept separate from each other. Only certain instances can be launched into this placement group.

Question 60

What is the partitioned placement group?

Answer 60

Amazon EC2 divides each group into logical segments called partitions. EC2 ensures that each partition within a placement group has its own sets of racks. Each rack has it’s own network and power source. No two partitions within a placement group share the same racks, allowing you to isolate the impact of a hardware failure within your application.

Question 61

True or False:

1. Clustered placement group can span multiple Availability Zones
2. Spread placement and partitioned group can as well span multiple availability zones.

Answer 61

1. False. It cannot.
2. True

Question 62

What is web application firewall?

Answer 62

Lets you monitor the HTTP and HTTPS requests that are forwarded to Amazon CloudFront, an Application Load Balancer or API gateway

Question 63

What are the three different types of behaviors WAF allows?

Answer 63

1. Allow all requests except the ones you specify
2. block all requests except the ones you specify
3. count the requests that match the properties you specify

Question 64

Which of the following features only relate to Spread Placement Groups?

• Instance must be deployed in a single availability zone
• The name of your placement group must be unique within your AWS Account
• The placement group can only have 7 running instances per Availability Zone
• There is no charge for creating a placement group

Answer 64

The placement group can only have 7 running instances per Availability Zone. Spread placement groups have a specific limitation that you can only have a maximum of 7 running instances per Availability Zone and therefore this is the only correct option. Deploying instances in a single Availability Zone is unique to Cluster Placement Groups only and therefore is not correct. The last two remaining options are common to all placement group types and so are not specific to Spread Placement Groups.

Question 65

Can I move a reserve instance from one region to another?

Answer 65

No, depending on your type of RI you can modify the AZ, scope, network platform, or instance size (within the same instance type), but not Region. In some circumstances you can sell RIs, but only if you have a US bank account.

Question 66

You need to know both the private IP address and public IP address of your EC2 instance. You should ___

Answer 66

Retreive the instance metadata from http://169.254.169.254/latest/meta-data

Question 67

If an Amazon EBS volume is an additional partition (not the root volume), can I detach it without stopping the instance?

Answer 67

Yes

Question 68

Individual EC2 instances are provisioned ________.

Answer 68

in Availability Zones

Question 69

Is it possible to perform actions on an existing Amazon EBS Snapshot?

Answer 69

Yes, through the AWS APIs, CLI, and AWS Console

Question 70

Will an Amazon EBS root volume persist independently from the life of the terminated EC2 instance to which it was previously attached? In other words, if I terminated an EC2 instance, would that EBS root volume persist?

Answer 70

You can control whether an EBS root volume is deleted when its associated instance is terminated. The default delete-on-termination behaviour depends on whether the volume is a root volume, or an additional volume. By default, the DeleteOnTermination attribute for root volumes is set to ‘true.’ However, this attribute may be changed at launch by using either the AWS Console or the command line. For an instance that is already running, the DeleteOnTermination attribute must be changed using the CLI.

Question 71

True or False. Amazon EBS volumes cannot be shared between instances across AZs.

Answer 71

True.

Question 72

True or False. API gateway is used for load balancing connections to Amazon EC2 instances.

Answer 72

False. API gateway is not used for load balancing connections to Amazon EC2 instances.

Question 73

True or False. You can launch instances in multiple Regions from a single Auto Scaling group.

Answer 73

False. You cannot launch instances in multiple regions from a single Auto Scaling group.

Question 74

True or False. Scaling based on a schedule allows you to set your own scaling schedule for predictable load changes. To configure your Auto Scaling group to scale based on a schedule, you create a scheduled action. This is ideal for situations where you know when and for how long you are going to need the additional capacity.

Answer 74

True.

Question 75

An EC2 status check on an EBS volume is showing as insufficient-data. What is the most likely explanation?

• The checks have failed on the volume
• The volume does not have enough data on it to check properly
• The checks require more information to be manually entered
• The checks may still be in progress on the volume

Answer 75

The checks may still be in progress on the volume.

The possible values are ok, impaired, warning, or insufficient-data. If all checks pass, the overall status of the volume is ok. If the check fails, the overall status is impaired. If the status is insufficient-data, then the checks may still be taking place on your volume at the time.

Question 76

What are the three different types of placement groups?

Answer 76

Cluster – packs instances close together inside an Availability Zone. This strategy enables workloads to achieve the low-latency network performance necessary for tightly-coupled node-to-node communication that is typical of HPC applications.

Partition – spreads your instances across logical partitions such that groups of instances in one partition do not share the underlying hardware with groups of instances in different partitions. This strategy is typically used by large distributed and replicated workloads, such as Hadoop, Cassandra, and Kafka.

Spread – strictly places a small group of instances across distinct underlying hardware to reduce correlated failures.

Question 77

True or False. You can only create deny rules with network ACLs, it is not possible with security groups. Network ACLs process rules in order from the lowest numbered rules to the highest until they reach and allow or deny.

Answer 77

True.

Question 78

Network ACL operates at the instance level.

Answer 78

False. Network ACL operates at the subnet level. Security groups operate at the instance level.

Question 79

True or False. Network ACL support allows and deny rules.

Answer 79

True. Security groups, however, support allow rules only.

Question 80

True or False. Network ACL evaluates all rules.

Answer 80

False. Network ACL processes rules in order. Security group evaluates all rules.

Question 81

True or False. Network ACL automatically applies to all instances in the subnets its associated with.

Answer 81

True.

Question 82

What AWS feature can act as an instance-level firewall to control traffic between your EC2 instances?

Answer 82

A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a VPC, you can assign up to five security groups to the instance. Security groups act at the instance level, not the subnet level. Therefore, each instance in a subnet in your VPC can be assigned to a different set of security groups.

Question 83

True or False. EC2 Auto Scaling does support multiple regions.

Answer 83

False. EC2 Auto Scaling does not support multiple regions.

Question 84

True or False. You can use passthrough mode with an ALB and terminate SSL on the EC2 instances.

Answer 84

False. You cannot use passthrough mode with an ALB and terminate SSL on the EC2 instances.

Question 85

True or False. You cannot use a HTTPS listener with an NLB.

Answer 85

True.

Question 86

True or False. You can use a HTTPS listener with an NLB.

Answer 86

False. You cannot use a HTTPS listener with an NLB.

Question 87

True or False. Hibernating an instance saves the contents of RAM to the Amazon EBS root volume. When the instance restarts, the RAM contents are reloaded.

Answer 87

True.

Question 88

True or False. While primary ENIs cannot be detached from an instance, secondary ENIs can be detached and attached to a different instance.

Answer 88

True.